This is the accessible text file for GAO report number GAO-05-207 entitled 'High-Risk Series: An Update' which was released on January 25, 2005. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. January 2005: HIGH-RISK SERIES: An Update: GAO-05-207: GAO Highlights: Highlights of GAO-05-207, a report to Congress on GAO’s High-Risk Series: Why Area Is High Risk: GAO’s audits and evaluations identify federal programs and operations that, in some cases, are high risk due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement. Increasingly, GAO also is identifying high-risk areas to focus on the need for broad-based transformations to address major economy, efficiency, or effectiveness challenges. Since 1990, GAO has periodically reported on government operations that it has designated as high risk. In this 2005 update for the 109th Congress, GAO presents the status of high-risk areas identified in 2003 and new high-risk areas warranting attention by the Congress and the administration. Lasting solutions to high-risk problems offer the potential to save billions of dollars, dramatically improve service to the American public, strengthen public confidence and trust in the performance and accountability of our national government, and ensure the ability of government to deliver on its promises. What GAO Found: In January 2003, GAO identified 25 high-risk areas; in July 2003, a 26th high-risk area was added to the list. Since then, progress has been made in all areas, although the nature and significance of progress varies by area. Federal departments and agencies, as well as the Congress, have shown a continuing commitment to addressing high- risk challenges and have taken various steps to help correct several of the problems’ root causes. GAO has determined that sufficient progress has been made to remove the high-risk designation from three areas: student financial aid programs, FAA financial management, and Forest Service financial management. Also, four areas related to IRS have been consolidated into two areas. This year, GAO is designating four new high-risk areas. The first new area is establishing appropriate and effective information-sharing mechanisms to improve homeland security. Federal policy creates specific requirements for information-sharing efforts, including the development of processes and procedures for collaboration between federal, state, and local governments and the private sector. This area has received increased attention but the federal government still faces formidable challenges sharing information among stakeholders in an appropriate and timely manner to minimize risk. The second and third new areas are, respectively, DOD’s approach to business transformation and its personnel security clearance program. GAO has reported on inefficiencies and inadequate transparency and accountability across DOD’s major business areas, resulting in billions of dollars of wasted resources. Senior leaders have shown commitment to business transformation through individual initiatives in acquisition reform, business modernization, and financial management, among others, but little tangible evidence of actual improvement has been seen in DOD’s business operations to date. DOD needs to take stronger steps to achieve and sustain business reform on a departmentwide basis. Further, delays by DOD in completing background investigations and adjudications can affect the entire government because DOD performs this function for hundreds of thousands of industry personnel from 22 federal agencies, as well as its own service members, federal civilian employees, and industry personnel. OPM is to assume DOD’s personnel security investigative function, but this change alone will not reduce the shortages of investigative personnel. The fourth area is management of interagency contracting. Interagency contracts can leverage the government’s buying power and provide a simplified and expedited method of procurement. But several factors can pose risks, including the rapid growth of dollars involved combined with the limited expertise of some of agencies in using these contracts and recent problems related to their management. Various improvement efforts have been initiated to address this area, but improved policies and processes, and their effective implementation, are needed to ensure that interagency contracting achieves its full potential in the most effective and efficient manner. What Remains to Be Done: This report contains GAO’s views on what remains to be done for each high-risk area to bring about lasting solutions. Perseverance by the administration in implementing GAO’s recommended solutions and continued oversight and action by the Congress are both essential. www.gao.gov/cgi-bin/getrpt?GAO-05-207. To view the full product, including the scope and methodology, click on the link above. For more information, contact George H. Stalcup at (202) 512-9490 or stalcupg@gao.gov. GAO's 2005 High-Risk List: 2005 High-Risk Areas: Addressing Challenges In Broad-based Transformations: * Strategic Human Capital Management[A]. * U.S. Postal Service Transformation Efforts and Long-Term Outlook[A]. * Managing Federal Real Property[A]. * Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures. * Implementing and Transforming the Department of Homeland Security. * Establishing Appropriate And Effective Information-Sharing Mechanisms to Improve Homeland Security. * DOD Approach to Business Transformation[A]. * DOD Business Systems Modernization. * DOD Personnel Security Clearance Program. * DOD Support Infrastructure Management. * DOD Financial Management. * DOD Supply Chain Management (formerly Inventory Management). * DOD Weapon Systems Acquisition. 2005 High-Risk Areas: Managing Federal Contracting More Effectively: * DOD Contract Management. * DOE Contract Management. * NASA Contract Management. * Management of Interagency Contracting. 2005 High-Risk Areas: Assessing the Efficiency and Effectiveness of Tax Law Administration. * Enforcement of Tax Laws[A, B]. * IRS Business Systems Modernization[C]. 2005 High-Risk Areas: Modernizing and Safeguarding Insurance and Benefit Programs: * Modernizing Federal Disability Programs[A]. * Pension Benefit Guaranty Corporation Single- Employer Insurance Program[A]. * Medicare Program[A]. * Medicaid Program[A]. * HUD Single-Family Mortgage Insurance and Rental Housing Assistance Programs. 2005 High-Risk Areas: Other: * FAA Air Traffic Control Modernization. Source: GAO. [A] Legislation is likely to be necessary, as a supplement to actions by the executive branch, in order to effectively address this high-risk area. [B] Two high-risk areas--Collection of Unpaid Taxes and Earned Income Credit Noncompliance--have been consolidated to make this area. [C] The IRS Financial Management high-risk area has been incorporated into this high-risk area. [End of table] Contents: Transmittal Letter: Historical Perspective: High-Risk Designations Removed: Student Financial Aid Programs: FAA Financial Management: Forest Service Financial Management: New High-Risk Areas: Establishing Appropriate and Effective Information-Sharing Mechanisms to Improve Homeland Security: DOD Approach to Business Transformation: DOD Personnel Security Clearance Program: Management of Interagency Contracting: Emerging Areas: Progress Being Made in Other High-Risk Areas: High-Risk Areas Consolidated: Collection of Unpaid Taxes and Earned Income Credit Noncompliance: IRS Business Systems Modernization and IRS Financial Management: Highlights for Each High-Risk Area: Transmittal Letter: January 2005: The President of the Senate: The Speaker of the House of Representatives: Since 1990, GAO has periodically reported on government operations that it identifies as "high risk." This effort, which is supported by the Senate Committee on Homeland Security and Governmental Affairs and the House Committee on Government Reform, has brought a much needed focus to problems that are impeding effective government and costing the government billions of dollars each year. To help, GAO has made hundreds of recommendations to improve these high-risk operations. Moreover, GAO's focus on high-risk problems contributed to the Congress enacting a series of governmentwide reforms to address critical human capital challenges, strengthen financial management, improve information technology practices, and instill a more results-oriented government. GAO's high-risk status reports are provided at the start of each new Congress. This update should help the Congress and executive branch in carrying out their responsibilities while improving the government's performance and enhancing its accountability for the benefit of the American people. It summarizes progress made in correcting high-risk problems, actions under way, and further actions that GAO believes are needed. In this update, GAO has determined that sufficient progress has been made to remove the high-risk designation from three areas, and has designated four new areas as high risk. In addition, several prior high-risk areas have been consolidated or modified. GAO's high-risk program has increasingly focused on those major programs and operations that need urgent attention and transformation in order to ensure that our national government functions in the most economical, efficient, and effective manner possible. Further, the Bush Administration has looked to GAO's program in shaping governmentwide initiatives such as the President's Management Agenda, which has at its base many of the areas GAO had previously designated as high risk. As in prior GAO high-risk update reports, federal programs and operations are also emphasized when they are at high risk because of their greater vulnerabilities to fraud, waste, abuse, and mismanagement. In addition, some of these high-risk agencies, programs, or policies are in need of transformation, and several will require action by both the executive branch and the Congress. Our objective for the high-risk list is to bring "light" to these areas as well as "heat" to prompt needed "actions." Copies of this update are being sent to the President, the congressional leadership, other Members of the Congress, the Director of the Office of Management and Budget, and the heads of major departments and agencies. Signed by: David M. Walker: Comptroller General of the United States: [End of section] Historical Perspective: In 1990, GAO began a program to report on government operations that we identified as "high risk." Since then, generally coinciding with the start of each new Congress, we have periodically reported on the status of progress to address high-risk areas and updated our high-risk list. Our most recent high-risk update was in January 2003.[Footnote 1] Overall, our high-risk program has served to identify and help resolve serious weaknesses in areas that involve substantial resources and provide critical services to the public. Since our program began, the government has taken high-risk problems seriously and has made long- needed progress toward correcting them. In some cases, progress has been sufficient for us to remove the high-risk designation. The overall changes to our high-risk list over the past 15 years are shown in table 1. Areas removed from the high-risk list over that same period are shown in table 2. The areas on GAO's 2005 high-risk list and the year each was designated as high risk are shown in table 3. Table 1: Overall Changes to GAO's High-Risk List, 1990 to 2005: Changes, 1990-2005: Original high-risk list in 1990; Number of areas: 14. Changes, 1990-2005: High-risk areas added since 1990; Number of areas: 29. Changes, 1990-2005: High-risk areas removed since 1990; Number of areas: 16. Changes, 1990-2005: High-risk areas consolidated since 1990; Number of areas: 2. Changes, 1990-2005: High-risk list in 2005; Number of areas: 25. Source: GAO. [End of table] Table 2: Areas Removed from GAO's High-Risk List, 1990 to 2005: Area: Federal Transit Administration Grant Management; Year removed: 1995; Year designated high risk: 1990. Area: Pension Benefit Guaranty Corporation; Year removed: 1995; Year designated high risk: 1990. Area: Resolution Trust Corporation; Year removed: 1995; Year designated high risk: 1990. Area: State Department Management of Overseas Real Property; Year removed: 1995; Year designated high risk: 1990. Area: Bank Insurance Fund; Year removed: 1995; Year designated high risk: 1991. Area: Customs Service Financial Management; Year removed: 1999; Year designated high risk: 1991. Area: Farm Loan Programs; Year removed: 2001; Year designated high risk: 1990. Area: Superfund Program; Year removed: 2001; Year designated high risk: 1990. Area: National Weather Service Modernization; Year removed: 2001; Year designated high risk: 1995. Area: The 2000 Census; Year removed: 2001; Year designated high risk: 1997. Area: The Year 2000 Computing Challenge; Year removed: 2001; Year designated high risk: 1997. Area: Asset Forfeiture Programs; Year removed: 2003; Year designated high risk: 1990. Area: Supplemental Security Income; Year removed: 2003; Year designated high risk: 1997. Area: Student Financial Aid Programs; Year removed: 2005; Year designated high risk: 1990. Area: Federal Aviation Administration Financial Management; Year removed: 2005; Year designated high risk: 1999. Area: Forest Service Financial Management; Year removed: 2005; Year designated high risk: 1999. Source: GAO. [End of table] Table 3: The Year that Areas on GAO's 2005 High-Risk List Were Designated as High Risk: Area: Medicare Program; Year designated high risk: 1990. Area: DOD Supply Chain Management; Year designated high risk: 1990[A]. Area: DOD Weapon Systems Acquisition; Year designated high risk: 1990. Area: DOE Contract Management; Year designated high risk: 1990. Area: NASA Contract Management; Year designated high risk: 1990. Area: Enforcement of Tax Laws; Year designated high risk: 1990[B]. Area: DOD Contract Management; Year designated high risk: 1992. Area: HUD Single-Family Mortgage Insurance and Rental Housing Assistance Programs; Year designated high risk: 1994. Area: DOD Financial Management; Year designated high risk: 1995. Area: DOD Business Systems Modernization; Year designated high risk: 1995. Area: IRS Business Systems Modernization; Year designated high risk: 1995[C]. Area: FAA Air Traffic Control Modernization; Year designated high risk: 1995. Area: Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures; Year designated high risk: 1997. Area: DOD Support Infrastructure Management; Year designated high risk: 1997. Area: Strategic Human Capital Management; Year designated high risk: 2001. Area: U.S. Postal Service Transformation Efforts and Long-Term Outlook; Year designated high risk: 2001. Area: Medicaid Program; Year designated high risk: 2003. Area: Managing Federal Real Property; Year designated high risk: 2003. Area: Modernizing Federal Disability Programs; Year designated high risk: 2003. Area: Implementing and Transforming the Department of Homeland Security; Year designated high risk: 2003. Area: Pension Benefit Guaranty Corporation Single-Employer Insurance Program; Year designated high risk: 2003. Area: Establishing Appropriate and Effective Information-Sharing Mechanisms to Improve Homeland Security; Year designated high risk: 2005. Area: DOD Approach to Business Transformation; Year designated high risk: 2005. Area: DOD Personnel Security Clearance Program; Year designated high risk: 2005. Area: Management of Interagency Contracting; Year designated high risk: 2005. Source: GAO. [A] This area was formerly entitled DOD Inventory Management. [B] One of the two high-risk areas that were consolidated to make this area--Collection of Unpaid Taxes--was designated high risk in 1990. The other area--Earned Income Credit Noncompliance--was designated high risk in 1995. [C] IRS Financial Management has been incorporated into the IRS Business Systems Modernization high-risk area. Both areas were initially designated as high risk in 1995. [End of table] Eight of the 16 areas removed from the list over the years were among the 14 programs and operations we determined to be high risk at the outset of our efforts to monitor such programs. These results demonstrate that the sustained attention and commitment by the Congress and agencies to resolve serious, long-standing high-risk problems have paid off, as root causes of the government's exposure for half of our original high-risk list have been successfully addressed. Historically, high-risk areas have been so designated because of traditional vulnerabilities related to their greater susceptibility to fraud, waste, abuse, and mismanagement. As our high-risk program has evolved, we have increasingly used the high-risk designation to draw attention to areas associated with broad-based transformations needed to achieve greater economy, efficiency, effectiveness, accountability, and sustainability of selected key government programs and operations. Perseverance by the executive branch is needed in implementing our recommended solutions for addressing these high-risk areas. Continued congressional oversight and, in some cases, additional legislative action will also be key to achieving progress, particularly in addressing challenges in broad-based transformations. To determine which federal government programs and functions should be designated high risk, we used our guidance document, Determining Performance and Accountability Challenges and High Risks.[Footnote 2] In determining whether a government program or operation is high risk, we consider whether it involves national significance or a management function that is key to performance and accountability. We also consider whether the risk is: * an inherent problem, such as may arise when the nature of a program creates susceptibility to fraud, waste, and abuse, or: * a systemic problem, such as may arise when the programmatic; management support; or financial systems, policies, and procedures established by an agency to carry out a program are ineffective, creating a material weakness. Further, we consider qualitative factors, such as whether the risk: * involves public health or safety, service delivery, national security, national defense, economic growth, or privacy or citizens' rights, or: * could result in significantly impaired service; program failure; injury or loss of life; or significantly reduced economy, efficiency, or effectiveness. Before making a high-risk designation, we also consider the corrective measures an agency may have planned or under way to resolve a material control weakness and the status and effectiveness of these actions. When legislative and agency actions, including those in response to our recommendations, result in significant and sustainable progress toward resolving a high-risk problem, we remove the high-risk designation. Key determinants here include a demonstrated strong commitment to and top leadership support for addressing problems, the capacity to do so, a corrective action plan, and demonstrated progress in implementing corrective measures. The next section discusses how we applied our criteria in determining what areas to remove and to add since our last update in January 2003. [End of section] High-Risk Designations Removed: For this 2005 high-risk update, we determined that three high-risk areas warranted removal from the list. They are the Department of Education's (Education) Student Financial Aid Programs, Federal Aviation Administration (FAA) Financial Management, and the Department of Agriculture's (USDA) Forest Service Financial Management. We will, however, continue to monitor these programs, as appropriate, to ensure that the improvements we have noted are sustained. Student Financial Aid Programs: In 1990, we designated student financial aid programs as high risk. Since then, in previous high-risk updates, we reported various problems, including poor financial management and weak internal controls, fragmented and inefficient information systems, and inadequate attention to program integrity as evidenced by high default rates and the numbers of ineligible students participating in the programs. In 1998, the Congress established Education's Office of Federal Student Aid (FSA) as the government's first performance-based organization, thus giving it greater flexibility to better address long-standing management weaknesses with student aid programs. In 2001, Education created a team of senior managers dedicated to addressing key financial and management problems throughout the agency, and in 2002, the Secretary of Education made removal from GAO's high-risk list a specific goal and listed it as a performance measure in Education's strategic plan. We reported in 2003 that Education had made important progress, but that it was too early to determine whether improvements would be sustained and that additional steps needed to be taken in several areas. Since 2003, as discussed below, Education has sustained improvements in the financial management of student financial aid programs and taken additional steps to address our concerns about systems integration, reporting on defaulted loans, and human capital management. Furthermore, the agency has met many of our criteria for removing the high-risk designation. Education has demonstrated a strong commitment to addressing risks; developed and implemented corrective action plans; and, through its annual planning and reporting processes, monitored the effectiveness and sustainability of its corrective measures. Thus, while FSA needs to continue its progress and take additional steps to fully address some of our recommendations, we are removing the high- risk designation from student financial aid programs. FSA has sustained improvements to address its financial management and internal control weaknesses. FSA received an unqualified, or "clean," opinion on its financial statements for fiscal years 2002, 2003, and 2004. In addition, the auditors indicated progress in addressing previously identified internal control weaknesses, with no material weaknesses[Footnote 3] reported in FSA's fiscal year 2003 and 2004 audits. However, the auditors reported that FSA should continue to further strengthen these internal controls, which are related to the calculation and reporting of the loan liability activity and subsidy estimates as well as its information systems controls. FSA has also established processes to address several previously reported internal control weaknesses that made FSA vulnerable to improper payments in its grant and loan programs. For example, FSA has taken steps to better ensure that grants are not awarded to ineligible students and has implemented a process to identify and investigate schools for possible fraudulent activities or eligibility-related violations. Further, FSA addressed concerns we raised about students who were underreporting family income, by working with the Office of Management and Budget and the Department of the Treasury to draft legislation that would permit use of tax information to verify income reported on student aid applications. FSA has taken further actions toward integrating its many disparate information systems. FSA has developed an integration strategy that focuses on achieving a seamless information exchange environment whereby users--students, educational institutions, and lenders--would benefit from simplified access to the agency's financial aid processes and more consistent and accurate data across its programs. FSA also has made progress toward establishing an enterprise architecture for guiding its systems integration efforts and has begun three efforts for reengineering its information-processing environment, which would consolidate and integrate most of its systems and move it closer to a seamless information exchange environment. FSA also included action steps for achieving default management goals in its annual plan and has taken steps to help reduce the student loan default rate. In 2003, FSA created a work group that identified over 60 default prevention and management initiatives and established a new organizational unit to focus on mitigating and reducing the risk of loss to the taxpayer from student obligations. FSA added information to its exit-counseling guide to help increase borrowers' awareness of the benefits of repaying their loans through electronic debiting accounts and prepayment options. In 2003, FSA reported a cohort default rate of 5.4 percent for 2001, and defaulted loans as a percentage of total outstanding loans declined from 9.4 percent in 2001 to 7.6 percent in 2003. FSA is taking steps to address its human capital challenges. It developed a comprehensive human capital strategy that includes many of the practices of leading organizations and has addressed many of the issues we previously raised. For example, FSA identified challenges that it will likely face in coming years, such as likely retirements, and discussed recognized weaknesses, such as the need to develop the skills of staff and maintain the focus of the agency's leadership on human capital issues. FSA has also prepared a succession plan that addresses some of our concerns about the pending retirement of senior employees in key positions across the agency. Additionally, FSA has established several approaches to support staff development by revising its Skills Catalog, which should enable staff to independently plan their professional development; introducing online learning tools; offering a wide variety of internal courses; and providing funds for external courses. FAA Financial Management: We first designated FAA financial management as high risk in 1999 because the agency lacked accountability for billions of dollars in assets and expenditures due to serious weaknesses in its financial reporting, property, and cost accounting systems. These problems continued through fiscal year 2001, when FAA's financial management system required 850 adjustments totaling $41 billion in order to prepare FAA's annual financial statements. In addition, at that time, FAA could not accurately and routinely account for property totaling a reported $11.7 billion, and lacked the cost information necessary for decision making as well as to adequately account for its activities and major projects, such as the air traffic control modernization program. Also, while FAA received an unqualified audit opinion on its fiscal year 2001 financial statements, the auditor's report cited a material internal control weakness related to FAA's lack of accountability for its property and several other internal control weaknesses related to financial management issues. At the time of our January 2003 high-risk report, FAA had made significant progress in addressing its financial management weaknesses, most importantly through ongoing efforts to develop a new financial management system called Delphi, including an integrated property accounting system, as well as initiatives to develop a new cost accounting system. However, these new systems were still under development and not yet operational. Therefore, it had yet to be seen whether the new systems would resolve the long-standing financial management issues that had resulted in our designation of FAA financial management as high risk. As a result, we retained FAA financial management as a high-risk area, while noting that significant progress was being made. FAA management has continued to make progress since our January 2003 high-risk report. Subsequent auditors' reports on FAA's financial statements for fiscal years 2002 and 2003 were unqualified, but continued to cite internal control weaknesses, although less severe than in prior years, related to FAA's then existing financial management systems. In fiscal year 2004, FAA implemented its new Delphi general ledger system, including an integrated property accounting system. FAA management was able to prepare financial statements for the fiscal year ended September 30, 2004, using these new systems, and FAA's auditors gave FAA an unqualified opinion on these financial statements. While the auditors reported several internal control weaknesses related to the implementation of the new financial management systems, none of these were considered to be material weaknesses, and FAA management, in responding to the auditor's report, indicated their full commitment to addressing these issues. While the cost accounting system is still under development, progress has been made. The cost accounting interface with Delphi was completed in fiscal year 2004, and the labor distribution interface is expected to be completed in fiscal year 2005. For the first time, some cost accounting data, while not available on a monthly basis, was available shortly after the fiscal year end for the 12 months ended September 30, 2004. FAA management has demonstrated its commitment to the full implementation of this system, devoting significant planning and resources to its completion and the monitoring of its implementation progress. While it is important that FAA management continue to place a high priority on the cost system and, more importantly, ultimately to use cost information routinely in FAA decision making, FAA's progress in improving financial management overall since our January 2003 high-risk update has been sufficient for us to remove the high-risk designation for FAA financial management. Forest Service Financial Management: We first designated USDA's Forest Service financial management as high risk in 1999 because the agency lacked accountability over billions of dollars in its two major assets--fund balance with the Department of the Treasury (Treasury) and property, plant, and equipment. Since the Forest Service is a major component of USDA, the lack of accountability over these two major assets contributed to disclaimers of opinions on USDA's consolidated financial statements. In addition, the Forest Service continued to have material weaknesses in its accounting and reporting of accounts receivable and accounts payable. This precluded the agency from knowing costs it had incurred and amounts owed to others throughout the year. These problems were further exacerbated by problems with the Forest Service's partial implementation of its new financial accounting system. This system was unable to produce certain critical budgetary and accounting reports that track obligations, assets, liabilities, revenues, and costs. Thus, these financial reporting weaknesses hampered management's ability to effectively manage operations, monitor revenue and spending levels, and make informed decisions about future funding needs. The Forest Service's long-standing financial management deficiencies were also evident in the repeated negative opinions on its financial statements, including adverse opinions in fiscal years 1991, 1992, and 1995. Due to the severity of its accounting and reporting deficiencies, the Forest Service did not prepare financial statements for fiscal year 1996, but chose instead to focus on trying to resolve these problems. However, the Forest Service's pervasive material internal control weaknesses continued to plague the agency. In our 2001 high-risk update, we reported that the USDA Office of Inspector General (IG) was unable to determine the accuracy of the Forest Service's reported $3.1 billion in net property, plant, and equipment, which represented 51 percent of the agency's assets. We also reported that the IG was unable to verify fund balances with Treasury totaling $2.6 billion because the reconciliation of agency records with Treasury records had not been completed. Because of the severity of these and other deficiencies, the IG disclaimed from issuing opinions on the Forest Service's financial statements for fiscal years 1997 through 2001. In addition, we noted that the Forest Service's autonomous field structure hampered efforts to correct these accounting and financial reporting deficiencies. We also reported that the Forest Service had implemented its new accounting system agencywide. However, the system depended on and received data from feeder systems that were poorly documented, operationally complex, deficient in appropriate control processes, and costly to maintain. In our 2003 high-risk report, while we highlighted that the Forest Service continued to have long-standing material control weaknesses, including weaknesses in its fund balance with Treasury and in property, plant, and equipment, we reported that the Forest Service had made progress toward achieving accountability by receiving its first unqualified opinion on its fiscal year 2002 financial statements. Although the Forest Service had reached an important milestone, it had not yet proved it could sustain this outcome, and had not reached the end goal of routinely producing timely, accurate, and useful financial information. As a result, we retained Forest Service financial management as a high-risk area. In the past 2 years, the Forest Service has made additional progress, especially with respect to addressing several long-standing material internal control deficiencies. Based on our criteria for removing a high-risk designation, which includes a demonstrated strong commitment, corrective action plan, and progress in addressing deficiencies, we believe the Forest Service's overall improvement in financial management since our January 2003 high-risk update has been sufficient for us to remove Forest Service financial management from the high-risk list at this time. The Forest Service has resolved material deficiencies related to its fund balance with Treasury and in property, plant, and equipment, thus increasing accountability over its billions of dollars in assets, and USDA and the Forest Service received unqualified opinions on their fiscal year 2004 financial statements. This does not mean that the Forest Service has no remaining challenges. For example, while we recognized its clean opinion for fiscal year 2002 in our last update, subsequently, in fiscal year 2003, these financial statements had to be restated to correct material errors. The Forest Service also received a clean opinion for fiscal year 2003, but these financial statements had to be restated in fiscal year 2004 to again correct material misstatements. Frequent restatements to correct errors can undermine public trust and confidence in both the entity and all responsible parties. Further, the Forest Service continues to have material internal control weaknesses related to financial reporting and information technology security, and its financial management systems do not yet substantially comply with the Federal Financial Management Improvement Act of 1996. However, the Forest Service has demonstrated a strong commitment to efforts under way or planned, that, if effectively implemented, should help to resolve many of its remaining financial management problems and move it toward sustainable financial management business processes. These efforts are designed to address internal control and noncompliance issues identified in audit reports, as well as organizational issues. For example, during fiscal year 2004, the Forest Service began reengineering and consolidating its finance, accounting, and budget processes. We believe these efforts, if implemented effectively, will provide stronger financial management, sustain positive audit results, and ensure compliance with federal financial reporting standards. Yet, it is important that USDA and Forest Service officials continue to place a high priority on addressing its remaining financial management problems, and we will continue to monitor their progress. [End of section] New High-Risk Areas: GAO's use of the high-risk designation to draw attention to the challenges associated with the economy, efficiency, and effectiveness of government programs and operations in need of broad-based transformation has led to important progress. We will also continue to identify high-risk areas based on the more traditional focus on fraud, waste, abuse, and mismanagement. Our focus will continue to be on identifying the root causes behind vulnerabilities, as well as actions needed on the part of the agencies involved and, if appropriate, the Congress. For 2005, we have designated the following four new areas as high risk: Establishing Appropriate and Effective Information-Sharing Mechanisms to Improve Homeland Security, Department of Defense (DOD) Approach to Business Transformation, DOD Personnel Security Clearance Program, and Management of Interagency Contracting. Establishing Appropriate and Effective Information-Sharing Mechanisms to Improve Homeland Security: Information is a crucial tool in fighting terrorism, and the timely dissemination of that information to the appropriate government agency is absolutely critical to maintaining the security of our nation. The ability to share security-related information can unify the efforts of federal, state, and local government agencies, as well as the private sector as appropriate, in preventing or minimizing terrorist attacks. The 9/11 terrorist attacks heightened the need for comprehensive information sharing. Prior to that time, the overall management of information-sharing activities among government agencies and between the public and private sectors lacked priority, proper organization, coordination, and facilitation. As a result, the existing national mechanisms for collecting threat information, conducting risk analyses, and disseminating warnings were at an inadequate state of development for protecting the United States from coordinated terrorist attacks. Information sharing for securing the homeland is a governmentwide effort involving multiple federal agencies, including but not limited to the Office of Management and Budget (OMB); the Departments of Homeland Security (DHS), Justice, State, and Defense; and the Central Intelligence Agency. Over the past several years, GAO has identified potential information-sharing barriers, critical success factors, and other key management issues that should be considered, including the processes, procedures, and systems to facilitate information sharing among and between government entities and the private sector. Establishing an effective two-way exchange of information to detect, prevent, and mitigate potential terrorist attacks requires an extraordinary level of cooperation and perseverance among federal, state, and local governments and the private sector to establish timely, effective, and useful communications. Since 1998, GAO has recommended the development of a comprehensive plan for information sharing to support critical infrastructure protection efforts. The key components of this recommendation can be applied to broader homeland security and intelligence-sharing efforts, including clearly delineating the roles and responsibilities of federal and nonfederal entities, defining interim objectives and milestones, setting time frames for achieving objectives, and establishing performance measures. In the absence of comprehensive information-sharing plans, many aspects of homeland security information sharing remain ineffective and fragmented. Accordingly, we are designating information sharing for homeland security as a governmentwide high-risk area because this area, while receiving increased attention, still faces significant challenges. Since 2002, legislation,[Footnote 4] various national strategies, and executive orders have specified actions to improve information sharing for homeland security. * The Homeland Security Act of 2002 (P.L. 107-296) included the following specific mechanisms intended to improve two-way information sharing: * The Critical Infrastructure Information Act of 2002 required the establishment of uniform procedures for the receipt, care, and storage of critical infrastructure information that is voluntarily submitted to the federal government. In February 2004, DHS issued an interim rule for comment. * The Homeland Security Information Sharing Act required procedures for facilitating homeland security information sharing and established authorities to share different types of information, such as grand jury information; electronic, wire, and oral interception information; and foreign intelligence information. In July 2003, the President assigned these functions to the Secretary of Homeland Security,[Footnote 5] but no deadline was established for developing information-sharing procedures. * In 2002 and 2003, the National Strategy for Homeland Security and its implementing strategies, the National Strategy to Secure Cyberspace and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, also highlighted federal actions to promote two-way information sharing mechanisms.[Footnote 6] * In September 2003, Homeland Security Presidential Directive (HSPD) 6 called for the establishment of a terrorist screening center to develop, integrate, and maintain thorough, accurate, and current information about individuals known or appropriately suspected to be or to have been engaged in conduct constituting, in preparation for, in aid of, or related to terrorism.[Footnote 7] * Issued in December 2003, HSPD 7 required that DHS (1) produce a national infrastructure protection plan summarizing initiatives for sharing information, including providing threat warning data to state and local governments and the private sector; and (2) establish appropriate systems, mechanisms, and procedures to share homeland security information with other federal departments and agencies, state and local governments, and the private sector in a timely manner.[Footnote 8] * In August 2004, the President issued executive orders: * strengthening terrorism information sharing by (1) requiring establishment of common standards for the sharing of terrorism information within and among the intelligence and counterterrorism communities and appropriate authorities of state and local governments and (2) establishing a council chaired by OMB to plan for and oversee the establishment of automated terrorism information sharing among appropriate agencies[Footnote 9] and: * establishing a National Counterterrorism Center to serve as the primary organization in the federal government for analyzing and integrating intelligence possessed or acquired by the United States pertaining to terrorism and counterterrorism.[Footnote 10] * In December 2004, the Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-458) required the establishment of (1) an information-sharing environment (ISE) as a means of facilitating the exchange of terrorism information among appropriate federal, state, local, and tribal entities, and the private sector; and (2) an information-sharing council to support the President and the ISE program manager with advice on developing policies, procedures, guidelines, roles, and standards necessary to implement and maintain the ISE. In addition, federal agencies have taken steps to expand the mechanisms available for sharing information with and among key stakeholders. * The Federal Bureau of Investigation (FBI) has acted to enhance its information sharing with state and local law enforcement officials, such as providing guidance and additional staffing. It has more than doubled the number of its Joint Terrorism Taskforces (JTTF), from 35 prior to the September 11 attacks to 84 as of July 2004, and state and local law enforcement officials' participation on these task forces has also increased. The FBI has at least one JTTF in each of its 56 field locations and plans to expand that number to 100 JTTFs. The FBI also circulates declassified intelligence information through a weekly bulletin and provides threat information to state and local law enforcement officials via various database networks. * In September 2004, we reported that 9 federal agencies identified 34 major networks supporting homeland security functions--32 operational and 2 in development. For the networks for which cost estimates were available, the cost totaled approximately $1 billion per year for fiscal years 2003 and 2004. Among the networks identified, DHS's Homeland Secure Data Network appears to be a significant initiative for future sharing of classified homeland security information among civilian agencies and DOD. The 9/11 Commission recognized that information sharing must be "guided by a set of practical policy guidelines that simultaneously empower and constrain officials, telling them clearly what is and is not permitted."[Footnote 11] While the wide range of executive and legislative branch actions is encouraging, significant challenges remain in developing the required detailed policies, procedures, and plans for sharing homeland security-related information. For example, DHS had not developed a plan detailing how it will manage its information-sharing responsibilities and relationships, including consideration of appropriate incentives for nonfederal entities to increase information sharing with the federal government, expand participation, and perform other specific tasks such as protecting critical infrastructure.[Footnote 12] HSPD 7 required that DHS develop such a plan by December 2004, however the plan remains under development. The absence of such plans is exacerbated by the lack of established processes and procedures for disseminating homeland security information to the private sector. For example, without clear processes and procedures for rapidly sharing appropriate information, the ability of private sector entities to effectively design facility security systems and protocols can be impeded. In addition, the lack of sharing procedures can also limit the federal government's accurate assessment of nonfederal facilities' vulnerability to terrorist attacks. Detailed plans are essential. For example, DHS has developed an initial version of an enterprise architecture to assist its efforts to integrate and share information among and between federal agencies and other entities; version 1.0 of its architecture does not, however, include many of the 34 networks that we identified as supporting homeland security information sharing. Improving the standardization and consolidation of data can also promote better sharing. For example, in 2003 we found that goals, objectives, roles, responsibilities, and mechanisms for information sharing had not been consistently defined by the 9 federal agencies that maintain 12 key terrorist and criminal watch list systems. As a result, efforts to standardize and consolidate appropriate watch list data would be impeded by the existence of overlapping sets of data, inconsistent agency policies and procedures for the sharing of those data, and technical incompatibilities among the various watch list information systems. In addition, 2004 reports from the inspectors general at DHS and the Department of Justice highlight the challenges and slow pace of integrating and sharing information between fingerprint databases.[Footnote 13] We have made numerous recommendations related to information sharing, particularly as they relate to fulfilling federal critical infrastructure protection responsibilities.[Footnote 14] For example, we have reported on the practices of organizations that successfully share sensitive or time-critical information, including establishing trust relationships, developing information-sharing standards and protocols, establishing secure communications mechanisms, and disseminating sensitive information appropriately. Federal agencies have concurred with our recommendations that they develop appropriate strategies to address the many potential barriers to information sharing. However, many federal efforts remain in the planning or early implementation stages. A great deal of work remains to effectively implement the many actions called for to improve homeland security information sharing, including establishing clear goals, objectives, and expectations for the many participants in information-sharing efforts; and consolidating, standardizing, and enhancing federal structures, policies, and capabilities for the analysis and dissemination of information. DOD Approach to Business Transformation: DOD spends billions of dollars each year to sustain key business operations that support our forces, including systems and processes related to acquisition and contract management, financial management, supply chain management, business systems modernization, and support infrastructure management--all of which appear individually on GAO's high-risk list. Recent and ongoing military operations in Afghanistan and Iraq and new homeland defense missions have led to newer and higher demands on our forces in a time of growing fiscal challenges for our nation. In an effort to better manage DOD's resources, the Secretary of Defense has appropriately placed a high priority on transforming force capabilities and key business processes. For years, GAO has reported on inefficiencies and the lack of adequate transparency and appropriate accountability across DOD's major business areas, resulting in billions of dollars of wasted resources annually. Although the Secretary of Defense and senior leaders have shown commitment to business transformation, as evidenced by individual key initiatives related to acquisition reform, business modernization, and financial management, among others, little tangible evidence of actual improvement has been seen in DOD's business operations to date. Improvements have generally been limited to specific business process areas, such as DOD's purchase card program, and have resulted in the incorporation of many key elements of reform, such as increased management oversight and monitoring and results-oriented performance measures. However, DOD has not taken the steps it needs to take to achieve and sustain business reform on a broad, strategic, departmentwide and integrated basis. Among other things, it has not established clear and specific management responsibility, accountability, and control over overall business transformation- related activities and applicable resources. In addition, DOD has not developed a clear strategic and integrated plan for business transformation with specific goals, measures, and accountability mechanisms to monitor progress, or a well-defined blueprint, commonly called an enterprise architecture, to guide and constrain implementation of such a plan. For these reasons, GAO, for the first time, is designating DOD's lack of an integrated strategic planning approach to business transformation as high risk. DOD's current and historical approach to business transformation has not proven effective in achieving meaningful and sustainable progress in a timely manner. As a result, change is necessary in order to expedite the effort and increase the likelihood of success. For DOD to successfully transform its business operations, it will need a comprehensive and integrated business transformation plan; people with needed skills, knowledge, experience, responsibility, and authority to implement the plan; an effective process and related tools; and results-oriented performance measures that link institutional, unit, and individual performance goals and expectations to promote accountability for results. Over the last 3 years, GAO has made several recommendations that, if implemented effectively, could help DOD move forward in establishing the means to successfully address the challenges it faces in transforming its business operations. For example, GAO believes that DOD needs a full-time chief management officer (CMO) position, created through legislation, with responsibility and authority for DOD's overall business transformation efforts. This is a "good government" matter that should be addressed in a professional and nonpartisan manner. The CMO must be a person with significant authority and experience who would report directly to the Secretary of Defense. Given the nature and complexity of the overall business transformation effort, and the need for sustained attention over a significant period of time, this position should be a term appointment (e.g., 7 years) and the person should be subject to a performance contract. DOD has agreed with many of our recommendations and launched efforts intended to implement many of them, but progress to date has been slow. DOD Personnel Security Clearance Program: Delays in completing hundreds of thousands of background investigations and adjudications (a review of investigative information to determine eligibility for a security clearance) have led us to add the DOD personnel security clearance program to our 2005 high-risk list. Personnel security clearances allow individuals to gain access to classified information that, in some cases, could reasonably be expected to cause exceptionally grave damage to national defense or foreign relations through unauthorized disclosure. Worldwide deployments, contact with sensitive equipment, and other security requirements have resulted in DOD having approximately 2 million active clearances. Problems with DOD's personnel security clearance process can have repercussions throughout the government because DOD conducts personnel security investigations and adjudications for industry personnel from 22 other federal agencies, in addition to performing such functions for its own service members, federal civilian employees, and industry personnel. While GAO's work on the clearance process has focused on DOD, clearance delays in other federal agencies suggest that similar impediments and their effects may extend beyond DOD. Since at least the 1990s, GAO has documented problems with DOD's personnel security clearance process, particularly problems related to backlogs and the resulting delays in determining clearance eligibility. Since fiscal year 2000, DOD has declared its personnel security clearance investigations program to be a systemic weakness--a weakness that affects more than one DOD component and may jeopardize the department's operations--under the Federal Managers' Financial Integrity Act of 1982. An October 2002 House Committee on Government Reform report also recommended including DOD's adjudicative process as a material weakness. As of September 30, 2003 (the most recent data available), DOD could not estimate the full size of its backlog, but we identified over 350,000 cases exceeding established time frames for determining eligibility. The negative effects of delays in determining security clearance eligibility are serious and vary depending on whether the clearance is being renewed or granted to an individual for the first time. Delays in renewing previously issued clearances can lead to heightened risk of national security breaches because the longer individuals hold a clearance, the more likely they are to be working with critical information and systems. Delays in issuing initial clearances can result in millions of dollars of additional costs to the federal government, longer periods of time needed to complete national security-related contracts, lost-opportunity costs if prospective employees decide to work elsewhere rather than wait to get a clearance, and diminishing quality of the work because industrial contractors may be performing government contracts with personnel who have the necessary security clearances but are not the most experienced and best-qualified personnel for the positions involved. DOD has taken steps--such as hiring more adjudicators and authorizing overtime for adjudicative staff--to address the backlog, but a significant shortage of trained federal and private-sector investigative personnel presents a major obstacle to timely completion of cases. Other impediments to eliminating the backlog include the absence of an integrated, comprehensive management plan for addressing a wide variety of problems identified by GAO and others. In addition to matching adjudicative staff to workloads and working with the Office of Personnel Management (OPM) to develop an overall management plan, DOD needs to develop and use new methods for forecasting clearance needs and monitoring backlogs, eliminate unnecessary limitations on reciprocity (the acceptance of a clearance and access granted by another department, agency, or military service), determine the feasibility of implementing initiatives that could decrease the backlog and delays, and provide better oversight for all aspects of its personnel security clearance process. The National Defense Authorization Act for Fiscal Year 2004 authorized the transfer of DOD's personnel security investigative function and over 1,800 investigative employees to OPM. The transfer is scheduled to take place in February 2005. While the transfer would eliminate DOD's responsibility for conducting the investigations, it would not eliminate the shortage of trained investigative personnel needed to address the backlog. Although DOD would retain the responsibility for adjudicating clearances, OPM would be accountable for ensuring the investigations are completed in a timely manner. Management of Interagency Contracting: In recent years, federal agencies have been making a major shift in the way they procure many goods and services. Rather than spending a great deal of time and resources contracting for goods and services themselves, they are making greater use of existing contracts already awarded by other agencies. These contracts are designed to leverage the government's aggregate buying power and provide a much-needed simplified method for procuring commonly used goods and services. Thus, their popularity is gaining quickly. The General Services Administration (GSA) alone, for example, has seen a nearly tenfold increase in interagency contract sales since 1992, pushing the total sales mark up to $32 billion (see fig. 1). Other agencies, such as the Department of the Treasury and the National Institutes of Health, also sponsor interagency contracts. Figure 1: Multiple Award Schedule Sales, Fiscal Years 1992 through 2004: [See PDF for image] Note: Dollars amounts are then-year dollars. [End of figure] These contract vehicles offer the benefits of improved efficiency and timeliness; however, they need to be effectively managed. If not properly managed, a number of factors can make these interagency contract vehicles high risk in certain circumstances: (1) they are attracting rapid growth of taxpayer dollars; (2) they are being administered and used by some agencies that have limited expertise with this contracting method; and (3) they contribute to a much more complex environment in which accountability has not always been clearly established. Use of these contracts, therefore, demands a higher degree of business acumen and flexibility on the part of the federal acquisition workforce than in the past. This risk is widely recognized, and the Congress and executive branch agencies have taken several steps to address it. However, the challenges associated with these contracts, recent problems related to their management, and the need to ensure that the government effectively implements measures to bolster oversight and control so that it is well positioned to realize the value of these contracts warrants designation of interagency contracting as a new high-risk area. Interagency contracts are awarded under various authorities and can take many forms. Typically, they are used to provide agencies with commonly used goods and services, such as office supplies or information technology services. Agencies that award and administer interagency contracts usually charge a fee to support their operations. These types of contracts have allowed customer agencies to meet the demands for goods and services at a time when they face growing workloads, declines in the acquisition workforce, and the need for new skill sets. Our work and that of some agency inspectors general has revealed instances of improper use of interagency contracts. For example, we recently reviewed contracts and task orders awarded by DOD and found some task orders under the GSA schedules that did not satisfy legal requirements for competition because the work was not within the scope of the underlying contracts.[Footnote 15] Similarly, the inspector general for the Department of the Interior found that task orders for interrogators and other intelligence services in Iraq were improperly awarded under a GSA schedule contract for information technology services.[Footnote 16] More broadly, the GSA inspector general conducted a comprehensive review of the contracting activities of GSA's Federal Technology Service (FTS), an entity that provides contracting services for agencies across the government, and reported that millions of dollars in fiscal year 2003 awards did not comply with laws and regulations.[Footnote 17] Administration officials have acknowledged that the management of interagency contracting needs to be improved. Interagency contracting is being used more with regard to purchases of services, which have increased significantly over the past several years and now represent over half of federal contract spending. Agencies also are buying more sophisticated or complex services, particularly in the areas of information technology and professional and management support. In many cases, interagency contracts provide agencies with easy access to these services, but purchases of services require different approaches in describing requirements, obtaining competition, and overseeing contractor performance than purchases of goods. In this regard, we and others have reported on the failure to follow prescribed procedures designed to ensure fair prices when using schedule contracts to acquire services. At DOD, the largest customer for interagency contracts, we found that competition requirements were waived for a significant percentage of supply schedule orders we reviewed, frequently based on an expressed preference to retain the services of incumbent contractors. DOD concurred with our recommendations to develop guidance for the conditions under which waivers of competition may be used, require documentation to support waivers, and establish approval authority based on the value of the orders.[Footnote 18] There are several causes of the deficiencies we and others have found with the use of interagency contracts, including the increasing demands on the acquisition workforce, insufficient training, and in some cases inadequate guidance. Two additional factors are worth noting. First, the fee-for-service arrangement creates an incentive to increase sales volume in order to support other programs of the agency that awards and administers an interagency contract. This may lead to an inordinate focus on meeting customer demands at the expense of complying with required ordering procedures. Second, it is not always clear where the responsibility lies for such critical functions as describing requirements, negotiating terms, and conducting oversight. Several parties--the requiring agency, the ordering agency, and in some cases the contractor--are involved with these functions. But, as the number of parties grows, so too does the need to ensure accountability. The Congress and the administration have taken several steps to address the challenges of interagency contracting. In 2003, the Congress sought to improve contract oversight and execution by enacting the Services Acquisition Reform Act. The Act created a new chief acquisition officer position in many agencies and enhanced workforce training and recruitment. More recently, the Congress responded to the misuse of interagency contracting by requiring more intensive oversight of purchases under these contracts. In July 2004, GSA launched "Get It Right," an oversight and education program, to ensure that its largest customer, DOD, and other federal agencies properly use GSA's interagency contracts and its acquisition assistance services. Through this effort, GSA seeks to demonstrate a strong commitment to customer agencies' compliance with federal contracting regulations and, among other things, improve processes to ensure competition, integrity, and transparency. Additionally, to address workforce issues, OMB, GSA, and DOD officials have said they are developing new skills assessments, setting standards for the acquisition workforce, and coordinating training programs aimed at improving the capacity of the federal acquisition workforce to properly handle the growing and more complex workload of service acquisitions. These recent actions are positive steps toward improving management of interagency contracting, but, as with other areas, some of these actions are in their early stages and others are still under development. In addition, it is too early to tell whether all of the corrective actions will be effectively implemented, although a recent limited review by the GSA Inspector General found some improvement at FTS from enhanced management controls. Our work on major management challenges indicates that specific and targeted approaches are also needed to address interagency contracting risks across the government. Ensuring the proper use of interagency contracts must be viewed as a shared responsibility of all parties involved. But this requires that specific responsibilities be more clearly defined. In particular, to facilitate effective purchasing through interagency contracts, and to help ensure the best value of goods and services, agencies must clarify roles and responsibilities and adopt clear, consistent, and enforceable policies and processes that balance the need for customer service with the requirements of contract regulations. Internal controls and appropriate performance measures help ensure that policies and processes are implemented and have the desired outcomes. In addition, to be successful, efforts to improve the contracting function must be linked to agency strategic plans. As with other governmentwide high-risk areas, such as human capital and information security, effectively addressing interagency contract management challenges will require agency management to commit the necessary time, attention, and resources, as well as enhanced executive branch and congressional oversight. Making these investments has the potential to improve the government's ability to acquire high-quality goods and services in an efficient and effective manner, resulting in reduced costs, improved service delivery, and strengthened public trust. [End of section] Emerging Areas: In addition to specific areas that GAO has designated as high risk, there are other important broad-based challenges facing our government that are serious and merit continuing close attention. One area of increasing concern involves the need for the completion of comprehensive national threat and risk assessments in a variety of areas. For example, emerging requirements from the changing security environment, coupled with increasingly limited fiscal resources across the federal government, emphasize the need for agencies to adopt a sound approach to establishing realistic goals, evaluating and setting priorities, and making difficult resource decisions. GAO has advocated a comprehensive threat and/or risk management approach as a framework for decision making that fully links strategic goals to plans and budgets, assesses values and risks of various courses of actions as a tool for setting priorities and allocating resources, and provides for the use of performance measures to assess outcomes. Most prominently, two federal agencies with significant national security responsibilities--DHS and DOD--are still in the beginning stages of adopting a risk-based strategic framework for making important resource decisions involving billions of dollars annually. This lack of a strategic framework for investment decisions is one of the reasons that implementing and transforming DHS, and DOD's approach to business transformation, have been designated as high-risk areas. At the same time, this threat/risk assessment concept can be applied to a broad range of existing federal government programs, functions, and activities. The relatively new DHS, with an annual budget of over $40 billion, has not completed risk assessments mandated by the Homeland Security Act of 2002 to set priorities to help focus its resources where most needed. In performing its duties to protect the nation's critical infrastructure, DHS has not made clear the link between risk assessment and resource allocation, for example, what criteria it initially used to select assets of national importance and the basic strategy it uses to determine which assets warrant additional protective measures, and by how much these measures could reduce the risk to the nation. GAO has reviewed the work of several of DHS's component agencies that have taken some initial steps towards risk management, but much remains to be done. DHS's Immigration and Customs Enforcement (ICE), as a first step toward developing budget requests and workforce plans for fiscal year 2007 and beyond, has had its Office of Investigations field offices conduct baseline threat assessments to help identify risks. However, performance measures to assess how well a particular threat has been addressed were not used for workforce planning in ICE's fiscal year 2006 budget request. DHS's Customs and Border Protection (CBP) has taken steps to address the terrorism risks posed by oceangoing cargo containers. However, CBP has not performed a comprehensive set of assessments vital for determining the level of risk for oceangoing cargo containers and the types of responses necessary to mitigate that risk. The need to use a risk management approach has been a recurring theme in our previous work in transportation security. We reported in 2003 that DHS's Transportation and Security Administration (TSA) planned to adopt a risk management approach. To date, including in our most recent work on general aviation security, we have found that TSA has not fully integrated this approach, which includes assessments of threat, vulnerability, and criticality, to help it prioritize its efforts. As a result, we have recommended that TSA continue its efforts to integrate a risk management approach into its processes. DOD, with a budget of over $400 billion a year, exclusive of supplemental funding, is in the process of transforming its force capabilities and business processes. GAO has reported on limitations in DOD's strategic planning and budgeting, including the use of overly optimistic assumptions in estimating funding needs, often resulting in a mismatch between programs and budgets. In its strategic plan--the September 2001 Quadrennial Defense Review--DOD outlined a new risk management framework consisting of four dimensions of risk--force management, operational, future challenges, and institutional--to use in considering trade-offs among defense objectives and resource constraints. According to DOD, these risk areas are to form the basis for DOD's annual performance goals. They will be used to track performance results and will be linked to planning and resource decisions. As of December 2004, DOD was still in the process of implementing this approach departmentwide. It also remains unclear how DOD will use this approach to measure progress in achieving business and force transformation. We believe that instilling a disciplined approach to identifying and managing risk has broad applicability across a wide range of federal programs, operations, and functions across the federal government. This will be a continuing focus of our work in the future. More generally, we will also continue to monitor other management challenges identified through our work, including those discussed in our January 2003 Performance and Accountability Series: Major Management Challenges and Program Risks (GAO-03-95 through GAO-03-118). While not high risk at this time, these challenges warrant continued attention. For example, at the U.S. Census Bureau, a number of operational and managerial challenges loom large as the Bureau approaches its biggest enumeration challenge yet, the 2010 Census. The Census Bureau will undertake an important census test and make critical 2010 Census operational and design decisions in the coming months--and we will continue to closely monitor these challenges to assist the Congress in its oversight and the Bureau in its decision making. [End of section] Progress Being Made in Other High-Risk Areas: For other areas that remain on our 2005 high-risk list, there has been important but varying levels of progress, although not yet enough progress to remove these areas from the list. Top administration officials have expressed their commitment to maintaining momentum in seeing that high-risk areas receive adequate attention and oversight. Since our 2003 high-risk report, the Office of Management and Budget (OMB) has worked closely with a number of agencies that have high-risk issues, in many cases establishing action plans and milestones for agencies to complete needed actions to address areas that we have designated as high risk. Such a concerted effort by agencies and ongoing attention by OMB are critical; our experience over the past 15 years has shown that perseverance is required to fully resolve high- risk areas. The Congress, too, will continue to play an important role through its oversight and, where appropriate, through legislative action targeted at the problems and designed to address high-risk areas. Examples of progress in other programs or operations that were previously designated as high risk are discussed below and in the highlights pages that follow this report section. * Recognizing that federal agencies must transform their organizations to meet the new challenges of the 21st century and that their most important asset in this transformation is their people, GAO first added human capital management as a governmentwide high-risk issue in January 2001 to help focus attention and resources on the need for human capital reform. Since then, the Congress and the agencies have made more progress in revising and redesigning human capital policies, processes, and systems than in the past quarter century. The Congress called on agencies to do a better and faster job of hiring the right people with the right skills to meet their critical missions, such as protecting the homeland, and gave the agencies new flexibilities to meet this challenge. The Congress also granted agencies, such as DOD and DHS, unprecedented flexibility to redesign their human capital systems, including designing new classification and compensation systems, which could serve as models for governmentwide change. However, effectively designing and implementing any resulting human capital systems will be of critical importance not just for these agencies, but for overall civil service reform. As part of the President's Management Agenda, the administration also made strategic human capital management one of its top five priorities and established a system for holding agencies accountable for achieving this change. Some agencies have begun to assess their future workforce needs and implement available flexibilities to meet those needs. As a result of the ongoing significant changes in how the federal workforce is managed, there is general recognition that there should be a framework to guide human capital reform built on a set of beliefs that entail fundamental principles and boundaries that include criteria and processes that establish checks and limitations when agencies seek and implement their authorities. * The Postal Service (the Service) has made significant progress in improving its financial situation and implementing transformation initiatives to improve its financial viability since its transformation efforts and long-term outlook was designated as high risk in 2001. Several of its key achievements in the last 2 years include debt reduction of $9.3 billion, net income of $7 billion, productivity gains of 4.2 percent, the elimination of accumulated deficits, and reductions of about 45,000 in career employees. In addition, postal pension reform legislation was enacted to address a projected overfunding of the Service's pension obligation. The Congress also made progress in considering postal reform legislation, which, although not yet enacted, was approved by House and Senate oversight committees. However, key challenges remain, including generating revenues to offset declines in First-Class Mail volume, which generates revenues covering most of the Service's institutional costs; addressing large financial liabilities and obligations; achieving cost savings and productivity improvements, in part by restructuring its infrastructure and workforce; and addressing human capital challenges, such as succession planning and credible performance-based compensation systems. Further, postal reform remains a challenge that will require enactment of legislation by the Congress and leadership by the Service to effectively carry out its transformation. * Since January 2003, the administration has taken several key steps to address long-standing problems in managing federal real property. First, in an effort to provide a governmentwide focus on federal real property issues, the President added the Federal Asset Management Initiative to the President's Management Agenda and signed Executive Order 13327 in February 2004. Under the order, agencies are to designate a senior real property officer to, among other things, identify and categorize owned and leased real property managed by the agency and develop agency asset management plans. Agencies such as DOD and the Department of Veterans Affairs (VA) have taken other actions-- DOD is preparing for a round of base realignments and closures in 2005, and in May 2004, VA announced a wide range of asset realignment decisions. These and other efforts are positive steps, but it is too early to judge whether the administration's focus on this area will have a lasting impact. The underlying conditions and related obstacles that led to GAO's high-risk designation continue to exist. Remaining obstacles include competing stakeholder interests in real property decisions, various legal and budget-related disincentives to optimal, businesslike, real property decisions, and the need for better capital planning among agencies. * Since GAO designated modernizing federal disability programs as a high-risk area in 2003, the Social Security Administration (SSA) and VA have made some progress toward improving their disability programs. A key initiative involves SSA's proposal to improve the timeliness and accuracy of disability decisions and to foster return to work at all stages of the decision-making process. In addition, the Congress established a commission to study the appropriateness of veterans' benefits. Moreover, SSA and VA have both made some gains in timeliness in their disability claims decisions. While these actions have yielded some progress, SSA's and VA's disability programs still face significant challenges. For example, despite the slowdown in workforce growth nationwide, increased employment opportunities for persons with disabilities have been afforded by advances in medicine and technology and the growing expectation that people with disabilities can and do want to work. Nevertheless, federal disability programs remain grounded in outmoded concepts that equate medical conditions with work incapacity. In addressing these challenges, GAO believes that SSA and VA should take the lead in examining the fundamental causes of program problems and seek both the management and legislative solutions needed to transform their programs so that they are in line with the current state of science, medicine, technology, and labor market conditions. At the same time, these agencies should continue to develop and implement strategies for improving the accuracy, timeliness, and consistency of disability decision making. * The Department of Health and Human Services and its Centers for Medicare & Medicaid Services (CMS) have made some progress to improve the fiscal integrity and oversight of the Medicaid program, which was designated high risk in 2003. For example, CMS has strengthened oversight of state financing schemes that have inappropriately boosted the federal share of Medicaid spending, by centralizing its review process and conducting targeted financial management reviews of states' programs. CMS also proposed last year that Medicaid payments to government facilities be limited to their actual costs--a recommendation that GAO earlier made to the Congress and that remains open. The results of these actions will need to be assessed to determine their effectiveness in improving the program's fiscal integrity, and more action is needed before the program's high-risk designation can be removed. For example, CMS did not take action in response to our recommendations intended to better ensure that state Medicaid demonstration programs, to expand coverage to certain populations, do not increase the federal government's costs beyond what they would have been without the demonstrations, a long-standing administration policy. * The Department of Housing and Urban Development (HUD) has demonstrated commitment to and progress in addressing weaknesses in its Single-Family Mortgage Insurance and Rental Housing Assistance program areas. Specifically, HUD has acted to reduce the risk of financial loss by improving its oversight of lenders and appraisers and by increasing its use of foreclosure prevention tools. Further, HUD has continued to implement measures to reduce errors in rental subsidy payments and to improve the physical condition of HUD-assisted housing. However, HUD needs to continue strengthening the management and oversight of its single-family mortgage insurance programs to reduce the risk of insurance losses and its vulnerability to questionable payments for property management services. Further, it needs to continue in its efforts to ensure that rental housing assistance program subsidy payments are accurate and that subsidy recipients are eligible. * Since the agency's inception in March 2003, DHS leadership has provided a foundation to maintain critical operations while undergoing transformation. DHS has worked to protect the homeland and secure transportation and borders, funded emergency preparedness improvements and emerging technologies, assisted law enforcement activities against suspected terrorists, and issued its first strategic plan. DHS has taken initial steps to address financial management weaknesses and is acquiring an integrated financial enterprise solution, recognized the need for and has begun to institutionalize a strategic management framework that addresses key information technology disciplines; and initiated strategic human capital planning efforts and published proposed regulations for a modern human capital management system. Concurrently, DHS is initiating corrective actions on a broad array of programmatic challenges that require sustained effort in areas such as transportation, cargo, and border security; tracking visitors; consolidating border security functions; updating outmoded capabilities in the Coast Guard fleet; and balancing homeland security with other missions, such as law enforcement and disaster planning. DHS must now follow through on these initial actions. Furthermore, in managing its transformation, DHS must overcome a number of significant challenges that as yet have not been adequately addressed. For example, annual goals and time frames are vague or missing; the capacity to achieve them is uncertain; and performance measures and plans to monitor, assess, and independently evaluate the effectiveness of corrective measures are not fully developed. Also, progress in forming effective partnerships with other governmental and private sector entities remains challenged in several critical areas, such as improving critical infrastructure protection and emergency preparedness. Importantly, DHS has also not completed legislatively mandated comprehensive threat and risk assessments to set priorities and to focus its limited resources to mitigate the greatest risk. DHS needs sustained leadership and a commitment to a strategy that incorporates accountability and oversight to succeed in its multiyear transformation. Failure to effectively address its management challenges and program risks could have serious consequences for our national security. [End of section] High-Risk Areas Consolidated: Collection of Unpaid Taxes and Earned Income Credit Noncompliance: We have combined our previous Collection of Unpaid Taxes and Earned Income Credit Noncompliance high-risk areas into an area titled Enforcement of Tax Laws. Collection of unpaid taxes was included in the first high-risk series report in 1990, with a focus on the backlog of uncollected debts owed by taxpayers. In 1995, we added Filing Fraud as a separate high-risk area, narrowing the focus of that high-risk area in 2001 to Earned Income Credit Noncompliance because of the particularly high incidence of fraud and other forms of noncompliance in that program. We expanded our concern about the Collection of Unpaid Taxes in our 2001 high-risk report to include not only unpaid taxes (including tax evasion and unintentional noncompliance) known to the Internal Revenue Service (IRS), but also the broader enforcement issue of unpaid taxes that IRS has not detected. We made this change because of declines in some key IRS collection actions as well as IRS's lack of information about whether those declines had affected voluntary compliance. Although the Congress dedicated a specific appropriation for Earned Income Credit compliance initiatives (both to curb noncompliance and encourage participation) in fiscal years 1998 through 2003, with the 2004 budget the Congress returned to appropriating a single amount for IRS to allocate among its various tax law enforcement efforts. In recent years, the resources IRS has been able to dedicate to enforcing the tax laws have declined, while IRS's enforcement workload- -measured by the number of taxpayer returns filed--has continually increased. Accordingly, nearly every indicator of IRS's coverage of its enforcement workload has declined in recent years. Although in some cases workload coverage has increased, overall IRS's coverage of known workload is considerably lower than it was just a few years ago. Although many suspect that these trends have eroded taxpayers' willingness to voluntarily comply--and survey evidence suggests this may be true--the cumulative effect of these trends is unknown because new research into the level of taxpayer compliance is only now being completed by IRS after a long hiatus. Further, IRS's workload has grown ever more complex as the tax code has grown more complex. Complexity creates a fertile ground for those intentionally seeking to evade taxes and often trips others into inadvertent noncompliance. IRS is challenged to administer and explain each new provision, thus absorbing resources that otherwise might be used to enforce the tax laws. Concurrently, other areas of particularly serious noncompliance have gained the attention of IRS and the Congress--such as abusive tax shelters and schemes employed by businesses and wealthy individuals that often involve complex transactions that may span national boundaries. Given the broad declines in IRS's enforcement workforce, IRS's decreased ability to follow up on suspected noncompliance, the emergence of sophisticated evasion concerns, and the unknown effect of these trends on voluntary compliance, IRS is challenged on virtually all fronts in attempting to ensure that taxpayers fulfill their obligations. IRS's success in overcoming these challenges becomes ever more important in light of the nation's large and growing fiscal pressures. Accordingly, we believe the focus of concern on the enforcement of tax laws is not confined to any one segment of the taxpaying population or any single tax provision. Our designation of the enforcement of tax laws as a high-risk area embodies this broad concern. IRS Business Systems Modernization and IRS Financial Management: IRS has long relied on obsolete automated systems for key operational and financial management functions, and its attempts to modernize these aging computer systems span several decades. This long history of continuing delays and design difficulties and their significant impact on IRS's operations led GAO to designate IRS's systems modernization activities and its financial management as high-risk areas in 1995. Since that time, IRS has made progress in improving its financial management, such as enhancing controls over hard copy tax receipts and data and budgetary activity, and improving the accuracy of property records. Additionally, for the past 5 years, IRS has received clean audit opinions on its annual financial statements and, for the past 3 years, has been able to achieve this within 45 days of the end of the fiscal year. However, IRS still needs to replace its outdated financial management systems, which is part of its business systems modernization program. Accordingly, since the resolution of IRS's remaining most serious and intractable financial management problems largely depends upon the success of IRS's business systems modernization efforts, and since we have continuing concerns related to this program, we are combining our two previous high-risk areas into one Business Systems Modernization high-risk area. [End of section] Highlights for Each High-Risk Area: Overall, the government continues to take high-risk problems seriously and is making long-needed progress toward correcting them. The Congress has also acted to address several individual high-risk areas through hearings and legislation. Continued perseverance in addressing high- risk areas will ultimately yield significant benefits. Lasting solutions to high-risk problems offer the potential to save billions of dollars, dramatically improve service to the American public, strengthen public confidence and trust in the performance and accountability of our national government, and ensure the ability of government to deliver on its promises. We have prepared highlights of each of the 25 high-risk areas on our updated list, showing (1) why the area is high risk, (2) the actions that have been taken and that are under way to address the problem since our last update report as well as the issues that are yet to be resolved, and (3) what remains to be done to address the risk. These highlights are presented on the following pages. Finally, we have compiled lists of GAO products issued since January 2003 related to the major management challenges identified in the 2003 Performance and Accountability Series. These lists, accompanied by narratives describing the related major management challenges, are available on our Web site at [Hyperlink, http://www.gao.gov/pas/2005]. HIGH-RISK SERIES: Strategic Human Capital Management: GAO Highlights: For additional information about this high-risk area, contact J. Christopher Mihm at (202) 512-6806 or mihmj@gao.gov. Why Area Is High Risk: In 2001, GAO designated strategic human capital management as a high- risk area because of the federal government's long-standing lack of a consistent strategic approach to marshaling, managing, and maintaining the human capital needed to maximize government performance and ensure its accountability. The area remains high risk because federal human capital strategies are still not appropriately constituted to meet current and emerging challenges or drive the transformations necessary for agencies to meet these challenges. For example, human capital considerations are a critical element for the intelligence organizations and related homeland security organizations that are undergoing a fundamental transformation in the aftermath of September 11, 2001. What GAO Found: The executive branch and the Congress have taken a number of steps to address the federal government's human capital shortfalls. For example, in 2001, the President's Management Agenda identified human capital management as a top priority, and recently the Office of Management and Budget reported that agencies are making improvements in addressing key human capital challenges. The Congress also sought to elevate human capital issues within federal agencies in part by creating the Chief Human Capital Officer positions and a Council to advise and assist agency leaders in their human capital efforts. The Congress has provided several agencies--most notably the Departments of Homeland Security and Defense--authorities to design and manage their human capital systems. Effective design and implementation of any resulting new policies and procedures is of critical importance. The Congress also recently provided agencies across the executive branch with additional human capital flexibilities, such as specific hiring authorities, and the Office of Personnel Management is working with the agencies to make the government more competitive for top talent by speeding up the hiring process. In addition, the Congress and the administration together have reformed the performance management and compensation systems for senior executives to better link the institutional, unit, and individual performance and reward systems. While more progress in addressing human capital challenges has been made in the last few years than in the previous 25, ample opportunities exist for agencies to improve their strategic human capital management to achieve results and respond to current and emerging challenges: * Leadership: Agencies need sustained leadership to provide the focused attention essential to completing multiyear transformations. * Strategic Human Capital Planning: Agencies need effective strategic workforce plans to identify and focus their human capital investments on the long-term issues that best contribute to results. * Acquiring, Developing, and Retaining Talent: Agencies need to continue to create effective hiring processes and use flexibilities and incentives to retain critical talent and reshape their workforces. * Results-Oriented Organizational Cultures: Agencies need to reform their performance management systems so that pay and awards are linked to performance and organizational results. Significant changes in how the federal workforce is managed are under way, and, consequently, there is general recognition that there needs to be a framework to guide human capital reform built on a set of beliefs and boundaries. Beliefs entail the fundamental principles that should govern all approaches to human capital reform and should not be altered or waived by agencies seeking human capital authorities. Boundaries include the criteria and processes that establish the checks and limitations when agencies seek and implement human capital authorities. What Remains to Be Done: Agencies--working with the Congress and OPM--must assess future workforce needs, especially in light of long-term fiscal challenges; determine ways to make maximum use of available authorities to recruit, hire, develop, and retain key talent to meet their needs; build a business case to request additional authorities as appropriate; and reform performance management systems to better link organizational and individual results. There is also a need to continue to develop a governmentwide framework for human capital reform that the Congress and the administration can implement to enhance performance, ensure accountability, and position the nation for the future. Related Products: Strategic Human Capital Management: Leadership: Highlights of a GAO and National Commission on the Public Service Implementation Initiative Forum on Human Capital: Principles, Criteria, and Processes for Governmentwide Federal Human Capital Reform. GAO-05- 69SP. Washington, D.C.: December 1, 2004. Intelligence Reform: Human Capital Considerations Critical to 9/11 Commission's Proposed Reforms. GAO-04-1084T. Washington, D.C.: September 14, 2004. Human Capital: Building on the Current Momentum to Transform the Federal Government. GAO-04-976T. Washington, D.C.: July 20, 2004. Human Capital: Observations on Agencies' Implementation of the Chief Human Capital Officers Act. GAO-04-800T. Washington, D.C.: May 18, 2004. Strategic Human Capital Planning: Human Capital: Key Principles for Effective Strategic Workforce Planning. GAO-04-39. Washington, D.C.: December 11, 2003. Human Capital: Succession Planning and Management Is Critical Driver of Organizational Transformation. GAO-04-127T. Washington, D.C.: October 1, 2003. Human Capital: Insights for U.S. Agencies from Other Countries' Succession Planning and Management Initiatives. GAO-03-914. Washington, D.C.: September 15, 2003. Acquiring, Developing, and Retaining Talent: Human Capital: Increasing Agencies' Use of New Hiring Flexibilities. GAO-04-959T. Washington, D.C.: July 13, 2004. Human Capital: Additional Collaboration Between OPM and Agencies Is Key to Improved Federal Hiring. GAO-04-797. Washington, D.C.: June 7, 2004. Human Capital: A Guide for Assessing Strategic Training and Development Efforts in the Federal Government. GAO-04-546G. Washington, D.C.: March 2004. Results-Oriented Organizational Cultures: Human Capital: Senior Executive Performance Management Can Be Significantly Strengthened to Achieve Results. GAO-04-614. Washington, D.C.: May 26, 2004. Human Capital: Implementing Pay for Performance at Selected Personnel Demonstration Projects. GAO-04-83. Washington, D.C.: January 23, 2004. Results-Oriented Cultures: Creating a Clear Linkage between Individual Performance and Organizational Success. GAO-03-488. Washington, D.C.: March 14, 2003. See www.gao.gov for numerous speeches and presentations from the Comptroller General on human capital challenges in general and as they apply to specific agencies. HIGH-RISK SERIES: U.S. Postal Service Transformation Efforts and Long-Term Outlook: GAO Highlights: For additional information about this high-risk area, contact Katherine Siggerud at (202) 512-2834 or siggerudk@gao.gov. Why Area Is High Risk: In April 2001, GAO designated U.S. Postal Service's transformation efforts and long-term outlook as a high-risk area due to growing risk that the Service would not be able to continue providing universal postal service at reasonable rates while remaining self-supporting through postal revenues. This inclusion on GAO's high-risk list was intended to focus needed attention on the dilemmas facing the Service before the situation escalates into a crisis, where the options for action may be more limited and costly. The Service has since taken steps to address its problems, and a presidential commission has reported on the need for far-reaching changes, including legislative reform. However, reform legislation has not yet been enacted and the underlying conditions that led to the high-risk designation continue to exist. Thus, the Service's transformation efforts and long-term outlook remains on GAO's high-risk list. What GAO Found: The Postal Service's financial viability is at risk because its business model--which relies on mail volume growth to mitigate rate increases and cover its costs--is not sustainable in an increasingly competitive environment, given new and emerging technologies. Financial, operational, governance, and human capital challenges threaten the Service's ability to remain self-supporting while providing affordable, high-quality, and universal postal service. Key trends that demonstrate the need for reform include declining mail volume, particularly for First-Class Mail; changes in the mail mix from high-margin to lower-margin products; changing demographics of the aging postal workforce; growing competition from private delivery companies; and projected revenue declines while expenses increase. The Service continues to face challenges in addressing its large financial liabilities and obligations (e.g., retiree health obligations), as well as in restructuring its infrastructure and workforce to become more efficient and performance based. First-Class Mail Volume Growth, Fiscal Years 1984 through 2004: [See PDF for image] [End of figure] The Service has recently cut costs and improved productivity, but it is not clear how the Service will realign its outdated infrastructure and modernize its workforce policies and practices to achieve additional long-term productivity gains. The Service has stated that it is using an evolutionary approach to transform its infrastructure and workforce. However, little information is available about its plans for this important effort. Many questions remain as to whether such an incremental approach will be sufficiently comprehensive, integrated, and responsive to the increasing pace of change in technology and competition affecting the Service's core business. Without bold action and better communication, the Service risks falling short of achieving the major productivity gains needed to offset rising costs and maintain quality service and affordable rates. Further, the Congress has not yet enacted comprehensive postal reform legislation that addresses the Service's key structural and systemic deficiencies, including its unfunded obligation for retiree health benefits and the escrow requirement. Without such action, the accessibility and affordability of postal services to the American people is at risk, which could result in dramatic increases in postal rates or a costly taxpayer bailout. What Remains to Be Done: To preserve its mission and financial viability and meet its key challenges, the Service needs to take bold action and better communicate how it plans to realign its infrastructure and workforce. Also, GAO continues to believe that comprehensive postal reform legislation is needed to clarify the Service's mission and role; enhance governance, transparency, and accountability; improve regulation of postal rates and oversight; address long-term financial obligations; and make human capital reforms. Related Products: U.S. Postal Service Transformation Efforts and Long-Term Outlook: GAO Products: U.S. Postal Service: USPS Needs to Clearly Communicate How Postal Services May Be Affected by Its Retail Optimization Plans. GAO-04-803. Washington, D.C.: July 13, 2004. Postal Service: Progress in Implementing Supply Chain Management Initiatives. GAO-04-540. Washington, D.C.: May 17, 2004. U.S. Postal Service: Key Reasons for Postal Reform. GAO-04-565T. Washington, D.C.: March 23, 2004. Need for Comprehensive Postal Reform. GAO-04-455R. Washington, D.C.: February 6, 2004. U.S. Postal Service: Key Elements of Comprehensive Postal Reform. GAO- 04-397T. Washington, D.C.: January 28, 2004. Postal Pension Funding Reform: Issues Related to the Postal Service's Proposed Use of Pension Savings. GAO-04-238. Washington, D.C.: November 26, 2003. Postal Pension Funding Reform: Review of Military Service Funding Proposals. GAO-04-281. Washington, D.C.: November 26, 2003. U.S. Postal Service: Bold Action Needed to Continue Progress on Postal Transformation. GAO-04-108T. Washington, D.C.: November 5, 2003. Federal Real Property: Vacant and Underutilized Properties at GSA, VA, and USPS. GAO-03-747. Washington, D.C.: August 19, 2003. U.S. Postal Service: A Primer on Postal Worksharing. GAO-03-927. Washington, D.C.: July 31, 2003. U.S. Postal Service: Key Postal Transformation Issues. GAO-03-812T. Washington, D.C.: May 29, 2003. Review of the Office of Personnel Management's Analysis of the United States Postal Service's Funding of Civil Service Retirement System Costs. GAO-03-448R. Washington, D.C.: January 31, 2003. Other Products: President's Commission on the United States Postal Service: Embracing the Future: Making the Tough Choices to Preserve Universal Mail Service. http://www.treas.gov/offices/domestic-finance/usps/ Washington, D.C.: July 31, 2003. For more information on U.S. Postal Service major management challenges, see http://www.gao.gov/pas/2005/postal.htm. HIGH-RISK SERIES: Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures: GAO Highlights: Why Area Is High Risk: For additional information about this high-risk area, contact Joel Willemssen at (202) 512-6253 or willemssenj@gao.gov. What GAO Found: With the enactment of the Federal Information Security Management Act of 2002 (FISMA), the Congress continued its work to improve federal information security by permanently authorizing and strengthening key information security requirements. The administration has also made progress through a number of efforts, including the Office of Management and Budget's emphasis on information security in the budget process. However, significant information security weaknesses at federal agencies continue to place a broad array of federal operations and assets at risk of fraud, misuse, and disruption. Although recent reporting by these agencies showed some improvements, GAO found that many agencies still have not established information security programs consistent with FISMA's overall requirement to develop, document, and implement an agencywide information security program. For example, agencies are not consistently: * performing periodic risk assessments, * developing and maintaining current security plans, * creating and testing contingency plans, or: * evaluating and monitoring the effectiveness of security controls. Federal efforts have been taken to protect our nation's critical public and private information infrastructures. For example, federal policy emphasizes the importance of cooperative efforts among state and local governments and the private sector to protect these information infrastructures, and has established specific cyber responsibilities for the Department of Homeland Security and other federal agencies involved with the private sector in CIP. In addition, the federal government has led efforts to research and develop (R&D) new technologies; coordinate responses to incidents, threats, and vulnerabilities; and develop analysis and warnings capabilities related to critical information infrastructures. However, this area remains high risk as the federal government continues to face the critical challenges shown below. Challenges to Effective Cyber Critical Infrastructure Protection: Challenge: Policy and guidance; Description: Developing a comprehensive and coordinated national plan to facilitate CIP that clearly delineates the roles and responsibilities of federal and nonfederal CIP entities, defines interim objectives and milestones, sets time frames for achieving objectives, and establishes performance measures. Challenge: Trusted relationships; Description: Developing productive relationships within the federal government and between the federal government and state and local governments and the private sector. Challenge: Analysis and warning capabilities; Description: Improving the federal government's capabilities to analyze incident, threat, and vulnerability information obtained from numerous sources and share appropriate, timely, and useful warnings and other information concerning both cyber and physical threats to federal and nonfederal entities. Challenge: Information sharing incentives; Description: Providing appropriate incentives for nonfederal entities to increase information sharing with the federal government and enhance other CIP efforts. Source: GAO. [End of table] What Remains to Be Done: Federal agencies and our nation's critical infrastructures--such as power distribution, water supply, telecommunications, national defense, and emergency services--rely extensively on computerized information systems and electronic data to carry out their missions. The security of these systems and data is essential to preventing data tampering, disruptions in critical operations, fraud, and inappropriate disclosure of sensitive information. Protecting federal computer systems and the systems that support critical infrastructures--referred to as cyber critical infrastructure protection, or cyber CIP--is a continuing concern. Federal information security has been on GAO's list of high-risk areas since 1997; in 2003, GAO expanded this high-risk area to include cyber CIP. The continued risks to information systems include the escalating threat of computer security incidents, the ease of obtaining and using hacking tools, the steady advance in the sophistication and effectiveness of attack technology, and the emergence of new and more destructive attacks. Related Products: Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures: Critical Infrastructure Protection: Improving Information Sharing with Infrastructure Sectors. GAO-04-780. Washington, D.C.: July 9, 2004. Information Security: Agencies Need to Implement Consistent Processes in Authorizing Systems for Operation. GAO-04-376. Washington, D.C.: June 28, 2004. Information Security: Continued Action Needed to Improve Software Patch Management. GAO-04-706. Washington, D.C.: June 2, 2004. Information Security: Information System Controls at the Federal Deposit Insurance Corporation. GAO-04-630. Washington, D.C.: May 28, 2004. Technology Assessment: Cybersecurity for Critical Infrastructure Protection. GAO-04-321. Washington, D.C.: May 28, 2004. Information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements. GAO-04-483T. Washington, D.C.: March 16, 2004. Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems. GAO-04-354. Washington, D.C.: March 15, 2004. Information Security: Technologies to Secure Federal Systems. GAO-04- 467. Washington, D.C.: March 9, 2004. Information Security: Further Efforts Needed to Address Serious Weaknesses at USDA. GAO-04-154. Washington, D.C.: January 30, 2004. Information Security: Improvements Needed in Treasury's Security Management Program. GAO-04-77. Washington, D.C.: November 14, 2003. Information Security: Computer Controls over Key Treasury Internet Payment System. GAO-03-837. Washington, D.C.: July 30, 2003. FDIC Information Security: Progress Made but Existing Weaknesses Place Data at Risk. GAO-03-630. Washington, D.C.: June 18, 2003. Information Security: Progress Made, but Weaknesses at the Internal Revenue Service Continue to Pose Risks. GAO-03-44. Washington, D.C.: May 30, 2003. Information Security: Progress Made, but Challenges Remain to Protect Federal Systems and the Nation's Critical Infrastructures. GAO-03-564T. Washington, D.C.: April 8, 2003. Critical Infrastructure Protection: Efforts of the Financial Services Sector to Address Cyber Threats. GAO-03-173. Washington, D.C.: January 30, 2003. HIGH-RISK SERIES: Managing Federal Real Property: GAO Highlights: For additional information about this high-risk area, contact Mark Goldstein at (202) 512-2834 or goldsteinm@gao.gov. Why Area Is High Risk: In January 2003, GAO designated federal real property as a high-risk area due to long-standing problems with excess and underutilized property, deteriorating facilities, unreliable real property data, and costly space challenges. Federal agencies were also facing many challenges in protecting their facilities due to the threat of terrorism. To date, the underlying conditions that led to the designation continue, and more remains to be done to address these problems and the obstacles that prevent agencies from solving them. As a result, this area remains high risk. What GAO Found: The federal real property portfolio is vast and diverse--over 30 agencies control hundreds of thousands of real property assets worldwide, including facilities and land worth hundreds of billions of dollars. Unfortunately, many of these assets are no longer effectively aligned with, or responsive to, agencies' changing missions. Further, many assets are in an alarming state of deterioration; agencies have estimated restoration and repair needs to be in the tens of billions of dollars. Compounding these problems are the lack of reliable governmentwide data for strategic asset management; a heavy reliance on costly leasing, instead of ownership, to meet new needs; and the cost and challenge of protecting these assets against terrorism. In February 2004, the President added the Federal Asset Management Initiative to the President's Management Agenda and signed Executive Order 13327. The order requires senior real property officers at all executive branch departments and agencies to, among other things, prioritize actions needed to improve the operational and financial management of the agency's real property inventory. A new Federal Real Property Council at the Office of Management and Budget (OMB) has developed guiding principles for real property asset management and is also developing performance measures, a real property inventory database, and an agency asset management planning process. In addition to these reform efforts, agencies such as the Departments of Defense (DOD) and Veterans Affairs (VA) have made progress in addressing long- standing federal real property problems. For example, DOD is preparing for a round of base realignment and closures in 2005. Also, in May 2004, VA announced a wide range of asset realignment decisions. These and other efforts are positive steps, but it is too early to judge whether the administration's focus on this area will have a lasting impact. The underlying conditions and related obstacles that led to GAO's high-risk designation continue to exist. Remaining obstacles include competing stakeholder interests in real property decisions; various legal and budget-related disincentives to optimal, businesslike, real property decisions; and the need for better capital planning among agencies. Examples of Vacant GSA, VA, and USPS Facilities: [See PDF for image] [End of figure] What Remains to Be Done: Since January 2003, some important efforts to address the problems have been initiated by the administration and executive agencies, including a Presidential Executive Order on real property reform and OMB's development of guiding principles for real property asset management. The executive order is clearly a positive step. However, it has not been fully implemented, and GAO continues to believe that there is a need for a comprehensive, integrated transformation strategy for real property. In addition, further actions are necessary to address the underlying problems and related obstacles, including competing stakeholder interests in real property decisions and legal and budget- related disincentives to optimal, businesslike, real property decisions. Related Products: Managing Federal Real Property: Homeland Security: Further Actions Needed to Coordinate Federal Agencies' Protection Efforts and Promote Key Practices. GAO-05-49. Washington, D.C.: November 30, 2004. Embassy Construction: Achieving Concurrent Construction Would Help Reduce Costs and Meet Security Goals. GAO-04-952. Washington, D.C.: September 28, 2004. Homeland Security: Transformation Strategy Needed to Address Challenges Facing the Federal Protective Service. GAO-04-537. Washington, D.C.: July 14, 2004. U.S. Postal Service: Key Elements of Comprehensive Postal Reform. GAO- 04-397T. Washington, D.C.: January 28, 2004. Budget Issues: Agency Implementation of Capital Planning Principles Is Mixed. GAO-04-138. Washington, D.C.: January 16, 2004. Embassy Construction: State Department Has Implemented Management Reforms, but Challenges Remain. GAO-04-100. Washington, D.C.: November 4, 2003. Federal Real Property: Actions Needed to Address Long-standing and Complex Problems. GAO-04-119T. Washington, D.C.: October 1, 2003. National Park Service: Efforts Underway to Address Its Maintenance Backlog. GAO-03-1177T. Washington, D.C: September 27, 2003. Federal Real Property: Vacant and Underutilized Properties at GSA, VA, and USPS. GAO-03-747. Washington, D.C.: August 19, 2003. VA Health Care: Framework for Analyzing Capital Asset Realignment for Enhanced Services Decisions. GAO-03-1103R. Washington, D.C.: August 18, 2003. Military Base Closures: Better Planning Needed for Future Reserve Enclaves. GAO-03-723. Washington, D.C.: June 27, 2003. Military Housing: Opportunities That Should Be Explored to Improve Housing and Reduce Costs for Unmarried Junior Servicemembers. GAO-03- 602. Washington, D.C.: June 10, 2003. Federal Real Property: Executive and Legislative Actions Needed to Address Long-standing and Complex Problems. GAO-03-839T. Washington, D.C.: June 5, 2003. HIGH-RISK SERIES: Implementing and Transforming the Department of Homeland Security: GAO Highlights: For additional information about this high-risk area, contact Norm Rabkin at (202) 512-8777 or rabkinn@gao.gov. Why Area Is High Risk: GAO designated implementing and transforming the Department of Homeland Security (DHS) as high risk in 2003 because DHS had to transform 22 agencies--several with major management challenges--into one department, and failure to effectively address its management challenges and program risks could have serious consequences for our national security. The areas GAO identified as at risk include planning and priority setting; accountability and oversight; and a broad array of management, programmatic, and partnering challenges. What GAO Found: Since its inception in March 2003, DHS leadership has provided a foundation for maintaining critical operations while undergoing transformation. DHS has worked to protect the homeland and secure transportation and borders, funded emergency preparedness improvements and emerging technologies, assisted law enforcement activities against suspected terrorists, and issued its first strategic plan. However, in managing its transformation, DHS must overcome a number of significant challenges that as yet have not been adequately addressed. For example, annual goals and time frames are vague or missing, and the capacity to achieve them is uncertain. Performance measures and plans to monitor, assess, and independently evaluate the effectiveness of corrective measures are not fully developed. In addition, DHS has not completed legislatively mandated comprehensive threat and risk assessments to set priorities and to focus its limited resources to mitigate the greatest risk. Moreover, given these challenges, DHS needs sustained leadership and a commitment to a strategy that incorporates accountability and oversight to succeed in its multiyear transformation. DHS also must follow through on its initial actions to address its management, programmatic, and partnering challenges. DHS's high-risk management challenges and actions include: * strengthening internal controls and reducing the number of material weaknesses in its financial systems; * fully establishing and institutionalizing a departmentwide strategic framework for managing information; and: * addressing systemic problems in human capital and acquisition systems. Concurrently, DHS is initiating corrective actions on a broad array of programmatic challenges that require sustained effort. These challenges include improving transportation, cargo, and border security; systematically tracking visitors; consolidating border security functions; updating outmoded capabilities in the Coast Guard fleet; and balancing homeland security with other missions, such as law enforcement and disaster planning. Also, DHS's progress in forming effective partnerships with other governmental and private-sector entities remains challenged in several critical areas, such as improving critical infrastructure protection and emergency preparedness, communication among first responders, dissemination of timely and specific threat information, and planning for continuity of operations in case of an adverse event. Overall, DHS has made some progress, but significant challenges remain to concurrently transform DHS into a more effective organization with robust planning, management, and operations while maintaining and improving readiness for its highly critical mission to secure the homeland. Therefore, DHS's transformation remains high risk. What Remains to Be Done: Successful transformations of large organizations, even those faced with less strenuous reorganizations and pressure for immediate results than DHS, can take from 5 to 7 years to take hold on a sustainable basis. For DHS to successfully address its daunting management challenges and transform itself into a more effective organization, it needs to (1) develop a departmentwide implementation and transformation strategy that includes comprehensive threat and risk assessment and strategic management principles to set goals and priorities, focus its limited resources, and establish key milestones and accountability provisions; (2) develop adequate performance measures and evaluation plans; (3) provide sound and innovative human capital management; and (4) follow through on its corrective actions to address management, programmatic, and partnering challenges. Related Products: Implementing and Transforming the Department of Homeland Security: GAO Products: Homeland Security: Further Actions Needed to Coordinate Federal Agencies' Facility Protection Efforts and Promote Key Practices. GAO- 05-49. Washington, D.C.: November 30, 2004. Homeland Security: Effective Regional Coordination Can Enhance Emergency Preparedness. GAO-04-1009. Washington, D.C.: September 15, 2004. Department of Homeland Security: Formidable Information and Technology Management Challenge Requires Institutional Approach. GAO-04-702. Washington, D.C.: August 27, 2004. Homeland Security: Transformation Strategy Needed to Address Challenges Facing the Federal Protective Service. GAO-04-537. Washington D.C.: July 14, 2004. The Chief Operating Officer Concept and its Potential Use as a Strategy to Improve Management at the Department of Homeland Security. GAO-04- 876R. Washington, D.C.: June 28, 2004. Human Capital: DHS Faces Challenges in Implementing Its New Personnel System. GAO-04-790. Washington, D.C.: June 18, 2004. Transportation Security Administration: High-Level Attention Needed to Strengthen Acquisition Function. GAO-04-544. Washington, D.C.: May 28, 2004. Homeland Security: Summary of Challenges Faced in Targeting Oceangoing Cargo Containers for Inspection. GAO-04-557T. Washington, D.C.: March 31, 2004. Homeland Security: Risks Facing Key Border and Transportation Security Program Need to Be Addressed. GAO-04-569T. Washington, D.C.: March 18, 2004. Contract Management: Coast Guard's Deepwater Program Needs Increased Attention to Management and Contractor Oversight. GAO-04-380. Washington, D.C.: March 9, 2004. Aviation Security: Challenges Exist in Stabilizing and Enhancing Passenger and Baggage Screening Operations. GAO-04-440T. Washington, D.C.: February 12, 2004. DHS Products: Major Management Challenges Facing the Department of Homeland Security. OIG-05-06. DHS Office of the Inspector General. Washington, D.C.: December 2004. For more information on Department of Homeland Security major management challenges, see http://www.gao.gov/pas/2005/dhs.htm: HIGH-RISK SERIES: Department of Defense Business Systems Modernization: GAO Highlights: For additional information about this high-risk area, contact Randolph C. Hite at (202) 512-3439 or hiter@gao.gov. Why Area Is High Risk: Within the context of the Department of Defense's (DOD) business transformation efforts, the department is spending billions of dollars to modernize its business systems. While some aspects of its systems modernization management have been improved, many of the underlying conditions that contributed to past failures to improve these systems remain fundamentally unchanged. As a result, DOD as a whole remains far from where it needs to be to effectively and efficiently manage an undertaking with the size, complexity, and significance of its departmentwide business systems modernization. GAO first designated this program as high risk in 1995; it remains so today. What GAO Found: DOD, one of the largest and most complex organizations in the world, reported that it relies on over 4,000 systems to conduct its business operations. These systems currently function in a stovepiped, duplicative, and nonintegrated environment that contributes to the department's operational problems. For years, DOD has attempted to modernize these systems, and GAO has provided numerous recommendations to help guide modernization efforts. For example, in 2001 GAO provided DOD with a set of recommendations to help it develop and use an enterprise architecture (modernization blueprint) and establish effective investment management controls to guide and constrain how it was spending billions of dollars annually on information technology systems. GAO also made numerous project-specific and DOD-wide recommendations aimed at getting DOD to follow proven best practices when it acquired systems solutions. While DOD agreed with most of these recommendations, to date the department has made uneven progress in addressing them. After 3 years and over $200 million in obligations, DOD still has not developed a business enterprise architecture containing sufficient scope and detail to guide and constrain its departmentwide systems modernization and business transformation. One reason for this limited progress is its failure to adopt key architecture management best practices that GAO recommended, such as developing plans for creating the architecture; assigning accountability and responsibility for directing, overseeing, and approving the architecture; and defining performance metrics for evaluating it. Furthermore, the department still lacks an effective investment management process for selecting and controlling ongoing and planned business systems investments. While it has issued a policy that assigns investment management responsibilities for business systems, it has not yet defined the detailed procedures necessary for implementing the policy, clearly defined the roles and responsibilities of the business domain owners, established common investment criteria, or ensured that its business systems are consistent with the architecture. Instead, each DOD component continues to make its own parochial investment decisions. Finally, DOD incorporated some, but not all, key acquisition best practices and needed controls in its revised systems acquisition policies and guidance. Without these controls, DOD cannot adequately ensure that its components will appropriately follow and implement the practices contained within the guidance. For example, GAO recently reported that two DOD initiatives experienced operational problems, schedule delays, and cost increases of hundreds of millions of dollars, in part because the department failed to implement disciplined requirements management and testing processes. Until it implements GAO's systems modernization recommendations and related transformation proposals, DOD will remain at risk of spending billions of dollars on systems that do not provide needed capabilities on time and within budget, in turn hampering its business transformation efforts. What Remains to Be Done: To DOD's credit, its senior leaders are committed to improving its systems modernization management efforts. Nevertheless, the department continues to face key challenges. To be successful, DOD needs to follow through on its stated commitment to implement GAO's open recommendations aimed at employing proven systems modernization management frameworks that are grounded in legislation, federal guidance, and best practices. These generally fall into three key areas: (1) develop and use an enterprise architecture, (2) institute effective investment management practices, and (3) establish and implement effective systems acquisition processes. GAO has also proposed establishing a senior DOD position for all transformation efforts, including systems modernization, and that systems funding control be given to the business domain owners reporting to this official. Related Products: Department of Defense Business Systems Modernization: Department of Defense: Further Actions Are Needed to Effectively Address Business Management Problems and Overcome Key Business Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 2004. Information Technology: DOD's Acquisition Policies and Guidance Need to Incorporate Additional Best Practices and Controls. GAO-04-722. Washington, D.C.: July 30, 2004. Department of Defense: Financial and Business Management Transformation Hindered by Long-standing Problems. GAO-04-941T. Washington, D.C.: July 8, 2004. DOD Business Systems Modernization: Billions Continue to Be Invested with Inadequate Management Oversight and Accountability. GAO-04-615. Washington, D.C.: May 28, 2004. DOD Business Systems Modernization: Limited Progress in Development of Business Enterprise Architecture and Oversight of Information Technology Investments. GAO-04-731R. Washington, D.C.: May 17, 2004. Department of Defense: Further Actions Needed to Establish and Implement a Framework for Successful Business Transformation. GAO-04- 626T. Washington, D.C.: March 31, 2004. Department of Defense: Further Actions Needed to Establish and Implement a Framework for Successful Financial and Business Management Transformation. GAO-04-551T. Washington, D.C.: March 23, 2004. DOD Business Systems Modernization: Important Progress Made to Develop Business Enterprise Architecture, but Much Work Remains. GAO-03-1018. Washington, D.C.: September 19, 2003. Business Systems Modernization: Summary of GAO's Assessment of the Department of Defense's Initial Business Enterprise Architecture. GAO- 03-877R. Washington, D.C.: July 7, 2003. DOD Business Systems Modernization: Long-standing Management and Oversight Weaknesses Continue to Put Investments at Risk. GAO-03-553T. Washington, D.C.: March 31, 2003. Information Technology: Observations on Department of Defense's Draft Enterprise Architecture. GAO-03-571R. Washington, D.C.: March 28, 2003. DOD Business Systems Modernization: Continued Investment in Key Accounting Systems Needs to Be Justified. GAO-03-465. Washington, D.C.: March 28, 2003. DOD Business Systems Modernization: Improvements to Enterprise Architecture Development and Implementation Efforts Needed. GAO-03- 458. Washington, D.C.: February 28, 2003. For more information on Department of Defense major management challenges, see http://www.gao.gov/pas/2005/dod.htm. High-Risk Series: Department of Defense Approach to Business Transformation: GAO Highlights: For additional information about this high-risk area, contact Sharon Pickup at (202) 512-9619 or pickups@gao.gov. Why Area Is High Risk: DOD has initiated various efforts to transform business operations. However, current business processes continue to result in reduced effectiveness and efficiencies at a time when DOD is challenged to maintain a high level of operations while competing for resources in a fiscally constrained environment. DOD has not yet developed a clear strategic and integrated plan for business reform or a well-defined blueprint--an enterprise architecture--to guide and constrain implementation of such a plan. For these reasons, GAO is designating-- for the first time--the lack of a strategic and integrated planning approach to DOD's business transformation as high risk. From a departmentwide perspective, GAO has also reported on limitations in DOD's strategic planning and budgeting, including the mismatch between programs and budgets. GAO is aware of DOD's plans to implement a risk- based approach to making investment decisions and resolve the mismatch issue, and is monitoring this effort. What GAO Found: DOD spends billions of dollars to sustain key business operations intended to support the warfighter, including systems and processes related to the management of contracts, finances, the supply chain, support infrastructure, and weapons systems acquisition. GAO has reported on inefficiencies in DOD's business operations, such as the lack of sustained leadership, the lack of a strategic and integrated business transformation plan, and inadequate incentives. Moreover, the lack of adequate transparency and accountability across DOD's major business areas results in billions of dollars of wasted resources annually at a time of increasing military operations and growing fiscal constraints. The Secretary of Defense estimates that improving business operations could save 5 percent of DOD's annual budget. Based on DOD's reported fiscal year 2004 budget, this would represent a savings of about $22 billion a year. DOD has embarked on a series of efforts to reform its business operations, including modernizing underlying information technology (business) systems. However, serious inefficiencies remain. The areas of business systems modernization; contract, financial, supply chain, and support infrastructure management; and weapons systems acquisition remain high risk. Because (1) DOD's business improvement initiatives and control over resources is fragmented, (2) DOD lacks a clear strategic and integrated business transformation plan and investment strategy, and (3) DOD has not designated a senior management official to be responsible and accountable for overall business reform and related resources, GAO now considers DOD's approach to business transformation to be a high-risk area. Business transformation requires long-term cultural change and business process reengineering and a commitment from the executive and legislative branches of government. Sound strategic planning is the foundation on which to build but DOD needs clear, capable, sustained, and professional leadership to maintain the continuity necessary for success. Such leadership would provide the attention essential for addressing key stewardship responsibilities--such as strategic planning, performance management, business information management, and financial management--in an integrated manner, while helping to facilitate transformation within DOD. Since 1999, GAO has recommended a comprehensive, integrated strategy and action plan for reforming DOD's major business operations and support activities. In 2004, GAO suggested that DOD clearly establish management accountability for business reform. While DOD is developing an enterprise architecture for modernizing its business processes and supporting information technology assets, it has not assigned management responsibility or developed a comprehensive and integrated strategy or action plan for managing its many business improvement initiatives. Unless they are addressed in a unified and timely fashion, DOD will continue to see billions of dollars, which could be directed to other higher priorities, consumed to support inefficiencies in its business functions. What Remains to Be Done: DOD needs to establish sustained leadership that is responsible and accountable for overall business transformation efforts. DOD also needs to develop and implement a strategic, integrated business transformation plan that includes specific goals, measures, and accountability mechanisms to monitor progress. One option to help achieve these goals is to legislatively create a full-time chief management officer position with long-term "good government" responsibilities that are professional and nonpartisan in nature. Related Products: Department of Defense Approach to Business Transformation: Comptroller General of the United States. Transformation Challenges. Presented to the Defense Intelligence Agency Board of Directors. Arlington, Va.: December 9, 2004. Department of Defense: Further Actions Are Needed to Effectively Address Business Management Problems and Overcome Key Business Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 2004. Department of Defense: Long-standing Problems Continue to Impede Financial and Business Management Transformation. GAO-04-907T. Washington, D.C.: July 7, 2004. DOD Systems Modernization: Billions Continue to Be Invested with Inadequate Management Oversight and Accountability. GAO-04-615. Washington, D.C.: May 27, 2004. DOD Business Systems Modernization: Limited Progress in Development of Business Enterprise Architecture and Oversight of Information Technology Investments. GAO-04-731R. Washington, D.C.: May 17, 2004. Department of Defense: Further Actions Needed to Establish and Implement a Framework for Successful Financial and Business Management Transformation. GAO-04-551T. Washington, D.C.: March 23, 2004. Comptroller General of the United States. Truth and Transparency: The Federal Government's Financial Condition and Fiscal OutLook. Presented before the National Press Club. Washington, D.C.: September 17, 2003. Major Management Challenges and Program Risks: Department of Defense. GAO-03-98. Washington, D.C.: January 1, 2003. Defense Management: New Management Reform Program Still Evolving. GAO- 03-58. Washington, D.C.: December 12, 2002. Defense Management: Actions Needed to Sustain Reform Initiatives and Achieve Greater Results. GAO/NSIAD-00-72. Washington, D.C.: July 25, 2000. Defense Reform Initiative: Organization, Status, and Challenges. GAO/ NSIAD-99-87. Washington, D.C.: April 21, 1999. For more information on Department of Defense major management challenges, see http://www.gao.gov/pas/2005/dod.htm. High-Risk Series: Establishing Appropriate and Effective Information-Sharing Mechanisms to Improve Homeland Security: GAO Highlights: For additional information about this high-risk area, contact Joel Willemssen at (202) 512-6253 or willemssenj@gao.gov or Norm Rabkin at (202) 512-9110 or rabkinn@gao.gov. Why Area Is High Risk: Since September 11, 2001, multiple federal agencies have been assigned key roles in sharing information for homeland security purposes. This area has received increased attention but the federal government still faces formidable challenges in gathering, identifying, analyzing, and disseminating key information within and among federal, state, local and private entities in an appropriate and timely manner. Recent federal law and policy changes established requirements for information-sharing efforts, including the development of processes and procedures for sharing intelligence, law enforcement, immigration, critical infrastructure, first responder, and other homeland security related information. However, the required policies and procedures are still being developed and need to be consistently and effectively implemented. What GAO Found: The 9/11 Commission Report recognized the need to improve information and intelligence collection, sharing, and analysis for homeland security efforts within federal and nonfederal entities. Over the past several years, GAO has identified potential information-sharing barriers, critical success factors, and other key management issues to facilitate information sharing among and between government entities and the private sector. Effective information sharing is currently hindered by the absence of key practices, including (1) developing strategic plans; (2) establishing processes, procedures, and mechanisms; and (3) appropriately implementing incentives. Accordingly, GAO is designating this area as high risk. Since 1998, GAO has recommended the development of comprehensive plans for information sharing to support critical infrastructure protection efforts. Key elements of GAO's recommendation can be applied to broader homeland security and intelligence-sharing efforts, including clearly delineating the roles and responsibilities of federal and nonfederal entities, defining interim objectives and milestones, setting time frames, and establishing performance metrics. Administration efforts are currently under way to develop such plans. Information sharing barriers among federal agencies include the existence of overlapping sets of data, inconsistent agency policies for the sharing of data, and technical incompatibilities that impede consolidation of data. For example, in 2003 GAO found that these challenges hindered consolidation of watch list data. In addition, recent reports from the inspectors general at the departments of Homeland Security and Justice highlight the challenges of integrating and sharing information between fingerprint databases. GAO also determined that the federal agencies had not established processes and procedures for disseminating homeland security information to the private sector. For example, according to industry officials, law enforcement agencies did not provide the chemical manufacturing industry with specific and accurate threat information in a well-coordinated manner. Without this information, chemical companies cannot effectively design facility security systems and protocols, and the federal government cannot accurately assess the facilities' vulnerability to terrorist attacks. Until information-sharing mechanisms are instituted, federal agencies and private entities will be constrained in their ability to effectively analyze incident, threat, and vulnerability information to prevent terrorist attacks. Finally, the federal government needs to more effectively consider the use of public policy tools, such as grants, regulations, and tax incentives, to encourage private-sector participation in sharing homeland security information. Although the private sector has emphasized the need for government funding to assist with its information-sharing efforts, the government has not comprehensively assessed potential public policy tools to encourage the private sector to share information. What Remains to Be Done: While federal agencies concurred with prior GAO recommendations, action has been limited. To address potential barriers to information sharing, strategies should be developed to address information-sharing challenges, including: * establishing clear goals, objectives, and expectations for participants in information-sharing efforts; * consolidating, standardizing, and enhancing federal structures, policies, and capabilities for the analysis and dissemination of information, where appropriate; and: * assessing the need for public policy tools to encourage private- sector participation. Related Products: Establishing Appropriate and Effective Information-Sharing Mechanisms to Improve Homeland Security: Homeland Security: Further Actions Needed to Coordinate Federal Agencies' Facility Protection Efforts and Promote Key Practices. GAO- 05-49. Washington, D.C.: November 30, 2004. Information Technology: Major Federal Networks That Support Homeland Security Functions. GAO-04-375. Washington, D.C.: September 17, 2004. 9/11 Commission Report: Reorganization, Transformation, and Information Sharing. GAO-04-1033T. Washington, D.C.: August 3, 2004. Critical Infrastructure Protection: Improving Information Sharing with Infrastructure Sectors. GAO-04-780. Washington, D.C.: July 9, 2004. Critical Infrastructure Protection: Establishing Effective Information Sharing with Infrastructure Sectors. GAO-04-699T. Washington, D.C.: April 21, 2004. Homeland Security: Information-Sharing Responsibilities, Challenges, and Key Management Issues. GAO-03-1165T. Washington, D.C.: September 17, 2003. Homeland Security: Efforts to Improve Information Sharing Need to Be Strengthened. GAO-03-760. Washington, D.C.: August 27, 2003. Homeland Security: Information-Sharing Responsibilities, Challenges, and Key Management Issues. GAO-03-715T. Washington, D.C.: May 8, 2003. Information Technology: Terrorist Watch Lists Should Be Consolidated to Promote Better Integration and Sharing. GAO-03-322. Washington, D.C.: April 15, 2003. Homeland Security: Voluntary Initiatives Are Under Way at Chemical Facilities, but the Extent of Security Preparedness Is Unknown. GAO-03- 439. Washington, D.C.: March 14, 2003. Critical Infrastructure Protection: Challenges for Selected Agencies and Industry Sectors. GAO-03-233. Washington, D.C.: February 28, 2003. Critical Infrastructure Protection: Efforts of the Financial Services Sector to Address Cyber Threats. GAO-03-173. Washington, D.C.: January 30, 2003. Information Sharing: Practices That Can Benefit Critical Infrastructure Protection. GAO-02-24. Washington, D.C.: October 15, 2001. High-Risk Series: Department of Defense Personnel Security Clearance Program: GAO Highlights: For additional information about this high-risk area, contact Derek B. Stewart at (202) 512-5559 or stewartd@gao.gov. Why Area Is High Risk: The Department of Defense (DOD) is responsible for issuing security clearances for some 2 million people. These include DOD military and civilian personnel as well as nearly 700,000 industry personnel who work on contracts for DOD and 22 other federal agencies. Security clearances give workers access to information that, in some cases, could cause exceptionally grave damage if it were disclosed without authorization. Since fiscal year 2000, DOD has listed its personnel security investigations program as a systemic weakness--a weakness that affects more than one DOD component and may jeopardize the department's operations. In October 2002, the House Committee on Government Reform recommended that DOD's adjudicative process--decisions on clearance eligibility--also be designated as a material weakness. This year GAO is designating DOD's security clearance program as a high-risk area because its delays in issuing clearances can affect national security. What GAO Found: As in the past, DOD continues to face sizeable security clearance backlogs. As of September 2003 (the most recent data available), DOD had roughly 270,000 investigative and 90,000 adjudicative cases that had not been completed within the established time frames. The size of its backlog of overdue, but not-yet-submitted reinvestigations was unknown; in 2000, this part of the backlog amounted to 500,000 cases. Such backlogs can increase the amount of time it takes to determine clearance eligibility. In fiscal year 2003, for example, industry personnel needed an average of 375 days to get a clearance. Such delays increase national security risks, delay the start of classified work, hamper employers from hiring the best qualified workers, and increase the government's cost of national security-related contracts. DOD's Personnel Security Clearance Process: [See PDF for image] [End of figure] Several impediments have hindered DOD's ability to accurately estimate and eliminate its clearance backlogs: (1) the large and inaccurately forecasted number and type of new requests submitted since the terrorist attacks of September 11, 2001; (2) insufficient investigator and adjudicator workforces; (3) problems gaining access to state, local, and overseas investigative information; (4) inadequate DOD program oversight and monitoring; (5) delays in fully implementing a new adjudication tracking system that DOD's Chief Information Officer identified as mission critical; and (6) the lack of a comprehensive, integrated management plan to address various obstacles. While GAO's work focused on DOD, clearance delays in other agencies suggest that similar impediments and their effects may extend beyond DOD. DOD has taken positive steps toward addressing some of the impediments. For example, DOD agencies have hired additional adjudicative staff, and DOD is issuing interim clearances to help reduce backlogs and delays. DOD also is consolidating two adjudication facilities and is looking at initiatives, such as phased periodic reinvestigations for top secret clearances, to make staff available for more productive uses. While promising, the initiative would require a change to governmentwide investigative standards and regulations before it could be implemented. The National Defense Authorization Act for Fiscal Year 2004 authorized the transfer of DOD's personnel security investigative function and over 1,800 investigative employees to the Office of Personnel Management (OPM). The transfer is scheduled to take place in February 2005. The transfer would eliminate DOD's responsibility for conducting the investigations, but the change in responsibility alone will not reduce the shortages of investigative personnel. What Remains to Be Done: To improve its security clearance program, DOD needs to (1) develop and use new methods for forecasting clearance needs and monitoring backlogs; (2) match adjudicative staffing to workloads; (3) work with OPM to implement a comprehensive, integrated management plan for eliminating the backlogs and delays; and (4) determine the feasibility of implementing promising initiatives. DOD fully concurred or partially concurred with all of GAO's recommendations. Related Products: Department of Defense Personnel Security Clearance Program: Intelligence Reform: Human Capital Considerations Critical to 9/11 Commission's Proposed Reforms. GAO-04-1084T. Washington, D.C.: September 14, 2004. DOD Personnel Clearances: Additional Steps Can Be Taken to Reduce Backlogs and Delays in Determining Security Clearance Eligibility for Industry Personnel. GAO-04-632. Washington, D.C.: May 26, 2004. DOD Personnel Clearances: Preliminary Observations Related to Backlogs and Delays in Determining Security Clearance Eligibility for Industry Personnel. GAO-04-202T. Washington, D.C.: May 6, 2004. Security Clearances: FBI Has Enhanced Its Process for State and Local Law Enforcement Officials. GAO-04-596. Washington, D.C.: April 30, 2004. Industrial Security: DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information. GAO-04-332. Washington, D.C.: March 3, 2004. DOD Personnel Clearances: DOD Needs to Overcome Impediments to Eliminating Backlog and Determining Its Size. GAO-04-344. Washington, D.C.: February 9, 2004. Aviation Security: Federal Air Marshal Service Is Addressing Challenges of Its Expanded Mission and Workforce but Additional Actions Needed. GAO-04-242. Washington, D.C.: November 19, 2003. For more information on Department of Defense major management challenges, see http://www.gao.gov/pas/2005/dod.htm. High-Risk Series: Department of Defense Support Infrastructure Management: GAO Highlights: For additional information about this high-risk area, contact Barry W. Holman at (202) 512-8412 or holmanb@gao.gov. Why Area Is High Risk: In 1997 GAO identified the Department of Defense's (DOD) management of its support infrastructure as a high-risk area because DOD's infrastructure costs continued to consume a larger-than-necessary portion of its budget. As a result, DOD has not been able to devote funds to more critical needs. Inefficient management practices and outdated business processes and infrastructure have contributed to the problem. DOD support infrastructure management remains a high-risk area. What GAO Found: Although it reduced the size of its military force following the end of the Cold War, DOD did not make similar reductions in its defense support infrastructure, which includes categories such as force installations, central logistics, the defense health program, and central training. For several years, DOD has been concerned about its excess infrastructure, which affects its ability to devote more funding to weapon system modernization and other critical needs. DOD reported that many of its business processes and much of its infrastructure are outdated and must be modernized. Left alone, the current organizational arrangements, processes, and systems will continue to drain scarce resources. GAO's work in this area has shown that DOD continues to spend a large portion of its budget on infrastructure--nearly 44 and 42 percent, respectively, in fiscal years 2002 and 2003. DOD has made progress and expects to continue making improvements in its support infrastructure management, but much work remains to be done. DOD officials recognize that they must achieve greater efficiencies in managing their support operations more effectively. DOD has given high-level emphasis to reforming its support infrastructure, including efforts in recent years to transform its associated business processes. It has achieved some operating efficiencies and reductions from such efforts as base realignments and closures, consolidations, organizational and business process reengineering, privatization, and competitive sourcing. It has also achieved efficiencies by eliminating unneeded facilities through such means as demolishing unneeded buildings and privatizing housing and utilities at military facilities. In addition, DOD and the services are currently gathering and analyzing data to support a new round of base realignments and closures in 2005 and facilitating other changes as a result of DOD's overseas basing study. However, much work remains for DOD to rationalize and transform its support infrastructure to improve operations, achieve efficiencies, and allow it to concentrate its resources on the most critical needs. DOD's plans for the 2005 Base Realignment and Closure round, with its emphasis on eliminating excess capacity as well as enhancing joint capabilities and searching for alternative crosscutting solutions for common business-oriented support functions, represents an important step toward addressing support infrastructure issues. [See PDF for image] Source: GAO photographs (2003). From left to right: World War II-era wood building at Fort Bragg, North Carolina; choked and clogged water pipes at Pope Air Force Base, North Carolina; and outdoor portable facilities used to supplement inadequate indoor facilities at Quantico Marine Corps Base, Virginia. [End of figure] What Remains to Be Done: Organizations throughout DOD need to continue reengineering their business processes and striving for greater operational effectiveness and efficiency. DOD needs to develop a plan to better integrate, guide, and sustain the implementation of its diverse business transformation initiatives in an integrated fashion. DOD also needs to develop a comprehensive long-range plan for its facilities infrastructure that addresses facility requirements, recapitalization, and maintenance and repair needs. DOD generally concurs with our prior recommendations in this area and indicates it is taking actions to address them. A key to any successful approach to resolving DOD's support infrastructure management issues will be addressing this area as part of a comprehensive, integrated business transformation. Related Products: Department of Defense Support Infrastructure Management: Department of Defense: Further Actions Are Needed to Effectively Address Business Management Problems and Overcome Key Business Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 2004. Defense Infrastructure: Factors Affecting U.S. Infrastructure Costs Overseas and the Development of Comprehensive Master Plans. GAO-04-609. Washington, D.C.: July 15, 2004. Military Housing: Opportunities Exist to Better Explain Family Housing O&M Budget Requests and Increase Visibility Over Reprogramming of Funds. GAO-04-583. Washington, D.C.: May 27, 2004. Military Housing: Further Improvements Needed in Requirements Determinations and Program Review. GAO-04-556. Washington, D.C.: May 19, 2004. Military Base Closures: Assessment of DOD's 2004 Report on the Need for a Base Realignment and Closure Round. GAO-04-760. Washington, D.C.: May 17, 2004. Defense Infrastructure: Issues Related to the Renovation of General and Flag Officer Quarters. GAO-04-555. Washington, D.C.: May 17, 2004. Defense Management: Continuing Questionable Reliance on Commercial Contracts to Demilitarize Excess Ammunition When Unused, Environmentally Friendly Capacity Exists at Government Facilities. GAO- 04-427R. Washington, D.C.: April 2, 2004. Military Base Closures: Observations on Preparations for the Upcoming Base Realignment and Closure Round. GAO-04-558T. Washington, D.C.: March 25, 2004. Defense Infrastructure: Long-term Challenges in Managing the Military Construction Program. GAO-04-288. Washington, D.C.: February 24, 2004. Defense Management: Issues in Contracting for Lodging and Temporary Office Space at MacDill Air Force Base. GAO-04-296. Washington, D.C.: January 27, 2004. Defense Infrastructure: Basing Uncertainties Necessitate Reevaluation of U.S. Construction Plans in South Korea. GAO-03-643. Washington, D.C.: July 15, 2003. Defense Infrastructure: Changes in Funding Priorities and Management Processes Needed to Improve Condition and Reduce Costs of Guard and Reserve Facilities. GAO-03-516. Washington, D.C.: May 15, 2003. For more information on Department of Defense major management challenges, see http://www.gao.gov/pas/2005/dod.htm. High-Risk Series: Department of Defense Financial Management: GAO Highlights: For additional information about this high-risk area, contact Gregory D. Kutz at (202) 512-9095 or kutzg@gao.gov. Why Area Is High Risk: Taken together, DOD's financial management deficiencies represent the single largest obstacle to achieving an unqualified opinion on the U.S. government's consolidated financial statements. DOD continues to face financial management problems that are pervasive, complex, long- standing, and deeply rooted in virtually all its business operations. DOD's financial management deficiencies adversely affect the department's ability to control costs, ensure basic accountability, anticipate future costs and claims on the budget, measure performance, maintain funds control, prevent fraud, and address pressing management issues. GAO first designated this area as high risk in 1995; it remains so today. What GAO Found: DOD's senior civilian and military leaders, committed to reforming the department's financial management operations, have taken positive steps to begin this effort. However, to date, tangible evidence of improvement has been seen in a few specific areas, such as internal controls related to DOD's purchase card program. While DOD has established a goal of obtaining a clean opinion on its financial statements by 2007, it lacks a clear and realistic plan to make that goal a reality. DOD's continuing, substantial financial management weaknesses adversely affect its ability to produce auditable financial information as well as provide accurate and timely information for management and the Congress to use in making informed decisions. Examples of the Impact of Financial Management Problems at DOD: Business area affected: Military pay; Problem identified and its impact: Ninety-four percent of mobilized Army National Guard and Reserve soldiers GAO investigated during recent audits had pay problems. These problems distracted soldiers from their missions, imposed financial hardships on their families, and had a negative impact on retention. Business area affected: Travel; Problem identified and its impact: Seventy-two percent of the over 68,000 premium-class airline tickets DOD purchased for fiscal years 2001 and 2002 were not properly authorized, and 73 percent were not properly justified. Further, control breakdowns resulted in DOD paying millions of dollars for (1) airline tickets that were not used and not processed for refund and (2) improper and potentially fraudulent claims made by travelers for airline tickets they did not purchase. Business area affected: Property; Problem identified and its impact: DOD purchased new JSLIST chem-bio suits for $200 apiece while they were selling on the Internet for $3. In addition, thousands of defective suits that DOD declared as excess were improperly issued to local law enforcement agencies, which are likely to be the first responders in a terrorist attack. Business area affected: Contract payments; Problem identified and its impact: Some DOD contractors have abused the federal tax system, including potential criminal activity, with little or no consequence. As of September 2003, DOD had collected only $687,000 of unpaid federal taxes through a mandated levy program. GAO estimated that at least $100 million could be collected annually by effectively implementing the levy on DOD contract payments. Business area affected: Automated systems; Problem identified and its impact: DOD invested $179 million on two failed automated system efforts that were intended to resolve its long-standing disbursement problems. Source: GAO. [End of table] DOD is still in the very early stages of a departmentwide reform that will take years to accomplish. DOD has not yet established a framework to integrate improvement efforts in this area with related broad-based DOD initiatives, such as human capital reform. Overhauling the financial management and related business operations of one of the largest and most complex organizations in the world represents a daunting challenge. Such an overhaul of DOD's financial management operations goes far beyond financial accounting to the very fiber of the department's wide-ranging business operations and its management culture. As discussed previously, GAO now considers DOD's current management approach to transforming its entire business operations as a separate overarching high-risk area. What Remains to Be Done: GAO has made numerous recommendations intended to improve DOD's financial management. Essential elements of DOD's financial management reform include (1) sustained leadership and resource control, (2) clear lines of responsibility and accountability, (3) plans and related results-oriented performance measures, and (4) appropriate individual and organizational incentives and consequences. However, successful, lasting reform in this area will only be possible if implemented as part of a comprehensive, integrated approach to transforming all of DOD's business operations. Related Products: Department of Defense Financial Management: Comptroller General of the United States. Transformation Challenges. Presented to the Defense Intelligence Agency Board of Directors. Arlington, Va.: December 9, 2004. Department of Defense: Further Actions Are Needed to Effectively Address Business Management Problems and Overcome Key Business Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 2004. Military Pay: Army Reserve Soldiers Mobilized to Active Duty Experienced Significant Pay Problems. GAO-04-911. Washington, D.C.: August 20, 2004. DOD Travel Cards: Control Weaknesses Resulted in Millions of Dollars of Improper Payments. GAO-04-576. Washington, D.C.: June 9, 2004. DOD Business Systems Modernization: Billions Continue to Be Invested with Inadequate Management Oversight and Accountability. GAO-04-615. Washington, D.C.: May 27, 2004. DOD Business Systems Modernization: Limited Progress in Development of Business Enterprise Architecture and Oversight of Information Technology Investments. GAO-04-731R. Washington, D.C.: May 17, 2004. DOD Travel Cards: Control Weaknesses Led to Millions of Dollars Wasted on Unused Airline Tickets. GAO-04-398. Washington, D.C.: March 31, 2004. Department of Defense: Further Actions Needed to Establish and Implement a Framework for Successful Financial and Business Management Transformation. GAO-04-551T. Washington, D.C.: March 23, 2004. Financial Management: Some DOD Contractors Abuse the Federal Tax System with Little Consequence. GAO-04-95. Washington, D.C.: February 12, 2004. DOD Excess Property: Risk Assessment Needed on Public Sales of Equipment That Could Be Used to Make Biological Agents. GAO-04-15NI. Washington, D.C.: November 19, 2003. Military Pay: Army National Guard Personnel Mobilized to Active Duty Experienced Significant Pay Problems. GAO-04-89. Washington, D.C.: November 13, 2003. Travel Cards: Internal Control Weaknesses at DOD Led to Improper Use of First and Business Class Travel. GAO-04-88. Washington, D.C.: October 24, 2003. Comptroller General of the United States. Truth and Transparency: The Federal Government's Financial Condition and Fiscal Outlook. Presented before the National Press Club. Washington, D.C.: September 17, 2003. For more information on Department of Defense major management challenges, see http://www.gao.gov/pas/2005/dod.htm: High-Risk Series: Department of Defense Supply Chain Management: GAO Highlights: For additional information about this high-risk area, contact William M. Solis at (202) 512-8365 or solisw@gao.gov. Why Area Is High Risk: In 1990, GAO identified the Department of Defense's (DOD) inventory management as a high-risk area because inventory levels were too high and the supply system was not responsive to the needs of the warfighters. With the onset of Operation Iraqi Freedom (OIF), other supply chain issues related to inventory management have been reported as impediments to supporting the warfighter. Based on our work since January 2003, we are expanding this high-risk area to include DOD's management of its entire supply chain, which includes distribution, inventory management, and asset visibility. What GAO Found: DOD's supply chain management has experienced significant weaknesses in its ability to provide efficient and effective supply support to the warfighters. During OIF, the supply chain encountered many problems, including backlogs of hundreds of pallets and containers at distribution points, a $1.2 billion discrepancy in the amount of material shipped to--and received by--Army activities, cannibalized equipment because of a lack of spare parts, and millions of dollars spent in late fees to lease or replace storage containers because of distribution backlogs and losses. Moreover, military personnel pointed to shortages of such items as tires, tank track, helicopter spare parts, and radio batteries. These problems were due in part to poor asset visibility, insufficient theater distribution capability, and a failure to apply lessons learned from prior operations. In a March 2004 report, DOD found that, during OIF, gaps and seams were evident at every transaction point in the end-to-end supply chain--from strategic- level transportation to tactical-level distribution. While DOD reports show that the department currently owns about $67 billion of inventory, shortages of certain critical spare parts are adversely affecting equipment readiness and contributing to maintenance delays. The Defense Logistics Agency (DLA) and each of the military services have experienced significant shortages of critical spare parts. In many cases, these shortages contributed directly to equipment downtime, maintenance problems, and the services' failure to meet their supply availability goals. DOD, DLA, and the military services each lack strategic approaches and detailed plans that could help mitigate these critical spare parts shortages and guide their many initiatives aimed at improving inventory management. Despite the shortages of parts, more than half of DOD's reported inventory--about $35 billion-- exceeded current operating requirements. DOD also lacks visibility and control over the supplies and spare parts it owns. Currently DOD does not have the ability to provide timely or accurate information on the location, movement, status, or identity of its supplies. Although Total Asset Visibility has been a departmentwide goal for over 30 years, DOD estimates that it will not achieve this visibility until the year 2010. DOD may not meet this goal by 2010, however, unless it overcomes three significant impediments: developing a comprehensive plan for achieving visibility, building the necessary integration among its many inventory management information systems, and correcting long-standing data accuracy and reliability problems within existing inventory management systems. DOD, DLA, and the services have undertaken a number of initiatives to improve and transform DOD's supply chain. Many of these initiatives were developed in response to the logistics problems reported during OIF. While these initiatives represent a step in the right direction, the lack of a comprehensive, departmentwide logistics reengineering strategy to guide their implementation may limit their overall effectiveness. What Remains to Be Done: In January 2003 and prior reports, GAO recommended that DOD reengineer its logistics programs and apply best commercial practices to logistics operations as a long-term solution to its inventory management weaknesses. DOD and the services are currently attempting to transform the supply chain to better support the warfighter, but DOD needs to develop a plan that integrates the logistics reengineering initiatives of the individual services and the defense agencies. This plan should include strategies to address the weaknesses in supply chain activities, such as distribution, inventory visibility, critical spare parts management, inventory in excess of current operating requirements, and the lack of integrated information management systems. A key to any successful approach, however, will be addressing these areas as part of a comprehensive, integrated business transformation. Related Products: Department of Defense Supply Chain Management: Defense Inventory: Improvements Needed in DOD's Implementation of Its Long-term Strategy for Total Asset Visibility. GAO-05-15. Washington, D.C.: December 6, 2004. Department of Defense: Further Actions Are Needed to Effectively Address Business Management Problems and Overcome Key Business Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 2004. Defense Inventory: Navy Needs to Improve the Management over Government-Furnished Material Shipped to Its Repair Contractors. GAO- 04-779. Washington, D.C.: August 23, 2004. Defense Inventory: Analysis of Consumption of Inventory Exceeding Current Operating Requirements Since September 30, 2001. GAO-04-689. Washington, D.C.: August 2, 2004. Foreign Military Sales: Improved Navy Controls Could Prevent Unauthorized Shipments of Classified and Controlled Spare Parts to Foreign Countries. GAO-04-507. Washington, D.C.: July 26, 2004. Department of Defense: Financial and Business Management Transformation Hindered by Long-standing Problems. GAO-04-941T. Washington, D.C.: July 8, 2004. Department of Defense: Long-standing Problems Continue to Impede Financial and Business Management Transformation. GAO-04-907T. Washington, D.C.: July 7, 2004. Defense Logistics: Preliminary Observations on the Effectiveness of Logistics Activities during Operation Iraqi Freedom. GAO-04-305R. Washington, D.C.: December 18, 2003. Defense Inventory: Opportunities Exist to Improve Spare Parts Support Aboard Deployed Navy Ships. GAO-03-887. Washington, D.C.: August 29, 2003. Defense Inventory: Several Actions Are Needed to Further DLA's Efforts to Mitigate Shortages of Critical Parts. GAO-03-709. Washington, D.C.: August 1, 2003. Defense Inventory: Navy Logistics Strategy and Initiatives Need to Address Spare Parts Shortages. GAO-03-708. Washington, D.C.: June 27, 2003. Defense Inventory: The Department Needs a Focused Effort to Overcome Critical Spare Parts Shortages. GAO-03-707. Washington, D.C.: June 27, 2003. Defense Inventory: Air Force Plans and Initiatives to Mitigate Spare Parts Shortages Need Better Implementation. GAO-03-706. Washington, D.C.: June 27, 2003. For more information on Department of Defense major management challenges, see http://www.gao.gov/pas/2005/dod.htm. High-Risk Series: Department of Defense Weapon Systems Acquisition: GAO Highlights: For additional information about this high-risk area, contact Katherine V. Schinasi at (202) 512-4841 or schinasik@gao.gov. Why Area Is High Risk: Developing and acquiring high performance weapons is central to the Department of Defense's (DOD) ability to fight and win wars. DOD's investment in weapons is growing rapidly--from about $146 billion in fiscal year 2004 to an estimated $185 billion by fiscal year 2009--as it pushes to transform itself to meet a broad range of complex threats. Weapon systems routinely take much longer to field, cost more to buy, and require more support than provided for in investment plans. When acquisition programs require more resources than planned, the buying power of the defense dollar is reduced because trade-offs among other weapons programs or defense needs must be made. Consequently, GAO has designated this as a high-risk area since 1990, and it remains so today. What GAO Found: While DOD's acquisition process has produced the best weapons in the world, it also consistently yields undesirable consequences--cost increases, late deliveries to the warfighter, and performance shortfalls--in weapon system programs. Such problems were highlighted, for example, in GAO's reviews of DOD's F/A-22 Raptor, Space-Based Infrared System, Airborne Laser, Missile Defense, and other programs. Problems occur because DOD's weapon programs do not capture early on the requisite knowledge that is needed to efficiently and effectively manage program risks. For example, programs move forward with unrealistic program cost and schedule estimates, lack clearly defined and stable requirements, use immature technologies in launching product development, and fail to solidify design and manufacturing processes at appropriate junctures in development. As a result, wants are not always distinguished from needs, problems often surface late in the development process, and fixes tend to be more costly than if caught earlier. When programs require more resources than planned, the buying power of the defense dollar is reduced, and funds are not available for other competing needs. While weapon system acquisitions continue to remain on GAO's high-risk list, it should be acknowledged that DOD has undertaken a number of acquisition reforms over the past 5 years. Specifically, DOD has restructured its acquisition policy to incorporate attributes of a knowledge-based acquisition model and has reemphasized the discipline of systems engineering. In addition, DOD recently introduced new policies to strengthen its budgeting and requirements determination processes in order to plan and manage weapon systems based on joint warfighting capabilities. While these policy changes are positive steps, implementation in individual programs will continue to be a challenge because of inherent funding, management, and cultural factors that lead managers to develop business cases for new programs that over-promise on cost, delivery, and performance of weapon systems. The implementation challenge is even greater when considering DOD's move toward bundling individual programs into "systems of systems" in order to achieve more integrated, networked military capabilities. A key will be addressing acquisition management as part of a comprehensive and integrated business transformation plan. [See PDF for image] [End of figure] What Remains to Be Done: DOD needs to take additional steps to achieve outcomes on par with best practices. These include: * ensuring that customer needs and technical, financial, and other resources are matched before the start of product development; * planning product development so that design and manufacturing decisions are based on better data; and: * ensuring that testing does not get deferred until late in the development cycle. While DOD has incorporated into policy a framework that supports a knowledge-based acquisition process similar to that used by leading organizations, it must establish stronger controls to ensure that decisions on individual programs are informed by demonstrated knowledge. Related Products: Department of Defense Weapon Systems Acquisition: Department of Defense: Further Actions Are Needed to Effectively Address Business Management Problems and Overcome Key Business Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 2004. Best Practices: Defense Acquisitions: Assessments of Major Weapon Programs. GAO-04-248. Washington, D.C.: March 31, 2004. Defense Acquisitions: Stronger Management Practices Are Needed to Improve DOD's Software-Intensive Weapon Acquisitions. GAO-04-393. Washington, D.C.: March 1, 2004. Defense Acquisitions: DOD's Revised Policy Emphasizes Best Practices, but More Controls Are Needed. GAO-04-53. Washington, D.C.: November 10, 2003. Defense Acquisitions: Improvements Needed in Space Systems Acquisition Management Policy. GAO-03-1073. Washington, D.C.: September 15, 2003. Best Practices: Setting Requirements Differently Could Reduce Weapon Systems' Total Ownership Costs. GAO-03-57. Washington, D.C.: February 11, 2003. Best Practices: Capturing Design and Manufacturing Knowledge Early Improves Acquisition Outcomes. GAO-02-701. Washington, D.C.: July 15, 2002. Weapon System Reviews: Defense Acquisitions: Challenges Facing the DD(X) Destroyer Program. GAO-04-973. Washington, D.C.: September 3, 2004. Defense Acquisitions: Space-Based Radar Effort Needs Additional Knowledge before Starting Development. GAO-04-759. Washington, D.C.: July 19, 2004. Uncertainties Remain Concerning the Airborne Laser's Cost and Military Utility. GAO-04-643R. Washington, D.C.: May 17, 2004. Missile Defense: Actions Are Needed to Enhance Testing and Accountability. GAO-04-409. Washington, D.C.: April 23, 2004. Defense Acquisitions: The Army's Future Combat Systems' Features, Risks, and Alternatives. GAO-04-635T. Washington, D.C.: April 1, 2004. Tactical Aircraft: Changing Conditions Drive Need for New F/A-22 Business Case. GAO-04-391. Washington, D.C.: March 15, 2004. For more information on Department of Defense major management challenges, see http://www.gao.gov/pas/2005/dod.htm. High-Risk Series: Department of Defense Contract Management: GAO Highlights: For additional information about this high-risk area, contact Katherine V. Schinasi at (202) 512-4841 or schinasik@gao.gov. Why Area Is High Risk: The government's largest purchaser, the Department of Defense (DOD) spent more than $200 billion through contracts in fiscal year 2003 to equip and support the military forces. DOD's acquisition environment has changed as a result of increasing reliance on contractor-provided services, reductions in the acquisition workforce, and the introduction or expansion of alternative contracting approaches. Further, the improper use of purchase cards and of other agencies' contracts point to weaknesses in DOD's control environment. In combination, these factors have created significant management risks. We designated DOD contract management as a high-risk area in 1992, and it remains so today. What GAO Found: DOD is unable to assure that it is using sound business practices to acquire the goods and services needed to meet the warfighter's needs. For example, over the past decade, DOD has significantly increased its spending on contractor-provided information technology and management support services, but has not yet fully implemented a strategic approach to acquiring these services. In 2002, DOD and the military departments established a structure to review individual service acquisitions valued at $500 million or more, and in 2003 launched a pilot program to help identify strategic sourcing opportunities. To further promote a strategic orientation, however, DOD needs to establish a departmentwide concept of operations; set performance goals, including savings targets; and ensure accountability for achieving them. In March 2004, GAO reported that if greater management focus were paid to opportunities to capture savings through the purchase card program, DOD could potentially save tens of millions of dollars without sacrificing the ability to acquire items quickly or compromising other goals. DOD also needs to have the right skills and capabilities in its acquisition workforce to effectively implement best practices and properly manage the goods and services it buys. However, DOD reduced its civilian workforce by about 38 percent between fiscal years 1989 and 2002 without ensuring it had the specific skills and competencies needed to accomplish current and future DOD missions, and more than half of its current workforce will be eligible for early or regular retirement in the next 5 years. GAO found that inadequate staffing and the lack of clearly defined roles and responsibilities contributed to the contract administration challenges encountered in Iraq. Further, GAO reported that DOD's extensive use of military logistical support contracts in Iraq and elsewhere required strengthened oversight. DOD has made progress in laying a foundation for reshaping its acquisition workforce by initiating a long-term strategic planning effort, but as of June 2004 it did not yet have a comprehensive strategic workforce plan needed to guide its efforts. DOD uses various techniques--such as performance-based service contracting, multiple-award task order contracts, and purchase cards-- to acquire the goods and services it needs. We have found, however, that DOD personnel did not always make sound use of these tools. In June 2004, for example, GAO reported that more than half of the task orders to support Iraq reconstruction efforts it reviewed were outside the scope of the underlying contract. In July 2004, GAO found that DOD personnel waived competition requirements for nearly half of the task orders reviewed. As a result of the frequent use of waivers, DOD had fewer opportunities to obtain the potential benefits of competition-- improved levels of service, market-tested prices, and the best overall value. We also found that DOD lacked safeguards to ensure that waivers were granted only under appropriate circumstances. What Remains to Be Done: Our work has shown that DOD would benefit by: * making use of commercial best practices, such as taking a strategic approach to acquire services; * building on initial efforts to develop a strategic human capital plan for its civilian workforce; and: * improving safeguards, issuing additional guidance, and providing training to its workforce on the appropriate use of contracting techniques and approaches. DOD is undertaking corrective actions, but because most efforts are in their early stages, it is uncertain whether they can be fully and successfully implemented in the near term. A key to resolving DOD's contract management issues will be addressing them as part of a comprehensive, integrated business transformation. Related Products: Department of Defense Contract Management: Comptroller General of the United States. Transformation Challenges. Presented to the Defense Intelligence Agency Board of Directors. Arlington, Va.: December 9, 2004. Department of Defense: Further Actions Are Needed to Effectively Address Business Management Problems and Overcome Key Business Transformation Challenges. GAO-05-140T. Washington, D.C.: November 17, 2004. Contract Management: Guidance Needed to Promote Competition for Defense Task Orders. GAO-04-874. Washington, D.C.: July 30, 2004. Military Operations: DOD's Extensive Use of Logistics Support Contracts Requires Strengthened Oversight. GAO-04-854. Washington, D.C.: July 19, 2004. DOD Civilian Personnel: Comprehensive Strategic Workforce Plans Needed. GAO-04-753. Washington, D.C.: June 30, 2004. Rebuilding Iraq: Fiscal Year 2003 Contract Award Procedures and Management Challenges. GAO-04-605. Washington, D.C.: June 1, 2004. Contract Management: Agencies Can Achieve Significant Savings on Purchase Card Buys. GAO-04-430. Washington, D.C.: March 12, 2004. Satellite Communications: Strategic Approach Needed for DOD's Procurement of Commercial Satellite Bandwidth. GAO-04-206. Washington, D.C.: December 10, 2003. Purchase Cards: Steps Taken to Improve DOD Program Management, but Actions Needed to Address Misuse. GAO-04-156. Washington, D.C.: December 2, 2003. Contract Management: High-Level Attention Needed to Transform DOD Services Acquisition. GAO-03-935. Washington, D.C.: September 10, 2003. DOD Contract Payments: Management Action Needed to Reduce Billions in Adjustments to Contract Payment Records. GAO-03-727. Washington, D.C.: August 8, 2003. Best Practices: Improved Knowledge of DOD Service Contracts Could Reveal Significant Savings. GAO-03-661. Washington, D.C.: June 9, 2003. Sourcing and Acquisition: Challenges Facing the Department of Defense. GAO-03-574T. Washington, D.C.: March 19, 2003. Contract Management: Guidance Needed for Using Performance-Based Service Contracting. GAO-02-1049. Washington, D.C.: September 23, 2002. Best Practices: Taking A Strategic Approach Could Improve DOD's Acquisition of Services. GAO-02-230. Washington, D.C.: January 18, 2002. For more information on Department of Defense major management challenges, see http://www.gao.gov/pas/2005/dod.htm. High-Risk Series: Department of Energy Contract Management: GAO Highlights: For additional information about this high-risk area, contact Robert A. Robinson at (202) 512-3841 or robinsonr@gao.gov. Why Area Is High Risk: In 1990, we designated the Department of Energy's (DOE) contract management as a high-risk area. DOE, the largest non-Defense contracting agency in the federal government, relies primarily on contractors to carry out its diverse missions and operate its laboratories and other facilities. About 90 percent of DOE's annual budget is spent on contracts. DOE's record of both inadequate management and oversight of contractors and failure to hold them accountable has resulted in the high-risk designation for contract management. This area continues to be at high risk. What GAO Found: DOE's contract management, including both contract administration and project management, continues to be at high risk for fraud, waste, abuse, and mismanagement. In January 2003, GAO reported that DOE was implementing new tools to strengthen its contract and project management, but that contractor performance problems continued to occur and objective performance information was scarce. These conditions have not substantially changed. Over the last 2 years, however, DOE has worked to improve its contract and project management. For example, DOE has strengthened its contract acquisition guidance by providing information on the relative trade- offs between contract type and contract risk, as well as the linkage between contract type and the work to be performed. DOE has also implemented a formal process to ensure that contract management plans are established for each site and each facility management contract. DOE took steps to strengthen accountability for performance at the contractor level by linking performance fees more directly to outcome measures, and at the DOE manager level by linking performance evaluations to the accomplishment of site-specific goals. DOE also established a formal, systematic approach to designing and managing its contract management initiative and other improvement initiatives. While improvement efforts have been initiated, GAO found that performance problems continue on DOE's major projects. For example, at the start of the project to clean up radioactive waste in 177 underground storage tanks in Hanford, Washington, DOE did not implement the project management reforms that it was incorporating into its policy and guidance, increasing the risks DOE faces in cleaning up the waste and potentially adding significantly to the cost of the cleanup. At the Paducah nuclear waste cleanup site in Kentucky, DOE has had difficulty reaching agreement with its regulators on the overall cleanup approach, the scope of the cleanup, and the details of specific projects. Unless DOE and the regulators can reach and maintain agreement on key aspects of the cleanup in a timely manner, the project could continue to be plagued by delays and cost increases. Finally, in managing the nation's stockpile of nuclear weapons, the National Nuclear Security Administration does not have a system for tracking the full costs of individual refurbishments and thus does not have adequate oversight to ensure that cost increases do not occur. What Remains to Be Done: To further strengthen DOE's contract and project management so that it can demonstrate improved results from its contractors, GAO made a series of recommendations that collectively call for DOE to improve its management of individual projects and activities and to strengthen senior management oversight of DOE's activities. DOE generally agreed with the recommendations. In some cases, DOE asserted that their ongoing efforts already addressed the recommendations; however, GAO concluded that further improvements were needed. Related Products: Department of Energy Contract Management: National Nuclear Security Administration: Key Management Structure and Workforce Planning Issues Remain As NNSA Conducts Downsizing. GAO-04- 545. Washington, D.C.: June 25, 2004. Nuclear Waste: Absence of Key Management Reforms on Hanford's Cleanup Project Adds to Challenges of Achieving Cost and Schedule Goals. GAO- 04-611. Washington, D.C.: June 9, 2004. Department of Energy: Achieving Small Business Prime Contracting Goals Involves Both Potential Benefits and Risks. GAO-04-738T. Washington, D.C.: May 18, 2004. Nuclear Waste Cleanup: DOE Has Made Some Progress in Cleaning Up the Paducah Site, but Challenges Remain. GAO-04-457. Washington, D.C.: April 1, 2004. Department of Energy: Mission Support Challenges Remain at Los Alamos and Lawrence Livermore National Laboratories. GAO-04-370. Washington, D.C.: February 27, 2004. Nuclear Waste Cleanup: Preliminary Observations on DOE's Cleanup of the Paducah Uranium Enrichment Plant. GAO-04-278T. Washington, D.C.: December 6, 2003. Nuclear Weapons: Opportunities Exist to Improve the Budgeting, Cost Accounting, and Management Associated with the Stockpile Life Extension Program. GAO-03-583. Washington, D.C.: July 28, 2003. Nuclear Waste: Challenges and Savings Opportunities in DOE's High-Level Waste Cleanup Program. GAO-03-930T. Washington, D.C.: July 17, 2003. Contract Reform: DOE's Policies and Practices in Competing Research Laboratory Contracts. GAO-03-932T. Washington, D.C.: July 10, 2003. Nuclear Waste: Challenges to Achieving Potential Savings in DOE's High- Level Waste Cleanup Program. GAO-03-593. Washington, D.C.: June 17, 2003. Department of Energy: Status of Contract and Project Management Reforms. GAO-03-570T. Washington, D.C.: March 20, 2003. For more information on Department of Energy major management challenges, see http://www.gao.gov/pas/2005/energy.htm. High-Risk Series: National Aeronautics and Space Administration Contract Management: GAO Highlights: For additional information about this high-risk area, contact Allen Li at (202) 512-4841or lia@gao.gov. Why Area Is High Risk: NASA's success largely depends on the work of its contractors--on which NASA spends about 85 percent of its annual budget. In 1990, GAO designated NASA's contract management as high risk. This area has been designated as high risk principally because NASA has lacked a modern financial management system to provide accurate and reliable information on contract spending and placed little emphasis on end results, product performance, and cost control. These weaknesses pose significant challenges to NASA's ability to make informed investment decisions and implement appropriate corrective actions. Due to the considerable challenges NASA continues to face in implementing effective systems and processes, contract management remains high risk. What GAO Found: While it has taken recent actions to improve its contract management function, NASA continues to face considerable challenges in implementing financial management systems and processes that would allow it to manage its contracts effectively. As GAO has reported, NASA's failure to overcome these challenges has put a number of its major scientific and space programs at risk. For example, our recent review of selected NASA programs found that NASA lacked the disciplined cost-estimating processes and financial and performance management systems needed to establish priorities, quantify risks, and manage program costs. One of NASA's most formidable barriers to sound contract management is the lack of an integrated financial management system. In 2003, GAO reported that, in implementing its most recent system, NASA did not reengineer its core business processes or establish adequate requirements for the system to address many of its most significant management challenges, including producing credible cost estimates. Moreover, NASA opted to defer addressing the needs of key stakeholders. In recent months, NASA has begun to take steps toward transforming how it manages its programs and projects and oversees its contractors. Specifically, NASA has inventoried its ongoing programs and projects-- categorized by product line, size, and risk--and defined specific management and information requirements for each category. NASA has also established a standardized accounting code structure based on these information requirements that, if implemented as planned, would allow NASA to capture the cost information that program managers and cost estimators need to develop credible estimates and compare budgeted and actual cost with the work performed on the contract. However, much work remains. As GAO reported in May 2004, NASA often does not obtain from its contractors the financial data and performance information needed to assess progress on its contracts. In addition, NASA lacks data analysis tools and staff trained to perform cost analyses, including earned value management. Until NASA has the data, tools, and analytical skills needed to alert program managers of potential cost overruns and schedule delays and take corrective action before they occur, it will continue to face challenges in effectively overseeing its contractors. Finally, NASA continues to use unnegotiated (that is, uncosted) contract changes, a concern GAO and NASA's Office of Inspector General have raised. Uncosted contract changes increase the government's cost risk--the longer changes remain unnegotiated, the greater the risk. Although GAO reported in 2003 that NASA's use of such actions had significantly decreased, GAO recently reported its use has begun to rise again. According to NASA officials, the increase is temporary and needed to expedite activities to return the space shuttle fleet safely to flight. However, continued management attention is needed to ensure such actions are justified. What Remains to Be Done: GAO has recommended that NASA establish an effective architecture to guide the Integrated Financial Management Program (IFMP), address areas of IFMP financial reporting that do not comply with federal systems requirements, and follow best practices and NASA's guidance in preparing the IFMP life-cycle cost estimate. NASA agreed with these recommendations and has taken some initial implementing actions. To further improve contract management, NASA needs to: * complete the design of and fully implement its integrated financial management system; * instill disciplined cost-estimating processes in its project development; and: * ensure that it obtains the information needed to assess progress on its contracts. Related Products: National Aeronautics and Space Administration Contract Management: GAO Products: Space Shuttle: Costs for Hubble Servicing Mission and Implementation of Safety Recommendations Not Yet Definitive. GAO-05-34. Washington, D.C.: November 19, 2004. NASA: Lack of Disciplined Cost-Estimating Processes Hinders Effective Program Management. GAO-04-642. Washington, D.C.: May 28, 2004. National Aeronautics and Space Administration: Significant Actions Needed to Address Long-standing Financial Management Problems. GAO-04- 754T. Washington, D.C.: May 19, 2004. NASA: Compliance with Cost Limits. GAO-04-648R. Washington, D.C.: April 2, 2004. Business Modernization: Disciplined Processes Needed to Better Manage NASA's Integrated Financial Management Program. GAO-04-118. Washington, D.C.: November 21, 2003. Business Modernization: NASA's Challenges in Managing Its Integrated Financial Management Program. GAO-04-255. Washington, D.C.: November 21, 2003. Business Modernization: NASA's Integrated Financial Management Program Does Not Fully Address Agency's External Reporting Issues. GAO-04-151. Washington, D.C.: November 21, 2003. Information Technology: Architecture Needed to Guide NASA's Financial Management Modernization. GAO-04-43. Washington, D.C.: November 21, 2003. NASA: Major Management Challenges and Program Risks. GAO-03-849T. Washington, D.C.: June 12, 2003. Business Modernization: Improvements Needed in Management of NASA's Integrated Financial Management Program. GAO-03-507. Washington, D.C.: April 30, 2003. NASA OIG Products: Final Management Letter on Failures in Cost Estimating and Risk Management Weaknesses in Prior Space Launch Initiative. Assignment Numbers A-01-049-01 and A-01-049-02, IG-03-023. Washington, D.C.: September 29, 2003. Integrated Financial Management Program Core Financial Module Conversion to Full Cost Accounting. IG-03-015. Washington, D.C.: May 30, 2003. For more information on National Aeronautics and Space Administration major management challenges, see http://www.gao.gov/pas/2005/nasa.htm. High-Risk Series: Management of Interagency Contracting: GAO Highlights: For additional information about this high-risk area, contact William T. Woods at (202) 512-8214 or woodsw@gao.gov. Why Area Is High Risk: In recent years, federal agencies have been making a shift in the way they procure many goods and services. They are making greater use of contracts already awarded by other agencies, such as those available through the GSA supply schedules, to save time and money in the purchasing process. These types of contracts have seen tremendous increases in use over the past decade, primarily because they offer convenience and efficiency. These contracts present challenges in ensuring adequate management controls to realize their full potential. Our work and that of agency inspectors general have found many cases in which agencies have not adequately met these challenges. These include lack of compliance with federal requirements for competition, work performed outside the scope of the contracts, and an inadequately trained workforce. The challenges associated with interagency contracts, recent problems related to cases of management weaknesses, and the need to ensure that the government is well-positioned to realize the contracts' important value warrant designation of this as a new high-risk area. What GAO Found: Use of interagency contracts has increased significantly over the past several years, with use of the GSA schedule contracts increasing nearly tenfold since 1992, representing over $32 billion in sales in fiscal year 2004. Multiple Award Schedules Sales Fiscal Years 1992 through 2004: [See PDF for image] [End of figure] Interagency contracts provide agencies with easy access to commonly needed goods and services. Agencies that sponsor these contracts usually charge a fee to support their operations. These types of contracts have allowed agencies to meet demands for goods and services at a time when they face growing workloads, declines in workforce, and the need for new skill sets. However, GAO's work and the work of agency inspectors general have found instances of improper use of interagency contracts, including customer agencies making purchases without ensuring that purchases are within the scope of the contract, and not following procedures designed to promote competition. By not following these key requirements of the contract management process, agencies risk being out of compliance with government regulations and missing opportunities to achieve savings and obtain better value. There are several causes of the deficiencies GAO and others have found with the use of interagency contracts, including the increasing demands on the acquisition workforce, insufficient training, and, in some cases, inadequate guidance. In addition, it is not always clear where the responsibility lies for critical management functions in the interagency contracting process. Recently, the Congress and executive branch agencies have taken steps to address these challenges, particularly in the areas of oversight and workforce training. These are positive efforts, but some actions are still under development and it is too early to tell whether all of the corrective measures will be effectively implemented. What Remains to Be Done: Specific and targeted approaches are needed to address interagency contracting risks. Roles and responsibilities for managing interagency contracts need clarification, and agencies need to adopt and implement policies and processes that balance customer service with the need to comply with requirements. Related Products: Management of Interagency Contracting: GAO Products: Contract Management: Guidance Needed to Promote Competition for Defense Task Orders. GAO-04-874. Washington, D.C.: July 30, 2004. Information Technology: DOD's Acquisition Policies and Guidance Need to Incorporate Additional Best Practices and Controls. GAO-04-722. Washington, D.C.: July 30, 2004. Rebuilding Iraq: Fiscal Year 2003 Contract Award Procedures and Management Challenges. GAO-04-605. Washington, D.C.: June 1, 2004. Federal Procurement: Spending and Workforce Trends. GAO-03-443. Washington, D.C.: April 30, 2003. Acquisition Workforce: Status of Agency Efforts to Address Future Needs. GAO-03-55. Washington, D.C.: December 18, 2002. Contract Management: Guidance Needed for Using Performance-Based Service Contracting. GAO-02-1049. Washington, D.C.: September 23, 2002. Contract Management: Interagency Contract Program Fees Need More Oversight. GAO-02-734. Washington, D.C.: July 25, 2002. Contract Management: Roles and Responsibilities of the Federal Supply Service and Federal Technology Service. GAO-02-560T. Washington, D.C.: April 11, 2002. Best Practices: Taking a Strategic Approach Could Improve DOD's Acquisition of Services. GAO-02-230. Washington, D.C.: January 18, 2002. GSA's Guidance and Oversight Concerning Areawide Utility Contracts. GAO-02-56R. Washington, D.C.: December 17, 2001. Contract Management: Not Following Procedures Undermines Best Pricing Under GSA's Schedule. GAO-01-125. Washington, D.C.: November 28, 2000. Contract Management: Few Competing Proposals for Large DOD Information Technology Orders. GAO/NSIAD-00-56. Washington, D.C.: March 20, 2000. Other Related Products: Department of Defense, Office of the Inspector General. Audit Report: Multiple Award Contracts for Services. Report Number D-2001-189. Arlington, Va.: 2001. General Services Administration, Office of the Inspector General. Compendium of Audits of the Federal Technology Services' Regional Client Support Center. Washington, D.C.: 2004. High-Risk Series: Enforcement of Tax Laws: GAO Highlights: For additional information about this high-risk area, contact Michael Brostek at (202) 512-9110 or brostekm@gao.gov or James White at (202) 512-9110 or whitej@gao.gov. Why Area Is High Risk: Internal Revenue Service (IRS) enforcement of the tax laws is vital-- not only to catch tax cheats, but also to promote broader compliance by giving taxpayers confidence that others are paying their fair share. In 1990, we designated one aspect of enforcement, collection of tax debt, as high risk, later broadening it to include both unpaid taxes known to IRS and unpaid taxes IRS has not detected. In 1995, we added a new high-risk area related to the Earned Income Credit (EIC), a refundable tax credit available to certain low-income, working taxpayers. These areas remain high risk and have been exacerbated by significant and pervasive declines in IRS's enforcement activities that threaten to erode taxpayer compliance. What GAO Found: The Commissioner of Internal Revenue has made strengthening enforcement a high priority, but IRS has not yet materially reversed enforcement declines, in large part because unbudgeted expenses and demands for improved taxpayer service have confounded IRS's intentions. Enforcement staffing decreased over 21 percent between 1998 and 2003, and individual audit rates are below the levels of the mid-1990s, even after recent increases. IRS lacks current data on the effects of these declines on compliance. For example, IRS's estimate of the 2001 gross tax gap--the difference between taxes owed and taxes paid (over $300 billion)--was largely based on extrapolations from 1988 data. Without current information on noncompliance, IRS cannot effectively target its enforcement resources, risks wasting resources by auditing compliant taxpayers, and is impeded in identifying changes to laws or regulations that could reduce noncompliance. IRS is working to improve its enforcement efforts, partly pursuant to our recommendations and reports. For example, IRS is carrying out important new compliance research that GAO has encouraged for many years. IRS has nearly completed field work for a major study of individual taxpayers, and has plans for further studies of other groups of taxpayers. IRS is also developing a centralized cost accounting system, in part to obtain better cost and benefit information on compliance activities, and is modernizing the technology that underpins many core business processes. Further, it has redesigned some compliance and collections processes and plans additional redesigns as technology improves. IRS is also continuing to address the evolving challenge of unpaid taxes and continuing EIC noncompliance. For example: * IRS estimates the multiyear tax losses from known and suspected tax shelters used by corporations and individuals to be in the tens of billions of dollars. IRS has made abusive tax shelters and schemes a high priority, but the cost of addressing them can be high because they tend, by design, to be complex and hard to detect. * IRS estimated deliberate and inadvertent noncompliance with the EIC to be between $8.5 and 9.9 billion in 1999. IRS is testing initiatives to reduce EIC noncompliance, but at best it may be years before compliance improves. Even as IRS addresses noncompliance, it must focus on maintaining or improving the EIC's high participation rate. Due to pervasive enforcement declines and the lack of current information about noncompliance, GAO continues to regard these as high- risk issues. In light of the Congress's decision to return to a single enforcement appropriation in 2004, thus ending dedicated appropriations for EIC since 1998, GAO is combining the EIC compliance and collection of unpaid taxes areas into one high-risk area involving enforcement of tax laws. What Remains to Be Done: To maintain a credible enforcement presence, and consistent with GAO's prior recommendations, IRS must: * continue compliance research and use the results to determine resource needs, justify resource requests, target scarce enforcement resources, and develop other corrective measures for all aspects of tax law enforcement, including those related to the EIC; * ensure that the centralized accounting system, which is to be implemented over the next several years, is designed and used to determine how best to allocate resources; and: * modernize its technology and revise core business processes to improve productivity. Related Products: Enforcement of Tax Laws: Earned Income Tax Credit: Implementation of Three New Tests Proceeded Smoothly, but Tests and Evaluation Plans Were Not Fully Documented. GAO-05-92. Washington, D.C.: December 30, 2004. Taxpayer Information: Data Sharing and Analysis May Enhance Tax Compliance and Improve Immigration Eligibility Decisions. GAO-04-972T. Washington, D.C.: July 21, 2004. Tax Debt Collection: IRS Is Addressing Critical Success Factors for Contracting Out but Will Need to Study the Best Use of Resources. GAO- 04-492. Washington, D.C.: May 24, 2004. Internal Revenue Service: Assessment of Fiscal Year 2005 Budget Request and 2004 Filing Season Performance. GAO-04-560T. Washington, D.C.: March 30, 2004. Financial Management: Some DOD Contractors Abuse the Federal Tax System With Little Consequence. GAO-04-95. Washington, D.C.: February 12, 2004. Internal Revenue Service: Challenges Remain in Combating Abusive Tax Schemes. GAO-04-50. Washington, D.C.: November 19, 2003. Internal Revenue Service: Challenges Remain in Combating Abusive Tax Shelters. GAO-04-104T. Washington, D.C.: October 21, 2003. Earned Income Credit: Qualifying Child Certification Test Appears Justified, but Evaluation Plan Is Incomplete. GAO-03-794. Washington, D.C.: September 30, 2003. Federal Budget: Opportunities for Oversight and Improved Use of Taxpayer Funds. GAO-03-1030T. Washington, D.C.: July 17, 2003. Tax Administration: IRS Is Implementing the National Research Program As Planned. GAO-03-614. Washington, D.C.: June 16, 2003. IRS Modernization: Continued Progress Necessary for Improving Service to Taxpayers and Ensuring Compliance. GAO-03-796T. Washington, D.C.: May 20, 2003. Compliance and Collection: Challenges for IRS in Reversing Trends and Implementing New Initiatives. GAO-03-732T. Washington, D.C.: May 7, 2003. Vehicle Donations: Taxpayer Considerations When Donating Vehicles to Charities. GAO-03-608T. Washington, D.C.: April 1, 2003. Tax Administration: Federal Payment Levy Program Measures, Performance, and Equity Can Be Improved. GAO-03-356. Washington, D.C.: March 6, 2003. For more information on Department of the Treasury major management challenges, see http://www.gao.gov/pas/2005/treasury.htm. High-Risk Series: Internal Revenue Service Business Systems Modernization: GAO Highlights: For additional information about this high-risk area, contact David A. Powner at (202) 512-9286 or pownerd@gao.gov or Steven J. Sebastian at (202) 512-3406 or sebastians@gao.gov. Why Area Is High Risk: The Internal Revenue Service's (IRS) highly complex, multibillion- dollar Business Systems Modernization (BSM) program is critical to (1) the successful transformation of the agency's manual, paper-intensive business operations; (2) fulfillment of its obligations under the IRS Restructuring and Reform Act; and (3) providing the reliable and timely financial management information needed to better enable IRS to justify its resource allocation decisions and congressional budgetary requests. IRS has made progress in aligning the pace of the BSM program with its management capacity, improving its modernization management controls and capabilities, and delivering several modernized business applications that are producing benefits today. However, significant challenges and serious risks remain. What GAO Found: IRS has long relied on obsolete automated systems for key operational and financial management functions, and its attempts to modernize these aging computer systems span several decades. This long history of continuing delays and design difficulties and their impact on IRS's operations led GAO to designate IRS's systems modernization and its financial management as separate high-risk areas in 1995. In 2003, GAO's high-risk report noted that IRS had made significant progress in establishing long overdue management controls and in acquiring foundational system infrastructure and applications. However, the BSM program remained at risk because the scope and complexity of modernization activities were growing, and the agency's modernization management capacity was still maturing. Similarly, while IRS had made notable progress in addressing several financial management deficiencies, including deficiencies in controls over budgetary activity and property and equipment, this area remained high risk because IRS continued to rely on automated systems that did not provide management current and reliable information it needed to support informed decision making. Since resolution of IRS's most serious remaining financial management problems largely depends upon the success of BSM, we are combining those two issues into one BSM high- risk area. IRS has made further progress since 2003 in addressing GAO's concerns about the management of BSM. IRS has (1) acted to align the pace of the BSM program with the maturity of the agency's controls and management capacity, including reassessing its portfolio of planned projects, (2) deployed several modernized systems that have benefited taxpayers and the agency and begun implementation of the initial phases of several key automated financial management systems, and (3) made progress in implementing GAO's recommendations to improve its modernization management controls and capabilities. IRS has also taken corrective actions related to aspects of financial management that are not dependent on automated systems, such as enhancing controls over hard copy tax receipts and data, improving the accuracy of property records, and recording interim expense accruals. However, BSM projects continue to incur significant cost increases and schedule delays. IRS needs to further strengthen modernization program management and replace its outdated financial management systems. Balancing the scope and pace of modernization activities with the agency's ability to manage them remains a challenge. These problems are due, in part, to critical management controls and capabilities that IRS has not yet fully implemented or institutionalized. IRS has developed 48 action issues related to its BSM effort and is taking action to resolve them and to address GAO's recommendations related to BSM and financial management. However, more remains to be done as program management problems persist--affecting project cost, schedule, and performance--that have plagued past systems modernization efforts and that continue to affect IRS's ability to successfully modernize its operational and financial management systems. What Remains to Be Done: IRS acknowledges its challenges and risks, and is acting to address them. IRS needs to continue to address our numerous recommendations to strengthen BSM and financial management by (1) balancing the scope and pace of the program with the agency's capacity to handle the workload; (2) fully implementing and institutionalizing essential modernization management controls and capabilities related to configuration management, human capital management, cost and schedule estimating, and contract management; and (3) ensuring that the new automated systems fully satisfy management needs for reliable, timely, and adequately safeguarded information to support informed decision making. Related Products: Internal Revenue Service Business Systems Modernization: Business Systems Modernization: IRS's Fiscal Year 2004 Expenditure Plan. GAO-05-46. Washington, D.C.: November 17, 2004. Financial Audit: IRS's Fiscal Years 2004 and 2003 Financial Statements. GAO-05-103. Washington, D.C.: November 10, 2004. Internal Revenue Service: Status of Recommendations from Financial Audits and Related Management Reports. GAO-04-523. Washington, D.C.: April 28, 2004. Management Report: Improvements Needed in IRS's Internal Controls and Accounting Procedures. GAO-04-553R. Washington, D.C.: April 26, 2004. Business Systems Modernization: Internal Revenue Service Needs to Further Strengthen Program Management. GAO-04-438T. Washington, D.C.: February 12, 2004. Financial Audit: IRS's Fiscal Years 2003 and 2002 Financial Statements. GAO-04-126. Washington, D.C.: November 13, 2003. Management Report: Improvements Needed in Controls over IRS's Excise Tax Certification Process. GAO-03-687R. Washington, D.C.: July 23, 2003. Business Systems Modernization: IRS Has Made Significant Progress in Improving Its Management Controls, but Risks Remain. GAO-03-768. Washington, D.C.: June 27, 2003. Internal Revenue Service: Status of Recommendations from Financial Audits and Related Management Reports. GAO-03-665. Washington, D.C.: May 29, 2003. Management Report: Improvements Needed in IRS's Internal Controls. GAO- 03-562R. Washington, D.C.: May 20, 2003. IRS Modernization: Continued Progress Necessary for Improving Service to Taxpayers and Ensuring Compliance. GAO-03-796T. Washington, D.C.: May 20, 2003. IRS Lockbox Banks: More Effective Oversight, Stronger Controls, and Further Study of Costs and Benefits Are Needed. GAO-03-299. Washington, D.C.: January 15, 2003. For more information on Department of the Treasury major management challenges, see http://www.gao.gov/pas/2005/treasury.htm. High-Risk Series: Modernizing Federal Disability Programs: GAO Highlights: For additional information about this high-risk area, contact Robert E. Robertson (SSA programs) at 202-512-7215 or robertsonr@gao.gov or Cynthia Bascetta (VA programs) at 202-512-7101 or bascettac@gao.gov. Why Area Is High Risk: In January 2003, GAO designated modernizing federal disability programs as a high-risk area because of challenges that continue today. For example, despite opportunities afforded by medical and technological advances and the growing expectations that people with disabilities can and want to work, federal disability programs remain grounded in outmoded concepts that equate medical conditions with work incapacity. Moreover, just as the disability programs are poised to grow rapidly as baby boomers reach their disability-prone years, the Social Security Administration (SSA) and the Department of Veterans Affairs (VA) face difficult challenges in providing timely and consistent disability decisions. Modernizing federal disability programs remains a high-risk area as solutions are likely to require fundamental changes, including regulatory and legislative action. What GAO Found: GAO's work examining federal disability programs has found that these programs are neither well aligned with 21ST century realities nor are they positioned to provide meaningful and timely support for Americans with disabilities. In particular, SSA's and VA's programs are based on concepts from the past, and both programs face ongoing challenges to make timely, accurate, and consistent decisions. Since GAO designated this area as high risk in 2003, SSA and VA have made some progress toward improving their disability programs. A key initiative involves SSA's proposal to improve the timeliness and accuracy of disability decisions and to foster return to work at all stages of the decision- making process. In addition, the Congress established a commission to study the appropriateness of veterans' benefits. Moreover, SSA and VA have both made some gains in the timeliness of their disability claims decisions. While some actions have been initiated, SSA's and VA's disability programs still face challenges in two key areas: * Programs remain grounded in outmoded concepts of disability. SSA's and VA's disability programs have not been updated to reflect the current state of science, medicine, technology, and labor market conditions. SSA's proposal for transforming its disability determination process--with increased opportunities for return to work- -could potentially lead to modernizing SSA's disability programs. But results of SSA's previous efforts to transform its disability programs were disappointing. Further, failure to develop a strategic workforce plan to ensure that the appropriate mix of disability examiner skills are available when and where needed could hamper SSA's efforts. VA faces similar challenges in modernizing its disability programs, including reassessing its workforce. Moreover, in light of a new congressional commission to study the appropriateness of VA disability benefits, VA may need to revisit its eligibility criteria. Agencies have difficulties managing disability programs. Both SSA and VA still experience lengthy processing times for disability claims and lack a clear understanding of the extent of possible inconsistencies in decisions between adjudicative levels. While SSA's proposal for improving the accuracy and timeliness of its disability determination process appears promising, several challenges have the potential to hinder the strategy's success. These include dependence on a technically complex electronic folder system that has not been fully tested and human capital problems--such as high turnover, recruiting difficulties, and gaps in key knowledge and skills--among disability examiners. Moreover, while VA has made considerable progress in improving the timeliness of its disability claims decisions, it is still far from meeting its goal. What Remains to Be Done: While SSA and VA have taken some actions in response to prior GAO recommendations, such as initiatives to improve timeliness, GAO continues to believe that SSA and VA should take the lead in examining the fundamental causes of program problems and seek both the management and legislative solutions needed to transform their programs so that they are in line with the current state of science, medicine, technology, and labor market conditions. At the same time, these agencies should continue to develop and implement strategies for improving the accuracy, timeliness, and consistency of disability decision making. Related Products: Modernizing Federal Disability Programs: SSA's Disability Programs: Improvements Could Increase the Usefulness of Electronic Data for Program Oversight. GAO-05-100R. Washington, D.C.: December 10, 2004. Veterans' Benefits: More Transparency Needed to Improve Oversight of VBA's Compensation and Pension Staffing Levels. GAO-05-47. Washington, D.C.: November 15, 2004. Veterans Benefits: VA Needs Plan for Assessing Consistency of Decisions. GAO-05-99. Washington, D.C.: November 19, 2004. Social Security Disability: Improved Processes for Planning and Conducting Demonstrations May Help SSA More Effectively Use Its Demonstration Authority. GAO-05-19. Washington, D.C.: November 4, 2004. TANF and SSI: Opportunities Exist to Help People with Impairments Become More Self-Sufficient. GAO-04-878. Washington, D.C.: September 15, 2004. Disability Insurance: SSA Should Strengthen Its Efforts to Detect and Prevent Overpayments. GAO-04-929. Washington, D.C.: September 10, 2004. Social Security Administration: More Effort Needed to Assess Consistency of Disability Decisions. GAO-04-656. Washington, D.C.: July 2, 2004. Social Security Disability: Commissioner Proposes Strategy to Improve the Claims Process, but Faces Implementation Challenges. GAO-04-552T. Washington, D.C.: March 29, 2004. Electronic Disability Claims Processing: SSA Needs to Address Risks Associated with Its Accelerated Systems Development Strategy. GAO-04- 466. Washington, D.C.: March 26, 2004. Social Security Administration: Strategic Workforce Planning Needed to Address Human Capital Challenges Facing the Disability Determination Services. GAO-04-121. Washington, D.C.: January 27, 2004. SSA Disability Decision Making: Additional Steps Needed to Ensure Accuracy and Fairness of Decisions at the Hearings Level. GAO-04-14. Washington, D.C.: November 12, 2003. VA Benefits: Fundamental Changes to VA's Disability Criteria Need Careful Consideration. GAO-03-1172T. Washington, D.C.: September 23, 2003. Department of Veterans Affairs: Key Management Challenges in Health and Disability Programs. GAO-03-756T. Washington, D.C.: May 8, 2003. For more information on Social Security Administration and Department of Veterans Affairs major management challenges, see http:// www.gao.gov/pas/2005/ssa.htm and http://www.gao.gov/pas/2005/dva.htm. High-Risk Series: Pension Benefit Guaranty Corporation Single-Employer Insurance Program: GAO Highlights: For additional information about this high-risk area, contact Barbara Bovbjerg at (202) 512-5491 or bovbjergb@gao.gov. Why Area Is High Risk: PBGC's single-employer program insures the pension benefits of over 34 million participants in more than 29,000 private defined benefit plans. After improving during the late 1990s, the program's financial condition has worsened from a $9.7 billion surplus in 2000 to a $23.3 billion accumulated deficit as of the end of fiscal year 2004, after a $12.1 billion loss in fiscal year 2004. While cyclical economic conditions have contributed to the program's financial troubles, the program remains threatened by structural weaknesses in pension funding rules, the program's premium structure, and the potential for large bankruptcies among sponsors in weak industries that have underfunded plans. GAO placed the program on its high-risk list in July 2003, and it remains high risk. What GAO Found: The termination of large, underfunded defined benefit (DB) pension plans of bankrupt firms in troubled industries has been the major cause of the single-employer program's worsening net financial position. While cyclical factors such as stock market and interest rate declines have contributed to the severity of pension plans' underfunded condition, other trends suggest serious long-term erosion of the program's participant base. Active workers made up only 51 percent of the program's participants in 2001, down from 78 percent in 1980. Also, in 2002, almost half of the program's insured participants worked in manufacturing, a sector with stagnant job growth for the last half- century. Further, while the number of PBGC-insured plans has decreased steadily since 1987, defined-contribution plans grew rapidly in the 1990s, indicating a decline in DB plans overall as a retirement savings vehicle. The rules that govern how much sponsors must contribute to their plans may not ensure that plans maintain adequate funding to pay promised benefits. The degree of underfunding in the private pension system has dramatically increased, and additional severe losses may be on the horizon. The Pension Benefit Guaranty Corporation (PBGC) estimates that financially weak firms, particularly in the airline industry, sponsor plans with over $35 billion in unfunded benefits. While PBGC likely has enough assets to pay promised benefits for a number of years, the long-term health of the single-employer program will be threatened unless the Congress takes action soon. The possible termination of additional large underfunded airline pension plans has the potential to worsen the program's finances significantly, increasing the urgency of reform. The Congress may then face a choice of drastic reductions in pension benefits or authorizing federal assistance. Accumulated Surplus/Deficit and Annual Net Gain/Loss of PBGC Single- Employer Program: [See PDF for image] [End of figure] What Remains to Be Done: Comprehensive reform will likely be needed to stabilize the long-term finances of the single-employer program. The Congress should consider revising current pension law to mitigate the financial risk posed by financially troubled sponsors with underfunded plans, perhaps by strengthening funding rules, restricting the use of credit balances and lump-sum distributions, revising PBGC's premium structure, and increasing plan transparency. Continued terminations that severely worsen PBGC's finances will only increase the urgency of reform and could ultimately lead to federal funding assistance to meet PBGC guaranteed benefit obligations. The administration has recently introduced a proposal that would address many of the challenges facing PBGC, although no action has yet been taken. Related Products: Pension Benefit Guaranty Corporation Single-Employer Insurance Program: Private Pensions: Airline Plans' Underfunding Illustrates Broader Problems with the Defined Benefit Pension System. GAO-05-108T. Washington, D.C.: October 7, 2004. Pension Plans: Additional Transparency and Other Actions Needed in Connection with Proxy Voting. GAO-04-749. Washington, D.C.: August 10, 2004. Private Pensions: Publicly Available Reports Provide Useful but Limited Information on Plans' Financial Condition. GAO-04-395. Washington, D.C.: March 31, 2004. Private Pensions: Timely and Accurate Information Is Needed to Identify and Track Frozen Defined Benefit Plans. GAO-04-200R. Washington, D.C.: December 17, 2003. Pension Benefit Guaranty Corporation: Single-Employer Pension Insurance Program Faces Significant Long-Term Risks. GAO-04-90. Washington, D.C.: October 29, 2003. Private Pensions: Changing Funding Rules and Enhancing Incentives Can Improve Plan Funding. GAO-04-176T. Washington, D.C.: October 29, 2003. Pension Benefit Guaranty Corporation: Long-Term Financing Risks to Single-Employer Insurance Program Highlight Need for Comprehensive Reform. GAO-04-150T. Washington, D.C.: October 14, 2003. Pension Benefit Guaranty Corporation: Single-Employer Pension Insurance Program Faces Significant Long-Term Risks. GAO-03-873T. Washington, D.C.: September 4, 2003. Options to Encourage the Preservation of Pension and Retirement Savings: Phase 2. GAO-03-990SP. Washington, D.C.: July 29, 2003. Private Pensions: Participants Need Information on Risks They Face in Managing Pension Assets at and during Retirement. GAO-03-810. Washington, D.C.: July 29, 2003. Private Pensions: Process Needed to Monitor the Mandated Interest Rate for Pension Calculations. GAO-03-313. Washington, D.C.: February 27, 2003. High-Risk Series: Medicaid Program: GAO Highlights: For additional information about this high-risk area, contact Kathryn G. Allen at (202) 512-7118 or allenk@gao.gov. Why Area Is High Risk: In 2003, GAO designated Medicaid a high-risk program in part because of growing concerns about the quality of fiscal oversight, which is necessary to prevent inappropriate program spending. Medicaid, the federal-state program that covers acute health care and long-term care services for an estimated 53 million low-income Americans, consists of more than 50 distinct "state" programs that cost about $274 billion in fiscal year 2003. The program accounts for more than 20 percent of states' total expenditures and is projected to double in spending in a decade, thus exerting continuing pressure on state budgets. The federal government, by a formula established in law, pays from half to more than three-fourths of each state's Medicaid expenditures. The Centers for Medicare & Medicaid Services (CMS) in the Department of Health and Human Services (HHS) is responsible for administering the program at the federal level, while the states administer their respective programs' day-to-day operations. What GAO Found: The program remains high risk today. Inadequate fiscal oversight has led to increased and unnecessary federal spending in the following ways: Schemes that leverage federal funds inappropriately. Using statutory and regulatory loopholes for more than a decade, some states have created the illusion that they have made large Medicaid payments to certain government providers, such as county health facilities, in order to generate excessive federal matching payments. In reality, the states only momentarily made payments to these providers--generally through electronic funds transfers--and then required that the payments be returned. Some of these schemes have cost the federal government several billions of dollars each year. The Congress and CMS have acted to curtail abusive financing schemes, but problems continue. In response to the Congress's direction, CMS in 2001 acted to phase out certain financing schemes, but did so in a manner that continued to result in excessive federal matching payments. CMS has also taken steps to improve its oversight of states' financing schemes by centralizing its review process and conducting targeted financial management reviews. In its fiscal year 2005 proposed budget, the administration estimated that capping Medicaid payments to individual government providers' actual costs--a recommendation that GAO has made to the Congress--could save more than $9.5 billion over 5 years. Waiver programs that inappropriately increase the federal government's financial liability. The Secretary of HHS has authority to waive certain statutory provisions and allow states to test new ideas for delivering services and expanding coverage. Each waiver program must be "budget neutral;" it should not be approved if the program would increase federal financial liability beyond what it would have been without the program. Since the mid-1990s, HHS has permitted states to use questionable methods to demonstrate budget neutrality for waiver programs estimated to increase federal costs. For example, in 2004, GAO estimated that HHS's approval of four states' waiver requests to provide expanded prescription drug benefits could increase federal financial liability by over $1 billion. Inappropriate billing by providers serving program beneficiaries. Medicaid is vulnerable to waste, fraud, and abuse by providers who submit inappropriate claims, resulting in substantial financial losses to states and the federal government. In 2004, GAO reported that states use a variety of approaches to prevent and detect improper payments, such as on-site inspections of high-risk providers and criminal background checks. At the federal level, CMS has activities to support states' program integrity efforts, but its oversight of state activities is limited. With the current commitment of CMS resources, compliance reviews of state programs are infrequent and limited in scope. CMS oversight may be disproportionately small relative to the risk of serious financial loss. What Remains to Be Done: A GAO recommendation to the Congress to limit Medicaid payments to government facilities to the costs of providing services remains open. HHS has not acted on GAO recommendations to develop methods to better ensure the budget neutrality of state waiver programs, nor has CMS acted on recommendations to improve guidance and reporting related to states' financing schemes. Related Products: Medicaid Program: GAO Products: Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments.GAO-04-707. Washington, D.C.: July16, 2004. Medicaid Waivers: HHS Approvals of Pharmacy Plus Demonstrations Continue to Raise Cost and Oversight Concerns. GAO-04-480. Washington, D.C.: June 30, 2004. Medicaid: Intergovernmental Transfers Have Facilitated State Financing Schemes. GAO-04-574T. Washington, D.C.: March 18, 2004. Medicaid: Improved Federal Oversight of State Financing Schemes Is Needed. GAO-04-228. Washington, D.C.: February 13, 2004. SCHIP: HHS Continues to Approve Waivers That Are Inconsistent with Program Goals. GAO-04-166R. Washington, D.C.: January 5, 2004. Medicaid and SCHIP: Recent HHS Approvals of Demonstration Waiver Projects Raise Concerns. GAO-02-817. Washington, D.C.: July 12, 2002. Medicaid Financial Management: Better Oversight of State Claims for Federal Reimbursement Needed. GAO-02-300. Washington, D.C.: February 28, 2002. Medicaid: HCFA Reversed Its Position and Approved Additional State Financing Schemes. GAO-02-147. Washington, D.C.: October 30, 2001. Medicaid: State Financing Schemes Again Drive Up Federal Payments. GAO/ T-HEHS-00-193. Washington, D.C.: September 6, 2000. Medicaid Section 1115 Waivers: Flexible Approach to Approving Demonstrations Could Increase Federal Costs. HEHS-96-44. Washington, D.C.: November 8, 1995. Medicaid: States Use Illusory Approaches to Shift Program Costs to Federal Government. HEHS-94-133. Washington, D.C.: August 1, 1994. HHS OIG Products: Testimony of George M. Reeb, Assistant Inspector General for the Centers for Medicare and Medicaid Audits, Hearing before the House Committee on Energy and Commerce, March 18, 2004. For more information on Department of Health and Human Services major management challenges, see http://www.gao.gov/pas/2005/hhs.htm. High-Risk Series: Medicare Program: GAO Highlights: For additional information about this high-risk area, contact Leslie Aronovitz at (312) 220-7600 or aronovitzl@gao.gov. Why Area Is High Risk: In 1990, GAO designated Medicare a high-risk program, vulnerable to exploitation and mismanagement, in part because of its sheer size and complexity. The program covers about 41 million elderly and disabled enrollees. In fiscal year 2004, Medicare's outlays were an estimated $297 billion, and its net improper payments were about $20 billion. The challenges for the Centers for Medicare & Medicaid Services (CMS) to manage this program are substantial and growing, owing to new responsibilities under the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA). Absent reform, with the drug benefit in effect in 2006, program spending growth will be unsustainable over time--increasing from an estimated 3.4 percent of GDP in 2006 to 7.7 percent by 2035, and to 13.8 percent by 2078. Addressing today's management challenges can pave the way for more fundamental reforms that could modernize the program for future generations. What GAO Found: MMA has created new challenges for administering the Medicare program. These include the addition of a prescription drug benefit with an estimated cost to the federal government of $8.1 trillion in today's dollars to pay for the benefit over the next 75 years. CMS plans to conduct new oversight activities for the Medicare prescription drug benefit effective 2006 and is taking steps to improve contractors' data analysis efforts for detecting improper payments. Findings from studies GAO conducted in 2003 and 2004 underscore the importance of taking these and other steps to increase Medicare's integrity, efficiency, and effectiveness. Oversight of patient safety and care. Lax oversight by CMS has allowed certain patient safety weaknesses to go undetected or uncorrected. For example, in a 2003 study of end-stage renal dialysis facilities, GAO found that significant numbers of patients received inadequate dialysis or anemia care. Another GAO study found that CMS's oversight of hospital accreditation was limited. CMS has a pilot project to assess hospital compliance efforts. Reforming and refining payments. In the past 2 years, GAO found that Medicare could have saved millions of dollars and reduced beneficiary copayments by revising its payment policy for certain pathology and other services; that payments for home health and ambulance services may have been adequate in the aggregate but needed targeted adjustments; and that data weaknesses hindered CMS from assessing the adequacy of payment for hospital outpatient, hospice, and other services. Enhancing program integrity. CMS missed opportunities to use claims data to target areas vulnerable to fraud and abuse. For example, in 1997, CMS was alerted to billing abuses in claims made by power wheelchair suppliers but delayed implementing reforms for 6 years, costing Medicare millions of dollars in overpayments. Similarly, in 1999, a Medicare contractor found high payments for services provided by certain outpatient rehabilitation facilities in Florida relative to similar facilities in the state, but steps the contractor took in 2001 were not sufficient to mitigate the problem. More recently, however, CMS targeted fraudulent entities billing for home health services and reported avoiding over $260 million in improper payments between January 2003 and June 2004. Improving program management. In a study GAO conducted of contractor- run call centers charged with responding to providers' inquiries about billing Medicare, the centers answered only 4 percent of GAO's test calls correctly and completely. GAO found a higher, but less than desirable, accuracy rate--61 percent--for calls placed to the 1-800- MEDICARE help line. In a study of Medicare's claims appeals process, GAO found that less than half of the appeals were decided within the statutory time frame, owing to inefficiencies in contractors' case- processing operations and incompatible data systems. What Remains to Be Done: Medicare will continue to be a high-risk program for the foreseeable future. GAO has made recommendations for CMS to refine and adjust payment systems appropriately by collecting the most accurate and current data possible, improve detection of inappropriate billing by conducting targeted medical record reviews of a sufficient number of claims, and improve the efficiency of procedures and systems for appeals and other administrative functions. CMS has agreed with some of our recommendations but has not acted on others. Related Products: Medicare Program: Medicare: Accuracy of Responses from the 1-800-MEDICARE Help Line Should Be Improved. GAO-05-130. Washington, D.C.: December 8, 2004. Medicare Chemotherapy Payments: New Drug and Administration Fees Are Closer to Providers' Costs. GAO-05-142R. Washington, D.C.: December 1, 2004. Medicare: CMS's Program Safeguards Did Not Deter Growth in Spending for Power Wheelchairs. GAO-05-43. Washington, D.C.: November 17, 2004. Medicare Hospice Care: Modifications to Payment Methodology May Be Warranted. GAO-05-42 Washington, D.C.: October 15, 2004. Medicare Physician Payments: Concerns about Spending Target System Prompt Interest in Considering Reforms. GAO-05-85. Washington, D.C.: October 8, 2004. Medicare: Information Needed to Assess Adequacy of Rate-Setting Methodology for Payments for Hospital Outpatient Services. GAO-04-772. Washington, D.C.: September 17, 2004. Medicare: Past Experience Can Guide Future Competitive Bidding for Medical Equipment and Supplies. GAO-04-765. Washington, D.C.: September 7, 2004. Comprehensive Outpatient Rehabilitation Facilities: High Medicare Payments in Florida Raise Program Integrity Concerns. GAO-04-709. Washington, D.C.: August 12, 2004. Medicare: CMS Needs Additional Authority to Adequately Oversee Patient Safety in Hospitals. GAO-04-850. Washington, D.C.: July 20, 2004. Medicare: Call Centers Need to Improve Responses to Policy-Oriented Questions from Providers. GAO-04-669. Washington, D.C.: July 16, 2004. Medicare Home Health: Payments to Most Freestanding Home Health Agencies More Than Cover Their Costs. GAO-04-359. Washington, D.C.: February 27, 2004. Dialysis Facilities: Problems Remain in Ensuring Compliance with Medicare Quality Standards. GAO-04-63. Washington, D.C.: October 8, 2003. Medicare: Modifying Payments for Certain Pathology Services Is Warranted. GAO-03-1056. Washington, D.C.: September 30, 2003. Medicare Appeals: Disparity between Requirements and Responsible Agencies' Capabilities. GAO-03-841. Washington, D.C.: September 29, 2003. Ambulance Services: Medicare Payments Can Be Better Targeted to Trips in Less Densely Populated Rural Areas. GAO-03-986. Washington, D.C.: September 19, 2003. For more information on Department of Health and Human Services major management challenges, see http://www.gao.gov/pas/2005/hhs.htm: High-Risk Series: HUD Single-Family Mortgage Insurance and Rental Housing Assistance Programs: GAO Highlights: For additional information about this high-risk area, contact Thomas J. McCool at (202) 512-8678 or mccoolt@gao.gov. Why Area Is High Risk: Under its single-family mortgage insurance programs, the Department of Housing and Urban Development (HUD) manages over $400 billion in insured mortgages and over 25,000 foreclosed single-family properties. Through its rental housing assistance programs, HUD manages $56 billion in insured mortgages and annually provides about $19 billion in rental subsidies. To accomplish this, HUD relies on thousands of intermediaries, including lenders, appraisers, property management contractors, public housing agencies, and multifamily property owners. Historically, weaknesses in HUD's oversight of these entities have made the programs vulnerable to fraud, waste, and abuse. GAO designated HUD as high risk in 1994. In 2001, GAO modified this high-risk area to focus on HUD's single-family mortgage insurance and rental housing assistance programs because significant weaknesses persisted in these program areas. These program areas remain high risk at this time. What GAO Found: Since January 2003, HUD has demonstrated commitment to and progress in addressing weaknesses identified in its high-risk program areas; however, some of HUD's corrective actions are in the early stages of implementation, and additional steps are needed to resolve ongoing problems. In the single-family mortgage insurance area, HUD has acted to reduce the risk of financial loss by improving its oversight of lenders and appraisers and increasing its use of foreclosure prevention tools. For example, HUD has implemented processes to target for review lenders and appraisers based on risk. HUD has also recently issued or proposed numerous regulations designed to strengthen lender accountability and combat predatory lending practices. In addition, through its loss mitigation program, HUD reports that it has prevented insurance losses by helping an increasing number of homebuyers avoid foreclosure. However, HUD needs to follow through on its initiatives and use its existing oversight tools more effectively to address continuing weaknesses. For example, HUD continues to grant loan underwriting authority to lenders that have not met the agency's performance standards. Furthermore, HUD's system for rating the underwriting quality of loans does not adequately assess the risk that the loans pose to the agency's insurance fund. Finally, weaknesses in HUD's process for paying single-family property management contractors have made the agency vulnerable to millions of dollars in questionable and potentially fraudulent payments. In the rental assistance area, HUD has continued to implement measures to reduce errors in rental subsidy payments and improve the physical condition of HUD-assisted housing. HUD estimated that it made at least $1.4 billion in erroneous rental assistance payments in fiscal year 2003. Through its Rental Housing Integrity Improvement Project, HUD is seeking to reduce these errors through increased monitoring of public housing agencies and multifamily property owners, better verification of tenant incomes, and improved training and guidance for HUD staff and program intermediaries. Estimates indicate that HUD has made progress in reducing erroneous payments due to subsidy calculation errors compared with fiscal year 2000. However, the extent to which project activities are responsible for this improvement is not known, and it is uncertain whether HUD will be able to achieve long-term reductions in erroneous payments. In addition, a critical part of the project--the verification of tenant incomes using state wage data--has not been fully implemented. HUD has continued to make progress in ensuring that HUD-assisted housing meets the agency's physical condition standards. According to HUD, physical inspections from fiscal year 2004 showed that about 94 percent of HUD-assisted units received satisfactory inspection scores, an increase from the 91 percent reported for fiscal year 2002. What Remains to Be Done: HUD needs to continue: * strengthening the management and oversight of its single-family mortgage insurance programs to reduce (1) the risk of insurance losses and (2) vulnerability to questionable payments for property management services; and: * implementing its efforts to ensure that rental housing assistance program subsidy payments are accurate and that subsidy recipients are eligible. Related Products: HUD Single-Family Mortgage Insurance and Rental Housing Assistance Programs: Single-Family Mortgage Insurance Programs: Single-Family Housing: Progress Made, but Opportunities Exist to Improve HUD's Oversight of FHA Lenders. GAO-05-13. Washington, D.C.: November 12, 2004. Single-Family Housing: HUD's Risk-Based Oversight of Appraisers Could Be Enhanced. GAO-05-14. Washington, D.C.: November 5, 2004. Home Inspections: Many Buyers Benefit from Inspections, but Mandating Their Use Is Questionable. GAO-04-462. Washington, D.C.: April 30, 2004. HUD Single-Family and Multifamily Property Programs: Inadequate Controls Resulted in Questionable Payments and Potential Fraud. GAO-04- 390. Washington, D.C.: March 3, 2004. Single-Family Housing: Cost, Benefit, and Compliance Issues Raise Questions about HUD's Discount Sales Program. GAO-04-208. Washington, D.C.: January 30, 2004. Rental Housing Assistance Programs: Multifamily Housing: More Accessible HUD Data Could Help Efforts to Preserve Housing for Low-Income Tenants. GAO-04-20. Washington, D.C.: January 23, 2004: Public Housing: HOPE VI Resident Issues and Changes in Neighborhoods Surrounding Grant Sites. GAO-04-109. Washington, D.C.: November 21, 2003. Elderly Housing: Project Funding and Other Factors Delay Assistance to Needy Households. GAO-03-512. Washington, D.C.: May 30, 2003. Public Housing: HUD's Oversight of HOPE VI Sites Needs to Be More Consistent. GAO-03-555. Washington, D.C.: May 30, 2003. Public Housing: Information on Receiverships at Public Housing Authorities. GAO-03-363. Washington, D.C.: February 14, 2003. For more information on Department of Housing and Urban Development major management challenges, see http://www.gao.gov/pas/2005/hud.htm: High-Risk Series: Federal Aviation Administration Air Traffic Control Modernization: GAO Highlights: For additional information about this high-risk area, contact David Powner, (202) 512-9286 or Pownerd@gao.gov. Why Area Is High Risk: After almost 25 years and $41 billion, the Federal Aviation Administration's (FAA) air traffic control modernization program is far from complete. While FAA has made important progress in addressing weaknesses that GAO identified, more remains to be done. In the meantime, major FAA air traffic control projects continue to face challenges in meeting cost, schedule, and/or performance expectations. Key projects include systems to augment the global positioning system to aid in approaches and landings, improved radar systems for terminal environments, and systems to provide new color displays and data processing to air traffic controllers. GAO initially designated FAA's modernization program as high risk in 1995, and it remains high risk today. What GAO Found: Faced with growing air traffic and aging equipment, in 1981, FAA initiated an ambitious effort to modernize its air traffic control system. This modernization involves the acquisition of new equipment for surveillance, data processing, navigation, and communications, in addition to new facilities, and is expected to cost $48.6 billion through the year 2007. Over the past 2 decades, many of the projects that make up the modernization program have experienced cost overruns, schedule delays, and performance shortfalls. GAO's work over the years has identified root causes of the modernization program's problems, including (1) immature capabilities for acquiring software-intensive systems, (2) lack of a complete and enforced system architecture (or blueprint), (3) inadequate cost estimating and cost accounting practices, (4) an ineffective process for managing investments in information technology (IT), and (5) an organizational culture that impaired the acquisition process. FAA has made important progress in addressing these weaknesses, but more remains to be done. For example, FAA has: * improved key processes for acquiring and developing software and systems. The agency established a framework for improving its system management processes, and selected FAA projects are performing many of the desired practices. Nevertheless, the agency has not yet institutionalized these process improvements. * continued to develop an enterprise architecture--a blueprint of the agency's current and target operations and infrastructure. However, this architecture is still not complete and compliance is not yet enforced. We have ongoing work evaluating what the agency needs to do to develop and enforce its enterprise architecture. * improved cost accounting and estimating practices. The agency established sound cost estimating practices and implemented key components of a cost accounting system. However, the system is not yet fully operational or used to improve future estimates. * established basic investment management capabilities, including many practices for selecting and controlling its mission-critical IT investments. However, FAA's senior IT investment board does not regularly review investments in the operational phase of their life cycles, and this inhibits FAA's ability to oversee more than $1 billion of its IT investments. * sought to establish an organizational culture that supports sound acquisitions. However, the agency still faces many human capital challenges. Specifically, it does not effectively ensure that air traffic controllers, technical experts, and stakeholders are involved as new systems are developed, deployed, and refined. Until the agency addresses these residual issues, it will continue to risk the project management problems affecting cost, schedule, and performance that have hampered its ability to acquire systems for improving air traffic control. What Remains to Be Done: GAO has made over 40 specific recommendations to address root causes of FAA's modernization challenges. The agency has made progress on these recommendations, but more must be done to institutionalize system management process improvement initiatives, develop and enforce an enterprise architecture, implement effective investment management processes, and improve human capital management. With FAA expecting to spend about $7.6 billion between now and fiscal year 2007 on new air traffic control systems, these actions are as critical as ever. Related Products: Federal Aviation Administration Air Traffic Control Modernization: Air Traffic Control: FAA Needs to Ensure Better Coordination When Approving Air Traffic Control Systems. GAO-05-11. Washington, D.C.: November 17, 2004. Air Traffic Control: FAA's Acquisition Management Has Improved, but Policies and Oversight Need Strengthening to Help Ensure Results. GAO- 05-23. Washington, D.C.: November 10, 2004. Air Traffic Control: System Management Capabilities Improved, but More Can Be Done to Institutionalize Improvements. GAO-04-901. Washington, D.C.: August 20, 2004. Information Technology: FAA Has Many Investment Management Capabilities in Place, but More Oversight of Operational Systems is Needed. GAO-04- 822. Washington, D.C.: August 20, 2004. Federal Aviation Administration: Plan Still Needed to Meet Challenges to Effectively Managing Air Traffic Controller Workforce. GAO-04-887T. Washington, D.C.: June 15, 2004. Federal Aviation Administration: Challenges for Transforming into a High-Performing Organization. GAO-04-770T. Washington, D.C.: May 18, 2004. Air Traffic Control: FAA's Modernization Efforts--Past, Present, and Future. GAO-04-227T. Washington, D.C.: October 30, 2003. National Airspace System: Current Efforts and Proposed Changes to Improve Performance of FAA's Air Traffic Control System. GAO-03-542. Washington, D.C.: May 30, 2003. Federal Aviation Administration: Reauthorization Provides Opportunities to Address Key Agency Challenges. GAO-03-653T. Washington, D.C.: April 10, 2003. National Airspace System: Reauthorizing FAA Provides Opportunities and Options to Address Challenges. GAO-03-473T. Washington, D.C.: February 12, 2003. National Airspace System: Better Cost Data Could Improve FAA's Management of the Standard Terminal Automation Replacement System. GAO- 03-343. Washington, D.C.: January 31, 2003. For more information on Department of Transportation major management challenges, see http://www.gao.gov/pas/2005/dot.htm. (450363): FOOTNOTES [1] GAO, High-Risk Series: An Update, GAO-03-119 (Washington, D.C.: January 2003). [2] GAO, Determining Performance and Accountability Challenges and High Risks, GAO-01-159SP (Washington, D.C.: November 2000). [3] A material weakness is a condition in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that errors, fraud, or noncompliance in amounts that would be material to the financial statements may occur and not be detected promptly by employees in the normal course of performing their duties. [4] The Homeland Security Act of 2002 (P.L. 107-296); the Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-458). [5] Executive Order 13311: Homeland Security Information Sharing (Washington, D.C.: July 29, 2003). [6] National Strategy for Homeland Security, July 2002; National Strategy to Secure Cyberspace, February 2003; and National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, February 2003. [7] Homeland Security Presidential Directive 6, Integration and Use of Screening Information (Washington, D.C.: Sept. 16, 2003). [8] Homeland Security Presidential Directive 7, Critical Infrastructure Identification, Prioritization, and Protection (Washington, D.C.: Dec. 17, 2003). [9] Executive Order 13356, Strengthening the Sharing of Terrorism Information to Protect Americans (Washington, D.C.: Aug. 27, 2004). [10] Executive Order 13354, National Counterterrorism Center (Washington, D.C.: Aug. 27, 2004). [11] National Commission on Terrorist Attacks, The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks upon the United States (Washington, D.C.: Government Printing Office, July 22, 2004). [12] GAO, Critical Infrastructure Protection: Improving Information Sharing with Infrastructure Sectors, GAO-04-780 (Washington, D.C.: July 9, 2004). [13] U.S. Department of Homeland Security, Office of Inspector General, Major Management Challenges Facing the Department of Homeland Security, OIG-05-06 (Washington D.C.: December 2004); and U.S. Department of Justice, Office of Inspector General, Semiannual Report to the Congress: Top Management Challenges (Washington, D.C.: Nov. 22, 2003). [14] GAO, Homeland Security: Information Sharing Responsibilities, Challenges, and Key Management Issues, GAO-03-1165T (Washington, D.C.: Sept. 17, 2003); and Homeland Security: Information-Sharing Responsibilities, Challenges, and Key Management Issues, GAO-03-715T (Washington, D.C.: May 8, 2003). [15] GAO, Rebuilding Iraq: Fiscal Year 2003 Contract Award Procedures and Management Challenges, GAO-04-605 (Washington, D.C.: June 1, 2004). [16] U.S. Department of the Interior, Office of the Inspector General, Review of 12 Procurements Placed Under General Services Administration Federal Supply Schedules 70 and 871 by the National Business Center (Washington, D.C.: 2004). [17] U.S. General Services Administration, Office of the Inspector General, Compendium of Audits of the Federal Technology Service's Regional Client Support Centers (Washington, D.C.: 2004). [18] GAO, Contract Management: Guidance Needed to Promote Competition for Defense Task Orders, GAO-04-874 (Washington, D.C.: July 30, 2004). GAO's Mission: The Government Accountability Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: