This is the accessible text file for GAO report number GAO-05-207 
entitled 'High-Risk Series: An Update' which was released on January 
25, 2005.

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

January 2005: 

HIGH-RISK SERIES: 

An Update: 

GAO-05-207: 

GAO Highlights: 

Highlights of GAO-05-207, a report to Congress on GAO’s High-Risk 
Series: 

Why Area Is High Risk: 

GAO’s audits and evaluations identify federal programs and operations 
that, in some cases, are high risk due to their greater vulnerabilities 
to fraud, waste, abuse, and mismanagement. Increasingly, GAO also is 
identifying high-risk areas to focus on the need for broad-based
transformations to address major economy, efficiency, or effectiveness 
challenges. Since 1990, GAO has periodically reported on government 
operations that it has designated as high risk. In this 2005 update for 
the 109th Congress, GAO presents the status of high-risk areas 
identified in 2003 and new high-risk areas warranting attention by the 
Congress and the administration. Lasting solutions to high-risk 
problems offer the potential to save billions of dollars, dramatically 
improve service to the American public, strengthen public confidence 
and trust in the performance and accountability of our national 
government, and ensure the ability of government to deliver on its 
promises. 

What GAO Found: 

In January 2003, GAO identified 25 high-risk areas; in July 2003, a 
26th high-risk area was added to the list. Since then, progress has 
been made in all areas, although the nature and significance of 
progress varies by area. Federal departments and agencies, as well as 
the Congress, have shown a continuing commitment to addressing high-
risk challenges and have taken various steps to help correct several of 
the problems’ root causes. GAO has determined that sufficient progress 
has been made to remove the high-risk designation from three areas: 
student financial aid programs, FAA financial management, and Forest 
Service financial management. Also, four areas related to IRS have been 
consolidated into two areas.

This year, GAO is designating four new high-risk areas. The first new 
area is establishing appropriate and effective information-sharing 
mechanisms to improve homeland security. Federal policy creates 
specific requirements for information-sharing efforts, including the 
development of processes and procedures for collaboration between 
federal, state, and local governments and the private sector. This area 
has received increased attention but the federal government still faces 
formidable challenges sharing information among stakeholders in an 
appropriate and timely manner to minimize risk. 

The second and third new areas are, respectively, DOD’s approach to 
business transformation and its personnel security clearance program. 
GAO has reported on inefficiencies and inadequate transparency and 
accountability across DOD’s major business areas, resulting in billions 
of dollars of wasted resources. Senior leaders have shown commitment 
to business transformation through individual initiatives in 
acquisition reform, business modernization, and financial management, 
among others, but little tangible evidence of actual improvement has 
been seen in DOD’s business operations to date. DOD needs to take 
stronger steps to achieve and sustain business reform on a 
departmentwide basis. Further, delays by DOD in completing background 
investigations and adjudications can affect the entire government 
because DOD performs this function for hundreds of thousands of 
industry personnel from 22 federal agencies, as well as its own service 
members, federal civilian employees, and industry personnel. OPM is to 
assume DOD’s personnel security investigative function, but this 
change alone will not reduce the shortages of investigative personnel.

The fourth area is management of interagency contracting. Interagency 
contracts can leverage the government’s buying power and provide a 
simplified and expedited method of procurement. But several factors 
can pose risks, including the rapid growth of dollars involved combined 
with the limited expertise of some of agencies in using these contracts 
and recent problems related to their management. Various improvement 
efforts have been initiated to address this area, but improved policies 
and processes, and their effective implementation, are needed to ensure 
that interagency contracting achieves its full potential in the most 
effective and efficient manner. 

What Remains to Be Done: 

This report contains GAO’s views on what remains to be done for each 
high-risk area to bring about lasting solutions. Perseverance by the 
administration in implementing GAO’s recommended solutions and 
continued oversight and action by the Congress are both essential.

www.gao.gov/cgi-bin/getrpt?GAO-05-207.

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact George H. Stalcup at 
(202) 512-9490 or stalcupg@gao.gov.

GAO's 2005 High-Risk List: 

2005 High-Risk Areas: Addressing Challenges In Broad-based 
Transformations: 

* Strategic Human Capital Management[A].

* U.S. Postal Service Transformation Efforts and Long-Term Outlook[A].

* Managing Federal Real Property[A].

* Protecting the Federal Government's Information Systems and the 
Nation's Critical Infrastructures.

* Implementing and Transforming the Department of Homeland Security.

* Establishing Appropriate And Effective Information-Sharing 
Mechanisms to Improve Homeland Security.

* DOD Approach to Business Transformation[A].

* DOD Business Systems Modernization.

* DOD Personnel Security Clearance Program.

* DOD Support Infrastructure Management.

* DOD Financial Management.

* DOD Supply Chain Management (formerly Inventory Management).

* DOD Weapon Systems Acquisition.

2005 High-Risk Areas: Managing Federal Contracting More Effectively: 

* DOD Contract Management.

* DOE Contract Management.

* NASA Contract Management.

* Management of Interagency Contracting.

2005 High-Risk Areas: Assessing the Efficiency and Effectiveness of Tax 
Law Administration.

* Enforcement of Tax Laws[A, B].

* IRS Business Systems Modernization[C].

2005 High-Risk Areas: Modernizing and Safeguarding Insurance and 
Benefit Programs: 

* Modernizing Federal Disability Programs[A].

* Pension Benefit Guaranty Corporation Single- Employer Insurance 
Program[A].

* Medicare Program[A].

* Medicaid Program[A].

* HUD Single-Family Mortgage Insurance and Rental Housing Assistance 
Programs.

2005 High-Risk Areas: Other: 

* FAA Air Traffic Control Modernization. 

Source: GAO.

[A] Legislation is likely to be necessary, as a supplement to actions 
by the executive branch, in order to effectively address this high-risk 
area.

[B] Two high-risk areas--Collection of Unpaid Taxes and Earned Income 
Credit Noncompliance--have been consolidated to make this area.

[C] The IRS Financial Management high-risk area has been incorporated 
into this high-risk area.

[End of table]

Contents: 

Transmittal Letter: 

Historical Perspective: 

High-Risk Designations Removed: 

Student Financial Aid Programs: 

FAA Financial Management: 

Forest Service Financial Management: 

New High-Risk Areas: 

Establishing Appropriate and Effective Information-Sharing Mechanisms 
to Improve Homeland Security: 

DOD Approach to Business Transformation: 

DOD Personnel Security Clearance Program: 

Management of Interagency Contracting: 

Emerging Areas: 

Progress Being Made in Other High-Risk Areas: 

High-Risk Areas Consolidated: 

Collection of Unpaid Taxes and Earned Income Credit Noncompliance: 

IRS Business Systems Modernization and IRS Financial Management: 

Highlights for Each High-Risk Area: 

Transmittal Letter: 

January 2005:  

The President of the Senate: 
The Speaker of the House of Representatives: 

Since 1990, GAO has periodically reported on government operations that 
it identifies as "high risk." This effort, which is supported by the 
Senate Committee on Homeland Security and Governmental Affairs and the 
House Committee on Government Reform, has brought a much needed focus 
to problems that are impeding effective government and costing the 
government billions of dollars each year. To help, GAO has made 
hundreds of recommendations to improve these high-risk operations. 
Moreover, GAO's focus on high-risk problems contributed to the Congress 
enacting a series of governmentwide reforms to address critical human 
capital challenges, strengthen financial management, improve 
information technology practices, and instill a more results-oriented 
government.

GAO's high-risk status reports are provided at the start of each new 
Congress. This update should help the Congress and executive branch in 
carrying out their responsibilities while improving the government's 
performance and enhancing its accountability for the benefit of the 
American people. It summarizes progress made in correcting high-risk 
problems, actions under way, and further actions that GAO believes are 
needed. In this update, GAO has determined that sufficient progress has 
been made to remove the high-risk designation from three areas, and has 
designated four new areas as high risk. In addition, several prior 
high-risk areas have been consolidated or modified.

GAO's high-risk program has increasingly focused on those major 
programs and operations that need urgent attention and transformation 
in order to ensure that our national government functions in the most 
economical, efficient, and effective manner possible. Further, the Bush 
Administration has looked to GAO's program in shaping governmentwide 
initiatives such as the President's Management Agenda, which has at its 
base many of the areas GAO had previously designated as high risk. As 
in prior GAO high-risk update reports, federal programs and operations 
are also emphasized when they are at high risk because of their greater 
vulnerabilities to fraud, waste, abuse, and mismanagement. In addition, 
some of these high-risk agencies, programs, or policies are in need of 
transformation, and several will require action by both the executive 
branch and the Congress. Our objective for the high-risk list is to 
bring "light" to these areas as well as "heat" to prompt needed 
"actions." 

Copies of this update are being sent to the President, the 
congressional leadership, other Members of the Congress, the Director 
of the Office of Management and Budget, and the heads of major 
departments and agencies.

Signed by: 

David M. Walker: 
Comptroller General of the United States: 

[End of section]

Historical Perspective: 

In 1990, GAO began a program to report on government operations that we 
identified as "high risk." Since then, generally coinciding with the 
start of each new Congress, we have periodically reported on the status 
of progress to address high-risk areas and updated our high-risk list. 
Our most recent high-risk update was in January 2003.[Footnote 1]

Overall, our high-risk program has served to identify and help resolve 
serious weaknesses in areas that involve substantial resources and 
provide critical services to the public. Since our program began, the 
government has taken high-risk problems seriously and has made long-
needed progress toward correcting them. In some cases, progress has 
been sufficient for us to remove the high-risk designation. The overall 
changes to our high-risk list over the past 15 years are shown in table 
1. Areas removed from the high-risk list over that same period are 
shown in table 2. The areas on GAO's 2005 high-risk list and the year 
each was designated as high risk are shown in table 3.

Table 1: Overall Changes to GAO's High-Risk List, 1990 to 2005: 

Changes, 1990-2005: Original high-risk list in 1990; 
Number of areas: 14.

Changes, 1990-2005: High-risk areas added since 1990; 
Number of areas: 29.

Changes, 1990-2005: High-risk areas removed since 1990; 
Number of areas: 16.

Changes, 1990-2005: High-risk areas consolidated since 1990; 
Number of areas: 2.

Changes, 1990-2005: High-risk list in 2005; 
Number of areas: 25.

Source: GAO.

[End of table]

Table 2: Areas Removed from GAO's High-Risk List, 1990 to 2005: 

Area: Federal Transit Administration Grant Management; 
Year removed: 1995; 
Year designated high risk: 1990.

Area: Pension Benefit Guaranty Corporation; 
Year removed: 1995; 
Year designated high risk: 1990.

Area: Resolution Trust Corporation; 
Year removed: 1995; 
Year designated high risk: 1990.

Area: State Department Management of Overseas Real Property; 
Year removed: 1995; 
Year designated high risk: 1990.

Area: Bank Insurance Fund; 
Year removed: 1995; 
Year designated high risk: 1991.

Area: Customs Service Financial Management; 
Year removed: 1999; 
Year designated high risk: 1991.

Area: Farm Loan Programs; 
Year removed: 2001; 
Year designated high risk: 1990.

Area: Superfund Program; 
Year removed: 2001; 
Year designated high risk: 1990.

Area: National Weather Service Modernization; 
Year removed: 2001; 
Year designated high risk: 1995.

Area: The 2000 Census; 
Year removed: 2001; 
Year designated high risk: 1997.

Area: The Year 2000 Computing Challenge; 
Year removed: 2001; 
Year designated high risk: 1997.

Area: Asset Forfeiture Programs; 
Year removed: 2003; 
Year designated high risk: 1990.

Area: Supplemental Security Income; 
Year removed: 2003; 
Year designated high risk: 1997.

Area: Student Financial Aid Programs; 
Year removed: 2005; 
Year designated high risk: 1990.

Area: Federal Aviation Administration Financial Management; 
Year removed: 2005; 
Year designated high risk: 1999.

Area: Forest Service Financial Management; 
Year removed: 2005; 
Year designated high risk: 1999.

Source: GAO.

[End of table]

Table 3: The Year that Areas on GAO's 2005 High-Risk List Were 
Designated as High Risk: 

Area: Medicare Program; 
Year designated high risk: 1990.

Area: DOD Supply Chain Management; 
Year designated high risk: 1990[A].

Area: DOD Weapon Systems Acquisition; 
Year designated high risk: 1990.

Area: DOE Contract Management; 
Year designated high risk: 1990.

Area: NASA Contract Management; 
Year designated high risk: 1990.

Area: Enforcement of Tax Laws; 
Year designated high risk: 1990[B].

Area: DOD Contract Management; 
Year designated high risk: 1992.

Area: HUD Single-Family Mortgage Insurance and Rental Housing 
Assistance Programs; 
Year designated high risk: 1994.

Area: DOD Financial Management; 
Year designated high risk: 1995.

Area: DOD Business Systems Modernization; 
Year designated high risk: 1995.

Area: IRS Business Systems Modernization; 
Year designated high risk: 1995[C].

Area: FAA Air Traffic Control Modernization; 
Year designated high risk: 1995.

Area: Protecting the Federal Government's Information Systems and the 
Nation's Critical Infrastructures; 
Year designated high risk: 1997.

Area: DOD Support Infrastructure Management; 
Year designated high risk: 1997.

Area: Strategic Human Capital Management; 
Year designated high risk: 2001.

Area: U.S. Postal Service Transformation Efforts and Long-Term Outlook; 
Year designated high risk: 2001.

Area: Medicaid Program; 
Year designated high risk: 2003.

Area: Managing Federal Real Property; 
Year designated high risk: 2003.

Area: Modernizing Federal Disability Programs; 
Year designated high risk: 2003.

Area: Implementing and Transforming the Department of Homeland 
Security; 
Year designated high risk: 2003.

Area: Pension Benefit Guaranty Corporation Single-Employer Insurance 
Program; 
Year designated high risk: 2003.

Area: Establishing Appropriate and Effective Information-Sharing 
Mechanisms to Improve Homeland Security; 
Year designated high risk: 2005.

Area: DOD Approach to Business Transformation; 
Year designated high risk: 2005.

Area: DOD Personnel Security Clearance Program; 
Year designated high risk: 2005.

Area: Management of Interagency Contracting; 
Year designated high risk: 2005. 

Source: GAO.

[A] This area was formerly entitled DOD Inventory Management.

[B] One of the two high-risk areas that were consolidated to make this 
area--Collection of Unpaid Taxes--was designated high risk in 1990. The 
other area--Earned Income Credit Noncompliance--was designated high 
risk in 1995.

[C] IRS Financial Management has been incorporated into the IRS 
Business Systems Modernization high-risk area. Both areas were 
initially designated as high risk in 1995.

[End of table]

Eight of the 16 areas removed from the list over the years were among 
the 14 programs and operations we determined to be high risk at the 
outset of our efforts to monitor such programs. These results 
demonstrate that the sustained attention and commitment by the Congress 
and agencies to resolve serious, long-standing high-risk problems have 
paid off, as root causes of the government's exposure for half of our 
original high-risk list have been successfully addressed.

Historically, high-risk areas have been so designated because of 
traditional vulnerabilities related to their greater susceptibility to 
fraud, waste, abuse, and mismanagement. As our high-risk program has 
evolved, we have increasingly used the high-risk designation to draw 
attention to areas associated with broad-based transformations needed 
to achieve greater economy, efficiency, effectiveness, accountability, 
and sustainability of selected key government programs and operations. 
Perseverance by the executive branch is needed in implementing our 
recommended solutions for addressing these high-risk areas. Continued 
congressional oversight and, in some cases, additional legislative 
action will also be key to achieving progress, particularly in 
addressing challenges in broad-based transformations.

To determine which federal government programs and functions should be 
designated high risk, we used our guidance document, Determining 
Performance and Accountability Challenges and High Risks.[Footnote 2] 
In determining whether a government program or operation is high risk, 
we consider whether it involves national significance or a management 
function that is key to performance and accountability. We also 
consider whether the risk is: 

* an inherent problem, such as may arise when the nature of a program 
creates susceptibility to fraud, waste, and abuse, or: 

* a systemic problem, such as may arise when the programmatic; 
management support; or financial systems, policies, and procedures 
established by an agency to carry out a program are ineffective, 
creating a material weakness.

Further, we consider qualitative factors, such as whether the risk: 

* involves public health or safety, service delivery, national 
security, national defense, economic growth, or privacy or citizens' 
rights, or: 

* could result in significantly impaired service; program failure; 
injury or loss of life; or significantly reduced economy, efficiency, 
or effectiveness.

Before making a high-risk designation, we also consider the corrective 
measures an agency may have planned or under way to resolve a material 
control weakness and the status and effectiveness of these actions.

When legislative and agency actions, including those in response to our 
recommendations, result in significant and sustainable progress toward 
resolving a high-risk problem, we remove the high-risk designation. Key 
determinants here include a demonstrated strong commitment to and top 
leadership support for addressing problems, the capacity to do so, a 
corrective action plan, and demonstrated progress in implementing 
corrective measures.

The next section discusses how we applied our criteria in determining 
what areas to remove and to add since our last update in January 2003.

[End of section]

High-Risk Designations Removed: 

For this 2005 high-risk update, we determined that three high-risk 
areas warranted removal from the list. They are the Department of 
Education's (Education) Student Financial Aid Programs, Federal 
Aviation Administration (FAA) Financial Management, and the Department 
of Agriculture's (USDA) Forest Service Financial Management. We will, 
however, continue to monitor these programs, as appropriate, to ensure 
that the improvements we have noted are sustained.

Student Financial Aid Programs: 

In 1990, we designated student financial aid programs as high risk. 
Since then, in previous high-risk updates, we reported various 
problems, including poor financial management and weak internal 
controls, fragmented and inefficient information systems, and 
inadequate attention to program integrity as evidenced by high default 
rates and the numbers of ineligible students participating in the 
programs. In 1998, the Congress established Education's Office of 
Federal Student Aid (FSA) as the government's first performance-based 
organization, thus giving it greater flexibility to better address 
long-standing management weaknesses with student aid programs. In 2001, 
Education created a team of senior managers dedicated to addressing key 
financial and management problems throughout the agency, and in 2002, 
the Secretary of Education made removal from GAO's high-risk list a 
specific goal and listed it as a performance measure in Education's 
strategic plan. We reported in 2003 that Education had made important 
progress, but that it was too early to determine whether improvements 
would be sustained and that additional steps needed to be taken in 
several areas.

Since 2003, as discussed below, Education has sustained improvements in 
the financial management of student financial aid programs and taken 
additional steps to address our concerns about systems integration, 
reporting on defaulted loans, and human capital management. 
Furthermore, the agency has met many of our criteria for removing the 
high-risk designation. Education has demonstrated a strong commitment 
to addressing risks; developed and implemented corrective action plans; 
and, through its annual planning and reporting processes, monitored the 
effectiveness and sustainability of its corrective measures. Thus, 
while FSA needs to continue its progress and take additional steps to 
fully address some of our recommendations, we are removing the high-
risk designation from student financial aid programs.

FSA has sustained improvements to address its financial management and 
internal control weaknesses. FSA received an unqualified, or "clean," 
opinion on its financial statements for fiscal years 2002, 2003, and 
2004. In addition, the auditors indicated progress in addressing 
previously identified internal control weaknesses, with no material 
weaknesses[Footnote 3] reported in FSA's fiscal year 2003 and 2004 
audits. However, the auditors reported that FSA should continue to 
further strengthen these internal controls, which are related to the 
calculation and reporting of the loan liability activity and subsidy 
estimates as well as its information systems controls. FSA has also 
established processes to address several previously reported internal 
control weaknesses that made FSA vulnerable to improper payments in its 
grant and loan programs. For example, FSA has taken steps to better 
ensure that grants are not awarded to ineligible students and has 
implemented a process to identify and investigate schools for possible 
fraudulent activities or eligibility-related violations. Further, FSA 
addressed concerns we raised about students who were underreporting 
family income, by working with the Office of Management and Budget and 
the Department of the Treasury to draft legislation that would permit 
use of tax information to verify income reported on student aid 
applications.

FSA has taken further actions toward integrating its many disparate 
information systems. FSA has developed an integration strategy that 
focuses on achieving a seamless information exchange environment 
whereby users--students, educational institutions, and lenders--would 
benefit from simplified access to the agency's financial aid processes 
and more consistent and accurate data across its programs. FSA also has 
made progress toward establishing an enterprise architecture for 
guiding its systems integration efforts and has begun three efforts for 
reengineering its information-processing environment, which would 
consolidate and integrate most of its systems and move it closer to a 
seamless information exchange environment.

FSA also included action steps for achieving default management goals 
in its annual plan and has taken steps to help reduce the student loan 
default rate. In 2003, FSA created a work group that identified over 60 
default prevention and management initiatives and established a new 
organizational unit to focus on mitigating and reducing the risk of 
loss to the taxpayer from student obligations. FSA added information to 
its exit-counseling guide to help increase borrowers' awareness of the 
benefits of repaying their loans through electronic debiting accounts 
and prepayment options. In 2003, FSA reported a cohort default rate of 
5.4 percent for 2001, and defaulted loans as a percentage of total 
outstanding loans declined from 9.4 percent in 2001 to 7.6 percent in 
2003.

FSA is taking steps to address its human capital challenges. It 
developed a comprehensive human capital strategy that includes many of 
the practices of leading organizations and has addressed many of the 
issues we previously raised. For example, FSA identified challenges 
that it will likely face in coming years, such as likely retirements, 
and discussed recognized weaknesses, such as the need to develop the 
skills of staff and maintain the focus of the agency's leadership on 
human capital issues. FSA has also prepared a succession plan that 
addresses some of our concerns about the pending retirement of senior 
employees in key positions across the agency. Additionally, FSA has 
established several approaches to support staff development by revising 
its Skills Catalog, which should enable staff to independently plan 
their professional development; introducing online learning tools; 
offering a wide variety of internal courses; and providing funds for 
external courses.

FAA Financial Management: 

We first designated FAA financial management as high risk in 1999 
because the agency lacked accountability for billions of dollars in 
assets and expenditures due to serious weaknesses in its financial 
reporting, property, and cost accounting systems. These problems 
continued through fiscal year 2001, when FAA's financial management 
system required 850 adjustments totaling $41 billion in order to 
prepare FAA's annual financial statements. In addition, at that time, 
FAA could not accurately and routinely account for property totaling a 
reported $11.7 billion, and lacked the cost information necessary for 
decision making as well as to adequately account for its activities and 
major projects, such as the air traffic control modernization program. 
Also, while FAA received an unqualified audit opinion on its fiscal 
year 2001 financial statements, the auditor's report cited a material 
internal control weakness related to FAA's lack of accountability for 
its property and several other internal control weaknesses related to 
financial management issues.

At the time of our January 2003 high-risk report, FAA had made 
significant progress in addressing its financial management weaknesses, 
most importantly through ongoing efforts to develop a new financial 
management system called Delphi, including an integrated property 
accounting system, as well as initiatives to develop a new cost 
accounting system. However, these new systems were still under 
development and not yet operational. Therefore, it had yet to be seen 
whether the new systems would resolve the long-standing financial 
management issues that had resulted in our designation of FAA financial 
management as high risk. As a result, we retained FAA financial 
management as a high-risk area, while noting that significant progress 
was being made.

FAA management has continued to make progress since our January 2003 
high-risk report. Subsequent auditors' reports on FAA's financial 
statements for fiscal years 2002 and 2003 were unqualified, but 
continued to cite internal control weaknesses, although less severe 
than in prior years, related to FAA's then existing financial 
management systems. In fiscal year 2004, FAA implemented its new Delphi 
general ledger system, including an integrated property accounting 
system. FAA management was able to prepare financial statements for the 
fiscal year ended September 30, 2004, using these new systems, and 
FAA's auditors gave FAA an unqualified opinion on these financial 
statements. While the auditors reported several internal control 
weaknesses related to the implementation of the new financial 
management systems, none of these were considered to be material 
weaknesses, and FAA management, in responding to the auditor's report, 
indicated their full commitment to addressing these issues.

While the cost accounting system is still under development, progress 
has been made. The cost accounting interface with Delphi was completed 
in fiscal year 2004, and the labor distribution interface is expected 
to be completed in fiscal year 2005. For the first time, some cost 
accounting data, while not available on a monthly basis, was available 
shortly after the fiscal year end for the 12 months ended September 30, 
2004. FAA management has demonstrated its commitment to the full 
implementation of this system, devoting significant planning and 
resources to its completion and the monitoring of its implementation 
progress.

While it is important that FAA management continue to place a high 
priority on the cost system and, more importantly, ultimately to use 
cost information routinely in FAA decision making, FAA's progress in 
improving financial management overall since our January 2003 high-risk 
update has been sufficient for us to remove the high-risk designation 
for FAA financial management.

Forest Service Financial Management: 

We first designated USDA's Forest Service financial management as high 
risk in 1999 because the agency lacked accountability over billions of 
dollars in its two major assets--fund balance with the Department of 
the Treasury (Treasury) and property, plant, and equipment. Since the 
Forest Service is a major component of USDA, the lack of accountability 
over these two major assets contributed to disclaimers of opinions on 
USDA's consolidated financial statements. In addition, the Forest 
Service continued to have material weaknesses in its accounting and 
reporting of accounts receivable and accounts payable. This precluded 
the agency from knowing costs it had incurred and amounts owed to 
others throughout the year. These problems were further exacerbated by 
problems with the Forest Service's partial implementation of its new 
financial accounting system. This system was unable to produce certain 
critical budgetary and accounting reports that track obligations, 
assets, liabilities, revenues, and costs. Thus, these financial 
reporting weaknesses hampered management's ability to effectively 
manage operations, monitor revenue and spending levels, and make 
informed decisions about future funding needs.

The Forest Service's long-standing financial management deficiencies 
were also evident in the repeated negative opinions on its financial 
statements, including adverse opinions in fiscal years 1991, 1992, and 
1995. Due to the severity of its accounting and reporting deficiencies, 
the Forest Service did not prepare financial statements for fiscal year 
1996, but chose instead to focus on trying to resolve these problems. 
However, the Forest Service's pervasive material internal control 
weaknesses continued to plague the agency. In our 2001 high-risk 
update, we reported that the USDA Office of Inspector General (IG) was 
unable to determine the accuracy of the Forest Service's reported $3.1 
billion in net property, plant, and equipment, which represented 51 
percent of the agency's assets. We also reported that the IG was unable 
to verify fund balances with Treasury totaling $2.6 billion because the 
reconciliation of agency records with Treasury records had not been 
completed. Because of the severity of these and other deficiencies, the 
IG disclaimed from issuing opinions on the Forest Service's financial 
statements for fiscal years 1997 through 2001. In addition, we noted 
that the Forest Service's autonomous field structure hampered efforts 
to correct these accounting and financial reporting deficiencies. We 
also reported that the Forest Service had implemented its new 
accounting system agencywide. However, the system depended on and 
received data from feeder systems that were poorly documented, 
operationally complex, deficient in appropriate control processes, and 
costly to maintain.

In our 2003 high-risk report, while we highlighted that the Forest 
Service continued to have long-standing material control weaknesses, 
including weaknesses in its fund balance with Treasury and in property, 
plant, and equipment, we reported that the Forest Service had made 
progress toward achieving accountability by receiving its first 
unqualified opinion on its fiscal year 2002 financial statements. 
Although the Forest Service had reached an important milestone, it had 
not yet proved it could sustain this outcome, and had not reached the 
end goal of routinely producing timely, accurate, and useful financial 
information. As a result, we retained Forest Service financial 
management as a high-risk area.

In the past 2 years, the Forest Service has made additional progress, 
especially with respect to addressing several long-standing material 
internal control deficiencies. Based on our criteria for removing a 
high-risk designation, which includes a demonstrated strong commitment, 
corrective action plan, and progress in addressing deficiencies, we 
believe the Forest Service's overall improvement in financial 
management since our January 2003 high-risk update has been sufficient 
for us to remove Forest Service financial management from the high-risk 
list at this time. The Forest Service has resolved material 
deficiencies related to its fund balance with Treasury and in property, 
plant, and equipment, thus increasing accountability over its billions 
of dollars in assets, and USDA and the Forest Service received 
unqualified opinions on their fiscal year 2004 financial statements.

This does not mean that the Forest Service has no remaining challenges. 
For example, while we recognized its clean opinion for fiscal year 2002 
in our last update, subsequently, in fiscal year 2003, these financial 
statements had to be restated to correct material errors. The Forest 
Service also received a clean opinion for fiscal year 2003, but these 
financial statements had to be restated in fiscal year 2004 to again 
correct material misstatements. Frequent restatements to correct errors 
can undermine public trust and confidence in both the entity and all 
responsible parties. Further, the Forest Service continues to have 
material internal control weaknesses related to financial reporting and 
information technology security, and its financial management systems 
do not yet substantially comply with the Federal Financial Management 
Improvement Act of 1996.

However, the Forest Service has demonstrated a strong commitment to 
efforts under way or planned, that, if effectively implemented, should 
help to resolve many of its remaining financial management problems and 
move it toward sustainable financial management business processes. 
These efforts are designed to address internal control and 
noncompliance issues identified in audit reports, as well as 
organizational issues. For example, during fiscal year 2004, the Forest 
Service began reengineering and consolidating its finance, accounting, 
and budget processes. We believe these efforts, if implemented 
effectively, will provide stronger financial management, sustain 
positive audit results, and ensure compliance with federal financial 
reporting standards. Yet, it is important that USDA and Forest Service 
officials continue to place a high priority on addressing its remaining 
financial management problems, and we will continue to monitor their 
progress.

[End of section]

New High-Risk Areas: 

GAO's use of the high-risk designation to draw attention to the 
challenges associated with the economy, efficiency, and effectiveness 
of government programs and operations in need of broad-based 
transformation has led to important progress. We will also continue to 
identify high-risk areas based on the more traditional focus on fraud, 
waste, abuse, and mismanagement. Our focus will continue to be on 
identifying the root causes behind vulnerabilities, as well as actions 
needed on the part of the agencies involved and, if appropriate, the 
Congress.

For 2005, we have designated the following four new areas as high risk: 
Establishing Appropriate and Effective Information-Sharing Mechanisms 
to Improve Homeland Security, Department of Defense (DOD) Approach to 
Business Transformation, DOD Personnel Security Clearance Program, and 
Management of Interagency Contracting.

Establishing Appropriate and Effective Information-Sharing Mechanisms 
to Improve Homeland Security: 

Information is a crucial tool in fighting terrorism, and the timely 
dissemination of that information to the appropriate government agency 
is absolutely critical to maintaining the security of our nation. The 
ability to share security-related information can unify the efforts of 
federal, state, and local government agencies, as well as the private 
sector as appropriate, in preventing or minimizing terrorist attacks.

The 9/11 terrorist attacks heightened the need for comprehensive 
information sharing. Prior to that time, the overall management of 
information-sharing activities among government agencies and between 
the public and private sectors lacked priority, proper organization, 
coordination, and facilitation. As a result, the existing national 
mechanisms for collecting threat information, conducting risk analyses, 
and disseminating warnings were at an inadequate state of development 
for protecting the United States from coordinated terrorist attacks.

Information sharing for securing the homeland is a governmentwide 
effort involving multiple federal agencies, including but not limited 
to the Office of Management and Budget (OMB); the Departments of 
Homeland Security (DHS), Justice, State, and Defense; and the Central 
Intelligence Agency. Over the past several years, GAO has identified 
potential information-sharing barriers, critical success factors, and 
other key management issues that should be considered, including the 
processes, procedures, and systems to facilitate information sharing 
among and between government entities and the private sector.

Establishing an effective two-way exchange of information to detect, 
prevent, and mitigate potential terrorist attacks requires an 
extraordinary level of cooperation and perseverance among federal, 
state, and local governments and the private sector to establish 
timely, effective, and useful communications. Since 1998, GAO has 
recommended the development of a comprehensive plan for information 
sharing to support critical infrastructure protection efforts. The key 
components of this recommendation can be applied to broader homeland 
security and intelligence-sharing efforts, including clearly 
delineating the roles and responsibilities of federal and nonfederal 
entities, defining interim objectives and milestones, setting time 
frames for achieving objectives, and establishing performance measures.

In the absence of comprehensive information-sharing plans, many aspects 
of homeland security information sharing remain ineffective and 
fragmented. Accordingly, we are designating information sharing for 
homeland security as a governmentwide high-risk area because this area, 
while receiving increased attention, still faces significant 
challenges.

Since 2002, legislation,[Footnote 4] various national strategies, and 
executive orders have specified actions to improve information sharing 
for homeland security.

* The Homeland Security Act of 2002 (P.L. 107-296) included the 
following specific mechanisms intended to improve two-way information 
sharing: 

* The Critical Infrastructure Information Act of 2002 required the 
establishment of uniform procedures for the receipt, care, and storage 
of critical infrastructure information that is voluntarily submitted to 
the federal government. In February 2004, DHS issued an interim rule 
for comment.

* The Homeland Security Information Sharing Act required procedures for 
facilitating homeland security information sharing and established 
authorities to share different types of information, such as grand jury 
information; electronic, wire, and oral interception information; and 
foreign intelligence information. In July 2003, the President assigned 
these functions to the Secretary of Homeland Security,[Footnote 5] but 
no deadline was established for developing information-sharing 
procedures.

* In 2002 and 2003, the National Strategy for Homeland Security and its 
implementing strategies, the National Strategy to Secure Cyberspace and 
the National Strategy for the Physical Protection of Critical 
Infrastructures and Key Assets, also highlighted federal actions to 
promote two-way information sharing mechanisms.[Footnote 6]

* In September 2003, Homeland Security Presidential Directive (HSPD) 6 
called for the establishment of a terrorist screening center to 
develop, integrate, and maintain thorough, accurate, and current 
information about individuals known or appropriately suspected to be or 
to have been engaged in conduct constituting, in preparation for, in 
aid of, or related to terrorism.[Footnote 7]

* Issued in December 2003, HSPD 7 required that DHS (1) produce a 
national infrastructure protection plan summarizing initiatives for 
sharing information, including providing threat warning data to state 
and local governments and the private sector; and (2) establish 
appropriate systems, mechanisms, and procedures to share homeland 
security information with other federal departments and agencies, state 
and local governments, and the private sector in a timely 
manner.[Footnote 8]

* In August 2004, the President issued executive orders: 

* strengthening terrorism information sharing by (1) requiring 
establishment of common standards for the sharing of terrorism 
information within and among the intelligence and counterterrorism 
communities and appropriate authorities of state and local governments 
and (2) establishing a council chaired by OMB to plan for and oversee 
the establishment of automated terrorism information sharing among 
appropriate agencies[Footnote 9] and: 

* establishing a National Counterterrorism Center to serve as the 
primary organization in the federal government for analyzing and 
integrating intelligence possessed or acquired by the United States 
pertaining to terrorism and counterterrorism.[Footnote 10]

* In December 2004, the Intelligence Reform and Terrorism Prevention 
Act of 2004 (P.L. 108-458) required the establishment of (1) an 
information-sharing environment (ISE) as a means of facilitating the 
exchange of terrorism information among appropriate federal, state, 
local, and tribal entities, and the private sector; and (2) an 
information-sharing council to support the President and the ISE 
program manager with advice on developing policies, procedures, 
guidelines, roles, and standards necessary to implement and maintain 
the ISE.

In addition, federal agencies have taken steps to expand the mechanisms 
available for sharing information with and among key stakeholders.

* The Federal Bureau of Investigation (FBI) has acted to enhance its 
information sharing with state and local law enforcement officials, 
such as providing guidance and additional staffing. It has more than 
doubled the number of its Joint Terrorism Taskforces (JTTF), from 35 
prior to the September 11 attacks to 84 as of July 2004, and state and 
local law enforcement officials' participation on these task forces has 
also increased. The FBI has at least one JTTF in each of its 56 field 
locations and plans to expand that number to 100 JTTFs. The FBI also 
circulates declassified intelligence information through a weekly 
bulletin and provides threat information to state and local law 
enforcement officials via various database networks.

* In September 2004, we reported that 9 federal agencies identified 34 
major networks supporting homeland security functions--32 operational 
and 2 in development. For the networks for which cost estimates were 
available, the cost totaled approximately $1 billion per year for 
fiscal years 2003 and 2004. Among the networks identified, DHS's 
Homeland Secure Data Network appears to be a significant initiative for 
future sharing of classified homeland security information among 
civilian agencies and DOD.

The 9/11 Commission recognized that information sharing must be "guided 
by a set of practical policy guidelines that simultaneously empower and 
constrain officials, telling them clearly what is and is not 
permitted."[Footnote 11] While the wide range of executive and 
legislative branch actions is encouraging, significant challenges 
remain in developing the required detailed policies, procedures, and 
plans for sharing homeland security-related information. For example, 
DHS had not developed a plan detailing how it will manage its 
information-sharing responsibilities and relationships, including 
consideration of appropriate incentives for nonfederal entities to 
increase information sharing with the federal government, expand 
participation, and perform other specific tasks such as protecting 
critical infrastructure.[Footnote 12] HSPD 7 required that DHS develop 
such a plan by December 2004, however the plan remains under 
development.

The absence of such plans is exacerbated by the lack of established 
processes and procedures for disseminating homeland security 
information to the private sector. For example, without clear processes 
and procedures for rapidly sharing appropriate information, the ability 
of private sector entities to effectively design facility security 
systems and protocols can be impeded. In addition, the lack of sharing 
procedures can also limit the federal government's accurate assessment 
of nonfederal facilities' vulnerability to terrorist attacks.

Detailed plans are essential. For example, DHS has developed an initial 
version of an enterprise architecture to assist its efforts to 
integrate and share information among and between federal agencies and 
other entities; version 1.0 of its architecture does not, however, 
include many of the 34 networks that we identified as supporting 
homeland security information sharing.

Improving the standardization and consolidation of data can also 
promote better sharing. For example, in 2003 we found that goals, 
objectives, roles, responsibilities, and mechanisms for information 
sharing had not been consistently defined by the 9 federal agencies 
that maintain 12 key terrorist and criminal watch list systems. As a 
result, efforts to standardize and consolidate appropriate watch list 
data would be impeded by the existence of overlapping sets of data, 
inconsistent agency policies and procedures for the sharing of those 
data, and technical incompatibilities among the various watch list 
information systems. In addition, 2004 reports from the inspectors 
general at DHS and the Department of Justice highlight the challenges 
and slow pace of integrating and sharing information between 
fingerprint databases.[Footnote 13]

We have made numerous recommendations related to information sharing, 
particularly as they relate to fulfilling federal critical 
infrastructure protection responsibilities.[Footnote 14] For example, 
we have reported on the practices of organizations that successfully 
share sensitive or time-critical information, including establishing 
trust relationships, developing information-sharing standards and 
protocols, establishing secure communications mechanisms, and 
disseminating sensitive information appropriately. Federal agencies 
have concurred with our recommendations that they develop appropriate 
strategies to address the many potential barriers to information 
sharing. However, many federal efforts remain in the planning or early 
implementation stages.

A great deal of work remains to effectively implement the many actions 
called for to improve homeland security information sharing, including 
establishing clear goals, objectives, and expectations for the many 
participants in information-sharing efforts; and consolidating, 
standardizing, and enhancing federal structures, policies, and 
capabilities for the analysis and dissemination of information.

DOD Approach to Business Transformation: 

DOD spends billions of dollars each year to sustain key business 
operations that support our forces, including systems and processes 
related to acquisition and contract management, financial management, 
supply chain management, business systems modernization, and support 
infrastructure management--all of which appear individually on GAO's 
high-risk list. Recent and ongoing military operations in Afghanistan 
and Iraq and new homeland defense missions have led to newer and higher 
demands on our forces in a time of growing fiscal challenges for our 
nation. In an effort to better manage DOD's resources, the Secretary of 
Defense has appropriately placed a high priority on transforming force 
capabilities and key business processes.

For years, GAO has reported on inefficiencies and the lack of adequate 
transparency and appropriate accountability across DOD's major business 
areas, resulting in billions of dollars of wasted resources annually. 
Although the Secretary of Defense and senior leaders have shown 
commitment to business transformation, as evidenced by individual key 
initiatives related to acquisition reform, business modernization, and 
financial management, among others, little tangible evidence of actual 
improvement has been seen in DOD's business operations to date. 
Improvements have generally been limited to specific business process 
areas, such as DOD's purchase card program, and have resulted in the 
incorporation of many key elements of reform, such as increased 
management oversight and monitoring and results-oriented performance 
measures. However, DOD has not taken the steps it needs to take to 
achieve and sustain business reform on a broad, strategic, 
departmentwide and integrated basis. Among other things, it has not 
established clear and specific management responsibility, 
accountability, and control over overall business transformation-
related activities and applicable resources. In addition, DOD has not 
developed a clear strategic and integrated plan for business 
transformation with specific goals, measures, and accountability 
mechanisms to monitor progress, or a well-defined blueprint, commonly 
called an enterprise architecture, to guide and constrain 
implementation of such a plan. For these reasons, GAO, for the first 
time, is designating DOD's lack of an integrated strategic planning 
approach to business transformation as high risk.

DOD's current and historical approach to business transformation has 
not proven effective in achieving meaningful and sustainable progress 
in a timely manner. As a result, change is necessary in order to 
expedite the effort and increase the likelihood of success. For DOD to 
successfully transform its business operations, it will need a 
comprehensive and integrated business transformation plan; people with 
needed skills, knowledge, experience, responsibility, and authority to 
implement the plan; an effective process and related tools; and 
results-oriented performance measures that link institutional, unit, 
and individual performance goals and expectations to promote 
accountability for results. Over the last 3 years, GAO has made several 
recommendations that, if implemented effectively, could help DOD move 
forward in establishing the means to successfully address the 
challenges it faces in transforming its business operations. For 
example, GAO believes that DOD needs a full-time chief management 
officer (CMO) position, created through legislation, with 
responsibility and authority for DOD's overall business transformation 
efforts. This is a "good government" matter that should be addressed in 
a professional and nonpartisan manner. The CMO must be a person with 
significant authority and experience who would report directly to the 
Secretary of Defense. Given the nature and complexity of the overall 
business transformation effort, and the need for sustained attention 
over a significant period of time, this position should be a term 
appointment (e.g., 7 years) and the person should be subject to a 
performance contract. DOD has agreed with many of our recommendations 
and launched efforts intended to implement many of them, but progress 
to date has been slow.

DOD Personnel Security Clearance Program: 

Delays in completing hundreds of thousands of background investigations 
and adjudications (a review of investigative information to determine 
eligibility for a security clearance) have led us to add the DOD 
personnel security clearance program to our 2005 high-risk list. 
Personnel security clearances allow individuals to gain access to 
classified information that, in some cases, could reasonably be 
expected to cause exceptionally grave damage to national defense or 
foreign relations through unauthorized disclosure. Worldwide 
deployments, contact with sensitive equipment, and other security 
requirements have resulted in DOD having approximately 2 million active 
clearances. Problems with DOD's personnel security clearance process 
can have repercussions throughout the government because DOD conducts 
personnel security investigations and adjudications for industry 
personnel from 22 other federal agencies, in addition to performing 
such functions for its own service members, federal civilian employees, 
and industry personnel. While GAO's work on the clearance process has 
focused on DOD, clearance delays in other federal agencies suggest that 
similar impediments and their effects may extend beyond DOD.

Since at least the 1990s, GAO has documented problems with DOD's 
personnel security clearance process, particularly problems related to 
backlogs and the resulting delays in determining clearance eligibility. 
Since fiscal year 2000, DOD has declared its personnel security 
clearance investigations program to be a systemic weakness--a weakness 
that affects more than one DOD component and may jeopardize the 
department's operations--under the Federal Managers' Financial 
Integrity Act of 1982. An October 2002 House Committee on Government 
Reform report also recommended including DOD's adjudicative process as 
a material weakness. As of September 30, 2003 (the most recent data 
available), DOD could not estimate the full size of its backlog, but we 
identified over 350,000 cases exceeding established time frames for 
determining eligibility.

The negative effects of delays in determining security clearance 
eligibility are serious and vary depending on whether the clearance is 
being renewed or granted to an individual for the first time. Delays in 
renewing previously issued clearances can lead to heightened risk of 
national security breaches because the longer individuals hold a 
clearance, the more likely they are to be working with critical 
information and systems. Delays in issuing initial clearances can 
result in millions of dollars of additional costs to the federal 
government, longer periods of time needed to complete national 
security-related contracts, lost-opportunity costs if prospective 
employees decide to work elsewhere rather than wait to get a clearance, 
and diminishing quality of the work because industrial contractors may 
be performing government contracts with personnel who have the 
necessary security clearances but are not the most experienced and 
best-qualified personnel for the positions involved.

DOD has taken steps--such as hiring more adjudicators and authorizing 
overtime for adjudicative staff--to address the backlog, but a 
significant shortage of trained federal and private-sector 
investigative personnel presents a major obstacle to timely completion 
of cases. Other impediments to eliminating the backlog include the 
absence of an integrated, comprehensive management plan for addressing 
a wide variety of problems identified by GAO and others. In addition to 
matching adjudicative staff to workloads and working with the Office of 
Personnel Management (OPM) to develop an overall management plan, DOD 
needs to develop and use new methods for forecasting clearance needs 
and monitoring backlogs, eliminate unnecessary limitations on 
reciprocity (the acceptance of a clearance and access granted by 
another department, agency, or military service), determine the 
feasibility of implementing initiatives that could decrease the backlog 
and delays, and provide better oversight for all aspects of its 
personnel security clearance process.

The National Defense Authorization Act for Fiscal Year 2004 authorized 
the transfer of DOD's personnel security investigative function and 
over 1,800 investigative employees to OPM. The transfer is scheduled to 
take place in February 2005. While the transfer would eliminate DOD's 
responsibility for conducting the investigations, it would not 
eliminate the shortage of trained investigative personnel needed to 
address the backlog. Although DOD would retain the responsibility for 
adjudicating clearances, OPM would be accountable for ensuring the 
investigations are completed in a timely manner.

Management of Interagency Contracting: 

In recent years, federal agencies have been making a major shift in the 
way they procure many goods and services. Rather than spending a great 
deal of time and resources contracting for goods and services 
themselves, they are making greater use of existing contracts already 
awarded by other agencies. These contracts are designed to leverage the 
government's aggregate buying power and provide a much-needed 
simplified method for procuring commonly used goods and services. Thus, 
their popularity is gaining quickly. The General Services 
Administration (GSA) alone, for example, has seen a nearly tenfold 
increase in interagency contract sales since 1992, pushing the total 
sales mark up to $32 billion (see fig. 1). Other agencies, such as the 
Department of the Treasury and the National Institutes of Health, also 
sponsor interagency contracts.

Figure 1: Multiple Award Schedule Sales, Fiscal Years 1992 through 
2004: 

[See PDF for image]

Note: Dollars amounts are then-year dollars.

[End of figure]

These contract vehicles offer the benefits of improved efficiency and 
timeliness; however, they need to be effectively managed. If not 
properly managed, a number of factors can make these interagency 
contract vehicles high risk in certain circumstances: (1) they are 
attracting rapid growth of taxpayer dollars; (2) they are being 
administered and used by some agencies that have limited expertise with 
this contracting method; and (3) they contribute to a much more complex 
environment in which accountability has not always been clearly 
established. Use of these contracts, therefore, demands a higher degree 
of business acumen and flexibility on the part of the federal 
acquisition workforce than in the past. This risk is widely recognized, 
and the Congress and executive branch agencies have taken several steps 
to address it. However, the challenges associated with these contracts, 
recent problems related to their management, and the need to ensure 
that the government effectively implements measures to bolster 
oversight and control so that it is well positioned to realize the 
value of these contracts warrants designation of interagency 
contracting as a new high-risk area.

Interagency contracts are awarded under various authorities and can 
take many forms. Typically, they are used to provide agencies with 
commonly used goods and services, such as office supplies or 
information technology services. Agencies that award and administer 
interagency contracts usually charge a fee to support their operations. 
These types of contracts have allowed customer agencies to meet the 
demands for goods and services at a time when they face growing 
workloads, declines in the acquisition workforce, and the need for new 
skill sets.

Our work and that of some agency inspectors general has revealed 
instances of improper use of interagency contracts. For example, we 
recently reviewed contracts and task orders awarded by DOD and found 
some task orders under the GSA schedules that did not satisfy legal 
requirements for competition because the work was not within the scope 
of the underlying contracts.[Footnote 15] Similarly, the inspector 
general for the Department of the Interior found that task orders for 
interrogators and other intelligence services in Iraq were improperly 
awarded under a GSA schedule contract for information technology 
services.[Footnote 16] More broadly, the GSA inspector general 
conducted a comprehensive review of the contracting activities of GSA's 
Federal Technology Service (FTS), an entity that provides contracting 
services for agencies across the government, and reported that millions 
of dollars in fiscal year 2003 awards did not comply with laws and 
regulations.[Footnote 17] Administration officials have acknowledged 
that the management of interagency contracting needs to be improved.

Interagency contracting is being used more with regard to purchases of 
services, which have increased significantly over the past several 
years and now represent over half of federal contract spending. 
Agencies also are buying more sophisticated or complex services, 
particularly in the areas of information technology and professional 
and management support. In many cases, interagency contracts provide 
agencies with easy access to these services, but purchases of services 
require different approaches in describing requirements, obtaining 
competition, and overseeing contractor performance than purchases of 
goods. In this regard, we and others have reported on the failure to 
follow prescribed procedures designed to ensure fair prices when using 
schedule contracts to acquire services. At DOD, the largest customer 
for interagency contracts, we found that competition requirements were 
waived for a significant percentage of supply schedule orders we 
reviewed, frequently based on an expressed preference to retain the 
services of incumbent contractors. DOD concurred with our 
recommendations to develop guidance for the conditions under which 
waivers of competition may be used, require documentation to support 
waivers, and establish approval authority based on the value of the 
orders.[Footnote 18]

There are several causes of the deficiencies we and others have found 
with the use of interagency contracts, including the increasing demands 
on the acquisition workforce, insufficient training, and in some cases 
inadequate guidance. Two additional factors are worth noting. First, 
the fee-for-service arrangement creates an incentive to increase sales 
volume in order to support other programs of the agency that awards and 
administers an interagency contract. This may lead to an inordinate 
focus on meeting customer demands at the expense of complying with 
required ordering procedures. Second, it is not always clear where the 
responsibility lies for such critical functions as describing 
requirements, negotiating terms, and conducting oversight. Several 
parties--the requiring agency, the ordering agency, and in some cases 
the contractor--are involved with these functions. But, as the number 
of parties grows, so too does the need to ensure accountability.

The Congress and the administration have taken several steps to address 
the challenges of interagency contracting. In 2003, the Congress sought 
to improve contract oversight and execution by enacting the Services 
Acquisition Reform Act. The Act created a new chief acquisition officer 
position in many agencies and enhanced workforce training and 
recruitment. More recently, the Congress responded to the misuse of 
interagency contracting by requiring more intensive oversight of 
purchases under these contracts. In July 2004, GSA launched "Get It 
Right," an oversight and education program, to ensure that its largest 
customer, DOD, and other federal agencies properly use GSA's 
interagency contracts and its acquisition assistance services. Through 
this effort, GSA seeks to demonstrate a strong commitment to customer 
agencies' compliance with federal contracting regulations and, among 
other things, improve processes to ensure competition, integrity, and 
transparency. Additionally, to address workforce issues, OMB, GSA, and 
DOD officials have said they are developing new skills assessments, 
setting standards for the acquisition workforce, and coordinating 
training programs aimed at improving the capacity of the federal 
acquisition workforce to properly handle the growing and more complex 
workload of service acquisitions.

These recent actions are positive steps toward improving management of 
interagency contracting, but, as with other areas, some of these 
actions are in their early stages and others are still under 
development. In addition, it is too early to tell whether all of the 
corrective actions will be effectively implemented, although a recent 
limited review by the GSA Inspector General found some improvement at 
FTS from enhanced management controls. Our work on major management 
challenges indicates that specific and targeted approaches are also 
needed to address interagency contracting risks across the government. 
Ensuring the proper use of interagency contracts must be viewed as a 
shared responsibility of all parties involved. But this requires that 
specific responsibilities be more clearly defined. In particular, to 
facilitate effective purchasing through interagency contracts, and to 
help ensure the best value of goods and services, agencies must clarify 
roles and responsibilities and adopt clear, consistent, and enforceable 
policies and processes that balance the need for customer service with 
the requirements of contract regulations. Internal controls and 
appropriate performance measures help ensure that policies and 
processes are implemented and have the desired outcomes.

In addition, to be successful, efforts to improve the contracting 
function must be linked to agency strategic plans. As with other 
governmentwide high-risk areas, such as human capital and information 
security, effectively addressing interagency contract management 
challenges will require agency management to commit the necessary time, 
attention, and resources, as well as enhanced executive branch and 
congressional oversight. Making these investments has the potential to 
improve the government's ability to acquire high-quality goods and 
services in an efficient and effective manner, resulting in reduced 
costs, improved service delivery, and strengthened public trust.

[End of section]

Emerging Areas: 

In addition to specific areas that GAO has designated as high risk, 
there are other important broad-based challenges facing our government 
that are serious and merit continuing close attention. One area of 
increasing concern involves the need for the completion of 
comprehensive national threat and risk assessments in a variety of 
areas. For example, emerging requirements from the changing security 
environment, coupled with increasingly limited fiscal resources across 
the federal government, emphasize the need for agencies to adopt a 
sound approach to establishing realistic goals, evaluating and setting 
priorities, and making difficult resource decisions. GAO has advocated 
a comprehensive threat and/or risk management approach as a framework 
for decision making that fully links strategic goals to plans and 
budgets, assesses values and risks of various courses of actions as a 
tool for setting priorities and allocating resources, and provides for 
the use of performance measures to assess outcomes. Most prominently, 
two federal agencies with significant national security 
responsibilities--DHS and DOD--are still in the beginning stages of 
adopting a risk-based strategic framework for making important resource 
decisions involving billions of dollars annually. This lack of a 
strategic framework for investment decisions is one of the reasons that 
implementing and transforming DHS, and DOD's approach to business 
transformation, have been designated as high-risk areas. At the same 
time, this threat/risk assessment concept can be applied to a broad 
range of existing federal government programs, functions, and 
activities.

The relatively new DHS, with an annual budget of over $40 billion, has 
not completed risk assessments mandated by the Homeland Security Act of 
2002 to set priorities to help focus its resources where most needed. 
In performing its duties to protect the nation's critical 
infrastructure, DHS has not made clear the link between risk assessment 
and resource allocation, for example, what criteria it initially used 
to select assets of national importance and the basic strategy it uses 
to determine which assets warrant additional protective measures, and 
by how much these measures could reduce the risk to the nation. GAO has 
reviewed the work of several of DHS's component agencies that have 
taken some initial steps towards risk management, but much remains to 
be done. DHS's Immigration and Customs Enforcement (ICE), as a first 
step toward developing budget requests and workforce plans for fiscal 
year 2007 and beyond, has had its Office of Investigations field 
offices conduct baseline threat assessments to help identify risks. 
However, performance measures to assess how well a particular threat 
has been addressed were not used for workforce planning in ICE's fiscal 
year 2006 budget request. DHS's Customs and Border Protection (CBP) has 
taken steps to address the terrorism risks posed by oceangoing cargo 
containers. However, CBP has not performed a comprehensive set of 
assessments vital for determining the level of risk for oceangoing 
cargo containers and the types of responses necessary to mitigate that 
risk. The need to use a risk management approach has been a recurring 
theme in our previous work in transportation security. We reported in 
2003 that DHS's Transportation and Security Administration (TSA) 
planned to adopt a risk management approach. To date, including in our 
most recent work on general aviation security, we have found that TSA 
has not fully integrated this approach, which includes assessments of 
threat, vulnerability, and criticality, to help it prioritize its 
efforts. As a result, we have recommended that TSA continue its efforts 
to integrate a risk management approach into its processes.

DOD, with a budget of over $400 billion a year, exclusive of 
supplemental funding, is in the process of transforming its force 
capabilities and business processes. GAO has reported on limitations in 
DOD's strategic planning and budgeting, including the use of overly 
optimistic assumptions in estimating funding needs, often resulting in 
a mismatch between programs and budgets. In its strategic plan--the 
September 2001 Quadrennial Defense Review--DOD outlined a new risk 
management framework consisting of four dimensions of risk--force 
management, operational, future challenges, and institutional--to use 
in considering trade-offs among defense objectives and resource 
constraints. According to DOD, these risk areas are to form the basis 
for DOD's annual performance goals. They will be used to track 
performance results and will be linked to planning and resource 
decisions. As of December 2004, DOD was still in the process of 
implementing this approach departmentwide. It also remains unclear how 
DOD will use this approach to measure progress in achieving business 
and force transformation.

We believe that instilling a disciplined approach to identifying and 
managing risk has broad applicability across a wide range of federal 
programs, operations, and functions across the federal government. This 
will be a continuing focus of our work in the future. More generally, 
we will also continue to monitor other management challenges identified 
through our work, including those discussed in our January 2003 
Performance and Accountability Series: Major Management Challenges and 
Program Risks (GAO-03-95 through GAO-03-118). While not high risk at 
this time, these challenges warrant continued attention. For example, 
at the U.S. Census Bureau, a number of operational and managerial 
challenges loom large as the Bureau approaches its biggest enumeration 
challenge yet, the 2010 Census. The Census Bureau will undertake an 
important census test and make critical 2010 Census operational and 
design decisions in the coming months--and we will continue to closely 
monitor these challenges to assist the Congress in its oversight and 
the Bureau in its decision making.

[End of section]

Progress Being Made in Other High-Risk Areas: 

For other areas that remain on our 2005 high-risk list, there has been 
important but varying levels of progress, although not yet enough 
progress to remove these areas from the list. Top administration 
officials have expressed their commitment to maintaining momentum in 
seeing that high-risk areas receive adequate attention and oversight. 
Since our 2003 high-risk report, the Office of Management and Budget 
(OMB) has worked closely with a number of agencies that have high-risk 
issues, in many cases establishing action plans and milestones for 
agencies to complete needed actions to address areas that we have 
designated as high risk. Such a concerted effort by agencies and 
ongoing attention by OMB are critical; our experience over the past 15 
years has shown that perseverance is required to fully resolve high-
risk areas. The Congress, too, will continue to play an important role 
through its oversight and, where appropriate, through legislative 
action targeted at the problems and designed to address high-risk 
areas.

Examples of progress in other programs or operations that were 
previously designated as high risk are discussed below and in the 
highlights pages that follow this report section.

* Recognizing that federal agencies must transform their organizations 
to meet the new challenges of the 21st century and that their most 
important asset in this transformation is their people, GAO first added 
human capital management as a governmentwide high-risk issue in January 
2001 to help focus attention and resources on the need for human 
capital reform. Since then, the Congress and the agencies have made 
more progress in revising and redesigning human capital policies, 
processes, and systems than in the past quarter century. The Congress 
called on agencies to do a better and faster job of hiring the right 
people with the right skills to meet their critical missions, such as 
protecting the homeland, and gave the agencies new flexibilities to 
meet this challenge. The Congress also granted agencies, such as DOD 
and DHS, unprecedented flexibility to redesign their human capital 
systems, including designing new classification and compensation 
systems, which could serve as models for governmentwide change. 
However, effectively designing and implementing any resulting human 
capital systems will be of critical importance not just for these 
agencies, but for overall civil service reform. As part of the 
President's Management Agenda, the administration also made strategic 
human capital management one of its top five priorities and established 
a system for holding agencies accountable for achieving this change. 
Some agencies have begun to assess their future workforce needs and 
implement available flexibilities to meet those needs. As a result of 
the ongoing significant changes in how the federal workforce is 
managed, there is general recognition that there should be a framework 
to guide human capital reform built on a set of beliefs that entail 
fundamental principles and boundaries that include criteria and 
processes that establish checks and limitations when agencies seek and 
implement their authorities.

* The Postal Service (the Service) has made significant progress in 
improving its financial situation and implementing transformation 
initiatives to improve its financial viability since its transformation 
efforts and long-term outlook was designated as high risk in 2001. 
Several of its key achievements in the last 2 years include debt 
reduction of $9.3 billion, net income of $7 billion, productivity gains 
of 4.2 percent, the elimination of accumulated deficits, and reductions 
of about 45,000 in career employees. In addition, postal pension reform 
legislation was enacted to address a projected overfunding of the 
Service's pension obligation. The Congress also made progress in 
considering postal reform legislation, which, although not yet enacted, 
was approved by House and Senate oversight committees. However, key 
challenges remain, including generating revenues to offset declines in 
First-Class Mail volume, which generates revenues covering most of the 
Service's institutional costs; addressing large financial liabilities 
and obligations; achieving cost savings and productivity improvements, 
in part by restructuring its infrastructure and workforce; and 
addressing human capital challenges, such as succession planning and 
credible performance-based compensation systems. Further, postal 
reform remains a challenge that will require enactment of legislation 
by the Congress and leadership by the Service to effectively carry out 
its transformation.

* Since January 2003, the administration has taken several key steps to 
address long-standing problems in managing federal real property. 
First, in an effort to provide a governmentwide focus on federal real 
property issues, the President added the Federal Asset Management 
Initiative to the President's Management Agenda and signed Executive 
Order 13327 in February 2004. Under the order, agencies are to 
designate a senior real property officer to, among other things, 
identify and categorize owned and leased real property managed by the 
agency and develop agency asset management plans. Agencies such as DOD 
and the Department of Veterans Affairs (VA) have taken other actions--
DOD is preparing for a round of base realignments and closures in 2005, 
and in May 2004, VA announced a wide range of asset realignment 
decisions. These and other efforts are positive steps, but it is too 
early to judge whether the administration's focus on this area will 
have a lasting impact. The underlying conditions and related obstacles 
that led to GAO's high-risk designation continue to exist. Remaining 
obstacles include competing stakeholder interests in real property 
decisions, various legal and budget-related disincentives to optimal, 
businesslike, real property decisions, and the need for better capital 
planning among agencies.

* Since GAO designated modernizing federal disability programs as a 
high-risk area in 2003, the Social Security Administration (SSA) and VA 
have made some progress toward improving their disability programs. A 
key initiative involves SSA's proposal to improve the timeliness and 
accuracy of disability decisions and to foster return to work at all 
stages of the decision-making process. In addition, the Congress 
established a commission to study the appropriateness of veterans' 
benefits. Moreover, SSA and VA have both made some gains in timeliness 
in their disability claims decisions. While these actions have yielded 
some progress, SSA's and VA's disability programs still face 
significant challenges. For example, despite the slowdown in workforce 
growth nationwide, increased employment opportunities for persons with 
disabilities have been afforded by advances in medicine and technology 
and the growing expectation that people with disabilities can and do 
want to work. Nevertheless, federal disability programs remain grounded 
in outmoded concepts that equate medical conditions with work 
incapacity. In addressing these challenges, GAO believes that SSA and 
VA should take the lead in examining the fundamental causes of program 
problems and seek both the management and legislative solutions needed 
to transform their programs so that they are in line with the current 
state of science, medicine, technology, and labor market conditions. At 
the same time, these agencies should continue to develop and implement 
strategies for improving the accuracy, timeliness, and consistency of 
disability decision making.

* The Department of Health and Human Services and its Centers for 
Medicare & Medicaid Services (CMS) have made some progress to improve 
the fiscal integrity and oversight of the Medicaid program, which was 
designated high risk in 2003. For example, CMS has strengthened 
oversight of state financing schemes that have inappropriately boosted 
the federal share of Medicaid spending, by centralizing its review 
process and conducting targeted financial management reviews of states' 
programs. CMS also proposed last year that Medicaid payments to 
government facilities be limited to their actual costs--a 
recommendation that GAO earlier made to the Congress and that remains 
open. The results of these actions will need to be assessed to 
determine their effectiveness in improving the program's fiscal 
integrity, and more action is needed before the program's high-risk 
designation can be removed. For example, CMS did not take action in 
response to our recommendations intended to better ensure that state 
Medicaid demonstration programs, to expand coverage to certain 
populations, do not increase the federal government's costs beyond what 
they would have been without the demonstrations, a long-standing 
administration policy.

* The Department of Housing and Urban Development (HUD) has 
demonstrated commitment to and progress in addressing weaknesses in its 
Single-Family Mortgage Insurance and Rental Housing Assistance program 
areas. Specifically, HUD has acted to reduce the risk of financial loss 
by improving its oversight of lenders and appraisers and by increasing 
its use of foreclosure prevention tools. Further, HUD has continued to 
implement measures to reduce errors in rental subsidy payments and to 
improve the physical condition of HUD-assisted housing. However, HUD 
needs to continue strengthening the management and oversight of its 
single-family mortgage insurance programs to reduce the risk of 
insurance losses and its vulnerability to questionable payments for 
property management services. Further, it needs to continue in its 
efforts to ensure that rental housing assistance program subsidy 
payments are accurate and that subsidy recipients are eligible.

* Since the agency's inception in March 2003, DHS leadership has 
provided a foundation to maintain critical operations while undergoing 
transformation. DHS has worked to protect the homeland and secure 
transportation and borders, funded emergency preparedness improvements 
and emerging technologies, assisted law enforcement activities against 
suspected terrorists, and issued its first strategic plan. DHS has 
taken initial steps to address financial management weaknesses and is 
acquiring an integrated financial enterprise solution, recognized the 
need for and has begun to institutionalize a strategic management 
framework that addresses key information technology disciplines; and 
initiated strategic human capital planning efforts and published 
proposed regulations for a modern human capital management system. 
Concurrently, DHS is initiating corrective actions on a broad array of 
programmatic challenges that require sustained effort in areas such as 
transportation, cargo, and border security; tracking visitors; 
consolidating border security functions; updating outmoded 
capabilities in the Coast Guard fleet; and balancing homeland security 
with other missions, such as law enforcement and disaster planning. DHS 
must now follow through on these initial actions. Furthermore, in 
managing its transformation, DHS must overcome a number of significant 
challenges that as yet have not been adequately addressed. For example, 
annual goals and time frames are vague or missing; the capacity to 
achieve them is uncertain; and performance measures and plans to 
monitor, assess, and independently evaluate the effectiveness of 
corrective measures are not fully developed. Also, progress in forming 
effective partnerships with other governmental and private sector 
entities remains challenged in several critical areas, such as 
improving critical infrastructure protection and emergency 
preparedness. Importantly, DHS has also not completed legislatively 
mandated comprehensive threat and risk assessments to set priorities 
and to focus its limited resources to mitigate the greatest risk. DHS 
needs sustained leadership and a commitment to a strategy that 
incorporates accountability and oversight to succeed in its multiyear 
transformation. Failure to effectively address its management 
challenges and program risks could have serious consequences for our 
national security.

[End of section]

High-Risk Areas Consolidated: 

Collection of Unpaid Taxes and Earned Income Credit Noncompliance: 

We have combined our previous Collection of Unpaid Taxes and Earned 
Income Credit Noncompliance high-risk areas into an area titled 
Enforcement of Tax Laws. Collection of unpaid taxes was included in the 
first high-risk series report in 1990, with a focus on the backlog of 
uncollected debts owed by taxpayers. In 1995, we added Filing Fraud as 
a separate high-risk area, narrowing the focus of that high-risk area 
in 2001 to Earned Income Credit Noncompliance because of the 
particularly high incidence of fraud and other forms of noncompliance 
in that program. We expanded our concern about the Collection of Unpaid 
Taxes in our 2001 high-risk report to include not only unpaid taxes 
(including tax evasion and unintentional noncompliance) known to the 
Internal Revenue Service (IRS), but also the broader enforcement issue 
of unpaid taxes that IRS has not detected. We made this change because 
of declines in some key IRS collection actions as well as IRS's lack of 
information about whether those declines had affected voluntary 
compliance. Although the Congress dedicated a specific appropriation 
for Earned Income Credit compliance initiatives (both to curb 
noncompliance and encourage participation) in fiscal years 1998 through 
2003, with the 2004 budget the Congress returned to appropriating a 
single amount for IRS to allocate among its various tax law enforcement 
efforts.

In recent years, the resources IRS has been able to dedicate to 
enforcing the tax laws have declined, while IRS's enforcement workload-
-measured by the number of taxpayer returns filed--has continually 
increased. Accordingly, nearly every indicator of IRS's coverage of its 
enforcement workload has declined in recent years. Although in some 
cases workload coverage has increased, overall IRS's coverage of known 
workload is considerably lower than it was just a few years ago. 
Although many suspect that these trends have eroded taxpayers' 
willingness to voluntarily comply--and survey evidence suggests this 
may be true--the cumulative effect of these trends is unknown because 
new research into the level of taxpayer compliance is only now being 
completed by IRS after a long hiatus. Further, IRS's workload has grown 
ever more complex as the tax code has grown more complex. Complexity 
creates a fertile ground for those intentionally seeking to evade taxes 
and often trips others into inadvertent noncompliance. IRS is 
challenged to administer and explain each new provision, thus absorbing 
resources that otherwise might be used to enforce the tax laws.

Concurrently, other areas of particularly serious noncompliance have 
gained the attention of IRS and the Congress--such as abusive tax 
shelters and schemes employed by businesses and wealthy individuals 
that often involve complex transactions that may span national 
boundaries. Given the broad declines in IRS's enforcement workforce, 
IRS's decreased ability to follow up on suspected noncompliance, the 
emergence of sophisticated evasion concerns, and the unknown effect of 
these trends on voluntary compliance, IRS is challenged on virtually 
all fronts in attempting to ensure that taxpayers fulfill their 
obligations. IRS's success in overcoming these challenges becomes ever 
more important in light of the nation's large and growing fiscal 
pressures. Accordingly, we believe the focus of concern on the 
enforcement of tax laws is not confined to any one segment of the 
taxpaying population or any single tax provision. Our designation of 
the enforcement of tax laws as a high-risk area embodies this broad 
concern.

IRS Business Systems Modernization and IRS Financial Management: 

IRS has long relied on obsolete automated systems for key operational 
and financial management functions, and its attempts to modernize these 
aging computer systems span several decades. This long history of 
continuing delays and design difficulties and their significant impact 
on IRS's operations led GAO to designate IRS's systems modernization 
activities and its financial management as high-risk areas in 1995. 
Since that time, IRS has made progress in improving its financial 
management, such as enhancing controls over hard copy tax receipts and 
data and budgetary activity, and improving the accuracy of property 
records. Additionally, for the past 5 years, IRS has received clean 
audit opinions on its annual financial statements and, for the past 3 
years, has been able to achieve this within 45 days of the end of the 
fiscal year. However, IRS still needs to replace its outdated financial 
management systems, which is part of its business systems modernization 
program. Accordingly, since the resolution of IRS's remaining most 
serious and intractable financial management problems largely depends 
upon the success of IRS's business systems modernization efforts, and 
since we have continuing concerns related to this program, we are 
combining our two previous high-risk areas into one Business Systems 
Modernization high-risk area.

[End of section]

Highlights for Each High-Risk Area: 

Overall, the government continues to take high-risk problems seriously 
and is making long-needed progress toward correcting them. The Congress 
has also acted to address several individual high-risk areas through 
hearings and legislation. Continued perseverance in addressing high-
risk areas will ultimately yield significant benefits. Lasting 
solutions to high-risk problems offer the potential to save billions of 
dollars, dramatically improve service to the American public, 
strengthen public confidence and trust in the performance and 
accountability of our national government, and ensure the ability of 
government to deliver on its promises.

We have prepared highlights of each of the 25 high-risk areas on our 
updated list, showing (1) why the area is high risk, (2) the actions 
that have been taken and that are under way to address the problem 
since our last update report as well as the issues that are yet to be 
resolved, and (3) what remains to be done to address the risk. These 
highlights are presented on the following pages.

Finally, we have compiled lists of GAO products issued since January 
2003 related to the major management challenges identified in the 2003 
Performance and Accountability Series. These lists, accompanied by 
narratives describing the related major management challenges, are 
available on our Web site at [Hyperlink, http://www.gao.gov/pas/2005]. 

HIGH-RISK SERIES:

Strategic Human Capital Management:

GAO Highlights:

For additional information about this high-risk area, contact J. 
Christopher Mihm at (202) 512-6806 or mihmj@gao.gov.

Why Area Is High Risk:

In 2001, GAO designated strategic human capital management as a high-
risk area because of the federal government's long-standing lack of a 
consistent strategic approach to marshaling, managing, and maintaining 
the human capital needed to maximize government performance and ensure 
its accountability. The area remains high risk because federal human 
capital strategies are still not appropriately constituted to meet 
current and emerging challenges or drive the transformations necessary 
for agencies to meet these challenges. For example, human capital 
considerations are a critical element for the intelligence 
organizations and related homeland security organizations that are 
undergoing a fundamental transformation in the aftermath of September 
11, 2001.

What GAO Found:

The executive branch and the Congress have taken a number of steps to 
address the federal government's human capital shortfalls. For example, 
in 2001, the President's Management Agenda identified human capital 
management as a top priority, and recently the Office of Management and 
Budget reported that agencies are making improvements in addressing key 
human capital challenges. The Congress also sought to elevate human 
capital issues within federal agencies in part by creating the Chief 
Human Capital Officer positions and a Council to advise and assist 
agency leaders in their human capital efforts. The Congress has 
provided several agencies--most notably the Departments of Homeland 
Security and Defense--authorities to design and manage their human 
capital systems. Effective design and implementation of any resulting 
new policies and procedures is of critical importance. The Congress 
also recently provided agencies across the executive branch with 
additional human capital flexibilities, such as specific hiring 
authorities, and the Office of Personnel Management is working with the 
agencies to make the government more competitive for top talent by 
speeding up the hiring process. In addition, the Congress and the 
administration together have reformed the performance management and 
compensation systems for senior executives to better link the 
institutional, unit, and individual performance and reward systems.

While more progress in addressing human capital challenges has been 
made in the last few years than in the previous 25, ample opportunities 
exist for agencies to improve their strategic human capital management 
to achieve results and respond to current and emerging challenges:

* Leadership: Agencies need sustained leadership to provide the focused 
attention essential to completing multiyear transformations.

* Strategic Human Capital Planning: Agencies need effective strategic 
workforce plans to identify and focus their human capital investments 
on the long-term issues that best contribute to results.

* Acquiring, Developing, and Retaining Talent: Agencies need to 
continue to create effective hiring processes and use flexibilities and 
incentives to retain critical talent and reshape their workforces.

* Results-Oriented Organizational Cultures: Agencies need to reform 
their performance management systems so that pay and awards are linked 
to performance and organizational results.

Significant changes in how the federal workforce is managed are under 
way, and, consequently, there is general recognition that there needs 
to be a framework to guide human capital reform built on a set of 
beliefs and boundaries. Beliefs entail the fundamental principles that 
should govern all approaches to human capital reform and should not be 
altered or waived by agencies seeking human capital authorities. 
Boundaries include the criteria and processes that establish the checks 
and limitations when agencies seek and implement human capital 
authorities.

What Remains to Be Done:

Agencies--working with the Congress and OPM--must assess future 
workforce needs, especially in light of long-term fiscal challenges; 
determine ways to make maximum use of available authorities to recruit, 
hire, develop, and retain key talent to meet their needs; build a 
business case to request additional authorities as appropriate; and 
reform performance management systems to better link organizational and 
individual results. There is also a need to continue to develop a 
governmentwide framework for human capital reform that the Congress and 
the administration can implement to enhance performance, ensure 
accountability, and position the nation for the future.

Related Products:

Strategic Human Capital Management:

Leadership:

Highlights of a GAO and National Commission on the Public Service 
Implementation Initiative Forum on Human Capital: Principles, Criteria, 
and Processes for Governmentwide Federal Human Capital Reform. GAO-05-
69SP. Washington, D.C.: December 1, 2004.

Intelligence Reform: Human Capital Considerations Critical to 9/11 
Commission's Proposed Reforms. GAO-04-1084T. Washington, D.C.: 
September 14, 2004.

Human Capital: Building on the Current Momentum to Transform the 
Federal Government. GAO-04-976T. Washington, D.C.: July 20, 2004.

Human Capital: Observations on Agencies' Implementation of the Chief 
Human Capital Officers Act. GAO-04-800T. Washington, D.C.: May 18, 
2004.

Strategic Human Capital Planning:

Human Capital: Key Principles for Effective Strategic Workforce 
Planning. GAO-04-39. Washington, D.C.: December 11, 2003.

Human Capital: Succession Planning and Management Is Critical Driver of 
Organizational Transformation. GAO-04-127T. Washington, D.C.: October 
1, 2003.

Human Capital: Insights for U.S. Agencies from Other Countries' 
Succession Planning and Management Initiatives. GAO-03-914. 
Washington, D.C.: September 15, 2003.

Acquiring, Developing, and Retaining Talent:

Human Capital: Increasing Agencies' Use of New Hiring Flexibilities. 
GAO-04-959T. Washington, D.C.: July 13, 2004.

Human Capital: Additional Collaboration Between OPM and Agencies Is Key 
to Improved Federal Hiring. GAO-04-797. Washington, D.C.: June 7, 2004.

Human Capital: A Guide for Assessing Strategic Training and Development 
Efforts in the Federal Government. GAO-04-546G. Washington, D.C.: March 
2004.

Results-Oriented Organizational Cultures:

Human Capital: Senior Executive Performance Management Can Be 
Significantly Strengthened to Achieve Results. GAO-04-614. Washington, 
D.C.: May 26, 2004.

Human Capital: Implementing Pay for Performance at Selected Personnel 
Demonstration Projects. GAO-04-83. Washington, D.C.: January 23, 2004.

Results-Oriented Cultures: Creating a Clear Linkage between Individual 
Performance and Organizational Success. GAO-03-488. Washington, D.C.: 
March 14, 2003.

See www.gao.gov for numerous speeches and presentations from the 
Comptroller General on human capital challenges in general and as they 
apply to specific agencies.

HIGH-RISK SERIES:

U.S. Postal Service Transformation Efforts and Long-Term Outlook:

GAO Highlights:

For additional information about this high-risk area, contact Katherine 
Siggerud at (202) 512-2834 or siggerudk@gao.gov.

Why Area Is High Risk:

In April 2001, GAO designated U.S. Postal Service's transformation 
efforts and long-term outlook as a high-risk area due to growing risk 
that the Service would not be able to continue providing universal 
postal service at reasonable rates while remaining self-supporting 
through postal revenues. This inclusion on GAO's high-risk list was 
intended to focus needed attention on the dilemmas facing the Service 
before the situation escalates into a crisis, where the options for 
action may be more limited and costly.

The Service has since taken steps to address its problems, and a 
presidential commission has reported on the need for far-reaching 
changes, including legislative reform. However, reform legislation has 
not yet been enacted and the underlying conditions that led to the 
high-risk designation continue to exist. Thus, the Service's 
transformation efforts and long-term outlook remains on GAO's high-risk 
list.

What GAO Found:

The Postal Service's financial viability is at risk because its 
business model--which relies on mail volume growth to mitigate rate 
increases and cover its costs--is not sustainable in an increasingly 
competitive environment, given new and emerging technologies. 
Financial, operational, governance, and human capital challenges 
threaten the Service's ability to remain self-supporting while 
providing affordable, high-quality, and universal postal service. Key 
trends that demonstrate the need for reform include declining mail 
volume, particularly for First-Class Mail; changes in the mail mix from 
high-margin to lower-margin products; changing demographics of the 
aging postal workforce; growing competition from private delivery 
companies; and projected revenue declines while expenses increase. The 
Service continues to face challenges in addressing its large financial 
liabilities and obligations (e.g., retiree health obligations), as well 
as in restructuring its infrastructure and workforce to become more 
efficient and performance based.

First-Class Mail Volume Growth, Fiscal Years 1984 through 2004:

[See PDF for image]

[End of figure]

The Service has recently cut costs and improved productivity, but it is 
not clear how the Service will realign its outdated infrastructure and 
modernize its workforce policies and practices to achieve additional 
long-term productivity gains. The Service has stated that it is using 
an evolutionary approach to transform its infrastructure and workforce. 
However, little information is available about its plans for this 
important effort. Many questions remain as to whether such an 
incremental approach will be sufficiently comprehensive, integrated, 
and responsive to the increasing pace of change in technology and 
competition affecting the Service's core business. Without bold action 
and better communication, the Service risks falling short of achieving 
the major productivity gains needed to offset rising costs and maintain 
quality service and affordable rates. Further, the Congress has not yet 
enacted comprehensive postal reform legislation that addresses the 
Service's key structural and systemic deficiencies, including its 
unfunded obligation for retiree health benefits and the escrow 
requirement. Without such action, the accessibility and affordability 
of postal services to the American people is at risk, which could 
result in dramatic increases in postal rates or a costly taxpayer 
bailout.

What Remains to Be Done:

To preserve its mission and financial viability and meet its key 
challenges, the Service needs to take bold action and better 
communicate how it plans to realign its infrastructure and workforce. 
Also, GAO continues to believe that comprehensive postal reform 
legislation is needed to clarify the Service's mission and role; 
enhance governance, transparency, and accountability; improve 
regulation of postal rates and oversight; address long-term financial 
obligations; and make human capital reforms.

Related Products:

U.S. Postal Service Transformation Efforts and Long-Term Outlook:

GAO Products:

U.S. Postal Service: USPS Needs to Clearly Communicate How Postal 
Services May Be Affected by Its Retail Optimization Plans. GAO-04-803. 
Washington, D.C.: July 13, 2004.

Postal Service: Progress in Implementing Supply Chain Management 
Initiatives. GAO-04-540. Washington, D.C.: May 17, 2004.

U.S. Postal Service: Key Reasons for Postal Reform. GAO-04-565T. 
Washington, D.C.: March 23, 2004.

Need for Comprehensive Postal Reform. GAO-04-455R. Washington, D.C.: 
February 6, 2004.

U.S. Postal Service: Key Elements of Comprehensive Postal Reform. GAO-
04-397T. Washington, D.C.: January 28, 2004.

Postal Pension Funding Reform: Issues Related to the Postal Service's 
Proposed Use of Pension Savings. GAO-04-238. Washington, D.C.: November 
26, 2003.

Postal Pension Funding Reform: Review of Military Service Funding 
Proposals. GAO-04-281. Washington, D.C.: November 26, 2003.

U.S. Postal Service: Bold Action Needed to Continue Progress on Postal 
Transformation. GAO-04-108T. Washington, D.C.: November 5, 2003.

Federal Real Property: Vacant and Underutilized Properties at GSA, VA, 
and USPS. GAO-03-747. Washington, D.C.: August 19, 2003.

U.S. Postal Service: A Primer on Postal Worksharing. GAO-03-927. 
Washington, D.C.: July 31, 2003.

U.S. Postal Service: Key Postal Transformation Issues. GAO-03-812T. 
Washington, D.C.: May 29, 2003.

Review of the Office of Personnel Management's Analysis of the United 
States Postal Service's Funding of Civil Service Retirement System 
Costs. GAO-03-448R. Washington, D.C.: January 31, 2003.

Other Products: President's Commission on the United States Postal 
Service:

Embracing the Future: Making the Tough Choices to Preserve Universal 
Mail Service. http://www.treas.gov/offices/domestic-finance/usps/ 
Washington, D.C.: July 31, 2003.

For more information on U.S. Postal Service major management 
challenges, see http://www.gao.gov/pas/2005/postal.htm.

HIGH-RISK SERIES:

Protecting the Federal Government's Information Systems and the 
Nation's Critical Infrastructures:

GAO Highlights:

Why Area Is High Risk:

For additional information about this high-risk area, contact Joel 
Willemssen at (202) 512-6253 or willemssenj@gao.gov.

What GAO Found:

With the enactment of the Federal Information Security Management Act 
of 2002 (FISMA), the Congress continued its work to improve federal 
information security by permanently authorizing and strengthening key 
information security requirements. The administration has also made 
progress through a number of efforts, including the Office of 
Management and Budget's emphasis on information security in the budget 
process.

However, significant information security weaknesses at federal 
agencies continue to place a broad array of federal operations and 
assets at risk of fraud, misuse, and disruption. Although recent 
reporting by these agencies showed some improvements, GAO found that 
many agencies still have not established information security programs 
consistent with FISMA's overall requirement to develop, document, and 
implement an agencywide information security program. For example, 
agencies are not consistently:

* performing periodic risk assessments,

* developing and maintaining current security plans,

* creating and testing contingency plans, or:

* evaluating and monitoring the effectiveness of security controls.

Federal efforts have been taken to protect our nation's critical public 
and private information infrastructures. For example, federal policy 
emphasizes the importance of cooperative efforts among state and local 
governments and the private sector to protect these information 
infrastructures, and has established specific cyber responsibilities 
for the Department of Homeland Security and other federal agencies 
involved with the private sector in CIP. In addition, the federal 
government has led efforts to research and develop (R&D) new 
technologies; coordinate responses to incidents, threats, and 
vulnerabilities; and develop analysis and warnings capabilities related 
to critical information infrastructures. However, this area remains 
high risk as the federal government continues to face the critical 
challenges shown below.

Challenges to Effective Cyber Critical Infrastructure Protection:

Challenge: Policy and guidance; 
Description: Developing a comprehensive and coordinated national plan 
to facilitate CIP that clearly delineates the roles and 
responsibilities of federal and nonfederal CIP entities, defines 
interim objectives and milestones, sets time frames for achieving 
objectives, and establishes performance measures.

Challenge: Trusted relationships; 
Description: Developing productive relationships within the federal 
government and between the federal government and state and local 
governments and the private sector.

Challenge: Analysis and warning capabilities; 
Description: Improving the federal government's capabilities to analyze 
incident, threat, and vulnerability information obtained from numerous 
sources and share appropriate, timely, and useful warnings and other 
information concerning both cyber and physical threats to federal and 
nonfederal entities.

Challenge: Information sharing incentives; Description: Providing 
appropriate incentives for nonfederal entities to increase information 
sharing with the federal government and enhance other CIP efforts.

Source: GAO.

[End of table]

What Remains to Be Done:

Federal agencies and our nation's critical infrastructures--such as 
power distribution, water supply, telecommunications, national 
defense, and emergency services--rely extensively on computerized 
information systems and electronic data to carry out their missions. 
The security of these systems and data is essential to preventing data 
tampering, disruptions in critical operations, fraud, and inappropriate 
disclosure of sensitive information. Protecting federal computer 
systems and the systems that support critical infrastructures--referred 
to as cyber critical infrastructure protection, or cyber CIP--is a 
continuing concern. Federal information security has been on GAO's list 
of high-risk areas since 1997; in 2003, GAO expanded this high-risk 
area to include cyber CIP. The continued risks to information systems 
include the escalating threat of computer security incidents, the ease 
of obtaining and using hacking tools, the steady advance in the 
sophistication and effectiveness of attack technology, and the 
emergence of new and more destructive attacks.

Related Products:

Protecting the Federal Government's Information Systems and the 
Nation's Critical Infrastructures:

Critical Infrastructure Protection: Improving Information Sharing with 
Infrastructure Sectors. GAO-04-780. Washington, D.C.: July 9, 2004.

Information Security: Agencies Need to Implement Consistent Processes 
in Authorizing Systems for Operation. GAO-04-376. Washington, D.C.: 
June 28, 2004.

Information Security: Continued Action Needed to Improve Software Patch 
Management. GAO-04-706. Washington, D.C.: June 2, 2004.

Information Security: Information System Controls at the Federal 
Deposit Insurance Corporation. GAO-04-630. Washington, D.C.: May 28, 
2004.

Technology Assessment: Cybersecurity for Critical Infrastructure 
Protection. GAO-04-321. Washington, D.C.: May 28, 2004.

Information Security: Continued Efforts Needed to Sustain Progress in 
Implementing Statutory Requirements. GAO-04-483T. Washington, D.C.: 
March 16, 2004.

Critical Infrastructure Protection: Challenges and Efforts to Secure 
Control Systems. GAO-04-354. Washington, D.C.: March 15, 2004.

Information Security: Technologies to Secure Federal Systems. GAO-04-
467. Washington, D.C.: March 9, 2004.

Information Security: Further Efforts Needed to Address Serious 
Weaknesses at USDA. GAO-04-154. Washington, D.C.: January 30, 2004.

Information Security: Improvements Needed in Treasury's Security 
Management Program. GAO-04-77. Washington, D.C.: November 14, 2003.

Information Security: Computer Controls over Key Treasury Internet 
Payment System. GAO-03-837. Washington, D.C.: July 30, 2003.

FDIC Information Security: Progress Made but Existing Weaknesses Place 
Data at Risk. GAO-03-630. Washington, D.C.: June 18, 2003.

Information Security: Progress Made, but Weaknesses at the Internal 
Revenue Service Continue to Pose Risks. GAO-03-44. Washington, D.C.: 
May 30, 2003.

Information Security: Progress Made, but Challenges Remain to Protect 
Federal Systems and the Nation's Critical Infrastructures. GAO-03-564T. 
Washington, D.C.: April 8, 2003.

Critical Infrastructure Protection: Efforts of the Financial Services 
Sector to Address Cyber Threats. GAO-03-173. Washington, D.C.: January 
30, 2003.

HIGH-RISK SERIES:

Managing Federal Real Property:

GAO Highlights:

For additional information about this high-risk area, contact Mark 
Goldstein at (202) 512-2834 or goldsteinm@gao.gov.

Why Area Is High Risk:

In January 2003, GAO designated federal real property as a high-risk 
area due to long-standing problems with excess and underutilized 
property, deteriorating facilities, unreliable real property data, and 
costly space challenges. Federal agencies were also facing many 
challenges in protecting their facilities due to the threat of 
terrorism.

To date, the underlying conditions that led to the designation 
continue, and more remains to be done to address these problems and the 
obstacles that prevent agencies from solving them. As a result, this 
area remains high risk.

What GAO Found:

The federal real property portfolio is vast and diverse--over 30 
agencies control hundreds of thousands of real property assets 
worldwide, including facilities and land worth hundreds of billions of 
dollars. Unfortunately, many of these assets are no longer effectively 
aligned with, or responsive to, agencies' changing missions. Further, 
many assets are in an alarming state of deterioration; agencies have 
estimated restoration and repair needs to be in the tens of billions of 
dollars. Compounding these problems are the lack of reliable 
governmentwide data for strategic asset management; a heavy reliance on 
costly leasing, instead of ownership, to meet new needs; and the cost 
and challenge of protecting these assets against terrorism.

In February 2004, the President added the Federal Asset Management 
Initiative to the President's Management Agenda and signed Executive 
Order 13327. The order requires senior real property officers at all 
executive branch departments and agencies to, among other things, 
prioritize actions needed to improve the operational and financial 
management of the agency's real property inventory. A new Federal Real 
Property Council at the Office of Management and Budget (OMB) has 
developed guiding principles for real property asset management and is 
also developing performance measures, a real property inventory 
database, and an agency asset management planning process. In addition 
to these reform efforts, agencies such as the Departments of Defense 
(DOD) and Veterans Affairs (VA) have made progress in addressing long-
standing federal real property problems. For example, DOD is preparing 
for a round of base realignment and closures in 2005. Also, in May 
2004, VA announced a wide range of asset realignment decisions.

These and other efforts are positive steps, but it is too early to 
judge whether the administration's focus on this area will have a 
lasting impact. The underlying conditions and related obstacles that 
led to GAO's high-risk designation continue to exist. Remaining 
obstacles include competing stakeholder interests in real property 
decisions; various legal and budget-related disincentives to optimal, 
businesslike, real property decisions; and the need for better capital 
planning among agencies.

Examples of Vacant GSA, VA, and USPS Facilities:

[See PDF for image]

[End of figure]

What Remains to Be Done:

Since January 2003, some important efforts to address the problems have 
been initiated by the administration and executive agencies, including 
a Presidential Executive Order on real property reform and OMB's 
development of guiding principles for real property asset management.

The executive order is clearly a positive step. However, it has not 
been fully implemented, and GAO continues to believe that there is a 
need for a comprehensive, integrated transformation strategy for real 
property. In addition, further actions are necessary to address the 
underlying problems and related obstacles, including competing 
stakeholder interests in real property decisions and legal and budget-
related disincentives to optimal, businesslike, real property 
decisions.

Related Products:

Managing Federal Real Property:

Homeland Security: Further Actions Needed to Coordinate Federal 
Agencies' Protection Efforts and Promote Key Practices. GAO-05-49. 
Washington, D.C.: November 30, 2004.

Embassy Construction: Achieving Concurrent Construction Would Help 
Reduce Costs and Meet Security Goals. GAO-04-952. Washington, D.C.: 
September 28, 2004.

Homeland Security: Transformation Strategy Needed to Address Challenges 
Facing the Federal Protective Service. GAO-04-537. Washington, D.C.: 
July 14, 2004.

U.S. Postal Service: Key Elements of Comprehensive Postal Reform. GAO-
04-397T. Washington, D.C.: January 28, 2004.

Budget Issues: Agency Implementation of Capital Planning Principles Is 
Mixed. GAO-04-138. Washington, D.C.: January 16, 2004.

Embassy Construction: State Department Has Implemented Management 
Reforms, but Challenges Remain. GAO-04-100. Washington, D.C.: November 
4, 2003.

Federal Real Property: Actions Needed to Address Long-standing and 
Complex Problems. GAO-04-119T. Washington, D.C.: October 1, 2003.

National Park Service: Efforts Underway to Address Its Maintenance 
Backlog. GAO-03-1177T. Washington, D.C: September 27, 2003.

Federal Real Property: Vacant and Underutilized Properties at GSA, VA, 
and USPS. GAO-03-747. Washington, D.C.: August 19, 2003.

VA Health Care: Framework for Analyzing Capital Asset Realignment for 
Enhanced Services Decisions. GAO-03-1103R. Washington, D.C.: August 18, 
2003.

Military Base Closures: Better Planning Needed for Future Reserve 
Enclaves. GAO-03-723. Washington, D.C.: June 27, 2003.

Military Housing: Opportunities That Should Be Explored to Improve 
Housing and Reduce Costs for Unmarried Junior Servicemembers. GAO-03-
602. Washington, D.C.: June 10, 2003.

Federal Real Property: Executive and Legislative Actions Needed to 
Address Long-standing and Complex Problems. GAO-03-839T. Washington, 
D.C.: June 5, 2003.

HIGH-RISK SERIES:

Implementing and Transforming the Department of Homeland Security:

GAO Highlights:

For additional information about this high-risk area, contact Norm 
Rabkin at (202) 512-8777 or rabkinn@gao.gov.

Why Area Is High Risk:

GAO designated implementing and transforming the Department of Homeland 
Security (DHS) as high risk in 2003 because DHS had to transform 22 
agencies--several with major management challenges--into one 
department, and failure to effectively address its management 
challenges and program risks could have serious consequences for our 
national security. The areas GAO identified as at risk include planning 
and priority setting; accountability and oversight; and a broad array 
of management, programmatic, and partnering challenges.

What GAO Found:

Since its inception in March 2003, DHS leadership has provided a 
foundation for maintaining critical operations while undergoing 
transformation. DHS has worked to protect the homeland and secure 
transportation and borders, funded emergency preparedness improvements 
and emerging technologies, assisted law enforcement activities against 
suspected terrorists, and issued its first strategic plan. However, in 
managing its transformation, DHS must overcome a number of significant 
challenges that as yet have not been adequately addressed. For example, 
annual goals and time frames are vague or missing, and the capacity to 
achieve them is uncertain. Performance measures and plans to monitor, 
assess, and independently evaluate the effectiveness of corrective 
measures are not fully developed. In addition, DHS has not completed 
legislatively mandated comprehensive threat and risk assessments to set 
priorities and to focus its limited resources to mitigate the greatest 
risk. Moreover, given these challenges, DHS needs sustained leadership 
and a commitment to a strategy that incorporates accountability and 
oversight to succeed in its multiyear transformation.

DHS also must follow through on its initial actions to address its 
management, programmatic, and partnering challenges. DHS's high-risk 
management challenges and actions include:

* strengthening internal controls and reducing the number of material 
weaknesses in its financial systems;

* fully establishing and institutionalizing a departmentwide strategic 
framework for managing information; and:

* addressing systemic problems in human capital and acquisition 
systems.

Concurrently, DHS is initiating corrective actions on a broad array of 
programmatic challenges that require sustained effort. These challenges 
include improving transportation, cargo, and border security; 
systematically tracking visitors; consolidating border security 
functions; updating outmoded capabilities in the Coast Guard fleet; and 
balancing homeland security with other missions, such as law 
enforcement and disaster planning. Also, DHS's progress in forming 
effective partnerships with other governmental and private-sector 
entities remains challenged in several critical areas, such as 
improving critical infrastructure protection and emergency 
preparedness, communication among first responders, dissemination of 
timely and specific threat information, and planning for continuity of 
operations in case of an adverse event.

Overall, DHS has made some progress, but significant challenges remain 
to concurrently transform DHS into a more effective organization with 
robust planning, management, and operations while maintaining and 
improving readiness for its highly critical mission to secure the 
homeland. Therefore, DHS's transformation remains high risk.

What Remains to Be Done:

Successful transformations of large organizations, even those faced 
with less strenuous reorganizations and pressure for immediate results 
than DHS, can take from 5 to 7 years to take hold on a sustainable 
basis. For DHS to successfully address its daunting management 
challenges and transform itself into a more effective organization, it 
needs to (1) develop a departmentwide implementation and transformation 
strategy that includes comprehensive threat and risk assessment and 
strategic management principles to set goals and priorities, focus its 
limited resources, and establish key milestones and accountability 
provisions; (2) develop adequate performance measures and evaluation 
plans; (3) provide sound and innovative human capital management; and 
(4) follow through on its corrective actions to address management, 
programmatic, and partnering challenges.

Related Products:

Implementing and Transforming the Department of Homeland Security:

GAO Products:

Homeland Security: Further Actions Needed to Coordinate Federal 
Agencies' Facility Protection Efforts and Promote Key Practices. GAO-
05-49. Washington, D.C.: November 30, 2004.

Homeland Security: Effective Regional Coordination Can Enhance 
Emergency Preparedness. GAO-04-1009. Washington, D.C.: September 15, 
2004.

Department of Homeland Security: Formidable Information and Technology 
Management Challenge Requires Institutional Approach. GAO-04-702. 
Washington, D.C.: August 27, 2004.

Homeland Security: Transformation Strategy Needed to Address Challenges 
Facing the Federal Protective Service. GAO-04-537. Washington D.C.: 
July 14, 2004.

The Chief Operating Officer Concept and its Potential Use as a Strategy 
to Improve Management at the Department of Homeland Security. GAO-04-
876R. Washington, D.C.: June 28, 2004.

Human Capital: DHS Faces Challenges in Implementing Its New Personnel 
System. GAO-04-790. Washington, D.C.: June 18, 2004.

Transportation Security Administration: High-Level Attention Needed to 
Strengthen Acquisition Function. GAO-04-544. Washington, D.C.: May 28, 
2004.

Homeland Security: Summary of Challenges Faced in Targeting Oceangoing 
Cargo Containers for Inspection. GAO-04-557T. Washington, D.C.: March 
31, 2004.

Homeland Security: Risks Facing Key Border and Transportation Security 
Program Need to Be Addressed. GAO-04-569T. Washington, D.C.: March 18, 
2004.

Contract Management: Coast Guard's Deepwater Program Needs Increased 
Attention to Management and Contractor Oversight. GAO-04-380. 
Washington, D.C.: March 9, 2004.

Aviation Security: Challenges Exist in Stabilizing and Enhancing 
Passenger and Baggage Screening Operations. GAO-04-440T. Washington, 
D.C.: February 12, 2004.

DHS Products:

Major Management Challenges Facing the Department of Homeland Security. 
OIG-05-06. DHS Office of the Inspector General. Washington, D.C.: 
December 2004.

For more information on Department of Homeland Security major 
management challenges, see http://www.gao.gov/pas/2005/dhs.htm:

HIGH-RISK SERIES:

Department of Defense Business Systems Modernization:

GAO Highlights:

For additional information about this high-risk area, contact Randolph 
C. Hite at (202) 512-3439 or hiter@gao.gov.

Why Area Is High Risk:

Within the context of the Department of Defense's (DOD) business 
transformation efforts, the department is spending billions of dollars 
to modernize its business systems. While some aspects of its systems 
modernization management have been improved, many of the underlying 
conditions that contributed to past failures to improve these systems 
remain fundamentally unchanged. As a result, DOD as a whole remains far 
from where it needs to be to effectively and efficiently manage an 
undertaking with the size, complexity, and significance of its 
departmentwide business systems modernization. GAO first designated 
this program as high risk in 1995; it remains so today.

What GAO Found:

DOD, one of the largest and most complex organizations in the world, 
reported that it relies on over 4,000 systems to conduct its business 
operations. These systems currently function in a stovepiped, 
duplicative, and nonintegrated environment that contributes to the 
department's operational problems. For years, DOD has attempted to 
modernize these systems, and GAO has provided numerous recommendations 
to help guide modernization efforts. For example, in 2001 GAO provided 
DOD with a set of recommendations to help it develop and use an 
enterprise architecture (modernization blueprint) and establish 
effective investment management controls to guide and constrain how it 
was spending billions of dollars annually on information technology 
systems. GAO also made numerous project-specific and DOD-wide 
recommendations aimed at getting DOD to follow proven best practices 
when it acquired systems solutions. While DOD agreed with most of these 
recommendations, to date the department has made uneven progress in 
addressing them.

After 3 years and over $200 million in obligations, DOD still has not 
developed a business enterprise architecture containing sufficient 
scope and detail to guide and constrain its departmentwide systems 
modernization and business transformation. One reason for this limited 
progress is its failure to adopt key architecture management best 
practices that GAO recommended, such as developing plans for creating 
the architecture; assigning accountability and responsibility for 
directing, overseeing, and approving the architecture; and defining 
performance metrics for evaluating it. Furthermore, the department 
still lacks an effective investment management process for selecting 
and controlling ongoing and planned business systems investments. While 
it has issued a policy that assigns investment management 
responsibilities for business systems, it has not yet defined the 
detailed procedures necessary for implementing the policy, clearly 
defined the roles and responsibilities of the business domain owners, 
established common investment criteria, or ensured that its business 
systems are consistent with the architecture. Instead, each DOD 
component continues to make its own parochial investment decisions.

Finally, DOD incorporated some, but not all, key acquisition best 
practices and needed controls in its revised systems acquisition 
policies and guidance. Without these controls, DOD cannot adequately 
ensure that its components will appropriately follow and implement the 
practices contained within the guidance. For example, GAO recently 
reported that two DOD initiatives experienced operational problems, 
schedule delays, and cost increases of hundreds of millions of dollars, 
in part because the department failed to implement disciplined 
requirements management and testing processes.

Until it implements GAO's systems modernization recommendations and 
related transformation proposals, DOD will remain at risk of spending 
billions of dollars on systems that do not provide needed capabilities 
on time and within budget, in turn hampering its business 
transformation efforts.

What Remains to Be Done:

To DOD's credit, its senior leaders are committed to improving its 
systems modernization management efforts. Nevertheless, the department 
continues to face key challenges. To be successful, DOD needs to follow 
through on its stated commitment to implement GAO's open 
recommendations aimed at employing proven systems modernization 
management frameworks that are grounded in legislation, federal 
guidance, and best practices. These generally fall into three key 
areas: (1) develop and use an enterprise architecture, (2) institute 
effective investment management practices, and (3) establish and 
implement effective systems acquisition processes. GAO has also 
proposed establishing a senior DOD position for all transformation 
efforts, including systems modernization, and that systems funding 
control be given to the business domain owners reporting to this 
official.

Related Products:

Department of Defense Business Systems Modernization:

Department of Defense: Further Actions Are Needed to Effectively 
Address Business Management Problems and Overcome Key Business 
Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 
2004.

Information Technology: DOD's Acquisition Policies and Guidance Need to 
Incorporate Additional Best Practices and Controls. GAO-04-722. 
Washington, D.C.: July 30, 2004.

Department of Defense: Financial and Business Management Transformation 
Hindered by Long-standing Problems. GAO-04-941T. Washington, D.C.: July 
8, 2004.

DOD Business Systems Modernization: Billions Continue to Be Invested 
with Inadequate Management Oversight and Accountability. GAO-04-615. 
Washington, D.C.: May 28, 2004.

DOD Business Systems Modernization: Limited Progress in Development of 
Business Enterprise Architecture and Oversight of Information 
Technology Investments. GAO-04-731R. Washington, D.C.: May 17, 2004.

Department of Defense: Further Actions Needed to Establish and 
Implement a Framework for Successful Business Transformation. GAO-04-
626T. Washington, D.C.: March 31, 2004.

Department of Defense: Further Actions Needed to Establish and 
Implement a Framework for Successful Financial and Business Management 
Transformation. GAO-04-551T. Washington, D.C.: March 23, 2004.

DOD Business Systems Modernization: Important Progress Made to Develop 
Business Enterprise Architecture, but Much Work Remains. GAO-03-1018. 
Washington, D.C.: September 19, 2003.

Business Systems Modernization: Summary of GAO's Assessment of the 
Department of Defense's Initial Business Enterprise Architecture. GAO-
03-877R. Washington, D.C.: July 7, 2003.

DOD Business Systems Modernization: Long-standing Management and 
Oversight Weaknesses Continue to Put Investments at Risk. GAO-03-553T. 
Washington, D.C.: March 31, 2003.

Information Technology: Observations on Department of Defense's Draft 
Enterprise Architecture. GAO-03-571R. Washington, D.C.: March 28, 2003.

DOD Business Systems Modernization: Continued Investment in Key 
Accounting Systems Needs to Be Justified. GAO-03-465. Washington, D.C.: 
March 28, 2003.

DOD Business Systems Modernization: Improvements to Enterprise 
Architecture Development and Implementation Efforts Needed. GAO-03-
458. Washington, D.C.: February 28, 2003.

For more information on Department of Defense major management 
challenges, see http://www.gao.gov/pas/2005/dod.htm.

High-Risk Series:

Department of Defense Approach to Business Transformation:

GAO Highlights:

For additional information about this high-risk area, contact Sharon 
Pickup at (202) 512-9619 or pickups@gao.gov.

Why Area Is High Risk:

DOD has initiated various efforts to transform business operations. 
However, current business processes continue to result in reduced 
effectiveness and efficiencies at a time when DOD is challenged to 
maintain a high level of operations while competing for resources in a 
fiscally constrained environment. DOD has not yet developed a clear 
strategic and integrated plan for business reform or a well-defined 
blueprint--an enterprise architecture--to guide and constrain 
implementation of such a plan. For these reasons, GAO is designating--
for the first time--the lack of a strategic and integrated planning 
approach to DOD's business transformation as high risk. From a 
departmentwide perspective, GAO has also reported on limitations in 
DOD's strategic planning and budgeting, including the mismatch between 
programs and budgets. GAO is aware of DOD's plans to implement a risk-
based approach to making investment decisions and resolve the mismatch 
issue, and is monitoring this effort.

What GAO Found:

DOD spends billions of dollars to sustain key business operations 
intended to support the warfighter, including systems and processes 
related to the management of contracts, finances, the supply chain, 
support infrastructure, and weapons systems acquisition. GAO has 
reported on inefficiencies in DOD's business operations, such as the 
lack of sustained leadership, the lack of a strategic and integrated 
business transformation plan, and inadequate incentives. Moreover, the 
lack of adequate transparency and accountability across DOD's major 
business areas results in billions of dollars of wasted resources 
annually at a time of increasing military operations and growing fiscal 
constraints. The Secretary of Defense estimates that improving business 
operations could save 5 percent of DOD's annual budget. Based on DOD's 
reported fiscal year 2004 budget, this would represent a savings of 
about $22 billion a year.

DOD has embarked on a series of efforts to reform its business 
operations, including modernizing underlying information technology 
(business) systems. However, serious inefficiencies remain. The areas 
of business systems modernization; contract, financial, supply chain, 
and support infrastructure management; and weapons systems acquisition 
remain high risk. Because (1) DOD's business improvement initiatives 
and control over resources is fragmented, (2) DOD lacks a clear 
strategic and integrated business transformation plan and investment 
strategy, and (3) DOD has not designated a senior management official 
to be responsible and accountable for overall business reform and 
related resources, GAO now considers DOD's approach to business 
transformation to be a high-risk area.

Business transformation requires long-term cultural change and business 
process reengineering and a commitment from the executive and 
legislative branches of government. Sound strategic planning is the 
foundation on which to build but DOD needs clear, capable, sustained, 
and professional leadership to maintain the continuity necessary for 
success. Such leadership would provide the attention essential for 
addressing key stewardship responsibilities--such as strategic 
planning, performance management, business information management, and 
financial management--in an integrated manner, while helping to 
facilitate transformation within DOD.

Since 1999, GAO has recommended a comprehensive, integrated strategy 
and action plan for reforming DOD's major business operations and 
support activities. In 2004, GAO suggested that DOD clearly establish 
management accountability for business reform. While DOD is developing 
an enterprise architecture for modernizing its business processes and 
supporting information technology assets, it has not assigned 
management responsibility or developed a comprehensive and integrated 
strategy or action plan for managing its many business improvement 
initiatives. Unless they are addressed in a unified and timely fashion, 
DOD will continue to see billions of dollars, which could be directed 
to other higher priorities, consumed to support inefficiencies in its 
business functions.

What Remains to Be Done:

DOD needs to establish sustained leadership that is responsible and 
accountable for overall business transformation efforts. DOD also needs 
to develop and implement a strategic, integrated business 
transformation plan that includes specific goals, measures, and 
accountability mechanisms to monitor progress.

One option to help achieve these goals is to legislatively create a 
full-time chief management officer position with long-term "good 
government" responsibilities that are professional and nonpartisan in 
nature.

Related Products:

Department of Defense Approach to Business Transformation:

Comptroller General of the United States. Transformation Challenges. 
Presented to the Defense Intelligence Agency Board of Directors. 
Arlington, Va.: December 9, 2004.

Department of Defense: Further Actions Are Needed to Effectively 
Address Business Management Problems and Overcome Key Business 
Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 
2004.

Department of Defense: Long-standing Problems Continue to Impede 
Financial and Business Management Transformation. GAO-04-907T. 
Washington, D.C.: July 7, 2004.

DOD Systems Modernization: Billions Continue to Be Invested with 
Inadequate Management Oversight and Accountability. GAO-04-615. 
Washington, D.C.: May 27, 2004.

DOD Business Systems Modernization: Limited Progress in Development of 
Business Enterprise Architecture and Oversight of Information 
Technology Investments. GAO-04-731R. Washington, D.C.: May 17, 2004.

Department of Defense: Further Actions Needed to Establish and 
Implement a Framework for Successful Financial and Business Management 
Transformation. GAO-04-551T. Washington, D.C.: March 23, 2004.

Comptroller General of the United States. Truth and Transparency: The 
Federal Government's Financial Condition and Fiscal OutLook. Presented 
before the National Press Club. Washington, D.C.: September 17, 2003.

Major Management Challenges and Program Risks: Department of Defense. 
GAO-03-98. Washington, D.C.: January 1, 2003.

Defense Management: New Management Reform Program Still Evolving. GAO-
03-58. Washington, D.C.: December 12, 2002.

Defense Management: Actions Needed to Sustain Reform Initiatives and 
Achieve Greater Results. GAO/NSIAD-00-72. Washington, D.C.: July 25, 
2000.

Defense Reform Initiative: Organization, Status, and Challenges. GAO/
NSIAD-99-87. Washington, D.C.: April 21, 1999.

For more information on Department of Defense major management 
challenges, see http://www.gao.gov/pas/2005/dod.htm.

High-Risk Series:

Establishing Appropriate and Effective Information-Sharing Mechanisms 
to Improve Homeland Security:

GAO Highlights:

For additional information about this high-risk area, contact Joel 
Willemssen at (202) 512-6253 or willemssenj@gao.gov or Norm Rabkin at 
(202) 512-9110 or rabkinn@gao.gov.

Why Area Is High Risk:

Since September 11, 2001, multiple federal agencies have been assigned 
key roles in sharing information for homeland security purposes. This 
area has received increased attention but the federal government still 
faces formidable challenges in gathering, identifying, analyzing, and 
disseminating key information within and among federal, state, local 
and private entities in an appropriate and timely manner.

Recent federal law and policy changes established requirements for 
information-sharing efforts, including the development of processes and 
procedures for sharing intelligence, law enforcement, immigration, 
critical infrastructure, first responder, and other homeland security 
related information. However, the required policies and procedures are 
still being developed and need to be consistently and effectively 
implemented.

What GAO Found:

The 9/11 Commission Report recognized the need to improve information 
and intelligence collection, sharing, and analysis for homeland 
security efforts within federal and nonfederal entities. Over the past 
several years, GAO has identified potential information-sharing 
barriers, critical success factors, and other key management issues to 
facilitate information sharing among and between government entities 
and the private sector. Effective information sharing is currently 
hindered by the absence of key practices, including (1) developing 
strategic plans; (2) establishing processes, procedures, and 
mechanisms; and (3) appropriately implementing incentives. 
Accordingly, GAO is designating this area as high risk.

Since 1998, GAO has recommended the development of comprehensive plans 
for information sharing to support critical infrastructure protection 
efforts. Key elements of GAO's recommendation can be applied to broader 
homeland security and intelligence-sharing efforts, including clearly 
delineating the roles and responsibilities of federal and nonfederal 
entities, defining interim objectives and milestones, setting time 
frames, and establishing performance metrics. Administration efforts 
are currently under way to develop such plans.

Information sharing barriers among federal agencies include the 
existence of overlapping sets of data, inconsistent agency policies for 
the sharing of data, and technical incompatibilities that impede 
consolidation of data. For example, in 2003 GAO found that these 
challenges hindered consolidation of watch list data. In addition, 
recent reports from the inspectors general at the departments of 
Homeland Security and Justice highlight the challenges of integrating 
and sharing information between fingerprint databases.

GAO also determined that the federal agencies had not established 
processes and procedures for disseminating homeland security 
information to the private sector. For example, according to industry 
officials, law enforcement agencies did not provide the chemical 
manufacturing industry with specific and accurate threat information in 
a well-coordinated manner. Without this information, chemical companies 
cannot effectively design facility security systems and protocols, and 
the federal government cannot accurately assess the facilities' 
vulnerability to terrorist attacks. Until information-sharing 
mechanisms are instituted, federal agencies and private entities will 
be constrained in their ability to effectively analyze incident, 
threat, and vulnerability information to prevent terrorist attacks.

Finally, the federal government needs to more effectively consider the 
use of public policy tools, such as grants, regulations, and tax 
incentives, to encourage private-sector participation in sharing 
homeland security information. Although the private sector has 
emphasized the need for government funding to assist with its 
information-sharing efforts, the government has not comprehensively 
assessed potential public policy tools to encourage the private sector 
to share information.

What Remains to Be Done:

While federal agencies concurred with prior GAO recommendations, action 
has been limited. To address potential barriers to information sharing, 
strategies should be developed to address information-sharing 
challenges, including:

* establishing clear goals, objectives, and expectations for 
participants in information-sharing efforts;

* consolidating, standardizing, and enhancing federal structures, 
policies, and capabilities for the analysis and dissemination of 
information, where appropriate; and:

* assessing the need for public policy tools to encourage private-
sector participation.

Related Products:

Establishing Appropriate and Effective Information-Sharing Mechanisms 
to Improve Homeland Security:

Homeland Security: Further Actions Needed to Coordinate Federal 
Agencies' Facility Protection Efforts and Promote Key Practices. GAO-
05-49. Washington, D.C.: November 30, 2004.

Information Technology: Major Federal Networks That Support Homeland 
Security Functions. GAO-04-375. Washington, D.C.: September 17, 2004.

9/11 Commission Report: Reorganization, Transformation, and 
Information Sharing. GAO-04-1033T. Washington, D.C.: August 3, 2004.

Critical Infrastructure Protection: Improving Information Sharing with 
Infrastructure Sectors. GAO-04-780. Washington, D.C.: July 9, 2004.

Critical Infrastructure Protection: Establishing Effective Information 
Sharing with Infrastructure Sectors. GAO-04-699T. Washington, D.C.: 
April 21, 2004.

Homeland Security: Information-Sharing Responsibilities, Challenges, 
and Key Management Issues. GAO-03-1165T. Washington, D.C.: September 
17, 2003.

Homeland Security: Efforts to Improve Information Sharing Need to Be 
Strengthened. GAO-03-760. Washington, D.C.: August 27, 2003.

Homeland Security: Information-Sharing Responsibilities, Challenges, 
and Key Management Issues. GAO-03-715T. Washington, D.C.: May 8, 2003.

Information Technology: Terrorist Watch Lists Should Be Consolidated to 
Promote Better Integration and Sharing. GAO-03-322. Washington, D.C.: 
April 15, 2003.

Homeland Security: Voluntary Initiatives Are Under Way at Chemical 
Facilities, but the Extent of Security Preparedness Is Unknown. GAO-03-
439. Washington, D.C.: March 14, 2003.

Critical Infrastructure Protection: Challenges for Selected Agencies 
and Industry Sectors. GAO-03-233. Washington, D.C.: February 28, 2003.

Critical Infrastructure Protection: Efforts of the Financial Services 
Sector to Address Cyber Threats. GAO-03-173. Washington, D.C.: January 
30, 2003.

Information Sharing: Practices That Can Benefit Critical Infrastructure 
Protection. GAO-02-24. Washington, D.C.: October 15, 2001.

High-Risk Series:

Department of Defense Personnel Security Clearance Program:

GAO Highlights:

For additional information about this high-risk area, contact Derek B. 
Stewart at (202) 512-5559 or stewartd@gao.gov.

Why Area Is High Risk:

The Department of Defense (DOD) is responsible for issuing security 
clearances for some 2 million people. These include DOD military and 
civilian personnel as well as nearly 700,000 industry personnel who 
work on contracts for DOD and 22 other federal agencies. Security 
clearances give workers access to information that, in some cases, 
could cause exceptionally grave damage if it were disclosed without 
authorization.

Since fiscal year 2000, DOD has listed its personnel security 
investigations program as a systemic weakness--a weakness that affects 
more than one DOD component and may jeopardize the department's 
operations. In October 2002, the House Committee on Government Reform 
recommended that DOD's adjudicative process--decisions on clearance 
eligibility--also be designated as a material weakness. This year GAO 
is designating DOD's security clearance program as a high-risk area 
because its delays in issuing clearances can affect national security.

What GAO Found:

As in the past, DOD continues to face sizeable security clearance 
backlogs. As of September 2003 (the most recent data available), DOD 
had roughly 270,000 investigative and 90,000 adjudicative cases that 
had not been completed within the established time frames. The size of 
its backlog of overdue, but not-yet-submitted reinvestigations was 
unknown; in 2000, this part of the backlog amounted to 500,000 cases. 
Such backlogs can increase the amount of time it takes to determine 
clearance eligibility. In fiscal year 2003, for example, industry 
personnel needed an average of 375 days to get a clearance. Such delays 
increase national security risks, delay the start of classified work, 
hamper employers from hiring the best qualified workers, and increase 
the government's cost of national security-related contracts.

DOD's Personnel Security Clearance Process:

[See PDF for image]

[End of figure]

Several impediments have hindered DOD's ability to accurately estimate 
and eliminate its clearance backlogs: (1) the large and inaccurately 
forecasted number and type of new requests submitted since the 
terrorist attacks of September 11, 2001; (2) insufficient investigator 
and adjudicator workforces; (3) problems gaining access to state, 
local, and overseas investigative information; (4) inadequate DOD 
program oversight and monitoring; (5) delays in fully implementing a 
new adjudication tracking system that DOD's Chief Information Officer 
identified as mission critical; and (6) the lack of a comprehensive, 
integrated management plan to address various obstacles. While GAO's 
work focused on DOD, clearance delays in other agencies suggest that 
similar impediments and their effects may extend beyond DOD.

DOD has taken positive steps toward addressing some of the impediments. 
For example, DOD agencies have hired additional adjudicative staff, and 
DOD is issuing interim clearances to help reduce backlogs and delays. 
DOD also is consolidating two adjudication facilities and is looking at 
initiatives, such as phased periodic reinvestigations for top secret 
clearances, to make staff available for more productive uses. While 
promising, the initiative would require a change to governmentwide 
investigative standards and regulations before it could be implemented. 
The National Defense Authorization Act for Fiscal Year 2004 authorized 
the transfer of DOD's personnel security investigative function and 
over 1,800 investigative employees to the Office of Personnel 
Management (OPM). The transfer is scheduled to take place in February 
2005. The transfer would eliminate DOD's responsibility for conducting 
the investigations, but the change in responsibility alone will not 
reduce the shortages of investigative personnel.

What Remains to Be Done:

To improve its security clearance program, DOD needs to (1) develop and 
use new methods for forecasting clearance needs and monitoring 
backlogs; (2) match adjudicative staffing to workloads; (3) work with 
OPM to implement a comprehensive, integrated management plan for 
eliminating the backlogs and delays; and (4) determine the feasibility 
of implementing promising initiatives. DOD fully concurred or partially 
concurred with all of GAO's recommendations.

Related Products:

Department of Defense Personnel Security Clearance Program:

Intelligence Reform: Human Capital Considerations Critical to 9/11 
Commission's Proposed Reforms. GAO-04-1084T. Washington, D.C.: 
September 14, 2004.

DOD Personnel Clearances: Additional Steps Can Be Taken to Reduce 
Backlogs and Delays in Determining Security Clearance Eligibility for 
Industry Personnel. GAO-04-632. Washington, D.C.: May 26, 2004.

DOD Personnel Clearances: Preliminary Observations Related to Backlogs 
and Delays in Determining Security Clearance Eligibility for Industry 
Personnel. GAO-04-202T. Washington, D.C.: May 6, 2004.

Security Clearances: FBI Has Enhanced Its Process for State and Local 
Law Enforcement Officials. GAO-04-596. Washington, D.C.: April 30, 
2004.

Industrial Security: DOD Cannot Provide Adequate Assurances That Its 
Oversight Ensures the Protection of Classified Information. GAO-04-332. 
Washington, D.C.: March 3, 2004.

DOD Personnel Clearances: DOD Needs to Overcome Impediments to 
Eliminating Backlog and Determining Its Size. GAO-04-344. Washington, 
D.C.: February 9, 2004.

Aviation Security: Federal Air Marshal Service Is Addressing Challenges 
of Its Expanded Mission and Workforce but Additional Actions Needed. 
GAO-04-242. Washington, D.C.: November 19, 2003.

For more information on Department of Defense major management 
challenges, see http://www.gao.gov/pas/2005/dod.htm.

High-Risk Series:

Department of Defense Support Infrastructure Management:

GAO Highlights:

For additional information about this high-risk area, contact Barry W. 
Holman at (202) 512-8412 or holmanb@gao.gov.

Why Area Is High Risk:

In 1997 GAO identified the Department of Defense's (DOD) management of 
its support infrastructure as a high-risk area because DOD's 
infrastructure costs continued to consume a larger-than-necessary 
portion of its budget. As a result, DOD has not been able to devote 
funds to more critical needs. Inefficient management practices and 
outdated business processes and infrastructure have contributed to the 
problem. DOD support infrastructure management remains a high-risk 
area.

What GAO Found:

Although it reduced the size of its military force following the end of 
the Cold War, DOD did not make similar reductions in its defense 
support infrastructure, which includes categories such as force 
installations, central logistics, the defense health program, and 
central training. For several years, DOD has been concerned about its 
excess infrastructure, which affects its ability to devote more funding 
to weapon system modernization and other critical needs. DOD reported 
that many of its business processes and much of its infrastructure are 
outdated and must be modernized. Left alone, the current organizational 
arrangements, processes, and systems will continue to drain scarce 
resources. GAO's work in this area has shown that DOD continues to 
spend a large portion of its budget on infrastructure--nearly 44 and 42 
percent, respectively, in fiscal years 2002 and 2003.

DOD has made progress and expects to continue making improvements in 
its support infrastructure management, but much work remains to be 
done. DOD officials recognize that they must achieve greater 
efficiencies in managing their support operations more effectively. DOD 
has given high-level emphasis to reforming its support infrastructure, 
including efforts in recent years to transform its associated business 
processes. It has achieved some operating efficiencies and reductions 
from such efforts as base realignments and closures, consolidations, 
organizational and business process reengineering, privatization, and 
competitive sourcing. It has also achieved efficiencies by eliminating 
unneeded facilities through such means as demolishing unneeded 
buildings and privatizing housing and utilities at military facilities. 
In addition, DOD and the services are currently gathering and analyzing 
data to support a new round of base realignments and closures in 2005 
and facilitating other changes as a result of DOD's overseas basing 
study. However, much work remains for DOD to rationalize and transform 
its support infrastructure to improve operations, achieve efficiencies, 
and allow it to concentrate its resources on the most critical needs. 
DOD's plans for the 2005 Base Realignment and Closure round, with its 
emphasis on eliminating excess capacity as well as enhancing joint 
capabilities and searching for alternative crosscutting solutions for 
common business-oriented support functions, represents an important 
step toward addressing support infrastructure issues.

[See PDF for image]

Source: GAO photographs (2003).

From left to right: World War II-era wood building at Fort Bragg, North 
Carolina; choked and clogged water pipes at Pope Air Force Base, North 
Carolina; and outdoor portable facilities used to supplement inadequate 
indoor facilities at Quantico Marine Corps Base, Virginia.

[End of figure]

What Remains to Be Done:

Organizations throughout DOD need to continue reengineering their 
business processes and striving for greater operational effectiveness 
and efficiency. DOD needs to develop a plan to better integrate, guide, 
and sustain the implementation of its diverse business transformation 
initiatives in an integrated fashion. DOD also needs to develop a 
comprehensive long-range plan for its facilities infrastructure that 
addresses facility requirements, recapitalization, and maintenance and 
repair needs. DOD generally concurs with our prior recommendations in 
this area and indicates it is taking actions to address them. A key to 
any successful approach to resolving DOD's support infrastructure 
management issues will be addressing this area as part of a 
comprehensive, integrated business transformation.

Related Products:

Department of Defense Support Infrastructure Management:

Department of Defense: Further Actions Are Needed to Effectively 
Address Business Management Problems and Overcome Key Business 
Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 
2004.

Defense Infrastructure: Factors Affecting U.S. Infrastructure Costs 
Overseas and the Development of Comprehensive Master Plans. GAO-04-609. 
Washington, D.C.: July 15, 2004.

Military Housing: Opportunities Exist to Better Explain Family Housing 
O&M Budget Requests and Increase Visibility Over Reprogramming of 
Funds. GAO-04-583. Washington, D.C.: May 27, 2004.

Military Housing: Further Improvements Needed in Requirements 
Determinations and Program Review. GAO-04-556. Washington, D.C.: May 
19, 2004.

Military Base Closures: Assessment of DOD's 2004 Report on the Need for 
a Base Realignment and Closure Round. GAO-04-760. Washington, D.C.: May 
17, 2004.

Defense Infrastructure: Issues Related to the Renovation of General and 
Flag Officer Quarters. GAO-04-555. Washington, D.C.: May 17, 2004.

Defense Management: Continuing Questionable Reliance on Commercial 
Contracts to Demilitarize Excess Ammunition When Unused, 
Environmentally Friendly Capacity Exists at Government Facilities. GAO-
04-427R. Washington, D.C.: April 2, 2004.

Military Base Closures: Observations on Preparations for the Upcoming 
Base Realignment and Closure Round. GAO-04-558T. Washington, D.C.: 
March 25, 2004.

Defense Infrastructure: Long-term Challenges in Managing the Military 
Construction Program. GAO-04-288. Washington, D.C.: February 24, 2004.

Defense Management: Issues in Contracting for Lodging and Temporary 
Office Space at MacDill Air Force Base. GAO-04-296. Washington, D.C.: 
January 27, 2004.

Defense Infrastructure: Basing Uncertainties Necessitate Reevaluation 
of U.S. Construction Plans in South Korea. GAO-03-643. Washington, 
D.C.: July 15, 2003.

Defense Infrastructure: Changes in Funding Priorities and Management 
Processes Needed to Improve Condition and Reduce Costs of Guard and 
Reserve Facilities. GAO-03-516. Washington, D.C.: May 15, 2003.

For more information on Department of Defense major management 
challenges, see http://www.gao.gov/pas/2005/dod.htm.

High-Risk Series:

Department of Defense Financial Management:

GAO Highlights:

For additional information about this high-risk area, contact Gregory 
D. Kutz at (202) 512-9095 or kutzg@gao.gov.

Why Area Is High Risk:

Taken together, DOD's financial management deficiencies represent the 
single largest obstacle to achieving an unqualified opinion on the U.S. 
government's consolidated financial statements. DOD continues to face 
financial management problems that are pervasive, complex, long-
standing, and deeply rooted in virtually all its business operations. 
DOD's financial management deficiencies adversely affect the 
department's ability to control costs, ensure basic accountability, 
anticipate future costs and claims on the budget, measure performance, 
maintain funds control, prevent fraud, and address pressing management 
issues. GAO first designated this area as high risk in 1995; it remains 
so today.

What GAO Found:

DOD's senior civilian and military leaders, committed to reforming the 
department's financial management operations, have taken positive steps 
to begin this effort. However, to date, tangible evidence of 
improvement has been seen in a few specific areas, such as internal 
controls related to DOD's purchase card program. While DOD has 
established a goal of obtaining a clean opinion on its financial 
statements by 2007, it lacks a clear and realistic plan to make that 
goal a reality. DOD's continuing, substantial financial management 
weaknesses adversely affect its ability to produce auditable financial 
information as well as provide accurate and timely information for 
management and the Congress to use in making informed decisions.

Examples of the Impact of Financial Management Problems at DOD:

Business area affected: Military pay; 
Problem identified and its impact: Ninety-four percent of mobilized 
Army National Guard and Reserve soldiers GAO investigated during 
recent audits had pay problems. These problems distracted soldiers 
from their missions, imposed financial hardships on their families, 
and had a negative impact on retention.

Business area affected: Travel; 
Problem identified and its impact: Seventy-two percent of the over 
68,000 premium-class airline tickets DOD purchased for fiscal years 
2001 and 2002 were not properly authorized, and 73 percent were not 
properly justified. Further, control breakdowns resulted in DOD paying 
millions of dollars for (1) airline tickets that were not used and not 
processed for refund and (2) improper and potentially fraudulent 
claims made by travelers for airline tickets they did not purchase.

Business area affected: Property; 
Problem identified and its impact: DOD purchased new JSLIST chem-bio 
suits for $200 apiece while they were selling on the Internet for $3. 
In addition, thousands of defective suits that DOD declared as excess 
were improperly issued to local law enforcement agencies, which are 
likely to be the first responders in a terrorist attack.

Business area affected: Contract payments; 
Problem identified and its impact: Some DOD contractors have abused 
the federal tax system, including potential criminal activity, with 
little or no consequence. As of September 2003, DOD had collected only 
$687,000 of unpaid federal taxes through a mandated levy program. GAO 
estimated that at least $100 million could be collected annually by 
effectively implementing the levy on DOD contract payments.

Business area affected: Automated systems; 
Problem identified and its impact: DOD invested $179 million on two 
failed automated system efforts that were intended to resolve its 
long-standing disbursement problems.

Source: GAO.

[End of table]

DOD is still in the very early stages of a departmentwide reform that 
will take years to accomplish. DOD has not yet established a framework 
to integrate improvement efforts in this area with related broad-based 
DOD initiatives, such as human capital reform. Overhauling the 
financial management and related business operations of one of the 
largest and most complex organizations in the world represents a 
daunting challenge. Such an overhaul of DOD's financial management 
operations goes far beyond financial accounting to the very fiber of 
the department's wide-ranging business operations and its management 
culture. As discussed previously, GAO now considers DOD's current 
management approach to transforming its entire business operations as a 
separate overarching high-risk area.

What Remains to Be Done:

GAO has made numerous recommendations intended to improve DOD's 
financial management. Essential elements of DOD's financial management 
reform include (1) sustained leadership and resource control, (2) clear 
lines of responsibility and accountability, (3) plans and related 
results-oriented performance measures, and (4) appropriate individual 
and organizational incentives and consequences. However, successful, 
lasting reform in this area will only be possible if implemented as 
part of a comprehensive, integrated approach to transforming all of 
DOD's business operations.

Related Products:

Department of Defense Financial Management:

Comptroller General of the United States. Transformation Challenges. 
Presented to the Defense Intelligence Agency Board of Directors. 
Arlington, Va.: December 9, 2004.

Department of Defense: Further Actions Are Needed to Effectively 
Address Business Management Problems and Overcome Key Business 
Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 
2004.

Military Pay: Army Reserve Soldiers Mobilized to Active Duty 
Experienced Significant Pay Problems. GAO-04-911. Washington, D.C.: 
August 20, 2004.

DOD Travel Cards: Control Weaknesses Resulted in Millions of Dollars of 
Improper Payments. GAO-04-576. Washington, D.C.: June 9, 2004.

DOD Business Systems Modernization: Billions Continue to Be Invested 
with Inadequate Management Oversight and Accountability. GAO-04-615. 
Washington, D.C.: May 27, 2004.

DOD Business Systems Modernization: Limited Progress in Development of 
Business Enterprise Architecture and Oversight of Information 
Technology Investments. GAO-04-731R. Washington, D.C.: May 17, 2004.

DOD Travel Cards: Control Weaknesses Led to Millions of Dollars Wasted 
on Unused Airline Tickets. GAO-04-398. Washington, D.C.: March 31, 
2004.

Department of Defense: Further Actions Needed to Establish and 
Implement a Framework for Successful Financial and Business Management 
Transformation. GAO-04-551T. Washington, D.C.: March 23, 2004.

Financial Management: Some DOD Contractors Abuse the Federal Tax System 
with Little Consequence. GAO-04-95. Washington, D.C.: February 12, 
2004.

DOD Excess Property: Risk Assessment Needed on Public Sales of 
Equipment That Could Be Used to Make Biological Agents. GAO-04-15NI. 
Washington, D.C.: November 19, 2003.

Military Pay: Army National Guard Personnel Mobilized to Active Duty 
Experienced Significant Pay Problems. GAO-04-89. Washington, D.C.: 
November 13, 2003.

Travel Cards: Internal Control Weaknesses at DOD Led to Improper Use of 
First and Business Class Travel. GAO-04-88. Washington, D.C.: October 
24, 2003.

Comptroller General of the United States. Truth and Transparency: The 
Federal Government's Financial Condition and Fiscal Outlook. Presented 
before the National Press Club. Washington, D.C.: September 17, 2003.

For more information on Department of Defense major management 
challenges, see http://www.gao.gov/pas/2005/dod.htm:

High-Risk Series:

Department of Defense Supply Chain Management:

GAO Highlights:

For additional information about this high-risk area, contact William 
M. Solis at (202) 512-8365 or solisw@gao.gov.

Why Area Is High Risk:

In 1990, GAO identified the Department of Defense's (DOD) inventory 
management as a high-risk area because inventory levels were too high 
and the supply system was not responsive to the needs of the 
warfighters. With the onset of Operation Iraqi Freedom (OIF), other 
supply chain issues related to inventory management have been reported 
as impediments to supporting the warfighter. Based on our work since 
January 2003, we are expanding this high-risk area to include DOD's 
management of its entire supply chain, which includes distribution, 
inventory management, and asset visibility.

What GAO Found:

DOD's supply chain management has experienced significant weaknesses in 
its ability to provide efficient and effective supply support to the 
warfighters. During OIF, the supply chain encountered many problems, 
including backlogs of hundreds of pallets and containers at 
distribution points, a $1.2 billion discrepancy in the amount of 
material shipped to--and received by--Army activities, cannibalized 
equipment because of a lack of spare parts, and millions of dollars 
spent in late fees to lease or replace storage containers because of 
distribution backlogs and losses. Moreover, military personnel pointed 
to shortages of such items as tires, tank track, helicopter spare 
parts, and radio batteries. These problems were due in part to poor 
asset visibility, insufficient theater distribution capability, and a 
failure to apply lessons learned from prior operations. In a March 2004 
report, DOD found that, during OIF, gaps and seams were evident at 
every transaction point in the end-to-end supply chain--from strategic-
level transportation to tactical-level distribution.

While DOD reports show that the department currently owns about $67 
billion of inventory, shortages of certain critical spare parts are 
adversely affecting equipment readiness and contributing to maintenance 
delays. The Defense Logistics Agency (DLA) and each of the military 
services have experienced significant shortages of critical spare 
parts. In many cases, these shortages contributed directly to equipment 
downtime, maintenance problems, and the services' failure to meet their 
supply availability goals. DOD, DLA, and the military services each 
lack strategic approaches and detailed plans that could help mitigate 
these critical spare parts shortages and guide their many initiatives 
aimed at improving inventory management. Despite the shortages of 
parts, more than half of DOD's reported inventory--about $35 billion--
exceeded current operating requirements.

DOD also lacks visibility and control over the supplies and spare parts 
it owns. Currently DOD does not have the ability to provide timely or 
accurate information on the location, movement, status, or identity of 
its supplies. Although Total Asset Visibility has been a departmentwide 
goal for over 30 years, DOD estimates that it will not achieve this 
visibility until the year 2010. DOD may not meet this goal by 2010, 
however, unless it overcomes three significant impediments: developing 
a comprehensive plan for achieving visibility, building the necessary 
integration among its many inventory management information systems, 
and correcting long-standing data accuracy and reliability problems 
within existing inventory management systems.

DOD, DLA, and the services have undertaken a number of initiatives to 
improve and transform DOD's supply chain. Many of these initiatives 
were developed in response to the logistics problems reported during 
OIF. While these initiatives represent a step in the right direction, 
the lack of a comprehensive, departmentwide logistics reengineering 
strategy to guide their implementation may limit their overall 
effectiveness.

What Remains to Be Done:

In January 2003 and prior reports, GAO recommended that DOD reengineer 
its logistics programs and apply best commercial practices to logistics 
operations as a long-term solution to its inventory management 
weaknesses. DOD and the services are currently attempting to transform 
the supply chain to better support the warfighter, but DOD needs to 
develop a plan that integrates the logistics reengineering initiatives 
of the individual services and the defense agencies. This plan should 
include strategies to address the weaknesses in supply chain 
activities, such as distribution, inventory visibility, critical spare 
parts management, inventory in excess of current operating 
requirements, and the lack of integrated information management 
systems. A key to any successful approach, however, will be addressing 
these areas as part of a comprehensive, integrated business 
transformation.

Related Products:

Department of Defense Supply Chain Management:

Defense Inventory: Improvements Needed in DOD's Implementation of Its 
Long-term Strategy for Total Asset Visibility. GAO-05-15. Washington, 
D.C.: December 6, 2004.

Department of Defense: Further Actions Are Needed to Effectively 
Address Business Management Problems and Overcome Key Business 
Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 
2004.

Defense Inventory: Navy Needs to Improve the Management over 
Government-Furnished Material Shipped to Its Repair Contractors. GAO-
04-779. Washington, D.C.: August 23, 2004.

Defense Inventory: Analysis of Consumption of Inventory Exceeding 
Current Operating Requirements Since September 30, 2001. GAO-04-689. 
Washington, D.C.: August 2, 2004.

Foreign Military Sales: Improved Navy Controls Could Prevent 
Unauthorized Shipments of Classified and Controlled Spare Parts to 
Foreign Countries. GAO-04-507. Washington, D.C.: July 26, 2004.

Department of Defense: Financial and Business Management Transformation 
Hindered by Long-standing Problems. GAO-04-941T. Washington, D.C.: July 
8, 2004.

Department of Defense: Long-standing Problems Continue to Impede 
Financial and Business Management Transformation. GAO-04-907T. 
Washington, D.C.: July 7, 2004.

Defense Logistics: Preliminary Observations on the Effectiveness of 
Logistics Activities during Operation Iraqi Freedom. GAO-04-305R. 
Washington, D.C.: December 18, 2003.

Defense Inventory: Opportunities Exist to Improve Spare Parts Support 
Aboard Deployed Navy Ships. GAO-03-887. Washington, D.C.: August 29, 
2003.

Defense Inventory: Several Actions Are Needed to Further DLA's Efforts 
to Mitigate Shortages of Critical Parts. GAO-03-709. Washington, D.C.: 
August 1, 2003.

Defense Inventory: Navy Logistics Strategy and Initiatives Need to 
Address Spare Parts Shortages. GAO-03-708. Washington, D.C.: June 27, 
2003.

Defense Inventory: The Department Needs a Focused Effort to Overcome 
Critical Spare Parts Shortages. GAO-03-707. Washington, D.C.: June 27, 
2003.

Defense Inventory: Air Force Plans and Initiatives to Mitigate Spare 
Parts Shortages Need Better Implementation. GAO-03-706. Washington, 
D.C.: June 27, 2003.

For more information on Department of Defense major management 
challenges, see http://www.gao.gov/pas/2005/dod.htm.

High-Risk Series:

Department of Defense Weapon Systems Acquisition:

GAO Highlights:

For additional information about this high-risk area, contact Katherine 
V. Schinasi at (202) 512-4841 or schinasik@gao.gov.

Why Area Is High Risk:

Developing and acquiring high performance weapons is central to the 
Department of Defense's (DOD) ability to fight and win wars. DOD's 
investment in weapons is growing rapidly--from about $146 billion in 
fiscal year 2004 to an estimated $185 billion by fiscal year 2009--as 
it pushes to transform itself to meet a broad range of complex threats. 
Weapon systems routinely take much longer to field, cost more to buy, 
and require more support than provided for in investment plans. When 
acquisition programs require more resources than planned, the buying 
power of the defense dollar is reduced because trade-offs among other 
weapons programs or defense needs must be made. Consequently, GAO has 
designated this as a high-risk area since 1990, and it remains so 
today.

What GAO Found:

While DOD's acquisition process has produced the best weapons in the 
world, it also consistently yields undesirable consequences--cost 
increases, late deliveries to the warfighter, and performance 
shortfalls--in weapon system programs. Such problems were highlighted, 
for example, in GAO's reviews of DOD's F/A-22 Raptor, Space-Based 
Infrared System, Airborne Laser, Missile Defense, and other programs. 
Problems occur because DOD's weapon programs do not capture early on 
the requisite knowledge that is needed to efficiently and effectively 
manage program risks. For example, programs move forward with 
unrealistic program cost and schedule estimates, lack clearly defined 
and stable requirements, use immature technologies in launching product 
development, and fail to solidify design and manufacturing processes at 
appropriate junctures in development. As a result, wants are not always 
distinguished from needs, problems often surface late in the 
development process, and fixes tend to be more costly than if caught 
earlier. When programs require more resources than planned, the buying 
power of the defense dollar is reduced, and funds are not available for 
other competing needs.

While weapon system acquisitions continue to remain on GAO's high-risk 
list, it should be acknowledged that DOD has undertaken a number of 
acquisition reforms over the past 5 years. Specifically, DOD has 
restructured its acquisition policy to incorporate attributes of a 
knowledge-based acquisition model and has reemphasized the discipline 
of systems engineering. In addition, DOD recently introduced new 
policies to strengthen its budgeting and requirements determination 
processes in order to plan and manage weapon systems based on joint 
warfighting capabilities. While these policy changes are positive 
steps, implementation in individual programs will continue to be a 
challenge because of inherent funding, management, and cultural factors 
that lead managers to develop business cases for new programs that 
over-promise on cost, delivery, and performance of weapon systems. The 
implementation challenge is even greater when considering DOD's move 
toward bundling individual programs into "systems of systems" in order 
to achieve more integrated, networked military capabilities. A key will 
be addressing acquisition management as part of a comprehensive and 
integrated business transformation plan.

[See PDF for image]

[End of figure]

What Remains to Be Done:

DOD needs to take additional steps to achieve outcomes on par with best 
practices. These include:

* ensuring that customer needs and technical, financial, and other 
resources are matched before the start of product development;

* planning product development so that design and manufacturing 
decisions are based on better data; and:

* ensuring that testing does not get deferred until late in the 
development cycle.

While DOD has incorporated into policy a framework that supports a 
knowledge-based acquisition process similar to that used by leading 
organizations, it must establish stronger controls to ensure that 
decisions on individual programs are informed by demonstrated 
knowledge.

Related Products:

Department of Defense Weapon Systems Acquisition:

Department of Defense: Further Actions Are Needed to Effectively 
Address Business Management Problems and Overcome Key Business 
Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 
2004.

Best Practices:

Defense Acquisitions: Assessments of Major Weapon Programs. GAO-04-248. 
Washington, D.C.: March 31, 2004.

Defense Acquisitions: Stronger Management Practices Are Needed to 
Improve DOD's Software-Intensive Weapon Acquisitions. GAO-04-393. 
Washington, D.C.: March 1, 2004.

Defense Acquisitions: DOD's Revised Policy Emphasizes Best Practices, 
but More Controls Are Needed. GAO-04-53. Washington, D.C.: November 10, 
2003.

Defense Acquisitions: Improvements Needed in Space Systems Acquisition 
Management Policy. GAO-03-1073. Washington, D.C.: September 15, 2003.

Best Practices: Setting Requirements Differently Could Reduce Weapon 
Systems' Total Ownership Costs. GAO-03-57. Washington, D.C.: February 
11, 2003.

Best Practices: Capturing Design and Manufacturing Knowledge Early 
Improves Acquisition Outcomes. GAO-02-701. Washington, D.C.: July 15, 
2002.

Weapon System Reviews:

Defense Acquisitions: Challenges Facing the DD(X) Destroyer Program. 
GAO-04-973. Washington, D.C.: September 3, 2004.

Defense Acquisitions: Space-Based Radar Effort Needs Additional 
Knowledge before Starting Development. GAO-04-759. Washington, D.C.: 
July 19, 2004.

Uncertainties Remain Concerning the Airborne Laser's Cost and Military 
Utility. GAO-04-643R. Washington, D.C.: May 17, 2004.

Missile Defense: Actions Are Needed to Enhance Testing and 
Accountability. GAO-04-409. Washington, D.C.: April 23, 2004.

Defense Acquisitions: The Army's Future Combat Systems' Features, 
Risks, and Alternatives. GAO-04-635T. Washington, D.C.: April 1, 2004.

Tactical Aircraft: Changing Conditions Drive Need for New F/A-22 
Business Case. GAO-04-391. Washington, D.C.: March 15, 2004.

For more information on Department of Defense major management 
challenges, see http://www.gao.gov/pas/2005/dod.htm.

High-Risk Series:

Department of Defense Contract Management:

GAO Highlights:

For additional information about this high-risk area, contact Katherine 
V. Schinasi at (202) 512-4841 or schinasik@gao.gov.

Why Area Is High Risk:

The government's largest purchaser, the Department of Defense (DOD) 
spent more than $200 billion through contracts in fiscal year 2003 to 
equip and support the military forces. DOD's acquisition environment 
has changed as a result of increasing reliance on contractor-provided 
services, reductions in the acquisition workforce, and the introduction 
or expansion of alternative contracting approaches. Further, the 
improper use of purchase cards and of other agencies' contracts point 
to weaknesses in DOD's control environment. In combination, these 
factors have created significant management risks. We designated DOD 
contract management as a high-risk area in 1992, and it remains so 
today.

What GAO Found:

DOD is unable to assure that it is using sound business practices to 
acquire the goods and services needed to meet the warfighter's needs. 
For example, over the past decade, DOD has significantly increased its 
spending on contractor-provided information technology and management 
support services, but has not yet fully implemented a strategic 
approach to acquiring these services. In 2002, DOD and the military 
departments established a structure to review individual service 
acquisitions valued at $500 million or more, and in 2003 launched a 
pilot program to help identify strategic sourcing opportunities. To 
further promote a strategic orientation, however, DOD needs to 
establish a departmentwide concept of operations; set performance 
goals, including savings targets; and ensure accountability for 
achieving them. In March 2004, GAO reported that if greater management 
focus were paid to opportunities to capture savings through the 
purchase card program, DOD could potentially save tens of millions of 
dollars without sacrificing the ability to acquire items quickly or 
compromising other goals.

DOD also needs to have the right skills and capabilities in its 
acquisition workforce to effectively implement best practices and 
properly manage the goods and services it buys. However, DOD reduced 
its civilian workforce by about 38 percent between fiscal years 1989 
and 2002 without ensuring it had the specific skills and competencies 
needed to accomplish current and future DOD missions, and more than 
half of its current workforce will be eligible for early or regular 
retirement in the next 5 years. GAO found that inadequate staffing and 
the lack of clearly defined roles and responsibilities contributed to 
the contract administration challenges encountered in Iraq. Further, 
GAO reported that DOD's extensive use of military logistical support 
contracts in Iraq and elsewhere required strengthened oversight. DOD 
has made progress in laying a foundation for reshaping its acquisition 
workforce by initiating a long-term strategic planning effort, but as 
of June 2004 it did not yet have a comprehensive strategic workforce 
plan needed to guide its efforts.

DOD uses various techniques--such as performance-based service 
contracting, multiple-award task order contracts, and purchase cards--
to acquire the goods and services it needs. We have found, however, 
that DOD personnel did not always make sound use of these tools. In 
June 2004, for example, GAO reported that more than half of the task 
orders to support Iraq reconstruction efforts it reviewed were outside 
the scope of the underlying contract. In July 2004, GAO found that DOD 
personnel waived competition requirements for nearly half of the task 
orders reviewed. As a result of the frequent use of waivers, DOD had 
fewer opportunities to obtain the potential benefits of competition--
improved levels of service, market-tested prices, and the best overall 
value. We also found that DOD lacked safeguards to ensure that waivers 
were granted only under appropriate circumstances.

What Remains to Be Done:

Our work has shown that DOD would benefit by:

* making use of commercial best practices, such as taking a strategic 
approach to acquire services;

* building on initial efforts to develop a strategic human capital plan 
for its civilian workforce; and:

* improving safeguards, issuing additional guidance, and providing 
training to its workforce on the appropriate use of contracting 
techniques and approaches.

DOD is undertaking corrective actions, but because most efforts are in 
their early stages, it is uncertain whether they can be fully and 
successfully implemented in the near term. A key to resolving DOD's 
contract management issues will be addressing them as part of a 
comprehensive, integrated business transformation.

Related Products:

Department of Defense Contract Management:

Comptroller General of the United States. Transformation Challenges. 
Presented to the Defense Intelligence Agency Board of Directors. 
Arlington, Va.: December 9, 2004.

Department of Defense: Further Actions Are Needed to Effectively 
Address Business Management Problems and Overcome Key Business 
Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 
2004.

Contract Management: Guidance Needed to Promote Competition for Defense 
Task Orders. GAO-04-874. Washington, D.C.: July 30, 2004.

Military Operations: DOD's Extensive Use of Logistics Support Contracts 
Requires Strengthened Oversight. GAO-04-854. Washington, D.C.: July 
19, 2004.

DOD Civilian Personnel: Comprehensive Strategic Workforce Plans Needed. 
GAO-04-753. Washington, D.C.: June 30, 2004.

Rebuilding Iraq: Fiscal Year 2003 Contract Award Procedures and 
Management Challenges. GAO-04-605. Washington, D.C.: June 1, 2004.

Contract Management: Agencies Can Achieve Significant Savings on 
Purchase Card Buys. GAO-04-430. Washington, D.C.: March 12, 2004.

Satellite Communications: Strategic Approach Needed for DOD's 
Procurement of Commercial Satellite Bandwidth. GAO-04-206. Washington, 
D.C.: December 10, 2003.

Purchase Cards: Steps Taken to Improve DOD Program Management, but 
Actions Needed to Address Misuse. GAO-04-156. Washington, 
D.C.: December 2, 2003.

Contract Management: High-Level Attention Needed to Transform DOD 
Services Acquisition. GAO-03-935. Washington, D.C.: September 10, 
2003.

DOD Contract Payments: Management Action Needed to Reduce Billions in 
Adjustments to Contract Payment Records. GAO-03-727. Washington, D.C.: 
August 8, 2003.

Best Practices: Improved Knowledge of DOD Service Contracts Could 
Reveal Significant Savings. GAO-03-661. Washington, D.C.: June 9, 2003.

Sourcing and Acquisition: Challenges Facing the Department of Defense. 
GAO-03-574T. Washington, D.C.: March 19, 2003.

Contract Management: Guidance Needed for Using Performance-Based 
Service Contracting. GAO-02-1049. Washington, D.C.: September 23, 2002.

Best Practices: Taking A Strategic Approach Could Improve DOD's 
Acquisition of Services. GAO-02-230. Washington, D.C.: January 18, 
2002.

For more information on Department of Defense major management 
challenges, see http://www.gao.gov/pas/2005/dod.htm.

High-Risk Series:

Department of Energy Contract Management:

GAO Highlights:

For additional information about this high-risk area, contact Robert A. 
Robinson at (202) 512-3841 or robinsonr@gao.gov.

Why Area Is High Risk:

In 1990, we designated the Department of Energy's (DOE) contract 
management as a high-risk area. DOE, the largest non-Defense 
contracting agency in the federal government, relies primarily on 
contractors to carry out its diverse missions and operate its 
laboratories and other facilities. About 90 percent of DOE's annual 
budget is spent on contracts. DOE's record of both inadequate 
management and oversight of contractors and failure to hold them 
accountable has resulted in the high-risk designation for contract 
management. This area continues to be at high risk.

What GAO Found:

DOE's contract management, including both contract administration and 
project management, continues to be at high risk for fraud, waste, 
abuse, and mismanagement. In January 2003, GAO reported that DOE was 
implementing new tools to strengthen its contract and project 
management, but that contractor performance problems continued to occur 
and objective performance information was scarce. These conditions have 
not substantially changed.

Over the last 2 years, however, DOE has worked to improve its contract 
and project management. For example, DOE has strengthened its contract 
acquisition guidance by providing information on the relative trade-
offs between contract type and contract risk, as well as the linkage 
between contract type and the work to be performed. DOE has also 
implemented a formal process to ensure that contract management plans 
are established for each site and each facility management contract. 
DOE took steps to strengthen accountability for performance at the 
contractor level by linking performance fees more directly to outcome 
measures, and at the DOE manager level by linking performance 
evaluations to the accomplishment of site-specific goals. DOE also 
established a formal, systematic approach to designing and managing its 
contract management initiative and other improvement initiatives.

While improvement efforts have been initiated, GAO found that 
performance problems continue on DOE's major projects. For example, at 
the start of the project to clean up radioactive waste in 177 
underground storage tanks in Hanford, Washington, DOE did not implement 
the project management reforms that it was incorporating into its 
policy and guidance, increasing the risks DOE faces in cleaning up the 
waste and potentially adding significantly to the cost of the cleanup. 
At the Paducah nuclear waste cleanup site in Kentucky, DOE has had 
difficulty reaching agreement with its regulators on the overall 
cleanup approach, the scope of the cleanup, and the details of specific 
projects. Unless DOE and the regulators can reach and maintain 
agreement on key aspects of the cleanup in a timely manner, the project 
could continue to be plagued by delays and cost increases. Finally, in 
managing the nation's stockpile of nuclear weapons, the National 
Nuclear Security Administration does not have a system for tracking the 
full costs of individual refurbishments and thus does not have adequate 
oversight to ensure that cost increases do not occur.

What Remains to Be Done:

To further strengthen DOE's contract and project management so that it 
can demonstrate improved results from its contractors, GAO made a 
series of recommendations that collectively call for DOE to improve its 
management of individual projects and activities and to strengthen 
senior management oversight of DOE's activities. DOE generally agreed 
with the recommendations. In some cases, DOE asserted that their 
ongoing efforts already addressed the recommendations; however, GAO 
concluded that further improvements were needed.

Related Products:

Department of Energy Contract Management:

National Nuclear Security Administration: Key Management Structure and 
Workforce Planning Issues Remain As NNSA Conducts Downsizing. GAO-04-
545. Washington, D.C.: June 25, 2004.

Nuclear Waste: Absence of Key Management Reforms on Hanford's Cleanup 
Project Adds to Challenges of Achieving Cost and Schedule Goals. GAO-
04-611. Washington, D.C.: June 9, 2004.

Department of Energy: Achieving Small Business Prime Contracting Goals 
Involves Both Potential Benefits and Risks. GAO-04-738T. Washington, 
D.C.: May 18, 2004.

Nuclear Waste Cleanup: DOE Has Made Some Progress in Cleaning Up the 
Paducah Site, but Challenges Remain. GAO-04-457. Washington, D.C.: 
April 1, 2004.

Department of Energy: Mission Support Challenges Remain at Los Alamos 
and Lawrence Livermore National Laboratories. GAO-04-370. Washington, 
D.C.: February 27, 2004.

Nuclear Waste Cleanup: Preliminary Observations on DOE's Cleanup of the 
Paducah Uranium Enrichment Plant. GAO-04-278T. Washington, D.C.: 
December 6, 2003.

Nuclear Weapons: Opportunities Exist to Improve the Budgeting, Cost 
Accounting, and Management Associated with the Stockpile Life Extension 
Program. GAO-03-583. Washington, D.C.: July 28, 2003.

Nuclear Waste: Challenges and Savings Opportunities in DOE's High-Level 
Waste Cleanup Program. GAO-03-930T. Washington, D.C.: July 17, 2003.

Contract Reform: DOE's Policies and Practices in Competing Research 
Laboratory Contracts. GAO-03-932T. Washington, D.C.: July 10, 2003.

Nuclear Waste: Challenges to Achieving Potential Savings in DOE's High-
Level Waste Cleanup Program. GAO-03-593. Washington, D.C.: June 17, 
2003.

Department of Energy: Status of Contract and Project Management 
Reforms. GAO-03-570T. Washington, D.C.: March 20, 2003.

For more information on Department of Energy major management 
challenges, see http://www.gao.gov/pas/2005/energy.htm.

High-Risk Series:

National Aeronautics and Space Administration Contract Management:

GAO Highlights:

For additional information about this high-risk area, contact Allen Li 
at (202) 512-4841or lia@gao.gov.

Why Area Is High Risk:

NASA's success largely depends on the work of its contractors--on which 
NASA spends about 85 percent of its annual budget. In 1990, GAO 
designated NASA's contract management as high risk. This area has been 
designated as high risk principally because NASA has lacked a modern 
financial management system to provide accurate and reliable 
information on contract spending and placed little emphasis on end 
results, product performance, and cost control. These weaknesses pose 
significant challenges to NASA's ability to make informed investment 
decisions and implement appropriate corrective actions. Due to the 
considerable challenges NASA continues to face in implementing 
effective systems and processes, contract management remains high risk.

What GAO Found:

While it has taken recent actions to improve its contract management 
function, NASA continues to face considerable challenges in 
implementing financial management systems and processes that would 
allow it to manage its contracts effectively. As GAO has reported, 
NASA's failure to overcome these challenges has put a number of its 
major scientific and space programs at risk. For example, our recent 
review of selected NASA programs found that NASA lacked the disciplined 
cost-estimating processes and financial and performance management 
systems needed to establish priorities, quantify risks, and manage 
program costs.

One of NASA's most formidable barriers to sound contract management is 
the lack of an integrated financial management system. In 2003, GAO 
reported that, in implementing its most recent system, NASA did not 
reengineer its core business processes or establish adequate 
requirements for the system to address many of its most significant 
management challenges, including producing credible cost estimates. 
Moreover, NASA opted to defer addressing the needs of key stakeholders. 
In recent months, NASA has begun to take steps toward transforming how 
it manages its programs and projects and oversees its contractors. 
Specifically, NASA has inventoried its ongoing programs and projects--
categorized by product line, size, and risk--and defined specific 
management and information requirements for each category. NASA has 
also established a standardized accounting code structure based on 
these information requirements that, if implemented as planned, would 
allow NASA to capture the cost information that program managers and 
cost estimators need to develop credible estimates and compare budgeted 
and actual cost with the work performed on the contract.

However, much work remains. As GAO reported in May 2004, NASA often 
does not obtain from its contractors the financial data and performance 
information needed to assess progress on its contracts. In addition, 
NASA lacks data analysis tools and staff trained to perform cost 
analyses, including earned value management. Until NASA has the data, 
tools, and analytical skills needed to alert program managers of 
potential cost overruns and schedule delays and take corrective action 
before they occur, it will continue to face challenges in effectively 
overseeing its contractors.

Finally, NASA continues to use unnegotiated (that is, uncosted) 
contract changes, a concern GAO and NASA's Office of Inspector General 
have raised. Uncosted contract changes increase the government's cost 
risk--the longer changes remain unnegotiated, the greater the risk. 
Although GAO reported in 2003 that NASA's use of such actions had 
significantly decreased, GAO recently reported its use has begun to 
rise again. According to NASA officials, the increase is temporary and 
needed to expedite activities to return the space shuttle fleet safely 
to flight. However, continued management attention is needed to ensure 
such actions are justified.

What Remains to Be Done:

GAO has recommended that NASA establish an effective architecture to 
guide the Integrated Financial Management Program (IFMP), address areas 
of IFMP financial reporting that do not comply with federal systems 
requirements, and follow best practices and NASA's guidance in 
preparing the IFMP life-cycle cost estimate. NASA agreed with these 
recommendations and has taken some initial implementing actions. To 
further improve contract management, NASA needs to:

* complete the design of and fully implement its integrated financial 
management system;

* instill disciplined cost-estimating processes in its project 
development; and:

* ensure that it obtains the information needed to assess progress on 
its contracts.

Related Products:

National Aeronautics and Space Administration Contract Management:

GAO Products:

Space Shuttle: Costs for Hubble Servicing Mission and Implementation of 
Safety Recommendations Not Yet Definitive. GAO-05-34. Washington, D.C.: 
November 19, 2004.

NASA: Lack of Disciplined Cost-Estimating Processes Hinders Effective 
Program Management. GAO-04-642. Washington, D.C.: May 28, 2004.

National Aeronautics and Space Administration: Significant Actions 
Needed to Address Long-standing Financial Management Problems. GAO-04-
754T. Washington, D.C.: May 19, 2004.

NASA: Compliance with Cost Limits. GAO-04-648R. Washington, D.C.: April 
2, 2004.

Business Modernization: Disciplined Processes Needed to Better Manage 
NASA's Integrated Financial Management Program. GAO-04-118. 
Washington, D.C.: November 21, 2003.

Business Modernization: NASA's Challenges in Managing Its Integrated 
Financial Management Program. GAO-04-255. Washington, D.C.: November 
21, 2003.

Business Modernization: NASA's Integrated Financial Management Program 
Does Not Fully Address Agency's External Reporting Issues. GAO-04-151. 
Washington, D.C.: November 21, 2003.

Information Technology: Architecture Needed to Guide NASA's Financial 
Management Modernization. GAO-04-43. Washington, D.C.: November 21, 
2003.

NASA: Major Management Challenges and Program Risks. GAO-03-849T. 
Washington, D.C.: June 12, 2003.

Business Modernization: Improvements Needed in Management of NASA's 
Integrated Financial Management Program. GAO-03-507. Washington, D.C.: 
April 30, 2003.

NASA OIG Products:

Final Management Letter on Failures in Cost Estimating and Risk 
Management Weaknesses in Prior Space Launch Initiative. Assignment 
Numbers A-01-049-01 and A-01-049-02, IG-03-023. Washington, D.C.: 
September 29, 2003.

Integrated Financial Management Program Core Financial Module 
Conversion to Full Cost Accounting. IG-03-015. Washington, D.C.: May 
30, 2003.

For more information on National Aeronautics and Space Administration 
major management challenges, see http://www.gao.gov/pas/2005/nasa.htm.

High-Risk Series:

Management of Interagency Contracting:

GAO Highlights:

For additional information about this high-risk area, contact William 
T. Woods at (202) 512-8214 or woodsw@gao.gov.

Why Area Is High Risk:

In recent years, federal agencies have been making a shift in the way 
they procure many goods and services. They are making greater use of 
contracts already awarded by other agencies, such as those available 
through the GSA supply schedules, to save time and money in the 
purchasing process. These types of contracts have seen tremendous 
increases in use over the past decade, primarily because they offer 
convenience and efficiency. These contracts present challenges in 
ensuring adequate management controls to realize their full potential.

Our work and that of agency inspectors general have found many cases in 
which agencies have not adequately met these challenges. These include 
lack of compliance with federal requirements for competition, work 
performed outside the scope of the contracts, and an inadequately 
trained workforce.

The challenges associated with interagency contracts, recent problems 
related to cases of management weaknesses, and the need to ensure that 
the government is well-positioned to realize the contracts' important 
value warrant designation of this as a new high-risk area.

What GAO Found:

Use of interagency contracts has increased significantly over the past 
several years, with use of the GSA schedule contracts increasing nearly 
tenfold since 1992, representing over $32 billion in sales in fiscal 
year 2004.

Multiple Award Schedules Sales Fiscal Years 1992 through 2004:

[See PDF for image]

[End of figure]

Interagency contracts provide agencies with easy access to commonly 
needed goods and services. Agencies that sponsor these contracts 
usually charge a fee to support their operations. These types of 
contracts have allowed agencies to meet demands for goods and services 
at a time when they face growing workloads, declines in workforce, and 
the need for new skill sets. However, GAO's work and the work of agency 
inspectors general have found instances of improper use of interagency 
contracts, including customer agencies making purchases without 
ensuring that purchases are within the scope of the contract, and not 
following procedures designed to promote competition. By not following 
these key requirements of the contract management process, agencies 
risk being out of compliance with government regulations and missing 
opportunities to achieve savings and obtain better value. There are 
several causes of the deficiencies GAO and others have found with the 
use of interagency contracts, including the increasing demands on the 
acquisition workforce, insufficient training, and, in some cases, 
inadequate guidance. In addition, it is not always clear where the 
responsibility lies for critical management functions in the 
interagency contracting process.

Recently, the Congress and executive branch agencies have taken steps 
to address these challenges, particularly in the areas of oversight and 
workforce training. These are positive efforts, but some actions are 
still under development and it is too early to tell whether all of the 
corrective measures will be effectively implemented.

What Remains to Be Done:

Specific and targeted approaches are needed to address interagency 
contracting risks. Roles and responsibilities for managing interagency 
contracts need clarification, and agencies need to adopt and implement 
policies and processes that balance customer service with the need to 
comply with requirements.

Related Products:

Management of Interagency Contracting:

GAO Products:

Contract Management: Guidance Needed to Promote Competition for Defense 
Task Orders. GAO-04-874. Washington, D.C.: July 30, 2004.

Information Technology: DOD's Acquisition Policies and Guidance Need to 
Incorporate Additional Best Practices and Controls. GAO-04-722. 
Washington, D.C.: July 30, 2004.

Rebuilding Iraq: Fiscal Year 2003 Contract Award Procedures and 
Management Challenges. GAO-04-605. Washington, D.C.: June 1, 2004.

Federal Procurement: Spending and Workforce Trends. GAO-03-443. 
Washington, D.C.: April 30, 2003.

Acquisition Workforce: Status of Agency Efforts to Address Future 
Needs. GAO-03-55. Washington, D.C.: December 18, 2002.

Contract Management: Guidance Needed for Using Performance-Based 
Service Contracting. GAO-02-1049. Washington, D.C.: September 23, 
2002.

Contract Management: Interagency Contract Program Fees Need More 
Oversight. GAO-02-734. Washington, D.C.: July 25, 2002.

Contract Management: Roles and Responsibilities of the Federal Supply 
Service and Federal Technology Service. GAO-02-560T. Washington, D.C.: 
April 11, 2002.

Best Practices: Taking a Strategic Approach Could Improve DOD's 
Acquisition of Services. GAO-02-230. Washington, D.C.: January 18, 
2002.

GSA's Guidance and Oversight Concerning Areawide Utility Contracts. 
GAO-02-56R. Washington, D.C.: December 17, 2001.

Contract Management: Not Following Procedures Undermines Best Pricing 
Under GSA's Schedule. GAO-01-125. Washington, D.C.: November 28, 2000.

Contract Management: Few Competing Proposals for Large DOD Information 
Technology Orders. GAO/NSIAD-00-56. Washington, D.C.: March 20, 2000.

Other Related Products:

Department of Defense, Office of the Inspector General. Audit Report: 
Multiple Award Contracts for Services. Report Number D-2001-189. 
Arlington, Va.: 2001.

General Services Administration, Office of the Inspector General. 
Compendium of Audits of the Federal Technology Services' Regional 
Client Support Center. Washington, D.C.: 2004.

High-Risk Series:

Enforcement of Tax Laws:

GAO Highlights:

For additional information about this high-risk area, contact Michael 
Brostek at (202) 512-9110 or brostekm@gao.gov or James White at (202) 
512-9110 or whitej@gao.gov.

Why Area Is High Risk:

Internal Revenue Service (IRS) enforcement of the tax laws is vital--
not only to catch tax cheats, but also to promote broader compliance by 
giving taxpayers confidence that others are paying their fair share. In 
1990, we designated one aspect of enforcement, collection of tax debt, 
as high risk, later broadening it to include both unpaid taxes known to 
IRS and unpaid taxes IRS has not detected. In 1995, we added a new 
high-risk area related to the Earned Income Credit (EIC), a refundable 
tax credit available to certain low-income, working taxpayers. These 
areas remain high risk and have been exacerbated by significant and 
pervasive declines in IRS's enforcement activities that threaten to 
erode taxpayer compliance.

What GAO Found:

The Commissioner of Internal Revenue has made strengthening enforcement 
a high priority, but IRS has not yet materially reversed enforcement 
declines, in large part because unbudgeted expenses and demands for 
improved taxpayer service have confounded IRS's intentions. Enforcement 
staffing decreased over 21 percent between 1998 and 2003, and 
individual audit rates are below the levels of the mid-1990s, even 
after recent increases.

IRS lacks current data on the effects of these declines on compliance. 
For example, IRS's estimate of the 2001 gross tax gap--the difference 
between taxes owed and taxes paid (over $300 billion)--was largely 
based on extrapolations from 1988 data. Without current information on 
noncompliance, IRS cannot effectively target its enforcement resources, 
risks wasting resources by auditing compliant taxpayers, and is impeded 
in identifying changes to laws or regulations that could reduce 
noncompliance.

IRS is working to improve its enforcement efforts, partly pursuant to 
our recommendations and reports. For example, IRS is carrying out 
important new compliance research that GAO has encouraged for many 
years. IRS has nearly completed field work for a major study of 
individual taxpayers, and has plans for further studies of other groups 
of taxpayers. IRS is also developing a centralized cost accounting 
system, in part to obtain better cost and benefit information on 
compliance activities, and is modernizing the technology that underpins 
many core business processes. Further, it has redesigned some 
compliance and collections processes and plans additional redesigns as 
technology improves.

IRS is also continuing to address the evolving challenge of unpaid 
taxes and continuing EIC noncompliance. For example:

* IRS estimates the multiyear tax losses from known and suspected tax 
shelters used by corporations and individuals to be in the tens of 
billions of dollars. IRS has made abusive tax shelters and schemes a 
high priority, but the cost of addressing them can be high because they 
tend, by design, to be complex and hard to detect.

* IRS estimated deliberate and inadvertent noncompliance with the EIC 
to be between $8.5 and 9.9 billion in 1999. IRS is testing initiatives 
to reduce EIC noncompliance, but at best it may be years before 
compliance improves. Even as IRS addresses noncompliance, it must focus 
on maintaining or improving the EIC's high participation rate.

Due to pervasive enforcement declines and the lack of current 
information about noncompliance, GAO continues to regard these as high-
risk issues. In light of the Congress's decision to return to a single 
enforcement appropriation in 2004, thus ending dedicated appropriations 
for EIC since 1998, GAO is combining the EIC compliance and collection 
of unpaid taxes areas into one high-risk area involving enforcement of 
tax laws.

What Remains to Be Done:

To maintain a credible enforcement presence, and consistent with GAO's 
prior recommendations, IRS must:

* continue compliance research and use the results to determine 
resource needs, justify resource requests, target scarce enforcement 
resources, and develop other corrective measures for all aspects of tax 
law enforcement, including those related to the EIC;

* ensure that the centralized accounting system, which is to be 
implemented over the next several years, is designed and used to 
determine how best to allocate resources; and:

* modernize its technology and revise core business processes to 
improve productivity.

Related Products:

Enforcement of Tax Laws:

Earned Income Tax Credit: Implementation of Three New Tests Proceeded 
Smoothly, but Tests and Evaluation Plans Were Not Fully Documented. 
GAO-05-92. Washington, D.C.: December 30, 2004.

Taxpayer Information: Data Sharing and Analysis May Enhance Tax 
Compliance and Improve Immigration Eligibility Decisions. GAO-04-972T. 
Washington, D.C.: July 21, 2004.

Tax Debt Collection: IRS Is Addressing Critical Success Factors for 
Contracting Out but Will Need to Study the Best Use of Resources. GAO-
04-492. Washington, D.C.: May 24, 2004.

Internal Revenue Service: Assessment of Fiscal Year 2005 Budget Request 
and 2004 Filing Season Performance. GAO-04-560T. Washington, D.C.: 
March 30, 2004.

Financial Management: Some DOD Contractors Abuse the Federal Tax System 
With Little Consequence. GAO-04-95. Washington, D.C.: February 12, 
2004.

Internal Revenue Service: Challenges Remain in Combating Abusive Tax 
Schemes. GAO-04-50. Washington, D.C.: November 19, 2003.

Internal Revenue Service: Challenges Remain in Combating Abusive Tax 
Shelters. GAO-04-104T. Washington, D.C.: October 21, 2003.

Earned Income Credit: Qualifying Child Certification Test Appears 
Justified, but Evaluation Plan Is Incomplete. GAO-03-794. Washington, 
D.C.: September 30, 2003.

Federal Budget: Opportunities for Oversight and Improved Use of 
Taxpayer Funds. GAO-03-1030T. Washington, D.C.: July 17, 2003.

Tax Administration: IRS Is Implementing the National Research Program 
As Planned. GAO-03-614. Washington, D.C.: June 16, 2003.

IRS Modernization: Continued Progress Necessary for Improving Service 
to Taxpayers and Ensuring Compliance. GAO-03-796T. Washington, D.C.: 
May 20, 2003.

Compliance and Collection: Challenges for IRS in Reversing Trends and 
Implementing New Initiatives. GAO-03-732T. Washington, D.C.: May 7, 
2003.

Vehicle Donations: Taxpayer Considerations When Donating Vehicles to 
Charities. GAO-03-608T. Washington, D.C.: April 1, 2003.

Tax Administration: Federal Payment Levy Program Measures, Performance, 
and Equity Can Be Improved. GAO-03-356. Washington, D.C.: March 6, 
2003.

For more information on Department of the Treasury major management 
challenges, see http://www.gao.gov/pas/2005/treasury.htm.

High-Risk Series:

Internal Revenue Service Business Systems Modernization:

GAO Highlights:

For additional information about this high-risk area, contact David A. 
Powner at (202) 512-9286 or pownerd@gao.gov or Steven J. Sebastian at 
(202) 512-3406 or sebastians@gao.gov.

Why Area Is High Risk:

The Internal Revenue Service's (IRS) highly complex, multibillion-
dollar Business Systems Modernization (BSM) program is critical to (1) 
the successful transformation of the agency's manual, paper-intensive 
business operations; (2) fulfillment of its obligations under the IRS 
Restructuring and Reform Act; and (3) providing the reliable and timely 
financial management information needed to better enable IRS to justify 
its resource allocation decisions and congressional budgetary requests. 
IRS has made progress in aligning the pace of the BSM program with its 
management capacity, improving its modernization management controls 
and capabilities, and delivering several modernized business 
applications that are producing benefits today. However, significant 
challenges and serious risks remain.

What GAO Found:

IRS has long relied on obsolete automated systems for key operational 
and financial management functions, and its attempts to modernize these 
aging computer systems span several decades. This long history of 
continuing delays and design difficulties and their impact on IRS's 
operations led GAO to designate IRS's systems modernization and its 
financial management as separate high-risk areas in 1995. In 2003, 
GAO's high-risk report noted that IRS had made significant progress in 
establishing long overdue management controls and in acquiring 
foundational system infrastructure and applications. However, the BSM 
program remained at risk because the scope and complexity of 
modernization activities were growing, and the agency's modernization 
management capacity was still maturing. Similarly, while IRS had made 
notable progress in addressing several financial management 
deficiencies, including deficiencies in controls over budgetary 
activity and property and equipment, this area remained high risk 
because IRS continued to rely on automated systems that did not provide 
management current and reliable information it needed to support 
informed decision making. Since resolution of IRS's most serious 
remaining financial management problems largely depends upon the 
success of BSM, we are combining those two issues into one BSM high-
risk area.

IRS has made further progress since 2003 in addressing GAO's concerns 
about the management of BSM. IRS has (1) acted to align the pace of the 
BSM program with the maturity of the agency's controls and management 
capacity, including reassessing its portfolio of planned projects, (2) 
deployed several modernized systems that have benefited taxpayers and 
the agency and begun implementation of the initial phases of several 
key automated financial management systems, and (3) made progress in 
implementing GAO's recommendations to improve its modernization 
management controls and capabilities. IRS has also taken corrective 
actions related to aspects of financial management that are not 
dependent on automated systems, such as enhancing controls over hard 
copy tax receipts and data, improving the accuracy of property records, 
and recording interim expense accruals.

However, BSM projects continue to incur significant cost increases and 
schedule delays. IRS needs to further strengthen modernization program 
management and replace its outdated financial management systems. 
Balancing the scope and pace of modernization activities with the 
agency's ability to manage them remains a challenge. These problems are 
due, in part, to critical management controls and capabilities that IRS 
has not yet fully implemented or institutionalized. IRS has developed 
48 action issues related to its BSM effort and is taking action to 
resolve them and to address GAO's recommendations related to BSM and 
financial management. However, more remains to be done as program 
management problems persist--affecting project cost, schedule, and 
performance--that have plagued past systems modernization efforts and 
that continue to affect IRS's ability to successfully modernize its 
operational and financial management systems.

What Remains to Be Done:

IRS acknowledges its challenges and risks, and is acting to address 
them. IRS needs to continue to address our numerous recommendations to 
strengthen BSM and financial management by (1) balancing the scope and 
pace of the program with the agency's capacity to handle the workload; 
(2) fully implementing and institutionalizing essential modernization 
management controls and capabilities related to configuration 
management, human capital management, cost and schedule estimating, and 
contract management; and (3) ensuring that the new automated systems 
fully satisfy management needs for reliable, timely, and adequately 
safeguarded information to support informed decision making.

Related Products:

Internal Revenue Service Business Systems Modernization:

Business Systems Modernization: IRS's Fiscal Year 2004 Expenditure 
Plan. GAO-05-46. Washington, D.C.: November 17, 2004.

Financial Audit: IRS's Fiscal Years 2004 and 2003 Financial Statements. 
GAO-05-103. Washington, D.C.: November 10, 2004.

Internal Revenue Service: Status of Recommendations from Financial 
Audits and Related Management Reports. GAO-04-523. Washington, D.C.: 
April 28, 2004.

Management Report: Improvements Needed in IRS's Internal Controls and 
Accounting Procedures. GAO-04-553R. Washington, D.C.: April 26, 2004.

Business Systems Modernization: Internal Revenue Service Needs to 
Further Strengthen Program Management. GAO-04-438T. Washington, D.C.: 
February 12, 2004.

Financial Audit: IRS's Fiscal Years 2003 and 2002 Financial Statements. 
GAO-04-126. Washington, D.C.: November 13, 2003.

Management Report: Improvements Needed in Controls over IRS's Excise 
Tax Certification Process. GAO-03-687R. Washington, D.C.: July 23, 
2003.

Business Systems Modernization: IRS Has Made Significant Progress in 
Improving Its Management Controls, but Risks Remain. GAO-03-768. 
Washington, D.C.: June 27, 2003.

Internal Revenue Service: Status of Recommendations from Financial 
Audits and Related Management Reports. GAO-03-665. Washington, D.C.: 
May 29, 2003.

Management Report: Improvements Needed in IRS's Internal Controls. GAO-
03-562R. Washington, D.C.: May 20, 2003.

IRS Modernization: Continued Progress Necessary for Improving Service 
to Taxpayers and Ensuring Compliance. GAO-03-796T. Washington, D.C.: 
May 20, 2003.

IRS Lockbox Banks: More Effective Oversight, Stronger Controls, and 
Further Study of Costs and Benefits Are Needed. GAO-03-299. Washington, 
D.C.: January 15, 2003.

For more information on Department of the Treasury major management 
challenges, see http://www.gao.gov/pas/2005/treasury.htm.

High-Risk Series:

Modernizing Federal Disability Programs:

GAO Highlights:

For additional information about this high-risk area, contact Robert E. 
Robertson (SSA programs) at 202-512-7215 or robertsonr@gao.gov or 
Cynthia Bascetta (VA programs) at 202-512-7101 or bascettac@gao.gov.

Why Area Is High Risk:

In January 2003, GAO designated modernizing federal disability programs 
as a high-risk area because of challenges that continue today. For 
example, despite opportunities afforded by medical and technological 
advances and the growing expectations that people with disabilities can 
and want to work, federal disability programs remain grounded in 
outmoded concepts that equate medical conditions with work incapacity. 
Moreover, just as the disability programs are poised to grow rapidly as 
baby boomers reach their disability-prone years, the Social Security 
Administration (SSA) and the Department of Veterans Affairs (VA) face 
difficult challenges in providing timely and consistent disability 
decisions. Modernizing federal disability programs remains a high-risk 
area as solutions are likely to require fundamental changes, including 
regulatory and legislative action.

What GAO Found:

GAO's work examining federal disability programs has found that these 
programs are neither well aligned with 21ST century realities nor are 
they positioned to provide meaningful and timely support for Americans 
with disabilities. In particular, SSA's and VA's programs are based on 
concepts from the past, and both programs face ongoing challenges to 
make timely, accurate, and consistent decisions. Since GAO designated 
this area as high risk in 2003, SSA and VA have made some progress 
toward improving their disability programs. A key initiative involves 
SSA's proposal to improve the timeliness and accuracy of disability 
decisions and to foster return to work at all stages of the decision-
making process. In addition, the Congress established a commission to 
study the appropriateness of veterans' benefits. Moreover, SSA and VA 
have both made some gains in the timeliness of their disability claims 
decisions. While some actions have been initiated, SSA's and VA's 
disability programs still face challenges in two key areas:

* Programs remain grounded in outmoded concepts of disability. SSA's 
and VA's disability programs have not been updated to reflect the 
current state of science, medicine, technology, and labor market 
conditions. SSA's proposal for transforming its disability 
determination process--with increased opportunities for return to work-
-could potentially lead to modernizing SSA's disability programs. But 
results of SSA's previous efforts to transform its disability programs 
were disappointing. Further, failure to develop a strategic workforce 
plan to ensure that the appropriate mix of disability examiner skills 
are available when and where needed could hamper SSA's efforts. VA 
faces similar challenges in modernizing its disability programs, 
including reassessing its workforce. Moreover, in light of a new 
congressional commission to study the appropriateness of VA disability 
benefits, VA may need to revisit its eligibility criteria.

Agencies have difficulties managing disability programs. Both SSA and 
VA still experience lengthy processing times for disability claims and 
lack a clear understanding of the extent of possible inconsistencies in 
decisions between adjudicative levels. While SSA's proposal for 
improving the accuracy and timeliness of its disability determination 
process appears promising, several challenges have the potential to 
hinder the strategy's success. These include dependence on a 
technically complex electronic folder system that has not been fully 
tested and human capital problems--such as high turnover, recruiting 
difficulties, and gaps in key knowledge and skills--among disability 
examiners. Moreover, while VA has made considerable progress in 
improving the timeliness of its disability claims decisions, it is 
still far from meeting its goal.

What Remains to Be Done:

While SSA and VA have taken some actions in response to prior GAO 
recommendations, such as initiatives to improve timeliness, GAO 
continues to believe that SSA and VA should take the lead in examining 
the fundamental causes of program problems and seek both the management 
and legislative solutions needed to transform their programs so that 
they are in line with the current state of science, medicine, 
technology, and labor market conditions. At the same time, these 
agencies should continue to develop and implement strategies for 
improving the accuracy, timeliness, and consistency of disability 
decision making.

Related Products:

Modernizing Federal Disability Programs:

SSA's Disability Programs: Improvements Could Increase the Usefulness 
of Electronic Data for Program Oversight. GAO-05-100R. Washington, 
D.C.: December 10, 2004.

Veterans' Benefits: More Transparency Needed to Improve Oversight of 
VBA's Compensation and Pension Staffing Levels. GAO-05-47. Washington, 
D.C.: November 15, 2004.

Veterans Benefits: VA Needs Plan for Assessing Consistency of 
Decisions. GAO-05-99. Washington, D.C.: November 19, 2004.

Social Security Disability: Improved Processes for Planning and 
Conducting Demonstrations May Help SSA More Effectively Use Its 
Demonstration Authority. GAO-05-19. Washington, D.C.: November 4, 2004.

TANF and SSI: Opportunities Exist to Help People with Impairments 
Become More Self-Sufficient. GAO-04-878. Washington, D.C.: September 
15, 2004.

Disability Insurance: SSA Should Strengthen Its Efforts to Detect and 
Prevent Overpayments. GAO-04-929. Washington, D.C.: September 10, 2004.

Social Security Administration: More Effort Needed to Assess 
Consistency of Disability Decisions. GAO-04-656. Washington, D.C.: July 
2, 2004.

Social Security Disability: Commissioner Proposes Strategy to Improve 
the Claims Process, but Faces Implementation Challenges. GAO-04-552T. 
Washington, D.C.: March 29, 2004.

Electronic Disability Claims Processing: SSA Needs to Address Risks 
Associated with Its Accelerated Systems Development Strategy. GAO-04-
466. Washington, D.C.: March 26, 2004.

Social Security Administration: Strategic Workforce Planning Needed to 
Address Human Capital Challenges Facing the Disability Determination 
Services. GAO-04-121. Washington, D.C.: January 27, 2004.

SSA Disability Decision Making: Additional Steps Needed to Ensure 
Accuracy and Fairness of Decisions at the Hearings Level. GAO-04-14. 
Washington, D.C.: November 12, 2003.

VA Benefits: Fundamental Changes to VA's Disability Criteria Need 
Careful Consideration. GAO-03-1172T. Washington, D.C.: September 23, 
2003.

Department of Veterans Affairs: Key Management Challenges in Health and 
Disability Programs. GAO-03-756T. Washington, D.C.: May 8, 2003.

For more information on Social Security Administration and Department 
of Veterans Affairs major management challenges, see http://
www.gao.gov/pas/2005/ssa.htm and http://www.gao.gov/pas/2005/dva.htm.

High-Risk Series:

Pension Benefit Guaranty Corporation Single-Employer Insurance 
Program:

GAO Highlights:

For additional information about this high-risk area, contact Barbara 
Bovbjerg at (202) 512-5491 or bovbjergb@gao.gov.

Why Area Is High Risk:

PBGC's single-employer program insures the pension benefits of over 34 
million participants in more than 29,000 private defined benefit plans. 
After improving during the late 1990s, the program's financial 
condition has worsened from a $9.7 billion surplus in 2000 to a $23.3 
billion accumulated deficit as of the end of fiscal year 2004, after a 
$12.1 billion loss in fiscal year 2004. While cyclical economic 
conditions have contributed to the program's financial troubles, the 
program remains threatened by structural weaknesses in pension funding 
rules, the program's premium structure, and the potential for large 
bankruptcies among sponsors in weak industries that have underfunded 
plans. GAO placed the program on its high-risk list in July 2003, and 
it remains high risk.

What GAO Found:

The termination of large, underfunded defined benefit (DB) pension 
plans of bankrupt firms in troubled industries has been the major cause 
of the single-employer program's worsening net financial position. 
While cyclical factors such as stock market and interest rate declines 
have contributed to the severity of pension plans' underfunded 
condition, other trends suggest serious long-term erosion of the 
program's participant base. Active workers made up only 51 percent of 
the program's participants in 2001, down from 78 percent in 1980. Also, 
in 2002, almost half of the program's insured participants worked in 
manufacturing, a sector with stagnant job growth for the last half-
century. Further, while the number of PBGC-insured plans has decreased 
steadily since 1987, defined-contribution plans grew rapidly in the 
1990s, indicating a decline in DB plans overall as a retirement savings 
vehicle.

The rules that govern how much sponsors must contribute to their plans 
may not ensure that plans maintain adequate funding to pay promised 
benefits. The degree of underfunding in the private pension system has 
dramatically increased, and additional severe losses may be on the 
horizon. The Pension Benefit Guaranty Corporation (PBGC) estimates that 
financially weak firms, particularly in the airline industry, sponsor 
plans with over $35 billion in unfunded benefits.

While PBGC likely has enough assets to pay promised benefits for a 
number of years, the long-term health of the single-employer program 
will be threatened unless the Congress takes action soon. The possible 
termination of additional large underfunded airline pension plans has 
the potential to worsen the program's finances significantly, 
increasing the urgency of reform. The Congress may then face a choice 
of drastic reductions in pension benefits or authorizing federal 
assistance.

Accumulated Surplus/Deficit and Annual Net Gain/Loss of PBGC Single-
Employer Program:

[See PDF for image]

[End of figure]

What Remains to Be Done:

Comprehensive reform will likely be needed to stabilize the long-term 
finances of the single-employer program. The Congress should consider 
revising current pension law to mitigate the financial risk posed by 
financially troubled sponsors with underfunded plans, perhaps by 
strengthening funding rules, restricting the use of credit balances and 
lump-sum distributions, revising PBGC's premium structure, and 
increasing plan transparency. Continued terminations that severely 
worsen PBGC's finances will only increase the urgency of reform and 
could ultimately lead to federal funding assistance to meet PBGC 
guaranteed benefit obligations. The administration has recently 
introduced a proposal that would address many of the challenges facing 
PBGC, although no action has yet been taken.

Related Products:

Pension Benefit Guaranty Corporation Single-Employer Insurance 
Program:

Private Pensions: Airline Plans' Underfunding Illustrates Broader 
Problems with the Defined Benefit Pension System. GAO-05-108T. 
Washington, D.C.: October 7, 2004.

Pension Plans: Additional Transparency and Other Actions Needed in 
Connection with Proxy Voting. GAO-04-749. Washington, D.C.: August 10, 
2004.

Private Pensions: Publicly Available Reports Provide Useful but Limited 
Information on Plans' Financial Condition. GAO-04-395. Washington, 
D.C.: March 31, 2004.

Private Pensions: Timely and Accurate Information Is Needed to Identify 
and Track Frozen Defined Benefit Plans. GAO-04-200R. Washington, D.C.: 
December 17, 2003.

Pension Benefit Guaranty Corporation: Single-Employer Pension 
Insurance Program Faces Significant Long-Term Risks. GAO-04-90. 
Washington, D.C.: October 29, 2003.

Private Pensions: Changing Funding Rules and Enhancing Incentives Can 
Improve Plan Funding. GAO-04-176T. Washington, D.C.: October 29, 2003.

Pension Benefit Guaranty Corporation: Long-Term Financing Risks to 
Single-Employer Insurance Program Highlight Need for Comprehensive 
Reform. GAO-04-150T. Washington, D.C.: October 14, 2003.

Pension Benefit Guaranty Corporation: Single-Employer Pension 
Insurance Program Faces Significant Long-Term Risks. GAO-03-873T. 
Washington, D.C.: September 4, 2003.

Options to Encourage the Preservation of Pension and Retirement 
Savings: Phase 2. GAO-03-990SP. Washington, D.C.: July 29, 2003.

Private Pensions: Participants Need Information on Risks They Face in 
Managing Pension Assets at and during Retirement. GAO-03-810. 
Washington, D.C.: July 29, 2003.

Private Pensions: Process Needed to Monitor the Mandated Interest Rate 
for Pension Calculations. GAO-03-313. Washington, D.C.: February 27, 
2003.

High-Risk Series:

Medicaid Program:

GAO Highlights:

For additional information about this high-risk area, contact Kathryn 
G. Allen at (202) 512-7118 or allenk@gao.gov.

Why Area Is High Risk:

In 2003, GAO designated Medicaid a high-risk program in part because of 
growing concerns about the quality of fiscal oversight, which is 
necessary to prevent inappropriate program spending. Medicaid, the 
federal-state program that covers acute health care and long-term care 
services for an estimated 53 million low-income Americans, consists of 
more than 50 distinct "state" programs that cost about $274 billion in 
fiscal year 2003. The program accounts for more than 20 percent of 
states' total expenditures and is projected to double in spending in a 
decade, thus exerting continuing pressure on state budgets. The federal 
government, by a formula established in law, pays from half to more 
than three-fourths of each state's Medicaid expenditures. The Centers 
for Medicare & Medicaid Services (CMS) in the Department of Health and 
Human Services (HHS) is responsible for administering the program at 
the federal level, while the states administer their respective 
programs' day-to-day operations.

What GAO Found:

The program remains high risk today. Inadequate fiscal oversight has 
led to increased and unnecessary federal spending in the following 
ways:

Schemes that leverage federal funds inappropriately. Using statutory 
and regulatory loopholes for more than a decade, some states have 
created the illusion that they have made large Medicaid payments to 
certain government providers, such as county health facilities, in 
order to generate excessive federal matching payments. In reality, the 
states only momentarily made payments to these providers--generally 
through electronic funds transfers--and then required that the payments 
be returned. Some of these schemes have cost the federal government 
several billions of dollars each year. The Congress and CMS have acted 
to curtail abusive financing schemes, but problems continue. In 
response to the Congress's direction, CMS in 2001 acted to phase out 
certain financing schemes, but did so in a manner that continued to 
result in excessive federal matching payments. CMS has also taken steps 
to improve its oversight of states' financing schemes by centralizing 
its review process and conducting targeted financial management 
reviews. In its fiscal year 2005 proposed budget, the administration 
estimated that capping Medicaid payments to individual government 
providers' actual costs--a recommendation that GAO has made to the 
Congress--could save more than $9.5 billion over 5 years.

Waiver programs that inappropriately increase the federal government's 
financial liability. The Secretary of HHS has authority to waive 
certain statutory provisions and allow states to test new ideas for 
delivering services and expanding coverage. Each waiver program must be 
"budget neutral;" it should not be approved if the program would 
increase federal financial liability beyond what it would have been 
without the program. Since the mid-1990s, HHS has permitted states to 
use questionable methods to demonstrate budget neutrality for waiver 
programs estimated to increase federal costs. For example, in 2004, GAO 
estimated that HHS's approval of four states' waiver requests to 
provide expanded prescription drug benefits could increase federal 
financial liability by over $1 billion.

Inappropriate billing by providers serving program beneficiaries. 
Medicaid is vulnerable to waste, fraud, and abuse by providers who 
submit inappropriate claims, resulting in substantial financial losses 
to states and the federal government. In 2004, GAO reported that states 
use a variety of approaches to prevent and detect improper payments, 
such as on-site inspections of high-risk providers and criminal 
background checks. At the federal level, CMS has activities to support 
states' program integrity efforts, but its oversight of state 
activities is limited. With the current commitment of CMS resources, 
compliance reviews of state programs are infrequent and limited in 
scope. CMS oversight may be disproportionately small relative to the 
risk of serious financial loss.

What Remains to Be Done:

A GAO recommendation to the Congress to limit Medicaid payments to 
government facilities to the costs of providing services remains open. 
HHS has not acted on GAO recommendations to develop methods to better 
ensure the budget neutrality of state waiver programs, nor has CMS 
acted on recommendations to improve guidance and reporting related to 
states' financing schemes.

Related Products:

Medicaid Program:

GAO Products:

Medicaid Program Integrity: State and Federal Efforts to Prevent and 
Detect Improper Payments.GAO-04-707. Washington, D.C.: July16, 2004.

Medicaid Waivers: HHS Approvals of Pharmacy Plus Demonstrations 
Continue to Raise Cost and Oversight Concerns. GAO-04-480. Washington, 
D.C.: June 30, 2004.

Medicaid: Intergovernmental Transfers Have Facilitated State Financing 
Schemes. GAO-04-574T. Washington, D.C.: March 18, 2004.

Medicaid: Improved Federal Oversight of State Financing Schemes Is 
Needed. GAO-04-228. Washington, D.C.: February 13, 2004.

SCHIP: HHS Continues to Approve Waivers That Are Inconsistent with 
Program Goals. GAO-04-166R. Washington, D.C.: January 5, 2004.

Medicaid and SCHIP: Recent HHS Approvals of Demonstration Waiver 
Projects Raise Concerns. GAO-02-817. Washington, D.C.: July 12, 2002.

Medicaid Financial Management: Better Oversight of State Claims for 
Federal Reimbursement Needed. GAO-02-300. Washington, D.C.: February 
28, 2002.

Medicaid: HCFA Reversed Its Position and Approved Additional State 
Financing Schemes. GAO-02-147. Washington, D.C.: October 30, 2001.

Medicaid: State Financing Schemes Again Drive Up Federal Payments. GAO/
T-HEHS-00-193. Washington, D.C.: September 6, 2000.

Medicaid Section 1115 Waivers: Flexible Approach to Approving 
Demonstrations Could Increase Federal Costs. HEHS-96-44. Washington, 
D.C.: November 8, 1995.

Medicaid: States Use Illusory Approaches to Shift Program Costs to 
Federal Government. HEHS-94-133. Washington, D.C.: August 1, 1994.

HHS OIG Products:

Testimony of George M. Reeb, Assistant Inspector General for the 
Centers for Medicare and Medicaid Audits, Hearing before the House 
Committee on Energy and Commerce, March 18, 2004.

For more information on Department of Health and Human Services major 
management challenges, see http://www.gao.gov/pas/2005/hhs.htm.

High-Risk Series:

Medicare Program:

GAO Highlights:

For additional information about this high-risk area, contact Leslie 
Aronovitz at (312) 220-7600 or aronovitzl@gao.gov.

Why Area Is High Risk:

In 1990, GAO designated Medicare a high-risk program, vulnerable to 
exploitation and mismanagement, in part because of its sheer size and 
complexity. The program covers about 41 million elderly and disabled 
enrollees. In fiscal year 2004, Medicare's outlays were an estimated 
$297 billion, and its net improper payments were about $20 billion. The 
challenges for the Centers for Medicare & Medicaid Services (CMS) to 
manage this program are substantial and growing, owing to new 
responsibilities under the Medicare Prescription Drug, Improvement, and 
Modernization Act of 2003 (MMA). Absent reform, with the drug benefit 
in effect in 2006, program spending growth will be unsustainable over 
time--increasing from an estimated 3.4 percent of GDP in 2006 to 7.7 
percent by 2035, and to 13.8 percent by 2078. Addressing today's 
management challenges can pave the way for more fundamental reforms 
that could modernize the program for future generations.

What GAO Found:

MMA has created new challenges for administering the Medicare program. 
These include the addition of a prescription drug benefit with an 
estimated cost to the federal government of $8.1 trillion in today's 
dollars to pay for the benefit over the next 75 years. CMS plans to 
conduct new oversight activities for the Medicare prescription drug 
benefit effective 2006 and is taking steps to improve contractors' data 
analysis efforts for detecting improper payments. Findings from studies 
GAO conducted in 2003 and 2004 underscore the importance of taking 
these and other steps to increase Medicare's integrity, efficiency, and 
effectiveness.

Oversight of patient safety and care. Lax oversight by CMS has allowed 
certain patient safety weaknesses to go undetected or uncorrected. For 
example, in a 2003 study of end-stage renal dialysis facilities, GAO 
found that significant numbers of patients received inadequate dialysis 
or anemia care. Another GAO study found that CMS's oversight of 
hospital accreditation was limited. CMS has a pilot project to assess 
hospital compliance efforts.

Reforming and refining payments. In the past 2 years, GAO found that 
Medicare could have saved millions of dollars and reduced beneficiary 
copayments by revising its payment policy for certain pathology and 
other services; that payments for home health and ambulance services 
may have been adequate in the aggregate but needed targeted 
adjustments; and that data weaknesses hindered CMS from assessing the 
adequacy of payment for hospital outpatient, hospice, and other 
services.

Enhancing program integrity. CMS missed opportunities to use claims 
data to target areas vulnerable to fraud and abuse. For example, in 
1997, CMS was alerted to billing abuses in claims made by power 
wheelchair suppliers but delayed implementing reforms for 6 years, 
costing Medicare millions of dollars in overpayments. Similarly, in 
1999, a Medicare contractor found high payments for services provided 
by certain outpatient rehabilitation facilities in Florida relative to 
similar facilities in the state, but steps the contractor took in 2001 
were not sufficient to mitigate the problem. More recently, however, 
CMS targeted fraudulent entities billing for home health services and 
reported avoiding over $260 million in improper payments between 
January 2003 and June 2004.

Improving program management. In a study GAO conducted of contractor-
run call centers charged with responding to providers' inquiries about 
billing Medicare, the centers answered only 4 percent of GAO's test 
calls correctly and completely. GAO found a higher, but less than 
desirable, accuracy rate--61 percent--for calls placed to the 1-800-
MEDICARE help line. In a study of Medicare's claims appeals process, 
GAO found that less than half of the appeals were decided within the 
statutory time frame, owing to inefficiencies in contractors' case-
processing operations and incompatible data systems.

What Remains to Be Done:

Medicare will continue to be a high-risk program for the foreseeable 
future. GAO has made recommendations for CMS to refine and adjust 
payment systems appropriately by collecting the most accurate and 
current data possible, improve detection of inappropriate billing by 
conducting targeted medical record reviews of a sufficient number of 
claims, and improve the efficiency of procedures and systems for 
appeals and other administrative functions. CMS has agreed with some of 
our recommendations but has not acted on others.

Related Products:

Medicare Program:

Medicare: Accuracy of Responses from the 1-800-MEDICARE Help Line 
Should Be Improved. GAO-05-130. Washington, D.C.: December 8, 2004.

Medicare Chemotherapy Payments: New Drug and Administration Fees Are 
Closer to Providers' Costs. GAO-05-142R. Washington, D.C.: December 1, 
2004.

Medicare: CMS's Program Safeguards Did Not Deter Growth in Spending for 
Power Wheelchairs. GAO-05-43. Washington, D.C.: November 17, 2004.

Medicare Hospice Care: Modifications to Payment Methodology May Be 
Warranted. GAO-05-42 Washington, D.C.: October 15, 2004.

Medicare Physician Payments: Concerns about Spending Target System 
Prompt Interest in Considering Reforms. GAO-05-85. Washington, D.C.: 
October 8, 2004.

Medicare: Information Needed to Assess Adequacy of Rate-Setting 
Methodology for Payments for Hospital Outpatient Services. GAO-04-772. 
Washington, D.C.: September 17, 2004.

Medicare: Past Experience Can Guide Future Competitive Bidding for 
Medical Equipment and Supplies. GAO-04-765. Washington, D.C.: September 
7, 2004.

Comprehensive Outpatient Rehabilitation Facilities: High Medicare 
Payments in Florida Raise Program Integrity Concerns. GAO-04-709. 
Washington, D.C.: August 12, 2004.

Medicare: CMS Needs Additional Authority to Adequately Oversee Patient 
Safety in Hospitals. GAO-04-850. Washington, D.C.: July 20, 2004.

Medicare: Call Centers Need to Improve Responses to Policy-Oriented 
Questions from Providers. GAO-04-669. Washington, D.C.: July 16, 2004.

Medicare Home Health: Payments to Most Freestanding Home Health 
Agencies More Than Cover Their Costs. GAO-04-359. Washington, D.C.: 
February 27, 2004.

Dialysis Facilities: Problems Remain in Ensuring Compliance with 
Medicare Quality Standards. GAO-04-63. Washington, D.C.: October 8, 
2003.

Medicare: Modifying Payments for Certain Pathology Services Is 
Warranted. GAO-03-1056. Washington, D.C.: September 30, 2003.

Medicare Appeals: Disparity between Requirements and Responsible 
Agencies' Capabilities. GAO-03-841. Washington, D.C.: September 29, 
2003.

Ambulance Services: Medicare Payments Can Be Better Targeted to Trips 
in Less Densely Populated Rural Areas. GAO-03-986. Washington, D.C.: 
September 19, 2003.

For more information on Department of Health and Human Services major 
management challenges, see http://www.gao.gov/pas/2005/hhs.htm:

High-Risk Series:

HUD Single-Family Mortgage Insurance and Rental Housing Assistance 
Programs:

GAO Highlights:

For additional information about this high-risk area, contact Thomas J. 
McCool at (202) 512-8678 or mccoolt@gao.gov.

Why Area Is High Risk:

Under its single-family mortgage insurance programs, the Department of 
Housing and Urban Development (HUD) manages over $400 billion in 
insured mortgages and over 25,000 foreclosed single-family properties. 
Through its rental housing assistance programs, HUD manages $56 billion 
in insured mortgages and annually provides about $19 billion in rental 
subsidies. To accomplish this, HUD relies on thousands of 
intermediaries, including lenders, appraisers, property management 
contractors, public housing agencies, and multifamily property owners. 
Historically, weaknesses in HUD's oversight of these entities have made 
the programs vulnerable to fraud, waste, and abuse. GAO designated HUD 
as high risk in 1994. In 2001, GAO modified this high-risk area to 
focus on HUD's single-family mortgage insurance and rental housing 
assistance programs because significant weaknesses persisted in these 
program areas. These program areas remain high risk at this time.

What GAO Found:

Since January 2003, HUD has demonstrated commitment to and progress in 
addressing weaknesses identified in its high-risk program areas; 
however, some of HUD's corrective actions are in the early stages of 
implementation, and additional steps are needed to resolve ongoing 
problems.

In the single-family mortgage insurance area, HUD has acted to reduce 
the risk of financial loss by improving its oversight of lenders and 
appraisers and increasing its use of foreclosure prevention tools. For 
example, HUD has implemented processes to target for review lenders and 
appraisers based on risk. HUD has also recently issued or proposed 
numerous regulations designed to strengthen lender accountability and 
combat predatory lending practices. In addition, through its loss 
mitigation program, HUD reports that it has prevented insurance losses 
by helping an increasing number of homebuyers avoid foreclosure. 
However, HUD needs to follow through on its initiatives and use its 
existing oversight tools more effectively to address continuing 
weaknesses. For example, HUD continues to grant loan underwriting 
authority to lenders that have not met the agency's performance 
standards. Furthermore, HUD's system for rating the underwriting 
quality of loans does not adequately assess the risk that the loans 
pose to the agency's insurance fund. Finally, weaknesses in HUD's 
process for paying single-family property management contractors have 
made the agency vulnerable to millions of dollars in questionable and 
potentially fraudulent payments.

In the rental assistance area, HUD has continued to implement measures 
to reduce errors in rental subsidy payments and improve the physical 
condition of HUD-assisted housing. HUD estimated that it made at least 
$1.4 billion in erroneous rental assistance payments in fiscal year 
2003. Through its Rental Housing Integrity Improvement Project, HUD is 
seeking to reduce these errors through increased monitoring of public 
housing agencies and multifamily property owners, better verification 
of tenant incomes, and improved training and guidance for HUD staff and 
program intermediaries. Estimates indicate that HUD has made progress 
in reducing erroneous payments due to subsidy calculation errors 
compared with fiscal year 2000. However, the extent to which project 
activities are responsible for this improvement is not known, and it is 
uncertain whether HUD will be able to achieve long-term reductions in 
erroneous payments. In addition, a critical part of the project--the 
verification of tenant incomes using state wage data--has not been 
fully implemented. HUD has continued to make progress in ensuring that 
HUD-assisted housing meets the agency's physical condition standards. 
According to HUD, physical inspections from fiscal year 2004 showed 
that about 94 percent of HUD-assisted units received satisfactory 
inspection scores, an increase from the 91 percent reported for fiscal 
year 2002.

What Remains to Be Done:

HUD needs to continue:

* strengthening the management and oversight of its single-family 
mortgage insurance programs to reduce (1) the risk of insurance losses 
and (2) vulnerability to questionable payments for property management 
services; and:

* implementing its efforts to ensure that rental housing assistance 
program subsidy payments are accurate and that subsidy recipients are 
eligible.

Related Products:

HUD Single-Family Mortgage Insurance and Rental Housing Assistance 
Programs:

Single-Family Mortgage Insurance Programs:

Single-Family Housing: Progress Made, but Opportunities Exist to 
Improve HUD's Oversight of FHA Lenders. GAO-05-13. Washington, D.C.: 
November 12, 2004.

Single-Family Housing: HUD's Risk-Based Oversight of Appraisers Could 
Be Enhanced. GAO-05-14. Washington, D.C.: November 5, 2004.

Home Inspections: Many Buyers Benefit from Inspections, but Mandating 
Their Use Is Questionable. GAO-04-462. Washington, D.C.: April 30, 
2004.

HUD Single-Family and Multifamily Property Programs: Inadequate 
Controls Resulted in Questionable Payments and Potential Fraud. GAO-04-
390. Washington, D.C.: March 3, 2004.

Single-Family Housing: Cost, Benefit, and Compliance Issues Raise 
Questions about HUD's Discount Sales Program. GAO-04-208. Washington, 
D.C.: January 30, 2004.

Rental Housing Assistance Programs:

Multifamily Housing: More Accessible HUD Data Could Help Efforts to 
Preserve Housing for Low-Income Tenants. GAO-04-20. Washington, D.C.: 
January 23, 2004:

Public Housing: HOPE VI Resident Issues and Changes in Neighborhoods 
Surrounding Grant Sites. GAO-04-109. Washington, D.C.: November 21, 
2003.

Elderly Housing: Project Funding and Other Factors Delay Assistance to 
Needy Households. GAO-03-512. Washington, D.C.: May 30, 2003.

Public Housing: HUD's Oversight of HOPE VI Sites Needs to Be More 
Consistent. GAO-03-555. Washington, D.C.: May 30, 2003.

Public Housing: Information on Receiverships at Public Housing 
Authorities. GAO-03-363. Washington, D.C.: February 14, 2003.

For more information on Department of Housing and Urban Development 
major management challenges, see http://www.gao.gov/pas/2005/hud.htm:

High-Risk Series:

Federal Aviation Administration Air Traffic Control Modernization:

GAO Highlights:

For additional information about this high-risk area, contact David 
Powner, (202) 512-9286 or Pownerd@gao.gov.

Why Area Is High Risk:

After almost 25 years and $41 billion, the Federal Aviation 
Administration's (FAA) air traffic control modernization program is far 
from complete. While FAA has made important progress in addressing 
weaknesses that GAO identified, more remains to be done. In the 
meantime, major FAA air traffic control projects continue to face 
challenges in meeting cost, schedule, and/or performance expectations. 
Key projects include systems to augment the global positioning system 
to aid in approaches and landings, improved radar systems for terminal 
environments, and systems to provide new color displays and data 
processing to air traffic controllers. GAO initially designated FAA's 
modernization program as high risk in 1995, and it remains high risk 
today.

What GAO Found:

Faced with growing air traffic and aging equipment, in 1981, FAA 
initiated an ambitious effort to modernize its air traffic control 
system. This modernization involves the acquisition of new equipment 
for surveillance, data processing, navigation, and communications, in 
addition to new facilities, and is expected to cost $48.6 billion 
through the year 2007. Over the past 2 decades, many of the projects 
that make up the modernization program have experienced cost overruns, 
schedule delays, and performance shortfalls. GAO's work over the years 
has identified root causes of the modernization program's problems, 
including (1) immature capabilities for acquiring software-intensive 
systems, (2) lack of a complete and enforced system architecture (or 
blueprint), (3) inadequate cost estimating and cost accounting 
practices, (4) an ineffective process for managing investments in 
information technology (IT), and (5) an organizational culture that 
impaired the acquisition process.

FAA has made important progress in addressing these weaknesses, but 
more remains to be done. For example, FAA has:

* improved key processes for acquiring and developing software and 
systems. The agency established a framework for improving its system 
management processes, and selected FAA projects are performing many of 
the desired practices. Nevertheless, the agency has not yet 
institutionalized these process improvements.

* continued to develop an enterprise architecture--a blueprint of the 
agency's current and target operations and infrastructure. However, 
this architecture is still not complete and compliance is not yet 
enforced. We have ongoing work evaluating what the agency needs to do 
to develop and enforce its enterprise architecture.

* improved cost accounting and estimating practices. The agency 
established sound cost estimating practices and implemented key 
components of a cost accounting system. However, the system is not yet 
fully operational or used to improve future estimates.

* established basic investment management capabilities, including many 
practices for selecting and controlling its mission-critical IT 
investments. However, FAA's senior IT investment board does not 
regularly review investments in the operational phase of their life 
cycles, and this inhibits FAA's ability to oversee more than $1 billion 
of its IT investments.

* sought to establish an organizational culture that supports sound 
acquisitions. However, the agency still faces many human capital 
challenges. Specifically, it does not effectively ensure that air 
traffic controllers, technical experts, and stakeholders are involved 
as new systems are developed, deployed, and refined.

Until the agency addresses these residual issues, it will continue to 
risk the project management problems affecting cost, schedule, and 
performance that have hampered its ability to acquire systems for 
improving air traffic control.

What Remains to Be Done:

GAO has made over 40 specific recommendations to address root causes of 
FAA's modernization challenges. The agency has made progress on these 
recommendations, but more must be done to institutionalize system 
management process improvement initiatives, develop and enforce an 
enterprise architecture, implement effective investment management 
processes, and improve human capital management.

With FAA expecting to spend about $7.6 billion between now and fiscal 
year 2007 on new air traffic control systems, these actions are as 
critical as ever.

Related Products:

Federal Aviation Administration Air Traffic Control Modernization:

Air Traffic Control: FAA Needs to Ensure Better Coordination When 
Approving Air Traffic Control Systems. GAO-05-11. Washington, D.C.: 
November 17, 2004.

Air Traffic Control: FAA's Acquisition Management Has Improved, but 
Policies and Oversight Need Strengthening to Help Ensure Results. GAO-
05-23. Washington, D.C.: November 10, 2004.

Air Traffic Control: System Management Capabilities Improved, but More 
Can Be Done to Institutionalize Improvements. GAO-04-901. Washington, 
D.C.: August 20, 2004.

Information Technology: FAA Has Many Investment Management Capabilities 
in Place, but More Oversight of Operational Systems is Needed. GAO-04-
822. Washington, D.C.: August 20, 2004.

Federal Aviation Administration: Plan Still Needed to Meet Challenges 
to Effectively Managing Air Traffic Controller Workforce. GAO-04-887T. 
Washington, D.C.: June 15, 2004.

Federal Aviation Administration: Challenges for Transforming into a 
High-Performing Organization. GAO-04-770T. Washington, D.C.: May 18, 
2004.

Air Traffic Control: FAA's Modernization Efforts--Past, Present, and 
Future. GAO-04-227T. Washington, D.C.: October 30, 2003.

National Airspace System: Current Efforts and Proposed Changes to 
Improve Performance of FAA's Air Traffic Control System. GAO-03-542. 
Washington, D.C.: May 30, 2003.

Federal Aviation Administration: Reauthorization Provides 
Opportunities to Address Key Agency Challenges. GAO-03-653T. 
Washington, D.C.: April 10, 2003.

National Airspace System: Reauthorizing FAA Provides Opportunities and 
Options to Address Challenges. GAO-03-473T. Washington, D.C.: February 
12, 2003.

National Airspace System: Better Cost Data Could Improve FAA's 
Management of the Standard Terminal Automation Replacement System. GAO-
03-343. Washington, D.C.: January 31, 2003.

For more information on Department of Transportation major management 
challenges, see http://www.gao.gov/pas/2005/dot.htm.

(450363): 

FOOTNOTES

[1] GAO, High-Risk Series: An Update, GAO-03-119 (Washington, D.C.: 
January 2003).

[2] GAO, Determining Performance and Accountability Challenges and High 
Risks, GAO-01-159SP (Washington, D.C.: November 2000).

[3] A material weakness is a condition in which the design or operation 
of one or more of the internal control components does not reduce to a 
relatively low level the risk that errors, fraud, or noncompliance in 
amounts that would be material to the financial statements may occur 
and not be detected promptly by employees in the normal course of 
performing their duties.

[4] The Homeland Security Act of 2002 (P.L. 107-296); the Intelligence 
Reform and Terrorism Prevention Act of 2004 (P.L. 108-458).

[5] Executive Order 13311: Homeland Security Information Sharing 
(Washington, D.C.: July 29, 2003).

[6] National Strategy for Homeland Security, July 2002; National 
Strategy to Secure Cyberspace, February 2003; and National Strategy for 
the Physical Protection of Critical Infrastructures and Key Assets, 
February 2003.

[7] Homeland Security Presidential Directive 6, Integration and Use of 
Screening Information (Washington, D.C.: Sept. 16, 2003). 

[8] Homeland Security Presidential Directive 7, Critical Infrastructure 
Identification, Prioritization, and Protection (Washington, D.C.: Dec. 
17, 2003).

[9] Executive Order 13356, Strengthening the Sharing of Terrorism 
Information to Protect Americans (Washington, D.C.: Aug. 27, 2004). 

[10] Executive Order 13354, National Counterterrorism Center 
(Washington, D.C.: Aug. 27, 2004).

[11] National Commission on Terrorist Attacks, The 9/11 Commission 
Report: Final Report of the National Commission on Terrorist Attacks 
upon the United States (Washington, D.C.: Government Printing Office, 
July 22, 2004). 

[12] GAO, Critical Infrastructure Protection: Improving Information 
Sharing with Infrastructure Sectors, GAO-04-780 (Washington, D.C.: July 
9, 2004).

[13] U.S. Department of Homeland Security, Office of Inspector General, 
Major Management Challenges Facing the Department of Homeland Security, 
OIG-05-06 (Washington D.C.: December 2004); and U.S. Department of 
Justice, Office of Inspector General, Semiannual Report to the 
Congress: Top Management Challenges (Washington, D.C.: Nov. 22, 2003).

[14] GAO, Homeland Security: Information Sharing Responsibilities, 
Challenges, and Key Management Issues, GAO-03-1165T (Washington, D.C.: 
Sept. 17, 2003); and Homeland Security: Information-Sharing 
Responsibilities, Challenges, and Key Management Issues, GAO-03-715T 
(Washington, D.C.: May 8, 2003).

[15] GAO, Rebuilding Iraq: Fiscal Year 2003 Contract Award Procedures 
and Management Challenges, GAO-04-605 (Washington, D.C.: June 1, 2004).

[16] U.S. Department of the Interior, Office of the Inspector General, 
Review of 12 Procurements Placed Under General Services Administration 
Federal Supply Schedules 70 and 871 by the National Business Center 
(Washington, D.C.: 2004).

[17] U.S. General Services Administration, Office of the Inspector 
General, Compendium of Audits of the Federal Technology Service's 
Regional Client Support Centers (Washington, D.C.: 2004).

[18] GAO, Contract Management: Guidance Needed to Promote Competition 
for Defense Task Orders, GAO-04-874 (Washington, D.C.: July 30, 2004). 

GAO's Mission: 

The Government Accountability Office, the investigative arm of 
Congress, exists to support Congress in meeting its constitutional 
responsibilities and to help improve the performance and accountability 
of the federal government for the American people. GAO examines the use 
of public funds; evaluates federal programs and policies; and provides 
analyses, recommendations, and other assistance to help Congress make 
informed oversight, policy, and funding decisions. GAO's commitment to 
good government is reflected in its core values of accountability, 
integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains 
abstracts and full-text files of current reports and testimony and an 
expanding archive of older products. The Web site features a search 
engine to help you locate documents using key words and phrases. You 
can print these documents in their entirety, including charts and other 
graphics.

Each day, GAO issues a list of newly released reports, testimony, and 
correspondence. GAO posts this list, known as "Today's Reports," on its 
Web site daily. The list contains links to the full-text document 
files. To have GAO e-mail this list to you every afternoon, go to 
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order 
GAO Products" heading.

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office

441 G Street NW, Room LM

Washington, D.C. 20548: 

To order by Phone: 



Voice: (202) 512-6000: 

TDD: (202) 512-2537: 

Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm

E-mail: fraudnet@gao.gov

Automated answering system: (800) 424-5454 or (202) 512-7470: 

Public Affairs: 

Jeff Nelligan, managing director,

NelliganJ@gao.gov

(202) 512-4800

U.S. Government Accountability Office,

441 G Street NW, Room 7149

Washington, D.C. 20548: