This is the accessible text file for GAO report number GAO-09-271 entitled 'High-Risk Series: An Update' which was released on January 22, 2009. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congress: United States Government Accountability Office: GAO: High-Risk Series: An Update: GAO-09-271: GAO Highlights: Highlights of GAO-09-271, a report to Congress on GAO’s High-Risk Series. Why GAO Did This Study: The federal government is the world’s largest and most complex entity, with about $3 trillion in outlays in fiscal year 2008 funding a broad array of programs and operations. GAO’s biennial reports on high-risk areas, done since 1990, are meant to bring focus to specific areas needing added attention. Areas are identified, in some cases, as high risk due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement. GAO also identifies high-risk areas needing broad-based transformation to address major economy, efficiency, or effectiveness challenges. In this 2009 update for the 111th Congress, GAO presents the status of high-risk areas listed in 2007 and identifies new high- risk areas warranting attention by Congress and the executive branch. Solutions to high-risk problems offer the potential to save billions of dollars, dramatically improve service to the public, strengthen confidence and trust in the performance and accountability of the U.S. government, and ensure the ability of government to deliver on its promises. What GAO Found: In January 2007, GAO detailed 27 high-risk areas and, in March 2008, added a 28th—planning for the 2010 Census. In the last 2 years, progress has been made in most of the 27 areas, although the extent varies. Overall, federal departments and agencies, as well as Congress, have shown a continuing commitment to addressing high-risk challenges, including taking steps to help correct several of the problems’ root causes. In particular, the Office of Management and Budget has led an initiative to work with agencies to develop corrective action plans for high-risk areas. GAO has determined that sufficient progress has been made to remove the high-risk designation from one area: the Federal Aviation Administration’s (FAA) air traffic control modernization. Since 2007, FAA has continued to make progress in addressing the root causes of its past problems and has committed to sustaining this progress in the future. Continued attention from the executive branch and Congress is needed to make additional progress in other areas. This year, GAO is designating three new high-risk areas: Modernizing the Outdated U.S. Financial Regulatory System. As a result of significant market developments that, in recent decades, have outpaced a fragmented and outdated regulatory structure, significant reforms to the U.S. regulatory system are critically and urgently needed. The current regulatory approach has significant weaknesses that if not addressed will continue to expose the U.S. financial system to serious risks. Determining how to create and implement a regulatory system that reflects new market realities is a key step to reducing the likelihood that our nation will experience another financial crisis similar to the current one. Protecting Public Health through Enhanced Oversight of Medical Products. Concerns have been expressed about FDA’s ongoing ability to fulfill its mission of ensuring the safety and efficacy of drugs, biologics, and medical devices. GAO’s work examining a variety of issues at FDA echoes the conclusions reached by others that the agency is facing significant challenges that compromise its ability to protect Americans from unsafe and ineffective products. FDA needs to, among other things, improve the data it uses to manage the foreign drug inspection program, conduct more inspections of foreign establishments, systematically prioritize and track promotional materials for review, and adopt management tools to ensure that drug sponsors comply with regulations on the presentation of clinical trial results. Transforming EPA’s Processes for Assessing and Controlling Toxic Chemicals. EPA does not have sufficient chemical assessment information to determine whether it should establish controls to limit public exposure to many chemicals that may pose substantial health risks. Actions are needed to streamline and increase the transparency of the Integrated Risk Information System and to enhance EPA’s ability under the Toxic Substances Control Act to obtain health and safety information from the chemical industry. What Remains To Be Done: This report contains GAO’s views on what remains to be done to bring about lasting solutions for each high-risk area. Perseverance by the executive branch in implementing GAO’s recommended solutions and continued oversight and action by Congress are both essential to achieving progress. To view the full product, including the scope and methodology, click on [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-09-271]. For more information, contact George H. Stalcup at (202) 512-9490 or stalcupg@gao.gov. [End of section] GAO’s 2009 High-Risk List: Addressing Challenges In Broad-Based Transformations: * Modernizing the Outdated U.S. Financial Regulatory System[A] (New); * Protecting Public Health through Enhanced Oversight of Medical Products (New); * Transforming EPA’s Processes for Assessing and Controlling Toxic Chemicals[A] (New); * 2010 Census (New in March 2008); * Strategic Human Capital Management[A]; * Managing Federal Real Property[A]; * Protecting the Federal Government’s Information Systems and the Nation’s Critical Infrastructures; * Implementing and Transforming the Department of Homeland Security; * Establishing Effective Mechanisms for Sharing Terrorism-Related Information to Protect the Homeland; * DOD Approach to Business Transformation[A]; - Business Systems Modernization; - Personnel Security Clearance Program; - Support Infrastructure Management; - Financial Management; - Supply Chain Management; - Weapon Systems Acquisition; * Funding the Nation’s Surface Transportation System[A]; * Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests[A]; * Revamping Federal Oversight of Food Safety[A]. Managing Federal Contracting More Effectively: * DOD Contract Management; * DOE’s Contract Management for the National Nuclear Security Administration and Office of Environmental Management; * NASA Acquisition Management; * Management of Interagency Contracting. Assessing the Efficiency and Effectiveness of Tax Law Administration: * Enforcement of Tax Laws[A]; * IRS Business Systems Modernization. Modernizing and Safeguarding Insurance and Benefit Programs: * Improving and Modernizing Federal Disability Programs[A]; * Pension Benefit Guaranty Corporation Insurance Programs[A]; * Medicare Program[A]; * Medicaid Program[A]; * National Flood Insurance Program[A]. Source: GAO. [A] Legislation is likely to be necessary, as a supplement to actions by the executive branch, in order to effectively address this high-risk area. [End of section] Contents: Letter: Historical Perspective: High-Risk Designation Removed: FAA’s Air Traffic Control Modernization: New High-Risk Areas: Modernizing the Outdated U.S. Financial Regulatory System: Protecting Public Health through Enhanced Oversight of Medical Products: Transforming EPA’s Processes for Assessing and Controlling Toxic Chemicals: Progress Being Made in Other High-Risk Areas: Highlights for Each High-Risk Area: Tables: Table 1: Changes to GAO’s High-Risk List, 1990-2009: Table 2: Areas Removed from GAO’s High-Risk List, 1990-2009: Table 3: Year That Areas on GAO’s 2009 High-Risk List Were Designated as High Risk: [End of section] Comptroller General of the United States: United States Government Accountability Office: Washington, DC 20548: January 2009: The President Pro Tempore of the Senate: The Speaker of the House of Representatives: Since 1990, GAO has periodically reported on government operations that it identifies as “high risk.” This effort, supported by the Senate Committee on Homeland Security and Governmental Affairs and the House Committee on Oversight and Government Reform, has brought much-needed focus to problems impeding effective government and costing the government billions of dollars each year. To help improve these high- risk operations, GAO has made hundreds of recommendations. GAO’s high- risk status reports are provided at the start of each new Congress. GAO’s focus on high-risk problems also has contributed to congressional oversight and enactment of a series of governmentwide reforms to address critical human capital challenges, strengthen financial management, improve information technology practices, and help promote a more effective, credible, and results-oriented government. Given the wide range of challenges facing the government, and what needs to be done to improve federal programs and operations and save billions of dollars, GAO recently launched its Congressional and Presidential Transition Web site. Together, this high-risk update and GAO’s transition Web site can help set the oversight agenda for the 111th Congress, as well as contribute to an informed and smooth transition to the new administration. Moreover, in the coming months, GAO plans to report on a range of major national issues. We are providing this update to the President and Vice President, the congressional leadership, other Members of Congress, the Director of the Office of Management and Budget, and the heads of major departments and agencies. Signed by: Gene L. Dodaro: Acting Comptroller General of the United States: [End of section] Historical Perspective: In 1990, GAO began a program to report on government operations that it identified as “high risk.” Since then, generally coinciding with the start of each new Congress, GAO has periodically reported on the status of progress to address high-risk areas and updated the high-risk list. GAO’s most recent high-risk update was in January 2007.[Footnote 1] That update identified 27 high-risk areas. In March 2008, a 28th area was added, the 2010 Census. Overall, our high-risk program has served to identify and help resolve serious weaknesses in areas that involve substantial resources and provide critical services to the public. Since our program began, the government has taken high-risk problems seriously and has made long- needed progress toward correcting them. In some cases, progress has been sufficient for us to remove the high-risk designation. A summary of changes to our high-risk list over the past 19 years is shown in table 1. Areas removed from the high-risk list over that same period are shown in table 2. The areas on GAO’s 2009 high-risk list, and the year each was designated as high risk, are shown in table 3. Table 1: Changes to GAO’s High-Risk List, 1990-2009: Original high-risk list in 1990: Number of areas: 14. High-risk areas added since 1990: Number of areas: 37. High-risk areas removed since 1990: Number of areas: 19. High-risk areas consolidated since 1990: Number of areas: 2. High-risk list in 2009: Number of areas: 30. Source: GAO. [End of table] Table 2: Areas Removed from GAO’s High-Risk List, 1990-2009: Area: Federal Transit Administration Grant Management; Year removed: 1995; Year designated high risk: 1990. Area: Pension Benefit Guaranty Corporation; Year removed: 1995; Year designated high risk: 1990. Area: Resolution Trust Corporation; Year removed: 1995; Year designated high risk: 1990. Area: State Department Management of Overseas Real Property; Year removed: 1995; Year designated high risk: 1990. Area: Bank Insurance Fund; Year removed: 1995; Year designated high risk: 1991. Area: Customs Service Financial Management; Year removed: 1999; Year designated high risk: 1991. Area: Farm Loan Programs; Year removed: 2001; Year designated high risk: 1990. Area: Superfund Program; Year removed: 2001; Year designated high risk: 1990. Area: National Weather Service Modernization; Year removed: 2001; Year designated high risk: 1995. Area: The 2000 Census; Year removed: 2001; Year designated high risk: 1997. Area: The Year 2000 Computing Challenge; Year removed: 2001; Year designated high risk: 1997. Area: Asset Forfeiture Programs; Year removed: 2003; Year designated high risk: 1990. Area: Supplemental Security Income; Year removed: 2003; Year designated high risk: 1997. Area: Student Financial Aid Programs; Year removed: 2005; Year designated high risk: 1990. Area: Federal Aviation Administration Financial Management; Year removed: 2005; Year designated high risk: 1999. Area: Forest Service Financial Management; Year removed: 2005; Year designated high risk: 1999. Area: HUD Single-Family Mortgage Insurance and Rental Housing Assistance Programs; Year removed: 2007; Year designated high risk: 1994. Area: U.S. Postal Service’s Transformation Efforts and Long-Term Outlook; Year removed: 2007; Year designated high risk: 2001. Area: FAA’s Air Traffic Control Modernization; Year removed: 2009; Year designated high risk: 1995. Source: GAO. [End of table] Table 3: Year That Areas on GAO’s 2009 High-Risk List Were Designated as High Risk: Area: Medicare Program; Year designated high risk: 1990. Area: DOD Supply Chain Management; Year designated high risk: 1990. Area: DOD Weapon Systems Acquisition; Year designated high risk: 1990. Area: DOE’s Contract Management for the National Nuclear Security Administration and Office of Environmental Management; Year designated high risk: 1990. Area: NASA Acquisition Management; Year designated high risk: 1990. Area: Enforcement of Tax Laws; Year designated high risk: 1990. Area: DOD Contract Management; Year designated high risk: 1992. Area: DOD Financial Management; Year designated high risk: 1995. Area: DOD Business Systems Modernization; Year designated high risk: 1995. Area: IRS Business Systems Modernization; Year designated high risk: 1995. Area: Protecting the Federal Government’s Information Systems and the Nation’s Critical Infrastructures; Year designated high risk: 1997. Area: DOD Support Infrastructure Management; Year designated high risk: 1997. Area: Strategic Human Capital Management; Year designated high risk: 2001. Area: Medicaid Program; Year designated high risk: 2003. Area: Managing Federal Real Property; Year designated high risk: 2003. Area: Improving and Modernizing Federal Disability Programs; Year designated high risk: 2003. Area: Implementing and Transforming the Department of Homeland Security; Year designated high risk: 2003. Area: Pension Benefit Guaranty Corporation Insurance Programs; Year designated high risk: 2003. Area: Establishing Effective Mechanisms for Sharing Terrorism-Related Information to Protect the Homeland; Year designated high risk: 2005. Area: DOD Approach to Business Transformation; Year designated high risk: 2005. Area: DOD Personnel Security Clearance Program; Year designated high risk: 2005. Area: Management of Interagency Contracting Year designated high risk: 2005. Area: National Flood Insurance Program; Year designated high risk: 2006. Area: Funding the Nation’s Surface Transportation System; Year designated high risk: 2007. Area: Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests; Year designated high risk: 2007. Area: Revamping Federal Oversight of Food Safety; Year designated high risk: 2007. Area: 2010 Census; Year designated high risk: 2008. Area: Modernizing the Outdated U.S. Financial Regulatory System; Year designated high risk: 2009. Area: Protecting Public Health through Enhanced Oversight of Medical Products; Year designated high risk: 2009. Area: Transforming EPA's Processes for Assessing and Controlling Toxic Chemicals; Year designated high risk: 2009. Source: GAO. [End of table] Eight of the 19 areas removed from the list over the years were among the 14 programs and operations we determined to be high risk at the outset of our efforts to monitor such programs. These results demonstrate that the sustained attention and commitment by Congress and agencies to resolve serious, long-standing high-risk problems have paid off, as root causes of the government’s exposure for half of our original high-risk list have been successfully addressed. Historically, high-risk areas have been so designated because of traditional vulnerabilities related to their greater susceptibility to fraud, waste, abuse, and mismanagement. As our high-risk program has evolved, we have increasingly used the high-risk designation to draw attention to areas associated with broad-based transformations needed to achieve greater economy, efficiency, effectiveness, accountability, and sustainability of selected key government programs and operations. Perseverance by the executive branch is needed in implementing our recommended solutions for addressing these high-risk areas. Continued congressional oversight and, in some cases, additional legislative action will also be key to achieving progress, particularly in addressing challenges in broad-based transformations. To determine which federal government programs and functions should be designated high risk, we use our guidance document Determining Performance and Accountability Challenges and High Risks.[Footnote 2] In determining whether a government program or operation is high risk, we consider whether it involves national significance or a management function that is key to performance and accountability. We also consider whether the risk is: * an inherent problem, such as may arise when the nature of a program creates susceptibility to fraud, waste, and abuse, or; * a systemic problem, such as may arise when the programmatic; management support; or financial systems, policies, and procedures established by an agency to carry out a program are ineffective, creating a material weakness. Further, we consider qualitative factors, such as whether the risk: * involves public health or safety, service delivery, national security, national defense, economic growth, or privacy or citizens’ rights, or; * could result in significantly impaired service; program failure; injury or loss of life; or significantly reduced economy, efficiency, or effectiveness. In addition, we also consider the exposure to loss in monetary or other quantitative terms. At a minimum, $1 billion must be at risk in areas such as the value of major assets being impaired; revenue sources not being realized; major agency assets being lost, stolen, damaged, wasted, or underutilized; improper payments; and contingencies or potential liabilities. Before making a high-risk designation, we also consider corrective measures planned or under way to resolve a material control weakness and the status and effectiveness of these actions. When legislative and agency actions, including those in response to our recommendations, result in significant and sustainable progress toward resolving a high-risk problem, we remove the high-risk designation. Key determinants here include a demonstrated strong commitment to, and top leadership support for, addressing problems, the capacity to address problems, a corrective action plan, and demonstrated progress in implementing corrective measures. The next sections discuss how we applied our criteria in determining what high-risk designations to add or remove for our 2009 update. [End of section] High-Risk Designation Removed: For our 2009 high-risk update, we determined that one area warranted removal from the high-risk list: the Federal Aviation Administration’s (FAA) air traffic control modernization. As we have with areas previously removed from the high-risk list, we will continue to monitor this program, as appropriate, to ensure that the improvements we have noted are sustained. FAA’s Air Traffic Control Modernization: Faced with growing air traffic and aging equipment, FAA initiated an ambitious effort to modernize its air traffic control system in 1981. This modernization involved acquiring a vast network of radar, navigation, communications, and information-processing systems, as well as new air traffic control facilities. However, key projects within this modernization experienced significant cost overruns, schedule delays, and performance shortfalls that affected FAA’s ability to deliver systems as promised. In 1995, we designated FAA’s air traffic control modernization as high risk because of the program’s estimated $36 billion cost, its complexity, its criticality to FAA’s mission of ensuring safe and efficient air travel, and its problem-plagued past. In our 1997 high- risk update, we again included the modernization, not only for the reasons cited in 1995, but also because our subsequent work found pervasive and fundamental problems in FAA’s approach to managing the modernization. Over the years, we reported on the root causes of these problems, including (1) immature capabilities for acquiring systems, (2) lack of an institutionalized architecture, (3) inadequate cost estimating and accounting practices, (4) an incomplete investment management process, and (5) an organizational culture that impaired modernization efforts. In our January 2007 high-risk update, we noted that FAA had made significant progress in addressing weaknesses in its air traffic control modernization. For example, the agency established a framework for improving system management capabilities, addressed weaknesses on selected air traffic control systems, implemented components of a cost accounting system, established a cost estimating methodology, and made progress in establishing an organizational culture that supported sound acquisitions. We also reported that FAA worked with the Office of Management and Budget (OMB) to develop an action plan to continue to address program weaknesses. However, we retained FAA’s modernization on the high-risk list in 2007 because improved system management capabilities had not been institutionalized, the cost estimating methodology had not been fully implemented, and major systems were coming on line. Moreover, FAA still faced many human capital challenges, including obtaining the technical and contract management expertise needed to define, implement, and integrate numerous complex programs and systems. Since 2007, FAA has continued to make significant progress in addressing the weaknesses that put it on the high-risk list. FAA executives, managers, and staff have demonstrated a strong commitment to—and a capacity for—resolving risks. Agency executives worked with OMB to refine corrective action plans to address weaknesses, instituted programs to monitor and evaluate the effectiveness of corrective measures, and demonstrated progress in implementing these corrective measures. Specifically, FAA (1) improved management capabilities on major projects and is working to extend these improvements to new projects; (2) continued to develop an enterprise architecture—a blueprint of the agency’s current and target operations and infrastructure—and is refining it as FAA’s next-generation system becomes better defined; (3) implemented a cost estimating methodology and a cost accounting system; (4) implemented a comprehensive investment management process; and (5) assessed its human capital challenges and is now identifying plans to address critical staff shortages. These efforts have yielded positive results. FAA has put multiple new systems into operation throughout the country, including new air traffic displays, runway safety systems, and weather processing systems. In addition, while FAA has reduced the scope of several key programs, its acquisitions have experienced fewer cost overruns and schedule delays. Looking to the future, FAA also developed an updated corrective action plan for 2009 to sustain its improvement efforts and enhance its ability to address risks. We are removing FAA’s air traffic control modernization from the high- risk list because of the agency’s progress in addressing most of the root causes of its past problems and its commitment to sustaining progress in the future. Nonetheless, we will be closely monitoring FAA’s efforts because the modernization program is still technically complex and costly, and FAA needs to place a high priority on efficient and effective management. FAA’s improvement efforts are even more critical because the modernization has now been extended to plan for a next-generation air transportation system that is to transform the current radar-based system to an aircraft-centered, satellite-based system. The next- generation program extends beyond FAA to include multiple federal agencies, including the Department of Defense and the National Aeronautics and Space Administration, as well as nonfederal aviation stakeholders, such as aviation equipment manufacturers, airports, and aircraft operators. As FAA moves forward with this program, it risks confronting the same system acquisition issues that have plagued it in the past. In addition, we and the Department of Transportation’s Inspector General have reported that FAA faces challenges in undertaking needed research and development to better define new technologies, transitioning legacy systems to next-generation technologies, addressing aging facilities, and obtaining staff with the knowledge and skills to manage the program. We plan to closely monitor FAA’s efforts to plan and implement the next-generation air transportation system. [End of section] New High-Risk Areas: GAO’s use of the high-risk designation to draw attention to the challenges associated with the economy, efficiency, and effectiveness of government programs and operations in need of broad-based transformation has led to important progress. We will also continue to identify high-risk areas based on the more traditional focus on fraud, waste, abuse, and mismanagement. Our focus will continue to be on identifying the root causes behind vulnerabilities, as well as actions needed on the part of the agencies involved and, if appropriate, Congress. For 2009, we are designating three new high-risk areas: * Modernizing the Outdated U.S. Financial Regulatory System. * Protecting Public Health through Enhanced Oversight of Medical Products. * Transforming EPA’s Processes for Assessing and Controlling Toxic Chemicals. In addition to the new high-risk designations discussed below, we will continue to monitor other management challenges identified through our work. These include, for example, oil and gas resource management and revenue collection, the deteriorating financial condition of the U.S. Postal Service, and FAA’s oversight of aviation safety. Modernizing the Outdated U.S. Financial Regulatory System: Having a vibrant, healthy financial sector is critical to the United States. Banks and other depository institutions provide safe locations for the savings of the nation’s citizens, and these funds are used to provide loans to businesses that provide many of the jobs in the economy. Having active and liquid markets for securities enables the U.S. government, states, and municipalities, as well as private-sector businesses, to raise the capital needed to provide infrastructure for the nation and for new products and services. To ensure that the nation benefits from the offerings of the financial sector, the United States found that regulating financial markets, institutions, and products is more efficient and effective than leaving the fairness and integrity of this activity to market participants themselves. Among the goals that the U.S. financial regulatory system has sought to achieve are: * ensuring adequate consumer protections, * ensuring the integrity and fairness of markets, * monitoring the safety and soundness of institutions, and, * acting to ensure the stability of the overall financial system. However, recently the United States has been experiencing the worst financial crisis in more than 75 years. In the past year, several large financial institutions have failed or required assistance from the government. The crisis also spread to global financial markets, requiring coordinated action by world leaders in an attempt to protect savings and restore the health of the markets. U.S. regulators have taken unprecedented steps to stem the unraveling of the financial services sector by using taxpayer funds to rescue financial institutions and restore order to credit markets. These include actions by the Department of the Treasury, the Federal Reserve, the Federal Deposit Insurance Corporation, the Federal Housing Finance Agency, and others.[Footnote 3] One of the major efforts to address the current crisis includes the Troubled Asset Relief Program (TARP), which was authorized under the Emergency Economic Stabilization Act that was signed into law on October 3, 2008. Under this authority, the Department of the Treasury has undertaken various efforts to stabilize U.S. financial markets and the banking system, including injecting billions of dollars into financial institutions. Through the capital purchase program—a preferred stock and warrant purchase program—Treasury provided more than $155 billion in capital to 87 institutions as of December 5, 2008.[Footnote 4] We recognize that TARP has only recently been created and that a new program of such magnitude faces many challenges, especially in this current uncertain economic climate. However, we reported that Treasury had yet to address a number of critical issues, including determining how it will ensure that the capital purchase program is achieving its intended goals and monitoring participating institutions’ compliance with the program’s limitations on executive compensation and dividend payments. Moreover, further actions are needed to establish an effective management structure and an essential system of internal control. While much of the attention of policymakers appropriately has been focused on taking short-term steps to address the immediate nature of the crisis, these events have served to demonstrate that the current U.S. financial regulatory system is in need of significant reform. The current U.S. financial regulatory structure is the culmination of 150 years of statutory and regulatory changes in response to financial crises or significant developments in the financial services sector. Congress created one of the first federal banking regulators—the Office of the Comptroller of the Currency, which charters and supervises national banks and their subsidiaries—in 1863 to establish a system for financing the nation’s Civil War debt and reducing financial uncertainty resulting from differences in state banking regulations. Congress created much of the remaining structure for banking oversight either in response to bank runs and panics at the turn of the 20th century, which resulted in the creation of the Federal Reserve System in 1913, or as a result of the Great Depression, which saw the creation of the Federal Deposit Insurance Corporation—which today oversees state- chartered institutions and insures the deposits of all federally supervised banks. As a result of the turmoil of the 1920s and 1930s, including the severe stock market crash of 1929, the Securities and Exchange Commission was created to supplement the oversight of states and other organizations that oversee broker-dealers, investment advisers, exchanges, and other key market participants. Since then, Congress has continued to adjust the U.S. regulatory structure in response to crises like the savings and loan failures of the 1980s. Not all changes to the regulation of financial markets arose out of crises. For example, the Gramm-Leach-Bliley Act of 1999 allowed banks to expand their securities activities by reversing restrictions put in place in the 1930s. Accounting and auditing rules—which are an integral part of the financial regulatory system—have also changed significantly in recent years, in response to the development of new financial assets as well as corporate scandals. Several significant changes in financial markets and products in recent decades have revealed limitations in the existing financial regulatory system. First, overseeing large financial conglomerates has proved challenging, particularly in overseeing their risk management activities on a consolidated basis and in identifying and mitigating the systemic risks they pose. Second, regulators have had to address problems in financial markets resulting from the activities of large and sometimes less-regulated market participants, some of which play significant roles in today’s financial markets. For example, nonbank mortgage lenders, which generally are not subject to direct federal oversight, as well as largely unregulated investment bank securitization of mortgage loans, played a key role in subprime mortgage lending in recent years, which triggered broader financial turmoil. Similarly, entities such as hedge funds, credit rating agencies, and special entities created to hold assets outside of regulated financial institutions have played significant roles in financial market activities and recent or past crises, but have created challenges for effective oversight. A third development that has revealed limitations in the current regulatory system has been the increasing prevalence of new and more complex products. For example, institutions and investors have faced losses arising from new securities investment products whose income and returns derive from pools of mortgage loans and other securities, and consumers have faced difficulty understanding new and increasingly complex retail mortgage and credit products. Fourth, standard setters for accounting and financial regulators, including the Financial Accounting Standards Board and the Securities and Exchange Commission, have faced growing challenges in trying to ensure that accounting standards appropriately respond to financial market developments, as well as the new challenges arising from the global convergence of accounting and auditing standards. Finally, despite the increasingly global aspects of financial markets, the current fragmented U.S. regulatory structure has complicated some efforts to coordinate internationally with other regulators. As a result of significant market developments that, in recent decades have outpaced a fragmented and outdated regulatory structure, significant reforms to the U.S. regulatory system are critically and urgently needed. The current regulatory approach has significant weaknesses that if not addressed will continue to expose the U.S. financial system to serious risks in the future. As the administration and Congress continue to take actions to address the immediate financial crisis, determining how to create a regulatory system that reflects new market realities is a key step to reducing the likelihood that the nation will experience a similar financial crisis in the future. Currently, considerable debate is under way over whether and how the current regulatory system should be changed; calls have been made for consolidating regulatory agencies, broadening certain regulators’ authorities, and subjecting certain products or entities to more regulation. For example, in March 2008, the Department of the Treasury proposed significant financial regulatory reforms in its Blueprint for a Modernized Financial Regulatory Structure, and other federal regulatory officials and industry groups have also put forth reform proposals. As these and other proposals are developed or evaluated, it will be important to carefully consider their advantages and disadvantages and long-term implications. As early as 1994, we identified the need to modernize the federal financial regulatory structure, including the need to address the risks from new unregulated products. Since then, we have described various options for Congress to consider, each of which provides potential improvements, as well as some risks and potential costs. Building upon the existing body of work on the regulation of financial markets and emerging issues, we issued a report in January 2009 that can be used to help create a new system of regulation and to evaluate regulatory proposals that emerge.[Footnote 5] Specifically, this report to Congress includes an evaluation framework that outlines the key elements that any new regulatory system should include regardless of the structure it takes, such as ensuring systemwide risks are identified and mitigated and that consumers are protected. The total cost of loans, credit guarantees, and other assistance that the Treasury, Federal Reserve or other government entities have committed to date to address the current financial turmoil has been estimated to be in the trillions of dollars, which far exceeds the $160 billion cost of the savings and loan crisis. In the near term, oversight is needed to ensure that the government’s responses to the crisis achieve their goals effectively. In the longer term, modernizing the U.S. financial regulatory system will be a critical step to ensuring that the challenges of the 21st century can be met. Protecting Public Health through Enhanced Oversight of Medical Products: Americans depend on the Food and Drug Administration (FDA), an agency within the Department of Health and Human Services (HHS), to ensure the safety and effectiveness of medical products—drugs, biologics, and medical devices—marketed in the United States. The agency’s medical product responsibilities are far-reaching and apply to such products regardless of whether they are manufactured domestically or overseas. In 2006, medical products regulated by FDA generated $290 billion in pharmaceutical sales, and about 3.3 billion prescriptions were filled. In that same year, investments in biological products—such as vaccines and human tissues—exceeded $40 billion, and 235 million vaccines were administered. In addition, sales by manufacturers of medical devices and radiological products totaled $110 billion. Over 100 million surgical procedures—all requiring the use of medical devices—were performed in 2005. In 2008, FDA reported that over 64,000 domestic establishments were manufacturing medical products in 2008. There are thousands of additional establishments located overseas that are manufacturing products for the U.S. market, and with globalization, their numbers are increasing annually. FDA’s role has grown significantly since the federal government first began regulating medical products more than 100 years ago. Its responsibilities now begin long before a product is brought to market and continue after a product’s approval. For example, while a new drug is still in the investigational, preapproval stage, FDA monitors the success of the drug in clinical trials. It reviews the applications of thousands of new medical products filed annually to decide whether they should be allowed to be marketed in the United States. FDA also oversees the quality of thousands of products already on the market. Among other things, the agency inspects establishments to ensure they are in compliance with current good manufacturing practices requirements (GMP) and evaluates the results of studies conducted by drug sponsors concerning the safety and efficacy of their products. In addition, FDA receives reports and tracks adverse events associated with marketed medical products and responds to public health emergencies, such as those involving tainted drugs. It also examines manufacturers’ promotional materials, including direct-to-consumer advertising, to ensure they are not false or misleading. Many have begun expressing concern about FDA’s ongoing ability to fulfill its mission of ensuring the safety and efficacy of drugs, biologics, and medical devices. Reports issued by both FDA’s own Science Board in 2007 and the Congressional Research Service in 2008 point out that the demands on the agency have soared in recent years for a variety of reasons. These include the complexity of new products submitted to FDA for premarket approval, the emergence of challenging safety problems, the globalization of the industries that FDA regulates, and new statutory responsibilities. The Science Board also found that FDA’s resources had not increased in proportion to the growing demands placed on it, putting public health at risk. Similarly, in 2006, citing serious resource constraints, the National Academy of Sciences’ Institute of Medicine expressed concern for the future of drug safety. HHS’s Office of Inspector General (OIG) included the oversight of drug and medical device safety as one of its top management performance challenges for fiscal year 2007. Our work examining a variety of issues at FDA echoes the conclusions reached by others that the agency is facing significant challenges that compromise its ability to protect Americans from unsafe and ineffective products. FDA has recently announced plans that may help it address some of it resource challenges, such as embarking on a major multiyear hiring initiative and investing in an information technology modernization effort. However, to make a meaningful difference, these initiatives will require effective implementation, and their success cannot yet be evaluated. Although such initiatives may hold promise, we nonetheless believe that FDA needs to enhance its oversight of medical products to better protect public health. Inspecting Foreign Manufacturers: FDA’s ability to ensure the quality of medical products manufactured overseas is an area of particular concern. FDA’s management of its foreign drug and medical device inspection programs has been compromised by weaknesses in its databases, which contain divergent estimates of the number of foreign establishments subject to inspection.[Footnote 6] These databases are not electronically integrated and do not readily interact with one another. Comparisons of the data are complex, and some must be performed manually, complicating FDA’s ability to appropriately prioritize foreign establishments for inspection. Although inspections of manufacturing establishments are an essential component of ensuring safety and compliance with GMPs, the agency conducts relatively few inspections of foreign establishments. Because FDA does not know how many foreign establishments manufacturing drugs and medical devices are actually subject to inspection, the exact percentage that has been inspected cannot be calculated with certainty. However, for fiscal year 2007, by using information from its databases, FDA compiled a list of 3,249 foreign drug manufacturing establishments for the purpose of prioritizing them for inspections that focus on compliance with GMPs. Using this count of establishments and the average number of foreign drug inspections conducted between fiscal years 2002 and 2007, we found that the agency may inspect about 8 percent of such establishments in a given year. At this rate, it would take FDA more than 13 years to inspect each foreign drug establishment on this list once, assuming that no additional establishments are subject to inspection. Similarly, FDA estimated that it has inspected foreign establishments manufacturing medical devices that it considers high risk every 6 years and medium risk devices every 27 years. FDA’s inspections of drug and device manufacturers overseas are further challenged by unique circumstances posing difficulties that are not encountered domestically. For example, FDA does not have a dedicated staff to conduct foreign inspections. It is unable to conduct unannounced inspections of foreign manufacturers, as it sometimes does with domestic manufacturers. It also lacks the flexibility to easily extend foreign inspections if problems are encountered, due to the need to adhere to an itinerary that typically involves multiple inspections in the same country. Language barriers can add to the difficulty of these inspections. FDA does not routinely provide translators to its inspection teams. Instead, they may have to rely on an English-speaking representative of the establishment being inspected, rather than an independent translator. Although FDA has proposed initiatives to improve foreign inspections, including opening a limited number of overseas offices, it is too early to tell whether they will be effective. We recently recommended that FDA, among other things, improve the data it uses to manage the foreign drug inspection program and conduct more inspections of foreign establishments. HHS agreed that FDA should conduct more inspections of foreign establishments and elaborated on its efforts to improve its databases, but it did not provide specific time frames for accomplishing these tasks. Monitoring Postmarket Safety: FDA’s monitoring of postmarket safety of approved products has been questioned by numerous groups for more than 30 years. Several recent high-profile drug safety cases have continued to raise concerns that the agency did not respond appropriately or quickly enough to evidence that drugs already on the market were causing serious adverse reactions among patients. In 2004, FDA was criticized during congressional hearings for taking too long to tell physicians and patients about studies linking the use of antidepressants among children to an increased risk of suicidal behavior. In that same year, also during congressional hearings, it received criticism that it did not act quickly enough on evidence it obtained in 2001 about the cardiovascular risks of Vioxx, an anti-inflammatory drug. Among other things, we found that FDA lacked clear and effective processes for making decisions about, and providing management oversight of, postmarket safety issues.[Footnote 7] We also identified problems with the data sources FDA relies on to obtain information about postmarket drug safety. For example, while decisions about postmarket drug safety are often based on reports of adverse events, FDA cannot establish the true frequency of adverse events in the population through its data system. Because it cannot calculate the true frequency of such events, it is difficult to establish the magnitude of a safety problem. Reports of adverse events may also be confounded by other factors, such as other drug exposures. FDA may also rely on the results of clinical trials and observational studies, but we found that FDA has often relied on the voluntary agreement of drug sponsors to complete postmarket studies—many of which are never completed. The HHS OIG has also identified weaknesses in FDA’s postmarket monitoring of drugs, such as an ineffective management information system to track postmarket studies. It concluded that FDA was unable to readily determine whether studies were progressing toward completion. Although FDA has made some organizational and policy changes to its management and oversight of postmarket safety and received new authority to require and enforce that drug manufacturers conduct postmarket studies, when deemed necessary, we remain concerned with FDA’s progress and the potential public health consequences if FDA is not able to make decisions quickly. Reviewing Promotional Materials for Medical Products: As advertising and other promotions of prescription drugs have increased, the need for FDA’s scrutiny of such materials has also increased. The agency’s oversight is meant to ensure that promotional materials are not false or misleading and includes reviews of materials directed at both physicians and patients. Among other things, the agency seeks to identify materials that omit or minimize risks, overstate a medication’s effectiveness, or provide unsubstantiated comparative claims of superiority. In 2007, drug companies spent $6.7 billion on promotions directed at medical professionals, such as advertisements in professional medical journals and materials provided by drug company sales representatives. They also spent $3.7 billion in direct-to-consumer advertising, including promotions found on television, radio, magazines, newspapers, and the Internet. FDA’s oversight has not kept pace with the workload generated by this spending. For example, in 2007, the agency received 68,000 separate submissions of promotional materials from drug companies. At that time FDA had no more than 44 full-time equivalent staff to review such materials and, thus, was only able to examine a small portion of them. As a consequence, FDA prioritizes its reviews in order to examine those promotional materials that have the greatest potential effect on public health. However, we have found that this prioritization is not systematic, and, as a result, the agency cannot ensure it is identifying those materials that may have the greatest adverse effect on public health, should they contain false or misleading information. [Footnote 6] We have also found the agency does not track information on its reviews and cannot determine how many materials it reviews in a given year. In addition to these reviews, FDA is limited in its ability to identify violations that would not be identified through its review of submitted material—for instance, presentations by drug companies at medical conferences and discussions between doctors and sales representatives in doctors’ offices. We found that when FDA does identify potentially violative promotional materials—such as those that promote the use of a drug for a broader range of patients than it has been found to be safe and effective for—it has taken the agency months to ask that the drug companies cease their dissemination of these materials and more time for the companies to respond to FDA’s request. Yet, multimillion-dollar settlements between the Department of Justice and drug manufacturers regarding allegations that manufacturers illegally promoted drugs by distributing violative advertising materials continue to point to the need for greater FDA scrutiny. We have recommended that FDA systematically prioritize materials for review and track these materials. HHS disagreed with our finding that promotional materials are not systematically prioritized by FDA. HHS also disagreed with our recommendation that FDA should track these materials. We continue to believe our recommendations merit action. Overseeing Clinical Trials: As part of its duties, FDA is charged with overseeing clinical trials of investigational new drugs before they are approved for marketing. These trials are critical to establishing the safety and efficacy of a drug prior to approval. However, weaknesses in FDA’s oversight of these trials have been reported by the HHS OIG. For example, the OIG recently reported on weaknesses in FDA’s ability to oversee the protection of human subjects in clinical drug trials. Among other things, the OIG found vulnerabilities, including data limitations, which inhibit FDA’s ability to effectively manage clinical trials conducted through its Bioresearch Monitoring Program. It also determined that few inspections are conducted of clinical trial sites—only 1 percent of such sites during fiscal years 2000-2005. We have also raised concerns regarding FDA’s oversight of clinical trials. For example, we reported on FDA’s oversight of these trials involving elderly persons and found many instances where FDA’s analyses of differences in the safety and effectiveness of particular drugs for various age groups were not reported in its clinical review summaries, even though the drugs were used to treat conditions more prevalent among the elderly.[Footnote 9] Similarly, we cited weaknesses involving the reporting of clinical trial results by drug companies that did not adequately distinguish the results of male participants from female participants.[Footnote 10] Because there are differences in the way men and women absorb, distribute, and metabolize drugs, it is important that clinical trials track whether men and women face different drug-related health risks. We found that FDA did not take full advantage of available data to learn more about the effects of drugs in women and recommended that the agency take steps to ensure that drug sponsors comply with regulations regarding the presentation of results by gender. We further recommended that FDA consistently and systematically discuss gender differences in their written reviews of new drug applications. FDA has not implemented this recommendation, which we made in 2001. Transforming EPA’s Processes for Assessing and Controlling Toxic Chemicals: The Environmental Protection Agency (EPA) lacks adequate scientific information on the toxicity of many chemicals that may be found in the environment—as well as on tens of thousands of chemicals used commercially in the United States. Scientific information on the toxicity of chemicals is needed to, among other things, support effective and informed decision making on whether EPA should establish controls to protect the public under such environmental laws as the Clean Air Act, the Safe Drinking Water Act, and the Toxic Substances Control Act (TSCA). EPA’s inadequate progress in assessing toxic chemicals significantly limits the agency’s ability to fulfill its mission of protecting human health and the environment. GAO recently reported that EPA’s Integrated Risk Information System (IRIS)—a database that contains EPA’s scientific position on the potential human health effects of exposure to more than 540 chemicals—is at serious risk of becoming obsolete because the agency has not been able to complete timely, credible assessments or decrease its backlog of 70 ongoing assessments. Overall, EPA has finalized a total of only 9 assessments in the past 3 fiscal years. As of December 2007, 69 percent of ongoing assessments had been in progress for more than five years, and 17 percent had been in progress for more than 9 years. In addition, EPA data as of 2003 indicated that more than half of the 540 existing assessments may be outdated. Five years later, the percentage is likely to be much higher. Some of the IRIS assessments that have been in progress the longest cover key chemicals likely to cause cancer or other significant health effects. For example, EPA’s assessment of dioxin has been under way for 18 years. The Assistant Administrator for Research and Development recently told a congressional committee that the agency is years away from completing the dioxin assessment, and, as of December 2008, EPA’s database providing the status of individual IRIS assessments does not indicate either a starting date for developing a draft assessment or an estimated completion date for this key assessment. Although dioxin is a known cancer-causing chemical to which humans are regularly exposed by eating such dietary staples as meats, fish, and dairy products, actions to protect the public will likely be delayed until the assessment is complete. Since EPA estimates that the assessment process for complex chemicals such as dioxin could take 6 to 8 years to complete, the public in the meantime will likely remain at risk. Other toxic chemicals with widespread human exposure whose assessments have been in progress for 10 or more years include formaldehyde, trichloroethylene, and tetrachloroethylene. EPA’s efforts to finalize the assessments have been thwarted by a combination of factors, including (1) two new OMB-required reviews of IRIS assessments by the Office of Management and Budget (OMB) and other federal agencies; (2) EPA management decisions, such as delaying some assessments to await new research or analyses; and (3) the compounding effect of delays—even one delay can have a domino effect, requiring the process to essentially be repeated to incorporate changing science. Thus, EPA’s decision to wait for new research on key chemicals rather than relying on the best available scientific data at the time of the assessment is conducted—as had been EPA’s general approach in the 1990s—can have a significant impact on assessment completion dates, delaying the agency’s ability to protect the public from exposure to toxic chemicals. As a general rule, requiring that IRIS assessments be based on the best science available at the time of the assessment is a standard that would best support a goal of completing assessments with reasonable time periods and minimizing the need to conduct significant levels of rework. Moreover, the OMB-required reviews, which are not publicly available, are problematic because they involve other federal agencies in EPA’s IRIS assessment process in a manner that limits the credibility of IRIS assessments and hinders EPA’s ability to manage them. Specifically, some of the agencies providing input into the assessments are those that may be affected by the assessments should they lead to regulatory or other actions that would place additional requirements on the agencies. Importantly, these reviews lack transparency—a particular credibility concern in light of the involvement of agencies that may be affected by the outcome. GAO has also reported that EPA’s assessments of industrial chemicals under TSCA provide limited information on health and environmental risks. Most significantly, EPA does not routinely assess the risks of the roughly 80,000 industrial chemicals that are already in use in the United States. TSCA generally places the burden of obtaining data on these chemicals on EPA, rather than requiring the companies that produce the chemicals to develop and submit such data. This burden is costly and time-consuming since TSCA requires that EPA demonstrate that certain health or environmental risks are likely before it can require companies to further test their chemicals. TSCA provides slightly more robust authority in the case of new chemicals, about 700 of which are introduced into commerce annually. Chemical companies are required to provide EPA with certain information on new chemicals in “premanufacture notices,” and EPA may ban or limit their use if this information is inadequate. However, while 85 percent of premanufacture notices lack any health or safety test data, the agency does not often use its authority to obtain this information. In contrast, the European Union’s Registration, Evaluation and Authorization of Chemicals (REACH) legislation generally places the burden on companies to provide data on the chemicals they produce and to address the risks those chemicals pose to human health and the environment. Although numerous GAO reports have identified significant shortcomings with the IRIS assessment process and TSCA, and made recommendations to remedy them, EPA’s responses have not sufficiently improved the scientific information available to support critical decisions regarding whether and how to protect human health from toxic chemicals. For example, GAO recommended that EPA streamline and increase the transparency of its IRIS assessment process. However, when EPA implemented a new assessment process in 2008, it did not incorporate the recommendations. In fact, the new process exacerbates the productivity and credibility concerns GAO identified. In its previous reports on TSCA, GAO has recommended both statutory and regulatory changes to, among other things, strengthen EPA’s authority to obtain additional information from the chemical industry, shift more of the burden to chemical companies for demonstrating the safety of their chemicals, and enhance the public’s understanding of the risks of chemicals to which they may be exposed. Neither Congress nor EPA has implemented the most important recommendations aimed at providing EPA with the information needed to support its assessments of industrial chemicals. Without greater attention to EPA’s efforts to assess toxic chemicals, the nation lacks assurance that human health and the environment are adequately protected. [End of section] Progress Being Made in Other High-Risk Areas: In many other areas that remain on our 2009 high-risk list, there has been progress, including in one area, Department of Energy contract management, for which the scope has been narrowed. Top administration officials have expressed their commitment to ensuring that high-risk areas receive adequate attention and oversight. The Office of Management and Budget (OMB) has led an initiative to prompt agencies to develop action plans for each area on our high-risk list. A number of the more detailed plans establish specific goals and milestones for addressing the risks identified by us within the high- risk areas. OMB has held regular meetings with agency officials as these plans have been developed and updated. Further, OMB has encouraged agencies to consult with us regarding the problems our past work has identified, as well as the many recommendations we have made. OMB has made these action plans publicly available on the Internet for the vast majority of high-risk areas we identified, thereby enhancing the visibility of high-risk areas and accountability for addressing high-risk problems. While progress on developing and implementing action plans has been mixed, collectively the plans are forming a foundation of accountability that, if sustained, could lead to significant movement toward addressing high-risk problems. Such a concerted effort by agencies and continued attention by OMB are critical; our experience over the past 19 years has shown that perseverance is required to fully resolve high-risk areas. Congress, too, will continue to play an important role through its oversight and, where appropriate, through legislative action targeting both specific problems and the high-risk areas overall. Examples of progress in other programs or operations that were previously designated as high risk are discussed below and in the highlights pages following this section. * Since the January 2007 high-risk update, the Department of Energy (DOE) has completed a root-cause analysis to better understand the underlying weaknesses with its contract and project management. Based on that root-cause analysis, DOE also completed a comprehensive corrective action plan to address these weaknesses, with both near-term and long-term goals and objectives. On the basis of these actions, and other improvements made over the past decade to establish a more structured and disciplined approach to contract and project management, GAO believes DOE as a whole has substantially met three of the five criteria necessary for removal from our high-risk list. Specifically, DOE has (1) demonstrated strong commitment and leadership, (2) demonstrated progress in implementing corrective measures, and (3) developed a corrective action plan that identifies root causes, effective solutions, and a near-term plan for implementing the solutions. Two criteria remain: having the capacity (people and resources) to resolve the problems and monitoring and independently validating the effectiveness and sustainability of corrective measures. Regarding capacity, DOE’s April 2008 root-cause analysis report recognized as one of the top 10 issues that the department lacked an adequate number of federal contracting and project personnel with the appropriate skills (such as cost estimating, risk management, and technical expertise) to plan, direct, and oversee project execution. Monitoring and validating the effectiveness and sustainability of corrective measures will take time to demonstrate. GAO’s recent work at the Office of Science—DOE’s third-largest program element—showed additional progress in meeting these criteria. Science officials are taking steps to address human capital and resource issues, and Science has demonstrated strong performance in meeting cost and schedule targets. Specifically, GAO’s work found that of 42 Office of Science projects completed or under way from fiscal years 2003 through 2007, more than two-thirds were completed or being carried out within original cost and schedule targets. Although projects across DOE will continue to receive scrutiny, especially as investments in the research and development of innovative energy technologies are projected to increase in the coming years, GAO has decided to narrow the scope of this high-risk area to focus on the two major program elements remaining within DOE that continue to experience significant problems—the National Nuclear Security Administration (NNSA) and the Office of Environmental Management (EM). Our work has shown that NNSA and EM do not yet consistently follow departmental requirements for project management and continue to struggle to meet cost and schedule goals on major projects. With a combined annual budget of more than $14 billion and with missions often involving complex one-of-a-kind efforts, consistent and rigorous contract and project management are vital. Furthermore, NNSA and EM are each facing daunting tasks over the coming decades. NNSA is embarking on a major initiative to modernize the nation's aging nuclear weapons production facilities, a project that will take more than a decade and cost, at a minimum, tens of billions of dollars. EM continues to face complex and long-term challenges in cleaning the legacy of radioactive and hazardous waste from decades of weapons production. Billions of dollars will be spent over the coming decades to build facilities to treat and dispose of millions of gallons of this waste. * Since the 2007 high-risk update, the National Aeronautics and Space Administration (NASA) has taken significant steps to improve its acquisition management with the implementation of new policies and procedures and the development of a corrective action plan to address weaknesses in areas identified as high risk by GAO. For example, NASA revised its acquisition and engineering polices to incorporate elements of a knowledge-based approach that should allow the agency to make informed decisions. The agency is also instituting a new approach whereby senior leadership is reviewing acquisition strategies earlier in the process and developed broad procurement tenets to guide the agency’s procurement practices. In order to improve its contracting and procurement process, NASA has instituted an agencywide standard contract writing application intended to ensure all contracts include the most up-to-date NASA contract clauses and to improve the efficiency of the contracting process. Among other procurement policy reforms, an earned value management procurement policy has been established and a requirement that all award fee contracts undergo a cost-benefit analysis has been codified to improve the likelihood that NASA is using its resources most effectively. In addition, NASA has approved new or revised policies pertaining to project management requirements and risk management procedural requirements. NASA has also focused significant attention on improving training related to high-risk areas and has developed training courses that focus on program management, cost estimating and other high-risk-related areas targeted for improvement. Implementing these actions will be challenging given budgetary and other pressures facing NASA. However, if done successfully, these measures should enable NASA to foster the expansion of a business- oriented culture, reduce persistent cost growth and schedule delays, and maximize investment dollars. * Regarding the Medicare program, the Centers for Medicare & Medicaid Services (CMS) has made progress in the last 2 years in improving program management, reforming and refining its payment methods, enhancing program integrity, and overseeing patient care and safety. For example, the agency has made progress in implementing its reform of Medicare contracting by conducting competitions for claims administration services in more than half of the jurisdictions and has completed transferring 40 percent of the Medicare claims workload to nine Medicare administrative contractors. CMS has refined how it updates or sets payments for hospitals, home health agencies, and ambulatory surgery centers. In 2008, CMS improved its reporting of improper payments by including those made by the Medicare Advantage (MA) health plans, as well as those made in the traditional fee-for- service parts of the program. In addition, CMS’s oversight of the quality of nursing home care has increased significantly in recent years, and the agency recently issued regulations to improve fire safety in nursing homes. Nevertheless, Medicare’s size, complexity, and vulnerability to mismanagement and improper payments suggest that its high-risk designation cannot be removed. For example, CMS is now estimating that in addition to the $10.4 billion in improper payments made to fee-for-service providers, MA plans made $6.8 billion in improper payments. This enhanced reporting of improper payments indicates that there are weaknesses in the MA program that CMS needs to address, as well as continuing issues in its fee-for-service payments. * The Department of Health and Human Services (HHS) and CMS have made some progress to improve the fiscal integrity and oversight of the Medicaid program, which was designated high risk in 2003. For example, CMS has taken steps to improve the oversight of certain Medicaid financial management activities, including issuing, for the first time, the rate of improper payments for a full year of the Medicaid program. HHS has also established a performance goal to improve accountability over approved Medicaid demonstrations, through the administration’s Program Assessment Rating Tool (PART) program. CMS has also taken some steps to improve its oversight of Medicaid supplemental payments, which totaled at least $23 billion in fiscal year 2006. The exact amount was unknown because of incomplete state reporting. While these HHS actions have been taken, several oversight weaknesses previously identified by GAO have not yet been addressed. For example, CMS has not incorporated the use of key Medicaid data systems into its oversight of states’ Medicaid claims, improved the criteria and process it uses to review the budget neutrality of Medicaid demonstrations prior to approving them, or taken certain recommended steps to enhance its oversight of states’ Medicaid supplemental payments. Further, CMS has estimated that the states made $32.7 billion in improper Medicaid payments, of which the federal share was $18.6 billion, for fiscal year 2007. The magnitude of the program’s payment errors indicates that CMS and the states face significant challenges to address the program’s vulnerabilities. The results of HHS and CMS actions will need to be assessed to determine their effectiveness in improving the program’s fiscal integrity. * The Department of Defense (DOD) has revised its policies and guidance to improve its acquisition of weapon systems and address contract management issues—two long-standing high-risk areas. For example, in December 2008, DOD revised its policy governing major defense acquisition programs in ways that aim to provide key department leaders with the knowledge needed to make informed decisions before a program starts and to maintain discipline once it begins. The revised policy includes the completion of key systems engineering activities before the start of the systems development, a requirement for more prototyping early in programs, and the establishment of review boards to monitor weapon system configuration changes. These changes are consistent with the knowledge-based approach to weapons development that GAO has recommended in its work. Similarly, DOD has issued guidance to address contracting weaknesses and promote the use of sound business arrangements. For example, in response to congressional direction and GAO recommendations, DOD has established a framework for reviewing major services acquisitions, developed guidance on linking monetary incentives for contractors to acquisition outcomes, and promulgated regulations to better manage its use of contracting arrangements that can pose additional risks for the government. These are positive steps, but inconsistent implementation has hindered past DOD efforts to address these high-risk areas. To improve outcomes on the whole, DOD must ensure that these policy changes and others are consistently put into practice and reflected in decisions made on individual acquisitions. * The Office of Management and Budget (OMB) and federal agencies have made progress toward improving the use of interagency contracting. At both the Department of Defense (DOD), the largest user of interagency contracting, and the agencies that provide contracting support for DOD, congressionally required reviews by agency inspectors general have found some improvements in procedures used in making purchases on behalf of DOD. These improvements have led DOD to rescind limits it had imposed on the use of the Department of the Interior’s interagency contracting services. More broadly, in June 2008, OMB issued policy guidance designed to improve the use of interagency contracting across the government. The guidance emphasizes that the use of interagency contracting is a shared responsibility between the requesting and servicing agencies and includes a checklist of roles and responsibilities for the agencies throughout the acquisition life cycle. It also includes a model interagency contracting agreement. But the issuance of guidance alone is not enough to ensure better outcomes. Success in improving the use of interagency contracting will require continued management attention by all parties involved, including agencies, servicing agencies, and OMB. [End of section] Highlights for Each High-Risk Area: Overall, the government continues to take high-risk problems seriously and is making long-needed progress toward correcting them. Congress has also acted to address several individual high-risk areas through hearings and legislation. Continued perseverance in addressing high- risk areas will ultimately yield significant benefits. Lasting solutions to high-risk problems offer the potential to save billions of dollars, dramatically improve service to the American public, strengthen public confidence and trust in the performance and accountability of our national government, and ensure the ability of government to deliver on its promises. We have prepared highlights of each of the 30 high-risk areas on our updated list, showing (1) why the area is high risk; (2) the actions that have been taken and that are under way to address the problem since our last update, as well as the issues that are yet to be resolved; and (3) what remains to be done to address the risk. These highlights are presented on the following pages. High-Risk Series: Modernizing the Outdated U.S. Financial Regulatory System (New): GAO Highlights: For additional information about this high-risk area, contact Orice M. Williams at (202) 512-8678 or williamso@gao.gov. Why Area Is Important: The United States has been experiencing the worst financial crisis in more than 75 years. While much of the attention of policymakers has been appropriately focused on taking short-term steps to address the immediate nature of the crisis, these events have served to demonstrate that the current U.S. financial regulatory system is in need of significant reform. To address the crisis, actions are being taken by the Department of the Treasury, the Federal Reserve, the Federal Deposit Insurance Corporation, and others. These actions place potentially trillions of taxpayer dollars at risk. In addition, failure to modernize the regulatory system places the United States at risk of experiencing future crises. GAO is placing this area on the high-risk list for the first time. Why GAO IS Designating This Area As High Risk: The outbreak of the worst financial crisis since the Great Depression has revealed that the U.S. financial regulatory system has grown increasingly ill-suited to meet the nation’s needs in the 21st century. The current system is a fragmented, complex arrangement of federal and state regulators that arose over the past 150 years often in response to past crises. In the short term,U.S. regulators are taking unprecedented steps to stem the unraveling of the financial services sector. For example, GAO recently reported on a series of actions needed to be taken by the Department of the Treasury to better ensure the integrity, accountability, and transparency of the Troubled Asset Relief Program, intended to restore liquidity and stability to the financial system. As the administration and Congress continue to take actions to address the immediate financial crisis, determining how to create a regulatory system that reflects new market realities is a key step to reducing the likelihood that we will experience another financial crisis similar to the current one. Several significant changes in financial markets and products in recent decades have revealed limitations and gaps in the existing regulatory system that, if not addressed, will continue to expose the financial system to serious risks. * First, regulators have struggled, and often failed, to mitigate the systemic risks posed by large and interconnected financial conglomerates and to ensure these institutions adequately manage their risks. The portion of firms operating as conglomerates that cross financial sectors of banking, securities, and insurance increased significantly in recent years, but none of the regulators is tasked with assessing the risks posed across the entire financial system. * Second, regulators have had to address problems in financial markets resulting from the activities of large and sometimes less-regulated market participants—such as nonbank mortgage lenders, hedge funds, and credit rating agencies—some of which play significant roles in today’s financial markets. * Third, the increasing prevalence of new and more complex investment products have challenged regulators and investors, and consumers have faced difficulty understanding new and increasingly complex retail mortgage and credit products. * Fourth, standard setters for accounting and financial regulators have faced growing challenges in ensuring that accounting standards appropriately respond to financial market developments and in addressing challenges arising from the global convergence of accounting and auditing standards. * Finally, despite the increasingly global aspects of financial markets, the current fragmented U.S. regulatory structure has complicated some efforts to coordinate internationally with other regulators. The following framework presents nine characteristics that should be reflected in any new regulatory system. By applying the elements of this framework, the relative strengths and weaknesses of any reform proposal should be better revealed, and policymakers should be able to focus on identifying trade-offs and balancing competing goals. Similarly, the framework GAO presents could be used to craft a proposal or to identify aspects to be added to existing proposals to make them more effective and appropriate for addressing the limitations of the current system. With trillions of dollars in loans, credit guarantees, and other assistance having been committed by government entities to address the current financial turmoil, ensuring that the United States has an effective and efficient financial regulatory system should serve to minimize additional exposures to taxpayers and potentially prevent large outlays by the federal government to address crises in the future. Characteristic: Clearly defined regulatory goals; Description: Goals should be clearly articulated and relevant, so that regulators can effectively carry out their missions and be held accountable. Key issues include considering the benefits of re- examining the goals of financial regulation to gain needed consensus and making explicit a set of updated comprehensive and cohesive goals that reflect today’s environment. Characteristic: Appropriately comprehensive; Description: Financial regulations should cover all activities that pose risks or are otherwise important to meeting regulatory goals and should ensure that appropriate determinations are made about how extensive such regulations should be, considering that some activities may require less regulation than others. Key issues include identifying risk-based criteria, such as a product’s or institution’s potential to create systemic problems, for determining the appropriate level of oversight for financial activities and institutions, including closing gaps that contributed to the current crisis. Characteristic: Systemwide focus; Description: Mechanisms should be included for identifying, monitoring, and managing risks to the financial system regardless of the source of the risk. Given that no regulator is currently tasked with this, key issues include determining how to effectively monitor market developments to identify potential risks; the degree, if any, to which regulatory intervention might be required; and who should hold such responsibilities. Characteristic: Flexible and adaptable; Description: A regulatory system that is flexible and forward looking allows regulators to readily adapt to market innovations and changes. Key issues include identifying and acting on emerging risks in a timely way without hindering innovation. Characteristic: Efficient and effective; Description: Effective and efficient oversight should be developed, including eliminating overlapping federal regulatory missions where appropriate. Any changes to the system should be continually focused on improving the effectiveness of the financial regulatory system. Key issues include determining opportunities for consolidation given the large number of overlapping participants identifying the appropriate role of states and self-regulation, and ensuring a smooth transition to any new system. Characteristic: Consistent consumer and investor protection; Description: Consumer and investor protection should be included as part of the regulatory mission to ensure that market participants receive consistent, useful information, as well as legal protections for similar financial products and services, including disclosures, sales practice standards, and suitability requirements. Key issues include determining what amount, if any, of consolidation of responsibility may be necessary to streamline consumer protection activities across the financial services industry. Characteristic: Regulators provided with independence, prominence, authority, and accountability; Description: Regulators should have independence from inappropriate influence, as well as prominence and authority to carry out and enforce statutory missions, and be clearly accountable for meeting regulatory goals. With regulators with varying levels of prominence and funding schemes, key issues include how to appropriately structure and fund agencies to ensure that each one’s structure sufficiently achieves these characteristics. Characteristic: Consistent financial oversight; Description: Similar institutions, products, risks, and services should be subject to consistent regulation, oversight, and transparency, which should help minimize negative competitive outcomes while harmonizing oversight, both within the United States and internationally. Key issues include identifying activities that pose similar risks, and streamlining regulatory activities to achieve consistency. Characteristic: Minimal taxpayer exposure; Description: A regulatory system should foster financial markets that are resilient enough to absorb failures and thereby limit the need for federal intervention and limit taxpayers’ exposure to financial risk. Key issues include identifying safeguards to prevent systemic crises, and minimizing moral hazard. [End of table] What Remains to Be Done: In the near term, oversight is needed to ensure that the government’s responses to the crisis achieve their goals effectively. In the longer term, modernizing the U.S. financial regulatory system will be a critical step to ensuring that the challenges of the 21st century can be met. In January 2009, GAO issued a report that described how market and product developments in recent decades have challenged the current system and presented an evaluation framework that should help policymakers make needed changes. Related GAO Products for: Modernizing the Outdated U.S. Financial Regulatory System: Financial Regulation: A Framework for Crafting and Assessing Proposals to Modernize the Outdated U.S. Financial Regulatory System. [hyperlink, http://www.gao.gov/products/GAO-09-216]. Washington, D.C.: January 8, 2009. Troubled Asset Relief Program: Additional Actions Needed to Better Ensure Integrity, Accountability, and Transparency. [hyperlink, http://www.gao.gov/products/GAO-09-161]. Washington, D.C.: December 2, 2008. Information on Recent Default and Foreclosure Trends for Home Mortgages and Associated Economic and Market Developments. [hyperlink, http://www.gao.gov/products/GAO-08-78R]. Washington, D.C.: October 16, 2007. Financial Regulation: Industry Trends Continue to Challenge the Federal Regulatory Structure. [hyperlink, http://www.gao.gov/products/GAO-08-32]. Washington, D.C.: October 12, 2007. Financial Market Regulation: Agencies Engaged in Consolidated Supervision Can Strengthen Performance Measurement and Collaboration. [hyperlink, http://www.gao.gov/products/GAO-07-154]. Washington, D.C.: March 15, 2007. Financial Regulation: Industry Changes Prompt Need to Reconsider U.S. Regulatory Structure. [hyperlink, http://www.gao.gov/products/GAO-05-61]. Washington, D.C.: October 6, 2004. [End of Highlights for Modernizing the Outdated U.S. Financial Regulatory System] High-Risk Series: Protecting Public Health through Enhanced Oversight of Medical Products (New): GAO Highlights: For additional information about this high-risk area, contact Marcia Crosse at (202) 512-7114 or crossem@gao.gov. Why Area Is Important: Americans depend on the Food and Drug Administration (FDA) to ensure the safety and effectiveness of medical products—drugs, biologics, and medical devices—marketed in the United States. In 2006, Americans filled over 3 billion prescriptions and received 235 million vaccines. In 2005, more than 100 million surgical procedures were performed, all relying on the use of medical devices. The agency’s responsibilities begin long before a product is brought to market and continue after a product’s approval. In recent years FDA’s responsibilities have grown with the passage of laws containing new requirements, the complexity of products submitted to FDA for approval, and the globalization of the medical products industry. Many, including FDA’s own Science Board and the National Academy of Sciences’ Institute of Medicine have questioned FDA’s ability to continue to adequately fulfill its mission. Why GAO Is Designating This Are As High Risk: GAO’s recent work echoes the conclusions reached by others that FDA is facing significant challenges that compromise its ability to protect Americans from unsafe and ineffective medical products. Specifically, GAO identified challenges in: * Inspecting foreign establishments manufacturing drugs or medical devices—FDA’s management of inspections has been compromised by weaknesses in its databases which limit its ability to identify all establishments subject to inspection. FDA also inspects relatively few foreign establishments each year. For example, FDA used a list of 3,249 foreign drug establishments to prioritize its fiscal year 2007 inspections that focus on good manufacturing practices. Based on this list, GAO estimated that FDA may inspect about 8 percent of such establishments in a given year, despite the increasing globalization of this and other industries FDA regulates. At this rate, it would take FDA more than 13 years to inspect each foreign drug establishment on this list once, assuming that no additional establishments are subject to inspection. * Monitoring postmarket drug safety—FDA has lacked clear and effective processes for its decision-making on postmarket safety issues. For example, the agency was criticized during congressional hearings for not acting quickly enough on evidence it obtained about the cardiovascular risks of Vioxx, an anti-inflammatory drug. GAO also identified problems with the data systems FDA relies on to obtain safety information. Although FDA has made some changes to its management and oversight, GAO remains concerned with FDA’s progress and the potential public health consequences if it is not able to make decisions quickly. * Reviewing advertising and promotional materials—FDA’s review is meant to ensure that these materials are not false or misleading. Because of the sheer volume of materials received—68,000 separate submissions for drug promotions in 2007—FDA was able to examine only a small portion of them. GAO found that FDA’s prioritization of materials to review is not systematic and that the agency does not track information on its reviews. In addition, when potentially violative materials are identified—such as materials that promote the use of a drug for a broader range of patients than it has been found to be safe and effective for—it has taken FDA months to ask that the drug company cease dissemination of these materials. • Overseeing clinical trials of investigational new drugs—GAO identified weaknesses in reporting clinical trial results. For example, drug companies often did not adequately distinguish the results of male from female participants, despite the importance of determining whether men and women face different drug-related health risks. What Remains to Be Done: GAO believes that, to better protect the public health, FDA needs to implement GAO recommendations that remain unaddressed. These include improving the data it uses to manage the foreign drug inspection program, conducting more inspections of foreign establishments, systematically prioritizing and tracking promotional materials for review, and taking steps to ensure that drug sponsors comply with regulations regarding the presentation of clinical trial results. Related GAO Products for: Protecting Public Health through Enhanced Oversight of Medical Products: Drug Safety: Better Data Management and More Inspections Are Needed to Strengthen FDA’s Foreign Drug Inspection Program. [hyperlink, http://www.gao.gov/products/GAO-08-970]. Washington, D.C.: September 22, 2008. Prescription Drugs: FDA’s Oversight of the Promotion of Drugs for Off- Label Uses. [hyperlink, http://www.gao.gov/products/GAO-08-835]. Washington, D.C.: July 28, 2008. Medical Devices: FDA Faces Challenges in Conducting Inspections of Foreign Manufacturing Establishments. [hyperlink, http://www.gao.gov/products/GAO-08-780T]. Washington, D.C.: May 14, 2008. Prescription Drugs: Trends in FDA’s Oversight of Direct-to-Consumer Advertising. [hyperlink, http://www.gao.gov/products/GAO-08-758T]. Washington, D.C.: May 8, 2008. Drug Safety: Preliminary Findings Suggest Recent FDA Initiatives Have Potential, but Do Not Fully Address Weaknesses in Its Foreign Drug Inspection Program. [hyperlink, http://www.gao.gov/products/GAO-08-701T]. Washington, D.C.: April 22, 2008. Medical Devices: Challenges for FDA in Conducting Manufacturer Inspections. [hyperlink, http://www.gao.gov/products/GAO-08-428T]. Washington, D.C.: January 29, 2008. Prescription Drugs: FDA Guidance and Regulations Related to Data on Elderly Persons in Clinical Trials. [hyperlink, http://www.gao.gov/products/GAO-07-47R]. Washington, D.C.: September 28, 2007. Drug Safety: Further Actions Needed to Improve FDA’s Postmarket Decision-making Process. [hyperlink, http://www.gao.gov/products/GAO-07-856T]. Washington, D.C.: May 9, 2007. Prescription Drugs: Improvements Needed in FDA’s Oversight of Direct-to- Consumer Advertising. [hyperlink, http://www.gao.gov/products/GAO-07-54]. Washington, D.C.: November 16, 2006. Drug Safety: Improvement Needed in FDA’s Postmarket Decision-making and Oversight Process. [hyperlink, http://www.gao.gov/products/GAO-06-402]. Washington, D.C.: March 31, 2006. Women’s Health: Women Sufficiently Represented in New Drug Testing, but FDA Oversight Needs Improvement. [hyperlink, http://www.gao.gov/products/GAO-01-754]. Washington, D.C.: July 6, 2001. [End of Highlights for Protecting Public Health through Enhanced Oversight of Medical Products] High-Risk Series: Transforming EPA’s Processes for Assessing and Controlling Toxic Chemicals (New): GAO Highlights: For additional information about this high-risk area, contact John Stephenson at (202) 512-3841 or stephensonj@gao.gov. Why Area Is Important: The Environmental Protection Agency’s (EPA) ability to effectively implement its mission of protecting public health and the environment is critically dependent on credible and timely assessments of the risks posed by toxic chemicals. Such assessments are the cornerstone of scientifically sound environmental decisions, policies, and regulations under a variety of statutes, such as the Safe Drinking Water Act, the Toxic Substances Control Act (TSCA), and the Clean Air Act. However, EPA has failed to develop sufficient chemical assessment information to limit public exposure to many chemicals that may pose substantial health risks. Why GAO Is Designating This Area As High Risk: EPA’s Integrated Risk Information System (IRIS). Created in 1985 to provide EPA with consensus opinions within the agency on the health effects of chronic exposure to chemicals, the IRIS database provides the basic information EPA needs to determine whether it should establish controls to, for example, protect the public from exposure to toxic chemicals in the air and water and at hazardous waste sites. In 2008, GAO reported that IRIS, which contains assessments of more than 540 toxic chemicals, is at serious risk of becoming obsolete because EPA has not been able to keep its existing assessments current or to complete assessments of the most important chemicals of concern. Factors contributing to EPA’s inability to complete assessments in a timely manner include OMB-required reviews of IRIS assessments, certain management decisions, such as delaying some assessments to await new research, and the compounding effect of delays—even a single delay can force EPA to essentially restart assessments to incorporate changing science and methods. A number of key chemicals have been caught in this seemingly endless cycle, limiting EPA’s ability to protect the public health from ubiquitous chemicals that are likely to cause cancer or other serious health effects. For example, EPA’s formaldehyde and dioxin assessments have been in progress for about 12 and 18 years, respectively. Overall, EPA has finalized a total of only 9 assessments in the past 3 fiscal years; as of December 2007, most of the 70 ongoing assessments had been in progress for more than 5 years; and more than half of all current assessments may be outdated. Moreover, the OMB- required reviews, which are not publicly available, limit the credibility of the assessments because they involve federal agencies that may be affected by the assessments should they lead to regulatory actions. GAO recommended that EPA adopt a streamlined, more transparent assessment process. Instead, EPA adopted a revised process in 2008 that did not incorporate the recommendations and also exacerbates the productivity and credibility concerns GAO identified. TSCA. GAO has also reported that EPA’s assessments of industrial chemicals under TSCA provide limited information on health and environmental risks. TSCA generally places the burden of obtaining information about the roughly 80,000 chemicals already on the U.S. market on EPA, rather than on the companies that produce the chemicals. The act requires EPA to demonstrate that certain health or environmental risks are likely before it can require companies to further test their chemicals. As a result, EPA does not routinely assess the risks of the industrial chemicals that are already in use. For the approximately 700 new chemicals introduced into commerce annually, chemical companies provide EPA with certain information in premanufacture notices, and EPA can ban or limit their use if this information is inadequate. Although 85 percent of the notices lack any health or safety test data, EPA does not often use its authority to obtain more information. This approach contrasts with the one taken by the European Union, which generally places the burden on companies to provide data on the chemicals they produce and to address the risks they pose to human health and the environment. What Remains to Be Done: Because the viability of the IRIS database has been further jeopardized by EPA’s revised IRIS assessment process, the agency should immediately implement GAO’s recommendations to streamline and increase the transparency of this assessment process. In reports on TSCA, GAO has recommended both statutory and regulatory changes to, among other things, provide EPA with additional authorities to obtain health and safety information from the chemical industry and to shift more of the burden to chemical companies for demonstrating the safety of their chemicals. Congress and EPA need to act on these important issues. Related GAO Products for: Transforming EPA’s Processes for Assessing and Controlling Toxic Chemicals: EPA Science: New Assessment Process Further Limits the Credibility and Timeliness of EPA’s Assessments of Toxic Chemicals. [hyperlink, http://www.gao.gov/products/GAO-08-1168T]. Washington, D.C.: September 18, 2008. Chemical Assessments: EPA’s New Assessment Process Will Further Limit the Productivity and Credibility of Its Integrated Risk Information System. [hyperlink, http://www.gao.gov/products/GAO-08-810T]. Washington, D.C.: May 21, 2008. Toxic Chemicals: EPA’s New Assessment Process Will Increase Challenges EPA Faces in Evaluating and Regulating Chemicals. [hyperlink, http://www.gao.gov/products/GAO-08-743T]. Washington, D.C.: April 29, 2008. Chemical Assessments: Low Productivity and New Interagency Review Process Limit the Usefulness and Credibility of EPA’s Integrated Risk Information System. [hyperlink, http://www.gao.gov/products/GAO-08-440]. Washington, D.C.: March 7, 2008. Chemical Regulation: Comparison of U.S. and Recently Enacted European Union Approaches to Protect against the Risks of Toxic Chemicals. [hyperlink, http://www.gao.gov/products/GAO-07-825]. Washington, D.C.: August 17, 2007. Chemical Regulation: Actions Are Needed to Improve the Effectiveness of EPA's Chemical Review Program. [hyperlink, http://www.gao.gov/products/GAO-06-1032T]. Washington, D.C.: August 2, 2006. Chemical Regulation: Approaches in the United States, Canada, and the European Union. [hyperlink, http://www.gao.gov/products/GAO-06-217R]. Washington, D.C.: November 4, 2005. Chemical Regulation: Options Exist to Improve EPA’s Ability to Assess Health Risks and Manage Its Chemical Review Program. [hyperlink, http://www.gao.gov/products/GAO-05-458]. Washington, D.C.: June 13, 2005. [End of Highlights for Transforming EPA’s Processes for Assessing and Controlling Toxic Chemicals] High-Risk Series: 2010 Census (New in March 2008): GAO Highlights: For additional information about this high-risk area, contact Robert Goldenkoff at (202) 512-2757 or goldenkoffr@gao.gov, or David Powner at (202) 512-9286 or pownerd@gao.gov. Why Area Is High Rick: The decennial census is a constitutionally mandated enterprise essential to our nation. Census data are used to apportion and redistrict Congress and to help allocate billions of dollars in federal assistance to state and local governments each year. GAO initially designated the 2010 Census as a high-risk area in March 2008 because of (1) long-standing weaknesses in the U.S. Census Bureau’s (Bureau) information technology (IT) acquisition and contract management function, (2) problems with the performance of handheld computers used to collect data, and (3) uncertainty over the ultimate cost of the census, currently estimated at more than $14 billion. In response to GAO’s recommendations, the Bureau has made progress on these challenges, in part by strengthening its risk management efforts. Still, the census remains high risk because a critical risk management exercise planned for 2008—a “dress rehearsal” of all census operations—was curtailed. As a result, key operations and systems, including some that will be used for the first time in a census, were not tested in concert with one another or under census-like conditions. What GAO Found: The lack of a full dress rehearsal limits the Bureau’s ability to demonstrate the various enumeration activities under near-census-like conditions. This is significant because while the Bureau has performed many of these activities in previous censuses, some operations—such as mailing a second questionnaire to households that do not complete their census forms by a certain date, the removal of late mail returns, and fingerprinting hundreds of thousands of temporary census workers—are new for 2010 and introduce new operational risks. Moreover, uncertainty over the cost of the census remains, as the Bureau has not fully updated or documented the components of its 2010 Census cost estimate. The Bureau canceled a full dress rehearsal, in part, because of performance problems with handheld computers (HHC) that were to be used in two large, labor-intensive operations: address canvassing, and following up with nonrespondents. However, because the HHCs experienced slow processing, freeze ups, and other technical problems, the Bureau abandoned plans to use them for nonresponse follow-up and will only use them for address canvassing, where the Bureau verifies map and address information. In lieu of a full dress rehearsal, the Bureau has tested, and will continue to test, individual components of the census prior to Census Day, April 1, 2010. However, the tests will be in isolation, and there will be no end-to-end test similar to what the dress rehearsal would have provided. For example, in December2008, the Bureau conducted an operational field test of the systems and software used for address canvassing, including the HHCs. Initial test results appear to be encouraging. However, more information is needed to determine the Bureau’s overall readiness for address canvassing as the test was not an end-to-end systems evaluation, did not validate all address canvassing requirements, and did not assess procedures or training. Moreover, the Bureau has yet to develop a testing plan for nonresponse follow-up, its largest and most expensive census operation. According to Bureau officials, they are currently focused on carrying out address canvassing, the Bureau’s first major field operation, and that detailed plans for nonresponse follow-up should be in place soon. Consequently, while the December test and other evaluations will help inform future preparations, the schedule is becoming increasingly compressed, and little time will be available for the Bureau to make refinements. Importantly, the Bureau has made progress in addressing some of the challenges GAO has identified. For example, in November 2008, the Bureau issued a high-risk improvement plan that describes its strategy for managing risk and key actions to address GAO’s earlier recommendations. While these are steps in the right direction, the Bureau has yet to demonstrate that the full complement of census-taking activities will work together as intended; as a result, the Bureau’s overall readiness for the 2010enumeration is uncertain. What Remains to Be Done: The Bureau will need to continue to address GAO’s recommendations to improve its IT management capabilities, complete operational planning, and update and document its cost estimates. Further, in the absence of a full dress rehearsal, the Bureau will need to ensure its readiness for the enumeration through continued rigorous end-to-end testing. Related GAO Products for: 2010 Census: 2010 Census: The Bureau’s Plans for Reducing the Undercount Show Promise, but Key Uncertainties Remain. [hyperlink, http://www.gao.gov/products/GAO-08-1167T]. Washington, D.C.: September 23, 2008. 2010 Census: Census Bureau’s Decision to Continue with Handheld Computers for Address Canvassing Makes Planning and Testing Critical. [hyperlink, http://www.gao.gov/products/GAO-08-936]. Washington, D.C.: July 31, 2008. 2010 Census: Census Bureau Should Take Action to Improve the Credibility and Accuracy of Its Cost Estimate for the Decennial Census. [hyperlink, http://www.gao.gov/products/GAO-08-554]. Washington, D.C.: June 16, 2008. 2010 Census: Plans for Decennial Census Operations and Technology Have Progressed, but Much Uncertainty Remains. [hyperlink, http://www.gao.gov/products/GAO-08-886T]. Washington, D.C.: June 11, 2008. 2010 Census: Census at Critical Juncture for Implementing Risk Reduction Strategies. [hyperlink, http://www.gao.gov/products/GAO-08-659T]. Washington, D.C.: April 9, 2008. Information Technology: Significant Problems of Critical Automation Program Contribute to Risks Facing 2010 Census. [hyperlink, http://www.gao.gov/products/GAO-08-550T]. Washington, D.C.: March 5, 2008. Information Technology: Census Bureau Needs to Improve Its Risk Management of Decennial Systems. [hyperlink, http://www.gao.gov/products/GAO-08-259T]. Washington, D.C.: December 11, 2007. Information Technology: Census Bureau Needs to Improve Its Risk Management of Decennial Systems. [hyperlink, http://www.gao.gov/products/GAO-08-79]. Washington, D.C.: October 5, 2007. [End of Highlights for 2010 Census] High-Risk Series: Strategic Human Capital Management: GAO Highlights: For additional information about this high-risk area, contact Yvonne Jones at (202) 512-2717 or jonesy@gao.gov. Why Area is High Risk: GAO designated strategic human capital management as a high-risk area in 2001 because of the federal government’s long-standing lack of a consistent approach to human capital management. The area remains high risk because of a continuing need for a governmentwide framework to advance human capital reform. This framework is vital to avoid further fragmentation within the civil service, ensure management flexibility as appropriate, allow a reasonable degree of consistency, provide adequate safeguards, and maintain a level playing field among agencies competing for talent. What GAO Found: Congress and the executive branch have taken steps to address the federal government's human capital shortfalls. For example, Congress provided agencies across the executive branch with additional human capital flexibilities, such as specific hiring authorities. The Office of Personnel Management (OPM) launched an 80-day hiring model to help speed up the hiring process and issued guidance on the use of hiring authorities and flexibilities. OPM has also helped agencies develop more strategic approaches to human capital management by putting a variety of tools and guidance on its Web site. While much progress has been made in the last few years to address human capital challenges, strategic human capital management is a critical element in 18 of 30 GAO high-risk areas—one of which is the state of the federal acquisition workforce, which has been experiencing an increasing workload and complexity of responsibilities without adequate attention to its size, skills and knowledge, and succession planning. Thus, ample opportunities continue to exist for agencies to improve their strategic human capital management in four key areas and for OPM’s continued leadership in fostering and guiding improvements in these areas. * Leadership: Top leadership in agencies across the federal government must provide committed and inspired attention needed to address human capital and related organizational transformation issues. * Strategic human capital planning: Strategic human capital planning that is integrated with broader organizational strategic planning is critical to ensuring agencies have the talent and skill mix they need to address their current and emerging human capital challenges, especially as the federal government faces a retirement wave. * Acquiring, developing, and retaining talent: Faced with a workforce that is becoming more retirement eligible and finding gaps in talent, agencies need to strengthen their efforts and use of available flexibilities to acquire, develop, motivate, and retain talent. * Results-oriented organizational culture: Leading organizations create a clear linkage—“line of sight”—between individual performance and organizational success and, thus, transform their workplaces and cultures to be more results-oriented, customer-focused, collaborative, diverse, and inclusive. OPM and federal agencies should be held accountable for the ongoing monitoring and refinement of human capital approaches to recruit, hire, develop, motivate, and retain a capable and committed federal workforce. With continued commitment and strong leadership, the federal government can be an employer of choice. What Remains to Be Done: GAO has suggested that until a governmentwide framework to advance human capital reform is in place, agencies still need to take actions to help address the complex challenges. Specifically, (1) top agency leaders must commit to addressing human capital and related organizational transformation issues; (2) human capital planning efforts need to be fully integrated with mission and critical program goals; (3) continued efforts are needed to improve recruiting, hiring, professional development, and retention strategies, to ensure agencies have needed talent; and (4) organizational cultures need to promote high performance and accountability, empower and include employees in setting and accomplishing programmatic goals, and ensure diversity at all levels of the workforce. Related GAO Products for: Strategic Human Capital Management: Human Capital: Diversity in the Federal SES and Processes for Selecting New Executives. [hyperlink, http://www.gao.gov/products/GAO-09-110]. Washington, D.C.: November 26, 2008. Results-Oriented Management: Opportunities Exist for Refining the Oversight and Implementation of the Senior Executive Performance-Based Pay System. [hyperlink, http://www.gao.gov/products/GAO-09-82]. Washington, D.C.: November 21, 2008. Human Capital: DOD Needs to Improve Implementation of and Address Employee Concerns about Its National Security Personnel System. [hyperlink, http://www.gao.gov/products/GAO-08-773]. Washington, D.C.: September 10, 2008. Human Capital: Transforming Federal Recruiting and Hiring Efforts. [hyperlink, http://www.gao.gov/products/GAO-08-762T]. Washington, D.C.: May 8, 2008. Older Workers: Federal Agencies Face Challenges, but Have Opportunities to Hire and Retain Experienced Employees. [hyperlink, http://www.gao.gov/products/GAO-08-630T]. Washington, D.C.: April 30, 2008. Office of Personnel Management: Opportunities Exist to Build on Recent Progress in Internal Human Capital Capacity. [hyperlink, http://www.gao.gov/products/GAO-08-11]. Washington, D.C.: October 31, 2007. Federal Acquisitions and Contracting: Systemic Challenges Need Attention. [hyperlink, http://www.gao.gov/products/GAO-07-1098T]. Washington, D.C.: July 17, 2007. Human Capital: Greater Focus on Results in Telework Programs Needed. [hyperlink, http://www.gao.gov/products/GAO-07-1002T]. Washington, D.C.: June 12, 2007. Human Capital: Federal Workforce Challenges in the 21st Century. [hyperlink, http://www.gao.gov/products/GAO-07-556T]. Washington, D.C.: March 6, 2007. Office of Personnel Management: Key Lessons Learned to Date for Strengthening Capacity to Lead and Implement Human Capital Reforms. [hyperlink, http://www.gao.gov/products/GAO-07-90]. Washington, D.C.: January 19, 2007. GAO’s Congressional and Presidential Transition Web Site: For additional information on human capital issues facing the federal government, visit GAO’s Web site on the 2009 congressional and presidential transition: [hyperlink, http://www.gao.gov/transition_2009/challenges/human-capital- management.php] [hyperlink, http://www.gao.gov/transition_2009/challenges/acquisition_management/ens ure_capacity.php] [End of Highlights for Strategic Human Capital Management] High-Risk Series: Managing Federal Real Property: GAO Highlights: For additional information about this high-risk area, contact Mark L. Goldstein at (202) 512-2834 or goldsteinm@gao.gov. Why Area is High Risk: Federal agencies continue to face long-standing problems, including excess and underutilized property, deteriorating facilities, and reliance on costly leasing. Protecting federal facilities from terrorism is also an ongoing challenge. Progress has been made due to the Office of Management and Budget’s (OMB) and agencies’ attention to this area, but the problems that led to the designation of real property management as a high-risk area in 2003 persist. In addition, deep-rooted obstacles, including competing stakeholder interests and legal and budgetary limitations, will continue to affect reform efforts. As a result, this area remains high risk. What GAO Found: Long-standing problems with excess and underutilized property, deteriorating facilities, unreliable real property data, over reliance on costly leasing, and security challenges led to GAO’s high-risk designation in 2003. In response to an administration reform initiative and Executive Order 13327, agencies have, among other things, established asset management plans, standardized data, and adopted performance measures. The executive order also established the Federal Real Property Council to promote reform efforts. In April 2008, OMB reported that the President had set a goal of disposing of $15 billion in unneeded assets by 2015, including $7 billion that agencies had disposed of since 2004. OMB also reported success in developing a comprehensive database of federal real property assets. GAO plans to monitor these efforts. While these actions represent positive steps, some of the core problems that led to the designation of this area as high risk persist. For example, in January 2008, GAO reported that agencies’ reliance on leasing instead of ownership was increasing. In fact, the General Services Administration (GSA), which acts as the government’s leasing agent, predicted that in 2008 it would, for the first time, lease more property than it owned. In addition, in October 2008, GAO reported that the government’s fiscal exposure from repair and maintenance backlogs is unclear and that agencies generally expect their backlogs to increase as buildings age and construction costs increase. GAO had reported in April 2007 that the backlog for six large agencies exceeded $16 billion. Regarding security, GAO reported in June 2008 that the Federal Protective Service—a unit of the Department of Homeland Security—faces operational challenges that have increased the risk of crime or terrorist attacks at about 9,000 GSA facilities. As GAO has reported in the past, real property management problems have been exacerbated by deep-rooted obstacles that include competing stakeholder interests, various legal and budget-related limitations, and the need for better capital planning among agencies. For example, competing stakeholder interests—such as local resistance to giving up a federal presence—pose a barrier to disposal of property. Legal and budgetary limitations—such as funding needed to prepare property for disposal and the inability of some agencies to retain sale proceeds—are also obstacles. While reforms to date are positive, the new administration and Congress will be challenged to sustain reform momentum and reach consensus on how the obstacles should be addressed. What Remains to Be Done: A challenge for the incoming administration will be to sustain ongoing reform efforts in real property management and show continued progress in eliminating problems, such as excess property and repair backlogs. To solidify the reform efforts, GAO supports enacting the executive order 13327 requirements into law. Furthermore, agencies continue to face deep-rooted obstacles that will require strategies that are well thought out, and in some cases, additional changes in law. To inform these efforts, OMB and agencies need to address the obstacles more directly through a re-assessment of options, which GAO has recommended. Although progress has been made, it is unlikely that a large-scale transformation in this area will occur unless this is done. Related GAO Products for: Managing Federal Real Property: Federal Real Property: Government’s Fiscal Exposure from Repair and Maintenance Backlogs Is Unclear. [hyperlink, http://www.gao.gov/products/GAO-09-10]. Washington, D.C.: October 16, 2008. Homeland Security: The Federal Protective Service Faces Several Challenges That Hamper Its Ability to Protect Federal Facilities. [hyperlink, http://www.gao.gov/products/GAO-08-683]. Washington, D.C.: June 11, 2008. Federal Real Property: Strategy Needed to Address Agencies’ Long- standing Reliance on Costly Leasing. [hyperlink, http://www.gao.gov/products/GAO-08-197]. Washington, D.C.: January 24, 2008. Federal Real Property: Progress Made toward Addressing Problems, but Underlying Obstacles Continue to Hamper Reform. [hyperlink, http://www.gao.gov/products/GAO-07-349]. Washington, D.C.: April 13, 2007. Federal Capital: Three Entities’ Implementation of Capital Planning Principles Is Mixed. [hyperlink, http://www.gao.gov/products/GAO-07-274]. Washington, D.C.: February 23, 2007. Homeland Security: Guidance and Standards Are Needed for Measuring the Effectiveness of Agencies’ Facility Protection Efforts. [hyperlink, http://www.gao.gov/products/GAO-06-612]. Washington, D.C.: May 31, 2006. [End of Highlights for Managing Federal Real Property] High-Risk Series: Protecting the Federal Government’s Information Systems and the Nation’s Critical Infrastructures: GAO Highlights: For additional information about this high-risk area, contact David Powner at (202) 512-9286 or pownerd@gao.gov, or Gregory C. Wilshusen at (202) 512-6244 or wilshuseng@gao.gov. Why Area IS High Risk: Federal agencies and our nation’s critical infrastructures—such as power distribution, water supply, telecommunications, national defense, and emergency services—rely extensively on computerized information systems and electronic data to carry out their operations. The security of these systems and data is essential to preventing disruptions in critical operations, fraud, and inappropriate disclosure of sensitive information. Protecting federal computer systems and the systems that support critical infrastructures—referred to as cyber critical infrastructure protection, or cyber CIP—is a continuing concern. Federal information security has been on GAO’s list of high-risk areas since 1997; in 2003, GAO expanded this high-risk area to include cyber CIP. The continued risks to information systems include escalating and emerging threats; the ease of obtaining and using hacking tools; the steady advance in the sophistication of attack technology; and the emergence of new and more destructive attacks. What GAO Found: Federal agencies have made progress in strengthening information security, as required by the Federal Information Security Management Act of 2002 (FISMA). The administration has also launched several initiatives that are intended to improve security over federal systems, such as establishing security configurations for desktop computers and reducing the number of federal access points to the Internet. However, most agencies continue to experience significant deficiencies that jeopardize the confidentiality, integrity, and availability of their systems and information. For example, agencies did not consistently implement effective controls to prevent, limit, and detect unauthorized access or manage the configuration of network devices to prevent unauthorized access and ensure system integrity. A primary reason for these problems is that agencies have not fully institutionalized comprehensive security management programs, which are critical for identifying and resolving weaknesses and managing risks on an ongoing basis. Until agencies implement the hundreds of recommendations made by GAO and their inspectors general to resolve identified deficiencies and fully implement effective security programs, a broad array of federal assets and operations will remain at unnecessary risk of fraud, misuse, and disruption. As the focal point for federal efforts to protect the nation’s critical infrastructures, the Department of Homeland Security (DHS) has key cyber security responsibilities, including developing a national plan for cyber critical infrastructure protection; planning for and coordinating cyber incident response and recovery; and identifying and assessing cyber threats and vulnerabilities. In its 2007 high-risk report, GAO reported that although DHS had taken steps to fulfill its responsibilities—including establishing the U.S. Computer Emergency Readiness Team, developing high-level plans for infrastructure protection and incident response, establishing public/private working groups to facilitate coordination among government and industry, and organizing exercises in which government and private industry can practice responding to cyber events—DHS had not completely fulfilled any of its key responsibilities. GAO had made recommendations to address these shortfalls. Since then, DHS continues to make progress in several areas, and GAO’s work also continues to highlight areas requiring further attention. Since 2006, GAO has made numerous recommendations in the following key areas: * bolstering cyber analysis and warning capabilities. * reducing organizational inefficiencies. * completing actions identified during cyber exercises. * developing sector-specific plans that fully address all cyber-related criteria. * improving cyber security of infrastructure control systems. * strengthening DHS’s ability to help recover from Internet disruptions. Until these and other key cyber security areas are effectively addressed, the nation’s cyber critical infrastructure is at risk of increasing threats posed by terrorists, nation-states, and others. What Remains to Be Done: Additional federal efforts are needed to establish effective information security programs that are consistent with FISMA, including resolving identified deficiencies. Federal cyber CIP actions should include fulfilling key cyber security responsibilities, such as bolstering cyber analysis and warning capabilities, improving infrastructure control systems cyber security, and strengthening DHS’s ability to help recover from Internet disruptions. Related GAO Products for: Protecting the Federal Government’s Information Systems and the Nation’s Critical Infrastructures: Critical Infrastructure Protection: DHS Needs to Better Address Its Cybersecurity Responsibilities. [hyperlink, http://www.gao.gov/products/GAO-08-1157T]. Washington, D.C.: September 16, 2008. Information Security: Actions Needed to Better Protect Los Alamos National Laboratory’s Unclassified Computer Network. [hyperlink, http://www.gao.gov/products/GAO-08-1001]. Washington, D.C.: September 9, 2008. Cyber Analysis and Warning: DHS Faces Challenges in Establishing a Comprehensive National Capability. [hyperlink, http://www.gao.gov/products/GAO-08-588]. Washington, D.C.: July 31, 2008. Information Security: Federal Agency Efforts to Encrypt Sensitive Information Are Under Way, but Work Remains. [hyperlink, http://www.gao.gov/products/GAO-08-525]. Washington, D.C.: June 27, 2008. Information Security: TVA Needs to Address Weaknesses in Control Systems and Networks. [hyperlink, http://www.gao.gov/products/GAO-08-526]. Washington, D.C.: May 21, 2008. Information Security: Progress Reported, but Weaknesses at Federal Agencies Persist. [hyperlink, http://www.gao.gov/products/GAO-08-571T]. Washington, D.C.: March 12, 2008. Information Security: Protecting Personally Identifiable Information. [hyperlink, http://www.gao.gov/products/GAO-08-343]. Washington, D.C.: January 25, 2008. Information Security: IRS Needs to Address Pervasive Weaknesses. [hyperlink, http://www.gao.gov/products/GAO-08-211]. Washington, D.C.: January 8, 2008. Critical Infrastructure Protection: Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain. [hyperlink, http://www.gao.gov/products/GAO-08-119T]. Washington, D.C.: October 17, 2007. Critical Infrastructure Protection: Sector-Specific Plans’ Coverage of Key Cyber Security Elements Varies. [hyperlink, http://www.gao.gov/products/GAO-08-113]. Washington, D.C.: October 31, 2007. Information Security: Sustained Management Commitment and Oversight Are Vital to Resolving Long-standing Weaknesses at the Department of Veterans Affairs. [hyperlink, http://www.gao.gov/products/GAO-07-1019]. Washington. D.C.: September 7, 2007. Information Security: Despite Reported Progress, Federal Agencies Need to Address Persistent Weaknesses. [hyperlink, http://www.gao.gov/products/GAO-07-837]. Washington, D.C.: July 27, 2007. [End of Highlights for Protecting the Federal Government’s Information Systems and the Nation’s Critical Infrastructures] High-Risk Series: Implementing and Transforming the Department of Homeland Security: GAO Highlights: For additional information about this high-risk area, contact Cathleen Berrick at (202) 512-3404 or berrickc@gao.gov. Why Area is High Risk: GAO designated implementing and transforming the Department of Homeland Security (DHS) as high risk in 2003 because DHS had to transform 22 agencies—several with major management challenges—into one department, and failure to effectively address its management challenges and program risks could have serious consequences for our national security. The areas GAO identified as at risk included planning and priority setting; accountability and oversight; and a broad array of management, programmatic, and partnering challenges. Continued oversight and monitoring of DHS’s transformation efforts are particularly important in light of the transition to a new Congress and administration. What GAO Found: Although DHS has made progress in transforming into a fully functioning department, this transformation remains high risk because DHS has not yet developed a comprehensive plan to address the transformation, integration, management and mission challenges GAO identified since 2003. With an annual budget of more than $40 billion—including billions in acquisitions, research and development, and grants to states and localities—the department’s successful transformation is critical to achieving its mission. DHS has developed an Integrated Strategy for High Risk Management that outlines the department’s process for, among other things, assessing risks and proposing initiatives to address challenges, but the strategy lacks details for the transformation of DHS and integration of its management functions. DHS has also developed corrective action plans to address management challenges that contain several of the key elements GAO has identified for a corrective action plan, including defining the root causes of problems, identifying initiatives to address the causes and setting milestones for completion, and designating high-level officials to be responsible for implementing the plans. However, the plans generally do not contain measures to gauge performance and progress, nor do they identify the resources needed to carry out the corrective actions identified. Furthermore, in some cases, required elements need to be strengthened or clarified, including more directly linking planned initiatives to root causes and milestones. DHS has developed a framework to monitor the implementation of its corrective action plans, but has just begun to demonstrate progress in implementing corrective actions. Since GAO’s 2007 update, DHS has made progress in strengthening its management functions, but more work remains for DHS to integrate these functions. DHS has reduced financial internal control weaknesses, but has not yet integrated its financial management systems. DHS has also taken action to organize the acquisition function and develop clear acquisition policies and processes, but needs to begin implementing these policies and continue to develop its acquisition workforce. DHS has heavily invested in information technology, but has not institutionalized related management controls, such as more disciplined program and information security management. DHS has worked to implement its human capital system, but has faced challenges in implementing a market-based and more performance-oriented pay system. DHS has generally made more progress in implementing its mission activities than its management functions, reflecting an initial focus on efforts to secure the homeland. DHS has improved its performance goals and measures and strengthened its risk management activities in its mission areas. DHS has strengthened partnerships to prepare for and respond to disasters and secure transportation and other critical infrastructure sectors. However, DHS can improve implementation of mission activities, including further clarifying roles and responsibilities for emergency preparedness and response, implementing controls to screen individuals and cargo, and enhancing partnerships to secure critical infrastructure, among other areas. What Remains to Be Done: GAO’s prior work on mergers and transformations concluded that successful transformations of large organizations, even those faced with less strenuous reorganizations than DHS, can take years to achieve. For DHS to successfully transform into a more effective organization, it needs to (1) revise its Integrated Strategy for High Risk Management and related corrective action plans to better define root causes, include the resources required to implement corrective actions, and identify key performance measures to gauge progress; and (2) continue to identify, refine, and implement corrective actions to improve management functions—including financial, information technology, human capital, and acquisition—and address programmatic and partnering challenges. For details, visit GAO’s Transition Web site. Related GAO Products for: Implementing and Transforming the Department of Homeland Security: GAO Products Department of Homeland Security: Billions Invested in Major Programs Lack Appropriate Oversight. [hyperlink, http://www.gao.gov/products/GAO-09-29]. Washington, D.C.: November 18, 2008. Government Performance: Lessons Learned for the Next Administration on Using Performance Information to Improve Performance. [hyperlink, http://www.gao.gov/products/GAO-08-1026T]. Washington, D.C.: July 24, 2008. Emergency Management: Observations on DHS's Preparedness for Catastrophic Disasters. [hyperlink, http://www.gao.gov/products/GAO-08-868T]. Washington, D.C.: June 11, 2008. Transportation Security: Efforts to Strengthen Aviation and Surface Transportation Security Continue to Progress, But More Work Remains. [hyperlink, http://www.gao.gov/products/GAO-08-651T]. Washington, D.C.: April 15, 2008. Highlights of a Forum Convened by the Comptroller General of the United States: Strengthening the Use of Risk Management Principles in Homeland Security. [hyperlink, http://www.gao.gov/products/GAO-08-627SP]. Washington, D.C.: April 15, 2008. Department of Homeland Security: Progress Report on Implementation of Mission and Management Functions. [hyperlink, http://www.gao.gov/products/GAO-07-454]. Washington, D.C.: August 17, 2007. Homeland Security: DHS Enterprise Architecture Continues to Evolve, but Improvements Needed. [hyperlink, http://www.gao.gov/products/GAO-07-564]. Washington, D.C.: May 9, 2007. Homeland Security: Departmentwide Integrated Financial Management Systems Remain a Challenge. [hyperlink, http://www.gao.gov/products/GAO-07-536]. Washington, D.C.: June 21, 2007. GAO’s Congressional and Presidential Transition Web Site: For additional information on issues facing the Department of Homeland Security, visit GAO’s Web site on the 2009 congressional and presidential transition: [hyperlink, http://www.gao.gov/transition_2009/agency/dhs/]. DHS Products: DHS Office of the Inspector General. Major Management Challenges Facing the Department of Homeland Security. OIG-09-08. Washington, D.C.: November 2008. [End of Highlights for Implementing and Transforming the Department of Homeland Security] High-Risk Series: Establishing Effective Mechanisms for Sharing Terrorism-Related Information to Protect the Homeland: GAO Highlights: For additional information about this high-risk area, contact Eileen Regen Larence at (202) 512-6510 or larencee@gao.gov. Why Area Is High Risk: In January 2005, GAO designated terrorism-related information sharing as high risk because the government faced serious challenges in analyzing key information and disseminating it among federal, state, local, and private partners in a timely, accurate, and useful way. GAO and the Office of Management and Budget (OMB) have since monitored efforts to provide a plan, commitment, and measures to ensure needed sharing is achieved. The federal government has devised improvement plans, is making financial commitments, and is developing performance measures but needs a better road map and system of accountability to ensure the needed sharing is achieved. As a result, this area remains high risk. What GAO Found: More than 7 years after 9/11, federal, state, local, and private partners are sharing more terrorism-related information in new ways across new channels. But Congress and the new administration will need to be vigilant to ensure commitment for integrating and institutionalizing these changes, holding agencies accountable for results, and maintaining momentum. Agencies are now collaborating on an overarching Information Sharing Environment (ISE)—described as an approach for the sharing of terrorism-related information—by following an implementation plan, establishing a governance structure and interagency working groups, and making annual funding commitments. Agencies also completed several steps, including issuing standards to guide technology and sharing, as well as a new policy that provides for a more consistent way to handle and protect sensitive information—removing a barrier to sharing that GAO had previously identified. Putting in place guidance, training, and internal controls for the new policy will help to ensure that information is not overly restricted. In addition, agencies created a new group whose task is to obtain federal consensus on how valid and reliable terrorist threat information is before it is shared with state and local partners, although it was too early to judge the group’s sustainability and success. Furthermore, agencies now have one consolidated list of individuals who may pose terrorist threats for screening travelers at ports of entry and for other purposes. However, GAO found that agencies had not developed an updated screening strategy and investment plan, which in turn could help to address potential screening vulnerabilities and interagency conflicts GAO identified. Overall, agencies are making progress on the ISE but still face some challenging implementation steps. Specifically, GAO found that the scope, projects, and milestones—the road map—for guiding the future ISE were not fully defined and, along with OMB, observed that the expected results and metrics—the system of accountability—to ensure progress were not in place. The Departments of Homeland Security (DHS) and Justice (DOJ)—key ISE agencies—are taking their own steps to improve sharing. DHS is implementing an information sharing policy and governance structure to improve how it collects, analyzes, and shares homeland security information across the department and with state and local partners—although GAO found that DHS had not fully defined requirements or ways to better manage risks for the next version of its Homeland Security Information Network, a key vehicle for sharing. In addition, DHS paired with DOJ to provide guidance, funds, people, information, and technical support to state and local fusion centers, which the government plans to link into a national ISE network. GAO’s work showed that centers vary widely in maturity and capabilities but face some common challenges—information overload; analyst recruitment, training, and retention; and especially long-term sustainability. A recent law frees up federal grants to help sustain personnel, but the government has not defined and articulated the extent to which it will help sustain centers long term. What Remains to Be Done: GAO recommended that agencies provide a better road map and system of accountability to guide overall information sharing initiatives, as well as ways to enhance individual efforts, including: (1) providing guidance, training, and internal controls for protecting yet sharing sensitive information; (2) updating the interagency strategy and investment plan for sharing terrorist information used to screen for threats; (3) fully defining requirements and better managing risks for the update to DHS’s key information sharing network; and (4) defining and articulating the government’s role in sustaining state and local information sharing (fusion) centers. Related GAO Products for: Establishing Effective Mechanisms for Sharing Terrorism-Related Information to Protect the Homeland: Information Technology: Management Improvements Needed on the Department of Homeland Security’s Next Generation Information Sharing System. [hyperlink, http://www.gao.gov/products/GAO-09-40]. Washington, D.C.: October 8, 2008. Information Sharing: Definition of the Results to Be Achieved in Terrorism-Related Information Sharing Is Needed to Guide Implementation and Assess Progress. [hyperlink, http://www.gao.gov/products/GAO-08-637T]. Washington, D.C.: July 23, 2008. Information Sharing Environment: Definition of the Results to Be Achieved in Improving Terrorism-Related Information Sharing Is Needed to Guide Implementation and Assess Progress. [hyperlink, http://www.gao.gov/products/GAO-08-492]. Washington, D.C.: June 25, 2008. Homeland Security: Federal Efforts Are Helping to Address Some Challenges Faced by State and Local Fusion Centers. [hyperlink, http://www.gao.gov/products/GAO-08-636T]. Washington, D.C.: April 17, 2008. Transportation Security Administration’s Processes for Designating and Releasing Sensitive Security Information. [hyperlink, http://www.gao.gov/products/GAO-08-232R]. Washington, D.C.: November 30, 2007. Terrorist Watch List Screening: Recommendations to Promote a Comprehensive and Coordinated Approach to Terrorist-Related Screening. [hyperlink, http://www.gao.gov/products/GAO-08-253T]. Washington, D.C.: November 8, 2007. Homeland Security: Federal Efforts Are Helping to Alleviate Some Challenges Encountered by State and Local Information Fusion Centers. [hyperlink, http://www.gao.gov/products/GAO-08-35]. Washington, D.C.: October 30, 2007. Terrorist Watch List Screening: Opportunities Exist to Enhance Management Oversight, Reduce Vulnerabilities in Agency Screening Processes, and Expand Use of the List. [hyperlink, http://www.gao.gov/products/GAO-08-110]. Washington, D.C.: October 11, 2007. Information Technology: Numerous Federal Networks Used to Support Homeland Security Need to Be Better Coordinated with Key State and Local Information-Sharing Initiatives. [hyperlink, http://www.gao.gov/products/GAO-07-455]. Washington, D.C.: April 16, 2007. Managing Sensitive Information: DOJ Needs a More Complete Staffing Strategy for Managing Classified Information and a Set of Internal Controls for Other Sensitive Information. [hyperlink, http://www.gao.gov/products/GAO-07-83]. Washington, D.C.: October 20, 2006. [End of Highlights for Establishing Effective Mechanisms for Sharing Terrorism-Related Information to Protect the Homeland] High-Risk Series: Department of Defense Approach to Business Transformation: GAO Highlights: For additional information about this high-risk area, contact Sharon Pickup (202) 512-9619 or pickups@gao.gov. Why Area Is High Risk: GAO identified the Department of Defense’s (DOD) approach to business transformation as a high-risk area in 2005 because (1) DOD’s business improvement efforts and control over resources were fragmented, (2) DOD lacked an integrated and enterprisewide transformation plan and investment strategy, and (3) DOD had not designated a senior management official at an appropriate level with the authority to be responsible and accountable for enterprisewide business transformation. To illustrate the magnitude of the risk DOD faces with its business transformation efforts, DOD bears sole responsibility for eight defense- specific high-risk areas and shares responsibility for seven other high- risk areas—all of which are related to business operations. What GAO Found: DOD spends billions of dollars to sustain key business operations intended to support the warfighter, including systems and processes related to the management of contracts, finances, the supply chain, support infrastructure, and weapon systems acquisition. Long-standing weaknesses in these areas, as well as the lack of sustained leadership and a comprehensive, integrated, and enterprisewide business transformation plan, adversely affect DOD’s efficiency and effectiveness, and have resulted in a lack of adequate accountability. As a result, DOD continues to waste billions of dollars annually that could be freed up for higher-priority needs. DOD’s senior leadership has shown a commitment to transforming business operations and taken steps to strengthen its management approach. In May 2007, the Secretary of Defense designated the Deputy Secretary of Defense as DOD’s Chief Management Officer (CMO). The National Defense Authorization Act for Fiscal Year 2008 codified the CMO position, created a Deputy CMO (DCMO), directed that CMO duties be assigned to the Under Secretary of each military department, and required DOD to develop a strategic management plan for business operations. In 2008, DOD issued its first plan, and directives outlining broad CMO and DCMO roles and responsibilities, established a DCMO office, and named an Assistant DCMO. Prior to these actions, DOD had established various governance entities, such as the Defense Business Systems Management Committee, which is intended to serve as the primary transformation leadership and oversight mechanism, and the Business Transformation Agency to support the committee. DOD has taken some positive steps, but still lacks some critical elements that are needed to ensure successful and sustainable transformation efforts. As currently defined, the DCMO position appears to be advisory. Specifically, the DCMO assists the CMO, but the position has not been assigned clear decision-making authority or accountability for results. DOD also has yet to clearly define the relationship between the DCMO and military department CMOs or the unique and shared responsibilities of various governance entities, such as identifying how they would manage and integrate transformation efforts. Finally, DOD’s first strategic plan lacks basic information such as identifying specific business areas, and key elements, such as goals, objectives, and performance measures. Because of the complexity and long-term nature of DOD’s business transformation efforts, GAO has reported the need for the CMO to be a separate position with significant authority, experience and a term. As DOD continues to develop its approach, GAO remains open to the possibility of further progress. However, because of the roles and responsibilities currently assigned to key positions, it is still unclear that DOD will be able to provide the long-term sustained leadership needed to address significant challenges in its business operations. What Remains to Be Done: DOD still needs to clearly establish the roles and responsibilities, as well as relationships, among various business-related positions and governance entities. DOD also needs to develop a clear, comprehensive, integrated, enterprisewide business transformation plan, supported by a strategic planning process that addresses all of DOD’s major business areas and includes specific goals, measures, and accountability mechanisms to measure progress. GAO continues to believe that Congress should consider modifying existing legislation to establish the CMO position as a separate, full-time position with sufficient authority and an appropriate term to sustain progress across administrations. Related GAO Products for: Department of Defense Approach to Business Transformation: Defense Business Transformation: Sustaining Progress Requires Continuity of Leadership and an Integrated Approach. [hyperlink, http://www.gao.gov/products/GAO-08-462T]. Washington, D.C.: February 7, 2008. Organizational Transformation: Implementing Chief Operating Officer/Chief Management Officer Positions in Federal Agencies. [hyperlink, http://www.gao.gov/products/GAO-08-322T]. Washington, D.C.: December 13, 2007. Organizational Transformation: Implementing Chief Operating Officer/Chief Management Officer Positions in Federal Agencies. [hyperlink, http://www.gao.gov/products/GAO-08-34]. Washington, D.C.: November 1, 2007. Defense Business Transformation: Achieving Success Requires a Chief Management Officer to Provide Focus and Sustained Leadership. [hyperlink, http://www.gao.gov/products/GAO-07-1072]. Washington, D.C.: September 5, 2007. High-Risk Series: An Update. [hyperlink, http://www.gao.gov/products/GAO-07-310]. Washington, D.C.: January 2007. Defense Business Transformation: A Comprehensive Plan, Integrated Efforts, and Sustained Leadership Are Needed to Assure Success. [hyperlink, http://www.gao.gov/products/GAO-07-229T. Washington, D.C.: November 16, 2006. Defense Transformation: Accountability Challenges. [hyperlink, http://www.gao.gov/products/GAO-06-1083CG]. Washington, D.C.: August 22, 2006. Department of Defense: Sustained Leadership Is Critical to Effective Financial and Business Management Transformation. [hyperlink, http://www.gao.gov/products/GAO-06-1006T]. Washington, D.C.: August 3, 2006. Business Systems Modernization: DOD Continues to Improve Institutional Approach, but Further Steps Needed. [hyperlink, http://www.gao.gov/products/GAO-06-658]. Washington, D.C.: May 15, 2006. GAO High-Risk Program. [hyperlink, http://www.gao.gov/products/GAO-06-497T]. Washington, D.C.: March 15, 2006. [End of Highlights for Department of Defense Approach to Business Transformation] High-Risk Series Department of Defense Business Systems Modernization: GAO Highlights: For additional information about this high-risk area, contact Randolph C. Hite at (202) 512-3439 or hiter@gao.gov. Why Area Is High Rick: The Department of Defense (DOD) is spending billions of dollars each year to acquire modern business systems that are fundamental to achieving DOD’s business transformation goals. While the department’s capability and performance relative to business systems modernization has improved, significant challenges remain. As a result, DOD as a whole is not yet well-positioned to effectively and efficiently manage an undertaking with the size, complexity, and significance of its business systems modernization. GAO first designated this program as high risk in 1995; it remains so today. What GAO Found: DOD is one of the largest and most complex organizations in the world, reportedly relying on approximately 3,000 business systems to support its business operations. For years, the department has attempted to modernize these systems and GAO has provided numerous recommendations to help it do so. For example, since2001,GAO has provided a series of recommendations relative to developing and using a business enterprise architecture (BEA) and establishing effective investment management controls to guide and constrain its business systems. GAO also made recommendations aimed at ensuring that DOD follows best practices when acquiring information technology (IT) systems and services. To its credit, the department has made some progress, particularly in the last 4 years. For example, at the institutional level, the latest versions of its corporate BEA and enterprise transition plan (ETP) continue to add important elements related to legislative provisions and best practices. In addition, DOD has begun to define and implement improved investment controls, such as the Business Capability Lifecycle, to streamline business system capability definition, acquisition, and investment oversight processes. However, more needs to be done. Consistent with GAO’s recommendations, DOD needs to further define and consistently implement fundamental business systems modernization management controls (both institutional and program specific). For example, it still needs to extend (federate) its corporate BEA to its component organizations; ensure that its business system investments are defined and implemented within the context of its federated BEA; evolve its corporate and component business system investment management processes; and ensure these processes are institutionalized at all levels of the organization. Beyond this, formidable challenges remain relative to ensuring that the thousands of DOD business system modernization and IT services programs and projects employ program management rigor and discipline. In this regard, GAO’s work has continued to show program-specific management weaknesses, including not economically justifying investments on the basis of reliable estimates of future costs and benefits; not pursuing investments within the context of an enterprise architecture; and not conducting key acquisition functions, such as requirements management, risk management, test management, performance management, and contract management. Until DOD fully defines and consistently implements the full range of business systems modernization management controls (institutional and program-specific), it will be not be able to adequately ensure that its IT investments are the right solutions for addressing its business needs, that they are being managed to produce expected capabilities efficiently and cost effectively, and that business stakeholders are satisfied. What Remains to Be Done: Key aspects of DOD’s business systems modernization effort still need to be strengthened. At the institutional level, the subsidiary architectures for component organizations still need to be further developed and aligned with the overall corporate architecture to provide a federated BEA, business system investments need to be defined and implemented within the context of its federated BEA, and both the corporate and component investment management processes need to be better defined and institutionalized. Further, DOD needs to ensure that its business system investments are managed with the kind of acquisition management rigor and discipline that is embodied in relevant guidance and best practices so that each investment will deliver promised benefits and capabilities on time and within budget. Related GAO Products for: Department of Defense Business Systems Modernization: DOD Business Systems Modernization: Key Navy Programs’ Compliance with DOD’s Federated Business Enterprise Architecture Needs to Be Adequately Demonstrated. [hyperlink, http://www.gao.gov/products/GAO-08-972]. Washington, D.C.: August 7, 2008. DOD Business Systems Modernization: Key Marine Corps System Acquisition Needs to Be Better Justified, Defined, and Managed. [hyperlink, http://www.gao.gov/products/GAO-08-822]. Washington, D.C.: July 28, 2008. DOD Business Systems Modernization: Important Management Controls Being Implemented on Major Navy Program, but Improvements Needed in Key Areas. [hyperlink, http://www.gao.gov/products/GAO-08-896]. Washington, D.C.: September 8, 2008. DOD Business Systems Modernization: Progress in Establishing Corporate Management Controls Needs to Be Replicated within Military Departments. [hyperlink, http://www.gao.gov/products/GAO-08-705]. Washington, D.C.: May 15, 2008. DOD Business Systems Modernization: Military Departments Need to Strengthen Management of Enterprise Architecture Programs. [hyperlink, http://www.gao.gov/products/GAO-08-519]. Washington, D.C.: May 12, 2008. Business Systems Modernization: Air Force Needs to Fully Define Policies and Procedures for Institutionally Managing Investments. [hyperlink, http://www.gao.gov/products/GAO-08-52]. Washington, D.C.: October 31, 2007. Business Systems Modernization: Department of the Navy Needs to Establish Management Structure and Fully Define Policies and Procedures for Institutionally Managing Investments. [hyperlink, http://www.gao.gov/products/GAO-08-53]. Washington, D.C.: October 31, 2007. DOD Business Systems Modernization: Progress Continues to Be Made in Establishing Corporate Management Controls, but Further Steps Are Needed. [hyperlink, http://www.gao.gov/products/GAO-07-733]. Washington, D.C.: May 14, 2007. Business Systems Modernization: Strategy for Evolving DOD’s Business Enterprise Architecture Offers a Conceptual Approach, but Execution Details Are Needed. [hyperlink, http://www.gao.gov/products/GAO-07-451]. Washington, D.C.: April 16, 2007. [End of Highlights for Department of Defense Business Systems Modernization] High-Risk Series: Department of Defense Personnel Security Clearance Program: GAO Highlights: For additional information about this high-risk area, contact Brenda S. Farrell at (202) 512-3604 or farrellb@gao.gov. Why Area Is High Rick: In fiscal year 2008, the Department of Defense (DOD), which grants the vast majority of clearances across the government, approved about 630,000 initial and renewal personnel security clearances for DOD’s military and civilian personnel and industry personnel working on DOD contracts. Clearances give individuals access to information that, if improperly disclosed, could in some cases cause exceptionally grave damage to national security. Since 2005, the Office of Management and Budget (OMB) has been responsible for implementing policy relating to eligibility for access to classified information and for reporting annually to Congress on progress in the clearance process. The Office of Personnel Management (OPM) conducts most of DOD’s clearance investigations, and DOD adjudicators use these to make clearance eligibility decisions. GAO placed DOD’s personnel security clearance program on its high-risk list in 2005 and continued that designation in 2007 because of problems such as processing delays and incomplete documentation. What GAO Found: While many clearances continue to experience delays and challenges remain in the completeness of clearance documentation, OMB,DOD, and OPM have made significant progress and are meeting statutory requirements for initial clearances. In 2007, GAO reported that a sample of initial clearances for DOD industry personnel took an average of 325 days to complete. The Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004 currently requires that a determination be made on 80 percent of initial clearances within an average of 120 days. In December2008,GAO reported that a sample of initial DOD clearances completed in fiscal year 2008 took an average of 87 days. However, DOD and OMB officials have noted that the existing clearance process is not likely to allow DOD and other agencies to meet the December 2009 timeliness requirements in IRTPA, under which the executive branch is required to implement a plan requiring agencies, to the extent practical, to make a determination on 90 percent of initial personnel security clearances within 60 days, on average. To meet these more demanding timeliness requirements and other goals set by IRTPA—such as requiring reciprocity of clearances and establishing an integrated database to track clearance information—the executive branch established a Joint Reform Team, consisting of OMB,DOD, OPM, and the Office of the Director of National Intelligence, in June 2007 to reform the security clearance process for DOD and other agencies. The Joint Reform Team issued a reform implementation plan to the President in December 2008 to guide future reform efforts. The plan identifies a number of issues, including timeliness and quality of the process as well as aspects of reciprocity, that are consistent with some of the best practices and key factors GAO has identified as instrumental to the security clearance reform efforts. Specifically, GAO has reported that reform efforts could benefit by establishing a coherent mission and integrating strategic goals, among other best practices. In addition, GAO has identified four key factors to be considered.First, a sound requirements process is important because requesting clearances for positions where they are not needed or requesting higher-level clearances when a lower-level would be sufficient increases unnecessary costs and workload. Second, building quality throughout DOD’s process could promote positive outcomes, such as facilitating reciprocity with other agencies. For example, in December 2008GAO estimated that 87 percent (95 percent confidence level, +/- 9 percent)of investigative reports for DOD personnel adjudicated in July 2008 were missing required documentation. Third, while DOD and other agency efforts to monitor the clearance process have emphasized timeliness, additional metrics can provide a more complete picture of the process. GAO has highlighted various metrics (e.g., completeness of investigative reports, and staffs’ and customers’ perceptions of the process) that could add value to monitoring the process. Fourth, providing Congress with the long-term funding requirements to implement reform efforts would enable more-informed congressional oversight. For the recent progress of the reform efforts to be successful, it is important that momentum be sustained. What Remains to Be Done: In July 2008, GAO noted that ongoing efforts to reform the personnel security clearance process should follow best practices such as having a coherent mission and integrated strategic goals. GAO has also identified the following four key factors: a sound requirements process; quality throughout the process; metrics to assess all aspects of the process; and identification of the long-term funding requirements necessary for reform. Related GAO Products for: Department of Defense Personnel Security Clearance Program: DOD Personnel Clearances: Preliminary Observations about Timeliness and Quality. [hyperlink, http://www.gao.gov/products/GAO-09-261R]. Washington, D.C.: December 19, 2008. Personnel Security Clearances: Preliminary Observations on Joint Reform Efforts to Improve the Governmentwide Clearance Eligibility Process. [hyperlink, http://www.gao.gov/products/GAO-08-1050T]. Washington, D.C.: July 30, 2008. Personnel Clearances: Questions for the Record Regarding Security Clearance Reform. [hyperlink, http://www.gao.gov/products/GAO-08-965R]. Washington, D.C.: July 14, 2008. Personnel Clearances: Key Factors for Reforming the Security Clearance Process. [hyperlink, http://www.gao.gov/products/GAO-08-776T]. Washington, D.C.: May 22, 2008. Employee Security: Implementation of Identification Cards and DOD’s Personnel Security Clearance Program Need Improvement. [hyperlink, http://www.gao.gov/products/GAO-08-551T]. Washington, D.C.: April 9, 2008. DOD Personnel Clearances: Questions for the Record Related to the Quality and Timeliness of Clearances. [hyperlink, http://www.gao.gov/products/GAO-08-580R]. Washington, D.C.: March 25, 2008. Personnel Clearances: Key Factors to Consider in Efforts to Reform Security Clearance Processes. [hyperlink, http://www.gao.gov/products/GAO-08-352T]. Washington, D.C.: February 27, 2008. DOD Personnel Clearances: DOD Faces Multiple Challenges in Its Efforts to Improve Clearance Processes for Industry Personnel. [hyperlink, http://www.gao.gov/products/GAO-08-470T]. Washington, D.C.: Feb. 13, 2008. DOD Personnel Clearances: Improved Annual Reporting Would Enable More Informed Congressional Oversight. [hyperlink, http://www.gao.gov/products/GAO-08-350]. Washington, D.C.: February 13, 2008. DOD Personnel Clearances: Delays and Inadequate Documentation Found for Industry Personnel. [hyperlink, http://www.gao.gov/products/GAO-07-842T]. Washington, D.C.: May 17, 2007. [End of Highlights for Department of Defense Personnel Security Clearance Program] High-Risk Series: Department of Defense Support Infrastructure Management: GAO Highlights: For additional information about this high-risk area, contact Brian J. Lepore at (202) 512-4523 or leporeb@gao.gov. Why Area Is High Risk: The Department of Defense (DOD) owns and operates about 577,000 buildings and other structures worldwide—including training facilities, office space, military hospitals, and equipment maintenance depots—worth a replacement value of about $712 billion. This infrastructure is critical to maintaining military readiness, and the cost to build and maintain it represents a significant financial commitment. GAO has reported on long-term challenges DOD faces in managing its portfolio of facilities and reducing unneeded infrastructure while providing facilities needed to support several simultaneous force structure initiatives and adapting to encroachment pressures affecting its training ranges. GAO first designated this area high risk in 1997, and it remains so today. What GAO Found: Although DOD has made progress in managing its support infrastructure in recent years, a number of challenges remain and opportunities exist for DOD to further improve management of its infrastructure. Through four rounds of domestic base realignments and closures (BRAC) beginning in 1988,DOD has realigned and reduced unneeded infrastructure, thus freeing up resources for other needs, and it is continuing similar efforts with the implementation of the BRAC 2005 round. DOD is also restructuring infrastructure support for its global defense posture realignment and is consolidating many of its overseas bases and repositioning others to better meet national security objectives. Further, DOD has revised its strategic plan to better address infrastructure issues, revised its readiness reporting to better gauge facility conditions, and has developed analytical tools to better forecast infrastructure funding needs. Also, through its environmental stewardship efforts, DOD has increased populations of some endangered species on DOD property while meeting its training needs. DOD has also made progress in achieving efficiencies and quality of life improvements through the privatization of military family housing and is expanding these efforts to other facilities such as barracks. In a 2008 report, GAO noted that the military services had not met all of DOD’s goals for funding facility maintenance and recapitalization to prevent deterioration and ensure that facilities are restored and modernized. Officials stated that sustainment resources were limited and programs such as force modernization often have higher funding priority. Moreover, DOD continues to lack common standards and metrics across the military services for installation support services, creating difficulties in establishing a consistent basis for making funding decisions. DOD infrastructure growth due to overseas rebasing, Army modularity, and planned increases in Army and Marine Corps force structure has presented the department with additional challenges to providing timely new or renovated facilities to accommodate large personnel increases at many of its installations, and many projects are facing significantly increased costs. A rapid return of forces from overseas operations to the United States would compound the problem. Further,DOD now estimates that its costs to implement the BRAC 2005 recommendations have risen to $32 billion—over 50 percent higher than the BRAC Commission’s $21 billion estimate, and estimated net annual savings have decreased. Moreover,GAO has reported that DOD has not yet fully addressed funding, operational, and local infrastructure challenges associated with the military buildup on Guam. In many cases, DOD’s need for permanent infrastructure has been lagging behind operational demands, and DOD has had to resort to temporary facilities to meet immediate needs. Further, the Army has forecast a 4.5 million- acre training land shortfall by 2013 and is proposing additional land purchases, yet the Army lacks a current strategic plan to acquire land. Finally, GAO has noted that DOD still lacks the ability to relate changes in reported unit readiness to limitations on the use of military lands, marine areas, and airspace due to the increasing encroachment of residential, commercial, and industrial development on training areas. What Remains to Be Done: To improve support infrastructure management, DOD needs to address outstanding GAO concerns and achieve significant progress toward resolution. For example, DOD needs to adequately fund maintenance of its infrastructure in order to avoid costlier long term repairs later, develop common installation support service standards and metrics to better guide funding decisions, commit to periodically updating BRAC savings estimates, overcome challenges to providing timely facilities for mission and quality of life needs at growing installations, and exercise high-level leadership for providing coordinated federal assistance to communities affected by emerging DOD growth. Related GAO Products for: Department of Defense Support Infrastructure Management: Defense Infrastructure: Opportunity to Improve the Timeliness of Future Overseas Master Plans and Factors Affecting the Master Planning Effort for the Military Buildup on Guam. [hyperlink, http://www.gao.gov/products/GAO-08-1005]. Washington, D.C.: September 17, 2008. Defense Infrastructure: High-Level Leadership Needed to Help Communities Address Challenges Caused by DOD-Related Growth. [hyperlink, http://www.gao.gov/products/GAO-08-665]. Washington, D.C.: June 17, 2008. Defense Infrastructure: Planning Efforts for the Proposed Military Buildup on Guam Are in Their Initial Stages, with Many Challenges Yet to Be Addressed. [hyperlink, http://www.gao.gov/products/GAO-08-722T]. Washington, D.C. May 1, 2008. Defense Infrastructure: Continued Management Attention Is Needed to Support Installation Facilities and Operations. [hyperlink, http://www.gao.gov/products/GAO-08-852]. Washington, D.C.: April 24, 2008. Military Training: Compliance with Environmental Laws Affects Some Training Activities, but DOD has not Made a Sound Business Case for Additional Environmental Exemptions. [hyperlink, http://www.gao.gov/products/GAO-08-407]. Washington, D.C.: March 7, 2008. Military Base Realignments and Closures: Cost Estimates Have Increased and Are Likely to Continue to Evolve. [hyperlink, http://www.gao.gov/products/GAO-08-159]. Washington, D.C.: December 11, 2007. Improvements Continue in DOD’s Reporting on Sustainable Ranges, but Opportunities Exist to Improve Its Range Assessments and Comprehensive Plan. [hyperlink, http://www.gao.gov/products/GAO-08-10R]. Washington, D.C.: Oct. 11, 2007. Defense Infrastructure: Challenges Increase Risks for Providing Timely Infrastructure Support for Army Installations Expecting Substantial Personnel Growth. [hyperlink, http://www.gao.gov/products/GAO-07-1007]. Washington, D.C.: September 13, 2007. Defense Management: Comprehensive Strategy and Annual Reporting Are Needed to Measure Progress and Costs of DOD’s Global Posture Restructuring. [hyperlink, http://www.gao.gov/products/GAO-06-852]. Washington, D.C.: September 13, 2006. Military Bases: Analysis of DOD’s 2005 Selection Process and Recommendations for Base Closures and Realignments. [hyperlink, http://www.gao.gov/products/GAO-05-785]. Washington, D.C.: July 1, 2005. Defense Infrastructure: Issues Need to Be Addressed in Managing and Funding Base Operations and Facilities Support. [hyperlink, http://www.gao.gov/products/GAO-05-556]. Washington, D.C.: June 15, 2005. [End of Highlights for Department of Defense Support Infrastructure Management] High-Risk Series: Department of Defense Financial Management: GAO Highlights: For additional information about this high-risk area, contact Paula Rascona at (202) 512-9095 or rasconap@gao.gov. Why Area Is High Risk: The Department of Defense (DOD) is a massive and complex organization. Efficient and effective management and accountability of DOD’s hundreds of billions of dollars of resources require timely, reliable, and useful information. However, DOD’s pervasive financial and related business management and system deficiencies continue to adversely affect its ability to control costs; ensure basic accountability; anticipate future costs and claims on the budget; measure performance; maintain funds control; prevent and detect fraud, waste, and abuse; and address pressing management issues. GAO first designated DOD financial management as high risk in 1995. What GAO Found: Weaknesses in DOD’s financial management adversely affect not only the reliability of reported financial data, but also the efficiency and effectiveness of its business operations. Transforming DOD's financial management operations to provide timely, reliable, accurate, and useful information for management operations, including financial reporting and decision making, is a significant challenge. To date, the U.S. Army Corps of Engineers, Civil Works has achieved a clean audit opinion on its financial statements. However, none of the military services have received favorable financial statement audit opinions, and the department has annually acknowledged that long-standing pervasive weaknesses in its business systems, processes, and controls have prevented auditors from determining the reliability of reported financial statement information. Over the years, the department has initiated numerous efforts intended to improve its financial management practices. However, DOD has not yet addressed many of the underlying impediments to obtaining and sustaining reliable financial information. In response to a congressional mandate to assist DOD in addressing its financial management challenges, the department issued its Financial Improvement and Audit Readiness Plan in December 2005, which it updates twice a year, to outline its strategy for addressing DOD's financial management challenges and achieving clean audit opinions. Further, DOD has taken steps toward developing and implementing a framework for addressing the department’s long- standing financial management weaknesses and improving its capability to provide timely, reliable, and relevant financial information for decision making and reporting, a key defense transformation priority. This framework includes the following: * Standard Financial Information Structure (SFIS), which is intended to provide a standard financial management data structure and uniformity throughout DOD in reporting on the results of operations; and; * Business Enterprise Information System (BEIS), which is intended to provide standard financial reporting, cash reporting, and reconciliation capabilities DOD-wide by facilitating the conversion of financial information from a component's data structure into the SFIS format within BEIS. DOD’s efforts to develop and implement SFIS and BEIS should help to improve the consistency and comparability of the department’s financial information and reporting; however, a great deal of work remains before the financial management capabilities of DOD and its components' transformation efforts achieve financial visibility. Examples of work remaining include enhancing data integrity; improvements to current policies, processes, procedures, and controls; and implementation of fully integrated systems. What Remains to Be Done: GAO has made numerous recommendations intended to improve DOD’s financial management. Key to successful transformation of DOD’s financial management operations will be the development and sustained implementation of a comprehensive and integrated financial management transformation strategy, within an overall business transformation strategy, to guide financial management improvement efforts; prioritize initiatives and resources; and monitor progress through the establishment and utilization of cascading performance goals, objectives, and metrics. Related GAO Products for: Department of Defense Financial Management: DOD Financial Management: Improvements Are Needed in Antideficiency Act Controls and Investigations. [hyperlink, http://www.gao.gov/products/GAO-08-1063]. Washington, D.C.: September 26, 2008. DOD Business Transformation: Air Force's Current Approach Increases Risk That Asset Visibility Goals and Transformation Priorities Will Not Be Achieved. [hyperlink, http://www.gao.gov/products/GAO-08-866]. Washington, D.C.: August 8, 2008. Fiscal Year 2007 U.S. Government Financial Statements: Sustained Improvement in Financial Management Is Crucial to Improving Accountability and Addressing the Long-Term Fiscal Challenge. [hyperlink, http://www.gao.gov/products/GAO-08-926T]. Washington, D.C.: June 26, 2008. Defense Business Transformation: Sustaining Progress Requires Continuity of Leadership and an Integrated Approach. [hyperlink, http://www.gao.gov/products/GAO-08-462T]. Washington, D.C.: February 7, 2008. Defense Business Transformation: A Full-time Chief Management Officer with a Term Appointment Is Needed at DOD to Maintain Continuity of Effort and Achieve Sustainable Success. [hyperlink, http://www.gao.gov/products/GAO-08-132T]. Washington, D.C.: October 16, 2007. DOD Business Transformation: Lack of an Integrated Strategy Puts the Army’s Asset Visibility System Investments at Risk. [hyperlink, http://www.gao.gov/products/GAO-07-860]. Washington, D.C.: July 27, 2007. [End of Highlights for Department of Defense Financial Management] High-Risk Series: Department of Defense Supply Chain Management: GAO Highlights: For additional information about this high-risk area, contact William M. Solis at (202) 512-8365 or solisw@gao.gov. Why Area Is High Risk: Supply chain management has been on GAO’s high-risk list since 1990 as a result of weaknesses in the Department of Defense’s (DOD) management of supply inventories and responsiveness to warfighter requirements. Supply chain management is the operation of a continuous and comprehensive logistics process, from initial customer order for material or services to the ultimate satisfaction of the customer’s requirements. DOD’s goal is to provide effective and efficient supply chain management—in short, to deliver “the right items to the right place at the right time.” According to DOD, it spent approximately $178 billion on its supply chain in fiscal year 2007. It is imperative that DOD and its components provide effective supply support to deploy and sustain military forces and be good stewards of the resources that have been invested. What GAO Found: DOD faces a number of supply chain management challenges in supporting the deployment and sustainment of military forces. Although DOD has taken positive steps to implement initiatives, such as consolidating certain inventories in regional hubs and improving transportation management of military freight, GAO has identified problems related to the effectiveness and efficiency of DOD supply chain management. For example, the military services continue to have billions of dollars worth of spare parts that are excess to current requirements. A major cause for these excess inventories is weakness in demand forecasting. Moreover, GAO noted a lack of metrics and targets focusing on the cost efficiency of inventory management. In addition, DOD has not instituted a coordinated management approach to improving distribution and supply support for joint military operations, and it faces challenges in achieving widespread implementation of key technologies aimed at improving asset visibility. GAO also found that DOD, as it looks ahead to drawing down its forces from Iraq, lacks a unified or coordinated command structure to plan for the management and execution of the return of material and equipment from Iraq, worth approximately $16.5 billion. DOD has recognized the need for a comprehensive, integrated strategy for transforming logistics and in July 2008 released its Logistics Roadmap with the intent to provide a more coherent and authoritative framework for logistics improvement efforts, including supply chain management. However, GAO found that the road map lacked key information needed for it to be a more useful tool for DOD senior leaders. Specifically, the road map did not identify the scope of DOD’s logistics problems or gaps in logistics capabilities, it lacked outcome-based performance measures to track progress toward reaching its goals and objectives, and it lacked a clear mechanism for accountability and integration with existing logistics decision-making processes. DOD officials said they plan to remedy some of these weaknesses in their follow-on efforts to update the road map in 2009. Until these missing elements are addressed, the road map is likely to be of limited use to senior DOD decision makers as they seek to improve supply chain management. Some of DOD’s supply chain management problems are exacerbated by the diffuse organization of DOD’s logistics operations, including separate funding and management of resources and systems. In September 2008, DOD formalized its policy to use capability portfolio management to advise senior decision makers on how to optimize capability investments across joint logistics, among other areas. While it remains to be seen to what extent and how this policy will be implemented, it could potentially help to address some of the governance challenges DOD faces improving its supply chain management operations. What Remains to Be Done: To successfully resolve supply chain management problems, DOD needs to sustain top leadership commitment and long-term institutional support for the Logistics Roadmap, obtain necessary commitments for its initiatives from the military services and other DOD components, make substantial progress in implementing improvement initiatives and programs across the department, and demonstrate progress in achieving the objectives in the road map. DOD also should make the necessary changes to ensure that the road map provides a comprehensive, integrated strategy for guiding supply chain management improvement efforts. Related GAO Products for: Department of Defense Supply Chain Management: Defense Logistics: Lack of Key Information May Impede DOD’s Ability to Improve Supply Chain Management. [hyperlink, http://www.gao.gov/products/GAO-09-150]. Washington, D.C.: January 12, 2009. Defense Inventory: Army Needs to Evaluate Impact of Recent Actions to Improve Demand Forecasts for Spare Parts. [hyperlink, http://www.gao.gov/products/GAO-09-199]. Washington, D.C.: January 12, 2009. Defense Inventory: Management Actions Needed to Improve the Cost Efficiency of the Navy’s Spare Parts Inventory. [hyperlink, http://www.gao.gov/products/GAO-09-103]. Washington, D.C.: December 12, 2008. Operation Iraqi Freedom: Actions Needed to Enhance DOD Planning for Reposturing of U.S. Forces from Iraq. [hyperlink, http://www.gao.gov/products/GAO-08-930]. Washington, D.C.: September 10, 2008. Defense Logistics: Army Has Not Fully Planned or Budgeted for the Reconstitution of Its Afloat Prepositioned Stocks. [hyperlink, http://www.gao.gov/products/GAO-08-257R]. Washington, D.C.: February 8, 2008. DOD’s High-Risk Areas: Efforts to Improve Supply Chain Can Be Enhanced by Linkage to Outcomes, Progress in Transforming Business Operations, and Reexamination of Logistics Governance and Strategy. [hyperlink, http://www.gao.gov/products/GAO-07-1064T]. Washington, D.C.: July 10, 2007. Defense Logistics: Efforts to Improve Distribution and Supply Support for Joint Military Operations Could Benefit from a Coordinated Management Approach. [hyperlink, http://www.gao.gov/products/GAO-07-807]. Washington, D.C.: June 29, 2007. Defense Transformation: DOD Has Taken Actions to Incorporate Lessons Learned in Transforming Its Freight Distribution System. [hyperlink, http://www.gao.gov/products/GAO-07-675R]. Washington, D.C.: May 8, 2007. Defense Inventory: Opportunities Exist to Save Billions by Reducing Air Force's Unneeded Spare Parts Inventory. [hyperlink, http://www.gao.gov/products/GAO-07-232]. Washington, D.C.: April 27, 2007. Defense Inventory: Opportunities Exist to Improve the Management of DOD's Acquisition Lead Times for Spare Parts. [hyperlink, http://www.gao.gov/products/GAO-07-281]. Washington, D.C.: March 2, 2007. [End of Highlights for Department of Defense Supply Chain Management] High-Risk Series: Department of Defense Weapon Systems Acquisition: GAO Highlights: For additional information about this high-risk area, contact Katherine V. Schinasi at (202) 512-4841 or schinasik@gao.gov. Why Area Is High Risk: Investment in weapon acquisition programs is now at its highest level in two decades. The Department of Defense (DOD) expects to invest more than $357 billion over the next 5 years on the development and procurement of major defense acquisition programs. At the same time, these programs continue to take longer, cost more, and deliver fewer quantities and capabilities than originally planned. Given the size of this investment, poor outcomes in DOD’s weapon system programs reverberate across the federal government. GAO has designated DOD’s management of weapon systems acquisition a high-risk area since 1990. What GAO Found: DOD is not receiving expected returns on its investment in weapon systems. Since fiscal year 2000, DOD significantly increased the number of major defense acquisition programs and its overall investment in them; however, acquisition outcomes are still poor. The total acquisition cost of DOD’s 2007 portfolio of major programs under development or in production has grown by $295 billion over initial estimates, and these programs are experiencing, on average, a 21-month delay in delivering initial capabilities to the warfighter. As program costs increase, DOD must request more funding to cover the overruns, make trade-offs with existing programs, delay the start of new programs, or take funds from other accounts. Delays in providing capabilities to the warfighter result in the need to operate costly legacy systems longer than expected, find alternatives to fill capability gaps, or go without the capability. GAO’s work has highlighted a number of systemic causes for cost growth and schedule delays both at the strategic and program levels. At the strategic level, DOD’s processes for identifying warfighter needs, allocating resources, and developing and procuring weapon systems—which together define DOD’s overall weapon system investment strategy—are fragmented and broken. At the program level, the military services propose and DOD approves programs without adequate knowledge about requirements and the resources needed to execute the program within cost, schedule, and performance targets. Recent congressionally mandated changes to the DOD acquisition system, as well as initiatives being pursued by DOD, could begin to improve weapon program outcomes. Congress has enacted legislation that requires DOD to certify that programs meet specific criteria at key decision points; report on its strategies for balancing funding and other resources among major defense acquisition programs; identify strategies for enhancing the role of program managers in carrying out acquisition programs; and establish review boards to monitor configuration changes. DOD’s initiatives include a new concept decision review and a requirement for more prototyping early in programs, both of which are designed to enable key department leaders to make informed decisions before a program starts. Table: Analysis of DOD Major Defense Acquisition Program Portfolio (fiscal year 2008 dollars): Portfolio status: Number of programs; Fiscal year 2007 portfolio: 95. Portfolio status: Change to total research and development costs from first estimate; Fiscal year 2007 portfolio: 40 percent. Portfolio status: Change in total acquisition cost from first estimate; Fiscal year 2007 portfolio: 26 percent. Portfolio status: Estimated total acquisition cost growth from first estimate; Fiscal year 2007 portfolio: $295 billion. Portfolio status: Share of programs with 25 percent or more increase in program acquisition unit cost; Fiscal year 2007 portfolio: 44 percent. Portfolio status: Average schedule delay in delivering initial capabilities; Fiscal year 2007 portfolio: 21 months. Source: GAO analysis of DOD data. [End of table] What Remains to Be Done: DOD has begun several initiatives that could provide a foundation for establishing a well-balanced investment strategy and sound major weapon system acquisition programs. However, DOD must take additional actions to reinforce the initiatives in practice, including: * making better decisions about which programs should be pursued or not pursued given existing and expected funding; * developing an analytical approach to better prioritize capability needs; * requiring new programs to have manageable development cycles; * requiring programs to establish knowledge-based cost and schedule estimates; and; * requiring contractors to perform detailed systems engineering analysis before proceeding to system development. Related GAO Products for: Department of Defense Weapon Systems Acquisition: Defense Acquisitions: Fundamental Changes Are Needed to Improve Weapon Program Outcomes. [hyperlink, http://www.gao.gov/products/GAO-08-1159T]. Washington, D.C.: September 25, 2008. Defense Acquisitions: Assessments of Selected Weapon Programs. [hyperlink, http://www.gao.gov/products/GAO-08-467SP]. Washington, D.C.: March 31, 2008. Best Practices: Defense Acquisitions: A Knowledge-Based Funding Approach Could Improve Major Weapon System Program Outcomes. [hyperlink, http://www.gao.gov/products/GAO-08-619]. Washington, D.C.: July 2, 2008. Best Practices: Increased Focus on Requirements and Oversight Needed to Improve DOD’s Acquisition Environment and Weapon System Quality. [hyperlink, http://www.gao.gov/products/GAO-08-294]. Washington, D.C.: February 1, 2008. Space Acquisitions: Actions Needed to Expand and Sustain Use of Best Practices. [hyperlink, http://www.gao.gov/products/GAO-07-730T]. Washington, D.C.: April 19, 2007. Investment Strategy: Defense Acquisitions: DOD’s Requirements Determination Process Has Not Been Effective in Prioritizing Joint Capabilities. [hyperlink, http://www.gao.gov/products/GAO-08-1060]. Washington, D.C.: September 25, 2008. Tactical Aircraft: DOD Needs a Joint and Integrated Investment Strategy. [hyperlink, http://www.gao.gov/products/GAO-07-415]. Washington, D.C.: April 2, 2007. Best Practices: An Integrated Portfolio Management Approach to Weapon System Investments Could Improve DOD’s Acquisition Outcomes. [hyperlink, http://www.gao.gov/products/GAO-07-388]. Washington, D.C.: March 30, 2007. Weapon System Reviews: Defense Acquisitions: Cost to Deliver Zumwalt-Class Destroyers Likely to Exceed Budget. [hyperlink, http://www.gao.gov/products/GAO-08-804]. Washington, D.C.: July 31, 2008. Defense Acquisitions: Progress Made in Fielding Missile Defense, but Program Is Short of Meeting Goals. [hyperlink, http://www.gao.gov/products/GAO-08-448]. Washington, D.C.: March 14, 2008. Joint Strike Fighter: Recent Decisions by DOD Add to Program Risks. [hyperlink, http://www.gao.gov/products/GAO-08-388]. Washington, D.C.: March 11, 2008. Defense Acquisitions: 2009 Is a Critical Juncture for the Army’s Future Combat System. [hyperlink, http://www.gao.gov/products/GAO-08-408]. Washington, D.C.: March 7, 2008. [End of Highlights for Department of Defense Weapon Systems Acquisition] High-Risk Series Funding the Nation’s Surface Transportation System: GAO Highlights: For additional information about this high-risk area, contact Katherine Siggerud at (202) 512-2834 or siggerudk@gao.gov. Why Area Is High Risk: The nation’s economic vitality and its citizens’ quality of life depend significantly on the efficiency of its surface transportation infrastructure. Increasingly, however,congestion is threatening the efficiency of the infrastructure. The federal government, as well as state and local governments, faces challenges in providing funds to maintain and expand the nation’s surface transportation system. Over the long term, the federal government’s fiscal imbalance, as well as the fiscal stress faced by state and local governments, will constrain resources available for investment in infrastructure. The federal government will be further challenged to determine the appropriate federal role in financing these investments and in ensuring that federal funds are used efficiently. What GAO Found: The cost to repair and upgrade the nation’s surface transportation system so that it can safely and reliably meet current and future demands is estimated in the hundreds of billions of dollars, and calls have been made to significantly increase federal investment in the system. However, the large increases in expenditures for surface transportation in recent years have not commensurately improved the performance of the system because many current surface transportation programs are not effective at addressing key challenges, federal goals are numerous and sometimes conflicting, roles are unclear, programs lack links to the performance of the transportation system or of the grantees, and programs in some areas do not use the best tools and approaches to ensure effective investment decisions. Highways and transit. Revenues to support the Highway Trust Fund—the major source of federal highway and transit funding—are eroding. Receipts for the fund are derived from motor fuel and truck-related taxes and are declining in purchasing power because the federal motor fuel tax rate has not been increased since 1993. Furthermore, as vehicles become more fuel efficient and increasingly run on alternative fuels, fuel taxes may not be a sustainable source of transportation financing. In the near term, expenditures now exceed revenues for the fund, and, to prevent a funding shortfall, Congress recently transferred $8 billion from the general fund of the Treasury to the fund. Without major changes to current funding or spending levels, deficits will continue to occur. Intercity passenger rail. The financial condition of Amtrak is poor. The recently enacted Passenger Rail Investment and Improvement Act of 2008 authorizes significant federal funds for the system through 2013 to, among other things, address operating costs and deferred maintenance of physical assets. GAO has found that subsidies provided to Amtrak are not targeted to the greatest public benefits, such as transportation congestion relief. Although the act requires new or improved metrics and minimum standards for measuring performance and service quality, as well as development of an improvement plan for Amtrak’s long-distance routes, it is too early to tell whether these will better target federal subsidies toward the greatest public benefits. Freight rail. The freight railroad industry is projected to grow substantially, but the ability of private railroads to fund the capacity needed to meet this projected growth is uncertain. Increasingly, the potential public benefits of rail projects, such as reductions in highway congestion, have led the federal and state governments to invest public funds in freight rail projects. Decision makers will continue to be challenged in making both passenger and freight rail investments that reflect public priorities and maximize public benefits. What Remains to Be Done: To improve the effectiveness of the federal investment in surface transportation, meet the nation’s transportation needs, and ensure a sustainable commitment to transportation infrastructure, GAO has called for a fundamental re-examination of the nation’s surface transportation policies. The federal approach to surface transportation should be restructured based on the following principles: (1) ensuring goals are well-defined and focused on the federal interest, (2) ensuring the federal role in achieving each goal is clearly defined, (3) ensuring accountability for results by entities receiving federal funds, (4) using the best tools and approaches to emphasize return on targeted federal investment, and (5) ensuring fiscal sustainability. Related GAO Products for: Funding the Nation’s Surface Transportation System: Surface Transportation: Principles Can Guide Efforts to Restructure and Fund Federal Programs. [hyperlink, http://www.gao.gov/products/GAO-08-744T]. Washington, D.C.: July 10, 2008. Physical Infrastructure: Challenges and Investment Options for the Nation’s Infrastructure. [hyperlink, http://www.gao.gov/products/GAO-08-763T]. Washington, D.C.: May 8, 2008. Surface Transportation: Restructured Federal Approach Needed for More Focused, Performance-Based, and Sustainable Programs. [hyperlink, http://www.gao.gov/products/GAO-08-400]. Washington, D.C.: March 6, 2008. Highway Public-Private Partnerships: More Rigorous Up-front Analysis Could Better Secure Potential Benefits and Protect the Public Interest. [hyperlink, http://www.gao.gov/products/GAO-08-44]. Washington, D.C.: February 8, 2008. Freight Transportation: National Policy and Strategies Can Help Improve Freight Mobility. [hyperlink, http://www.gao.gov/products/GAO-08-287]. Washington, D.C.: January 7, 2008. Intercity Passenger Rail: National Policy and Strategies Needed to Maximize Public Benefits from Federal Expenditures. [hyperlink, http://www.gao.gov/products/GAO-07-15]. Washington, D.C.: November 13, 2006. Freight Railroads: Industry Health Has Improved, but Concerns about Competition and Capacity Should Be Addressed. [hyperlink, http://www.gao.gov/products/GAO-07-94]. Washington, D.C.: October 6, 2006. Highway Finance: States’ Expanding Use of Tolling Illustrates Diverse Challenges and Strategies. [hyperlink, http://www.gao.gov/products/GAO-06-554]. Washington, D.C.: June 28, 2006. Highway Trust Fund: Overview of Highway Trust Fund Estimates. [hyperlink, http://www.gao.gov/products/GAO-06-572T]. Washington, D.C.: April 4, 2006. Freight Transportation: Short Sea Shipping Option Shows Importance of Systematic Approach to Public Investment Decisions. [hyperlink, http://www.gao.gov/products/GAO-05-768]. Washington, D.C.: July 29, 2005. Highlights of an Expert Panel: The Benefits and Costs of Highway and Transit Investments. [hyperlink, http://www.gao.gov/products/GAO-05-423SP]. Washington, D.C.: May 6, 2005. Highway and Transit Investments: Options for Improving Information on Projects’ Benefits and Costs and Increasing Accountability for Results. [hyperlink, http://www.gao.gov/products/GAO-05-172]. Washington, D.C.: January 24, 2005. [End of Highlights for Funding the Nation’s Surface Transportation System] High-Risk Series: Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests: GAO Highlights: For additional information about this high-risk area, contact Ann Calvaresi Barr at (202) 512-4841 or calvaresibarra@gao.gov. Why Area Is High Risk: The Department of Defense annually spends billions of dollars to develop and produce advanced weaponry. At the same time, the U.S. government approves selling these weapons and defense-related technologies overseas for foreign policy, security, and economic reasons. These weapons and technologies are often targets for theft, espionage, reverse engineering, and illegal export. The U.S. government has a number of programs to identify and protect critical technologies consistent with U.S. interests. These include the export control systems for defense-related and dual-use items, the foreign military sales program, and reviews of foreign investments in U.S. companies. In 2007, GAO designated ensuring the effective protection of technologies critical to U.S. national security interests as a high-risk area. What GAO Found: Over the years, GAO has identified weaknesses in the effectiveness and efficiency of government programs designed to protect critical technologies while advancing U.S. interests. Since this area was designated high risk in 2007, the agencies responsible for administering these programs, including the Departments of Commerce, Defense, Justice, State and the Treasury, have made improvements in several areas. However, vulnerabilities continue to exist, and agencies have yet to take action to address GAO’s major underlying concern, which is the need for a fundamental re-examination of current government programs to determine how they can collectively achieve their mission and to evaluate the need for alternative approaches. As seen in the following examples, agencies have made progress in improving their individual programs for protecting critical technologies. * State is analyzing its export license process and restructuring its workforce to reduce processing times and decrease open cases. * Justice established a task force with other agencies responsible for enforcing export controls to address overlapping jurisdiction for investigating potential violations and poor interagency coordination. * The Committee on Foreign Investment in the U.S. expanded the factors to be considered in evaluating the national security effects of foreign acquisitions of U.S. companies. Recent GAO work has identified other agency actions needed, including: * Enforcement agencies need to improve data collection processes for their nuclear counterproliferation efforts. * Defense and State need to resolve disagreements on export control exemption use and guidelines. * Commerce needs to develop procedures and negotiate access for conducting on-site reviews for dual-use items transferred to China as part of its validated end-user program. While actions at the agency level can improve processes in performing their individual responsibilities, these improvements do not respond to GAO’s underlying concern that the programs need to work as a system. The executive branch has neither re-examined these programs to determine if they are collectively effective nor evaluated alternative approaches. While recent agency actions improve the likelihood of agencies meeting their individual responsibilities, the effectiveness of the existing system depends on their working collectively. In discussions with the Office of Management and Budget on governmentwide actions to address this high-risk area, GAO was informed that conducting a fundamental reexamination of programs for protecting critical technologies would fall under the purview of the National Security Council. To date, the National Security Council has not responded to GAO’s requests to discuss any planned actions. What Remains to Be Done: To ensure the collective effectiveness of programs to identify and protect critical technologies, the executive and legislative branches need to conduct a fundamental reexamination of the current programs and evaluate the potential of alternative approaches. This re-examination could yield proposed legislative changes that could provide a comprehensive framework with clear responsibilities and accountability. Related GAO Products for: Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests: Export Controls: Challenges with Commerce’s Validated-End User Program May Limit Its Ability to Ensure That Semiconductor Equipment Exported to China Is Used as Intended. [hyperlink, http://www.gao.gov/products/GAO-08-1095]. Washington, D.C.: September 25, 2008. Department of Defense: Observations on the National Industrial Security Program. [hyperlink, http://www.gao.gov/products/GAO-08-695T]. Washington, D.C.: April 16, 2008. Foreign Investment: Laws and Policies Regulating Foreign Investment in 10 Countries. [hyperlink, http://www.gao.gov/products/GAO-08-320]. Washington, D.C.: February 28, 2008. Defense Acquisitions: Departmentwide Direction Is Needed for Implementation of the Anti-tamper Policy. [hyperlink, http://www.gao.gov/products/GAO-08-91]. Washington, D.C.: January 11, 2008. Defense Trade: State Department Needs to Conduct Assessments to Identify and Address Inefficiencies and Challenges in the Arms Export Process. [hyperlink, http://www.gao.gov/products/GAO-08-89]. Washington, D.C.: November 30, 2007. Nonproliferation: U.S. Efforts to Combat Nuclear Networks Need Better Data on Proliferation Risks and Program Results. [hyperlink, http://www.gao.gov/products/GAO-08-21]. Washington, D.C.: October 31, 2007. Defense Trade: Clarification and More Comprehensive Oversight of Export Exemptions Certified by DOD Are Needed. [hyperlink, http://www.gao.gov/products/GAO-07-1103]. Washington, D.C.: September 19, 2007. Export Controls: Vulnerabilities and Inefficiencies Undermine System’s Ability to Protect U.S. Interests. [hyperlink, http://www.gao.gov/products/GAO-07-1135T]. Washington, D.C.: July 26, 2007. Defense Trade: National Security Reviews of Foreign Acquisitions of U.S. Companies Could Be Improved. [hyperlink, http://www.gao.gov/products/GAO-07-661T]. Washington, D.C.: March 23, 2007. [End of Highlights for Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests] High-Risk Series: Revamping Federal Oversight of Food Safety: GAO Highlights: For additional information about this high-risk area, contact Lisa Shames at (202) 512-2649 or shamesl@gao.gov. Why Area Is High Risk: In 2007, GAO added the federal oversight of food safety to GAO’s high- risk list because 15 agencies collectively administer at least 30 food- related laws. Since then, the largest food-borne outbreak in the last 10 years was linked to Salmonella in fresh produce. Also, high levels of imported foods underscore the urgency to revamp this system. About 15 percent of the overall U.S. food supply is imported, as is about 60 percent of fresh fruits and vegetables and over 80 percent of seafood. In addition, more of the population—including older adults, children, immune-compromised individuals, and pregnant women—is increasingly susceptible to food-borne illnesses. What GAO Found: Federal oversight of food safety is becoming more fragmented. The U.S. Department of Agriculture (USDA) is responsible for all meat and poultry and the Food and Drug Administration (FDA) for nearly all other foods, including seafood. However, the 2008 Farm Bill assigned USDA oversight responsibility for catfish, thus splitting up the seafood oversight. Also, USDA must inspect all meat and poultry prepared for commerce. In contrast, FDA’s inspections have been sporadic; FDA conducted 96 inspections in 11 countries in fiscal year 2007, down from 211 inspections in 26 countries in 2001. GAO has reported that this fragmented federal oversight of food safety has caused inconsistent oversight, ineffective coordination, and inefficient use of resources. Over 70 percent of processed foods contain ingredients from genetically engineered crops. However,USDA, FDA, and the Environmental Protection Agency do not have a coordinated strategy for monitoring and evaluating the use of marketed genetically engineered crops to determine whether they are causing food safety concerns, such as the unintentional introduction of pharmaceutical or industrial compounds into the food supply. Federal expenditures on food safety are not based on the volume of foods regulated by the agencies or consumed by the public. FDA is responsible for about 80 percent of the food supply and yet accounts for about 24 percent of expenditures. FDA reported that limited resources challenge its efforts to carry out its responsibilities. GAO found that FDA has little assurance that companies comply with food-labeling laws and regulations. In addition, while FDA has considered fresh produce safety a priority for many years, unplanned events like food-borne outbreaks have caused FDA to provide limited oversight of domestic and imported fresh produce as well as delay key safety actions, such as updating regulations and guidance. FDA’s Food Protection Plan proposed positive first steps, such as stating its intent to request authority to order food recalls and issue preventive controls. However,GAO expressed concerns about the lack of more specific information on strategies and resources as well as FDA’s capacity to implement the plan. On the other hand, USDA is responsible for regulating about 20 percent of the food supply and accounts for the majority of expenditures. Still, staffing declined from its highest level in 1995. Vacancy rates in some areas were as high as 22 percent in 2008. Officials reported this decline is due to fewer facilities and risk-based efforts to reduce food contamination. Although the number of recalls dropped, the quantity of meat and poultry recalled has increased sharply. Selected countries’ food safety systems can offer insights into overseeing our food safety challenges. These systems focus on the entire food supply chain, from “farm to table”; place primary responsibility for safety on producers; separate risk assessment and risk management; conduct risk-based inspections; and take steps to ensure certain food imports meet equivalent safety standards. What Remains to Be Done: GAO recommends that the President in the short term reconvene the President’s Council on Food Safety and in the long term consider alternative structures for the oversight of food safety. The executive branch should develop a results-oriented governmentwide performance plan to help ensure agencies’ goals are complementary and to help decision makers balance trade-offs when resource allocation and restructuring decisions are made. Congress should consider commissioning the National Academy of Sciences or a blue ribbon panel to conduct a detailed analysis of alternative food safety organizational structures and enact comprehensive, uniform, and risk-based food safety legislation. Related GAO Products for: Revamping Federal Oversight of Food Safety: Genetically Engineered Crops: Agencies Are Proposing Changes to Improve Oversight, but Could Take Additional Steps to Enhance Coordination and Monitoring. [hyperlink, http://www.gao.gov/products/GAO-09-60]. Washington, D.C.: November 5, 2008. Food Safety: Improvements Needed in FDA Oversight of Fresh Produce. [hyperlink, http://www.gao.gov/products/GAO-08-1047]. Washington, D.C.: September 26, 2008. Food Labeling: FDA Needs to Better Leverage Resources, Improve Oversight, and Effectively Use Available Data to Help Consumers Select Healthy Foods. [hyperlink, http://www.gao.gov/products/GAO-08-597]. Washington, D.C.: September 9, 2008. Federal Oversight of Food Safety: FDA Has Provided Few Details on the Resources and Strategies Needed to Implement Its Food Protection Plan. [hyperlink, http://www.gao.gov/products/GAO-08-909T]. Washington, D.C.: June 12, 2008. Food Safety: Selected Countries’ Systems Can Offer Insights into Ensuring Import Safety and Responding to Foodborne Illness. [hyperlink, http://www.gao.gov/products/GAO-08-794]. Washington, D.C.: June 10, 2008. Humane Methods of Handling and Slaughter: Public Reporting on Violations Can Identify Enforcement Challenges and Enhance Transparency. [hyperlink, http://www.gao.gov/products/GAO-08-686T]. Washington, D.C.: April 17, 2008. Federal Oversight of Food Safety: FDA’s Food Protection Plan Proposes Positive First Steps, but Capacity to Carry Them Out Is Critical. [hyperlink, http://www.gao.gov/products/GAO-08-435T]. Washington, D.C.: January 29, 2008. Agricultural Quarantine Inspection Program: Management Problems May Increase Vulnerability to Foreign Pests and Diseases. [hyperlink, http://www.gao.gov/products/GAO-08-96T]. Washington, D.C.: October 3, 2007. National Animal Identification System: USDA Needs to Resolve Several Key Implementation Issues to Achieve Rapid and Effective Disease Traceback. [hyperlink, http://www.gao.gov/products/GAO-07-592]. Washington, D.C.: July 6, 2007. Federal Oversight of Food Safety: High-Risk Designation Can Bring Attention to Limitations in the Government’s Food Recall Programs. [hyperlink, http://www.gao.gov/products/GAO-07-785T]. Washington, D.C.: April 24, 2007. [End of Highlights for Revamping Federal Oversight of Food Safety] High-Risk Series: Department of Defense Contract Management: GAO Highlights: For additional information about this high-risk area, contact John Hutton at (202) 512-4841 or huttonj@gao.gov. Why Area Is High Risk: The Department of Defense (DOD) obligated more than $315 billion on contracts for goods and services in fiscal year 2007, more than double the amount it spent 6 years ago. At times, however, DOD’s acquisitions have not resulted in the desired outcomes. The lack of well-defined requirements, the use of ill-suited business arrangements, and the lack of an adequate number of trained acquisition and contract oversight personnel contribute to unmet expectations and continue to place the department at risk of potentially paying more than necessary. GAO designated DOD contract management as a high-risk area in 1992. What GAO Found: DOD relies heavily on contractors to provide services to help meet critical missions and support acquisition functions. In November 2006, GAO reported that DOD’s approach to managing services acquisitions tended to be reactive and did not position DOD to determine whether services acquisitions were achieving desired outcomes. DOD has efforts under way to improve its management of major services acquisitions, including establishing criteria to assess proposed acquisitions and developing a capability to conduct independent management reviews, but these efforts are relatively new. DOD’s reliance on contractors presents several broader management challenges, including determining which functions and activities should be contracted out; developing a total workforce strategy to address the appropriate mix, roles, and responsibilities of contractor, civilian, and military personnel; and ensuring appropriate oversight, including addressing risks, ethics concerns, and surveillance needs. Such issues take on heightened significance in Iraq and Afghanistan, where DOD estimated that more than 230,000 contractor personnel were engaged as of October 2008. DOD continues to face challenges in employing sound business arrangements. In June 2007, GAO reported on DOD’s use of time-and- materials contracts and on undefinitized contract actions, two arrangements for which DOD obligated billions of dollars but which can pose risk if not effectively managed. For example, time-and-materials contracts can be awarded quickly and adjusted when requirements or funding are uncertain, but GAO found few attempts to convert follow-on work to less risky contract types and wide discrepancies in DOD’s oversight. GAO also found that DOD personnel failed to definitize—or reach final agreement on—contract terms within required time frames in 60 percent of the 77 contracts GAO reviewed. Until contracts are definitized, DOD bears increased risk because contractors have little incentive to control costs. For example, GAO reported in July 2007 that DOD had not completed negotiations on certain task orders in Iraq until more than 6 months after the work began and after most of the costs had been incurred, contributing to its decision to pay nearly all of the $221 million questioned by auditors. DOD has issued guidance to address these and other contract management issues. Properly managing the acquisition of goods and services requires a workforce with the right skills and capabilities. DOD reports it has identified the competencies needed by its contracting officers but DOD officials acknowledged that more needs to be done to close skill gaps and to expand efforts to those who perform oversight or other key acquisition roles. DOD also faces challenges in supporting operations in Iraq and Afghanistan. For example, in 2007 an Army-commissioned study concluded the Army lacked the military and civilian acquisition personnel to support expeditionary or peacetime missions. Similarly, in 2008, GAO reported that the lack of qualified personnel hindered oversight of contracts to maintain military equipment in Kuwait and provide linguistic services in Iraq and questioned whether DOD could sustain increased oversight of its private security providers. What Remains to Be Done: To improve outcomes on the billions of dollars DOD spends annually on goods and services, DOD needs to: * adopt a more proactive approach to managing services acquisitions; * assess the risks that its reliance on contractors poses and take action to mitigate such risks; * determine the appropriate mix, roles, and responsibilities of contractor, civilian, and military personnel; * ensure that recent guidance to address contracting weaknesses is consistently reflected in decisions made on individual transactions; and; * ensure that its acquisition workforce is adequately sized, trained, and equipped to meet the department’s needs. DOD has generally agreed with GAO’s recommendations and has efforts under way to implement them. Related GAO Products for: Department of Defense Contract Management: Contract Management: DOD Developed Draft Guidance for Operational Contract Support but Has Not Met All Legislative Requirements. [hyperlink, http://www.gao.gov/products/GAO-09-114R]. Washington, D.C.: November 20, 2008. Contingency Contracting: DOD, State, and USAID Contracts and Contractor Personnel in Iraq and Afghanistan. [hyperlink, http://www.gao.gov/products/GAO-09-19]. Washington, D.C.: October 1, 2008. Military Operations: DOD Needs to Address Contract Oversight and Quality Assurance Issues for Contracts Used to Support Contingency Operations. [hyperlink, http://www.gao.gov/products/GAO-08-1087]. Washington, D.C: September 26, 2008. Rebuilding Iraq: DOD and State Department Have Improved Oversight and Coordination of Private Security Contractors in Iraq, but Further Actions Are Needed to Sustain Improvements. [hyperlink, http://www.gao.gov/products/GAO-08-966]. Washington, D.C.: July 31, 2008. Defense Contracting: Post-Government Employment of Former DOD Officials Needs Greater Transparency. [hyperlink, http://www.gao.gov/products/GAO-08-485]. Washington, D.C.: May 21, 2008. Defense Contracting: Army Case Study Delineates Concerns with Use of Contractors as Contract Specialists. [hyperlink, http://www.gao.gov/products/GAO-08-360]. Washington, D.C.: March 26, 2008. Defense Management: DOD Needs to Reexamine Its Extensive Reliance on Contractors and Continue to Improve Management and Oversight. [hyperlink, http://www.gao.gov/products/GAO-08-572T]. Washington, D.C.: March 11, 2008. Defense Contracting: Additional Personal Conflict of Interest Safeguards Needed for Certain DOD Contractor Employees. [hyperlink, http://www.gao.gov/products/GAO-08-169]. Washington, D.C.: March 7, 2008. Defense Contract Management: DOD's Lack of Adherence to Key Contracting Principles on Iraq Oil Contract Put Government Interests at Risk. [hyperlink, http://www.gao.gov/products/GAO-07-839]. Washington, D.C.: July 31, 2007. Defense Contracting: Improved Insight and Controls Needed over DOD's Time-and-Materials Contracts. [hyperlink, http://www.gao.gov/products/GAO-07-273]. Washington, D.C.: June 29, 2007. Defense Contracting: Use of Undefinitized Contract Actions Understated and Definitization Time Frames Often Not Met. [hyperlink, http://www.gao.gov/products/GAO-07-559]. Washington, D.C.: June 19, 2007. Defense Acquisitions: Tailored Approach Needed to Improve Service Acquisition Outcomes. [hyperlink, http://www.gao.gov/products/GAO-07-20]. Washington, D.C.: November 9, 2006. [End of Highlights for Department of Defense Contract Management] High-Risk Series: Department of Energy’s Contract Management for the National Nuclear Security Administration and Office of Environmental Management: GAO Highlights: For additional information about this high-risk area, contact Patricia A. Dalton at (202) 512-3841 or daltonp@gao.gov. Why Area IS High Risk: GAO designated the Department of Energy’s (DOE) contract management as a high-risk area in 1990. DOE, the largest non-Defense contracting agency in the federal government, relies primarily on contractors to carry out its diverse missions and operate its laboratories and other facilities. About 90 percent of DOE’s annual budget is spent on contracts. Two of DOE’s largest program elements—the National Nuclear Security Administration and Office of Environmental Management—account for about 60 percent of the annual budget. DOE’s record of inadequate management and oversight of its contractors has resulted in the high- risk designation for contract management. What GAO Found: DOE’s contract management, including both contract administration and project management, continues to be at high risk for fraud, waste, abuse, and mismanagement. In January 2007, GAO reported that the department was taking steps to strengthen contract and project management but that performance problems continued on DOE’s major projects, and DOE had yet to do a root-cause analysis to understand the underlying weaknesses. Based on progress over the past 2 years, GAO is narrowing the scope of this high-risk area to focus on the National Nuclear Security Administration (NNSA) and the Office of Environmental Management (EM), although projects across DOE will continue to receive scrutiny. Over the last 2 years, DOE has been working to better understand the underlying weaknesses in its contract and project management and develop appropriate corrective actions to address the weaknesses. As part of the Office of Management and Budget initiative for federal agencies to develop detailed corrective action plans for high-risk areas, DOE obtained input from headquarters and field officials with contract and project management expertise to develop a root-cause analysis of its weaknesses. DOE then used this analysis to develop a corrective action plan and performance measures to assess progress. Further, GAO found that in the Office of Science—DOE’s third-largest program element—more than two-thirds of the 42 projects completed or under way from fiscal years 2003 through 2007 were completed or were being carried out within original cost and schedule targets. GAO found that the factors contributing to this performance were fundamental to effective project management, including leadership commitment, appropriate management and technical expertise, and disciplined and rigorous implementation of project management policies. Two major program elements within DOE—NNSA and EM—account for the majority of DOE’s budget and continue to experience significant problems. Specifically, GAO found that for 12 major construction projects with total costs of about $27 billion—10 of which were NNSA or EM projects—9 exceeded original cost or schedule estimates, principally because of ineffective DOE project oversight and poor contractor management. Cost increases on these projects ranged from $79 million to $7.9 billion, with schedule delays ranging from 9 months to more than 11 years. In addition, neither NNSA nor EM consistently applied project management policies. Effective contract and project management will remain critical over the coming decades as NNSA embarks on a major initiative to modernize the nation’s aging nuclear weapons production facilities costing tens of billions of dollars and EM will spend billions of dollars to build facilities to treat and dispose of millions of gallons of radioactive waste. What Remains to Be Done: DOE needs to ensure that it has the needed people and resources in place to solve problems and that its solutions are independently validated for their effectiveness and sustainability. GAO has made a series of recommendations to strengthen DOE’s contract management. These recommendations collectively call for DOE to ensure that project management requirements are consistently followed, to improve its oversight of contractors, and to strengthen accountability for performance. DOE generally agreed with the recommendations but in some cases asserted that its ongoing efforts already addressed the recommendations. GAO concluded that further improvements were needed. Related GAO Products for: Department of Energy’s Contract Management for the National Nuclear Security Administration and Office of Environmental Management: Federal Research: Opportunities Exist to Improve the Management and Oversight of Federally Funded Research and Development Centers. [hyperlink, http://www.gao.gov/products/GAO-09-15]. Washington, D.C.: October 8, 2008. Nuclear Waste: Action Needed to Improve Accountability and Management of DOE’s Major Cleanup Projects. [hyperlink, http://www.gao.gov/products/GAO-08-1081]. Washington, D.C.: September 26, 2008. Nuclear Weapons: Views on NNSA’s Proposal to Transform the Nuclear Weapons Complex. [hyperlink, http://www.gao.gov/products/GAO-08-1032T]. Washington, D.C.: July 17, 2008. Nuclear Waste: DOE Lacks Critical Information Needed to Assess Its Tank Management Strategy at Hanford. [hyperlink, http://www.gao.gov/products/GAO-08-793]. Washington, D.C.: June 30, 2008. Department of Energy: Office of Science Has Kept Majority of Projects within Budget and on Schedule, but Funding and Other Challenges May Grow. [hyperlink, http://www.gao.gov/products/GAO-08-641]. Washington, D.C.: May 30, 2008. Nuclear Weapons: NNSA Needs to Establish a Cost and Schedule Baseline for Manufacturing a Critical Nuclear Weapon Component. [hyperlink, http://www.gao.gov/products/GAO-08-593]. Washington, D.C.: May 23, 2008. Hanford Waste Treatment Plant: Department of Energy Needs to Strengthen Controls over Contractor Payments and Project Assets. [hyperlink, http://www.gao.gov/products/GAO-07-888]. Washington, D.C.: July 20, 2007. Nuclear Waste: DOE Should Reassess Whether the Bulk Vitrification Demonstration Project at Its Hanford Site Is Still Needed to Treat Radioactive Waste. [hyperlink, http://www.gao.gov/products/GAO-07-762]. Washington, D.C.: June 12, 2007. Department of Energy: Consistent Application of Requirements Needed to Improve Project Management. [hyperlink, http://www.gao.gov/products/GAO-07-518]. Washington, D.C.: May 11, 2007. Department of Energy: Major Construction Projects Need a Consistent Approach for Assessing Technology Readiness to Help Avoid Cost Increases and Delays. [hyperlink, http://www.gao.gov/products/GAO-07-336]. Washington, D.C.: March 27, 2007. National Nuclear Security Administration: Additional Actions Needed to Improve Management of the Nation’s Nuclear Programs. [hyperlink, http://www.gao.gov/products/GAO-07-36]. Washington, D.C.: January 19, 2007. [End of Highlights for Department of Energy’s Contract Management for the National Nuclear Security Administration and Office of Environmental Management] High-Risk Series: National Aeronautics and Space Administration Acquisition Management: GAO Highlights: For additional information about this high-risk area, contact Cristina T. Chaplain at (202) 512-4841 or chaplainc@gao.gov. Why Area Is High Risk: NASA is in the midst of phasing out the Space Shuttle Program and beginning another major undertaking, the Constellation Program, that will create the next generation of spacecraft for human spaceflight. This effort, expected to ultimately cost nearly $230 billion over several decades, has been launched against a backdrop of acquisition problems in NASA’s major programs. In 1990, GAO designated NASA’s contract management as high risk in view of persistent cost growth and schedule slippage in the majority of its major projects. Since that time, GAO’s high-risk work has focused on identifying a number of causal factors, including antiquated financial management systems, poor cost estimating, and undefinitized contracts. Because cost growth and schedule delays persist, this area—now titled acquisition management because of the scope of issues that need to be resolved—remains high risk. What GAO Found: NASA has made a concerted effort to improve its acquisition management. In 2007, NASA developed a comprehensive plan to address systemic weaknesses related to how it manages its acquisitions. The plan specifically seeks to strengthen program/project management, increase accuracy in cost estimating, facilitate monitoring of contractor cost performance, improve agencywide business processes, and improve financial management. The plan identifies specific actions to be taken in each area and establishes points of accountability and metrics to assess progress. NASA has also acted to reduce acquisition management risks by adopting practices that focus on closing gaps in knowledge about requirements, technologies, funding, time, and other resources before commitments are made to new large-scale programs. In addition, NASA has continued to implement its new enterprisewide financial system. Although NASA has made important advances, it will take several years to fully implement these initiatives and transform the agency into an organization that delivers the kind of analysis and forward-looking information needed to effectively manage its many complex programs. Not only do changes need to take root at the center and project level, but obstacles, such as a lack of accurate historical data on program costs, also will need to be dealt with.Moreover,NASA will be attempting to implement these reforms at a time when the agency will be undergoing a massive transition from a shuttle-based environment to new modes of space transportation. The transition itself will impact a large span of NASA’s workforce and its contractors and could detract attention from acquisition management reforms. However, this transition also provides a good opportunity for NASA to implement its reforms. Further, NASA will likely need to tackle these challenges under an increasingly constrained budget environment—that is, projects will likely get more expensive at a time when there is no guarantee of additional funding as they move forward. More work is necessary to address these challenges and implement NASA’s acquisition improvement plan. Since fiscal year 2006, 10 out of 12, or 83 percent, of all major development projects in implementation exceeded their baseline thresholds. In addition, GAO reported in 2007 that NASA had begun to tackle the most significant management challenges it faced by deploying its integrated financial management program. When NASA completes this project in 2009 it will be a significant accomplishment. What Remains to Be Done: NASA has laid out a broad plan for reducing acquisition risk and taken steps to reflect best practices in policies. Successful implementation of both the plan and revised policies should stem cost growth and schedule slippage. However, to maximize NASA’s investment dollars, implementation needs to be complemented by vigorous executive leadership to foster the expansion of a business-oriented culture and a sustained commitment to identify and take action on projects that are not achieving cost, schedule or performance goals upon which they were based when they were initiated. Related GAO Products for: National Aeronautics and Space Administration Acquisition Management: NASA: Agency Has Taken Steps toward Making Sound Investment Decisions for Ares I but Still Faces Challenging Knowledge Gaps. [hyperlink, http://www.gao.gov/products/GAO-08-51]. Washington, D.C.: October 31, 2007. Business Modernization: NASA Must Consider Agencywide Needs to Reap the Full Benefits of Its Enterprise Management System Modernization Effort. [hyperlink, http://www.gao.gov/products/GAO-07-691]. Washington, D.C.: July 20, 2007. NASA: Sound Management and Oversight Key to Addressing Crew Exploration Vehicle Project Risks. [hyperlink, http://www.gao.gov/products/GAO-06-1127T]. Washington, D.C.: September 28, 2006. NASA Procurement: Use of Award Fees for Achieving Program Outcomes Should Be Improved. [hyperlink, http://www.gao.gov/products/GAO-07-58]. Washington, D.C.: January 17, 2007. Enterprise Architecture: Leadership Remains Key to Establishing and Leveraging Architectures for Organizational Transformation. [hyperlink, http://www.gao.gov/products/GAO-06-831]. Washington, D.C.: August 14, 2006. NASA: Long-Term Commitment to and Investment in Space Exploration Program Requires More Knowledge. [hyperlink, http://www.gao.gov/products/GAO-06-817R]. Washington, D.C.: July 17, 2006. NASA’s James Webb Space Telescope: Knowledge-Based Acquisition Approach Key to Addressing Program Challenges. [hyperlink, http://www.gao.gov/products/GAO-06-634]. Washington, D.C.: July 14, 2006. Financial Management Systems: Additional Efforts Needed to Address Key Causes of Modernization Failures. [hyperlink, http://www.gao.gov/products/GAO-06-184]. Washington, D.C.: March 15, 2006. NASA: Implementing a Knowledge-Based Acquisition Framework Could Lead to Better Investment Decisions and Project Outcomes. [hyperlink, http://www.gao.gov/products/GAO-06-218]. Washington, D.C.: December 21, 2005. [End of Highlights for National Aeronautics and Space Administration Acquisition Management] High-Risk Series: Management of Interagency Contracting: GAO Highlights: For additional information about this high-risk area, contact William T. Woods at (202) 512-8214 or woodsw@gao.gov. Why Area Is High Risk: When used correctly, interagency contracting—a process by which one agency either uses another agency’s contract directly or obtains contracting support services from another agency—can offer improved efficiency in the procurement process at a time when agencies face growing workloads and declines in the acquisition workforce. Though precise numbers are unavailable, agencies spend billions of dollars annually using interagency contracting to acquire goods and services that support a wide variety of activities, ranging from the war in Iraq to installing new computer systems. GAO designated the management of interagency contracting as a high-risk area in 2005, due in part to the need for stronger internal controls, clear definitions of roles and responsibilities, and training to ensure proper use of this contracting method. What GAO Found: The management of interagency contracting continues to evolve and federal agencies have made some progress. In response to congressional direction, agency inspectors general (IG) have reviewed the use of interagency contracting by the Department of Defense (DOD), the largest user of this contracting method. The results have been mixed.For example, the DOD IG found that the Department of the Interior had improved its contracting on behalf of DOD, and restrictions that DOD had placed on the use of Interior’s procurement services were rescinded. In addition, the Department of Veterans Affairs (VA) IG found that internal controls were generally adequate to ensure compliance with DOD procurement requirements when VA activities made purchases on behalf of DOD. The DOD IG found in its own reviews of VA, as well as of several other agencies, however, that DOD policy on the use of non-DOD contracts had not always been implemented properly. In particular, the DOD IG noted the lack of adequate interagency agreements, market research, and clearly delineated roles and responsibilities. Similarly, GAO found that some DOD agencies involved in interagency contracting had failed to comply with requirements for using time-and-materials contracts, an arrangement that is considered to be high risk for the government. In January 2007, the congressionally chartered Acquisition Advisory Panel made numerous recommendations for improving the interagency contracting process, including actions OMB could take to address a lack of consistent governmentwide policy on the creation and continuation of interagency contracts. In response, OMB has taken several steps to address the panel’s recommendations. Additionally, several agencies have ceased the administration of certain interagency contracts. The Department of the Treasury, for example, has decided to discontinue its franchise fund contracting operation because it was not able to provide adequate processes and systems to support its customers. Other agencies, including the Department of Commerce, have shifted responsibility for administration of interagency contracts to the General Services Administration, whose mission is, in part, to support acquisitions by and for other agencies. In June 2008,OMB issued policy guidance, including a model agreement, designed to improve the management and use of interagency contracting. The guidance emphasizes that effective use of interagency contracting is a shared responsibility between customer and servicing agencies. Other agencies also have issued guidance on the use of interagency contracting, but the guidance has not always been implemented properly. For example, GAO found that the manner in which the Department of State had implemented its interagency contracting policy significantly limited the ability of acquisition officials to manage the risks in using interagency contracts. Finally, GAO and others have continued to report that there are still no complete and reliable data on how much is spent governmentwide or the amount of fees paid for the use of interagency contracts. These data are needed to promote the effective use of interagency contracting. What Remains to Be Done: While agencies have taken some action in response to GAO recommendations, these initiatives are still being implemented, and success will require continued management attention. In addition, agencies still need to develop reliable data to track the use and costs of interagency contracting and assess whether they are achieving good outcomes. Agencies also need to implement the Office of Management and Budget’s (OMB) recent guidance intended to help agencies achieve the greatest value possible from interagency contracting. Related GAO Products for: Management of Interagency Contracting: GAO Reports: Interagency Contracting: Need for Improved Information and Policy Implementation at the Department of State. [hyperlink, http://www.gao.gov/products/GAO-08-578]. Washington, D.C.: May 8, 2008. Federal Acquisition: Oversight Plan Needed to Help Implement Acquisition Advisory Panel Recommendations. [hyperlink, http://www.gao.gov/products/GAO-08-160]. Washington, D.C: December 20, 2007. Information Technology: FBI Following a Number of Key Acquisition Practices on New Case Management System but Improvements Still Needed. [hyperlink, http://www.gao.gov/products/GAO-07-912]. Washington, D.C.: July 30, 2007. Defense Contracting: Improved Insight and Controls Needed over DOD’s Time-and-Materials Contracts. [hyperlink, http://www.gao.gov/products/GAO-07-273]. Washington, D.C.: June 29, 2007. Other Reports: DOD Office of Inspector General. Follow-up on DOD Purchases Made Through the Department of the Interior. D-2008-122. Arlington, Va.: August 18, 2008. DOD Office of Inspector General. Report on FY2006 DOD Purchases Made Through the Department of the Treasury. D-2008-050. Arlington, Va.: February 11, 2008. DOD Office of Inspector General. FY2006 DOD Purchases Made Through the U.S. Department of Veterans Affairs. D-2008-036. Arlington, Va.: December 20, 2007. Department of Veterans Affairs Office of Inspector General. Audit of VA Purchases Made on Behalf of the Department of Defense. Report No. 06- 03540-24. Washington, D.C.: November 19, 2007. DOD Office of Inspector General. FY2006 DOD Purchases Made Through the National Institutes of Health. D-2008-022. Arlington, Va.: November 15, 2007. Acquisition Advisory Panel. Report of the Acquisition Advisory Panel to the Office of Federal Procurement Policy and the United States Congress. January 2007. [End of Highlights for Management of Interagency Contracting] High-Risk Series: Enforcement of Tax Laws: GAO Highlights: For additional information about this high-risk area, contact Michael Brostekor James White at (202) 512-9110 or brostekm@gao.gov or whitej@gao.gov. Why Area Is High Risk: Internal Revenue Service (IRS) enforcement of the tax laws is vital—not only to catch tax cheats, but also to promote broader compliance by giving taxpayers confidence that others are paying their fair share. Since 1990 GAO has designated one or more aspects of tax law enforcement as high risk. Since 2001, GAO’s high-risk area has included IRS’s efforts to ensure payment both of unpaid taxes known to IRS and unpaid taxes IRS has not detected. What GAO Found: The amount of taxes that taxpayers should have paid on time but did not was last estimated (for tax year 2001) to be $345 billion, for a tax compliance rate of about 84 percent—a rate that has changed little in 3 decades. After late payments and IRS enforcement actions, the net tax gap estimate was $290 billion. Many experts believe the gap was underestimated in 2001 and has grown larger since then. One area of concern is taxes on international income. GAO’s recent work showed that U.S. multinational corporations are shifting profits to low-tax jurisdictions. IRS has improved enforcement since 2000. Although dipping in 2008 to $56.4 billion, revenue from enforcement actions is up by 67 percent from 2000. While also dipping in 2008, the examination rate is up from recent years. High quality service also can contribute to compliance, especially for those who want to comply. IRS’s toll-free taxpayer service efforts continued to show high ratings in customer satisfaction and answering taxpayers’ tax law questions. One key to reducing the tax gap is adequate information on noncompliance. Commendably, IRS has committed to conducting annual compliance research studies for individual taxpayers and periodic studies on other segments of the taxpaying population. IRS plans to use these study data to update tax gap estimates and revise audit selection criteria. Such studies have contributed to legislative proposals to address specific compliance problems that are estimated to raise tens of billions of dollars in revenue over 10 years. However, IRS needs to build on the tax gap strategy that it developed with the Department of the Treasury and updated in 2007. Among other things, IRS needs to (1) develop a focused strategy to improve compliance by sole proprietor businesses, which are among the most noncompliant taxpayers; (2) maintain its renewed emphasis on studying tax gap components and gain a more in-depth understanding of specific compliance problems and how they might best be addressed; (3) expand the use of return on investment measures included in IRS’s budget for certain new initiatives to best allocate IRS’s limited resources; (4) determine whether additional information reporting, such as the recently passed basis reporting for securities transactions, is possible and whether other steps could be taken to maximize information reporting; and (5) determine whether and how the increase in electronic filing of tax returns can be leveraged to ensure that all information on tax returns can be used to improve service and enforcement. Further, some compliance issues may need to be addressed by legislative actions. GAO’s recent work noted that (1) many noncompliant taxpayers rely on paid preparers, but IRS does not track or regulate preparer performance; (2) some information reporting requirements apply to nonincorporated entities but not to corporations; (3) some rental real estate activity escapes information reporting because it is not considered a trade or business; and (4) IRS has limited time to conduct audits of taxpayers with offshore activity. Because complex laws offer opportunities to hide noncompliance, simplifying the tax code also has the potential to help reduce the tax gap. What Remains to Be Done: For IRS to improve its enforcement of tax laws, specific and targeted approaches are necessary. IRS must: * continue to perform compliance research on a regular basis and use the results to justify resource requests and target scarce enforcement resources, and; * develop service and enforcement corrective measures - both administrative and statutory - that address noncompliance. In addition, IRS should consider prior recommendations from GAO. To assist IRS in reducing the tax gap, Congress should consider whether tax compliance could be improved by regulating or otherwise changing the role of paid preparers, making additional taxpayers subject to information reporting requirements, and granting IRS more time to audit taxpayers with offshore activity. Simplifying the tax code may improve compliance, as well. Related GAO Products for: Enforcement of Tax Laws: Tax Gap: Actions That Could Improve Rental Real Estate Reporting Compliance. [hyperlink, http://www.gao.gov/products/GAO-08-956]. Washington, D.C.: August 28, 2008. Tax Preparers: Oregon's Regulatory Regime May Lead to Improved Federal Tax Return Accuracy and Provides a Possible Model for National Regulation. [hyperlink, http://www.gao.gov/products/GAO-08-781]. Washington, D.C.: August 15, 2008. U.S. Multinational Corporations: Effective Tax Rates Are Correlated with Where Income Is Reported. [hyperlink, http://www.gao.gov/products/GAO-08-950]. Washington, D.C.: August 12, 2008. Internal Revenue Service: Fiscal Year 2009 Budget Request and Interim Performance Results of IRS’s 2008 Tax Filing Season. [hyperlink, http://www.gao.gov/products/GAO-08-567] Washington, D.C.: March 13, 2008. Tax Compliance: Qualified Intermediary Program Provides Some Assurance That Taxes on Foreign Investors Are Withheld and Reported, but Can Be Improved. [hyperlink, http://www.gao.gov/products/GAO-08-99]. Washington, D.C.: December 19, 2007. Tax Administration: 2007 Filing Season Continues Trend of Improvement, but Opportunities to Reduce Costs and Increase Tax Compliance Should Be Evaluated. [hyperlink, http://www.gao.gov/products/GAO-08-38]. Washington, D.C.: November 15, 2007. Tax Gap: A Strategy for Reducing the Gap Should Include Options for Addressing Sole Proprietor Noncompliance. [hyperlink, http://www.gao.gov/products/GAO-07-1014]. Washington, D.C.: July 13, 2007. Internal Revenue Service: Assessment of the 2008 Budget Request and an Update of 2007 Performance. [hyperlink, http://www.gao.gov/products/GAO-07-719T]. Washington, D.C.: May 9, 2007. 2007 Tax Filing Season: Interim Results and Updates of Previous Assessments of Paid Preparers and IRS’s Modernization and Compliance Research Efforts. [hyperlink, http://www.gao.gov/products/GAO-07-720T]. Washington, D.C.: April 12, 2007. Tax Administration: Additional Time Needed to Complete Offshore Tax Evasion Examinations. [hyperlink, http://www.gao.gov/products/GAO-07-237]. Washington, D.C.: March 30, 2007. Tax Compliance: Multiple Approaches Are Needed to Reduce the Tax Gap. [hyperlink, http://www.gao.gov/products/GAO-07-488T]. Washington, D.C.: February 16, 2007. [End of Highlights for Enforcement of Tax Laws] High-Risk Series: Internal Revenue Service Business Systems Modernization: GAO Highlights: For additional information about this high-risk area, contact David A.Powner at (202) 512-9286 or pownerd@gao.gov or Steven J. Sebastian at (202) 512-3406 or sebastians@gao.gov. Why Area Is High Risk: The Internal Revenue Service’s (IRS) highly complex, multibillion-dollar Business Systems Modernization (BSM) program is critical to (1) transforming the agency’s manual paper-intensive business operations, (2) fulfilling its obligations under the IRS Restructuring and Reform Act, and (3) providing the reliable and timely financial management information needed to better enable IRS to justify its resource allocation decisions and congressional budgetary requests. Despite progress in improving modernization management controls and capabilities and addressing long-standing financial management weaknesses, significant challenges and serious risks remain. What GAO Found: IRS has long relied on obsolete automated systems for key operational and financial management functions, and its attempts to modernize these aging computer systems span decades. A long history of continuing delays and design difficulties and their impact on IRS’s operations led GAO to designate IRS’s systems modernization and its financial management as separate high-risk areas in 1995. GAO has previously reported that despite progress in establishing management controls, acquiring foundational system infrastructure and applications, and addressing several financial management deficiencies, including deficiencies in controls over budgetary activity and property and equipment, both BSM and financial management have remained high risk. Since resolution of IRS’s most serious remaining financial management problems depended largely on the success of BSM, GAO combined the two issues into one high-risk area in 2005. IRS has made further progress since 2007 in addressing GAO’s concerns about the management of BSM. For example, IRS (1) delivered releases of key tax administration projects; (2) developed policies, procedures, and tools for developing and managing project requirements; and (3) took steps to further develop its modernization vision and strategy. In addition, IRS implemented the initial phase of the system intended to serve as a subsidiary ledger for its tax administration activities, as well as identification numbers for tax revenue and refund transactions that, once fully implemented, are together expected to provide transaction traceability and detailed support for all of its tax-related transactions and balances. IRS also made significant progress in addressing long-standing deficiencies in controls over tax revenue collections, tax refund disbursements, and hard-copy tax receipts and related data. In addition, IRS completed several pilot projects to demonstrate its ability to determine the full cost of its programs and activities. However,GAO recently reported that while some project releases were delivered within cost or schedule estimates, others continued to experience cost increases or schedule delays. In addition, risks continue to exist and are likely to escalate. IRS has also not developed a plan with specific time frames for addressing human capital initiatives for the organization that is responsible for delivering the modernization effort. Finally, the legacy automated financial management systems IRS continues to rely on (1) do not provide adequate information to support day-to-day decision making and (2) continue to exhibit serious deficiencies in information security that jeopardize the integrity and confidentiality of the financial and taxpayer information they process. IRS is taking action to resolve these issues and to address GAO’s recommendations related to BSM and financial management. However, more remains to be done to fully address the problems that have affected past systems modernization efforts and that continue to affect IRS’s ability to successfully modernize its operational and financial management systems. What Remains to Be Done: While IRS has made progress in reducing risk with systems modernization and financial management, improvements have not been sustained long enough to provide confidence that the program is fully stable. In addition, many challenges remain, including (1) addressing the risks facing current and future BSM project releases, (2) improving processes for delivering modernized IT systems within cost and schedule estimates, (3) developing the cost and revenue information needed to support day-to-day decision making, and (4) addressing outstanding weaknesses in information security weaknesses. Related GAO Products for: Internal Revenue Service Business Systems Modernization: Financial Audit: IRS’s Fiscal Years 2008 and 2007 Financial Statements. [hyperlink, http://www.gao.gov/products/GAO-09-119]. Washington, D.C.: November 10, 2008. Internal Revenue Service: Status of GAO Financial Audit and Related Financial Management Report Recommendations. [hyperlink, http://www.gao.gov/products/GAO-08-693]. Washington, D.C.: July 2, 2008. Management Report: Improvements Needed in IRS’s Internal Controls. [hyperlink, http://www.gao.gov/products/GAO-08-368R]. Washington, D.C.: June 4, 2008. Internal Revenue Service: Assessment of the Fiscal Year 2009 Budget Request. [hyperlink, http://www.gao.gov/products/GAO-08-620T]. Washington, D.C.: April 16, 2008. Internal Revenue Service: Fiscal Year 2009 Budget Request and Interim Performance Results of IRS’s 2008 Tax Filing Season. [hyperlink, http://www.gao.gov/products/GAO-08-567]. Washington, D.C.: March 13, 2008. Business Systems Modernization: Internal Revenue Service’s Fiscal Year 2008 Expenditure Plan. [hyperlink, http://www.gao.gov/products/GAO-08-420]. Washington, D.C.: March 7, 2008. Financial Audit: IRS’s Fiscal Years 2007 and 2006 Financial Statements. [hyperlink, http://www.gao.gov/products/GAO-08-166]. Washington, D.C.: November 9, 2007. Internal Revenue Service: Status of GAO Financial Audit and Related Financial Management Report. [hyperlink, http://www.gao.gov/products/GAO-08-629]. Washington, D.C.: June 7, 2007. Management Report: IRS’s First Year Implementation of the Requirements of the Office of Management and Budget’s Revised Circular A-123. [hyperlink, http://www.gao.gov/products/GAO-07-692R]. Washington, D.C.: May 18, 2007. Management Report: Improvements Needed in IRS’s Internal Controls. [hyperlink, http://www.gao.gov/products/GAO-07-689R]. Washington, D.C.: May 11, 2007. Internal Revenue Service: Assessment of the 2008 Budget Request and an Update of 2007 Performance. [hyperlink, http://www.gao.gov/products/GAO-07-719T]. Washington, D.C.: May 9, 2007. Internal Revenue Service: Interim Results of the 2007 Tax Filing Season and the Fiscal Year 2008 Budget Request. [hyperlink, http://www.gao.gov/products/GAO-07-673]. Washington, D.C.: April 3, 2007. Business Systems Modernization: Internal Revenue Service’s Fiscal Year 2007 Expenditure Plan. [hyperlink, http://www.gao.gov/products/GAO-07-247]. Washington, D.C.: February 15, 2007. [End of Highlights for Internal Revenue Service Business Systems Modernization] High-Risk Series: Improving and Modernizing Federal Disability Programs: GAO Highlights: For additional information about this high-risk area, contact Daniel Bertoni at (202) 512-7215 or bertonid@gao.gov. Why Area Is High Risk: In January 2003, GAO designated modernizing federal disability programs as a high-risk area. Current demographics are affecting the ability of Social Security Administration (SSA) to manage workloads and provide timely and accurate disability decisions. At the same time, the tens of thousands of servicemembers wounded in recent actions have strained the capacity of the Department of Defense (DOD) and the Department of Veterans Affairs (VA) disability evaluation systems. Despite opportunities afforded by medical and technological advances, the economic shift toward service- and knowledge-based jobs, and growing expectations that people with disabilities can and want to work, federal disability programs remain grounded in outmoded concepts that equate medical conditions with work incapacity. What GAO Found: While some federal disability programs have taken steps to address growing workloads, in general little progress has been made in improving the accuracy and timeliness of disability decisions and in modernizing federal disability programs. * SSA continues to struggle to keep pace with growing numbers of disability applications, leading to large claims backlogs and long waits for claimants. In 2006, it introduced a comprehensive set of reforms to improve the efficiency of the disability determination process and the accuracy and timeliness of decisions. Tight time frames, poor communication, and a lack of financial planning hampered implementation of these reforms, and by 2008 most had been superseded by more focused efforts to fully implement electronic case processing and eliminate the growing claims backlog at the hearings level. Whether concentration on fewer, more immediate issues will better position SSA to meet the challenges it faces remains to be seen. * In addition to growing workloads, DOD and VA are struggling to address servicemember confusion and potential inefficiencies associated with operating two separate yet similar disability systems. The Army and VA have hired more staff to help manage workloads, but the Army has yet to meet timeliness goals, while VA faces human capital challenges from rapid personnel growth. VA established programs to speed up the receipt of VA disability benefits for those leaving the military, but GAO identified gaps in program accountability and uneven program access. Significantly, DOD and VA are piloting a joint process with potential for reducing redundancy between their disability evaluation systems, as well as improving overall timeliness and consistency in decisions. Evaluation of the pilot is ongoing, and large-scale implementation will require careful management. * Federal disability programs need continuous re-examination and transformation. Disability policies and programs have been individually developed over many years, creating a patchwork of federal policies and programs without a unified set of national goals. As a result, these programs have different legal mandates, funding streams, missions, eligibility criteria, and priorities. Agencies have taken steps to modernize their programs, such as revising eligibility criteria. However, the revisions to eligibility criteria fall short of fully incorporating a modern understanding of how technology and labor market changes could affect eligibility for disability benefits. More importantly, steps have not been taken to develop a set of agreed-upon desired outcomes for disability policies and programs and the processes to achieve them. Without a federal strategy and governmentwide coordination among the almost 200 disability programs, there is no assurance that federal policies, services, and supports for people with disabilities will be aligned. What Remains to Be Done: SSA, DOD, and VA continue to take steps to manage their growing workloads, but more progress is needed to achieve fundamental program reform. SSA needs to recommit itself to achieving comprehensive reform to improve both the accuracy and timeliness of disability decisions. DOD and VA need to soundly evaluate their pilot of a joint disability determination system and carefully manage any efforts at large-scale implementation. Beyond improvements in agency operations, modernizing federal disability programs calls for better coordination between federal disability programs, in general, and creation of an overall federal strategy aligning disability policies, services, and supports. Related GAO Products for: Improving and Modernizing Federal Disability Programs: Military Disability System: Increased Supports for Servicemembers and Better Pilot Planning Could Improve the Disability Evaluation Process. [hyperlink, http://www.gao.gov/products/GAO-08-1137]. Washington, D.C.: September 24, 2008. Veterans’ Disability Benefits: Better Accountability and Access Would Improve the Benefits Delivery at Discharge Program. [hyperlink, http://www.gao.gov/products/GAO-08-901]. Washington, D.C.: September 9, 2008. Federal Disability Programs: More Strategic Coordination Could Help Overcome Challenges to Needed Transformation. [hyperlink, http://www.gao.gov/products/GAO-08-635]. Washington, D.C.: May 20, 2008. Veterans’ Disability Benefits: Claims Processing Challenges Persist, while VA Continues to Take Steps to Address Them. [hyperlink, http://www.gao.gov/products/GAO-08-473T]. Washington, D.C.: February 14, 2008. Social Security Disability: Better Planning, Management, and Evaluation Could Help Address Backlogs. [hyperlink, http://www.gao.gov/products/GAO-08-40]. Washington, D.C.: December 7, 2007. Veterans’ Benefits: Improved Operational Controls and Management Data Would Enhance VBA’s Disability Reevaluation Process. [hyperlink, http://www.gao.gov/products/GAO-08-75]. Washington, D.C.: December 6, 2007. SSA Disability Representatives: Fee Payment Changes Show Promise, but Eligibility Criteria and Representative Overpayments Require Further Monitoring. [hyperlink, http://www.gao.gov/products/GAO-08-5]. Washington, D.C.: October 15, 2007. Veterans’ Benefits: Further Changes in VBA’s Field Office Structure Could Help Improve Disability Claims Processing. [hyperlink, http://www.gao.gov/products/GAO-06-149]. Washington, D.C.: December 9, 2005. Social Security Administration: Strategic Workforce Planning Needed to Address Human Capital Challenges Facing the Disability Determination Services. [hyperlink, http://www.gao.gov/products/GAO-04-121]. Washington, D.C.: January 27, 2004. Social Security Disability: Reviews of Beneficiaries’ Disability Status Require Continued Attention to Achieve Timeliness and Cost- Effectiveness. [hyperlink, http://www.gao.gov/products/GAO-03-662]. Washington, D.C.: July 24, 2003. SSA and VA Disability Programs: Re-Examination of Disability Criteria Needed to Help Ensure Program Integrity. [hyperlink, http://www.gao.gov/products/GAO-02-597]. Washington, D.C.: August 9, 2002. [End of Highlights for Improving and Modernizing Federal Disability Programs] High-Risk Series: Pension Benefit Guaranty Corporation Insurance Programs: GAO Highlights: For additional information about this high-risk area, contact Barbara Bovbjerg at (202) 512-7215 or bovbjergb@gao.gov. Why Area Is High Risk: The Pension Benefit Guaranty Corporation’s (PBGC) single- and multi- employer insurance programs insure the pension benefits of 44 million participants in more than 29,000 private defined benefit (DB) plans. PBGC reported that the net accumulated financial deficit of these programs, as of September 30, 2008, was $11.2 billion. While this is an improvement of almost $3 billion from 2007, it remains significantly worse than in 2000, when PBGC reported a $10 billion surplus. PBGC estimates that plans sponsored by financially weak firms are underfunded by about $47 billion, a figure that may worsen because of the recent financial crisis. The Pension Protection Act of 2006 (PPA) improved some aspects of funding rules and premiums, but these changes are being phased in slowly. PBGC’s insurance programs remain exposed to the threat of terminations of large underfunded plans sponsored by financially weak firms. PBGC also faces governance and program management challenges. GAO put the single-employer program on its high- risk list in July 2003. What GAO Found: GAO is designating the PBGC and the pension insurance programs that it administers as areas that need urgent attention and transformation to ensure that our national government functions in the most economical, efficient, and effective manner possible. Although the combined net financial condition of PBGC’s single- and multi-employer insurance programs has recently improved, the programs and the agency are designated high risk because of the ongoing threat of losses from the termination of underfunded plans.As of fiscal year-end 2008, PBGC’s accumulated deficit totaled $11.2 billion, down from $14.1 billion in 2007. However, the recent financial crisis has likely eroded the funding of many large plans and lowered the credit rating of many sponsors, developments that the most recent estimates may not reflect. In 2008, PBGC also decided to change its investment policy to increase its allocation of assets invested in equities and other, new asset classes, while decreasing its fixed-income investment allocation. PBGC believes this change will help it meet its long-term financial obligations, but it also increases the risk of large investment losses. PBGC’s assets may currently be much lower than reported, given the significant stock market decline since the end of the 2008 fiscal year. Further, the long-term decline of the DB system continues to erode PBGC’s premium base, with PBGC insuring about 65 percent fewer plans than it did 15 years ago. Recent legislation gives funding relief to certain sponsors and delays implementation of certain aspects of PPA; in addition, the financial fate of the Detroit automakers, which sponsor very large DB plans, is also uncertain. These developments likely increase PBGC’s risk exposure, perhaps significantly. In addition, PBGC’s governance structure and program management need improvements. PBGC’s board of directors is limited in its ability to provide policy direction and oversight. Further, PBGC lacks a strategic approach to its acquisition and human capital management needs. Figure: Net Financial Position,PBGC Combined Insurance Programs Dollars: [Refer to PDF for image] This figure is a line graph depicting the following data: Fiscal year (at year end): 1990; Dollars (in billions): -$1.8 billion. Fiscal year (at year end): 1991; Dollars (in billions): -$2.3 billion. Fiscal year (at year end): 1992; Dollars (in billions): -$2.6 billion. Fiscal year (at year end): 1993; Dollars (in billions): -$2.6 billion. Fiscal year (at year end): 1994; Dollars (in billions): -$1 billion. Fiscal year (at year end): 1995; Dollars (in billions): -$0.1 billion. Fiscal year (at year end): 1996; Dollars (in billions): $1 billion. Fiscal year (at year end): 1997; Dollars (in billions): $3.7 billion. Fiscal year (at year end): 1998; Dollars (in billions): $5.4 billion. Fiscal year (at year end): 1999; Dollars (in billions): $7.2 billion. Fiscal year (at year end): 2000; Dollars (in billions): $10 billion. Fiscal year (at year end): 2001; Dollars (in billions): $7.8 billion. Fiscal year (at year end): 2002; Dollars (in billions): -$3.5 billion. Fiscal year (at year end): 2003; Dollars (in billions): -$11.5 billion. Fiscal year (at year end): 2004; Dollars (in billions): -$23.5 billion. Fiscal year (at year end): 2005; Dollars (in billions): -$23.1 billion. Fiscal year (at year end): 2006; Dollars (in billions): -$18.9 billion. Fiscal year (at year end): 2007; Dollars (in billions): -$14.1 billion. Fiscal year (at year end): 2008; Dollars (in billions): -$11.2 billion. Source: Pension Benefit Guaranty Corporation. Note: Net financial position equals program assets less the current value of future benefit obligations for terminated plans and those deemed probable for termination for the single- and multi-employer programs. [End of figure] What Remains to Be Done: Congress may need to carefully monitor the financial health of PBGC’s programs, and of DB plans generally, and may need to take additional action to safeguard the private pension system’s role in national retirement security. In the longer term, PBGC may remain at risk from a weak premium rate structure that does not adequately reflect its exposure to losses and from funding rules that have not yet facilitated the accumulation of sufficient plan reserves. Related GAO Products for: Pension Benefit Guaranty Corporation Insurance Programs: Pension Benefit Guaranty Corporation: Improvements Needed to Address Financial and Management Challenges. [hyperlink, http://www.gao.gov/products/GAO-08-1162T]. Washington, D.C.: September 24, 2008. Pension Benefit Guaranty Corporation: Need for Improved Oversight Persists. [hyperlink, http://www.gao.gov/products/GAO-08-1062]. Washington, D.C.: September 10, 2008. Pension Benefit Guaranty Corporation: Some Steps Have Been Taken to Improve Contracting, but a More Strategic Approach Is Needed. [hyperlink, http://www.gao.gov/products/GAO-08-871]. Washington, D.C.: August 18, 2008. Defined Benefit Pensions: Plan Freezes Affect Millions of Participants and May Pose Retirement Income Challenges. [hyperlink, http://www.gao.gov/products/GAO-08-817]. Washington, D.C.: July 21, 2008. PBGC Assets: Implementation of New Investment Policy Will Need Stronger Board Oversight. [hyperlink, http://www.gao.gov/products/GAO-08-667]. Washington, D.C.: July 17, 2008. Pension Benefit Guaranty Corporation: A More Strategic Approach Could Improve Human Capital Management. [hyperlink, http://www.gao.gov/products/GAO-08-624]. Washington, D.C.: June 12, 2008. Employer-Sponsored Benefits: Many Factors Affect the Treatment of Pension and Health Benefits in Chapter 11 Bankruptcy. [hyperlink, http://www.gao.gov/products/GAO-07-1101]. Washington, D.C.: September 6, 2007. Pension Benefit Guaranty Corporation: Governance Structure Needs Improvements to Ensure Policy Direction and Oversight. [hyperlink, http://www.gao.gov/products/GAO-07-808]. Washington, D.C.: July 6, 2007. PBGC’s Legal Support: Improvements Needed to Eliminate Confusion and Ensure Provision of Consistent Advice. [hyperlink, http://www.gao.gov/products/GAO-07-757R]. Washington, D.C.: May 18, 2007. [End of Highlights for Pension Benefit Guaranty Corporation Insurance Programs] High-Risk Series: Medicare Program: GAO Highlights: For additional information about this high-risk area, contact Marjorie Kanof at (202) 512-7114 or kanofm@gao.gov. Why Area Is High Risk: Since 1990, GAO has designated Medicare as a high-risk program due to its size and complexity, as well as its susceptibility to mismanagement and improper payments. In 2007, the program covered over 44 million elderly and disabled beneficiaries and had estimated outlays of over $431 billion. Its improper fee-for-service payments were estimated to be $10.4 billion in fiscal year 2008, but a recent Department of Health and Human Services Inspector General report suggests that this could understate payment errors. The Centers for Medicare & Medicaid Services (CMS), which administers Medicare, is responsible for managing the program to better serve beneficiaries, developing payment rates that encourage efficient service delivery, safeguarding the program from loss, and overseeing patient safety and care. With rapid growth expected in the number of Medicare beneficiaries and spending, CMS will face growing fiscal and management challenges in the years to come. What GAO Found: Absent reform, Medicare’s spending growth is unsustainable over time— spending is projected to increase to 7 percent of gross domestic product by 2035. This fiscal pressure highlights CMS’s challenges to improve program management, reform payment methods, and strengthen program integrity and care quality. Improving program management. CMS faces challenges managing the prescription drug benefit (Part D) and the Medicare Advantage (MA) program. For example, CMS’s oversight of Part D implementation contracts had deficiencies that led to nearly $90 million in questionable payments. CMS's poor management of data collection meant the agency was unable in 2006 to adequately monitor beneficiaries' use of the coverage determination process needed to obtain access to prescription drugs restricted by the Part D plans. In addition, plan sponsors, beneficiary advocates, and others have expressed concerns that the model language CMS provided to explain Part D plan changes is not clear to beneficiaries. For the MA program, in which private health plans provide coverage to beneficiaries, CMS has not met a legislative requirement to audit one-third of the MA plan organizations’ financial records for contract years 2001-2005 or to provide beneficiaries with disenrollment information on MA plans. Reforming and refining payments. Since January 2007, CMS has refined how it updates or sets payments for hospitals, home health agencies, and ambulatory surgery centers. However, the rising costs for and use of physician services raise concerns that Medicare’s payment policies do not foster physician responsibility to provide the most effective services efficiently. Also, GAO’s work has shown that relatively high Medicare payments to MA plans do not prevent the possibility that some beneficiaries in MA plans could experience out-of-pocket costs exceeding those in the traditional program. Enhancing program integrity. CMS has also taken promising steps to strengthen its program safeguards, such as adding automated reviews of claims and increasing enforcement in localities with high rates of fraud. Nevertheless, when GAO tested program defenses, it was able to obtain billing privileges for two fictitious medical supply companies. CMS has not used some tools to safeguard the program, such as refusing enrollment to providers that owe tax debt to the U.S. government. In addition, CMS’s oversight of Part D plans’ fraud and abuse programs has been limited. Overseeing patient safety and care. CMS’s oversight of the quality of nursing home care has increased significantly in recent years, but several CMS initiatives—including its enforcement policy against homes that do not meet federal requirements—require refinement. For example, CMS’s management of nursing home enforcement is hampered by its fragmented and incomplete enforcement data system and a policy that allows some homes with the worst compliance histories to escape immediate sanctions. What Remains to Be Done: CMS has implemented certain GAO recommendations, such as to improve fire safety in nursing homes. However, further action must be taken to improve management of key activities, such as monitoring beneficiary grievances; eliminate inappropriate payment incentives; safeguard the program from payment errors; and address deficiencies in oversight of care quality in nursing homes and hospitals. Related GAO Products for: Medicare Program: Medicare Advantage: Characteristics, Financial Risks, and Disenrollment Rates of Beneficiaries in Private Fee-for-Service Plans. [hyperlink, http://www.gao.gov/products/GAO-09-25]. Washington, D.C.: December 15, 2008. Medicare Part D: Opportunities Exist for Improving Information Sent to Enrollees and Scheduling the Annual Election Period. [hyperlink, http://www.gao.gov/products/GAO-09-4]. Washington, D.C.: December 12, 2008. Medicare Advantage Organizations: Actual Expenses and Profits Compared to Projections for 2006. [hyperlink, http://www.gao.gov/products/GAO-09-132R]. Washington, D.C.: December 8, 2008. Medicare Part D: Some Plan Sponsors Have Not Completely Implemented Fraud and Abuse Programs, and CMS Oversight Has Been Limited. [hyperlink, http://www.gao.gov/products/GAO-08-760]. Washington, D.C.: July 21, 2008. Medicare Part D: Complaint Rates Are Declining, but Operational and Oversight Challenges Remain. [hyperlink, http://www.gao.gov/products/GAO-08-719]. Washington, D.C.: June 27, 2008. Medicare Advantage: Increased Spending Relative to Medicare Fee-for- Service May Not Always Reduce Beneficiary Out-of-Pocket Costs. [hyperlink, http://www.gao.gov/products/GAO-08-359]. Washington, D.C.: February 22, 2008. Medicare Part D: Plan Sponsors' Processing and CMS Monitoring of Drug Coverage Requests Could Be Improved. [hyperlink, http://www.gao.gov/products/GAO-08-47]. Washington, D.C.: January 22, 2008. Centers for Medicare and Medicaid Services: Internal Control Deficiencies Resulted in Millions of Dollars of Questionable Contract Payments. [hyperlink, http://www.gao.gov/products/GAO-08-54]. Washington, D.C.: November 15, 2007. Medicare Advantage: Required Audits of Limited Value. [hyperlink, http://www.gao.gov/products/GAO-08-154T]. Washington, D.C.: October 16, 2007. Medicare: Focus on Physician Practice Patterns Can Lead to Greater Program Efficiency. [hyperlink, http://www.gao.gov/products/GAO-07- 307]. Washington, D.C.: April 30, 2007. Nursing Homes: Efforts to Strengthen Federal Enforcement Have Not Deterred Some Homes from Repeatedly Harming Residents. [hyperlink, http://www.gao.gov/products/GAO-07-241]. Washington, D.C.: March 26, 2007. [End of Highlights for Medicare Program] High-Risk Series: Medicaid Program: GAO Highlights: For additional information about this high-risk area, contact James Cosgrove at (202) 512-7114 or cosgrovej@gao.gov. Why Area Is High Risk: In 2003, GAO designated Medicaid a high-risk program in part because of growing concerns about the quality of fiscal oversight,which is necessary to prevent inappropriate program spending. Medicaid, the federal-state program that covered acute health care and long-term care services for over 60 million low-income people in fiscal year 2007, consists of more than 50 distinct state-based programs that cost the federal government and states an estimated $333 billion that year. The program accounts for more than 20 percent of states’ expenditures, exerting continuing pressure on state budgets. The federal government, by a formula established in law, can pay from half to more than three- fourths of each state’s Medicaid expenditures. The Centers for Medicare & Medicaid Services (CMS) in the Department of Health and Human Services (HHS) is responsible for overseeing the program at the federal level, while the states administer their respective programs’ day-to- day operations. What GAO Found: Congress and CMS have taken important steps to improve Medicaid’s fiscal integrity and financial management, but the program remains high risk due to concerns about the program’s size, growth, and diversity, as well as the adequacy of fiscal oversight. Concerns remain in several areas: Financial management weaknesses that allow states to leverage federal funds inappropriately. For more than a decade, some states created the illusion that they had made large Medicaid supplemental payments to certain government providers in order to generate excessive federal matching payments. In reality, the states only temporarily made payments to these providers but then required that the payments be returned. CMS has taken steps to improve its oversight of Medicaid financial management activities, including its efforts to oversee states’ financing arrangements. However, several oversight weaknesses have not been addressed. For example, CMS has not developed a financial management strategic plan for Medicaid, incorporated the use of key Medicaid data systems into its oversight of states’ claims, reviewed all supplemental payment arrangements, or ensured that states report information that CMS needs to adequately oversee the appropriateness of supplemental payments. In fiscal year 2006, states made at least $23 billion in Medicaid supplemental payments. Demonstrations that inappropriately increase the federal government’s financial liability. The Secretary of HHS has authority under section 1115 of the Social Security Act to waive certain statutory provisions and to allow reimbursement for otherwise unallowable expenditures in order for states to test new ideas for achieving program objectives. HHS has a long-standing policy that Medicaid demonstrations must be “budget neutral”: They should not be approved if they would increase the federal financial liability beyond what it would have been otherwise. Since the mid-1990s, HHS has approved demonstrations projected to increase federal costs by permitting states to use questionable methods to demonstrate budget neutrality. For example, GAO in 2008 reported that HHS’s rationale for approving two states’ demonstration spending limits was unclear and not documented: The approved spending limit in one of these states was $6.9 billion more than what was supported. Improper payments to Medicaid providers serving program beneficiaries. Improper payments to providers that submit inappropriate claims can result in substantial financial losses to states and the federal government. Medicaid payments can be improper for various reasons, such as if people served are not eligible for Medicaid. Measuring improper payments within the Medicaid program is important to recouping and reducing them. For fiscal year 2007, CMS issued its first full-year Medicaid improper payment rate estimate of 10.5 percent, or $32.7 billion (the federal share is $18.6 billion). Identifying and reducing improper payments in Medicaid are important first steps toward improving the integrity of the program. What Remains to Be Done: A GAO recommendation to Congress to limit Medicaid payments to government facilities to the costs of providing services remains open. CMS has not identified needed systems projects or taken certain recommended steps to improve payment oversight. HHS has also not acted on GAO recommendations to develop methods to better ensure the budget neutrality of Medicaid demonstrations; consequently, GAO has elevated this matter to Congress for consideration. Because of these issues, Medicaid retains its high-risk designation. Related GAO Products for: Medicaid Program: Medicaid: CMS Needs More Information on the Billions of Dollars Spent on Supplemental Payments. [hyperlink, http://www.gao.gov/products/GAO-08-614]. Washington, D.C.: May 30, 2008. Medicaid Financing: Long-standing Concerns about Inappropriate State Arrangements Support Need for Improved Federal Oversight. [hyperlink, http://www.gao.gov/products/GAO-08-650T]. Washington D.C.: April 3, 2008. Improper Payments: Status of Agencies’ Efforts to Address Improper Payment and Recovery Auditing Requirements. [hyperlink, http://www.gao.gov/products/GAO-08-438T]. Washington, D.C.: January 31, 2008. Medicaid Demonstration Waivers: Recent HHS Approvals Continue to Raise Cost and Oversight Concerns. [hyperlink, http://www.gao.gov/products/GAO-08-87]. Washington, D.C.: January 31, 2008. Improper Payments: Federal Executive Branch Agencies’ Fiscal Year 2007 Improper Payment Estimate Reporting. [hyperlink, http://www.gao.gov/products/GAO-08-377R]. Washington, D.C.: January 23, 2008. Medicaid Financing: Long-standing Concerns about Inappropriate State Arrangements Support Need for Improved Federal Oversight. [hyperlink, http://www.gao.gov/products/GAO-08-255T]. Washington D.C.: November 1, 2007. Medicaid Financing: Federal Oversight Initiative Is Consistent with Medicaid Payment Principles but Needs Greater Transparency. [hyperlink, http://www.gao.gov/products/GAO-07-214]. Washington, D.C.: March 30, 2007. Medicaid Financial Management: Steps Taken to Improve Federal Oversight but Other Actions Needed to Sustain Efforts. [hyperlink, http://www.gao.gov/products/GAO-06-705]. Washington, D.C.: June 22, 2006. Medicaid Financing: States’ Use of Contingency-Fee Consultants to Maximize Federal Reimbursements Highlights Need for Improved Federal Oversight. [hyperlink, http://www.gao.gov/products/GAO-05-748]. Washington, D.C.: June 28, 2005. [End of Highlights for Medicaid Program] High-Risk Series: National Flood Insurance Program: GAO Highlights: For additional information about this high-risk area, contact Orice M. Williams at (202) 512-8678 or williamso@gao.gov. Why Area Is High Risk: The National Flood Insurance Program (NFIP), a key component of the federal government’s efforts to minimize the damage and financial impact of floods, likely will not generate sufficient revenues to repay the billions borrowed from the Treasury to cover flood claims from the 2005 hurricanes. And it is unlikely that NFIP could cover catastrophic losses in future years should they occur. The insufficient revenues highlight structural weaknesses in how the program is funded. The Federal Emergency Management Agency (FEMA) is the Department of Homeland Security agency responsible for managing NFIP. FEMA has taken some steps to address these issues, including reducing the percentage of subsidized properties and the number of severe repetitive loss properties, but still faces complex challenges in addressing these issues. GAO placed NFIP on its high-risk list in March 2006, and it remains high risk. What GAO Found: NFIP, by design, is not actuarially sound. It subsidizes rates for about 25 percent of policies, primarily for certain high-risk structures constructed before NFIP flood plain regulations went into effect in their communities. Although policyholders with subsidized rates on average pay more than policyholders paying “full-risk” premiums, subsidized rates may be only 35 percent to 40 percent of full- risk rates. In addition, potentially outdated and inaccurate data about flood probabilities, damage claims, and flood maps make it more likely that full-risk premiums do not reflect actual risk of flooding. Also, unlike many private insurers, FEMA has done little to understand the long-term impact of planned and ongoing developments on damage estimates and has not evaluated how such development could affect the accuracy of its maps. Because FEMA’s rate-setting process for its subsidized properties depends in part on the accuracy of its full-risk rates, concerns exist about how the subsidized rates are calculated. The losses associated with subsidized properties that have had repeated flood losses (known as repetitive loss properties) are a financial challenge to NFIP. While repetitive loss properties are only 1 percent of NFIP-insured buildings, they account for 25 percent to 30 percent of all claims losses. In addition, the program is not structured to build loss reserves like a typical commercial insurance company, and it does not build and hold capital. Instead, it generally pays claims and expenses out of current premium income.NFIP currently has about 5.6 million policies in force, resulting in about $2.6 billion in total premiums. As shown in the figure, the unprecedented losses from the 2005 hurricanes greatly exceeded losses of previous years. When it has insufficient income to pay claims, NFIP has authority to borrow from the U.S. Treasury. As of December 2008,NFIP owed over $18 billion to the U.S. Treasury, primarily as a result of loans that the program received to pay claims resulting from the 2005 hurricane season. While FEMA has paid $1.98 billion in interest to the Treasury since 2005, it is unlikely that NFIP will be able to meet its interest payments in most years. Therefore, NFIP’s debt may grow as the program borrows to meet the interest payments. Figure: Flood Loss Payments by Year of Flood Event, as of May 29, 2008: [Refer to PDF for image] This figure is a vertical bar graph depicting the following data: Year of Flood Event: 1978; Flood Loss Payments: $0.1477 billion. Year of Flood Event: 1980; Flood Loss Payments: $0.2304 billion. Year of Flood Event: 1982; Flood Loss Payments: $0.1983 billion. Year of Flood Event: 1984; Flood Loss Payments: $0.2546 billion. Year of Flood Event: 1986; Flood Loss Payments: $0.1264 billion. Year of Flood Event: 1988; Flood Loss Payments: $0.051 billion. Year of Flood Event: 1990; Flood Loss Payments: $0.1679 billion. Year of Flood Event: 1992; Flood Loss Payments: $0.7102 billion. Year of Flood Event: 1994; Flood Loss Payments: $0.4111 billion. Year of Flood Event: 1996; Flood Loss Payments: $0.828 billion. Year of Flood Event: 1998; Flood Loss Payments: $0.8863 billion. Year of Flood Event: 2000; Flood Loss Payments: $0.2517 billion. Year of Flood Event: 2001; Flood Loss Payments: $1.277 billion. Year of Flood Event: 2002; Flood Loss Payments: $0.4336 billion. Year of Flood Event: 2003; Flood Loss Payments: $0.7788 billion. Year of Flood Event: 2004; Flood Loss Payments: $2.2143 billion. Year of Flood Event: 2005; Flood Loss Payments: $17.5751 billion. Year of Flood Event: 2006; Flood Loss Payments: $0.6327 billion. Year of Flood Event: 2007; Flood Loss Payments: $0.5232 billion. Source: FEMA. [End of figure] What Remains to Be Done: GAO continues to believe that comprehensive reform will be needed to stabilize the long-term finances of this program. GAO will continue to provide FEMA and Congress with recommendations to help consider ways to improve the sufficiency of NFIP’s rate-setting process, decrease the inventory of subsidized properties, mitigate losses from repetitive loss properties, increase compliance with mandatory purchase requirements, and expedite FEMA’s flood map modernization efforts. Related GAO Products for: National Flood Insurance Program: Flood Insurance: Options for Addressing the Financial Impact of Subsidized Premium Rates on the National Flood Insurance Program. [hyperlink, http://www.gao.gov/products/GAO-09-20]. Washington, D.C.: November 14, 2008. Flood Insurance: FEMA’s Rate-Setting Process Warrants Attention. [hyperlink, http://www.gao.gov/products/GAO-09-12]. Washington, D.C.: October 31, 2008. National Flood Insurance Program: Financial Challenges Underscore Need for Improved Oversight of Mitigation Programs and Key Contracts. [hyperlink, http://www.gao.gov/products/GAO-08-437]. Washington, D.C.: June 16, 2008. National Flood Insurance Program: Greater Transparency and Oversight of Wind and Flood Damage Determinations Are Needed. [hyperlink, http://www.gao.gov/products/GAO-08-28]. Washington, D.C.: December 28, 2007. Federal Emergency Management Agency: Ongoing Challenges Facing the National Flood Insurance Program. [hyperlink, http://www.gao.gov/products/GAO-08-118T]. Washington, D.C.: October 2, 2007. National Flood Insurance Program: FEMA’s Management and Oversight of Payments for Insurance Company Services Should Be Improved. [hyperlink, http://www.gao.gov/products/GAO-07-1078]. Washington, D.C.: September 5, 2007. National Flood Insurance Program: Preliminary Views on FEMA's Ability to Ensure Accurate Payments on Hurricane-Damaged Properties. [hyperlink, http://www.gao.gov/products/GAO-07-991T]. Washington, D.C.: June 12, 2007. National Flood Insurance Program: New Processes Aided Hurricane Katrina Claims Handling, but FEMA's Oversight Should Be Improved. [hyperlink, http://www.gao.gov/products/GAO-07-169]. Washington, D.C.: December 15, 2006. High Risk Series: An Update. [hyperlink, http://www.gao.gov/products/GAO-07-310]. Washington, D.C.: January 31, 2007. Federal Emergency Management Agency: Challenges for the National Flood Insurance Program. [hyperlink, http://www.gao.gov/products/GAO-06-335T]. Washington, D.C.: January 25, 2006. Federal Emergency Management Agency: Oversight and Management of the National Flood Insurance Program. [hyperlink, http://www.gao.gov/products/GAO-06-183T]. Washington, D.C.: October 20, 2005. Federal Emergency Management Agency: Improvements Needed to Enhance Oversight and Management of the National Flood Insurance Program. [hyperlink, http://www.gao.gov/products/GAO-06-119]. Washington, D.C.: October 18, 2005. [End of Highlights for National Flood Insurance Program] [End of section] Footnotes: [1] GAO, High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-07-310] (Washington, D.C.: January 2007). [2] GAO, Determining Performance and Accountability Challenges and High Risks, [hyperlink, http://www.gao.gov/products/GAO-01-159SP] (Washington, D.C.: November 2000). [3] For example, the Federal Reserve created a funding facility to provide liquidity to U.S. money market investors and the Federal Deposit Insurance Corporation temporarily increased deposit insurance coverage. [4] See GAO, Troubled Asset Relief Program: Additional Actions Needed to Better Ensure Integrity, Accountability, and Transparency, [hyperlink, http://www.gao.gov/products/GAO-09-266T] (Washington, D.C.: Dec. 10, 2008); and Troubled Asset Relief Program: Additional Actions Needed to Better Ensure Integrity, Accountability, and Transparency, [hyperlink, http://www.gao.gov/products/GAO-09-161] (Washington, D.C.: Dec. 2, 2008). [5] GAO, Financial Regulation: A Framework for Crafting and Assessing Proposals to Modernize the Outdated U.S. Financial Regulatory System, [hyperlink, http://www.gao.gov/products/GAO-09-216] (Washington, D.C.: Jan. 8, 2009). [6] GAO, Drug Safety: Better Data Management and More Inspections Are Needed to Strengthen FDA’s Foreign Drug Inspection Program, [hyperlink, http://www.gao.gov/products/GAO-08-970] (Washington, D.C.: Sept. 22, 2008); and Medical Devices: Challenges for FDA in Conducting Manufacturer Inspections, [hyperlink, http://www.gao.gov/products/GAO-08-428T] (Washington, D.C.: Jan. 29, 2008). [7] GAO, Drug Safety: Improvement Needed in FDA’s Postmarket Decision- making and Oversight Process, [hyperlink, http://www.gao.gov/products/GAO-06-402] (Washington, D.C.: Mar. 31, 2006); and Drug Safety: Further Actions Needed to Improve FDA’s Postmarket Decision-making Process, [hyperlink, http://www.gao.gov/products/GAO-07-856T] (Washington, D.C.: May 9, 2007). [8] GAO, Prescription Drugs: FDA’s Oversight of the Promotion of Drugs for Off-Label Uses, [hyperlink, http://www.gao.gov/products/GAO-08-835] (Washington, D.C.: July 28, 2008); Prescription Drugs: Trends in FDA’s Oversight of Direct-to-Consumer Advertising, [hyperlink, http://www.gao.gov/products/GAO-08-758T] (Washington, D.C.: May 8, 2008); and Prescription Drugs: Improvements Needed in FDA’s Oversight of Direct-to-Consumer Advertising, [hyperlink, http://www.gao.gov/products/GAO-07-54] (Washington, D.C.: Nov. 16, 2006). [9] GAO, Prescription Drugs: FDA Guidance and Regulations Related to Data on Elderly Persons in Clinical Drug Trials, [hyperlink, http://www.gao.gov/products/GAO-07-47R] (Washington, D.C.: Sept. 28, 2007). [10] GAO, Women’s Health: Women Sufficiently Represented in New Drug Testing, but FDA Oversight Needs Improvement, [hyperlink, http://www.gao.gov/products/GAO-01-754] (Washington, D.C.: July 6, 2001). [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: