Highlights
What GAO Found
Overall ratings in 2021 for 20 of GAO’s 2019 high-risk areas remain unchanged, and five regressed. Seven areas improved, one to the point of removal from the High-Risk List. Two new areas are being added, bringing our 2021 High-Risk List to 36 areas. Where there has been improvement in high-risk areas, congressional actions, in addition to those by executive agencies, have been critical in spurring progress.
GAO is removing Department of Defense (DOD) Support Infrastructure Management from the High-Risk List. Among other things, DOD has more efficiently utilized military installation space; reduced its infrastructure footprint and use of leases, reportedly saving millions of dollars; and improved its use of installation agreements, reducing base support costs
GAO is narrowing the scope of three high-risk areas by removing segments of the areas due to progress that has been made. The affected areas are: (1) Federal Real Property (Costly Leasing) because the General Services Administration has reduced its reliance on costly leases and improved monitoring efforts; (2) DOD Contract Management (Acquisition Workforce) because DOD has significantly rebuilt its acquisition workforce; and (3) Management of Federal Oil and Gas Resources (Offshore Oil and Gas Oversight) because the Department of the Interior's Bureau of Safety and Environmental Enforcement has implemented reforms improving offshore oil and gas oversight.
National Efforts to Prevent, Respond to, and Recover from Drug Misuse is being added to the High-Risk List. National rates of drug misuse have been increasing, and drug misuse has resulted in significant loss of life and harmful effects to society and the economy. GAO identified several challenges in the federal government’s response, such as a need for greater leadership and coordination of the national effort, strategic guidance that fulfills all statutory requirements, and more effective implementation and monitoring.
Emergency Loans for Small Businesses also is being added. The Small Business Administration has provided hundreds of billions of dollars’ worth of loans and advances to help small businesses recover from adverse economic impacts created by COVID-19. While loans have greatly aided many small businesses, evidence of fraud and significant program integrity risks need much greater oversight and management attention.
Nine existing high-risk areas also need more focused attention (see table).
Source: GAO. | GAO-21-119SP
( ⬆ indicates area progressed on one or more criteria since 2019; ⬇ indicates area declined on one or more criteria ; ● indicates no change; n/a = not applicable)
Source: GAO. | GAO-21-119SP
aRatings for a segment within this high-risk area improved sufficiently that the segment was removed.
bLegislation is likely to be necessary in order to effectively address this high-risk area.
cNot rated, because this high-risk area is newly added or primarily involves congressional action.
dRated for the first time, because this high-risk area was newly added in 2019.
eOnly rated on one segment; we did not rate other elements of the Medicare program.
Why GAO Did This Study
The federal government is one of the world’s largest and most complex entities; about $6.6 trillion in outlays in fiscal year 2020 funded a broad array of programs and operations. GAO’s High-Risk Series identifies government operations with vulnerabilities to fraud, waste, abuse, and mismanagement, or in need of transformation to address economy, efficiency, or effectiveness challenges.
This biennial update describes the status of high-risk areas, outlines actions that are still needed to assure further progress, and identifies any new high-risk areas needing attention by the executive branch and Congress. Solutions to high-risk problems save billions of dollars, improve service to the public, and strengthen government performance and accountability.
GAO uses five criteria to assess progress in addressing high-risk areas: (1) leadership commitment, (2) agency capacity, (3) an action plan, (4) monitoring efforts, and (5) demonstrated progress.
What GAO Recommends
This report describes GAO’s views on progress made and what remains to be done to bring about lasting solutions for each high-risk area. Addressing GAO’s hundreds of open recommendations across the high-risk areas and continued congressional oversight and action are essential to achieving greater progress.
Introduction
Bookmark:
Since the early 1990s, our high-risk program has focused attention on government operations with greater vulnerabilities to fraud, waste, abuse, and mismanagement, or that are in need of transformation to address economy, efficiency, or effectiveness challenges. This effort, supported by the Senate Committee on Homeland Security and Governmental Affairs and by the House of Representatives Committee on Oversight and Reform, has brought much needed attention to problems impeding effective government and costing billions of dollars each year.
We have made hundreds of recommendations to reduce the government’s high-risk challenges. Executive agencies either have addressed or are addressing many of them and, as a result, progress is being made in a number of areas.
Congress also continues to take important actions. For example, Congress has enacted a number of laws in recent years that are helping to make progress on high-risk issues. Financial benefits to the federal government due to progress in addressing high-risk areas over the past 15 years (fiscal year 2006 through fiscal year 2020) totaled nearly $575 billion or an average of about $38 billion per year. Since our last update in 2019, we recorded approximately $225 billion in financial benefits. [1]
Nonetheless, substantial efforts are needed on high-risk areas to achieve greater progress and to address regression in some areas since the last high-risk update in 2019. Tens of billions of dollars in additional benefits and substantial improvements to the health, well-being, and security of the nation would be achieved by fully addressing high-risk issues. Sustained congressional attention and executive branch leadership remain key to success.
The nation faces unprecedented challenges that require the federal government to perform better, be more responsive to the American people, and achieve greater results. Major issues facing the nation include the Coronavirus Disease 2019 (COVID-19) pandemic, economic downturns and the federal response, race in America, and the federal government’s ability to meet these and other strategic challenges and perform better. [2] Concerted action on High-Risk List areas is vital to build the capacity of the federal government and make progress on the current and emerging challenges facing the nation.
We are issuing this year’s High-Risk Report while the federal government and the country continue to respond to and recover from the COVID-19 pandemic. In addition to catastrophic loss of life, the pandemic has caused substantial damage to the economy, with many people temporarily or permanently unemployed. Moreover, the surge in cases this winter has overwhelmed the health care system in multiple areas across the country.
The CARES Act includes a provision for us to conduct monitoring and oversight of the federal government’s efforts to prepare for, respond to, and recover from the COVID-19 pandemic. [3] As of January 2021, we had issued six reports in response to this provision, made 44 recommendations to federal agencies, and raised four matters for congressional consideration to improve the federal government’s response efforts. [4] Agencies agreed with some of these recommendations and disagreed with others. We maintain that all our recommendations are warranted. We also have other work under way that addresses the government’s response and recovery activities. [5]
We urge Congress and the administration to take swift action in implementing these recommendations and matters. We will continue to provide ongoing oversight of the federal government’s pandemic response and recovery efforts. This report discusses the Department of Health and Human Services’ (HHS) leadership and coordination of public health emergencies as an emerging issue meriting close attention.
COVID-19 has particularly affected several areas on the High-Risk List, including the Decennial Census, Protecting Public Health through Enhanced Oversight of Medical Products, Improving and Modernizing Federal Disability Programs, Enforcement of Tax Laws, and others. The effects of COVID-19 on individual high-risk areas are discussed further in appendix II, where we discuss the status of each high-risk area.
This report describes (1) progress made addressing high-risk areas and the reasons for that progress, and (2) actions that are still needed. It also identifies two new high-risk areas—National Efforts to Prevent, Respond to, and Recover from Drug Misuse and Emergency Loans for Small Businesses—and one high-risk area we removed from the list because it demonstrated sufficient progress in managing risk—Department of Defense (DOD) Support Infrastructure Management.
This report is based primarily on reports we had issued as of mid-January 2021.
Executive Summary
IN THIS SECTION
How We Identify and Rate High-Risk Areas
To determine which federal government programs and functions should be designated high risk, we use our guidance document, Determining Performance and Accountability Challenges and High Risks. [6]
We consider qualitative factors, such as whether the risk
- involves public health or safety, service delivery, national security, national defense, economic growth, or privacy or citizens’ rights, or
- could result in significantly impaired service; program failure; injury or loss of life; or significantly reduced economy, efficiency, or effectiveness.
We also consider the exposure to loss in monetary or other quantitative terms. At a minimum, $1 billion must be at risk, in areas such as the value of major assets being impaired; revenue sources not being realized; major agency assets being lost, stolen, damaged, wasted, or underutilized; potential for, or evidence of, improper payments; and presence of contingencies or potential liabilities.
Before making a high-risk designation, we also consider corrective measures planned or under way to resolve a material control weakness and the status and effectiveness of these actions.
Our experience has shown that the key elements needed to make progress in high-risk areas are top-level attention by the administration and agency leaders grounded in the five criteria for removal from the High-Risk List, as well as any needed congressional action. The five criteria for removal are as follows:
- Leadership commitment. Demonstrated strong commitment and top leadership support.
- Capacity. Agency has the capacity (i.e., people and resources) to resolve the risk(s).
- Action plan. A corrective action plan exists that defines the root cause and solutions and provides for substantially completing corrective measures, including steps necessary to implement solutions we recommended.
- Monitoring. A program has been instituted to monitor and independently validate the effectiveness and sustainability of corrective measures.
- Demonstrated progress. Ability to demonstrate progress in implementing corrective measures and in resolving the high-risk area.
We add clarity and specificity to our assessments by rating each high-risk area’s progress on the five criteria and use the following definitions:
- Met. Actions have been taken that meet the criterion. There are no significant actions that need to be taken to further address this criterion.
- Partially met. Some, but not all, actions necessary to meet the criterion have been taken.
- Not met. Few, if any, actions toward meeting the criterion have been taken.
Figure 1 shows a visual representation of varying degrees of progress in each of the five criteria for a high-risk area. Each point of the star represents one of the five criteria for removal from the High-Risk List and each ring represents one of the three designations: not met, partially met, or met.
An unshaded point at the innermost ring means that the criterion has not been met, a partially shaded point at the middle ring means that the criterion has been partially met, and a fully shaded point at the outermost ring means that the criterion has been met. Further, a plus symbol inside the star indicates the rating for that criterion progressed since our last high-risk update. Likewise, a minus symbol inside the star indicates the rating for that criterion declined since our last update.
Some high-risk areas are made up of segments or subareas that make up the overall high-risk area. For example, the high-risk area Protecting Public Health through Enhanced Oversight of Medical Products includes two segments—Response to Globalization and Drug Availability—to reflect two interrelated parts of the overall high-risk area.
Multidimensional high-risk areas such as these have separate ratings for each segment as well as a summary rating of the overall high-risk area that reflects a composite of the ratings received under the segment for each of the five high-risk criteria. High-risk areas that are primarily based on the need for congressional action are not rated on the criteria and do not receive a star graphic.
Changes to the 2021 High-Risk List
DOD Support Infrastructure Management is being removed from the list due to the progress that was made in addressing the issue. As we have with areas previously removed from the High-Risk List, we will continue to monitor this area to ensure that the improvements we have noted are sustained. If significant problems again arise, we will consider reapplying the high-risk designation.
As discussed below, we added two areas to the High-Risk List since our 2019 update: National Efforts to Prevent, Respond to, and Recover from Drug Misuse; and Emergency Loans for Small Businesses.
In addition to specific areas that we have designated as high risk, other important challenges facing our nation merit continuing close attention. One of these is HHS’s leadership and coordination of public health emergencies. Another challenge is the management of the federal prison system, including programs that help inmates prepare for a successful return to the community.
DOD Support Infrastructure Management Removed from the High-Risk List
We are removing the DOD Support Infrastructure Management high-risk area as DOD has addressed the remaining actions and outcomes from our 2019 High-Risk Report. For example, under an Office of Management and Budget (OMB) program to restrict the growth of excess or underutilized federal properties, DOD contributed to reductions of 68 percent of total government-wide office and warehouse space and 75 percent of other government-wide properties.
DOD also reduced base support costs by implementing our October 2018 recommendations to monitor and evaluate use of intergovernmental support agreements between military installations and local governments. In addition, DOD more efficiently utilized installation space through its reduction of leases, reportedly saving millions of dollars. For example, the Army reduced its leased footprint in the National Capital Region from a peak of 3.9 million square feet in 2011 to roughly 1 million square feet as of September 2019.
DOD is also well positioned for the future to continue improving its support infrastructure management as it formally committed in October 2019 to implement our remaining recommendations related to future Base Realignment and Closure rounds. These recommendations included fully identifying the cost requirements for military construction, information technology (IT), and relocating personnel and equipment.
DOD continues to correct identified real property data discrepancies by issuing new requirements and processes. For example, the Air Force has established a data quality program with a goal of 100 percent accuracy by September 2023, which will help make further improvements to accuracy and completeness of its data moving forward.
While we are removing DOD Support Infrastructure from the High-Risk List, it does not mean DOD has addressed all risk within this area. It remains important that senior leaders continue their efforts to align infrastructure with the needs of the forces. Therefore, we will continue to examine DOD’s efforts, including improving the completeness and accuracy of its real property data as part of our high-risk areas on Managing Federal Real Property and DOD Financial Management.
See appendix II for additional detail on this high-risk area.
National Efforts to Prevent, Respond to, and Recover from Drug Misuse Added to the High-Risk List
Drug misuse—the use of illicit drugs and the misuse of prescription drugs—has been a persistent and long-standing public health issue in the United States. Ongoing efforts seek to address drug misuse through education and prevention, substance use disorder treatment, law enforcement and drug interdiction, and programs that serve populations affected by drug misuse. These efforts involve federal, state, local, and tribal governments as well as community groups and the private sector.
Drug misuse represents a serious risk to public health. It has resulted in significant loss of life and harm to society and the economy. In recent years, the federal government has spent billions of dollars and has enlisted more than a dozen agencies to address drug misuse and its effects.
We determined in March 2020 that this issue is high risk. At that time, in consideration of the challenges from the onset of the COVID-19 pandemic, we reported we would be making the high-risk designation effective in 2021. We also noted that the public health and economic effects from the COVID-19 pandemic could fuel contributing factors of drug misuse, such as unemployment.
In December 2020, the Centers for Disease Control and Prevention (CDC) reported, based on its analysis of National Center for Health Statistics provisional data, that the largest recorded increase of drug overdose deaths occurred during the 12-month period ending in May 2020. In particular, CDC reported a concerning acceleration of the increase in drug overdose deaths from March 2020 to May 2020, coinciding with the implementation of widespread mitigation measures for the COVID-19 pandemic.
Even before the COVID-19 pandemic, rates of drug misuse had increased from 2002 through 2019, and the rates of drug overdose deaths had also generally increased nationally from the early 2000s through 2019. Although the rate of drug overdose deaths in 2018 decreased compared to 2017, this improvement was reversed in 2019, as shown in figure 2.
Figure 2: Rate of Drug Overdose Deaths in the United States, 2002–2019
The Office of National Drug Control Policy (ONDCP) is responsible for overseeing and coordinating the implementation of U.S. drug control policy, including developing the National Drug Control Strategy (Strategy). ONDCP produced the Strategy in 2019 and 2020, but neither iteration contained all the elements required by law. For example, the 2020 Strategy did not include the required 5-year projection for the National Drug Control Program and budget priorities. It also did not include estimates of federal funding or other resources needed to achieve each of the Strategy’s long-range quantifiable goals.
Furthermore, in November 2020, we found that the 2020 National Drug Control Assessment, a companion document to the Strategy, did not include complete information on performance measures for a number of programs related to the Strategy’s prevention goals. Across our body of work, we have made recommendations to ONDCP and other National Drug Control Program agencies to help ensure that future iterations of the Strategy include all statutorily required elements and to ensure effective, sustained implementation of the Strategy. Agencies have generally agreed with our recommendations.
Our past work also found that the federal government has faced barriers to increasing treatment capacity and that treatment availability for substance use disorders has not kept pace with needs. For example, we reported in December 2020 that, according to stakeholders, barriers to expanding substance use disorder treatment include shortages in the treatment workforce, insurance reimbursement and payment models, federal and state requirements, and stigma.
According to Substance Abuse and Mental Health Services Administration data as of May 2020, nearly one-third of counties (31 percent) had no facilities offering any level of substance use disorder treatment. Additionally, overdose death rates vary in counties across the nation—for example, in 2017, 1,354 counties (43.2 percent of counties) had estimates of more than 20 drug overdose deaths per 100,000 people, including 448 counties with rates that were significantly higher than this amount.
We have also reported on agency efforts to ensure legitimate access to pain medication amid initiatives to reduce drug misuse. For example, we have reported on the role of provider education in improving access to prescription pain relievers for patients with a legitimate need for pain relief.
Addressing the drug misuse crisis also requires the capacity to address the effects of drug misuse on individuals and society. For example, as we reported in May 2020, providing clearer direction on the role of states and use of grant funding to address the employment and training needs of those affected by substance use disorders could help ensure the economic well-being of communities affected by drug misuse.
Furthermore, our past work has identified gaps in the availability and reliability of data for measuring the federal government’s progress to address drug misuse. For example, while ONDCP has made some efforts to support and improve existing data sources, ONDCP has not taken action to lead a review of these data to identify ways to improve the timeliness, accuracy, and accessibility of fatal and nonfatal overdose data.
Maintaining sustained attention to preventing, responding to, and recovering from drug misuse will be challenging in the coming months as many of the federal agencies responsible for addressing drug misuse are currently focused on addressing the COVID-19 pandemic. This makes developing and implementing a coordinated, strategic approach even more important as agencies’ resources are also being diverted, in part, to pandemic priorities.
See appendix II for additional detail on this high-risk area, including more details on actions that need to be taken.
Emergency Loans for Small Businesses Added to the High-Risk List
In an effort to quickly help small businesses adversely affected by COVID-19, Congress created the Paycheck Protection Program (PPP) and expanded eligibility for Economic Injury Disaster Loans (EIDL). PPP loans are low interest and fully forgivable if, among other things, a certain percentage was spent for payroll costs.
EIDLs are low-interest loans of up to $2 million for operating and other expenses. In addition, in March 2020, Congress created a new component of the EIDL program—advances of up to $10,000 that do not need to be repaid.
Between March and December 2020, the Small Business Administration (SBA), which administers both programs, made or guaranteed more than 14.7 million loans and grants totaling about $744 billion. This far exceeded its regular levels of lending. In December 2020, Congress appropriated an additional $284 billion for PPP and $20 billion for a targeted EIDL advance program for certain small businesses in low-income communities.
While millions of small businesses have benefited from these programs, the speed with which they were implemented left SBA with limited safeguards to identify and respond to program risks, including susceptibility to improper payments and potential fraud. Since June 2020, we have reported on the potential for fraud in both PPP and EIDL. As a result, we have determined that these programs are high risk because of their potential for fraud, significant program integrity risks, and need for much greater program management and oversight.
We reported in June 2020 that to streamline both programs, the CARES Act and SBA relaxed some approval requirements. For example, SBA’s initial interim final rule allows lenders to rely on borrower certifications to determine the borrower’s eligibility for PPP. We noted that reliance on self-certifications can leave a program vulnerable to exploitation by those who wish to circumvent eligibility requirements or pursue criminal activities. Therefore, we recommended that SBA develop and implement plans to identify and respond to risks in PPP to ensure program integrity, achieve program effectiveness, and address potential fraud.
SBA neither agreed nor disagreed with our recommendation at that time. However, in early December 2020, SBA officials said the agency had completed oversight plans and provided a document that SBA characterized as an overview of these plans. SBA provided a more detailed document in late December 2020, but that document did not contain detailed policies and procedures for some loan reviews or loan forgiveness reviews. According to SBA officials, these were in the process of being updated.
Consistent with our recommendation, the Consolidated Appropriations Act, 2021, requires SBA to submit to the Senate and House Small Business Committees an audit plan that details the policies and procedures for conducting forgiveness reviews and audits of PPP loans within 45 days of enactment and to provide monthly updates thereafter. [7]
In January 2021, we reported that SBA data on businesses’ self-reported industries showed that the agency approved EIDL loans and advances for potentially ineligible businesses. For example, as of September 30, 2020, SBA had approved at least 3,000 loans totaling about $156 million to potentially ineligible businesses in industries, such as real estate development and multilevel marketing, that SBA policies state were ineligible for the EIDL program. Therefore, we recommended that SBA develop and implement portfolio-level data analytics across EIDL loans and advances made in response to COVID-19 as a means to detect potentially ineligible and fraudulent applications.
SBA neither agreed nor disagreed with our recommendation. SBA stated that a business being in one of the categories we deemed ineligible does not automatically mean the business was ineligible. However, we did not state that the businesses were automatically ineligible. The type of analysis we conducted is intended to flag potential cases of ineligible borrowers for additional oversight. SBA did not indicate in its response any plans to conduct such an analysis. We maintain that portfolio-level data analytics could improve SBA’s management of fraud risk.
In December 2020, Congress appropriated an additional $20 billion for targeted EIDL advances. [8] The advances are restricted to certain eligible companies that are located in low-income communities, have suffered an economic loss of more than 30 percent, and have no more than 300 employees. Congress also required SBA to perform eligibility verification for advances and permitted SBA to require additional information, such as tax returns, from applicants for loans and advances as part of its verification.
As we reported in November 2020, it is especially important for agencies with large appropriated amounts, like SBA, to quickly estimate their improper payments, identify root causes, and develop corrective actions when there are concerns about the possibility of widespread improper payments, such as from fraudulent activity. Because SBA had not done so for PPP, we recommended that SBA expeditiously estimate improper payments and report estimates and error rates for PPP.
SBA neither agreed nor disagreed with our recommendation at that time. In response to our recommendation, SBA stated that it was planning to conduct improper payment testing for PPP. However, the agency has not provided documentation of its plans for testing, including estimates of improper payments and error rates for PPP.
In December 2020, SBA’s independent financial statement auditor issued a disclaimer of opinion on SBA’s consolidated financial statements as of and for the year ended September 30, 2020, meaning the auditor was unable to express an opinion due to insufficient evidence. As the basis for the disclaimer, the auditor stated that SBA was unable to provide adequate documentation to support a significant number of transactions and account balances related to PPP and EIDL due to inadequate processes and controls.
Finally, as we have reported since June 2020, SBA’s failures to provide data and documentation on a timely basis for PPP and EIDL have impeded our efforts to evaluate the programs. As of January 2021, we continued to experience delays in obtaining key information from SBA, including detailed oversight plans and documentation for estimating improper payments. The Consolidated Appropriations Act, 2021, requires SBA to respond to requests from GAO within 15 days (or such later date as the Comptroller General may provide) or report to Congress on the reasons for the delay. [9]
See appendix II for additional detail on this high-risk area, including more details on actions that need to be taken.
Emerging Issues Requiring Close Attention
In addition to specific areas that we have designated as high risk, we have ongoing and planned work on two other major issues—HHS’s leadership and coordination of public health emergencies and the management of the federal prison system—that may lead us to designate the issues as high risk when that work is completed.
HHS’s Leadership and Coordination of Public Health Emergencies
HHS is the federal agency charged with leading and coordinating the preparedness for, response to, and recovery from public health and medical emergencies, whether naturally occurring or intentional.
The current pandemic has underscored concerns that we have previously raised with HHS’s leadership and coordination of public health emergencies. Through our previous work on public health emergencies and the current pandemic, we have made a number of recommendations to HHS, many of which are reflected in these four principles of an effective response.
Establish clear goals and define roles and responsibilities among those responding to a crisis. The unprecedented scale of the COVID-19 pandemic, and the whole-of-government response required to address it, highlight the critical importance of clearly defining the roles and responsibilities for the wide range of federal departments and other key players involved when preparing for pandemics and addressing unforeseen emergencies.
In September 2020, we reported that many medical supply management responsibilities that have been shared between multiple agencies are now transitioning to HHS. We found that transition planning efforts are under way, but have not yet culminated in a written plan.
We recommended that HHS immediately document roles and responsibilities for supply chain management functions transitioning to HHS, including continued support from other federal partners. HHS disagreed with this recommendation. We maintain that our recommendation is warranted.
Further, in January 2021, we found that HHS had yet to develop a process for engaging with key stakeholders on a supply strategy. These stakeholders, including state and territorial governments and the private sector, have a shared role for providing supplies during a pandemic. We recommended that HHS develop such a process. HHS generally concurred with our recommendation while noting that it regularly engages with Congress and nonfederal stakeholders. We believe that capitalizing on existing relationships to further engage these critical stakeholders as HHS refines and implements a supply chain strategy will improve a whole-of-government response to, and preparedness for, pandemics.
Establish mechanisms for accountability and transparency. In emergency situations, such as the COVID-19 pandemic, transparency and accountability mechanisms are especially critical when agencies need to move quickly to get funding and information out the door. However, in November 2020, we reported that HHS decisions were not always transparent.
For example, we found that COVID-19 testing guidelines had changed several times over the course of the pandemic with little scientific explanation of the rationale behind the changes, raising the risk of confusing the public and eroding their trust. We made a related recommendation to improve transparency; HHS agreed with this recommendation.
Provide clear communication. In the midst of a nationwide emergency, clear and consistent communication—among all levels of government, with health care providers, and to the public—is key. However, we found this has not always been the case. For example, in January 2021, we reported that HHS had not issued a publicly available and comprehensive national COVID-19 testing strategy, creating the risk of key stakeholders and the public lacking crucial information to support an informed and coordinated testing response.
We recommended that such a strategy be developed and made public to allow for a more coordinated pandemic testing approach. HHS partially concurred with our recommendation and agreed that it should take steps to more directly incorporate some of the elements of an effective national strategy.
Additionally, in September 2020, we reported on the importance of timely, clear, and consistent communication to states to effectively plan for the distribution and administration of a COVID-19 vaccine. We recommended that HHS establish a time frame for documenting and sharing a national plan for distributing and administering COVID-19 vaccines. HHS neither agreed nor disagreed with this recommendation.
Under the Consolidated Appropriations Act, 2021, the Director of the Centers for Disease Control and Prevention is required to provide an updated and comprehensive COVID-19 vaccine distribution strategy and a spend plan to certain congressional committees within 30 days of enactment (by January 26, 2021). The strategy and plan must include, among other things, guidance for how states, localities, territories, tribes, health care providers, and others should prepare for, store, and administer vaccines. [10]
Our past work on lessons learned from the H1N1 vaccine campaign also points to the importance of effective communication about vaccine availability to successfully manage public expectations. Managing public expectations regarding the COVID-19 vaccine will be especially critical because initial supplies of vaccine have been limited. We are continuing to monitor HHS’s efforts related to COVID-19 vaccines.
Additionally, for vaccination efforts more generally, the Consolidated Appropriations Act, 2021, requires the Secretary of Health and Human Services to award competitive grants or contracts to one or more public or private entities to carry out a national, evidence-based campaign to increase awareness and knowledge of the safety and effectiveness of vaccines for the prevention and control of diseases, combat misinformation about vaccines, and disseminate scientific and evidence-based vaccine-related information, with the goal of increasing rates of vaccination across all ages, as applicable, particularly in communities with low rates of vaccination, to reduce and eliminate vaccine preventable diseases. [11]
Collect and analyze data to inform future decisions. Data collection and analysis efforts during a pandemic can inform decision-making and future preparedness—and allow for midcourse changes in response to early findings. However, in January 2021 we reported that COVID-19 data collected by HHS from states and other entities—which are critical to inform a robust, national response—are often incomplete and inconsistent, including data on the type and volume of testing.
To improve response to the current and future pandemics, we recommended that HHS use an expert committee to systematically review and inform the alignment of ongoing data collection and reporting standards for key health indicators. HHS partially concurred with this recommendation and agreed that it should establish a dedicated working group or other mechanism with a focus on addressing COVID-19 data collection shortcomings.
We have ongoing and planned work to continue to assess HHS’s leadership and coordination of the COVID-19 response, as well as its leadership and coordination of biodefense preparedness efforts, state and local preparedness efforts, and the medical product supply chain and Strategic National Stockpile, among other work. We will determine whether this issue should be added to the High-Risk List once we have completed this ongoing and planned work.
Strengthening Management of the Federal Prison System
With a fiscal year 2020 appropriation approaching $8 billion [12] and more than 37,000 staff, the Department of Justice’s (DOJ) Bureau of Prisons (BOP) is responsible for the care, custody, and rehabilitation of about 154,000 federal inmates—nearly half of whom are incarcerated for federal drug offenses.
Since 2010, we have published 19 prison-related reports and made 39 recommendations to BOP. We made 19 of the 39 recommendations in the last 5 years, and 16 of these recommendations have not yet been addressed. Our work has shown that BOP’s deficiencies can generally be categorized into three themes: (1) inadequate management of staff and resources, (2) inadequate planning for new programs or initiatives that help inmates prepare for a successful return to the community, including drug treatment programs; and (3) insufficient monitoring and evaluation of these inmate programs, which has led to imprudent spending.
Furthermore, BOP has experienced significant leadership instability, with the turnover of five different acting or permanent directors from 2016 through 2020. We also have found that many of BOP’s program evaluations are almost 20 years old and that outdated or limited program evaluation has hampered BOP’s ability to gauge the benefits of its efforts.
Congressional concerns have been raised about BOP’s management and performance. In 2014, the Consolidated Appropriations Act, 2014, appropriated funds for a task force to improve federal corrections, and, in December 2018, the First Step Act of 2018 was enacted. [13] The act directs BOP to address many of the same areas that the task force recommended in 2016, including developing an assessment system to gauge inmates’ risk of future criminal behavior and identify their program needs to reduce the likelihood of their return to prison following release. [14] Further, in July 2020, the U.S. House of Representatives formed the bipartisan Bureau of Prisons Reform Caucus, which aims to improve the communication, transparency, and efficiency of the BOP.
Among our ongoing and planned studies reviewing BOP’s management and operations, our work to assess BOP’s implementation of the First Step Act of 2018 will be critical to determining BOPs progress in enhancing inmate programs and reducing recidivism. As the primary agency responsible for the safety, care, and rehabilitation of individuals sentenced for committing federal crimes, BOP must demonstrate leadership commitment, capacity, and action planning.
Such actions will ensure efficient management of its staff and resources and enhance planning and evaluation of key programs that help inmates prepare for a successful return to the community. We will determine whether strengthening management of the federal prison system should be added to the High-Risk List based on BOP’s implementation of the First Step Act of 2018 and once our relevant assessments are complete.
High-Risk Areas Have Made Limited Progress Overall
Agencies demonstrate progress by addressing our five criteria for removal from the list: leadership commitment, capacity, action plan, monitoring, and demonstrated progress. [15] As shown in table 1, only 14 of the high-risk areas, or fewer than half, have met one or more of the five criteria for removal from the High-Risk List.
Compared with our last assessment, seven high-risk areas showed progress in one or more of the five criteria. Five areas declined since 2019. These changes are indicated by the up and down arrows in table 1.
Legend:
⬆: area progressed on one or more criteria since 2019
⬇: area declined on one or more criteria since 2019
●: no change in rating since 2019
n/a: not applicable
⬆: area progressed on one or more criteria since 2019
⬇: area declined on one or more criteria since 2019
●: no change in rating since 2019
n/a: not applicable
Source: GAO. | GAO-21-119SP
aRatings for a segment within this high-risk area improved sufficiently that the segment was removed.
bMedicare Program & Improper Payments was only rated on Improper Payments; we did not rate other elements of the Medicare program because the area is subject to frequent legislative updates and the program is in a state of transition.
cOne area is receiving ratings for the first time because it was newly added in 2019.
dTwo high-risk areas are not rated because addressing them primarily involves congressional action.
eTwo high-risk areas are not rated because they are newly added in 2021.
Figure 3 shows changes since our 2019 update in ratings on the five criteria for removal from the High-Risk List. For example, on leadership commitment, one area improved, while three regressed.
Leadership Attention Needed to Meet High-Risk Criteria
Table 2 shows that only 12 of 33 high-risk areas we rated have met the leadership commitment criterion. Three high-risk area ratings regressed on leadership commitment from met to partially met since our last report. [16]
Leadership commitment is the critical element for initiating and sustaining progress, and leaders provide needed support and accountability for managing risks. Leadership commitment is the foundation for progress on the other four high-risk criteria. For example, leadership commitment to develop action plans that address the root causes of problems leads to progress on high-risk areas because action plans establish the basis for effective monitoring which leads to demonstrated progress.
Table 2 shows that only two high-risk areas met the criterion for capacity, five met the criterion for action plan, four met the criterion for monitoring, and one met the criterion for demonstrated progress
Source: GAO. | GAO-21-119SP
Note: Two high-risk areas—Funding the Nation’s Surface Transportation System and Pension Benefit Guaranty Corporation Insurance Programs—did not receive ratings against the five high-risk criteria because progress would primarily involve congressional action. Emergency Loans for Small Businesses and National Efforts to Prevent, Respond to, and Recover from Drug Misuse were not yet rated due to their new inclusion on the High-Risk List in 2021.
aMedicare Program & Improper Payments was only rated on Improper Payments, and we did not rate other elements of the Medicare program.
Progress in High-Risk Areas
As noted, seven areas showed improvement in one or more criterion. One area showed sufficient progress to be removed from the High-Risk List. The other six high-risk areas remain on the 2021 list and are described below. In addition, as described below, three high-risk areas, Managing Federal Real Property, DOD Contract Management, and the Management of Federal Oil and Gas Resources, showed sufficient progress within individual segments to remove those segments from the high-risk area. Appendix II provides additional detail on each of these areas.
- National Aeronautics and Space Administration (NASA) Acquisition Management. The NASA Acquisition Management high-risk area ratings improved from partially met in 2019 to met in 2021 for the leadership commitment and monitoring criteria. Since 2019, NASA has demonstrated leadership commitment by taking steps to improve transparency and monitoring of major project cost and schedules. NASA also has instituted a process for monitoring progress and validating the effectiveness of its corrective action plan. NASA revised metrics such as reporting current cost and schedule performance against original baselines.
- Managing Federal Real Property. The scope of the Managing Federal Real Property high-risk area is narrowing due to improvements since 2019. The Costly Leasing segment has met all five criteria and it therefore has been resolved as a high-risk issue. The General Services Administration (GSA) has taken steps to reduce its reliance on costly leases, improved monitoring efforts, and demonstrated quantifiable improvements in leasing amounts and costs. Further, all remaining segments have now fully met the criterion for action plan as GSA and the Federal Protective Service have finalized action plans in 2019 and 2020 designed to improve the security of federal facilities. More progress is needed among a range of federal agencies and their law enforcement partners to defend against ever changing threats.
- DOD Financial Management. The rating for the demonstrated progress criterion within the DOD Financial Management high-risk area improved from not met in 2019 to partially met in 2021. Specifically, DOD completed its third entity-wide financial statement audit and implemented corrective actions that enabled auditors to close 623 (26 percent) of the audit findings issued in fiscal year 2018. DOD also developed performance metrics to assess its progress on audit remediation priority areas.
- Government-wide Personnel Security Process. The Government-wide Personnel Security Process high-risk area improved from a not met rating in 2019 to a partially met rating in 2021 for the action plan criterion. This is because the Office of the Director of National Intelligence (ODNI), the Office of Personnel Management (OPM), and DOD adopted some action plans to reduce the backlog of investigations and to transfer the legacy IT systems that support the background investigation process from OPM to DOD.
- Managing Risks and Improving Department of Veterans Affairs (VA) Health Care. The Managing Risks and Improving VA Health Care high-risk area improved from a not met rating in 2019 to a partially met rating in 2021 for the capacity criterion due, in part, to the initiatives VA has maintained and the resources it has allocated to strategic planning and other efforts. While VA’s efforts resulted in an improved capacity rating, it lacks a thoroughly developed action plan with the top leadership support needed to make progress against its high-risk designation.
- DOE’s Contract and Project Management for the National Nuclear Security Administration (NNSA) and Office of Environmental Management (EM). Since 2019, the Department of Energy’s (DOE) Contract and Project Management for the NNSA and EM high-risk area progressed from a not met to a partially met rating for the capacity criterion. Both NNSA and EM have taken actions to improve their capacities for managing their contracts and projects, such as (1) NNSA requesting and receiving an increase in its number of federal positions to address critical unmet staffing needs; and (2) EM launching its Acquisition Corps initiative in July 2020 to hire and train additional staff to evaluate bids for EM contract awards.
- DOD Contract Management. The DOD Contract Management high-risk area is narrowing due to improvements since 2019, resulting in the removal of the Acquisition Workforce segment for which it has met all five criteria. We have removed the segment because DOD has significantly rebuilt its acquisition workforce as measured by the number of personnel in acquisition career fields, their experience level, education level, and training certification. The two remaining segments, Service Acquisitions and Operational Contract Support, continue to meet the criterion for leadership commitment but work remains. For example, for Service Acquisitions, DOD needs to issue and implement enhanced budget planning guidance. For Operational Contract Support, DOD needs to address identified capability shortfalls.
- Management of Federal Oil and Gas Resources. The Management of Federal Oil and Gas Resources high-risk area is narrowing in scope to remove one segment where progress has been made to resolve long-standing deficiencies—Restructuring of Offshore Oil and Gas Oversight. The Department of the Interior’s Bureau of Safety and Environmental Enforcement (BSEE) made progress to address problems in the bureau’s investigative, environmental compliance, and enforcement capabilities, and implemented strategic initiatives to improve offshore oversight and internal management. Specifically, BSEE led a change management initiative, encompassing more than 180 actions, to reform offshore oil and gas oversight. For each action, BSEE identified specific steps, completion target dates, and parties responsible. Further, BSEE held regular status updates and developed a performance management dashboard to better enable the bureau to assess and address the efficacy of its reforms.The removal of the Restructuring of Offshore Oil and Gas Oversight segment represents important progress. However, the remaining segments of the high-risk area—Revenue Determination and Collection and Human Capital—regressed since 2019 on one or more criterion.
Congressional Action Aided Progress on High-Risk Issues
Congress enacted several laws in recent years to help make progress on high-risk issues. Table 3 lists selected examples of congressional actions taken on high-risk areas.
Source: GAO. | GAO-21-119SP
aPub. L. No. 115-55, §§ 2, 3, 131 Stat. 1105, 1105–1119 (2017).
bPub. L. No. 115-55, § 3(c), 131 Stat. at 1118–1119.
cPub. L. No. 116-25, §§ 1101, 2301, 133 Stat. 981, 985–986, 1012–1013 (2019), classified at 26 U.S.C. §§ 7804 note, 6011(e).
dPub. L. No. 115-91, §§ 1076–1078, 131 Stat. 1283, 1586–1594 (2017).
ePub. L. No. 115-91, § 925(k)(1)(F), 131 Stat. at 1530 (2017). The annual reporting requirement sunsets after December 31, 2021.
fFAA Reauthorization Act of 2018, Pub. L. No. 115-254, div. D, Disaster Recovery Reform Act of 2018, §§ 1206(a)(3), 1234(a)(5), 132 Stat. 3186, 3440, 3462 (2018), classified at 42 U.S.C. §§ 5170a(5), 5133(i).
gJohn S. McCain National Defense Authorization Act for Fiscal Year 2019, Pub. L. No. 115-232, § 1049, 132 Stat. at 1961–1962.
hPub. L. No. 115-232, div. A, title XVII, subtitle A, §§ 1717(a), 1721(b), 132 Stat. at 2192–2193, 2202.
iPub. L. No. 115-232, § 921(a), 132 Stat. 1636, 1926–1927 (2018), codified at 10 U.S.C. § 132a(c)(1)(C).
Executive Branch Action on High-Risk Areas Produced Financial Benefits
Actions that agency leaders took to implement our recommendations in some high-risk areas resulted in significant financial benefits. Table 4 shows some examples of these benefits.
Source: GAO. | GAO-21-119SP
aPub. L. No. 116-25, § 2301, 133 Stat. 981, 1012–1013 (2019), classified at 26 U.S.C. § 6011(e).
High-Risk Areas Needing Significant Attention
In the 2 years since our last High-Risk Report, five areas—the U. S. Postal Service’s (USPS) Financial Viability, Decennial Census, Ensuring the Cybersecurity of the Nation, Strategic Human Capital Management, and Transforming the Environmental Protection Agency’s (EPA) Process for Assessing and Controlling Toxic Chemicals—have regressed in their ratings against our criteria for removal from the High-Risk List.
Five High-Risk Areas That Regressed
USPS Financial Viability
The USPS Financial Viability high-risk area declined from a partially met rating in 2019 to a not met rating in 2021 for the criterion of capacity. This regression is due to USPS’s business model not being financially sustainable. USPS expenses exceeded revenues by $18 billion in fiscal years 2019 and 2020 as its labor compensation costs continued to increase while the volume of its most profitable mail products continued to decline.
Decennial Census
The Census high-risk area declined from a met rating in 2019 to a partially met rating in 2021 for the leadership commitment criterion. This regression is because the Department of Commerce requested that the U.S. Census Bureau (Bureau) shorten data collection time frames and response processing of census data in an effort to meet the apportionment deadline of December 31, 2020, even though COVID-19 had forced the Bureau to pause field data collection operations for approximately 3 months. Compressing the time frame to collect data and process responses has increased the risk of compromised data quality.
Ensuring the Cybersecurity of the Nation
The Ensuring the Cybersecurity of the Nation high-risk area declined from a met rating in 2019 to a partially met rating in 2021 for the criterion of leadership commitment. This regression is due to missing (1) important characteristics of a national strategy in the White House’s September 2018 National Cyber Strategy and the National Security Council’s accompanying June 2019 Implementation Plan and (2) an officially appointed central leader for coordinating the execution of the White House’s approach to managing the nation’s cybersecurity. Such a position was established by statute in January 2021. [17] As of mid-January 2021, the position had not yet been filled.
Strategic Human Capital Management
The Strategic Human Capital Management high-risk area declined from a met rating in 2019 to a partially met rating in 2021 for the leadership commitment criterion. This regression is due to the absence of Senate-confirmed leadership at OPM for 18 of the last 24 months, as of January 2021. As a result, the federal government has lacked the attention from the highest levels needed to address long-standing and emerging skills gaps.
Mission-critical skills gaps both within federal agencies and across the federal workforce impede the government from effectively serving the public and achieving results. Skills gaps caused by insufficient number of staff, inadequate workforce planning, and a lack of training in critical skills are contributing to our designating 22 of the 35 other areas as high risk.
Transforming EPA’s Process for Assessing and Controlling Toxic Chemicals
The Transforming EPA’s Process for Assessing and Controlling Toxic Chemicals high-risk area declined in the monitoring criterion from a partially met rating in 2019 to a not met rating in 2021; three criteria in each of the two segments declined to a not met rating in 2021. The Integrated Risk Information System (IRIS) Program did not issue a completed chemical assessment between August 2018 and December 2020, and EPA (1) did not indicate how it was monitoring its assessment nomination process to ensure it was generating quality information about chemical assessment needs; and (2) lacked implementation steps and resource information in its strategic plan and metrics to define progress in the IRIS Program.
Additionally, EPA’s programs supporting the Toxic Substances Control Act (TSCA) (1) did not complete workforce or workload planning to ensure the agency can meet TSCA deadlines; and (2) did not meet initial statutory deadlines for releasing its first 10 chemical risk evaluations.
Additional High-Risk Areas That Need Significant Attention
While progress is needed across all high-risk areas, we have identified four additional areas that require significant attention to address imminent, long-standing, or particularly broad issues affecting the nation or where agencies have stalled in their efforts to make progress to address outstanding issues. See appendix II for additional detail on these high-risk areas, including more details on actions that need to be taken.
Improving the Management of IT Acquisitions and Operations
The federal government currently invests more than $90 billion annually in IT, and the Improving the Management of IT Acquisitions and Operations high-risk area continues to face significant challenges. These challenges include (1) 21 of 24 major federal agencies not modifying their practices to fully address the role of their chief information officers; (2) agencies not documenting modernization plans or not including key elements identified in best practices in their plans; (3) agencies needing to take further action to reduce duplicative IT contracts; (4) GSA and OMB having fewer funds available than anticipated to award to new projects for replacing aging IT systems; and (5) agencies not implementing our remaining 400 open recommendations related to this high-risk area.
Limiting the Federal Government’s Fiscal Exposure by Better Managing Climate Change Risks
Climate change poses risks to many environmental and economic systems and creates a significant fiscal risk to the federal government. Since our 2019 High-Risk Report, the federal government has not made measurable progress to reduce its fiscal exposure to climate change; therefore, this high-risk area warrants significant attention. Specifically, the federal government needs to, among other things, (1) lead the development of a national climate strategic plan; (2) establish an entity to prioritize national-scale climate resilience projects; (3) develop a national climate information system; (4) make structural changes to the flood and crop insurance programs; and (5) establish a pilot program for community climate migration.
U.S. Government’s Environmental Liability
For fiscal year 2020, DOE’s estimated environmental liability was $512 billion. While DOE is responsible for the largest share of the environmental liability, DOD has the second largest share with $75 billion for fiscal year 2020. The U.S. Government’s Environmental Liability high-risk area warrants significant attention as it has received not met ratings for four of the five high-risk criteria—capacity, action plan, monitoring, and demonstrated progress—in both the 2019 and 2021 High-Risk Reports.
For example, although DOE’s Office of Environmental Management developed a strategic vision in 2020 for the next decade of cleanup activities, it has not developed a strategic plan that incorporates the principles of risk-informed decision-making. Further, in November 2020, the DOD Inspector General found that DOD is unable to develop accurate estimates and account for environmental liabilities in accordance with accounting practices.
Improving Federal Oversight of Food Safety
The Improving Federal Oversight of Food Safety high-risk area warrants significant attention as federal agencies have not developed a national plan or strategy for food safety that would help identify needed resources and responsible agencies. Specifically, Congress has not directed OMB to develop a government-wide performance plan for food safety to address our December 2014 matter.
In addition, the previous administration did not take action to develop such a plan or to address our January 2017 recommendation to develop a national strategy for food safety. The federal food safety agencies would benefit from a centralized collaborative mechanism on food safety, a mechanism that has not been in place for 10 years.
Closing
Bookmark:
Our high-risk program continues to be a top priority at GAO and we will maintain our emphasis on identifying high-risk issues across government and on providing recommendations and sustained attention to help address them, by working collaboratively with Congress, agency leaders, and OMB.
As part of this effort, OMB’s role is especially important because many high-risk areas are government-wide or involve multiple agencies. Also, there are resource investments associated with correcting a number of the high-risk problems. We hope OMB will resume regular meetings with the OMB Deputy Director for Management, top agency leaders, and GAO to discuss progress in addressing each of the individual high-risk areas. In recent years OMB has largely discontinued this practice. We hope that these sessions can be resumed because they have in the past led to greater progress on high-risk issues.
We are providing this update to the President and Vice President, congressional leadership, other Members of Congress, OMB, and the heads of major departments and agencies.
Gene L. Dodaro
Comptroller General
of the United States
Comptroller General
of the United States
Congressional Addressees
The Honorable Gary C. Peters
Chairman
The Honorable Rob Portman
Ranking Member
Committee on Homeland Security and Governmental Affairs
United States Senate
The Honorable Carolyn B. Maloney
Chairwoman
The Honorable James Comer
Ranking Member
Committee on Oversight and Reform
House of Representatives
Appendixes and Enclosures
IN THIS SECTION
- Appendix I: Background
- Appendix II: Overview for Each High-Risk Area
- DOD Support Infrastructure Management
- Strategic Human Capital Management
- Managing Federal Real Property
- Funding the Nation’s Surface Transportation System
- Modernizing the U.S. Financial Regulatory System
- Resolving the Federal Role in Housing Finance
- USPS Financial Viability
- Management of Federal Oil and Gas Resources
- Limiting the Federal Government’s Fiscal Exposure by Better Managing Climate Change Risks
- Improving the Management of IT Acquisitions and Operations
- Improving Federal Management of Programs that Serve Tribes and Their Members
- Decennial Census
- U.S. Government’s Environmental Liability
- Emergency Loans for Small Businesses
- DOD Weapon Systems Acquisition
- DOD Financial Management
- DOD Business Systems Modernization
- DOD Approach to Business Transformation
- Government-wide Personnel Security Clearance Process
- Ensuring the Cybersecurity of the Nation
- Strengthening Department of Homeland Security Management Functions
- Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests
- Improving Federal Oversight of Food Safety
- Protecting Public Health through Enhanced Oversight of Medical Products
- Transforming EPA’s Process for Assessing and Controlling Toxic Chemicals
- National Efforts to Prevent, Respond to, and Recover from Drug Misuse
- VA Acquisition Management
- DOE’s Contract and Project Management for the National Nuclear Security Administration and Office of Environmental Management
- NASA Acquisition Management
- DOD Contract Management
- Enforcement of Tax Laws
- Medicare Program & Improper Payments
- Strengthening Medicaid Program Integrity
- Improving and Modernizing Federal Disability Programs
- Pension Benefit Guaranty Corporation Insurance Programs
- National Flood Insurance Program
- Managing Risks and Improving VA Health Care
- Appendix III: GAO’s 2021 High-Risk List
Appendix I: Background
Bookmark:What Is the History of the High-Risk Program?
In 1990, we began a program to report on government operations that we identified as “high risk.” Since then, generally coinciding with the start of each new Congress, we have reported on the status of progress addressing high-risk areas and have updated the High-Risk List. Our last high-risk update was in March 2019. [18] That update identified 35 high-risk areas. This year, we added two high-risk areas—National Efforts to Prevent, Respond to, and Recover from Drug Misuse and Emergency Loans for Small Businesses—and removed one—DOD Support Infrastructure Management.
Overall, this program has served to identify and help resolve serious weaknesses in areas that involve substantial resources and provide critical services to the public. Since our program began, the federal government has taken high-risk problems seriously and has made long-needed progress toward correcting them. In a number of cases, progress has been sufficient for us to remove the high-risk designation. A summary of changes to our High-Risk List over the past 29 years is shown in table 5. This 2021 update identifies 36 high-risk areas.
Source: GAO. | GAO-21-119SP
How Can Agencies Use the Criteria to Make Progress on High-Risk Issues?
The five high-risk criteria form a road map for efforts to improve and ultimately address high-risk issues. Addressing some of the criteria leads to progress, while satisfying all of the criteria is central to removal from the list.
In April 2016, we reported on how agencies had made progress addressing high-risk issues. [19] We provided illustrative actions that agencies took that led to progress or removal from our High-Risk List. This information provides additional guidance to agencies whose programs are on the High-Risk List.
Figure 4 shows the five criteria and illustrative actions taken by agencies to address the criteria as cited in that report. Importantly, the actions listed are not “stand alone” efforts taken in isolation from other actions to address high-risk issues. That is, actions taken under one criterion may be important to meeting other criteria as well. For example, top leadership can demonstrate its commitment by establishing a corrective action plan including long-term priorities and goals to address the high-risk issue and using data to gauge progress—actions which are also vital to monitoring criteria.
What Is the History of Programs Removed from the High-Risk List?
A summary of areas removed from our High-Risk List over the past 31 years is shown in figure 5.
When Were Areas Added to the High-Risk List?
The areas on our 2021 High-Risk List, and the year each was designated as high risk, are shown in figure 6.
Appendix II: Overview for Each High-Risk Area
Bookmark:The following pages provide overviews of the 36 high-risk areas on our updated list, as well as one high-risk area that we are removing from the list. Each overview discusses (1) why the area is high risk, (2) the actions that have been taken and that are under way to address the problem since our last update in 2019, and (3) what remains to be done. Each of these high-risk areas is also described on our High-Risk List website, http://www.gao.gov/highrisk/overview.
DOD Support Infrastructure Management
Bookmark:We are removing this high-risk area because the Department of Defense (DOD) has made sufficient progress on the remaining seven actions and outcomes we recommended for improving this critical area. DOD leadership commitment contributed to this successful outcome.
| Why Area Was High Risk DOD manages a portfolio of real property assets that, as of November 2019, reportedly included about 573,000 facilities—including barracks, maintenance depots, commissaries, and office buildings. According to DOD estimates, the combined replacement value of this portfolio is about $1.3 trillion and includes about 26 million acres of land at more than 4,500 sites worldwide. This infrastructure is critical to maintaining military readiness. The cost to build and maintain this infrastructure represents a significant financial commitment. DOD Support Infrastructure Management has been on our High- Risk List since 1997 because of challenges DOD faced in reducing excess infrastructure, more efficiently using underutilized facilities, and reducing base support costs. DOD has used the BRAC process primarily to reduce excess infrastructure, readjust bases to accommodate changes in the size and structure of DOD’s forces, and produce cost savings. Since 1988, Congress has authorized five BRAC rounds, most recently in 2005. Based on our analysis of the 2005 BRAC round, we found that opportunities existed for DOD and Congress to improve future BRAC rounds. Contact Information For additional information about this high-risk area, contact Elizabeth Field at (202) 512-2775 or fielde1@gao.gov. |
From 2017 to 2019, we identified 16 actions and outcomes DOD needed to implement for its support infrastructure management to be removed from the High-Risk List. In our 2019 High-Risk Report, we reported that DOD had made progress addressing nine actions and met the criteria of leadership commitment and action plan.
We are removing DOD Support Infrastructure Management from the High-Risk List because DOD has met the remaining three criteria (capacity, monitoring, and demonstrated progress) by addressing the outstanding seven actions and outcomes identified in our 2019 High-Risk Report.
Leadership commitment: met. DOD senior leaders continued to demonstrate commitment to improving the department’s support infrastructure management. In our 2019 High-Risk Report, we reported that DOD had committed to actions such as (1) pursuing efforts to relocate from costly commercial leased space to nearby installations when possible, and (2) requesting Base Realignment and Closure (BRAC) rounds to address excess capacity between 2013 and 2017, which Congress did not authorize.
Additionally, in October 2019, the Assistant Secretary of Defense for Sustainment formally committed to implementing our remaining recommendations related to future BRAC rounds, which they had previously been unwilling to do. Specifically, for any future BRAC rounds authorized by Congress, DOD agreed to fully identify the cost requirements for military construction, information technology, relocating personnel and equipment, and alternatively financed projects, and to limit the practice of bundling multiple stand-alone BRAC realignments or closures into single recommendations.
DOD further agreed to improve the accuracy of its excess capacity estimates by reliably updating the baseline and using reasonable assumptions for estimating excess infrastructure capacity. DOD also agreed to develop guidance to improve its analysis and ensure consistency for future BRAC rounds.
This commitment addresses four of the seven actions from the 2019 High-Risk Report that we recommended to improve implementation of future BRAC rounds when authorized by Congress. It also shows that DOD leadership is dedicated to improving how it conducts the BRAC process—the primary method of disposing of excess infrastructure and aligning infrastructure to the needs of forces.
Capacity: met. DOD has further demonstrated its capacity to align infrastructure with DOD force structure needs and achieve efficiencies in base support services. In our previous two High-Risk Reports, we reported that DOD demonstrated capacity to align infrastructure with DOD force structure needs by disposing of excess infrastructure during past BRAC rounds. Further, we reported that DOD had consolidated some installation services at joint bases, among other efforts.
DOD continues to improve the accuracy and completeness of its real property data, thereby demonstrating increasing capacity. This addresses an additional action we recommended in the 2019 High-Risk Report. Doing so will help DOD better manage its facilities to meet force structure needs, such as by identifying excess space or utilizing space more effectively.
In previous High-Risk Reports, we noted a persistent problem with the accuracy and completeness of DOD’s real property data—in particular key data for identifying excess or underused space, like facility utilization. In November 2018, we reported that DOD and the military services have corrected some but not all identified discrepancies, such as missing entries for utilization in DOD’s Real Property Assets Database (RPAD). We recommended that DOD and the military services require monitoring of recording processes, implement corrective actions to resolve data discrepancies, and develop a strategy to address risks associated with real property data to improve incomplete and inaccurate real property data. DOD concurred with these recommendations and is implementing them.
Further, we reported in September 2020 that independent public accountants found significant control issues related to events that occur during the life cycle of real property, such as adding, disposing, valuing, and performing physical inventory counts. This finding was related to two of 25 material weaknesses found in a broader audit of DOD’s fiscal year 2019 financial statements. DOD Financial Management is a separate area on the High-Risk List reviewing DOD’s accounting and reporting of its spending and assets. These long-standing issues have prevented DOD from having auditable financial statements.
While DOD needs to take additional action to ensure RPAD contains complete and accurate data, the department has prioritized improving the data. This includes issuing new requirements and processes to improve data quality from 2018 that should help them further improve data quality moving forward.
For example, in 2020, DOD required the military services to use the Data Analytics and Integration Support (DAIS) system for reporting real property inventory data. According to DOD, this system will provide a common platform for DOD real property inventory, connecting individual military service real property systems to a web-based interface. DOD intends DAIS to replace the manual, annual data call to populate the Real Property Asset Database, which we have found contains inaccurate and incomplete data.
In addition, DOD has required military services to use its updated Verification and Validation (V&V) Tool, which checks whether the real property data in DAIS follow real property data quality standards and identifies any data anomalies or errors that need correction.
DOD has demonstrated that it has increasing capacity to put into place systems and processes that, over time, will improve the real property data needed to identify options to align its infrastructure to meet its force structure needs. However, as noted earlier, continued improvements are needed. Thus, while we are removing DOD support infrastructure from the High-Risk series, we will continue to closely monitor DOD’s efforts in this area—in particular as part of the Managing Federal Real Property high-risk area. This high-risk area looks at the efforts of both the Office of Management and Budget (OMB) and the General Services Administration to improve the reliability of information on federal real property government-wide. We will also monitor DOD’s efforts related to improving the accuracy and completeness of its real property data as part of the DOD Financial Management high-risk area mentioned above, which reviews issues with the accounting and reporting of DOD’s spending and assets.
Action plan: met. We reported in 2017 and 2019 that DOD had developed plans, such as its Real Property Efficiency Plan, to better identify excess infrastructure and thus be positioned to dispose of it. DOD issued its most recent version of the Real Property Efficiency Plan in September 2019. In addition to serving as DOD’s real property management plan, it also set the department’s targets for, among other things, reducing the amount of office and warehouse space it uses and the number of buildings it owns in fiscal years 2020 through 2024.
DOD also directed its joint bases in 2017 to stop using higher cost joint base common standards for installation services, and instead use the standards of the military service in charge of providing services at any given joint base. This would decrease the likelihood of increased base support costs.
DOD has also implemented recommendations we made in October 2018 to improve its use of intergovernmental support agreements. These are agreements between military installations and local governments to obtain installation services such as waste removal, grounds maintenance, and stray animal control. These improvements to its use of intergovernmental support agreements address another one of the actions we recommended in the 2019 High-Risk Report.
In October 2018, we reported that a sample of these agreements had resulted in cost savings and cost avoidances for the department. Since then, DOD has implemented our recommendations to monitor the benefits from intergovernmental support agreements and whether installations are evaluating opportunities to use those agreements to reduce costs. With these efforts in place, DOD will be better positioned to reduce base support costs, to identify and dispose of excess space, and to better use underutilized space.
Monitoring: met. Since the 2019 High-Risk Report, DOD has demonstrated improvements in monitoring its processes and systems to align its infrastructure to support its force structure needs and achieve efficiencies. In October 2019, DOD senior leaders committed to implementing our prior recommendations for any future BRAC rounds authorized by Congress.
For example, DOD has agreed to limit the practice of bundling multiple stand-alone realignments or closures into single BRAC recommendations. We reported in 2013 that such bundling did not itemize the costs and savings associated with each separate major action within the bundle. This limited visibility into the estimated costs and savings for individual closures and realignments.
The other recommendations DOD has agreed to implement in future BRAC rounds include fully identifying cost requirements for military construction, information technology, relocating personnel and equipment, and alternatively financed projects.
Additionally, DOD has committed to implementing recommendations we made from May 2018 to improve the accuracy of its excess capacity estimates for future BRAC rounds authorized by Congress. Specifically, the department has committed to (1) reliably update the baseline for estimating excess infrastructure capacity, (2) use reasonable assumptions in estimating excess capacity, and (3) develop guidance to improve its analysis and ensure consistency.
One of the actions recommended in our in 2019 High-Risk Report to improve monitoring was that DOD and the military services should better monitor their processes for recording real property information, develop corrective actions for data discrepancies, and develop a strategy to address risks associated with data. While DOD must continue to work to improve the accuracy and completeness of its real property data, its development of DAIS is expected to improve the monitoring of DOD’s real property, including better financial accounting, reporting, and estimation of infrastructure needs moving forward. Monitoring has also been supported in part by efforts to obtain data to improve DOD’s financial statements.
Further, the military services have since taken steps to implement the recommended action. For example, the Army developed a 5-year plan in 2019 to improve data quality and accountability, including directing physical inspections and record updates continuing through fiscal year 2023. As of September 2019, the Navy checked for existence of facilities—whether facilities listed in its records are in place—and checked for completeness of the data—whether facilities that are in place are listed in records. The Navy is continuing to correct any errors identified through its review and the Financial Improvement and Audit Remediation audit. While the most recent audit did not result in a clean opinion, the Navy’s continuing efforts to use the audit to correct and identify any errors demonstrates an improvement in its monitoring efforts. The Air Force began a data quality program in 2018 to improve its real property, with a goal of 100 percent accuracy by September 2023.
These efforts are ongoing and show that DOD is monitoring systems and processes to improve real property data and ultimately provide better visibility for aligning its infrastructure to support mission needs.
Demonstrated progress: met. In the last few years, DOD has demonstrated progress in aligning its infrastructure to its force structure needs by implementing actions to reduce excess infrastructure and achieve efficiencies in base support. In doing so, DOD has addressed all seven actions we recommended in 2019 to improve management of its support infrastructure.
As mentioned above, DOD addressed four of the seven actions by committing to improve its implementation of future BRAC rounds. Specifically, for future BRAC rounds authorized by Congress, DOD formally committed to fully identifying the cost requirements for military construction, information technology, relocating personnel and equipment, and alternatively financed projects, and limiting the practice of bundling multiple stand-alone BRAC realignments or closures into single recommendations.
DOD further agreed to improve the accuracy of its excess capacity estimates by reliably updating the baseline and using reasonable assumptions for estimating excess infrastructure capacity, as well as developing guidance to improve its analysis and ensure consistency.
DOD has further been working to more efficiently use underutilized installation space through reduction of leases. In its Real Property Efficiency Plan for fiscal years 2020 to 2024, DOD noted that the Army had been focusing on reducing its leases in the National Capital Region, which were among the Army’s most expensive leased inventory. Specifically, DOD reported that the Army reduced its leased footprint in the National Capital Region from a peak of 3.9 million square feet in 2011 to roughly 1 million square feet as of September 2019. The department also implemented recommendations we made to increase the use of intergovernmental support agreements to reduce the cost of installation support services. These actions address the fifth of seven actions we recommended in 2019 to improve support infrastructure management.
As stated above, DOD has also taken steps to improve its real property data to improve oversight and better inform decision-making about aligning infrastructure to mission needs. DOD has required the use of the DAIS platform and the V&V tool to better capture real property data and correct discrepancies. The military services have implemented plans and actions to prioritize and put into place efforts that will lead to a more complete and accurate set of information. While DOD needs to continue to improve the accuracy and completeness of its real property data, we believe that these address the sixth of the actions we had in the 2019 High-Risk Report.
The last remaining action we recommended in the 2019 High-Risk Report was for DOD to continue to assess its infrastructure needs in light of ongoing changes in force structure and work with Congress, as needed, to reduce any excess infrastructure.
DOD continues to be committed to reducing its excess and underutilized space and has addressed this last recommended action. Since 2013, for example, DOD has been reducing excess space as part of the European Infrastructure Consolidation program and continues to assess more reductions as DOD relocates servicemembers in Europe to align with current mission needs.
Further, when OMB began the Freeze the Footprint and the Reduce the Footprint programs (which restrict the growth of excess property by requiring disposal of existing property for each newly acquired property), DOD made significant contributions to overall footprint reduction results as the federal government’s largest property holder.
For example, in fiscal year 2016, DOD’s facility square footage reductions were 68 percent of the total government-wide office and warehouse reductions and 75 percent of other government-wide property reductions. DOD continues to update its Real Property Efficiency Plan to set targets for reducing the amount of office and warehouse space it uses and the number of buildings it owns in fiscal years 2020 through 2024.
The military services have continued to focus on aligning their infrastructure to meet mission needs. For example, the Army is using (1) the Facility Reduction Program to eliminate excess square footage through demolition; (2) the Enhanced Use Lease Authority to leverage underutilized property; and (3) the Return to Host Nation initiative to reduce excess at overseas locations. In January of 2019, the Air Force formalized its Infrastructure Investment Strategy to incentivize installation master planning, including directing a 5 percent reduction in the total Air Force facility footprint to better match its infrastructure to support its mission.
Monitoring after Removal from the High Risk List
DOD demonstrated commendable, sustained progress improving its support infrastructure management. However, this does not mean DOD has addressed all risk within this area. Most notably, DOD faces considerable challenges in ensuring it has accurate and complete real property data. We will continue to monitor DOD’s efforts as part of the Federal Real Property and DOD Financial Management high-risk areas. Moreover, it remains important that senior leaders continue their efforts to implement corrective actions to improve real property data, to continue to dispose of excess infrastructure, and to align infrastructure with the needs of the forces.
We will continue to conduct oversight of these and other support infrastructure management efforts at DOD.
Related GAO Products
Defense Real Property: DOD-Wide Strategy Needed to Address Control Issues and Improve Reliability of Records. GAO‑20‑615. Washington, D.C.: September 9, 2020.
Defense Real Property: DOD Needs to Take Additional Actions to Improve Management of Its Inventory Data. GAO‑19‑73. Washington, D.C.: November 13, 2018.
DOD Installation Services: Use of Intergovernmental Support Agreements Has Had Benefits, but Additional Information Would Inform Expansion. GAO‑19‑4. Washington, D.C.: October 23, 2018.
Defense Infrastructure: DOD Needs to Improve the Accuracy of Its Excess Capacity Estimates. GAO‑18‑230. Washington, D.C.: May 24, 2018.
Military Bases: Opportunities Exist to Improve Future Base Realignment and Closure Rounds. GAO‑13‑149. Washington, D.C.: March 7, 2013.
Strategic Human Capital Management
Bookmark:Skills gaps within the federal workforce persist despite the continuing efforts of the Office of Personnel Management and federal agencies.
| Why Area Is High Risk Mission-critical skills gaps both within federal agencies and across the federal workforce pose a high risk to the nation because they impede the government from cost effectively serving the public and achieving results. This area was added to the High-Risk List in 2001. Causes of these skills gaps vary; however, they are often due to a shortfall in one or more talent management activities such as robust workforce planning or training. Skills gaps have been identified in government-wide occupations in fields such as science, technology, engineering, mathematics, cybersecurity, and acquisitions. Currently, OPM has stated that it is assisting agencies in addressing emerging workforce needs in the wake of the COVID-19 pandemic. Contact Information For additional information about this high-risk area, contact Michelle B. Rosenberg at (202) 512-6806 or rosenbergm@gao.gov. |
Since our 2019 High-Risk List, the rating for one criterion—leadership commitment—declined from met to partially met. The other four criteria remain unchanged.
Leadership commitment: partially met. Since our last high-risk update in 2019, the Office of Personnel Management (OPM) has had three different directors, only one of whom was confirmed by the Senate. As of January 2021, OPM has been led by an acting director for 18 of the last 24 months. The absence of Senate-confirmed leadership meant the federal government lacked the attention from the highest levels needed to address longstanding and emerging skills gaps.
For example, OPM canceled its annual Human Capital Review meetings with agency officials for 2020. These meetings are used for agencies to report, among other things, their progress on closing skills gaps to OPM officials. According to OPM, these meetings were cancelled due to work demands related to the Coronavirus Disease 2019 (COVID-19) pandemic. OPM did hold weekly government-wide teleconferences to share information and strategies on current human capital challenges. However, the regulation-required annual Human Capital Reviews are important to show leadership’s commitment to addressing this issue and holding agencies accountable for taking action to close skills gaps.
While OPM has established an agency priority goal for fiscal years 2020 and 2021 to support agencies’ efforts to address skills gaps, mission-critical skills gaps are a root cause in high-risk areas across the government. Of the 35 other high-risk areas, skills gaps played a significant role in 22 areas.
Capacity: partially met. OPM continues to provide technical support and monitor the work of Federal Agency Skills Teams (FAST)—teams of subject matter experts and human capital management professionals established in most agencies to address their skills gaps.
Regarding government-wide skills gaps within science, technology, engineering, and mathematics (STEM) occupations, OPM officials stated they are initially focusing their efforts on addressing the shortage of cybersecurity professionals. Focusing on cybersecurity may help close this skills gap. However, there are STEM occupations that are critical to agencies’ missions—such as medical professionals and biomedical researchers—that also need to be addressed.
Action plan: partially met. As part of addressing the agency priority goal to address workforce needs, OPM is working to provide agencies with 48 different tools and flexibilities to mitigate skills gaps in 80 percent of identified high-risk, mission-critical occupations by September 2021. OPM has reported that, as of September 2020, it has made available 43 of the tools and flexibilities to assist agencies in mitigating skills gaps and is on track to provide the remaining five by the end of fiscal year 2021.
Since our 2019 report, OPM officials reported that FAST teams have improved the quality of agencies’ action plans for closing skills gaps by ensuring that they describe the root causes for the occupation’s skills gap, as well as outline the goals and strategies for addressing them.
While these individual action plans enable OPM and agencies to track progress toward closing agency-specific skills gaps, no similar action plan exists for closing government-wide skills gaps. Such a plan could provide greater transparency about OPM’s and agencies’ efforts to close the six government-wide skills gaps OPM originally identified in 2015.
Monitoring: partially met. OPM has improved its ability to monitor FAST teams’ efforts by developing a set of four common metrics to identify current and emerging skills gaps. OPM’s use of these metrics across all FAST teams implements our January 2015 recommendation that OPM create an approach for identifying and monitoring skills gaps across multiple agencies. However, as mentioned above, by reinstating the regulatory-required annual Human Capital Review meetings, OPM would provide agencies with more structure and accountability for progress on closing skills gaps.
Demonstrated progress: not met. The shortage of staff and the lack of skills among current staff occurs across multiple federal agencies and responsibilities. For example, due to a lack of workforce planning and skills, none of the 24 Chief Financial Officers (CFO) Act agencies have fully implemented best practices for information technology (IT) or cybersecurity workforce planning, including ensuring staff have the skills to address cybersecurity risks and challenges in areas such as industrial control systems supporting the electric grid and avionics cybersecurity.
Further, as noted, skills gaps caused by an insufficient number of staff, inadequate workforce planning, and a lack of training in critical skills are contributing to our designating 22 of the 35 other areas as high risk. The table below provides examples of the high-risk areas in which skills gaps played a role; the causes of these skills gaps are grouped into four broad categories—Skills, Staffing, Training, and Workforce Planning.
Source: GAO analysis. | GAO-21-119SP
Note: Two additional high-risk areas with skills gaps are Decennial Census and DOD Business Systems Modernization.
What Remains to Be Done
Over the years since we added this area to our High-Risk List, we have made numerous recommendations to OPM focused on this high-risk area and related human capital issues, 67 of which remain open as of November 2020. Additional progress could be made if OPM were to complete actions to implement open recommendations, such as:
- examining ways to make the general schedule system’s design and implementation more consistent with the attributes of a modern, effective classification system; and
- assessing information on agencies’ use of hiring authorities to identify opportunities to refine, consolidate, eliminate, or expand agency-specific hiring authorities to other agencies and implement changes where OPM is authorized.
Agencies also need to take action to address recommendations we have made regarding mission-critical skills gaps within their own workforces—a significant factor contributing to many high-risk areas. For example, FDA should address staffing challenges associated with conducting inspections of foreign drug manufacturers at an appropriate frequency—a situation that has been exacerbated by the COVID-19 pandemic. At EPA, officials need to carry out workforce planning efforts to ensure that the agency has the resources in place to conduct chemical risk evaluations and implement the Toxic Substances Control Act.
Related GAO Products
Public Health Preparedness: HHS Should Take Actions To Ensure It Has An Adequate Number Of Effectively Trained Emergency Responders. GAO‑20‑525. Washington, D.C.: June 18, 2020.
FEMA Disaster Workforce: Actions Needed to Address Deployment and Staff Development Challenges. GAO‑20‑360. Washington, D.C.: May 4, 2020.
Information Technology: Agencies Need to Fully Implement Key Workforce Planning Activities. GAO‑20‑129. Washington, D.C.: October 30, 2019.
Department Of Veterans Affairs: Improved Succession Planning Would Help Address Long-Standing Workforce Problems. GAO‑20‑15. Washington, D.C.: October 10, 2019.
Federal Workforce: Talent Management Strategies to Help Agencies Better Compete in a Tight Labor Market. GAO‑19‑723T. Washington, D.C.: September 25, 2019.
Defense Acquisition Workforce: DOD Increased Use of Human Capital Flexibilities but Could Improve Monitoring. GAO‑19‑509. Washington, D.C.: August 15, 2019.
Human Capital: Improving Federal Recruiting and Hiring Efforts. GAO‑19‑696T. Washington, D.C.: July 30, 2019.
Federal Hiring: OPM Needs to Improve Management and Oversight of Hiring Authorities. GAO‑16‑521. Washington, D.C.: August 2, 2016.
Federal Workforce: OPM and Agencies Need to Strengthen Efforts to Identify and Close Mission-Critical Skills Gaps. GAO‑15‑223. Washington, D.C.: January 30, 2015.
Human Capital: OPM Needs to Improve the Design, Management, and Oversight of the Federal Classification System. GAO‑14‑677. Washington, D.C.: July 31, 2014.
Managing Federal Real Property
Bookmark:The federal government could better manage its real property, or real estate, portfolio by effectively disposing of unneeded buildings, collecting reliable real property data, and improving the security of federal facilities.
| Why Area Is High Risk The federal government’s real estate portfolio is vast and diverse—including about 130,000 domestic civilian buildings as of fiscal year 2019 that cost billions of dollars annually to operate and maintain. Federal real property management was placed on the High-Risk List in 2003. This year we have narrowed the scope of this issue by removing the costly leasing segment due to the federal government’s progress in reducing the number and costs of leases. However, federal agencies continue to face long-standing challenges in managing real property, including: (1) effectively disposing of excess and underutilized property, (2) collecting reliable real property data for decision-making, and (3) improving the security of federal facilities from possible attacks. The Office of Management and Budget (OMB) and the General Services Administration (GSA) both provide guidance and support to agencies to help manage their real property. OMB establishes federal policies and chairs the Federal Real Property Council (FRPC). GSA provides space for federal tenants and collects government-wide data on real property. The Department of Homeland Security chaired Interagency Security Committee (ISC) sets facility security standards. In addition, its Federal Protective Service (FPS) protects about 9,000 federal buildings. Contact Information For additional information about this high-risk area, contact David Trimble at trimbled@gao.gov or (202) 512-2834. |
Since our last high-risk update in March 2019, the federal government now meets the criterion for having an action plan. The federal government continues to meet the criterion of leadership commitment and continues to partially meet the criteria for capacity, monitoring, and demonstrated progress.
Since we added this area to our High-Risk List, we have made numerous recommendations related to this issue, 31 of which were added since the last high-risk update in March 2019. As of December 2020, 68 recommendations remain open.
The federal response to the Coronavirus Disease 2019 (COVID-19) pandemic may delay some planned actions, such as the development of a final, comprehensive national strategy guiding real property management. In addition, the federal government may face added challenges as a result of the pandemic, such as long-term changes in the amount and type of space it occupies.
These changes may, in turn, affect the amount of excess space the federal government possesses. In addition, the CARES Act provided $275 million to the Federal Buildings Fund for General Services Administration (GSA) to prevent, prepare for, and respond to the pandemic, which we summarized in our November 2020 CARES Act report GAO‑21‑191 on the federal government’s initial response to the pandemic.
Excess and Underutilized Property
The ratings for the excess and underutilized property segment remain unchanged since our 2019 High-Risk Report.
Leadership commitment: met. The Office of Management and Budget (OMB) continues to implement the 2015 National Strategy for the Efficient Use of the Real Property (national strategy) which identifies actions to reduce the size of the federal real property portfolio by prioritizing consolidation, co-location, and disposal actions. The national strategy is consistent with the 2015 Reduce the Footprint policy that required agencies to set goals for reducing unneeded space.
In May 2019, the Public Buildings Reform Board (the board) was sworn in and worked with OMB, GSA, and other federal agencies to collectively identify and recommend high-value properties for disposal under the Federal Assets Sale and Transfer Act (FASTA) of 2016. In January 2020, OMB approved the board’s list of 12 recommended high-value federal properties for disposal. According to board officials, the first round of high-value properties are set to be sold in 2021.
Capacity: partially met. In March 2020, OMB published an addendum to the national strategy but it does not fully address underlying challenges, such as budget limitations, that impede agencies’ capacity to dispose of or use real property better, a deficiency we noted in our 2019 high-risk update. According to an OMB official, as of August 2020, OMB had not yet drafted the planned comprehensive and final national strategy document, in part, because of the need to respond to COVID-19.
As a 6-year pilot program, FASTA increased the federal government’s capacity to dispose of unneeded federal real property by establishing an independent board and a process for identifying and disposing of unneeded federal buildings, among other things. However, in our January 2021 report GAO-21-233, we found that better documentation of the board’s process for evaluating and selecting disposal properties could help improve the process for future disposals.
Action plan: met. We noted in 2019 that OMB had, through Reduce the Footprint, established a government-wide action plan to (1) use property as efficiently as possible, and (2) reduce portfolios through annual reduction targets. Additionally, OMB’s November 2019 memorandum on the Implementation of Agency-wide Real Property Capital Planning requires agencies to develop an annual capital planning process document that addresses project prioritization between new assets and maintenance of existing assets. Agencies’ planning documents were originally due to OMB in August 2020 but that deadline has been postponed until 2021 due to COVID-19, according to an OMB official.
Monitoring: partially met. OMB and GSA continue to monitor progress in meeting space-reduction targets using the government-wide real property database called the Federal Real Property Profile (FRPP). However, the database is not yet sufficiently reliable to produce accurate results.
For example, OMB chose not to use the Department of Defense’s (DOD) real property data in reporting the last 2 years of results of the Reduce the Footprint policy (2018 and 2019) because the data were not sufficiently reliable. We reported in 2018 that weaknesses in the quality of DOD’s real property data result, in part, because DOD has not implemented a strategy to identify and address risks with accompanying schedules and performance metrics. As of February 2020, DOD estimated it could complete these actions by September 2023.
Demonstrated progress: partially met. The federal government has made uneven progress in implementing the Reduce the Footprint policy. While the federal government doubled its space reductions goal in fiscal year 2016 by reducing 11 million square feet of space, later results were mixed. The federal government failed to reach its reduction goals in fiscal years 2017 and 2019, and the 2019 reductions were the lowest since the effort began in 2016.
In fiscal year 2019, the federal government reduced about 566,000 square feet of space, less than half of any of the previous years’ reductions. While the board made progress by recommending a list of high-value properties for disposal that OMB approved, GSA still needs to execute the sale of these properties under FASTA.
What Remains to Be Done
- OMB should focus on achieving Reduce the Footprint targets.
- GSA, in conjunction with the board, should complete the sale of OMB-approved, high-value assets, per FASTA.
Costly Leasing (Segment Removed)
The ratings for the costly leasing segment improved to met for capacity, monitoring, and demonstrated progress criteria, with the two other criteria continuing to be met. Consequently, we have removed the costly leasing segment from this high-risk area.
Leadership commitment: met. GSA continued to demonstrate leadership commitment in reducing costly leasing. As noted in our 2019 High-Risk Report, GSA initiated its Lease Cost Avoidance Plan in 2018 to reduce leasing costs by a projected $4.7 billion by fiscal year 2023.
GSA continued to implement its plan through several initiatives including (1) negotiating more competitive leases with longer terms, (2) reducing the size of leases, (3) moving leased tenants to federally owned space, and (4) backfilling vacant leased space.
Capacity: met. GSA has taken steps to reduce its reliance on costly leases. In May 2020, GSA awarded the fourth iteration of its broker contract. GSA uses brokers to supplement its staff and complete work on high-value leases it would otherwise be unable to complete, according to GSA officials. GSA also hired an additional 32 GSA lease-contracting officers in fiscal years 2019 and 2020 to help address its expiring lease inventory.
GSA has also taken steps to increase its capacity for reducing leasing costs by eliminating interest fees. In 2020, in response to our 2016 recommendation, GSA developed a proposal to OMB to loan agencies funds to improve newly leased spaces instead of agencies financing these costs at private-sector interest rates. This proposal could save tenant agencies millions of dollars in private sector interest charges.
Action plan: met. GSA continued to meet the action plan criterion for costly leasing through ongoing implementation of its Lease Cost Avoidance Plan. In 2020, GSA also successfully implemented its plan to prioritize properties for ownership investments—a recommendation we made in 2013—by purchasing the Department of Transportation’s (DOT) headquarters building.
Monitoring: met. GSA now meets the criterion for monitoring progress toward reducing leasing costs. Since 2019, GSA has improved its monitoring efforts. GSA’s Lease Cost Avoidance Plan now aggregates cost avoidance estimates from a number of metrics. Specifically, the plan tracks cost avoidance through various metrics such as leases negotiated below market costs, reductions in rental square footage, and reductions in vacant leased space through backfill or lease termination.
In addition, GSA developed its lease replacement metrics to monitor lease status at different points along the process to minimize the need to stay in a space after a lease expires or to enter into short-term lease extensions.
Demonstrated progress: met. GSA has made quantifiable improvements in leasing amounts and costs and now meets the demonstrated progress criterion. GSA has documented a downward trend in leased square footage over the last 6 years, resulting in more space being under the custody and control of GSA than the space it leases for the first time since 2007. In fiscal year 2019, GSA reported that it avoided about $324 million in costs by moving tenants from previously leased space to federally owned space.
Notably, in 2020, GSA moved the DOT Headquarters in Washington, D.C., from leased space to owned space by purchasing the building. GSA estimates that this move to owned space will save taxpayers more than $409 million in lease costs over 30 years. GSA also reported that it avoided an additional $30 million of lease costs in fiscal year 2019 by backfilling vacant federal space and terminating unneeded leases.
Data Reliability
The rating for demonstrated progress has regressed from partially met to not met since our 2019 High-Risk Report. Ratings for the other four criteria remain unchanged.
Leadership commitment: met. GSA and DOD continue to demonstrate leadership commitment in improving their data reliability. GSA continues to improve its FRPP reliability and its Federal Real Property Data Validation and Verification (V&V) process for identifying and correcting possible errors.
GSA, in conjunction with the Federal Real Property Council (FRPC), also continues to refine its FRPP data dictionary which provides the real property reporting requirements for executive agencies. DOD also committed to a timeline for improving its Real Property Assets Database.
Capacity: met. GSA continues to take actions to increase the capacity of agencies to submit accurate data. For example, GSA revised certain data elements’ definitions in 2020 and incorporated them into the 2020 FRPP data dictionary to increase the accuracy and completeness of the data reported to FRPP. In addition, in November 2018, FRPC established a data governance working group that meets regularly to address challenges to reliable and complete data in the FRPP.
Action plan: met. In March 2020, FRPC’s data governance working group developed a corrective action plan to address FRPP data reliability issues that we identified in February 2020 including V&V anomaly categories to better target incorrect data. In February 2020, DOD shared its strategy to improve the coordination of corrective action plans to remediate discrepancies in its real property data system. DOD's estimated completion date for these actions is September 2022.
Monitoring: partially met. While GSA’s V&V process continues to provide a structure for improving the FRPP data, it has not addressed key errors in FRPP data.
In February 2020, we found that 67 percent of building addresses in FRPP were incorrectly formatted or incomplete, making it hard to locate specific buildings. In June 2020, GSA revised the FRPP data dictionary to clarify the reporting of street addresses as well as latitude and longitude coordinates. In November 2020, FRPC’s data governance working group developed a computer application to help agencies identify incorrect or incomplete FRPP location data. This tool will be available to agencies in 2021, according to GSA officials. GSA officials plan to monitor the effect of these changes after agencies submit their 2021 data.
We also found that verification of DOD’s real property assets during fiscal year 2019 was incomplete and not comparable across DOD due to a lack of department-wide instructions.
Demonstrated progress: not met. GSA and DOD are no longer partially meeting the criteria for demonstrated progress. While GSA and some agencies have taken action to correct data, we continue to find serious data errors that undermine the reliability of the FRPP. GSA’s V&V process has not effectively addressed key errors in FRPP data. As a result, we found in February 2020 that most building addresses in FRPP are either incorrectly formatted or incomplete.
In addition, DOD’s real property data continue to be inaccurate and incomplete. In September 2020, we found that DOD had serious control issues that affected the quality of its property data. DOD also has not implemented a strategy that identifies and addresses risks to data quality and information accessibility with accompanying schedule and performance metrics, a recommendation we made in November 2018. DOD officials told us they developed a strategy in 2020 but it will not be fully implemented until September 2023.
What Remains to Be Done
GSA should continue working with federal agencies to improve the reliability of its real property data through V&V efforts and encouraging agencies to implement action plans to better assess, address, and track data quality. In particular, agencies should correct location data as we recommended in 2020. DOD should improve the reliability of its real property data by implementing a strategy that identifies and addresses risks to data quality, as we recommended in 2018 and 2020.
Facility Security
The ratings for the facility security segment improved for the action plan and demonstrated progress criteria with the other three criteria remaining unchanged.
Leadership commitment: met. The Federal Protective Service (FPS) continues to take action to address our recommendations to improve the security of federal facilities. The Interagency Security Committee (ISC) also continues to update its Risk Management Process—a consolidated set of standards required of executive branch agencies for physical security at nonmilitary federal facilities.
Capacity: partially met. The federal government may not have the capacity to conduct adequate risk assessments because agencies’ security assessment methodologies do not fully align with the ISC Risk Management Process. To this end, the Federal Aviation Administration (FAA) and the Department of Veterans Affairs (VA) should implement our October 2017 and January 2018 recommendations to complete an assessment of their policies consistent with the ISC’s standards.
Action plan: met. The federal government has shown improvement and now meets this criterion by finalizing action plans that should improve the security of federal facilities. In July 2019, FPS, GSA, the judiciary, and the U.S. Marshals Service finalized a memorandum of agreement clarifying their respective roles and responsibilities for federal facility security, implementing our longstanding recommendation from September 2011.
In 2020, FPS and GSA also implemented our December 2015 recommendation by finalizing a joint strategy that defined and articulated a common understanding of expected outcomes and aligned the two agencies' activities and core processes to achieve their related missions.
Monitoring: partially met. The federal government continues to partially meet this criterion. In 2019, FPS developed two systems to oversee its contract guard workforce. Specifically, FPS developed the Training and Academy Management System and the Post Tracking System. However, FPS has not fully implemented these systems. Finally, as noted in the 2019 high-risk update, actions are still needed to better address various emerging security threats to federal facilities.
Demonstrated progress: partially met. The federal government has shown improvement and now partially meets the criterion for demonstrated progress to improve security. FPS must demonstrate the effectiveness of its guard management system and ensure that it interacts with its training system across all regions. Once the systems are fully implemented, FPS will be able to obtain information to assess its guards’ capability to address security risks across its portfolio.
Although there has been progress overall to improve federal facility security, the attack on the U.S. Capitol on January 6, 2021, underscores that more progress is needed among a range of federal agencies and their law enforcement partners to defend against ever changing threats.
What Remains to Be Done
To improve the security of federal facilities, the following steps are necessary:
- FAA and VA should ensure that their risk assessment processes align with ISC standards; and
- FPS should fully implement its guard management systems and ensure they are working as expected.
Related GAO Products
Federal Real Property: Additional Documentation of Decision Making Could Improve Transparency of New Disposal Process. GAO-21-233. Washington, D.C.: January 29, 2021.
Defense Real Property: DOD-Wide Strategy Needed to Address Control Issues and Improve Reliability of Records. GAO‑20‑615. Washington, D.C.: September 9, 2020.
Federal Leasing: Quality Information and Metrics Would Allow GSA to Better Assess the Value of Its Broker Program. GAO‑20‑361. Washington, D.C.: March 31, 2020.
Federal Real Property: GSA Should Improve Accuracy, Completeness, and Usefulness of Public Data. GAO‑20‑135. Washington, D.C.: February 6, 2020.
Federal Building Security: Actions Needed to Help Achieve Vision for Secure, Interoperable Physical Access Control. GAO‑19‑138. Washington, D.C.: December 20, 2018.
Defense Real Property: DOD Needs to Take Additional Actions to Improve Management of Its Inventory Data. GAO‑19‑73. Washington, D.C.: November 13, 2018.
Federal Facility Security: Actions Needed to Better Address Various Emerging Threats. GAO-19-32SU. Washington, D.C.: October 17, 2018.
Federal Facility Security: Selected Agencies Should Improve Methods for Assessing and Monitoring Risk. GAO‑18‑72. Washington, D.C.: October 26, 2017.
Federal Real Property: Improving Data Transparency and Expanding the National Strategy Could Help Address Long-standing Challenges. GAO‑16‑275. Washington, D.C.: March 31, 2016.
Federal Real Property: GSA Could Decrease Leasing Costs by Encouraging Competition and Reducing Unneeded Fees. GAO‑16‑188. Washington, D.C.: January 13, 2016.
Federal Protective Service: Actions Needed to Assess Risk and Better Manage Contract Guards at Federal Facilities. GAO‑12‑739. Washington, D.C.: August 10, 2012.
Funding the Nation’s Surface Transportation System
Bookmark:Congress should pass a long-term, sustainable solution for funding surface transportation.
| Why Area Is High Risk The nation’s surface transportation system—including highways, transit, maritime ports, and rail systems that move both people and freight—is under growing strain. Further, the cost to repair and upgrade the system to meet current and future demand is estimated in the hundreds of billions of dollars. The oldest portions of the Interstate Highway System are over 60 years old, and over 7 percent of the nation’s bridges were rated in poor condition in 2019.These challenges are intensified by a range of factors such as shifting demographics, a growing economy, and rapid development of new technologies. This issue has been on our High-Risk List since 2007. These surface transportation challenges come at a time when traditional funding sources are eroding and the federal government lacks a long-term sustainable strategy for funding surface transportation. Funding is further complicated by the federal government’s financial condition and fiscal outlook. The nation is on an unsustainable long-term fiscal path of deficits and debt, and Congress and the administration face difficult policy choices about federal revenues, spending and investment. These choices need to be accompanied by a broader fiscal plan to put the government on a more sustainable long-term fiscal path. Contact Information For additional information about this high-risk area, contact Elizabeth Repko at (202) 512-2834 or RepkoE@gao.gov. |
We are not rating this high-risk area because addressing the identified issues will primarily involve congressional action.
Motor fuel taxes and additional truck-related taxes that support the Highway Trust Fund—the major source of federal surface transportation funding—are eroding. Because of inflation, the 18.4 cent-per-gallon federal tax on gasoline has about one-third less purchasing power than it did when the federal motor fuel tax was last raised in 1993.
To maintain spending levels for highway and transit programs and to cover revenue shortfalls, Congress transferred a total of about $155 billion in general revenues to the Highway Trust Fund on nine occasions from 2008 through 2020, including $13.6 billion by the Continuing Appropriations Act, 2021 and Other Extensions Act, enacted in October 2020.
These transfers each represented a one-time infusion of funding, not a sustainable long-term source of revenues. This funding approach effectively ended the long-standing principle of “users pay” in highway finance, breaking the link between the taxes highway users paid and the benefits they received.
The Fixing America’s Surface Transportation (FAST) Act appropriated around $70 billion of the $141 billion in transfers for fiscal years 2015 through 2020. In 2021, the gap between projected revenues and spending will recur. In September 2020, the Congressional Budget Office estimated that $188 billion in additional funding would be required to maintain current spending levels plus inflation from fiscal years 2021 through 2030. This estimate did not include the effects of the $13.6 billion transferred by the Continuing Appropriations Act, 2021 and Other Extensions Act. See figure 7.
Figure 7: Projected Cumulative Highway Trust Fund Balance, Fiscal Years 2021 through 2030
A long-term sustainable plan for funding surface transportation involves congressional action and remains the pivotal action that will determine whether this issue remains on, or is removed from, our High-Risk List. However, it is also important that federal funding for surface transportation be spent wisely and efficiently.
Over the last decade we have noted opportunities to improve performance and accountability in how surface transportation funds are spent by maximizing the use of existing resources and linking funding to performance. These opportunities include (1) implementing a performance-based approach to surface transportation funding, and (2) improving how surface transportation projects are selected through the Department of Transportation’s (DOT) discretionary grant programs.
Performance-based approach to surface transportation funding. Historically, spending for surface transportation programs has not effectively addressed key challenges, such as deteriorating infrastructure conditions and increasing congestion and freight demand. This is because (1) federal goals and roles have been unclear, (2) programs have lacked links to performance, and (3) programs have not used the best tools and approaches to ensure effective investment decisions.
Since 2008, we have suggested that Congress consider a fundamental reexamination of these programs to improve performance and accountability by (1) clarifying federal goals and roles, (2) establishing performance links, and (3) improving investment decision-making.
Provisions enacted in 2012 in the Moving Ahead for Progress in the 21st Century Act (MAP-21) have begun to address these key challenges. Specifically, MAP-21 included provisions to move toward a more performance-based surface transportation program by establishing national performance goals in areas such as infrastructure condition, safety, and system performance.
The act and its implementing regulations set forth a three-stage process in which (1) DOT establishes performance measures and standards, (2) states and other grantees set targets based on these performance measures and states report progress to DOT, and (3) DOT evaluates whether grantees have met or made significant progress toward their targets.
DOT has been implementing the performance-based approach envisioned in MAP-21. For example, starting in fiscal year 2014, the National Highway Traffic Safety Administration (NHTSA) required states to establish targets for safety-related performance measures such as traffic fatalities and serious injuries. Additionally, in January 2017, the Federal Highway Administration finalized the last of six interrelated rules establishing performance measures in the areas of safety, pavement and bridge conditions, and system performance.
In 2019, we reported that it was sometimes unclear whether states had achieved their safety-related targets. As a result, we recommended that NHTSA develop and implement a mechanism that communicates whether states have achieved their targets. In response, NHTSA plans to provide performance data on states' achievement of their 2020 targets on its website when data becomes available in the fall of 2021.
Discretionary grants. Discretionary grants are an important component in improving the performance and accountability of transportation funding decisions. We have reported that the historic approach to funding surface transportation, in particular highways, poses challenges because funding has been principally provided through statutory formulas designed largely to return revenues to their attributed state of origin to closely align the states’ contributions to the Highway Trust Fund with the funding they receive.
The FAST Act authorized about a dozen new discretionary grant programs, including the Nationally Significant Freight and Highway Projects Program, authorized at $4.5 billion over 5 fiscal years for highway, rail, port, and intermodal freight and highway projects, which DOT named the Infrastructure for Rebuilding America (INFRA) program. While more than 90 percent of funding from the Highway Trust Fund will continue to be distributed by statutory formula, the FAST Act represents a promising development to address national and regional transportation priorities.
Since 2011 we have identified numerous challenges with DOT discretionary grant programs, including problems with the transparency of the application review and selection process and a lack of documentation of key decisions. In June 2019 we reported that we were unable to determine the basis for about $2.3 billion in discretionary grant awards from fiscal years 2016 through 2018 due to the continued lack of consistency and transparency in DOT’s management of the program.
For example, for the INFRA awards made in 2018, DOT initially found that 97 applications contained insufficient information for an eligibility determination and subsequently followed up with 42 of the 97 applicants to request additional information. However, DOT did not sufficiently document why it followed up with certain applicants and not others.
Moreover, while DOT established criteria to evaluate projects, DOT forwarded information on all 165 projects that were found to be statutorily eligible to the Secretary of Transportation for potential award, regardless of how well they scored on the evaluation criteria. DOT’s documentation did not provide insight into why projects were selected for awards.
We recommended in June 2019 that DOT clarify for applicants for the remaining INFRA awards the circumstances under which DOT may request additional information. We also recommended that DOT inform applicants how scores on merit criteria are used, if at all, to determine whether projects advance to the Secretary for selection. DOT agreed with these recommendations and stated it would implement them for the fiscal year 2020 INFRA funding awards, which were announced in June 2020.
As of December 2020, DOT officials told us they developed more formal procedures in 2020 for seeking additional information from applicants. However, DOT did not inform applicants about the circumstances under which DOT may request additional information or how merit criteria scores are used to advance projects to the Secretary, as we recommended.
As we reported in June 2019, the reauthorization of DOT’s surface transportation programs, which expire in October 2021, provides Congress the opportunity to require DOT to take additional action to ensure consistency and transparency in the management of its discretionary grant programs. We suggested that Congress consider including language in the next reauthorization that would require DOT to develop and implement transparency measures for its discretionary grant programs.
Such measures should, at a minimum, help to ensure that the evaluation process is clearly communicated, that applications are consistently evaluated, and that the rationale for DOT’s decisions is clearly documented.
Congressional Actions Needed
Congress and the administration should agree on a long-term plan for funding surface transportation. Continuing to augment the Highway Trust Fund with general revenues may not be sustainable, given competing demands and the federal government’s long-term fiscal challenges. A sustainable solution would balance revenues to and spending from the Highway Trust Fund.
New revenues from users can come only from taxes and fees; ultimately, major changes in transportation spending or in revenues, or in both, will be needed to bring the two into balance. In 2008, we reported that Congress should consider addressing the imbalance between federal surface transportation revenues and spending. That matter has not been addressed, and the current authorization for surface transportation funding expires in October 2021.
What Remains to Be Done
While passage by Congress of a long-term sustainable plan for funding surface transportation is the pivotal action that is needed to remove this issue from our High-Risk List, it is also increasingly important that the effectiveness of surface transportation programs be improved by maximizing the use of existing resources and linking funding to performance. Specifically, DOT can
- continue to make progress implementing the performance-based framework established in MAP-21, and
- enhance the management of its discretionary grant programs and respond to our recommendations to ensure the integrity of future DOT discretionary grant programs.
Related GAO Products
Traffic Safety: Improved Reporting Could Clarify States’ Achievement of Fatality and Injury Targets. GAO‑20‑53. Washington, D.C.: October 22, 2019.
Discretionary Transportation Grants: Actions Needed to Improve Consistency and Transparency in DOT's Application Evaluations. GAO‑19‑541. Washington, D.C.: June 26, 2019.
Surface Transportation: A Comprehensive Plan Could Facilitate Implementation of a National Performance Management Approach. GAO‑17‑638. Washington, D.C.: July 27, 2017.
Highway Trust Fund: Pilot Program Could Help Determine the Viability of Mileage Fees for Certain Vehicles. GAO‑13‑77. Washington, D.C.: December 13, 2012.
Highway Trust Fund: All States Received More Funding Than They Contributed in Highway Taxes from 2005 to 2009. GAO‑11‑918. Washington, D.C.: September 8, 2011.
Surface Transportation: Restructured Federal Approach Needed for More Focused, Performance-Based, and Sustainable Programs. GAO‑08‑400. Washington, D.C.: March 6, 2008.
Modernizing the U.S. Financial Regulatory System
Bookmark:Financial regulators need to strengthen systemic risk oversight and monitor progress on reforms, and Congress may want to consider options to address inefficiencies that hamper the financial regulatory system.
| Why Area Is High Risk The U.S. financial regulatory structure remains complex, with responsibilities fragmented among a number of regulators that have overlapping authorities. The current structure introduces significant challenges for efficient and effective oversight of financial institutions and activities. Moreover, in the decades leading up to the financial crisis of 2007—2009, the financial regulatory system failed to adapt to significant changes. First, although the financial sector increasingly had become dominated by large, interconnected financial conglomerates, no single regulator was tasked with monitoring and assessing the risks that these firms' activities posed across the entire financial system. Second, entities that had come to play critical roles in the financial markets were not subject to sufficiently comprehensive regulation and oversight. Third, the regulatory system was not effectively providing key information and protections for new and more complex financial products for consumers and investors. Consequently, we added this area to the High-Risk List in 2009. Modernizing the U.S. financial regulatory system and aligning it to current conditions is essential to ensuring the stability of the financial system, particularly during the period of profound economic disruption associated with the COVID-19 pandemic. Contact Information For additional information about this high-risk area, contact Daniel Garcia-Diaz at (202) 512-8678 or garciadiazd@gao.gov. |
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged. Actions are needed by financial regulators and Congress to address this high-risk area.
Leadership commitment: partially met. Since policymakers enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) in July 2010, financial regulators have shown leadership commitment by finalizing rules to implement the Dodd-Frank Act’s rulemaking requirements. While the act included provisions to better position the financial regulatory system to address financial stability risks, it generally left the financial regulatory structure unchanged.
In February 2016, we reported that remaining fragmentation and overlap in the structure have created inefficiencies in regulatory processes and inconsistencies in how regulators oversee similar types of institutions. We also reported that while the Dodd-Frank Act created the Financial Stability Oversight Council (FSOC) to identify and address threats to financial stability, FSOC’s legal authorities may not allow it to respond effectively to certain systemic risks. For example, these authorities may not allow FSOC to effectively address risks from financial activities that span multiple entities. Hence, addressing weaknesses in the U.S. financial regulatory structure will require additional congressional leadership.
In June 2020, we reported on financial regulators’ efforts to respond to the Coronavirus Disease 2019 (COVID-19) by implementing relevant provisions of the CARES Act, such as temporary changes to regulatory requirements to encourage banks to provide flexibility to borrowers facing disruptions. We noted that as market conditions continue to evolve, regulatory attention to safety and soundness of regulated banks would continue to be important to identify and respond to any emerging issues early.
Capacity: partially met. The Dodd-Frank Act created FSOC and included other provisions intended to increase the capacity of the financial regulatory system to identify and address risks to the stability of the financial system. While most of these reforms have been implemented, rulemakings for certain reforms have only recently taken effect or were modified under the May 2018 Economic Growth, Regulatory Relief and Consumer Protection Act.
For instance, in July 2020, we reported that the Federal Deposit Insurance Corporation and the Board of Governors of the Federal Reserve System (Federal Reserve) had finalized amendments to a rule to address changes under the act to resolution planning requirements for covered companies. In addition, in 2021, we plan to publish a framework for evaluating regulatory structures and policy actions pertaining to financial stability. We plan to conduct future work to compare the U.S. regulatory structure for overseeing financial stability to principles in this framework related to the capacity of this structure to address financial stability risks.
Action plan: partially met. FSOC’s annual reports have served as the council’s key accountability document, as each report (1) discusses the progress regulators have made in implementing reforms, (2) identifies newly emerging threats, and (3) includes recommendations to address them.
In December 2020, we reiterated that concerns remain that while FSOC can use its designation authorities to respond to certain potential systemic risks posed by individual entities, its authorities are limited with respect to risks that arise from financial activities spanning multiple entities. Specifically, FSOC can recommend but not compel regulators to act with respect to systemic risk arising from such activities. This presents a challenge to holding FSOC and the financial regulators accountable for addressing systemic risk.
Monitoring: partially met. FSOC monitors and reports on indicators of financial stability and potential emerging threats to financial stability. In addition, in 2018, the Federal Reserve began publishing an annual financial stability report that includes its assessment of the U.S. financial system. Also, since the financial crisis, the Federal Reserve’s stress test programs have played a key role in supervisory efforts to evaluate and maintain financial stability.
In November 2016, we recommended that the Federal Reserve enhance the effectiveness of these stress test programs by further assessing—and adjusting as needed—the severity of the stress scenarios and other aspects of the test design. Since 2019, the Federal Reserve has taken steps to enhance its stress testing practices that addressed seven recommendations. However, further actions are needed to address five open priority recommendations in this area related to stress test design and management of model risk (e.g., accounting for sensitivity of stress test model results). In 2020, we also highlighted opportunities for the Department of Treasury (Treasury) to improve tracking and prioritizing of cyber risk mitigation efforts in the financial services sector according to goals established by the sector.
Demonstrated progress: partially met. The new agencies and oversight bodies created under the Dodd-Frank Act continue to take actions to carry out their missions and coordinate efforts. For instance, Treasury’s Office of Financial Research and the Federal Reserve have taken steps to reduce potential duplication and ensure comprehensive efforts to monitor systemic risks. The two agencies coordinated semiannual meetings to jointly discuss views from their respective monitoring of the financial system.
In our continuing work to monitor this area, as of December 2020, we observed that federal financial regulators could take additional steps to improve the efficiency and effectiveness of the financial regulatory system. For example, additional continuing progress is needed for the Federal Reserve to enhance its stress test programs.
What Remains to Be Done
Over the years since we added this area to our High-Risk List, we have made numerous recommendations related to this area. Since our 2019 High-Risk Report that highlighted 26 open recommendations, 12 recommendations remain open as of December 2020, which include two new recommendations related to cybersecurity risk mitigation in the financial services sector that should be addressed. FSOC and its member agencies should implement our open recommendations related to strengthening oversight of risks to financial stability and assessing the effectiveness of Dodd-Frank Act reforms:
- To improve the effectiveness of its stress test programs, the Federal Reserve should further assess key aspects of stress scenario design and take steps to improve its ability to manage model risk (the potential for adverse consequences from decisions based on incorrect or misused model outputs).
- Federal financial regulators should continue to work cooperatively to conduct required retrospective analyses of rulemakings.
- Treasury should track and prioritize the financial services sector’s cyber risk mitigation efforts and update the sector’s cyber risk mitigation plan with metrics and other information.
Congressional Actions Needed
Addressing weaknesses in the U.S. financial regulatory structure will require additional congressional leadership in the following two areas as cited in our February 2016 report:
- Congress should consider whether additional changes to the financial regulatory structure are needed to reduce or better manage fragmentation and overlap in the oversight of financial institutions and activities to improve (1) the efficiency and effectiveness of oversight; (2) the consistency of consumer and investor protections; and (3) the consistency of financial oversight for similar institutions, products, risks, and services. For example, Congress could consider consolidating the number of federal agencies involved in overseeing the safety and soundness of depository institutions, combining the entities involved in overseeing the securities and derivatives markets, and determining the optimal federal role in insurance regulation, among other considerations.
- Congress should consider whether legislative changes are necessary to align FSOC’s authorities with its mission to respond to systematic risks. Congress could do so by making changes to FSOC’s mission, its authorities, or both, or to the missions and authorities of one or more of the FSOC member agencies.
Related GAO Products
Financial Stability: Agencies Have Not Found Leveraged Lending to Significantly Threaten Stability but Remain Cautious Amid Pandemic. GAO‑21‑167. Washington, D.C.: December 16, 2020.
Critical Infrastructure Protection: Treasury Needs to Improve Tracking of Financial Sector Cybersecurity Risk Mitigation Efforts. GAO‑20‑631. Washington, D.C.: September 17, 2020.
Financial Company Bankruptcies: Congress and Regulators Have Updated Resolution Planning Requirements. GAO‑20‑608R. Washington, D.C.: July 21, 2020.
Enclosure on Temporary Financial Regulatory Changes. Covid-19: Opportunities to Improve Federal Response and Recovery Efforts. GAO‑20‑625. Washington, D.C.: June 25, 2020.
Financial Services Regulations: Status of GAO Recommendations to Enhance Regulatory Analyses and Interagency Coordination. GAO‑20‑114R. Washington, D.C.: December 10, 2019.
Community Banks and Credit Unions: Regulators Could Take Additional Steps to Address Compliance Burdens. GAO‑18‑213. Washington, D.C.: February 13, 2018.
Federal Reserve: Additional Actions Could Help Ensure the Achievement of Stress Test Goals. GAO‑17‑48. Washington, D.C.: November 15, 2016.
Financial Regulation: Complex and Fragmented Structure Could Be Streamlined to Improve Effectiveness. GAO‑16‑175. Washington, D.C.: February 25, 2016.
Financial Stability Oversight Council: Further Actions Could Improve the Nonbank Designation Process. GAO‑15‑51. Washington, D.C.: November 20, 2014.
Financial Stability: New Council and Research Office Should Strengthen the Accountability and Transparency of Their Decisions. GAO‑12‑886. Washington, D.C.: September 11, 2012.
Resolving the Federal Role in Housing Finance
Bookmark:Congress should consider establishing objectives for the federal role in housing finance and a plan for ending the Fannie Mae and Freddie Mac conservatorships. Housing agencies should address oversight weaknesses.
| Why Area Is High Risk The federal role in housing finance expanded during the 2007–2009 financial crisis and remains large. The federal government currently supports about two-thirds of the mortgage market. Since 2013, we have designated resolving the federal role in housing finance as a high-risk area because of the government’s large fiscal exposure and because objectives for the future federal role have not been established. FHFA placed the enterprises into conservatorships in 2008 due to concern that their deteriorating financial condition threatened economic stability. As of September 30, 2020, the enterprises had received $191.4 billion in capital support from Treasury and paid dividends to Treasury exceeding that amount. If the enterprises were to incur major additional losses, they would draw required amounts from their remaining $254.1 billion in Treasury commitments. The federal government also supports mortgages through insurance and guarantee programs. FHA has an insured portfolio of single-family mortgages that exceeds $1.2 trillion, and Ginnie Mae guarantees the performance of more than $2 trillion in securities backed by mortgages with FHA or other federal agency support. The Coronavirus Disease 2019 pandemic has led to missed mortgage and rent payments that have strained the housing finance system and heightened fiscal risks to the federal government. Contact Information For additional information about this high-risk area, contact John Pendleton at (202) 512-8678 or pendletonj@gao.gov. |
Our ratings for the five criteria remain unchanged from our 2019 High-Risk Report. Actions are needed by Congress and housing agencies to address this high-risk area.
Leadership commitment: partially met. The administration and housing and regulatory agencies have taken a number of actions that demonstrate leadership commitment. For example, in March 2019, the President directed the Secretaries of the Treasury and Housing and Urban Development (HUD) to develop housing finance reform plans, which were issued in September 2019.
Additionally, in December 2020, the Federal Housing Finance Agency (FHFA) finalized a rule establishing a new regulatory capital framework for the Federal National Mortgage Association (Fannie Mae) and Federal Home Loan Mortgage Corporation (Freddie Mac)—collectively, the enterprises—that FHFA views as a critical step toward ending the enterprise conservatorships.
Statutory changes will be needed to resolve the federal role in housing finance. Since our 2019 High-Risk Report, Congress has held hearings on housing finance reform, but has not enacted legislation establishing objectives for the future federal role in housing finance or a transition plan that enables the enterprises to exit conservatorship.
Also, some prior legislative proposals have not had a system-wide focus. For example, some proposals address the enterprises but do not consider other entities such as the Federal Housing Administration (FHA) and the Government National Mortgage Association (Ginnie Mae).
Capacity: partially met. Under FHFA’s conservatorship, the enterprises—which guarantee about $6 trillion in mortgage-backed securities—generally have operated profitably since 2012. FHFA has mitigated some of their risks by directing them to take actions that have transferred significant amounts of credit risk to the private market. Overall, the enterprises also have increased their capital reserves following modifications to their conservatorship agreements that allow the two enterprises to retain earnings up to certain thresholds.
As of September 30, 2020, the enterprises collectively had about $35 billion in capital reserves and about $6.3 trillion in assets. As a result, the ratio of capital to assets (unadjusted for asset risk) was less than 0.6 percent, well below the capital ratios generally required of other federally regulated financial institutions. Pandemic-related mortgage losses and the cost of implementing borrower and renter protections in the CARES Act (e.g., mortgage forbearances) could slow the enterprises’ progress in building capital reserves. Additionally, FHFA lacks statutory authority to examine nonbank mortgage servicers (nondepository institutions that collect loan payments, among other functions) and other third parties that do business with and pose potential risks to the enterprises.
FHA and Ginnie Mae also face capacity challenges. FHA’s Mutual Mortgage Insurance Fund has met its statutory minimum capital requirement every year since fiscal year 2014, but the requirement is not based on a specified risk threshold, such as the economic conditions the fund would be expected to withstand. Further, mortgage defaults and forbearances stemming from the pandemic may adversely affect the fund’s financial condition.
Growth in Ginnie Mae’s guaranteed portfolio and a shift toward nonbank securities issuers have increased the agency’s potential exposure to loss. But Ginnie Mae has not analyzed the extent to which its guaranty fee for single-family mortgage-backed securities is sufficient to cover potential losses under different economic scenarios.
Ginnie Mae also relies heavily on contractors for many functions, but has not determined whether it has an optimal mix of contractors and in-house staff. Congress has not reformed Ginnie Mae’s oversight structure to address its increasing risks or required the agency to study and report on its fee and staffing issues.
Action plan: partially met. Although fundamental changes to the housing finance system have yet to be enacted, federal agencies have taken some planning steps to facilitate the transition to a future federal role. For example, the aforementioned September 2019 Department of the Treasury (Treasury) and HUD plans contain numerous recommendations for administrative and legislative reforms to the housing finance system.
Treasury’s plan seeks to define a limited federal role, enhance taxpayer protections against future bailouts, and promote competition in the housing finance system. HUD’s plan aims to refocus FHA on its core mission, protect taxpayers, provide FHA and Ginnie Mae the tools to manage risk, and provide liquidity to the housing finance system.
If Congress enacts changes to the housing finance system, relevant federal agencies will need to develop action plans to effectively implement the changes.
Monitoring: partially met. Federal agencies have taken some steps to provide monitoring tools that may aid the assessment of changes to the housing finance system. For example, FHFA and the Consumer Financial Protection Bureau have an ongoing joint initiative—the National Mortgage Database Program—that could be useful for examining the effect of mortgage market reforms.
The joint initiative features a representative database of loan-level information on the terms and performance of mortgages, as well as characteristics of the associated borrowers and properties. Other program components include quarterly and annual surveys of mortgage borrowers about their experiences in obtaining a mortgage and maintaining a mortgage under financial stress.
However, FHFA’s Office of Inspector General has identified a range of shortcomings in FHFA’s supervision of the enterprises. These include deficiencies in examination guidance and execution; the size, training, and qualifications of the examiner workforce; communication of supervisory findings; and quality control.
Additionally, FHA’s monitoring of reverse mortgages (a type of loan against home equity) and sales of defaulted loans has weaknesses. FHA has not established comprehensive performance indicators for reverse mortgages—a loan portfolio that has negatively affected the Mutual Mortgage Insurance Fund’s financial performance—or for defaulted loans sold to private purchasers. FHA also has not comprehensively monitored loan outcomes for reverse mortgages.
Demonstrated progress: not met. Overall progress on resolving the federal role in housing finance will be difficult to achieve until Congress provides further direction by enacting changes to the housing finance system. Assessing progress against specific goals is not yet possible because Congress has not provided a blueprint for the future federal role in housing finance or the future structure of the enterprises. Prolonging the enterprise conservatorships could create uncertainties for market participants and hinder progress toward the development of the broader mortgage securities market.
What Remains to Be Done
Housing agencies should implement our previous recommendations designed to help improve oversight of mortgage-related risks, consistent with federal internal control standards and Office of Management and Budget guidance for managing federal credit programs. In particular,
- Ginnie Mae should (1) evaluate the extent to which its guaranty fee provides sufficient reserves to cover potential losses under different economic scenarios, (2) analyze the costs of using contractors for its operations and develop a plan to determine the optimal mix of contractor or in-house staff, and (3) assess its contract administration options to determine the most efficient and effective use of funds.
- FHA should (1) develop performance indicators and analytic tools to better monitor outcomes for its reverse mortgage portfolio, and (2) develop objectives and measurable targets for sales of defaulted loans.
In the years since we added this area to the High-Risk List, we have made numerous recommendations related to this high-risk area, 25 of which were made since the last high-risk update in March 2019. As of December 2020, 19 recommendations remain open.
Congressional Actions Needed
Congressional actions we recommended from 2016 to 2019 will be needed to help resolve the federal role in housing finance and manage federal fiscal exposure to the mortgage market.
Specifically, Congress should consider legislation that
- establishes objectives for the future federal role in housing finance, including the structure of the enterprises;
- provides a transition plan to a reformed system that enables the enterprises to exit federal conservatorship; and
- considers all relevant federal entities, including FHA and Ginnie Mae.
Congress also should consider
- reforming Ginnie Mae's oversight structure to help address its increasing risks;
- requiring Ginnie Mae to evaluate and report on the adequacy of its current guaranty fee, its reliance on contractors and potential use of fee revenue to hire contractor and in-house staff, and how it would use greater flexibilities to set the compensation of its in-house staff;
- granting FHFA explicit authority to examine nonbank servicers and other third parties that do business with the enterprises; and
- specifying the economic conditions that FHA’s Mutual Mortgage Insurance Fund would be expected to withstand without substantial risk of drawing on supplemental funds, and require FHA to specify and comply with a capital ratio consistent with these conditions.
Related GAO Products
Reverse Mortgages: FHA Needs to Improve Monitoring and Oversight of Loan Outcomes and Servicing. GAO‑19‑702. Washington, D.C.: September 25, 2019.
Federal Housing Administration: Opportunities Exist to Improve Defaulted Single-Family Loan Sales. GAO‑19‑228. Washington, D.C.: July 3, 2019.
Federal Housing Administration: Improved Procedures and Assessment Could Increase Efficiency of Foreclosed Property Conveyances. GAO‑19‑517. Washington, D.C.: June 20, 2019.
Ginnie Mae: Risk Management and Staffing-Related Challenges Need to Be Addressed . GAO‑19‑191. Washington, D.C.: April 3, 2019.
Housing Finance: Prolonged Conservatorships of Fannie Mae and Freddie Mac Prompt Need for Reform. GAO‑19‑239. Washington, D.C.: January 18, 2019.
USPS Financial Viability
Bookmark:Comprehensive legislative reform and additional cost-cutting are needed for the U.S. Postal Service to achieve sustainable financial viability.
| Why Area Is High Risk USPS’s financial viability has been on our High-Risk List since 2009 due to the need for action to address USPS’s poor financial condition. USPS cannot fund its current level of services and financial obligations from its revenues. As an independent establishment in the executive branch, USPS has long been expected to provide affordable, quality, and universal postal service to all parts of the country while remaining self-financing. Specifically, USPS is expected to be financially self-sufficient by covering its expenses through revenues generated from the sale of its products and services. However, USPS is now unable to do so. The use of USPS’s most profitable product—First-Class Mail—is expected to continue declining for the foreseeable future. USPS also faces increasing competition in its growing but less profitable package shipping business. Meanwhile, key costs, such as compensation and benefits, are rising. We have long reported that USPS’s financial condition needed attention by Congress and USPS to achieve broad-based restructuring. Currently there are four open Matters for Congressional Consideration and one open recommendation that are related to this high-risk area. Contact Information For additional information about this high-risk area, contact David Trimble at (202) 512-2834 or trimbled@gao.gov. |
Since our 2019 High-Risk Report, ratings for four criteria remain unchanged, and the capacity criterion regressed to not met.
Progress on the U.S. Postal Service’s (USPS) financial viability requires action from both Congress and USPS to address both its annual operating losses and its unfunded long-term liabilities. USPS lost $87 billion over the past 14 fiscal years—including $9.2 billion in fiscal year 2020—and expects to lose $9.7 billion in fiscal year 2021.
Leadership commitment: partially met. USPS continues to seek some legislative and regulatory changes intended to improve its financial condition. For example, USPS has supported legislation that would integrate its retiree health program with Medicare. This would reduce its total unfunded liabilities by shifting these costs to the federal government.
USPS has also called for the elimination of the price cap that statutorily limits rate increases for most mail to the rate of inflation. Further, USPS leadership has stated that it plans to pursue operational changes in fiscal year 2021 that could help address USPS’s financial viability by reducing mail transportation, sorting, and delivery costs. However, the impact of these plans on USPS’s financial viability are uncertain and have met stakeholder opposition including lawsuits in federal court.
Capacity: not met. Since we last reported, USPS expenses exceeded revenues by $18 billion, as its labor compensation costs continue to increase while the volume of its most profitable mail products continue to decline. We reported in May 2020 that USPS’s business model is not financially sustainable and that congressional action is essential to reforming USPS’s business model.
Further, the imbalance between USPS’s revenues and expenses continued in fiscal year 2020. Absent legislative and regulatory change, USPS reported that it does not have the financial resources to carry out its primary mission, make certain required federal payments to fund retiree health benefits and accrued pension benefits, or meet its capital investment needs.
USPS did not make $63.2 billion in required payments to fund postal retiree health and pension benefits through fiscal year 2020. USPS reported that it did not make these payments so that it could cover current and anticipated operating costs, deal with contingencies, and make needed capital investments. USPS also has available to it an additional $10 billion in Coronavirus Disease 2019 (COVID-19)-related funding with the U.S. Department of the Treasury as authorized in the CARES Act, enacted in March 2020, as amended by the Consolidated Appropriations Act, 2021.
Even with this funding, USPS has stated that given its current business model, it anticipates that it will be able to cover its operating and other costs only by not making the required funding payments.
Defaulting on these funding payments adds to USPS’s already large unfunded liabilities, affects USPS’s capacity to become more financially viable, and could significantly impact USPS’s postal retirees and survivors. For example, USPS reported that at the end of fiscal year 2020 approximately 500,000 retirees receive retirement health benefits. We found in August 2018 that based on Office of Personnel Management projections, the fund supporting postal retiree health benefits would be depleted in fiscal year 2030 if USPS continues to miss all payments.
Depletion of the fund, together with USPS’s potential inability to pay its share of retiree health care premiums once they are no longer being paid from the fund, could result in some combination of reduced benefits for postal retirees, increased payments from retirees or current postal employees, higher postage rates, or payments from the federal government to fund these health care premiums.
USPS’s financial difficulties have also affected its ability to make significant capital investments that could improve its financial viability. USPS reported that it needs to increase capital spending and modernize its infrastructure after years of deferred capital investment.
However, USPS stated that it has decreased and reprioritized its capital investments due to COVID-19. COVID-19 rapidly accelerated the long-term decline in USPS’s most profitable types of mail, which, among other things, contributed to USPS’s 14th straight fiscal year of net losses. USPS still plans to replace its aging fleet of delivery vehicles to increase its capacity to deliver mail and packages in a more cost-efficient manner. However, given USPS’s financial uncertainty, the ability to make these investments may require additional tradeoffs with other commitments.
Action plan: partially met. USPS’s most recent 5-year strategic plan—for fiscal years 2020 to 2024—outlines its strategy for making progress towards financial viability. USPS has also developed annual performance plans and reports that specify goals for each fiscal year.
Additionally, USPS officials stated that they are working on a new strategic plan to be released in 2021 that will contain cost-reduction measures, among other things. However, as we reported in May 2020, USPS’s actions alone will be insufficient to restore its financial viability as statutory requirements limit USPS’s ability to raise revenues and reduce costs.
Monitoring: met. USPS continues to regularly monitor its financial viability through its independently-audited financial reports. These reports provide information on financial trends, such as (1) revenues and expenses; (2) unfunded liabilities; and (3) debt obligations.
In addition, through its annual performance plans and reports, USPS measures its performance in achieving strategic initiatives intended to improve its financial viability, such as improving customers’ experiences and providing high-quality service. Furthermore, these plans and reports note that aggressive management of its business operations, as well as legislative and regulatory reforms that will enable it to increase revenue and reduce costs, are all necessary to restore USPS to financial health.
Demonstrated progress: not met. USPS’s overall financial condition is unsustainable and deteriorating. Savings from USPS’s cost-reduction efforts have dwindled in recent years. Although the Postmaster General stated in his August 2020 congressional testimony that USPS will take steps to reduce costs in its control, further cost savings are limited under the existing statutory framework and would not be enough to close its financial gap. In addition, USPS’s costs have significantly increased as a result of COVID-19 due to higher sick-leave use, among other things.
USPS has taken some actions to address employee compensation costs—which represent about 77 percent of its total operating expenses in fiscal year 2020—but we found in January 2020 that USPS had likely overestimated its cost savings. We recommended USPS develop guidance to improve the accuracy of these estimates.
Further, at the end of fiscal year 2020, USPS’s total unfunded liabilities and debt were $188 billion—more than 250 percent of its annual revenue. These unfunded liabilities included about $75 billion in underfunding of retiree health care benefits, and about $61 billion in underfunding of pension benefits.
What Remains to Be Done
Although Congress and USPS took action to preserve USPS’s liquidity, these actions only address USPS’s short-term finances. Since 2010, we have stated that while USPS needs to cut its costs, congressional action is essential to restore USPS to financial viability. Continued congressional inaction will result in ever-larger annual losses and unfunded liabilities for USPS—making future reform more difficult and costly.
Congressional Actions Needed
Congress should consider (1) reassessing and determining the level of universal postal services the nation requires; (2) determining the extent to which USPS should be financially self-sustaining and what changes to federal statutes would be appropriate to meet this goal; (3) determining the most appropriate institutional structure for USPS that best supports the changes; and (4) evaluating the merits of different approaches to put postal retiree health benefits on a more sustainable financial footing, and then determining the most appropriate action to take.
We have also long reported that Congress should require that any binding arbitration in the negotiation process of USPS labor contracts take USPS’s financial condition into account.
Related GAO Products
U.S. Postal Service: Congressional Action Is Essential to Enable a Sustainable Business Model. GAO‑20‑385. Washington, D.C.: May 7, 2020.
U.S. Postal Service: Expanding Nonpostal Products and Services at Retail Facilities Could Result in Benefits, but May Have Limited Viability. GAO‑20‑354. Washington, D.C.: March 10, 2020.
U.S. Postal Service: Additional Guidance Needed to Assess Effect of Changes to Employee Compensation. GAO‑20‑140. Washington D.C.: January 17, 2020.
U.S. Postal Service: Offering Nonpostal Service through Its Delivery Network Would Likely Present Benefits and Limitations. GAO‑20‑190. Washington, D.C.: December 17, 2019.
Postal Retiree Health Benefits: Unsustainable Finances Need to Be Addressed . GAO‑18‑602. Washington, D.C.: August 31, 2018.
U.S. Postal Service: Projected Capital Spending and Processes for Addressing Uncertainties and Risks. GAO‑18‑515. Washington, D.C.: June 28, 2018.
Management of Federal Oil and Gas Resources
Bookmark:To enhance its oversight of oil and gas development on federal lands and waters, the Department of the Interior needs to accurately determine and collect revenue—including determining its fair share—and resolve its human capital challenges.
| Why Area Is High Risk We added management of federal oil and gas resources to the High-Risk List in 2011, based on challenges we identified in Interior’s management of oil and gas on leased federal lands and waters. This year we have narrowed the scope of this issue by removing the Restructuring of Offshore Oil and Gas Oversight segment due to BSEE’s progress addressing long-standing deficiencies in the bureau’s investigative, environmental compliance, and enforcement capabilities, and implementation of strategic initiatives to improve offshore oversight and internal management. However, Interior continues to face challenges with revenue determination and collection, and human capital. Revenue determination and collection. Interior lacks reasonable assurance that it is collecting its fair share of revenue from oil and gas produced on federal lands and waters. Human capital. While Interior has resolved some of its problems hiring, training, and retaining sufficient staff to oversee and manage oil and gas operations on federal lands and waters, it continues to face strategic challenges managing its onshore workforce. Contact Information For additional information about this high-risk area, contact Frank Rusco, (202) 512-4597, RuscoF@gao.gov. |
Since our 2019 High-Risk Report, the overall rating for this high-risk area remains unchanged at partially met for all five criteria. However, the Department of the Interior’s (Interior) Bureau of Safety and Environmental Enforcement (BSEE) has now met all criteria for the restructuring of the offshore oil and gas oversight segment and is no longer considered high risk. On the other hand, some ratings for the remaining two segments—revenue determination and collection and human capital challenges—regressed from partially met to not met.
Revenue Determination and Collection
Since 2019, Interior continues to partially meet the criteria for capacity, action plan, monitoring, and demonstrated progress for the revenue determination and collection segment. However, leadership commitment regressed from partially met to not met.
Leadership commitment: not met. The rating for leadership commitment regressed from partially met to not met for two reasons. First, in September 2018, Interior revised a 2016 rule that previously implemented some of our recommendations that the agency better account for methane emissions and potential royalties. The 2018 revisions effectively eliminated many of the 2016 provisions that implemented our recommendations (both rules, however, have been subject to legal challenges, which, at present, have largely invalidated the rules). Interior is also revising another set of regulations that had addressed our recommendations to accurately measure oil and gas for royalty purposes.
Second, in October 2020, we found that leadership at Interior’s Bureau of Land Management (BLM) was deficient when it implemented its royalty relief program in response to the falling domestic oil prices resulting from the Coronavirus Disease 2019 pandemic. Specifically, BLM management ineffectively communicated with BLM state office officials on how to manage its royalty relief program. This led to ad hoc and inconsistent decisions by BLM state offices when approving royalty relief requests. As a result, it is impossible for us or BLM to accurately estimate the effect on production and royalties.
Capacity: partially met. Interior has taken some steps to address its capacity to address weaknesses in its ability to determine and collect revenue. For example, Interior revised its regulations to provide the flexibility to set its onshore royalty at or above 12.5 percent for competitive leases. This revision allows the government to alter royalties if it deems this necessary to ensure a fair return for public resources.
However, Interior still has weaknesses in its capacity to determine whether the oil and gas royalties companies pay to Interior are accurate and complete. For example, Interior’s Office of Natural Resources Revenue (ONRR) lacks a goal for tracking the amount of oil and gas royalties subject to compliance efforts, including audits of oil and gas operators. Additionally, our ongoing work has found that some of Interior’s bureaus lack information technology systems to effectively manage the oil and gas data necessary for ensuring a fair return. In March 2021, we plan to issue a report that discusses Interior’s oil and gas data systems.
Action plan: partially met. In some cases, Interior has provided us with documentation outlining steps it has taken and time frames to address our recommendations. For example, ONRR provided an update in July 2020 on efforts to replace its risk model used to identify companies on which to conduct royalty compliance work.
However, Interior’s Royalty Policy Committee—which was established in March 2017 and tasked with advising the Secretary on fair market value and collection of revenues from energy and natural resources developed on federal lands—was allowed to lapse in April 2019. Then, after a federal court ruled that Interior did not properly follow procedures in setting up the committee, Interior chose not to re-establish the committee and has not replaced it with something comparable. Additionally, BLM has continued to postpone a long-planned internal review to assess the overall effectiveness of previously issued guidance on commingling requests—requests to combine oil or gas from public, state, or private leases prior to royalty measurement.
Monitoring: partially met. Interior has undertaken some efforts to monitor its performance addressing royalty determination and collection weaknesses. For instance, Interior has tracked and implemented a majority of our recommendations addressing revenue determination and collection. However, there is still uncertainty about Interior’s actions to rescind and revise regulatory actions that responded to our recommendations to better account for methane emissions and accurately measure oil and gas for royalty purposes.
Demonstrated progress: partially met. Interior has taken several steps to improve its revenue collection and determination efforts. Since Interior was first added to the High-Risk Report in 2011, it has implemented more than 40 of our recommendations related to this segment. Since our 2019 High-Risk Report, we added 11 recommendations to improve Interior’s ability to assess its revenue collection efforts and better ensure receipt of fair market value for offshore oil and gas leases and production.
While all these recommendations remain open, Interior officials said that they are generally taking steps to implement them. For example, ONRR officials told us in July 2020 that they were developing a new risk model for selecting companies or leases for compliance activities including audits.
On the other hand, Interior’s Bureau of Ocean Energy Management has not provided evidence regarding any actions it might be taking to address our recommendations to better ensure a fair return on federal offshore oil and gas resources through its processes to review company bids for offshore oil and gas leases.
What Remains to Be Done
As of December 2020, 14 recommendations related to this segment remain open. Interior generally concurred with our recommendations but needs to fully implement all of them to address its revenue determination and collection challenges. For example, Interior should continue its efforts to address our recommendations by assessing its royalty compliance efforts and offshore bid valuation processes to ensure the federal government receives fair market value for oil and gas resources. Finally, Interior’s leadership needs to commit to developing policies that consistently lead towards improvements in its revenue determination and collection activities and ensuring the government receives a fair return.
Human Capital Challenges
Since our 2019 High-Risk Report, Interior no longer partially meets the criteria for leadership commitment, capacity, and action plan. Interior continues to partially meet the monitoring and demonstrated progress criteria, as it did in 2019.
Leadership commitment: not met. Interior’s ability to address its human capital challenges has been affected by its July 2019 announcement to reorganize BLM by relocating most Washington, D.C.-based headquarters positions to western states. In March 2020, we reported that BLM did not substantially address key practices for effective agency reform. For example, BLM did not involve employees and stakeholders—a key practice—in the process of developing reforms. Rather than relocate to state and field offices, many headquarters staff left BLM, which caused BLM to lose expertise in headquarters functions, which may include oversight of oil and gas.
Capacity: not met. BLM’s decision to relocate most Washington, D.C.-based headquarters staff to BLM offices across the West or to its new headquarters facility in Colorado without any deliberation or input from staff negatively affected capacity. Of the 311 positions moving west, 132 were vacant in July 2019 and an additional 81 staff either declined the reassignment or separated from their position as of January 2020. As of January 2020, these actions had resulted in a vacancy rate of about 68 percent among these positions, and BLM may be unable to ensure that it has the capacity to continue delivering services previously provided by those staff. We are currently following up on the effects of BLM’s headquarters relocation and loss of staff as well as its efforts to refill these positions.
Further, BLM continues to face challenges with capacity, especially in its hiring, training, and retention of petroleum engineers (PE) and petroleum engineer technicians (PET) needed to oversee federal oil and gas resources. For example, in March 2020, we reported that BLM receives more drilling applications each year than its staff can review.
Action plan: not met. In response to BLM’s decision in 2019 to relocate its headquarters to the West, we requested that BLM provide its assessment of the expected effects of its reorganization on the current and future workforce. Since BLM did not provide an assessment, we recommended that it complete a strategic workforce plan that addresses how it will recruit for and fill vacant positions resulting from the relocations. While BLM provided comments on our report, it neither agreed nor disagreed with our recommendations. This raised questions about BLM’s commitment to implementing the recommendations and its ability to ensure its workforce composition aligns with its mission and priorities.
Monitoring: partially met. Interior has implemented many of our recommendations, including to utilize hiring and retention bonuses to meet its challenges in hiring for key skilled positions. It has also made progress in hiring and retaining staff. Further, Interior has taken steps to annually evaluate its bureaus’ training needs, effectiveness, and resources. However, Interior still needs to regularly document these actions so that it can track its progress over time. In March 2020, we recommended that Interior establish outcome-oriented performance measures to assess the effectiveness of BLM’s reorganization. Interior neither agreed nor disagreed with our recommendation.
Demonstrated progress: partially met. Interior is addressing its human capital challenges by evaluating hiring and retention incentives and training programs for PE and PETs. For example, Interior evaluated training needs, training effectiveness, and sharing training resources for PEs and PETs. However, as stated previously, BLM neither agreed nor disagreed with our strategic workforce plan recommendation. Without strategic workforce planning, the successful implementation of future reorganization and continued delivery of services is at risk.
What Remains to Be Done
Interior needs to provide documentation that it has evaluated the bureaus’ training programs and plans to evaluate the bureaus’ training programs each year. Additionally, Interior needs to implement the following recommendations to successfully implement the BLM reorganization:
- establish outcome-oriented performance measures to assess the effectiveness of BLM’s reorganization; and
- complete a strategic workforce plan that addresses how BLM will recruit for and fill vacant positions resulting from the relocations.
To inform future strategic workforce planning for BLM and other Interior bureaus, Interior needs to ensure that Interior’s bureau leadership incorporates key practices for effective agency reforms prior to implementing reorganization activities at other Interior bureaus.
Restructuring of Offshore Oil and Gas Oversight (Segment removed)
The ratings for this segment improved from partially met to met for all criteria since 2019. Consequently, we have removed the segment from this high-risk area.
Leadership commitment: met. Since our 2019 High-Risk Report, Interior has met the criteria for leadership commitment to restructure offshore oil and gas oversight. For example, BSEE’s Director led a change management initiative program that encompassed more than 180 actions to implement reforms throughout the bureau and included efforts such as an internal assessment of its environmental compliance program. Some of these actions were specifically designed to address our outstanding recommendations regarding the bureau’s restructuring and related strategic initiatives.
Capacity: met. Since our 2019 report, BSEE has met the criteria for capacity for restructuring of offshore oil and gas oversight. BSEE has taken steps to address trust concerns between headquarters and field personnel that have historically hindered the bureau’s ability to effectively implement restructuring reforms. For example, BSEE created an Employee Engagement Council to obtain input from employees and incorporate their feedback into bureau restructuring reforms and related strategic initiatives.
Action plan: met. Since our 2019 report, BSEE has met the action plan criteria for restructuring of offshore oil and gas oversight. For each of its reform efforts, BSEE’s change management initiative program identifies specific steps, completion target dates, parties responsible, and their relationship to bureau strategic goals, such as safety, environmental stewardship, and energy security goals.
Monitoring: met. Since our 2019 report, BSEE has met the monitoring criteria for restructuring of offshore oil and gas oversight. BSEE’s change management initiative program includes regular status updates to bureau leadership identifying reform efforts as complete, on schedule, or delayed. BSEE has also improved its enterprise risk management framework and developed a performance management “dashboard” of programmatic performance indicators, both of which better enable the bureau to assess and address the efficacy of its reforms.
Demonstrated progress: met. Since our 2019 report, BSEE has met the criteria for demonstrated progress for restructuring offshore oil and gas oversight. The bureau has addressed eight of the 13 recommendations relevant to BSEE restructuring and related strategic initiatives and has made significant progress addressing the remaining five. For example, BSEE issued a series of manual chapters, policy handbooks, and standard operating procedures that define the responsibilities of its incident investigations, environmental compliance, and safety enforcement divisions—the three oversight functions that comprised the bureau’s restructuring effort.
Related GAO Products
Priority Open Recommendations: Department of the Interior. GAO‑20‑289PR. Washington, D.C.: April 6, 2020.
Bureau of Land Management: Agency's Reorganization Efforts Did Not Substantially Address Key Practices for Effective Reforms. GAO‑20‑397R. Washington, D.C.: March 6, 2020.
Offshore Oil and Gas: Opportunities Exist to Better Ensure a Fair Return on Federal Resources. GAO‑19‑531. Washington, D.C.: September 25, 2019.
Federal Oil and Gas Royalties: Additional Actions Could Improve ONRR's Ability to Assess Its Royalty Collection Efforts. GAO‑19‑410. Washington, D.C.: May 31, 2019.
Oil and Gas Management: Stronger Leadership Commitment Needed at Interior to Improve Offshore Oversight and Internal Management. GAO‑17‑293. Washington, D.C.: March 21, 2017.
Oil and Gas Oversight: Interior Has Taken Steps to Address Staff Hiring, Retention, and Training but Needs a More Evaluative and Collaborative Approach. GAO‑16‑742. Washington, D.C.: September 29, 2016.
Oil and Gas: Interior Could Do More to Account for and Manage Natural Gas Emissions. GAO‑16‑607. Washington, D.C.: July 7, 2016.
Oil and Gas Management: Interior’s Bureau of Safety and Environmental Enforcement Has Not Addressed Long-Standing Oversight Deficiencies. GAO‑16‑245. Washington, D.C.: February 10, 2016.
Limiting the Federal Government’s Fiscal Exposure by Better Managing Climate Change Risks
Bookmark:To reduce its fiscal exposure to climate change, the federal government needs a cohesive, strategic approach with strong leadership and the authority to manage risks across the entire range of related federal activities.
| Why Area Is High Risk Numerous studies have concluded that climate change poses risks to many environmental and economic systems and creates a significant fiscal risk to the federal government. For example, according to the November 2018 National Climate Assessment report, the continued increase in the frequency and extent of high-tide flooding due to sea level rise threatens America’s trillion-dollar coastal property market and public infrastructure, with cascading impacts on the larger economy. We added this area to the High-Risk List in 2013. There are five areas in which government-wide action is needed to reduce federal fiscal exposure, including, but not limited to, the federal government’s roles as (1) insurer of property and crops; (2) provider of disaster aid; (3) owner or operator of infrastructure; (4) leader of a strategic plan to coordinate federal efforts; and (5) provider of data and technical assistance to decision makers. We have made 75 recommendations and suggested five matters for congressional consideration related to this high-risk area; 15 and three of which were made since the 2019 high-risk update, respectively. As of December 2020, 30 recommendations remain open. Contact Information For additional information about this high-risk area, contact J. Alfredo Gómez at (202) 512-3841 or gomezj@gao.gov. |
Since our 2019 High-Risk Report, the federal government has yet to make measurable progress to reduce its fiscal exposure to climate change. As a result, ratings for all five criteria remain unchanged at partially met or not met.
Similarly, ratings for each of the five segments in this high-risk area remain unchanged at partially met or not met.
This update is based primarily on reports we issued as of mid-January 2021.
Federal Insurance Programs
Since 2019, the ratings for this segment remain unchanged at partially met or not met.
Leadership commitment: partially met. Leadership commitment remains partially met to reflect actions by Congress and federal agencies, such as the passage and implementation of the Biggert-Waters Flood Insurance Reform Act of 2012.
As directed by the act, the Technical Mapping Advisory Council (TMAC) produced a “Future Conditions Risk Assessment and Modeling Report” in 2015 with several recommendations on how to ensure (1) flood insurance rate maps incorporate the best available climate science to assess flood risks, and (2) the Federal Emergency Management Agency (FEMA) uses the best available methodology to consider the impact of rising sea levels and future development on flood risk.
FEMA is working to implement these recommendations. For example, in a February 2020 testimony, an official from FEMA said it has conducted several pilot studies on sea level rise and is working to identify specific research gaps to inform the design of additional future conditions pilot projects.
However, the federal government should take additional actions to improve the long-term resilience of insured structures and crops and address structural weaknesses in the insurance programs. For example, Congress should consider comprehensive reform to the National Flood Insurance Program, as we suggested in April 2017.
Capacity: partially met. Capacity remains partially met to reflect the continuing actions by FEMA and the U.S. Department of Agriculture (USDA) to improve stakeholder capacity to increase their resilience to climate change. For example, in a February 2020 testimony, an official from FEMA said it is working to identify best practices for developing products and tools useful in communicating risk around future conditions to communities. Additionally, USDA’s Climate Hubs—which deliver relevant science-based knowledge to agricultural producers—continue to provide information that may improve producers’ capacity to manage climate change impacts for crop insurance.
However, the federal government should take additional actions to increase capacity. For example, the Secretary of Agriculture should direct USDA to incorporate resilient agricultural practices into expert guidance for growers, as we recommended in October 2014.
Action plan: partially met. FEMA and USDA previously identified actions to address aspects of climate change in their programs on an advisory basis in FEMA’s 2015 TMAC report and USDA’s 2016 Building Blocks for Climate Smart Agriculture and Forestry initiative. However, these actions do not fully address our recommendations, such as incorporating forward-looking requirements into floodplain management minimum standards.
Monitoring: not met. The federal government has not established a mechanism to monitor the effectiveness of actions to improve the long-term resilience of federally insured structures and crops. For example, FEMA has not published metrics and milestones to assess its progress incorporating future conditions into flood map products. USDA established milestones for certain actions to improve resilience and monitored its progress from 2016 through 2018, but no longer does so.
Demonstrated progress: not met. The federal government has not implemented our recommendations to improve the resilience of federally insured property or address structural weaknesses in each program.
What Remains to Be Done
The federal government should incentivize climate resilience by incorporating it into the requirements for receiving payments from federal flood and crop insurance programs. For example, agencies should implement these recommendations we made in October 2014:
- The Secretary of the Department of Homeland Security should direct FEMA to consider amending the floodplain management minimum standards to incorporate forward-looking requirements, similar to the minimum flood risk reduction standard adopted by the Hurricane Sandy Rebuilding Task Force. FEMA agreed with this recommendation; however, FEMA has not implemented it as of December 2020.
- The Secretary of Agriculture should direct USDA to consider working with agricultural experts to incorporate long-term resilience into the good farming practices that are required for claim payments. USDA neither agreed nor disagreed with this recommendation, and has not implemented it as of December 2020.
Congressional Actions Needed
Reducing federal fiscal exposure to climate change risks will also require congressional action to address other structural challenges in the insurance programs that send inaccurate price signals to policyholders about their risk of loss or that increase the cost of these programs to taxpayers. For example:
- Congress should consider repealing certain provisions in the Agricultural Act of 2014 that hinder the crop insurance program’s ability to adjust participating private insurers’ rate of return and share of premiums as changing conditions warrant, as we suggested in July 2017.
- Congress should consider comprehensive reform to the National Flood Insurance Program to improve its solvency and enhance the nation’s resilience to floods, including funding for flood mitigation and flood mapping, as we suggested in April 2017.
Disaster Aid and Resilience
Since 2019, the ratings for this segment remain unchanged at partially met or not met.
Leadership commitment: partially met. Leadership commitment remains partially met to reflect actions by Congress and federal agencies, such as passage of the Disaster Recovery Reform Act of 2018 (DRRA) in October 2018. Among other things, DRRA allows the President to set aside, with respect to each major disaster, a percentage of the estimated aggregate amount of certain grants to use for pre-disaster hazard mitigation. DRRA also makes federal assistance available to state and local governments for building code administration and enforcement.
However, we have reported that the federal government’s approach to disaster risk reduction has been reactive and fragmented. Top leadership within the executive branch should take additional actions to improve state and local resilience, and develop the information needed to manage disaster assistance programs. For example, the Executive Office of the President (EOP), among others, should use information on potential economic effects of climate change to help identify significant climate risks and craft appropriate federal responses, as we recommended in September 2017.
In addition, the Office of Management and Budget (OMB) should adopt adequate budgeting procedures to account for the costs of disasters, as we recommended in 2003. OMB should also provide funding information for federal programs with fiscal exposure to climate change, as we recommended in April 2018.
Capacity: partially met. Capacity remains partially met to reflect actions by FEMA and DOD. For example, as a result of DRRA, in August 2020, FEMA established the Building Resilient Infrastructure and Communities grant program to support pre-disaster investment in community resilience efforts and has begun accepting applications. Additionally, the Department of Defense (DOD) launched two new grant programs in fiscal year 2020 that support resilience in communities near DOD facilities. However, it is too early to tell whether these measures will improve state and local capacity for resilience.
The federal government has yet to implement key recommendations to improve capacity in this area. For example, FEMA should determine what additional actions may be needed to close capability gaps at each jurisdiction level, as we recommended in March 2011.
Action plan: not met. In August 2019, FEMA and its partners published the National Mitigation Investment Strategy to plan for disaster resilience investment. However, the strategy does not explicitly address future climate change risks or include a strategic approach to identify and prioritize specific climate resilience projects for federal investment, as we recommended in 2015.
Additionally, FEMA’s 2018–2022 Strategic Plan—issued in March 2018— established performance targets doubling the number of properties covered by flood insurance and quadrupling the amount of pre-disaster mitigation by 2022. However, without a comprehensive strategy in place to identify and prioritize FEMA and the federal government’s climate resilience investments, it is unclear whether these efforts will reduce federal fiscal exposure.
Monitoring: not met. The federal government does not have a mechanism to track the effectiveness of federal investments in disaster resilience. Without progress in leadership commitment, capacity, and action planning, there is currently little to monitor.
Demonstrated progress: not met. The federal government has not developed the information necessary to account for its fiscal exposure to climate change or a strategy to reduce this exposure.
What Remains to Be Done
The federal government should develop the information needed to manage disaster assistance programs’ long-term exposure to climate change and fully implement measures that promote resilience from our prior recommendations and DRRA. For example:
- OMB should provide, concurrent with any future climate change funding reports to Congress, funding information for federal programs with fiscal exposure to climate change, including costs for disaster assistance programs, as we recommended in April 2018. OMB disagreed with this recommendation and has not implemented it as of December 2020.
- EOP and others should use information on the potential economic effects of climate change to help identify significant climate risks facing the federal government and craft appropriate federal responses, as we recommended in September 2017. EOP neither agreed nor disagreed with our recommendation and has not implemented it as of December 2020.
- FEMA should update the methodology for assessing jurisdictions’ capability to respond to and recover from a disaster without federal assistance, as we recommended in September 2012. In December 2020, in response to a requirement in DRRA, FEMA issued a notice of proposed rulemaking to substantively revise its methodology. However, it is too early to determine what changes, if any, will be made.
- FEMA should complete a national preparedness assessment of capability gaps at each jurisdiction’s level based on tiered, capability-specific performance objectives to enable better prioritization of FEMA grant funding to states and localities, as we recommended in March 2011. FEMA has taken steps to implement it, such as developing guidance for jurisdictions. However, the agency has not determined what additional actions may be needed to close the remaining gaps.
- OMB should adopt adequate budgeting and forecasting procedures to account for fiscal exposures, such as major disaster costs, as part of the federal budget process, as we recommended in 2003. OMB neither agreed nor disagreed with this recommendation and has not taken any action to implement it as of December 2020.
Federal Government as Property Owner
Since 2019, the ratings for this segment remain unchanged at partially met and not met.
Leadership commitment: partially met. Leadership commitment remains partially met to reflect actions by Congress, such as passage of the National Defense Authorization Acts for Fiscal Years 2020 and 2021. Among other things, the 2020 act directs DOD to incorporate resilience to current and future projected climate-related risks and threats into its installations’ master plans. The act also requires DOD to amend its criteria related to construction planning and design to ensure that building practices and standards promote climate resilience.
The 2021 act, among other things, directs DOD to update its 2014 Adaptation Roadmap to include a strategy to address the current and foreseeable effects of extreme weather and sea level fluctuations on the department’s mission, including a discussion of these effects on various infrastructure, such as military installation resilience. Further, in September 2020, the Army published Directive 2020-08 which requires commanders of Army installations to assess, plan for, and adapt to the projected impacts of climate change and extreme weather.
However, top leadership within the executive branch should develop a comprehensive approach to improve the resilience of the facilities the federal government owns and operates and land it manages. For example, we previously reported that without guidance from the Council on Environmental Quality (CEQ) directing agencies to consider climate change in their National Environmental Policy Act of 1969 (NEPA) reviews, agencies do not have White House direction to consider climate change impacts, such as sea level rise, when planning federally-funded infrastructure.
Additionally, we have reported that implementing the January 2015 federal flood risk management standard—which required all future federal investments in, and affecting, floodplains to meet a certain elevation level—would have enhanced federal flood resilience by ensuring agencies addressed current and future flood risk. However, since Executive Order 13807 was rescinded in August 2017, the federal government has not taken any further action as of December 2020.
Capacity: not met. The federal government has not increased capacity in this area. The federal government has not implemented our recommendations to increase capacity in this area, such as by providing the best available forward-looking climate information to standards-developing organizations as we recommended in 2016. Nor has DOD fully implemented our June 2019 recommendation to issue guidance on incorporating climate projections into military installation master planning.
Action plan: partially met. Action plan remains partially met to reflect actions by agencies. For example, DOD has made some progress implementing our (1) May 2014 recommendations to consider climate change impacts for its domestic installations, and (2) June 2019 recommendations to issue guidance on incorporating climate projections into installation master planning and facilities project designs. However, DOD has yet to implement our November 2017 recommendations to consider climate change impacts for its overseas installations.
Further, the federal government has not developed a comprehensive approach to improving the resilience of the facilities it owns and operates and land it manages by incorporating climate change resilience into agencies’ infrastructure and facility planning processes.
Monitoring: not met. The federal government does not have a mechanism to track agencies’ progress toward sustainability goals, including federal facilities’ resilience to climate change impacts. Executive Order 13834 revoked Executive Order 13693, which we previously found partially met this criterion because it established a mechanism for OMB to monitor agencies’ progress toward sustainability goals. These goals included federal facilities’ resilience to climate change impacts.
Demonstrated progress: not met. The federal government has not implemented our recommendations to improve resilience government-wide.
What Remains to Be Done
The federal government needs a comprehensive approach to improve the resilience of the facilities it owns and operates and land it manages. This involves incorporating climate change resilience into agencies’ infrastructure and facility planning processes. It also involves accounting for climate change in NEPA analyses and working with relevant professional associations to incorporate climate change information into structural design standards. For example:
- DOD should issue guidance on incorporating climate projections into installation master planning and facilities project designs, as we recommended in June 2019. DOD agreed with this recommendation and expects to finish developing such guidance by the second quarter of fiscal year 2021.
- The Department of Commerce (Commerce) should convene federal agencies to provide the best available forward-looking climate information to standards-developing organizations, as we recommended in November 2016. Commerce neither agreed nor disagreed with this recommendation and has not implemented it as of December 2020.
- CEQ should finalize guidance on how federal agencies can consider climate change in their evaluations of proposed federal actions under NEPA, as we recommended in April 2013. In August 2016, CEQ issued final guidance, but it rescinded this guidance in April 2017.
Federal Government as Leader of National Climate Strategic Plan
As of 2019, the ratings for this segment remain unchanged at not met.
Leadership commitment: not met. The federal government has not demonstrated leadership commitment to reducing fiscal exposure to climate change. For example, the federal government has not led the development of a national climate strategic plan.
A strategic approach for federal investments in climate resilience would allow for a more purposeful, coordinated, and comprehensive federal response to climate risks, as we reported in October 2019. For example, a strategic approach could help target federal resources toward high-priority projects that manage some of the nation’s most significant climate risks. The federal government is currently not well organized to address the fiscal exposure presented by climate change, in part because of the inherently complicated crosscutting nature of the issue.
Capacity: not met. The federal government has not increased capacity in this area. For example, entities within EOP, including OMB, have not provided information to Congress on fiscal exposures related to climate change.
Action plan: not met. The federal government has not developed a strategic plan to guide the nation’s efforts to adapt to climate change. For example, as previously mentioned, FEMA and its partners issued the National Mitigation Investment Strategy in August 2019. However, the strategy does not include a detailed strategic approach to prioritize investments for disaster risk reduction that explicitly accounts for future climate change risks.
Monitoring: not met. The federal government has not established mechanisms to monitor progress in this area. Without progress in leadership commitment, capacity, and action planning, there is currently little to monitor.
Demonstrated progress: not met. FEMA and its partners implemented our 2015 recommendation to develop a national mitigation investment strategy. However, the federal government still needs to take actions to fully address the following recommendations.
What Remains to Be Done
The federal government could better reduce its fiscal exposure if federal efforts were coordinated and directed toward common goals, such as improving climate resilience. For example, entities within EOP, including OMB, should do the following:
- Develop a strategic plan to guide the nation’s efforts to adapt to climate change. This plan should include clear priorities that reflect the full range of climate-related federal activities, as well as establish clear roles, responsibilities, and working relationships among federal, state, and local governments, as we recommended in May 2011.
- Use information on potential economic effects from climate change to help identify significant climate risks and craft appropriate federal responses, as we recommended in September 2017.
- Provide information on fiscal exposures related to climate change to Congress in conjunction with future reports on climate change funding, as we recommended in April 2018.
EOP neither agreed nor disagreed with our recommendations to develop a strategic plan to guide adaptation efforts and to use information on potential economic effects from climate change to identify significant risks and responses. OMB disagreed with our recommendation to provide information on fiscal exposures related to climate change to Congress in conjunction with any future climate change funding reports. As of December 2020, EOP and OMB have not implemented these recommendations.
Congressional Actions Needed
Reducing federal fiscal exposure to climate change risks will also require congressional action. For example, we have suggested the following:
- Congress should consider establishing a federal organizational arrangement to periodically identify and prioritize climate resilience projects for federal investment, as we suggested in October 2019.
- Congress should consider establishing a pilot program with leadership from a defined federal organizational arrangement. This program would identify and provide assistance to climate migration projects for communities that express affirmative interest in relocation as a resilience strategy, as we suggested in July 2020.
Technical Assistance to Federal, State, Local, and Private-Sector Decision Makers
As of 2019, the ratings for this segment remain unchanged at not met.
Leadership commitment: not met. The federal government has not demonstrated top leadership support for federal technical assistance. For example, it has not led the development of a government-wide approach for providing decision makers with the best available climate-related information and assistance with translating such information. Nor has the federal government taken action to ensure projects that receive financial assistance adequately address risks from climate change.
Capacity: not met. The resources and government-wide structure for providing technical assistance to decision makers—with clear roles, responsibilities, and working relationships among federal, state, local, and private-sector entities—remain undefined. For example, in 2019, we reported that federal, state, local, and private-sector decision makers may be unaware that climate information exists or may be unable to use what is available, largely because the federal government’s own climate data are fragmented across individual agencies that use the information in different ways to meet their missions.
Since 2013, we have made multiple recommendations to EOP and individual agencies to address these issues; however, EOP and individual agencies have yet to make progress implementing them.
Action plan: not met. The federal government has not developed a plan to implement a system to provide information to decision makers to support climate resilience, as we recommended in November 2015.
Monitoring: not met. There are no programs or mechanisms to monitor government-wide progress in addressing the challenges we have identified related to the federal government’s role in providing climate-related technical assistance. These challenges include, for example, clarifying the roles, responsibilities, and working relationships among federal, state, local, and private-sector entities; identifying the necessary resources and establishing the government-wide structure necessary to implement plans; and addressing the fragmentation of federal climate information across individual agencies that use the information in different ways to meet their missions.
Demonstrated progress: not met. The federal government has not improved its technical assistance to decision makers, as we have recommended.
What Remains to Be Done
The federal government needs a government-wide approach for providing federal, state, local, and private-sector decision makers with (1) the best available climate-related information, and (2) assistance with translating climate-related data into accessible information. As a result, we recommended in November 2015 that EOP:
- designate a federal entity to develop and periodically update a set of authoritative climate observations and projections for use in federal decision-making, which other decision makers could also access; and
- designate a federal entity to create a national climate information system with defined roles for federal agencies and nonfederal entities with existing statutory authority.
EOP neither agreed nor disagreed with our recommendations and has not implemented them as of December 2020.
Further, federal agencies could better provide technical assistance to decision makers. For example, we have made the following recommendations:
- The Environmental Protection Agency (EPA) should identify technical assistance providers and engage them in a network to help water utilities incorporate climate resilience into their infrastructure projects, as we recommended in January 2020. EPA neither agreed nor disagreed with this recommendation and has not implemented it as of December 2020.
- EPA should provide direction on how to integrate information on the potential impacts of climate change effects into risk assessments and risk response decisions at Superfund sites, as we recommended in October 2019. EPA disagreed with these recommendations and expects to issue a memorandum to provide such direction by fall of 2021.
- DOD should issue guidance on incorporating climate projections into installation master planning and facilities project designs, as we recommended in June 2019. DOD agreed with these recommendations and is developing such guidance; it expects to implement these recommendations by the second quarter of fiscal year 2021.
Congressional Actions Needed
Reducing federal fiscal exposure to climate change risks will also require congressional action to ensure infrastructure projects that receive financial assistance adequately address risks from climate change. For example,
Congress should consider requiring that climate resilience be incorporated in the planning of all drinking water and wastewater projects that receive federal financial assistance, as we suggested in January 2020.
Related GAO Products
Climate Change: A Climate Migration Pilot Program Could Enhance the Nation’s Resilience and Reduce Federal Fiscal Exposure. GAO‑20‑488. Washington, D.C.: July 6, 2020.
National Flood Insurance Program: Fiscal Exposure Persists Despite Property Acquisitions. GAO‑20‑508. Washington, D.C.: June 25, 2020.
Water Infrastructure: Technical Assistance and Climate Resilience Planning Could Help Utilities Prepare for Potential Climate Change Impacts. GAO‑20‑24. Washington, D.C.: January 16, 2020.
Climate Resilience: A Strategic Investment Approach for High-Priority Projects Could Help Target Federal Resources. GAO‑20‑127. Washington, D.C.: October 23, 2019.
Disaster Resilience Framework: Principles for Analyzing Federal Efforts to Facilitate and Promote Resilience to Natural Disasters. GAO‑20‑100SP. Washington, D.C.: October 23, 2019.
Superfund: EPA Should Take Additional Actions to Manage Risks from Climate Change. GAO‑20‑73. Washington, D.C.: October 18, 2019.
Climate Resilience: DOD Needs to Assess Risk and Provide Guidance on Use of Climate Projections in Installation Master Plans and Facilities Designs. GAO‑19‑453. Washington, D.C.: June 12, 2019.
Climate Change: Analysis of Reported Federal Funding. GAO‑18‑223. Washington, D.C.: April 30, 2018.
Climate Change: Information on Potential Economic Effects Could Help Guide Federal Efforts to Reduce Fiscal Exposure. GAO‑17‑720. Washington, D.C.: September 28, 2017.
Climate Information: A National System Could Help Federal, State, Local, and Private Sector Decision Makers Use Climate Information. GAO‑16‑37. Washington, D.C.: November 23, 2015.
Improving the Management of IT Acquisitions and Operations
Bookmark:To better manage tens of billions of dollars in information technology (IT) investments, the Office of Management and Budget (OMB) and other federal agencies should continue to fully implement critical requirements of federal IT acquisition reform legislation.
| Why Area Is High Risk The executive branch has undertaken numerous initiatives to better manage the more than $90 billion that is annually invested in IT. However, federal IT investments too frequently fail or incur cost overruns and schedule slippages while contributing little to mission-related outcomes. These investments often suffer from a lack of disciplined and effective management, such as project planning, requirements definition, and program oversight and governance. In 2015, we added the government’s management of IT acquisitions and operations to the High-Risk List. Recognizing the severity of issues related to the government-wide management of IT, in December 2014, Congress and the President enacted federal IT acquisition reform legislation. In November 2017, and then again in December 2019, the sunset dates of several of these statutory provisions were extended or removed. Among other things, these laws require covered agencies to: (1) enhance agency CIO authority, (2) enhance transparency and improve risk management of IT investments, and (3) consolidate federal data centers. Further, legislation enacted in December 2017 established a means for agencies to “borrow” funds in order to modernize their aging IT systems. Contact Information For additional information about this high-risk area, contact Carol Harris at (202) 512-4456 or harriscc@gao.gov. |
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.
Leadership commitment: met. OMB continues to demonstrate its leadership commitment by (1) issuing guidance for covered departments and agencies (agencies) to implement statutory provisions commonly referred to as the Federal Information Technology Acquisition Reform Act (FITARA), (2) optimizing federal data centers, and (3) issuing a new federal government-wide strategy for cloud computing.
It will be important for OMB to maintain its current level of leadership support and commitment to ensure that agencies successfully execute OMB’s guidance on implementing FITARA and related IT reform initiatives. Sustained congressional focus on the implementation of FITARA has led to improvement, as highlighted in agencies’ FITARA implementation scores issued biannually by the House Committee on Oversight and Reform. However, continued executive branch and congressional attention is necessary.
Capacity: partially met. In December 2017, the Technology Modernization Fund (TMF) was established by the Modernizing Government Technology Act to assist agencies with funding to replace aging IT systems. Agencies receive incremental award funding and are required to repay the funds transferred and pay an administrative fee within 5 years. OMB, the General Services Administration (GSA), and the Technology Modernization Board oversee the TMF.
From March 2018, when GSA established the TMF Program Management Office to administer fund operations, to August 2019, the office had obligated about $1.2 million to cover its expenses from managing the fund. However, it had collected limited administrative fees to offset its expenses. As a result, the Technology Modernization Board had fewer funds available than anticipated to award to new projects.
Going forward, OMB and the TMF Program Management Office are likely to face ongoing challenges in collecting administrative fees due to factors that affect fee collection, such as project changes and the office’s lengthy time frame for recovering all costs. We made five recommendations to GSA and OMB in a December 2019 report, including that they (1) develop a plan to fully recover operating costs and (2) clarify that agencies should follow required cost guidance. As of December 2020, none of the recommendations had been implemented.
Twenty-one of the 24 major federal agencies still have not implemented our 2018 recommendations that the agencies modify their practices to fully address the role of their chief information officers (CIO) consistent with federal laws and OMB’s FITARA guidance. The guidance covers, among other things, enhancing the authority of federal CIOs and ensuring that program staff have the necessary knowledge and skills to effectively acquire IT. Progress in establishing key IT workforce planning processes is also lacking. None of the recommendations we made to five agencies in a November 2016 report have been implemented.
Action plan: partially met. Agencies continue to make progress with requirements under FITARA. Specifically, four of 24 agencies have reported completing all milestones within their plans to address the areas of IT management that we have identified as high risk, such as reviewing poorly performing investments and managing agencies’ IT portfolios. Eighteen agencies reported milestones that are still in progress or deferred. Two agencies have not reported on the status of their milestones and some agencies have not updated the status of their milestones in several years.
Agencies also continue to make progress with plans to modernize or replace obsolete IT investments. Specifically, 10 of 12 agencies implemented the recommendations we made in 2016 to identify and plan to modernize or replace legacy IT systems.
In 2019, we also reported on the need for agencies to develop plans to modernize critical legacy systems. Among the 10 most critical legacy systems that we identified as needing modernization, several used outdated languages, had unsupported hardware and software, and were operating with known security vulnerabilities.
Of the 10 agencies responsible for these legacy systems, seven agencies had documented plans for modernizing the systems. However, most lacked the key elements identified in best practices (milestones, a description of the work necessary to complete the modernization, and a plan for the disposition of the legacy system). The remaining three agencies did not have documented modernization plans.
We made eight recommendations to eight agencies to address these weaknesses and, as of December 2020, none had been implemented.
However, given the cost to maintain legacy systems, in 2010 OMB began requiring agencies to shift their IT services to a cloud computing option when feasible. In 2019, we reported that the 16 agencies we reviewed had made progress in implementing cloud computing services—namely, they established assessment guidance, performed assessments, and implemented these services—but the extent of their progress varied.
We made one recommendation to OMB on cloud savings reporting and 34 recommendations to the 16 agencies on cloud assessments and savings. OMB neither agreed or disagreed and has yet to implement our recommendation. However, two of the 16 agencies have begun to make progress on implementing these recommendations.
Monitoring: partially met. Since our High-Risk Report in 2019, agencies have made progress in identifying their IT contracts and ensuring that acquisition offices are involved. Specifically, in January 2018, we made recommendations to 20 agencies to identify IT contracts and ensure the involvement of an acquisition officer; 16 agencies have implemented our recommendations.
However, we also reported in November 2018 that four selected agencies needed to consistently provide CIOs with visibility into resources, input to resource plans, and meaningful review and approval of IT budgets. As of December 2020, only four of our 43 recommendations to those agencies had been implemented.
Additionally, in September 2020, we reported on the need for federal agencies to take further action to reduce duplicative IT contracts. We found that efforts varied to implement five OMB category management activities aimed at preventing, identifying, and reducing such contracts. We made 20 recommendations to six of the seven agencies in our review to fully implement category management and spend analyses activities.
Lastly, since issuing our 2017 report on implementing adequate incremental development approaches for major IT investments, 13 of 17 agencies have fully addressed recommendations to improve reporting accuracy and update or establish certification policies. Implementing the remaining recommendations will help agencies to ensure that accurate data are made available for the oversight and management of their investments.
Demonstrated progress: partially met. In our 2019 High-Risk Report, we noted that agencies had reported achieving slightly more than 80 percent of their planned data center consolidation savings, a critical step toward addressing this high-risk area. To agencies’ credit, they have continued to make further progress against their goals. Since the beginning of 2019, agencies have reported an additional $440 million in savings.
As of July 2020, OMB and agencies had implemented 133 of the 204 recommendations made to them to improve the reporting of related cost savings and to achieve optimization targets. Implementation of these remaining recommendations by OMB and the agencies could yield additional cost savings.
We also reported in our 2019 High-Risk Report that OMB and federal agencies had fully implemented about 59 percent of the total recommendations we had made since fiscal year 2010 to address shortcomings in IT acquisitions and operations. As of December 2020, that number has increased, with federal agencies fully implementing 65 percent of the 1,396 IT management-related recommendations. However, significant actions are required by agencies to build on this progress.
Agencies continue to report progress in savings across a key OMB initiative—PortfolioStat—intended to improve the management of IT investments by consolidating and eliminating duplicative systems, among other things. Since our last update, agencies added nearly $200 million in savings (in fiscal year 2018) contributing to a total of approximately $2.7 billion in savings from fiscal years 2012 through 2018. This accounts for approximately 45.4 percent of planned PortfolioStat savings. Still, agencies need to make additional progress in savings.
Finally, in April 2019, we reported that agencies identified 12 practices that helped them effectively implement one or more FITARA provisions, which in turn enabled those agencies to realize IT management improvements, such as decommissioning old systems and cost savings. Agencies’ efforts to leverage the practices we identified will be an important element in agencies’ overall FITARA implementation efforts.
What Remains to Be Done
OMB and covered federal agencies should continue to fully implement the requirements of FITARA. Additionally, OMB will need to provide sustained oversight to ensure that agency actions are completed and the desired results are achieved. Beyond implementing FITARA and OMB’s guidance to improve the capacity to address our high-risk area, agencies should implement our remaining 400 open recommendations related to this high-risk area including
- our 2018 recommendations related to improving CIO authorities, as well as 2016 recommendations on improving IT workforce planning practices;
- our 2019 recommendations related to improving cloud computing investment spending and savings data; and
- 11 priority recommendations for agencies to, among other things, report all data center consolidation cost savings to OMB.
OMB and agencies need to take actions to (1) implement at least 80 percent of our open recommendations related to the management of IT acquisitions and operations and (2) achieve at least 80 percent of the over $6 billion in planned PortfolioStat savings. Lastly, agencies should consider applying effective practices that may better position them to implement FITARA provisions and realize IT management improvements and cost savings.
Related GAO Products
Information Technology: Selected Federal Agencies Need to Take Additional Actions to Reduce Contract Duplication. GAO‑20‑567. Washington, D.C.: September 30, 2020.
Information Technology: Key Attributes of Essential Federal Mission-Critical Acquisitions. GAO‑20‑249SP. Washington, D.C.: September 8, 2020.
Data Center Optimization: Agencies Report Progress, but Oversight and Cybersecurity Risks Need to Be Addressed . GAO‑20‑279. Washington, D.C.: March 5, 2020.
Technology Modernization Fund: OMB and GSA Need to Improve Fee Collection and Clarify Cost Estimating Guidance for Awarded Projects. GAO‑20‑3. Washington, D.C.: December 12, 2019.
Information Technology: Agencies Need to Develop Modernization Plans for Critical Legacy Systems. GAO‑19‑471. Washington, D.C.: June 11, 2019.
Information Technology: Effective Practices Have Improved Agencies’ FITARA Implementation. GAO‑19‑131. Washington, D.C.: April 29, 2019.
Data Center Optimization: Additional Agency Actions Needed to Meet OMB Goals. GAO‑19‑241. Washington, D.C.: April 11, 2019.
Cloud Computing: Agencies Have Increased Usage and Realized Benefits, but Cost and Savings Data Need to Be Better Tracked. GAO‑19‑58. Washington, D.C.: April 4, 2019.
Improving Federal Management of Programs that Serve Tribes and Their Members
Bookmark:The Bureau of Indian Education, Indian Health Service, and Bureau of Indian Affairs should take additional actions to improve Indian education and health care programs, and better manage development of Indian energy resources.
| Why Area Is High Risk Because our work has shown federal agencies have ineffectively administered Indian education and health care programs, and inefficiently met their responsibility for managing the development of Indian energy resources, we added this area to our High-Risk List in 2017. It includes three components across agencies in two departments, including BIE and BIA under Interior’s Office of the Assistant-Secretary of Indian Affairs, and IHS in Health and Human Services. Education. BIE challenges include limited capacity to support and oversee schools and ensure accountability for school construction projects. Health care. HHS’s inadequate oversight has hindered IHS’s ability to ensure that Indian communities have timely access to quality health care. Energy. BIA mismanagement of Indian energy resources held in trust limited opportunities for tribes and their members to use those resources to create economic benefits and improve the well-being of their communities. Contact Information For additional information about this high-risk area contact Anna Maria Ortiz at (202) 512-3841 or ortiza@gao.gov. For specific questions about our Indian education work, contact Melissa Emrey-Arras at (617) 788-0534 or emreyarrasm@gao.gov; for our Indian Health work, contact Jessica Farb at (202) 512-7114 or farbj@gao.gov; and for our Indian Energy work, contact Frank Rusco at (202) 512-3841 or ruscof@gao.gov. |
Since our 2019 High-Risk Report, ratings for all five high-risk criteria in this area remain unchanged with partially met designations.
Within the education component, the Bureau of Indian Education (BIE) has made progress addressing weaknesses, but ratings for all five criteria remain unchanged as partially met. In the health care and energy components, the Indian Health Service (IHS) and the Bureau of Indian Affairs (BIA) each met the criterion for leadership commitment. However, in the education component, they partially met the criterion for leadership commitment because more progress is needed to address issues related to school facility safety. Ratings for the remaining criteria remain unchanged as partially met.
When we added this area to our High-Risk List in February 2017, there were 39 open recommendations. Since then, we have added 26 recommendations for a total of 65 recommendations. As of December 2020, 22 recommendations remain open.
Education
The education segment has partially met all five criteria for addressing high-risk issues.
Leadership commitment: partially met. BIE leadership has shown commitment to addressing key weaknesses in the management of BIE schools. For example, in August 2019, the BIE Director created a leadership position to oversee BIE’s performance in meeting its strategic goals and addressing the management weaknesses identified in our previous reports.
However, more progress is needed in this area. For example, leaders in BIE and other offices under the Office of the Assistant Secretary-Indian Affairs (Indian Affairs) responsible for assisting BIE schools with safety have not identified which office should lead in developing a plan to build BIE schools’ capacity to promptly address facility safety issues, which we recommended in March 2016. We designated it as a priority recommendation and have sent several letters to the Secretary of the Interior about the importance of addressing it.
Capacity: partially met. BIE has made some progress in increasing its capacity to address risks to Indian education.
For example, BIE completed a strategic workforce plan to address recommendations in our 2013 and 2015 reports. The plan includes human capital information to help BIE plan for an adequate number of qualified staff in the appropriate offices to effectively oversee programs that provide administrative support to BIE schools. The plan also includes human capital strategies—such as relocation incentives, student loan repayment, and streamlining candidate background checks—to help fill vacant positions. In addition, as of December 2020, BIE filled 55 positions across the agency, including positions in the division supporting the largest number of bureau-funded schools.
However, about 33 percent of all BIE positions have not been filled, including key leadership positions in offices supporting and overseeing BIE schools. For example, the office responsible for monitoring schools’ compliance with federal education programs—including those for children with special needs and from low-income families—does not have a permanent head and about half of its positions are vacant.
Action plan: partially met. Indian Affairs’ safety office developed and implemented a plan to assess the training needs of all its employees, including BIE staff responsible for inspecting schools, as we recommended. However, the agency has not provided documentation of plans on other important issues, such as a comprehensive, long-term capital asset plan to inform its allocation of school facility construction funds, which we recommended in May 2017.
Monitoring: partially met. BIE has taken steps to monitor its safety inspection process for schools, such as assessing the performance of inspectors and holding them accountable for the agency’s required performance standards. However, BIE has not demonstrated it has fully implemented its high-risk monitoring policy for federal education programs or ensured that its schools are receiving timely monitoring reports, as we recommended in May 2020.
Demonstrated progress: partially met. Since our 2019 High-Risk Report, BIE fully addressed eight of the 12 outstanding recommendations on Indian education we identified in our report. Significant work, however, remains to address our outstanding recommendations in other key areas, such as accountability for BIE school construction projects and special education services. Continued progress will depend on the sustained direction and support of top management in Indian Affairs and BIE.
What Remains to Be Done
To strengthen its capacity to administer and oversee its schools, BIE needs to address critical staff vacancies by fully implementing its strategic workforce plan.
Further, in May 2020, we added seven recommendations on BIE’s need to improve its support and oversight of schools’ special education programs. As of December 2020, 11 recommendations related to this high-risk area remain open, and Indian Affairs concurred with all 11 recommendations. BIE needs to implement these recommendations, including:
- Develop a plan to build schools’ capacity to address building safety issues;
- Develop a comprehensive, long-term capital asset plan to inform its allocation of school facility construction funds; and
- Ensure the full implementation of its high-risk monitoring process and timely monitoring reports to schools on special education and other programs.
Health Care
Steps IHS has taken since 2019 have resulted in IHS now meeting the criterion for leadership commitment. IHS continues to partially meet the four remaining criteria.
Leadership commitment: met. Since 2017, when we first added this area to the High-Risk List, IHS has chartered a policy advisory council that focuses on issues related to strategic direction, recommended policy, and organizational adjustments. According to IHS, this advisory council will, among other things, serve as a liaison to IHS leadership for issues involving strategic direction and policy, as well as monitor and facilitate related policy workgroups. IHS officials have also demonstrated leadership commitment by regularly meeting with us to discuss the agency’s progress in addressing our recommendations.
In addition, IHS officials reported filling a number of senior executive positions as well as expanding the number of senior executives serving the agency. Finally, after a number of years without permanent leadership, the Acting Director of IHS was confirmed as the permanent Director in April 2020. However, due to the transition to a new administration, he has tendered his resignation effective January 20, 2021. Moving forward, we will continue to monitor leadership stability at the agency, which is critical to addressing our high-risk concerns.
Capacity: partially met. Among other actions, IHS officials reported filling health care facility executive vacancies and taking numerous steps to enhance the recruitment and retention of providers.
However, according to IHS officials, the agency’s Coronavirus Disease 2019 response consumed considerable staff attention and effort in 2020 and resulted in the delay of several initiatives. For example, IHS delayed the implementation of efforts to improve its monitoring of health care facility readiness for required accreditation surveys.
Furthermore, IHS estimates that it is funded at approximately 49 percent of its level of need. Agency officials stated that this level of funding requires the agency to rigorously manage tradeoffs between numerous priorities, including electronic health records modernization, improving quality of care programs, and facility construction backlogs.
Action plan: partially met. IHS finalized a strategic plan in 2019. The plan identifies three strategic goals: (1) ensuring access to care, (2) promoting quality of care, and (3) strengthening program management and operations. IHS has developed a system to track agency-wide progress with respect to the strategic plan, and plans to conduct a gap analysis to ensure progress on the plan’s goals.
Monitoring: partially met. IHS has taken some steps toward monitoring the agency’s progress in addressing the root causes of its management weaknesses, and these steps have the potential to significantly improve monitoring.
In addition to establishing its Office of Quality in 2019, IHS established a Chief Compliance Officer role in 2020. Through this role, it developed a process to enhance the agency’s monitoring of area operations. IHS has also taken steps to develop a patient care survey, as well as standards for tracking patient wait times. IHS also purchased and implemented a new adverse event reporting system in response to our January 2017 recommendation.
Our 2020 reports have also shown that IHS needs to improve its oversight of federally operated facilities through enhanced monitoring of facility decision-making and provider performance.
Demonstrated progress: partially met. IHS has made progress in implementing corrective actions related to the management of health care programs. Specifically, since our 2019 High-Risk Report, IHS implemented seven of our eight open recommendations.
For example, in response to our March 2016 recommendation that IHS monitor patient wait times in its federally operated facilities and ensure corrective actions are taken when standards are not met, IHS developed electronic dashboards for monitoring wait times.
In addition, in response to our January 2017 recommendation that IHS develop standards for the quality of care and monitor facility performance with respect to these standards, the agency developed standards for quality and implemented a new adverse event reporting system.
However, we continue to find deficiencies in IHS oversight of important areas. For example, in November 2020, we found that IHS lacked processes to guide area offices in systematically assessing how federally operated facilities will effectively meet the medical needs of their patient populations.
What Remains to Be Done
As of December 2020, one of the eight recommendations in our 2019 High-Risk Report remain open, and we have added six recommendations—for a total of seven open recommendations related to this high-risk area. IHS fully concurred with these seven recommendations.
IHS needs to implement these recommendations including:
- continue to enhance monitoring of area operations and implement a system to track and analyze agency-wide progress with respect to the strategic plan;
- develop processes to guide area offices in systematically assessing how facilities will meet the medical needs of their patients;
- develop a process to review area office policies and trainings related to provider misconduct and substandard performance; and
- obtain agency-wide information on facility use of temporary provider contractors and use the information to inform decisions about resource allocation and provider staffing.
Energy
Since 2019, BIA has met the criterion for leadership commitment and continues to partially meet the four remaining criteria.
Leadership commitment: met. Steps BIA has taken since 2019 have resulted in BIA now meeting this area. In 2019, the Assistant Secretary for Indian Affairs appointed a Director for BIA and a Deputy Director for BIA’s Office of Trust Services—which has significant responsibility over Indian energy activities. This action provided an opportunity to improve Indian Affairs’ oversight of federal actions associated with energy development.
BIA has shown leadership commitment by issuing updated regulations in December 2019 for how the Secretary will approve tribal energy resource agreements (TERA) that allow for tribes to enter into and manage energy-related leases, rights-of-way, and business agreements without review and approval by the Secretary.
In response to a Secretary of the Interior order, the Office of the Solicitor identified the federal functions that tribes can contract under an approved TERA and those that are considered “inherently federal functions” and not contractible. The clarity provided by the updated regulations and policy guidance may encourage tribal participation in a TERA.
Capacity: partially met. In November 2016, we made two recommendations to BIA to help ensure it has an adequate workforce at agency offices with the right skills, appropriately aligned to meet the agency’s goals and tribal priorities. BIA has taken steps to strengthen its workforce recruitment and planning capacity and to better understand its workforce needs. In fiscal year 2020, BIA committed funds for five new personnel to support strategic recruitment and workforce planning activities.
Furthermore, through a July 2020 interagency agreement, BIA contracted with the Office of Personnel Management (OPM) for a number of workforce planning activities for the Office of Trust Services. OPM will develop a methodology for and conduct a workforce analysis to determine workforce composition needs, assess gaps, prepare a workforce plan, and identify competencies for a number of mission-critical occupations. OPM plans to complete this work in fiscal year 2021.
Action plan: partially met. BIA officials met with us numerous times in fiscal years 2019 and 2020 to discuss actions for implementing our recommendations related to Indian energy resources. However, the agency does not have a comprehensive plan in place to address the problems with oversight of its energy development activities or data limitations for timely leasing activities. BIA needs to develop such a plan with clear milestones.
Monitoring: partially met. BIA monitors its progress in implementing our recommendations and reports on this progress to Indian Affairs. However, BIA does not have well-defined performance measures or a process to monitor its oversight of energy development activities, which limits its ability to assess its progress.
Demonstrated progress: partially met. BIA has made progress with workforce capacity and agency coordination. For example, the recently formed Indian Energy Service Center assisted several field offices with backlogs in work associated with leasing and permitting for Indian energy development. It also hosted training on oil and gas development standard operating procedures for Interior employees.
The Indian Energy Service Center also established and coordinated meetings of six regional groups of federal agencies involved in Indian energy development to identify and resolve issues. However, more needs to be done to close open recommendations, as discussed below.
What Remains to Be Done
As of December 2020, four of the 12 recommendations in our 2019 High-Risk report remain open. BIA fully concurred with all four recommendations. For example, BIA needs to:
- complete an assessment of the composition of its workforce and implement a comprehensive workforce planning system; and
- develop a process to monitor its oversight of energy development activities and assess its progress.
Related GAO Products
Indian Health Service: Actions Needed to Improve Oversight of Provider Misconduct and Substandard Performance. GAO‑21‑97. Washington, D.C.: December 10, 2020.
Indian Health Service: Actions Needed to Improve Oversight of Federal Facilities’ Decision Making About the Use of Funds. GAO‑21‑20. Washington, D.C.: November 12, 2020.
Indian Education: Actions Needed to Ensure Students with Disabilities Receive Special Education Services. GAO‑20‑358. Washington, D.C.: May 22, 2020.
Indian Health Service: Facilities Reported Expanding Services Following Increases in Health Insurance Coverage and Collections. GAO‑19‑612. Washington, D.C.: September 3, 2019.
VA and Indian Health Service: Actions Needed to Strengthen Oversight and Coordination of Health Care for American Indian and Alaska Native Veterans. GAO‑19‑291. Washington, D.C.: March 21, 2019.
Decennial Census
Bookmark:The Census Bureau implemented new technologies and other innovations for the 2020 Census, but also made a series of late design changes, such as delaying operations in response to COVID-19, that put the quality of the census at risk. Evaluations of innovations and late design changes are critical for 2030 Census planning.
| Why Area Is High Risk The U.S. census is mandated by the Constitution and provides vital data for the nation. Census data are used, among other purposes, to apportion the seats of the U.S. House of Representatives; redraw congressional districts in each state; and allocate billions of dollars each year in federal financial assistance. Through 2023, the 2020 Census is estimated to cost approximately $15.6 billion after adjusting for inflation. To achieve cost savings, the Bureau implemented several new innovations including the development of new and modified IT systems. However, these innovations were not fully tested as budget uncertainty caused the Bureau to scale back testing in 2017 and 2018. The 2020 Decennial Census was first added in 2017 as a high-risk area. Moreover, both the 2000 and 2010 Censuses were high-risk areas. For this update, we are changing the name of the high-risk area because risks continue beyond 2020 and may threaten the 2030 Census. In March 2020, COVID-19 caused the Bureau to delay its 2020 operations and when the Bureau resumed operations in May 2020, it faced a new set of operational and public safety challenges. These delays, the resulting compressed time frames, and continued uncertainty over COVID-19 had the potential to undermine the overall quality of the count. Contact Information For additional information about this high-risk area, contact J. Christopher Mihm at (202) 512-6806 or mihmj@gao.gov, or Nick Marinos at (202) 512-9342 or marinosn@gao.gov. |
Since our 2019 High-Risk Report, ratings for the leadership commitment criterion regressed, and the other four remain unchanged.
Leadership commitment: partially met. The Coronavirus Disease 2019 (COVID-19) pandemic caused the Census Bureau to pause and delay several field data collection operations. For example, the Bureau delayed nonresponse follow-up, when the Bureau follows up with households that do not initially respond to the Census, by 3 months. Given this unexpected stop in operations, the Department of Commerce (Commerce) on April 13, 2020, requested a 4-month delay in delivering the apportionment numbers to the President—statutorily due by December 31, 2020—and sought legislative relief for the delay.
However, according to Bureau officials, Commerce directed the Bureau to plan for a census without legislative relief, and on August 3, 2020, the Bureau publicly announced it would deliver the apportionment numbers by December 31, 2020. According to senior Bureau officials, they were not consulted on the decision to change the date for delivering the apportionment numbers and had approximately 96 hours to develop a revised plan of operations without legislative relief.
To meet the statutory deadline, the Bureau shortened the time to collect data by 1 month and the response processing operation by approximately 2.5 months. Compressing these time frames, increased the risk to the accuracy and completeness of the census count.
Subsequently, this decision to shorten data collection time frames and deliver the apportionment numbers by December 31, 2020, was challenged in court. The Bureau ended field data collection on October 15, 2020, after the U.S. Supreme Court determined that it could do so, and began working on a timeline to deliver apportionment numbers. However, data anomalies found during the processing of census responses have delayed the delivery of apportionment numbers, which as of February 2021 had not been delivered to the President.
Moreover, during the summer of 2020, Commerce created four new political appointee positions at the Bureau—Deputy Director for Data, Deputy Director of Policy, Senior Advisor to the Deputy Director for Policy, and Counselor to the Director. Senior Bureau officials told us that it is unprecedented to create new senior-level political appointee positions during the decennial census and that the appointees’ roles in the 2020 Census were often not clear. On January 19, 2021, all four political appointees resigned, and on January 20, 2021, the Director of the Census Bureau retired.
Capacity: partially met. Before the COVID-19 outbreak, the Bureau had an estimated $2.03 billion in total unobligated contingency funds for 2020 operations. As of December 2020, the Bureau anticipated that these contingency funds will be more than sufficient to address both the initial COVID-19 response and design changes, estimating that the Bureau would still have at least $187 million in contingency funding.
To ensure its resources are effectively targeted for the 2030 Census, it will be important for the Bureau to follow both cost estimation and scheduling best practices. For example, the Bureau needs to implement our recommendation to improve the credibility of schedules for the 2030 Census. While we found the Bureau took steps toward conducting quantitative schedule risk analyses with its master activity schedule for the 2020 Census, it effectively ran out of time to do so. To ensure the Bureau has sufficient resources and time to complete all the activities for the 2030 Census, this recommendation will remain open.
Action plan: partially met. According to Bureau officials, in 2019 they began the planning for the 2030 Census. The focus of 2030 planning is to reduce risk during peak operations through the work done earlier in the decade. The Bureau has developed 5 guiding principles for 2030 Census planning:
- follow disciplined management practices;
- simplify designs, solutions, and methods;
- distribute program work, resources, and costs more evenly across the census life-cycle;
- minimize field data collection with alternative data sources wherever possible; and
- manage stakeholder communications and expectations throughout the decade
However, in planning for 2030, the Bureau will not fully understand the quality of the data collected for 2020 until it completes all of its planned evaluations. The Bureau has a series of planned operational assessments, coverage measurement exercises, and data quality teams that are positioned to retrospectively study the effects of design changes made in response to COVID-19 on census data quality.
The Bureau is updating its plans for these efforts to examine the range of operational modifications made in response to COVID-19, including the August 2020 and later changes. We have previously noted that late design changes create increased risk for a quality census.
As part of the Bureau’s assessments, it will be important to address a number of concerns we identified about how late changes to the census design could affect data quality. These concerns include (1) how the altered time frames affected population counts during field data collection and (2) what effects, if any, compressed and streamlined post-data collection processing of census data may have on the Bureau’s ability to detect and fully address processing or other errors before releasing the apportionment and redistricting tabulations.
Over the next year, addressing these concerns and providing transparency over what is known and not yet known about census quality will help the Bureau increase public confidence in the quality and completeness of 2020 Census data products, despite all of the challenges the Bureau faced. These actions will also help inform future census planning efforts.
Monitoring: partially met. In looking forward to the next decennial census, senior Bureau officials told us they will build on lessons learned from 2020. For example, the Bureau actively monitored the COVID-19 pandemic and made necessary changes to census operations. Specifically, Bureau leadership used data to make real-time decisions about area census office re-openings during COVID-19.
However, as of January 2021, the Bureau continued to face uncertainty about schedules and plans related to disclosure avoidance for 2020 Census data products expected to be released starting in 2021. Disclosure avoidance protects the confidentiality of respondent data, especially at lower levels of geography.
According to the Bureau’s Chief Scientist, plans and schedules will need to be updated if the release dates for data products, such as redistricting data, change due to the operational impacts from COVID-19. In the fall of 2020, the agency had pushed some disclosure avoidance milestones from August 2020 to November 2020, due to schedule uncertainty and operational impacts from COVID-19.
Additionally, as of February 2021, the Bureau still needed to complete the IT testing and implementation activities required to support its post enumeration survey—a survey that is independent from the 2020 Census and intended to provide estimates of census quality. The Bureau plans to deploy the final systems to support its post enumeration survey by November 2021.
We previously reported on shortcomings in the Bureau’s management of the IT systems testing activities including, for example, being at risk of not meeting near-term milestones planned for completing system integration testing.
Demonstrated progress: partially met. In August 2019, the Bureau provided an update to the 2020 Census cost estimate, which we found to be sufficiently reliable. For example, the Bureau had implemented a system to track and report variances between actual and expected cost elements. Tools to track these variances are important because they enable management to measure progress against planned outcomes and prepare for 2030.
However, as of January 2021, a recommendation we made in April 2019 to identify and implement corrective actions within prescribed time frames for cybersecurity weaknesses had not been fully addressed. The Bureau had made some progress toward addressing this recommendation by reducing the number of corrective actions that it considered “high” or “very high” risk. Nevertheless, as of November 2020, 106 of the 174 total open “high” and “very high” risk corrective actions (about 61 percent) were delayed past their scheduled completion dates.
In December 2020, the Bureau’s information security officials attributed their current delays in addressing the corrective actions to technical challenges and dependencies between systems. According to those officials, the Bureau conducts quarterly briefings with system and information security stakeholders to discuss in-depth the delayed corrective actions. However, cybersecurity will continue to be an area to watch as the Bureau processes data to be included in upcoming data products that are to be released starting in 2021.
What Remains to Be Done
As of January 2021, we have made 113 recommendations related to the 2020 Census, 20 of which have not been fully implemented. Commerce generally agreed with our recommendations and is taking steps to implement them. Moreover, in our April 2020 priority recommendation letter to Commerce we identified 10 recommendations as priorities, none of which have been fully implemented over the past year. To make continued progress for the 2030 Census it will be essential for the Bureau to
- improve the credibility of schedules, including conducting a quantitative risk assessment;
- update and implement its assessments to address data quality concerns we have identified, as well as any operational benefits;
- address cybersecurity weaknesses in a timely manner; and
- continue to address our recommendations, especially those designated priority recommendations.
Congressional Actions Needed
In 2019 and 2020, we testified in six congressional hearings focused on the preparations for and implementation of the decennial census. Going forward, continued oversight will be needed to ensure that 2020 Census evaluations are completed as scheduled and that the Bureau has the resources it needs to begin planning the 2030 Census. Moreover, given the importance of the decennial census to the nation, it will be imperative for Congress to provide oversight of early planning for the 2030 Census.
Related GAO Products
2020 Census: The Bureau Concluded Field Work but Uncertainty about Data Quality, Accuracy, and Protection Remains. GAO‑21‑206R. Washington, D.C.: December 9, 2020.
2020 Census: Census Bureau Needs to Ensure Transparency over Data Quality. GAO‑21‑262T. Washington, D.C.: December 3, 2020.
2020 Census: Census Bureau Needs to Assess Data Quality Concerns Stemming from Recent Design Changes. GAO‑21‑142. Washington, D.C.: December 3, 2020.
2020 Census: Key Areas for Attention Raised by Compressed Timeframes. GAO‑20‑720T. Washington, D.C.: September 10, 2020.
2020 Census: Recent Decision to Compress Census Timeframes Poses Additional Risks to an Accurate Count. GAO‑20‑671R. Washington, D.C.: August 27, 2020.
2020 Census: COVID-19 Presents Delays and Risks to Census Count. GAO‑20‑551R. Washington, D.C.: June 9, 2020.
2020 Census: Update on the Census Bureau's Implementation of Partnership and Outreach Activities. GAO‑20‑496. Washington, D.C.: May 13, 2020.
2020 Census: Bureau Generally Followed Its Plan for In-Field Address Canvassing. GAO‑20‑415. Washington, D.C.: March 12, 2020.
2020 Census: Operations Are Underway with Challenges Remaining. GAO‑20‑367T. Washington, D.C.: February 12, 2020.
2020 Census: Initial Enumeration Underway but Readiness for Upcoming Operations Is Mixed. GAO‑20‑368R. Washington, D.C.: February 12, 2020.
2020 Census: Changes Planned to Improve Data Quality. GAO‑20‑282. Washington, D.C.: December 20, 2019.
2020 Census: Status Update on Early Operations. GAO‑20‑111R. Washington, D.C.: October 31, 2019.
U.S. Government’s Environmental Liability
Bookmark:The federal government’s environmental liability is vast and growing, and a number of agencies—especially the Departments of Energy and Defense, which bear the bulk of this liability—need to address environmental risks, and monitor and report on this liability.
| Why Area Is High Risk The federal government's environmental liability will likely continue to grow even as billions are spent each year on cleanup efforts. For fiscal year 2019, the federal government's estimated environmental liability was $595.4 billion—up from $212 billion in fiscal year 1997 (the total liability for fiscal year 2020 was unavailable at the time this report was published). We added this area to our High-Risk List in 2017. DOE is responsible for the largest share of the liability ($512 billion in fiscal year 2020), which is related primarily to retrieving, treating, and disposing of nuclear and hazardous waste. DOD is responsible for the second-largest share ($75 billion in fiscal year 2020), which is related primarily to environmental cleanup and restoration activities at or near its current and former installations. The remaining liability is shared among other agencies, including the Departments of Agriculture, Interior, Transportation, and Veterans Affairs, and NASA. DOE’s liability grew by $7 billion in fiscal year 2020, primarily due to adjustments for inflation. Even with the increase, however, DOE’s cleanup responsibilities may be underestimated because government accounting standards for environmental liabilities only require agencies to report liability costs that can be reasonably estimated. Contact Information For additional information about this high-risk area, contact Nathan Anderson at (202) 512-3841 or andersonn@gao.gov. |
Since our 2019 High-Risk Report, ratings in all five criteria remain unchanged.
Leadership commitment: partially met. As in 2019, federal agencies continue to partially meet this criterion. However, the Departments of Energy and Defense (DOE) and (DOD) have stalled in their efforts to focus more attention on their environmental liabilities.
Specifically, in the past 5 years, we have made 28 recommendations to DOE related to addressing and reducing its environmental liability, such as analyzing the root causes of its growing liability. DOE has yet to implement 26 of these 28 recommendations.
In addition, although DOE’s Office of Environmental Management developed a strategic vision in 2020 for the next decade of cleanup activities, it has not developed a strategic plan that incorporates the principles of risk-informed decision-making (i.e., an approach that helps agencies prioritize cleanup based on factors like cost and the risks to human health and the environment—which we outlined in September 2019). It also has yet to develop a method for tracking changes to its cleanup agreement requirements, as we reported in February 2019. Having these elements in place would better position DOE to effectively set priorities within and across its cleanup sites and direct its limited resources to address those priorities.
In November 2020, the DOD Inspector General found that DOD is unable to develop accurate estimates and account for environmental liabilities in accordance with accounting practices. Specifically, the Inspector General reported that DOD (1) is unable to substantiate the completeness and amount of its environmental liability estimate; and (2) has insufficient policies, procedures, and supporting documentation for developing and supporting its cost estimates, among other things.
Capacity: not met. Federal agencies have significant gaps in their ability to effectively address their current or future environmental liability. For instance, we found in March 2020 that federal agencies have identified at least 140,000 features at abandoned hardrock mines—such as unsecured tunnels and toxic waste piles—on lands managed by the Departments of Agriculture and the Interior. However, agency officials estimated there could be more than 390,000 abandoned hardrock mine features on federal lands that the agencies have yet to capture in their databases that could contribute to federal environmental liabilities. Federal and state officials cited availability of resources as a factor that limits efforts to address hazards at abandoned hardrock mines.
Similarly, we found in May 2020 that DOE’s Office of Legacy Management—which oversees long-term surveillance and maintenance at more than 100 former nuclear weapons production and energy research sites—has yet to plan for how to address challenges at some sites that may require new cleanup work outside the scope of the office’s expertise and resources.
We also found in November 2020 that DOE’s Office of Environmental Management has significant staffing shortages at its site office responsible for the Waste Isolation Pilot Plant in New Mexico. These shortages could affect the plant’s ability to remain on schedule for constructing additional disposal space. Also, any interruptions to waste shipments planned for disposal in the additional space could impair DOE’s ability to meet its cleanup milestones.
Action plan: not met. Neither DOE nor DOD has fully identified the causes of or developed a formal plan to address their growing environmental liability. DOE has taken initial steps toward a more risk-based approach to waste classification, such as initiating an effort in August 2020 to demonstrate the feasibility of its proposed interpretation of the statutory definition of high-level waste.
However, DOE continues to face challenges developing a cohesive action plan when addressing problems on its cleanup projects. For example, we found in February 2019 that DOE and its regulators have more than 70 agreements that contain hundreds of milestones for work at 16 cleanup sites, but that DOE has not conducted root cause analyses on missed or postponed milestones. Similarly, we found in September 2019 that DOE must treat more than a million gallons of waste at its Idaho National Laboratory, but initial testing of an on-site treatment facility revealed problems and DOE does not have a strategy or timeline to address them.
In October 2020, we reported that DOD had identified eight audit remediation priority areas to help guide and prioritize department-wide efforts. However, environmental liabilities is not one of the eight audit remediation priority areas identified, even though DOD’s Inspector General reported in 2020 that financial controls over environmental liabilities were lacking.
In addition, the lack of clarity about some cleanup standards may make it more difficult for federal agencies to develop plans. For example, the Environmental Protection Agency does not regulate certain emerging contaminants in drinking water, even as states have developed such standards. DOD and National Aeronautics and Space Administration (NASA) officials told us it is difficult to develop cleanup plans in the context of a varied and uncertain regulatory framework. While agencies may have to address stricter state standards, federal regulations would establish a regulatory floor for planning purposes.
Monitoring: not met. DOE and DOD do not have the information they need to monitor the effectiveness of their actions to address their environmental liabilities. DOE continues to struggle to develop reliable cost estimates and schedules for its cleanup efforts.
For example, we found in December 2019 that DOE’s Office of Environmental Management does not consistently track expenditures for cleanup activities across its three gaseous diffusion plants, which impedes its ability to develop reliable cost estimates. DOE’s 2019 report to Congress on the status of the fund to clean up these plants was based on outdated data and underestimates cleanup costs by about $20 billion.
In addition, we found in reviews conducted in 2019 and 2020 that DOE’s cost and schedule estimates for several cleanup projects were unreliable, which affects the accuracy of reported liabilities.
Additionally, the DOD Inspector General’s November 2020 financial audit found that DOD has not implemented a department-wide environmental liabilities calculation methodology. As a result of this lack of controls, DOD changed its estimated date for having a corrected environmental liability estimate from fiscal year 2021 to fiscal year 2025. In contrast, NASA—which holds less than 1 percent of the U.S. government’s environmental liabilities—tracks its environmental liability through a database of ongoing and potential future remediation projects, which includes information on estimated costs and uncertainties.
Demonstrated progress: not met. The federal government’s environmental liability, driven largely by DOE’s cleanup costs, continues to grow (see figure 8). DOE has made progress at some sites and is at or near completion for several important cleanup projects—such as the construction of the Salt Waste Processing Facility at the Savannah River Site which has been under construction for nearly 16 years.
In addition, DOE contracted with a federally funded research and development center, which issued a report in October 2019 on options for treating supplemental low-activity waste at the Hanford Site. We previously found that, if given authority by Congress to manage this waste as other than high-level waste, DOE could potentially save billions of dollars by using alternate treatment methods. In a December 2020 report, DOE acknowledged that it could save up to $230 billion by taking these actions that we have recommended.
However, DOE continues to face significant cost and schedule challenges with other projects and activities, such as the Waste Treatment Plant construction project at the Hanford Site. This cleanup project, which is DOE’s largest and most expensive, began in 2000 and has cost more than $11 billion to date. Since work stopped on much of the facility in 2012 to address technical challenges, DOE has spent $752 million (as of fiscal year 2018), mostly to preserve and maintain the site, and another $400 million pursuing alternatives. However, DOE has not used the best available methods to determine which alternative to pursue.
Similarly, DOD’s liability has remained largely unchanged in recent years despite DOD spending billions on environmental cleanup projects. DOE and DOD need to do more to demonstrate progress toward fully identifying, reporting, and developing a plan to address their environmental liabilities.
What Remains to Be Done
As of December 2020, 38 of our recommendations related to this high-risk area—of which 22 were made since 2019—had not been implemented. Of these recommendations, 31 pertain to either DOE or DOD and include the following:
- DOE should develop a program-wide strategy for implementing its cleanup agreements and a framework for incorporating risk-informed decisions.
- DOE should conduct root cause analyses of missed or postponed milestones.
- DOD should address deficiencies in its ability to substantiate the completeness and amount of its environmental liability estimate.
Congressional Actions Needed
Congress should consider clarifying DOE’s authority at the Hanford site to determine whether portions of the supplemental low-activity waste can be managed as other than high-level waste. Providing clear authority to DOE may allow it to use alternative waste treatment approaches to treat the Hanford Site’s supplemental low-activity waste, which could reduce certain risks by neutralizing the waste faster and save tens of billions of dollars.
Related GAO Products
Environmental Liabilities: NASA’s Reported Liabilities Have Grown, and Several Factors Contribute to Future Uncertainties. GAO‑21‑205. Washington, D.C.: January 15, 2021.
Nuclear Waste Disposal: Better Planning Needed to Avoid Potential Disruptions at Waste Isolation Pilot Plant. GAO‑21‑48. Washington. D.C.: November 19, 2020.
Environmental Liabilities: DOE Needs to Better Plan for Post-Cleanup Challenges Facing Sites. GAO‑20‑373. Washington, D.C.: May 13, 2020.
Hanford Waste Treatment Plant: DOE Is Pursuing Pretreatment Alternatives, but Its Strategy Is Unclear While Costs Continue to Rise. GAO‑20‑363. Washington, D.C.: May 12, 2020.
Abandoned Hardrock Mines: Information on Number of Mines, Expenditures, and Factors That Limit Efforts to Address Hazards. GAO‑20‑238. Washington, D.C.: March 5, 2020.
Environmental Liabilities: DOE Would Benefit from Incorporating Risk-Informed Decision-Making into Its Cleanup Policy. GAO‑19‑339. Washington, D.C.: September 18, 2019.
Nuclear Waste Cleanup: DOE Faces Project Management and Disposal Challenges with High-Level Waste at Idaho National Laboratory. GAO‑19‑494. Washington, D.C.: September 9, 2019.
Nuclear Waste Cleanup: DOE Could Improve Program and Project Management by Better Classifying Work and Following Leading Practices. GAO‑19‑223. Washington, D.C.: February 19, 2019.
Nuclear Waste: DOE Should Take Actions to Improve Oversight of Cleanup Milestones. GAO‑19‑207. Washington, D.C.: February 14, 2019.
Department of Energy: Program-Wide Strategy and Better Reporting Needed to Address Growing Environmental Cleanup Liability. GAO‑19‑28. Washington, D.C.: January 29, 2019.
Emergency Loans for Small Businesses
Bookmark:The Small Business Administration (SBA) must show stronger program integrity controls and better management over the Paycheck Protection Program (PPP) and Economic Injury Disaster Loans (EIDL), which includes ensuring only eligible businesses receive assistance.
| Why Area Is High Risk Between March and December 2020, SBA made or guaranteed more than 14.7 million loans and grants through PPP and EIDL, providing about $744 billion in emergency funding to help small businesses. Congress appropriated an additional $284 billion for PPP and $20 billion for targeted EIDL advances in December 2020. The CARES Act created PPP. These loans have a 1 percent interest rate and terms of 2 or 5 years. Borrowers may have their loans fully forgiven if certain conditions are met. Similarly, the CARES Act expanded eligibility for EIDL and created a new $10,000 advance. Borrowers do not have to repay advances. To respond to the adverse economic conditions small businesses faced, SBA quickly set up or expanded these programs. However, the speed with which they were implemented left SBA susceptible to improper payments—making payments in an incorrect amount or that should not have been made at all. There have been reports of fraud in both programs, although the full extent is not yet known. In a December 2020 report, SBA’s financial statement auditor identified several material weaknesses in controls associated with the two programs, including weaknesses in SBA’s loan approval processes that led to loans going to potentially ineligible borrowers. Contact Information For additional information about this high-risk area, contact William B. Shear at (202) 512-8678 or shearw@gao.gov. |
SBA made or guaranteed billions of dollars in emergency loans and grants quickly to help many small businesses in need. However, we are adding Emergency Loans for Small Businesses as a new high-risk area because of the limited controls built into the PPP and EIDL approval processes. Although this created the risk of hundreds of millions of dollars in improper payments, including those resulting from fraud, SBA lacks finalized plans to oversee the two programs.
Further, as we have reported multiple times, SBA’s failures to provide data and documentation on a timely basis for PPP and EIDL have impeded efforts to ensure transparency and accountability for the programs. This includes delays in obtaining key information from SBA, such as detailed oversight plans and documentation for estimating improper payments.
Lack of safeguards and finalized oversight plans. Given the immediate need for emergency funding, SBA implemented limited safeguards for approving PPP and EIDL loans and lacks finalized plans to oversee the two programs after loan approval, including PPP loan forgiveness.
In June 2020, we reported that SBA’s initial interim final rule for PPP allows lenders to rely on borrower’s certifying their eligibility and the use of loan proceeds. It also requires a limited review of documents provided by the borrower to determine the qualifying loan amount and eligibility for loan forgiveness. We noted that reliance on borrower self-certifications can leave a program vulnerable to exploitation by those who wish to circumvent eligibility requirements or pursue criminal activities.
We also reported that because SBA had limited time to implement safeguards for the PPP loan approval process and assess program risks, ongoing oversight would be crucial. At that time, SBA had announced that it would review loans of more than $2 million to confirm borrower eligibility after the borrower applied for loan forgiveness and that it may review any PPP loan it deemed appropriate.
However, SBA provided few details on these reviews. Therefore, we recommended that SBA develop and implement plans to identify and respond to risks in PPP to ensure program integrity, achieve program effectiveness, and address potential fraud, including in loans of $2 million or less.
In early December 2020, SBA officials said the agency had completed oversight plans and provided a document that SBA characterized as an overview of these plans. At that time, the agency had not yet finalized and provided more comprehensive documentation detailing its oversight plans and how it will implement them.
At the end of December 2020, SBA provided a draft Master Review Plan for the loan review process, but the document we received did not contain detailed policies and procedures for some loan reviews or loan forgiveness reviews as we had previously requested. According to SBA officials, these were in the process of being updated. Until we receive detailed documentation and can review the procedures and checklists that are being used in the review process, we cannot more fully evaluate SBA’s process.
Consistent with our recommendation, in December 2020 Congress passed legislation requiring SBA to submit to the Senate and House Small Business Committees an audit plan detailing the policies and procedures for conducting forgiveness reviews and audits of PPP loans within 45 days of enactment and to provide monthly updates thereafter.
The same legislation also requires SBA to respond to requests from GAO within 15 days (or such later date as the Comptroller General may provide) or report to Congress on the reasons for the delay. In addition, it appropriated about $284 billion for PPP. Borrowers who have already received a loan may obtain a second one if they meet certain conditions, such as having used the full amount of their first PPP loan. New first-time borrowers may also apply for PPP loans under the act.
The CARES Act also relaxed some approval requirements for EIDL, such as requiring the applicant to demonstrate that it could not obtain credit elsewhere, and made certain agricultural businesses eligible. In January 2021, we reported that as of July 14, 2020, SBA had provided about 5,000 advances totaling about $26 million to potentially ineligible businesses in three types of industries—adult entertainment, casino gambling, and marijuana retail.
Additionally, we reported that as of September 30, 2020, SBA approved at least 3,000 loans totaling about $156 million to potentially ineligible businesses that SBA policies state were ineligible for the EIDL program, such as real estate developers and multilevel marketers. SBA officials said that the CARES Act permitted businesses to self-certify their eligibility for EIDL loans and advances.
Therefore, we recommended in January 2021 that to improve SBA’s oversight of its EIDL approval process, SBA should develop and implement portfolio-level data analytics across EIDL loans and advances made in response to Coronavirus Disease 2019 (COVID-19) as a means to detect potentially ineligible and fraudulent applications.
SBA neither agreed nor disagreed with our recommendation. SBA took issue with our finding that potentially ineligible businesses received EIDL advances and loans. SBA stated that CARES Act provisions permitted businesses to self-certify their eligibility and that applicants could not proceed until they certified that they were not engaged in any of the prohibited activities. The agency also stated that a business being in one of the categories we deemed ineligible did not automatically mean the business was ineligible. However, we did not state that the businesses were automatically ineligible.
SBA also referred to actions the agency takes to make sure ineligible businesses do not receive EIDL loans and advances, such as manual review of applications from businesses in prohibited categories, but did not state any plans to conduct data analytics to identify potential ineligible businesses. We maintain that portfolio-level data analytics could help SBA improve its management of fraud risk.
In December 2020, Congress appropriated an additional $20 billion for targeted EIDL advances. The advances are restricted to certain eligible companies that are located in low-income communities, have suffered an economic loss of more than 30 percent, and have no more than 300 employees. Congress also required SBA to perform eligibility verification for advances and permitted SBA to require additional information from applicants, such as tax returns, for loans and advances as part of its verification.
Risk of improper payments and fraud. The limited safeguards when approving PPP and EIDL loans may have increased SBA’s susceptibility to improper payments and fraud.
As we reported in November 2020, it is especially important for agencies with large appropriated amounts, like SBA, to quickly estimate their improper payments, identify root causes, and develop corrective actions when there are concerns about the possibility that improper payments, including those resulting from fraudulent activity, could be widespread.
Because SBA had not done so for PPP, we recommended that SBA expeditiously estimate improper payments and report estimates and error rates for PPP due to concerns about the possibility that improper payments, including those resulting from fraudulent activity, could be widespread. In December 2020, SBA stated that it was planning to estimate improper payments for PPP and that it works to minimize them in its loan programs. However, as of that date the agency had not provided documentation of its plans for testing, including estimates of improper payments and error rates for PPP.
In January 2021, we reported on potentially suspicious activity in the PPP and EIDL programs. Between May and October 2020, financial institutions filed more than 21,000 and 20,000 suspicious activity reports (SAR) related to PPP and EIDL, respectively, with the Financial Crimes Enforcement Network (FinCEN). More than 1,400 institutions had filed SARs related to PPP, and more than 900 institutions had filed SARs related to EIDL.
According to FinCEN officials, these financial transactions involved questionable activity and potential fraud committed by PPP and EIDL loan recipients, such as the rapid movement of funds, and possible identity theft and forgeries. Law enforcement agencies use these reports to help support investigations, such as those related to PPP or EIDL.
In addition to suspicious activity reported by financial institutions, the Department of Justice (DOJ) has publicly announced charges in more than 90 cases related to PPP and EIDL. The charges—filed across the U.S. and investigated by a range of law enforcement agencies—include allegations of making false statements and engaging in identity theft, wire and bank fraud, and money laundering. As of November 2020, DOJ estimated that the defendants in the PPP-related cases sought more than $260 million from PPP.
Moreover, in October 2020, the SBA Office of Inspector General (OIG) reported that its preliminary review revealed strong indicators of widespread potential fraud in the EIDL program. According to the report, the OIG and other law enforcement agencies had seized over $450 million from over 15,000 fraudulent EIDL loans. According to SBA officials, they are working with law enforcement, such as the SBA OIG, to support data requests and make referrals for potential investigation.
Inability to support its accounting and related controls. In December 2020, SBA’s independent financial statement auditor issued a disclaimer of opinion on SBA’s consolidated financial statements as of and for the year ended September 30, 2020, meaning the auditor was unable to express an opinion due to insufficient evidence. As the basis for the disclaimer, the auditor stated that SBA was unable to provide adequate documentation to support a significant number of transactions and account balances related to PPP and EIDL due to inadequate processes and controls.
The auditor identified several material weaknesses in controls related to SBA’s CARES Act programs, including PPP and EIDL. In total, the auditor identified seven material weaknesses related to the following areas: (1) PPP loan approvals, (2) PPP reporting, (3) PPP cost estimates, (4) EIDL loans and advance approvals, (5) EIDL contractor oversight, (6) PPP and other loan guarantee program contractor oversight, (7) overall management controls (e.g., ineffective control environment, risk assessment processes, control activities, information and communication processes, and monitoring processes). Overall, the auditor made 46 recommendations to SBA management. In commenting on the audit, SBA stated it supports the requirements for auditability of its financial statements and is working to correct shortcomings for future audits.
In its discussion of material weaknesses related to PPP, the auditor noted there were over 2 million approved PPP loans (with an approximate total value of $189 billion) flagged by management that are potentially not in conformance with the CARES Act and related legislation. The loans were flagged for one or more of 35 reasons (such as borrower with criminal record or inactive business). In addition, the auditor found that SBA reported approximately $6 billion of PPP loans approved but not disbursed due to unsubmitted or unprocessed reports from lenders. The audit noted there were over 896,000 errors from lender reporting that were identified but not reviewed or processed. The auditor recommended, among other things, that SBA review loans with incomplete or inaccurate reporting and update records as appropriate.
In its discussion of material weaknesses related to EIDL loans and advances, the auditor noted that there were a total of over 6,000 approved and disbursed loans (with a total value of over $212 million) flagged within the loan repository system that were issued to potentially ineligible borrowers. In addition, management noted that adequate controls were not designed and implemented to determine that fraud alerts raised in SBA’s lending portal were sufficiently addressed before loans were approved. The auditor noted SBA management did not have adequate procedures and controls implemented to address certain alerts—such as those triggered when a bank account or routing number could not be verified or when a public records search could not find a business. The auditor recommended, among other things, that SBA perform a thorough review of EIDL loans and advances to identify those not in conformance with the CARES Act and related legislation.
In its discussion of the weaknesses related to overall management controls, the auditor noted deficiencies within all components of internal control. The auditor noted the weaknesses were primarily caused by the prioritization and the urgent need to implement the provisions of the CARES Act and related legislation as quickly and efficiently as possible over internal control processes. The auditor recommended, among other things, that SBA perform and document a thorough risk assessment, develop and implement monitoring controls, and document the internal controls related to implementation of the CARES Act and related legislation.
What Remains to Be Done
Since June 2020, we have made three recommendations to SBA regarding PPP and EIDL. SBA should
- develop and implement plans to identify and respond to risks in PPP to ensure program integrity, achieve program effectiveness, and address potential fraud, including in loans of $2 million or less;
- estimate improper payments and report estimates and error rates for PPP; and
- develop and implement portfolio-level data analytics across EIDL loans and advances made in response to COVID-19 as a means to detect potentially ineligible and fraudulent applications.
In addition, in December 2020 SBA’s financial statement auditor made several recommendations to SBA on PPP and EIDL. It will be important for SBA to implement effective corrective actions to address recommendations from its financial statement audit, including those related to loan approvals and contractor oversight. We are adding Emergency Loans for Small Businesses as a new high-risk area because of the limited controls built into the PPP and EIDL approval processes, the related risk of hundreds of millions of dollars in improper payments, and the consequent need for greater program integrity and better management.
Related GAO Products
COVID-19: Critical Vaccine Distribution, Supply Chain, Program Integrity, and Other Challenges Require Focused Federal Attention. GAO‑21‑265. Washington, D.C.: January 28, 2021.
COVID-19: Urgent Actions Needed to Better Ensure an Effective Federal Response. GAO‑21‑191. Washington, D.C.: November 30, 2020.
Small Business Administration: COVID-19 Loans Lack Controls and Are Susceptible to Fraud. GAO‑21‑117T. Washington, D.C.: October 1, 2020.
COVID-19: Federal Efforts Could Be Strengthened by Timely and Concerted Actions. GAO‑20‑701. Washington, D.C.: September 21, 2020.
COVID-19: Brief Update on Initial Federal Response to the Pandemic. GAO‑20‑708. Washington, D.C.: August 31, 2020.
COVID-19: Opportunities to Improve Federal Response and Recovery Efforts. GAO‑20‑625. Washington, D.C.: June 25, 2020.
DOD Weapon Systems Acquisition
Bookmark:The Department of Defense can better ensure that its sizeable weapon systems investment will help yield a decisive and sustained U.S. military advantage by following knowledge-based practices and developing a plan to monitor recent acquisition reforms.
| Why Area Is High Risk In June 2020, we reported that DOD expects to invest about $1.8 trillion to acquire 106 new weapon systems. Congress and DOD have long sought to improve how DOD acquires these systems, yet many programs continue to fall short of cost, schedule, and performance goals. We added this area to our High-Risk List in 1990. These challenges occur in an era when programs are more software driven than ever before and face global cybersecurity threats. However, software development continues to be a stumbling block for programs, and DOD has made only limited progress in addressing cybersecurity vulnerabilities. A number of other issues could also affect DOD’s ability to keep pace with evolving threats, such as the ability to develop innovative technologies and the capabilities of the defense industrial base. DOD is implementing significant changes in an effort to improve weapon system outcomes. However, considerable work remains, and until it is completed, DOD’s ability to quickly deliver capabilities to the warfighter is hindered. Contact Information For additional information about this high-risk area, contact Shelby S. Oakley, Director, Contracting and National Security Acquisitions at (202) 512-4841 or oakleys@gao.gov. |
Since our 2019 High-Risk Report, our assessment of the Department of Defense’s (DOD) performance against our five criteria remains unchanged.
Leadership commitment: met. DOD continues to demonstrate a strong commitment, at the highest levels, to improving the management of its weapon system acquisitions. However, to sustain the met rating for this criterion, DOD will need to ensure it follows through to complete the implementation of new initiatives. It will also need to address leadership-related recommendations.
Since March 2019, DOD leadership has recognized the evolving challenges the department faces in fielding weapon systems that meet warfighter needs and has consistently taken steps to address them.
In June 2019, we reported that DOD made progress in implementing reforms to restructure the oversight of major defense acquisition programs, including shifting decision-making authority for many programs from the Office of the Secretary of Defense to military departments.
In 2020, DOD reissued its foundational acquisition guidance, emphasizing speed and agility in the acquisition process. The new guidance includes six acquisition pathways based on the characteristics and risk profile of the system being acquired. DOD has also issued supplemental guidance for these pathways and the functions that support them, such as cybersecurity and test and evaluation.
The guidance includes an increased focus on software development and cybersecurity practices that DOD leadership and others have recognized as a particular risk area for the department’s weapons system programs.
DOD leadership has also continued to make progress in clearly defining roles and responsibilities for acquisition oversight. In June 2019, we reported that DOD needed continued leadership attention to address challenges with implementing acquisition oversight reforms, including disagreements between the Office of the Secretary of Defense and the military departments about acquisition oversight roles. Subsequently, the Deputy Secretary of Defense issued a memorandum in December 2019 to define roles for acquisition oversight.
In July 2020, the department issued charters for the Under Secretaries of Defense for Research and Engineering and Acquisition and Sustainment. These two new offices responsible for acquisition oversight were created in response to congressional direction. The charters should help to further clarify roles and responsibilities.
However, work still remains at both the Office of the Secretary of Defense and military department levels to complete the development and implementation of acquisition policies. According to officials from the Office of the Under Secretary of Defense for Acquisition and Sustainment, (1) the military departments will also need to update their policies to align with department-wide policies, and (2) the department will need to develop streamlined processes and tools to support the effective implementation of the newly-issued policies.
In June 2019 we reiterated the importance of recommendations we originally made in 2015 to clarify and strengthen roles and responsibilities at the enterprise level for making portfolio management decisions. These recommendations aim to ensure that DOD’s investments are strategy driven, affordable, and balance near- and long-term needs. We noted that these recommendations may take on more importance for DOD in light of the implementation of acquisition reforms that will further diffuse responsibility for initiating and overseeing acquisition programs, but DOD has yet to implement them.
Capacity: partially met. In reshaping its acquisition organization to emphasize speed and agility, DOD acknowledged the importance of the acquisition workforce and took steps to increase its hiring and training for that workforce. DOD has made sufficient progress in addressing overall acquisition workforce shortfalls such that we have removed that issue from our Contract Management high-risk area this year.
However, since our last High-Risk Report in 2019, we and others reported on capacity challenges related to weapon system acquisition specifically. In June 2019, we reported that DOD faced challenges in filling vacancies in the Offices of the Under Secretaries of Defense for Research and Engineering and Acquisition and Sustainment, as well as gaps in skill sets such as data analytics that are critical to acquisition oversight.
In June 2020, we reported that many major defense acquisition programs reported difficulty in hiring software development staff with the required expertise and in time to complete the required work. DOD has taken initial steps to implement a statutory requirement to establish software development and acquisition training and management programs, but, according to a review by the Defense Innovation Board in March 2020, implementation is still in a formative stage.
With regard to cybersecurity, DOD’s Director, Operational Test and Evaluation reported in December 2019 that the department lacked testing personnel with deep cybersecurity expertise and stated that without substantial improvements in cybersecurity test and evaluation, especially in the workforce, DOD risks lowering overall force readiness and lethality.
Multiple reports we published between August 2015 and April 2020 indicate that DOD needs to enhance its acquisition policies in a number of areas. These areas include (1) ensuring that program cost estimates better conform to leading practices, (2) improving reliability and sustainment planning early in the acquisition process, (3) strengthening coordination and processes for portfolio management, and (4) improving the science and technology management framework to apply leading practices and encourage innovation.
Action plan: partially met. Since our last High-Risk Report in 2019, DOD began implementing planned actions to improve acquisition outcomes, including developing and issuing guidance for six new acquisition pathways under its adaptive acquisition framework. However, the department has yet to develop detailed plans for how it will assess whether the new acquisition pathways achieve intended outcomes, including the applicability of metrics to each pathway.
Additionally, because of changes to its annual performance reporting, DOD may have less insight than it had in the past into root causes of cost or schedule growth to allow it to develop effective action plans. From 2013 to 2016, DOD assessed and reported publicly on its acquisition performance across its full portfolio of programs, including analysis of causative factors. However, DOD’s reporting from 2017 onward includes only limited analysis of program cost and schedule performance and does not analyze causative factors.
While DOD began implementing actions for certain software and cybersecurity challenges, it is still developing implementation plans and policies for others. In response to numerous recommendations made in 2018 by the Defense Science Board and in 2019 by the Defense Innovation Board related to the implementation of leading software practices, DOD made certain existing software development capabilities available enterprise-wide and created working groups to address related workforce issues.
However, DOD is still analyzing how it will address a Defense Science Board recommendation related to machine learning in defense systems, which the board identified as a complicating factor for software acquisitions. Similarly, while we reported in October 2018 that DOD began initiatives to better understand and address cybersecurity vulnerabilities, as of December 2020 according to DOD officials, DOD is still developing and implementing policies in support of its Risk Management Framework approach to cybersecurity in weapons system acquisition.
Monitoring: partially met. The Under Secretary of Defense for Acquisition and Sustainment stated her commitment to conduct data-driven oversight of acquisition programs. Nearly all of these programs are now managed at the military department level instead of the Office of the Secretary of Defense level in part due to a fiscal year 2016 statutory reform. DOD has made progress in developing its approach to this type of oversight, such as completing data strategies for some acquisition pathways.
In June 2020, the Office of the Under Secretary of Defense for Acquisition and Sustainment announced plans to adopt a data and analytics strategy to facilitate data-driven oversight, which the Under Secretary’s office and the military departments are developing together.
This effort could help to address disagreements that we reported on in June 2019 between the Office of the Secretary of Defense and military departments about the amount of program information that military departments should be required to provide to the Office of the Secretary of Defense for certain programs. DOD emphasized the importance of resolving these disagreements in a November 2020 report to Congress in which it noted that ensuring data transparency across the DOD components was a challenge to improving acquisition data.
The department also has yet to take several actions we have recommended in the past to improve the availability and quality of data needed for effective monitoring. For example, in June 2019, we recommended that DOD develop a plan to assess recent acquisition reforms and to identify the necessary data. However, DOD has yet to determine how it will monitor most of the reforms we reviewed.
We also reported on continued challenges with data reliability for one of DOD’s new acquisition pathways—middle-tier acquisition—that is intended to deliver capabilities to the warfighter within 2 to 5 years. In our June 2020 assessment of DOD’s weapon system programs, we observed inconsistent cost reporting and wide variation in schedule metrics across these programs. These issues pose oversight challenges for Office of the Secretary of Defense and military department leaders trying to assess performance of these programs.
We and others also identified challenges with regard to DOD’s efforts to monitor software development efforts. For example, we reported in June 2020 that some weapon system programs did not submit required reports on software development efforts needed to prepare acquisition and life-cycle cost estimates.
Additionally, the Defense Innovation Board reported on several deficiencies with DOD’s software development metrics in May 2019. A working group comprised of DOD and industry officials recommended approaches to monitoring software development efforts in April 2020, but it is too soon to tell whether these approaches will be effective.
Demonstrated progress: partially met. In 2019, we identified a cost avoidance totaling $136 billion in procurement funding DOD realized from 2013 to 2018 after reforming business case and cost estimate practices. In 2019 and 2020, we reported a statistical correlation of lower cost and schedule growth for major defense acquisition programs that consistently implemented specific knowledge-based acquisition practices, such as maturing critical technologies and conducting preliminary design reviews prior to starting development.
These analyses provide evidence that DOD can reduce its cost and schedule growth by consistently implementing knowledge-based acquisition practices. However, our June 2020 assessment of DOD’s weapon systems still shows DOD’s inconsistent implementation of knowledge-based acquisition practices, even among its newer programs.
Programs also show extensive cost and schedule growth from their initial cost and schedule baselines, much of which is unrelated to the increase in quantities purchased.
DOD took significant steps in the past few years to implement acquisition reforms and to issue new guidance. These steps aim to streamline the acquisition process to help deliver capabilities faster and to improve software approaches and cybersecurity practices. It is likely too early to see effects of these reforms on the cost, schedule, and performance of the department’s weapon system acquisition programs.
Until DOD determines its action plan and ensures the availability and quality of data needed for monitoring, DOD and Congress cannot be sure whether the new reforms and policies are leading to the intended results.
What Remains to Be Done
Since we added this area to our High-Risk List in 1990, we have made hundreds of related recommendations. As of December 2020, 114 recommendations remain open, 56 of which we made since the last High-Risk Report in March 2019. To show a continued commitment to improving its weapon systems outcomes, DOD should implement our open recommendations including the following:
- Improve DOD’s ability to manage its portfolio by (1) requiring annual enterprise-level portfolio reviews that incorporate requirements, acquisition, and budget processes; (2) directing appropriate department staff to collaborate on their data needs; and (3) incorporating lessons learned from military service portfolio reviews and portfolio management activities, such as using multiple risk and funding scenarios to assess needs and reevaluate priorities.
- Determine (1) the metrics needed to assess middle-tier acquisition and acquisition programs other than major defense acquisition programs’ cost and schedule performance; and (2) how reliable data will be collected and shared between the services and the department to facilitate oversight.
- Implement several recommendations to individual programs related to knowledge-based acquisition practices including (1) fully maturing critical technologies prior to starting development; (2) ensuring program cost estimates are fully compliant with best practices including cost risk assessments; and (3) employing reliability and sustainment planning early in a program’s development to ensure realistic reliability requirements and that sustainment cost targets are met.
- Implement numerous recommendations to individual military departments and DOD components related to improving acquisition cost, schedule, and performance.
- Implement guidance for software development that provides specific, required direction on when and how often to involve users early in the development process and to continue involving users through development of related program components.
- Implement leading practices for managing science and technology programs.
Related GAO Products
Columbia Class Submarine: Delivery Hinges on Timely and Quality Materials from an Atrophied Supplier Base. GAO‑21‑257. Washington, D.C.: January 14, 2021.
Defense Science and Technology: Opportunities to Better Integrate Industry Independent Research and Development into DOD Planning. GAO‑20‑578. Washington, D.C.: September 3, 2020.
Defense Acquisitions Annual Assessment: Drive to Deliver Capabilities Faster Increases the Importance of Program Knowledge and Consistent Data for Oversight. GAO‑20‑439. Washington, D.C.: June 3, 2020.
F-35 Joint Strike Fighter: Actions Needed to Address Manufacturing and Modernization Risks. GAO‑20‑339. Washington, D.C.: May 12, 2020.
Navy Shipbuilding: Increasing Focus on Sustainment Early in the Acquisition Process Could Save Billions. GAO‑20‑2. Washington, D.C.: March 24, 2020.
Space Command and Control: Comprehensive Planning and Oversight Could Help DOD Acquire Critical Capabilities and Address Challenges. GAO‑20‑146. Washington, D.C.: October 30, 2019.
Army Modernization: Army Futures Command Should Take Steps to Improve Small Business Engagement for Research and Development. GAO‑19‑511. Washington, D.C.: July 17, 2019.
DOD Acquisition Reform: Leadership Attention Needed to Effectively Implement Changes to Acquisition Oversight. GAO‑19‑439. Washington, D.C.: June 5, 2019.
Weapon Systems Annual Assessment: Limited Use of Knowledge-Based Practices Continues to Undercut DOD's Investments. GAO‑19‑336SP. Washington, D.C.: May 7, 2019.
Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities. GAO‑19‑128. Washington, D.C.: October 9, 2018.
DOD Financial Management
Bookmark:The Department of Defense needs to continue to improve its information systems controls, action plans, and monitoring efforts to produce reliable, useful, and timely financial information for decision makers.
| Why Area Is High Risk DOD’s financial management continues to face long-standing issues—including its ineffective processes, systems, and controls; incomplete corrective action plans; and the need for more effective monitoring and reporting. DOD financial management has been on our High-Risk List since 1995. Although DOD’s spending makes up about half of the federal government’s discretionary spending, and its physical assets represent more than 70 percent of the federal government’s physical assets, it remains the only major agency that has never been able to accurately account for and report on its spending or physical assets. DOD’s financial management issues extend beyond financial reporting as long-standing control deficiencies adversely affect the economy, efficiency, and effectiveness of its operations. Sound financial management practices and reliable, useful, and timely financial and performance information would help ensure DOD’s accountability over its extensive resources and more efficient management of its assets and budgets. DOD’s approach to addressing these management challenges is to correct the issues identified by its auditors, and downgrade or eliminate material weaknesses. Contact Information For additional information about this high-risk area, contact Asif Khan, (202) 512-9869, khana@gao.gov. |
Since our 2019 High-Risk List, the Department of Defense (DOD) has made progress to partially meet the criterion of demonstrated progress. The other four criteria remain unchanged.
The Coronavirus Disease 2019 (COVID-19) pandemic altered the timing and scope of the fiscal year 2020 financial statement audits, and affected DOD components’ ability to complete audit remediation activities. DOD continues to assess the overall effect COVID-19 is having on its efforts to improve financial management at the department.
Leadership commitment: met. Since our 2019 High-Risk Report, DOD leadership continued its commitment to financial management improvements by (1) implementing a database that tracks thousands of financial statement audit findings; (2) including financial statement audit issues in the Secretary of Defense’s broader reform agenda; and (3) providing information about DOD’s strategic financial management transformation efforts, audit remediation progress, and audit metrics at meetings with (or in reports to) Congress, senior leaders, and the Under Secretary of Defense (Comptroller).
DOD also continued to include mandatory performance requirements, such as effectively closing audit findings issued by DOD’s auditors, for relevant members of its Senior Executive Service to support these annual financial statement audits.
Capacity: partially met. DOD has efforts under way to address capacity. For example, in fiscal year 2019, 23 of 26 Other Defense Organizations, such as the Defense Information Systems Agency, migrated to a standardized enterprise resource planning system, which should reduce the number of financial management systems used. In addition, the Defense Finance Accounting Service collaborated with the Secretary of Defense to use a central financial management data repository to help components verify that transactions are accurate and complete and demonstrate how they flow to its financial statements.
DOD also led an initiative to reduce the number of legacy financial management systems by investing in current enterprise resource planning systems and certain financial management systems. However, in September 2020, we reported that the department’s financial management systems strategy did not include measures for tracking progress in achieving the strategy’s goals. We also reported that DOD does not know how much it spends on the systems that support its financial statements because it does not have a way to reliably identify them. Since beginning a department-wide financial statements audit in fiscal year 2018, auditors have reported material weaknesses across numerous areas, including systems controls that affect the accuracy of financial reporting and pose a significant risk to DOD’s operations.
DOD continues to use a financial management certification program to provide targeted financial management and leadership training and education to address its financial management workforce skills gaps. Nevertheless, DOD continues to face financial management personnel capacity challenges in its efforts to mitigate competency gaps by adding personnel with the requisite financial management skills. For example, DOD acknowledges that succession planning across the department is inconsistent, it has to compete with industry for financial management talent, and that it has difficulty retaining millennials.
Action plan: partially met. DOD and its components have taken some steps to prioritize audit remediation efforts, develop corrective action plans (CAP) to address findings reported by its external auditors, and improve their ability to monitor and report on such efforts. For example, as of May 2020, DOD had identified eight financial statement audit remediation priority areas and is working to further prioritize its remediation efforts to focus on critical findings that contribute to material weaknesses in these areas.
DOD also developed and implemented a centralized database to track, summarize, and report information about the audit findings, recommendations, and related CAPs to address them. However, there are opportunities for DOD to continue strengthening its action plans. For example, in October 2020 we reported that DOD’s CAPs to address audit findings do not always (1) include required information, (2) indicate that a root-cause analysis was conducted, and (3) document the rationale for accepting the risk associated with not taking action on certain deficiencies and appropriately identify such instances in the database.
Monitoring: partially met. DOD identified financial statement audit remediation priority areas and metrics to monitor progress for addressing certain material weaknesses. DOD also reviewed CAPs to determine if they included information specified by the Office of Management and Budget, such as the year the deficiency was first identified and the targeted corrective action date.
To monitor progress, DOD uses a reporting tool to produce reports for high-level decision-making and reporting based on real-time data contained in its centralized database. This tool enables DOD to produce reports on the status of audit findings and its efforts to address audit priority areas and material weaknesses.
However, the database information may be inaccurate, unreliable, and incomplete for management decision-making. For example, in October 2020 we reported that financial statement audit findings were not always linked to the correct CAPs in the centralized database. Additionally, although DOD reviews the database information monthly, it does not follow up on instances of outdated information or other exceptions identified to ensure components resolve them timely. Without complete and reliable information on DOD’s audit remediation efforts, internal and external stakeholders may not have quality information to effectively monitor and measure DOD’s progress.
Demonstrated progress: partially met. Since DOD has made some progress to address its financial management challenges the rating for this criterion improved from not met in 2019 to partially met in 2021. For example, in 2020, DOD completed its third entity-wide financial statement audit. Although DOD did not receive an opinion on its financial statements, it successfully implemented corrective actions that enabled auditors to close 623 (26 percent) of the audit findings issued in fiscal year 2018. DOD anticipates successfully implementing corrective actions that will enable auditors to close over 20 percent of the audit findings issued in fiscal year 2019.
Ensuring DOD financial statement audits are conducted annually is important for a variety of reasons. Over the last few years these audits have led to operational improvements that have saved millions of dollars and better positioned DOD for readiness and deployment. Financial statement audits also help DOD improve its operations by evaluating information technology and cyber systems for compliance with specified requirements, testing the department’s financial information for accuracy, and identifying specific control weaknesses during the audit that need to be addressed by DOD’s management.
Financial statement audits not only determine the accuracy of financial records, but also provide actionable feedback on weaknesses and inefficiencies in DOD’s financial management processes that, if corrected, can result in more efficient operations, better decision-making, and better use of the significant resources provided to DOD.
DOD also developed performance metrics to assess its progress on audit remediation priority areas. In addition, the military services developed methodologies to prioritize their audit findings concluding that more than half of their fiscal year 2018 audit findings are high priority and significant to their financial statement audits.
In fiscal year 2018, DOD established a centralized database to track and monitor audit findings issued from financial statement audits and the related CAPs developed to remediate them. However, DOD does not have effective processes to regularly monitor the quality of the CAP information included in the database. As a result, the database information may be inaccurate or incomplete, affecting the quality of information provided to management and Congress on the status of DOD audit remediation efforts.
While this progress is encouraging, additional actions will be needed to continue to address DOD’s ability to provide reliable, useful, and timely financial and managerial information related to areas such as financial management systems and information technology, inventory, property plant and equipment, and fund balance with the Department of the Treasury.
What Remains to Be Done
It is critical that DOD and its components continue their efforts to address long-standing financial management deficiencies. Over the years, since we added this area to our High-Risk List, we have made numerous recommendations related to this issue, 33 of which we made since the last update in March 2019. As of December 2020, 49 recommendations are open. To address its complex array of financial management challenges, DOD needs to take actions, such as the following that we recommended in September and October 2020:
- updating its guidance to instruct components to document root-cause analysis when needed to address deficiencies auditors identified;
- improving its CAP review process to ensure data elements not included in CAPs are appropriately identified and communicated to components and resolved, audit findings are linked to the correct CAPs, and components document their rationale for accepting the risk associated with certain deficiencies and appropriately identify such instances in its database;
- developing and implementing a DOD-wide strategy to remediate real property asset control issues;
- establishing performance goals that include performance indicators, targets, and time frames to monitor the status of efforts to address information technology-related audit findings;
- implementing a mechanism to identify financial management systems that support the preparation of its financial statements in the department's systems inventory and budget data, and identify a complete list of financial management systems; and
- establishing time frames for developing an enterprise road map to implement its financial management systems strategy that documents the current and future state; includes a transition plan for moving from the current to the future; discusses performance gaps, resource requirements, and planned solutions; and maps DOD's financial management systems strategy to projects and budget. The plan should also document the tasks, time frames, and milestones for implementing new solutions, and include an inventory of systems.
Related GAO Products
DOD Financial Management: Continued Efforts Needed to Correct Material Weaknesses identified in Financial Statement Audits. GAO‑21‑157. Washington, D.C.: October 13, 2020.
Financial Management: DOD Needs to Implement Comprehensive Plans to Improve Its Systems Environment. GAO‑20‑252. Washington, D.C.: September 30, 2020.
Defense Real Property: DOD-Wide Strategy Needed to Address Control Issues and Improve Reliability of Records. GAO‑20‑615. Washington, D.C.: September 9, 2020.
Air Force: Enhanced Enterprise Risk Management and Internal Control Assessments Could Improve Accountability over Mission-Critical Assets. GAO‑20‑332. Washington, D.C.: June 18, 2020.
Department of Defense: Actions Needed to Reduce Accounting Adjustments. GAO‑20‑96. Washington, D.C.: January 10, 2020.
DOD Business Systems Modernization
Bookmark:The Department of Defense needs to improve management of its business systems acquisitions and leverage its federated business enterprise architecture to identify and address potential duplication and overlap across systems.
| Why Area Is High Risk DOD spends billions of dollars each year to acquire modernized systems, including ones that address key areas such as personnel, financial management, health care, and logistics. While DOD’s capacity for modernizing its business systems has improved over time, significant challenges remain. We first added this area to our High-Risk List in 1995. This high-risk area includes three critical challenges facing DOD: (1) improving business systems acquisition management, (2) improving business systems investment management, and (3) leveraging DOD’s federated business enterprise architecture. Improving business system acquisition management would contribute to better cost, schedule, and performance outcomes for DOD systems. Improving business system investment management would allow DOD to more effectively and efficiently manage its portfolios of business system investments. Enhanced use of its federated business enterprise architecture would help DOD identify and address potential duplication and overlap across its business systems environment. We have made numerous recommendations related to this high-risk issue since we added it to our high-risk list. As of December 2020, 16 recommendations in critical areas were open. Contact Information For additional information about this high-risk area, contact Kevin Walsh at (202) 512-6151 or WalshK@gao.gov. |
Since our 2019 High-Risk Report, the five criteria remain unchanged overall, although there was both regression and progress within individual segment areas.
For example, the business enterprise architecture segment area regressed within the capacity criteria due to the department’s decision to revisit its previously planned approach to improving the architecture, halt work associated with the previous approach, and begin a new improvement effort.
There was some progress pertaining to the capacity criterion within the acquisition management segment area. In particular, the Department of Defense (DOD) Chief Management Officer (CMO) submitted a human capital report to Congress that included plans to address identified skills gaps. However, DOD has not indicated when these plans will be completed.
DOD’s Business Systems Acquisition Management
The capacity criterion rating for this segment has improved since our 2019 High-Risk Report, while the other four criteria remain unchanged.
Leadership commitment: partially met. Since our 2019 High-Risk Report, DOD has developed updated policy and guidance for managing business system investments that reflect changes called for by the National Defense Authorization Act (NDAA) for Fiscal Year 2016 (10 U.S.C. § 2222).
According to officials, in March 2020, DOD established a Defense Business Systems and Enterprise Business Optimization Directorate within the Office of the CMO. This new office was intended to assist the Office of the CMO with implementation of statutory requirements for, among other things, managing defense business systems.
DOD needs to demonstrate consistent leadership over business system acquisitions. In particular, the department has not yet made additional planned updates to its business systems investment management guidance, or defined steps for addressing this high-risk area, as planned.
Further, the NDAA for Fiscal Year 2021 repealed the CMO position and DOD needs to implement new statutory requirements regarding the future of the roles and responsibilities for business systems acquisition management that were previously assigned to the CMO.
Capacity: partially met. Since our 2019 High-Risk Report, the Office of the CMO, which established policy and guidance for business system investments and oversaw a subset of business system investments, conducted a human capital analysis, as we recommended in May 2013. This analysis included a skills inventory, needs assessment, and planned actions to better support the office’s responsibilities.
However, planned actions have not yet been completed, including business capability reviews intended to, among other things, identify skills and other resource gaps.
Action plan: not met. According to officials, the department is developing a plan that includes specific actions and associated milestones to address what remains to be done for this segment of the high-risk area. However, they have not indicated when this plan will be completed. As a result, DOD does not have a common baseline to document DOD-wide commitments and their associated time frames.
Monitoring: partially met. DOD provides information to the federal Information Technology (IT) Dashboard—a public website hosted by the Office of Management and Budget that allows federal agencies and the public the ability to view details of federal information technology investments online and to track their progress over time—that may allow the department to document progress in improving its business system acquisition outcomes.
However, without an approved action plan for addressing gaps described in this segment of the high-risk area, DOD lacks the means to monitor broader progress in improving to its business system acquisition management efforts.
Demonstrated progress: partially met. Since our 2019 High-Risk Report, DOD has had mixed success in delivering business systems investments that meet cost, schedule, and performance commitments. For example, we reported in June 2020 that the Integrated Personnel and Pay System—Army Increment 2, which is intended to deliver fully integrated personnel and pay services for all Army components, met all five of its technical performance targets, but experienced a 72 percent increase in its life-cycle cost estimate ($1.38 billion).
We also reported that the DOD Healthcare Management System Modernization, which is intended to provide modernized electronic health records, failed to meet any of its three technical performance targets and experienced a 15.7 percent increase in its life-cycle cost estimate ($1.27 billion).
In addition, since March 2019, DOD has made progress in addressing a recommendation made in March 2016 aimed at improving the management of major IT programs. This includes ensuring that the Defense Enterprise Accounting and Management System addressed weaknesses in its controls for ensuring that all software requirements are tested and validated prior to any new software releases.
However, the department still needs to address our recommendations aimed at making further improvements associated with, among other things, its use of incremental development, and updating policy or guidance for major IT programs.
What Remains to Be Done
DOD needs to take various steps, including
- implementing planned items within the human capital analysis;
- developing an action plan for addressing this high-risk area;
- demonstrating improved success in meeting business systems cost, schedule, and performance expectations; and
- addressing our various open recommendations associated with this high-risk area. Those recommendations are aimed at updates to policy or guidance for major IT programs to include, among other things, thresholds for cost and schedule variances, and a process for periodic performance reporting to stakeholders. The updates also should include, among other things, making further use of incremental development.
DOD’s Business Systems Investment Management Process
Ratings for this segment remain unchanged since our 2019 High-Risk Report, with DOD partially meeting three criteria and not meeting the remaining two.
Leadership commitment: partially met. DOD has made progress complying with requirements for managing business system investments—which support key business areas such as personnel and financial management—in the NDAA for fiscal year 2016. Nevertheless, more remains to be done.
For example, in November 2019, consistent with a legislative provision and our recommendation, DOD issued a policy requiring full consideration of sustainability and technological refreshment requirements (i.e., periodic updates to systems to help ensure their continued supportability) for its business system investments. In addition, in October 2020, the department developed a draft management playbook intended to assist the former Office of the CMO with effectively delivering its mission. The draft playbook included information such as performance measures associated with streamlining the defense business systems environment.
DOD also needs to ensure that it exercises consistent leadership over the business systems investment management process. This includes ensuring that guidance for the process is updated to include key elements from our previous recommendations. For example, the guidance should include a process to ensure that portfolio assessments intended to evaluate the performance of groups of systems, including those systems within the financial management systems portfolio, address key areas identified in our Information Technology Investment Management framework, including schedule and risks. The department also needs to ensure a plan to address this high-risk area is developed, as planned.
Further, the department needs to implement new statutory requirements regarding the future of the roles and responsibilities for business systems investment management previously assigned to the CMO.
Capacity: partially met. DOD has established an investment review board and guidance for overseeing its largest business system investments. Further, the Office of the CMO demonstrated that it had conducted a human capital analysis, as we recommended in May 2013. This analysis included a skills inventory, needs assessment, and planned actions to better support the office’s responsibilities.
However, planned actions have not yet been completed, including one that calls for the department to complete business capability reviews intended to, among other things, identify skills and other resource gaps.
Action plan: not met. According to officials, the department is developing a plan that includes specific actions and associated milestones to address what remains to be done for this segment of the high-risk area. However, they have not indicated when they expect to complete it. As a result, DOD does not have a common baseline to document DOD-wide commitments and their associated time frames.
Monitoring: not met. Without an approved action plan for addressing this segment of the high-risk area, DOD lacks a means to monitor progress towards improving to its business system investment management process.
Demonstrated progress: partially met. Since our 2019 High-Risk Report, DOD has taken steps to improve its business system investment management process by addressing some associated recommendations. For example, DOD developed a policy to require full consideration of sustainability and technological refreshment requirements for its defense business systems investments. Further, the Department of the Army demonstrated that it had improved its guidance for certifying defense business systems.
However, DOD needs to show continued progress in addressing our remaining recommendations associated with the investment management process, such as developing improved investment management guidance. For example, we have recommended that DOD should update its investment management guidance to ensure that functional strategies, which are intended to define business outcomes, priorities, measures, and standards for specific business areas (e.g., human resources management), include all of the critical elements required by the investment management guidance (e.g., performance measures that include baseline and target measures).
What Remains to Be Done
DOD should implement our recommendations on improving its business system investment management efforts, and any planned actions related to this area, including:
- implementing planned actions within the human capital analysis;
- updating investment management policy and guidance; and
- ensuring that functional strategies include all of the critical elements identified in DOD investment management guidance.
DOD’s Federated Business Enterprise Architecture
Since our 2019 High-Risk Report, the capacity criteria has regressed. The other four criteria remain unchanged.
Leadership commitment: partially met. Since our 2019 High-Risk Report, the department has revamped its efforts to develop the next generation of its federated business enterprise architecture. The business enterprise architecture is DOD’s blueprint for business transformation. It is to describe information such as business capabilities, processes, data, information exchanges, system functions, system data exchanges, and technical standards. According to the department, the new approach to the architecture will involve greater integration with other key department processes, such as the investment management process.
However, as of December 2020, a plan to guide the effort to improve the business enterprise architecture, with tasks and associated milestones, had yet to be finalized by department leadership.
DOD also needs to implement new statutory requirements regarding the future of the roles and responsibilities for defense business systems previously assigned to the CMO.
Capacity: partially met. In our 2019 High-Risk Report, we reported that the department had established the tools and processes intended to improve its efforts to identify potentially duplicative systems. We also reported that the department developed a plan with associated milestones to update its architecture. However, the department did not complete all tasks associated with this plan.
DOD officials stated that, as of March 2020, DOD had revisited its approach for updating its business enterprise architecture. Department officials have stated that they expect this new approach to assist department leadership in making better decisions with a more robust set of analytical tools. DOD also provided a draft strategy for updating and using its business enterprise architecture and a timeline describing when technical updates will be completed. This timeline showed that technical updates are to be completed by the end of fiscal year 2021. However, the department did not complete its previously planned effort to update the architecture, which raises concerns about its ability to follow through with current plans.
Nevertheless, as department officials work to implement their new approach to the business enterprise architecture, they can continue to leverage existing tools to help streamline business operations and identify potentially duplicative systems, including the department’s existing business enterprise architecture and associated data.
Action plan: partially met. DOD has developed a draft strategy for updating and using its business enterprise architecture and a timeline that describes high-level activities and time frames for the technical implementation and configuration of its updated business enterprise architecture. However, the timeline is incomplete. Specifically, the timeline and other associated documentation do not address tasks associated with improving the use of the architecture and do not include all activities needed to complete the technical implementation and configuration.
Monitoring: partially met. DOD provided a timeline that describes high-level activities and time frames for the technical implementation and configuration of its business enterprise architecture and DOD officials stated that the timeline is used internally to monitor progress. However, the timeline incomplete. Nevertheless, it can be used as an indicator to determine whether the department is making intended progress for part of its planned efforts.
Demonstrated progress: partially met. DOD has established the capacity to identify potentially duplicative investments and provided examples of benefits attributed, at least in part, to its business enterprise architecture. Nevertheless, the department is revamping its approach to its business enterprise architecture and has not yet demonstrated that it is actively and consistently assessing potential duplication and overlap to eliminate duplicative systems.
Further, DOD needs to demonstrate progress in addressing our remaining open recommendations, which we made between 2012 and 2018, such as integrating its business and IT architectures, and demonstrating that the three capabilities intended to improve the business enterprise architecture have been hosted in a government-approved cloud environment.
What Remains to Be Done
DOD needs to
- demonstrate that it has developed a plan for improving its business enterprise architecture,
- demonstrate that it is actively and consistently using assessments of potential duplication and overlap to identify and eliminate duplicative systems, and
- demonstrate progress in addressing our remaining open recommendations, such as integrating its business and IT architectures.
Related GAO Products
Information Technology: DOD Software Development Approaches and Cybersecurity Practices May Impact Cost and Schedule. GAO‑21‑182. Washington, D.C.: December 23, 2020.
Business Systems Modernization: DOD Has Made Progress in Addressing Recommendations to Improve IT Management, but More Action Is Needed . GAO‑20‑253. Washington, D.C.: March 5, 2020.
Federal Chief Information Officers: Critical Actions Needed to Address Shortcomings and Challenges in Implementing Responsibilities. GAO‑18‑93. Washington, D.C.: August 2, 2018.
DOD Major Automated Information Systems: Adherence to Best Practices Is Needed to Better Manage and Oversee Business Programs. GAO‑18‑326. Washington, D.C.: May 24, 2018.
Defense Business Systems: DOD Needs to Continue Improving Guidance and Plans for Effectively Managing Investments. GAO‑18‑130. Washington, D.C.: April 16, 2018.
DOD Approach to Business Transformation
Bookmark:The Department of Defense should formalize key officials’ responsibilities for business transformation efforts, address resource needs, and improve analysis of its business operations costs and savings.
| Why Area Is High Risk DOD spends billions of dollars each year to maintain key business operations intended to support the warfighter, including systems and processes related to the management of contracts, finances, the supply chain, support infrastructure, and weapon systems acquisition. Weaknesses in these areas adversely affect DOD’s efficiency and effectiveness, and render its operations vulnerable to waste, fraud, and abuse. DOD’s approach to transforming these business operations is linked to DOD’s ability to perform its overall mission, directly affecting the readiness and capabilities of U.S. military forces. We added DOD’s overall approach to managing business transformation as a high-risk area in 2005 because DOD had not taken the necessary steps to achieve and sustain business reform on a broad, strategic, department-wide, and integrated basis. In addition, when we added the area to the high-risk list, DOD did not have an integrated plan for business transformation with specific goals, measures, and accountability mechanisms to monitor progress and achieve improvements. Further, DOD’s historical approach to business transformation has not proven effective in achieving meaningful and sustainable progress in a timely manner. Contact Information For additional information about this high-risk area, contact Elizabeth Field at (202) 512-2775 or FieldE1@gao.gov. |
Since our 2019 High-Risk Report, ratings for all criteria remain unchanged. Specifically, the Department of Defense (DOD) has met the action plan criterion and partially met the leadership commitment, capacity, monitoring, and demonstrated progress criteria.
Leadership commitment: partially met. While DOD has continued to demonstrate leadership and show momentum in transforming its business operations, uncertainty about responsibility for the department’s business operations has increased.
For example, in 2019, the Secretary and Deputy Secretary of Defense led an assessment of organizations within the Office of the Secretary of Defense and selected Defense Agencies and DOD Field Activities (DAFA)—including those that support the department’s enterprise business operations. This effort aimed to better align resources with National Defense Strategy priorities.
While DOD’s actions over the past 2 years demonstrate a continued leadership commitment to business transformation, uncertainty about the responsibility for spearheading DOD reform and efficiency efforts calls into question whether this leadership commitment can be sustained. Most notably, the position of Chief Management Officer (CMO), which has functioned as the primary lead over DOD reform and efficiency efforts, has been eliminated by the National Defense Authorization Act for Fiscal Year 2021.
In recent years, this office had coordinated with other relevant components to further the department’s reform efforts. For example, as chair of DOD’s Reform Management Group, the governance forum for the department’s business reform efforts, the CMO played a key role in improvements in establishing cost baselines for business reform efforts. In January 2021, however, the Deputy Secretary of Defense issued a memorandum stating, among other things, that the Reform Management Group would be disbanded and its related ongoing actions transferred to the Defense Business Council.
Given the complexity and magnitude of the challenges facing DOD in improving its business operations, we previously identified the need for a CMO with significant authority and experience to sustain progress on these issues. While the National Defense Authorization Act for Fiscal Year 2021 provides for the transfer of the CMO’s responsibilities and resources to one or more offices within DOD, uncertainty about how the offices that assume these responsibilities will function—including whether they have appropriate authorities and resources to lead the department’s reform and efficiency efforts—may impede those efforts. The Deputy Secretary of Defense’s January 2021 memorandum provides an initial roadmap for dividing these responsibilities, but it will require specific implementing guidance. Also, there are questions about how these offices will coordinate with one another.
We have previously reported that in cases in which leadership changed—or was briefly absent—interagency collaborative mechanisms and related progress either disappeared or were considerably hindered. Our prior work has also found that organizational changes may take multiple years to be achieved. Institutionalizing these changes in policy or procedures can help sustain efforts beyond leadership turnover.
Even prior to the elimination of the CMO position, its roles, responsibilities, and authorities, such as the CMO’s ability to direct the military departments in matters related to business operations, remained informal and unresolved. Without a determination and communication by the Secretary or Deputy Secretary of Defense about how the CMO was to direct the business-related activities of the military departments, the CMO’s ability to lead DOD’s reform of its enterprise business operations and to direct the military departments was limited.
This situation could lead to fragmented business reform efforts. As the CMO’s roles and responsibilities are transferred to other officials, ensuring those officials have the necessary authorities, and that their roles and responsibilities are clearly communicated, will be important to sustaining progress in this area.
Capacity: partially met. In our March 2019 High-Risk Report, we highlighted that, while the CMO’s responsibilities were expanding, the budget requested for the Office of the CMO (OCMO) had declined. Additionally, we reported that DOD had established reform teams led by senior officials throughout the department charged with identifying and implementing initiatives to consolidate the department’s business operations.
However, the OCMO did not request funding for reform team initiatives, in part because officials had initially planned to use available funding from the savings generated by the initiatives to fund the development and implementation of other initiatives. OCMO officials later recognized the need for the initiatives to obtain funding separate from any savings realized, but had not developed an approach to do so. As a result, reform teams reported lacking funding needed to implement some of their initiatives.
DOD has made some progress in managing its existing capacity. For example, in August 2019, DOD issued guidance for reviews of the DAFAs. The guidance reflects key elements of quality evaluations including: (1) requiring frequent data-driven reviews that would support high-quality, sufficient, and appropriate data for their evaluations; (2) establishing clear criteria for selecting DAFAs to review; and (3) ensuring results of the review are relevant to leadership stakeholders. This step demonstrates a growing ability of the department to approach business transformation efforts in a methodical and systematic fashion.
However, DOD has still not established a process for identifying and prioritizing available funding to develop and implement initiatives from the cross-functional reform teams, as we recommended in January 2019. Also, OCMO officials told us that resource limitations continue to pose a significant challenge to them.
We also reported in November 2020 that while key offices responsible for overseeing reform efforts, including the OCMO, have generally followed leading practices for coordination, an absence of written guidance delineating roles and responsibilities could hinder future efforts. In light of the recent elimination of the CMO position, ensuring that the offices that assume the CMO’s responsibilities have sufficient capacity to perform those duties will be critical to sustaining progress on DOD’s efforts.
Action plan: met. In March 2019, DOD improved from partially met to met because DOD had issued its National Defense Business Operations Plan in May 2018. Further, DOD’s Fiscal Year 2019 Annual Performance Plan identified performance goals and measures to achieve the strategic goals and objectives described in the National Defense Business Operations Plan, including the goal of reforming the department’s business practices.
In its Fiscal Year 2020 and Fiscal Year 2021 Annual Performance Plans, DOD continued to reflect the strategic goals and objectives of the National Defense Business Operations Plan. As the CMO position’s responsibilities are dispersed, it will remain important for the department to continue its efforts in maintaining and refining its action plans.
Monitoring: partially met. The department has continued to make progress in monitoring its business transformation efforts, and officials have recognized the need for further improvements.
We reported in our March 2019 High-Risk update that DOD had established a senior-level Reform Management Group to identify opportunities for reform and provide support for its reform teams, although the structure and processes of the group were changing. We further described a portal the group used to track project milestones and metrics.
In recent years, DOD had refined and updated its Reform Management Group processes by, for example, establishing a charter and clarifying decision milestones for the group. DOD had continued to use its portal to provide a single source to report transparently and consistently on business reform initiatives in support of the Reform Management Group. However, as noted above, the Reform Management Group has now been disbanded.
DOD also made some progress since 2019 in establishing valid and reliable cost baselines for its enterprise business operations and in documenting related cost savings. For example, we reported in November 2020 that in a January 2020 report on defense business operations mandated by Congress, the department addressed most of the key requirements, such as reporting the number of military and civilian personnel as well as the costs of required enterprise business activities. Further, the department was transparent in acknowledging data limitations, such as a lack of specific financial data, which precluded it from meeting all requirements.
DOD has ongoing efforts to develop baselines for all of the department’s enterprise business operations that should enable it to better track the resources devoted to these operations and reform progress. In November 2020, we also reported that we observed a demonstration of the analytical tools designed to help DOD track reforms, including a tool that visualized and detailed the costs associated with individual business operations.
We also reported that, while still in progress, this effort shows promise in meeting the need for consistent baselines for DOD’s reform efforts. Ensuring that these tools are further refined and adopted across DOD’s enterprise business operations are key steps in ensuring the department has a consistent basis on which to make decisions and measure progress of its reform efforts. As the CMO’s responsibilities are dispersed, ensuring that these efforts to monitor the department’s progress are sustained will be an important part of DOD’s efforts in this area.
Demonstrated progress: partially met. DOD has claimed progress in business reform from a number of efforts, including its Defense-wide Reviews, and reform efforts led by the Reform Management Group, among others. DOD claimed a total of $37 billion in savings from fiscal year 2017 through fiscal year 2021 from its reform efforts in its annual budget materials and other reports.
However, we were unable to determine the quality of the analysis that led to DOD’s savings claims. In our November 2020 report, we reviewed selected initiatives that support the department’s reform efforts and we were generally able to validate cost savings by comparing them with budget materials. However, DOD’s analysis supporting the savings was not always well documented. For example, DOD had limited information on the analysis underlying its savings estimates, including (1) economic assumptions, (2) alternative options it considered, and (3) any costs of taking the actions to realize savings, such as implementation or opportunity costs.
Further, we reported that some of the cost savings initiatives were not clearly aligned with DOD’s definitions of reform; as a result, DOD may have overstated savings from its reform efforts. For example, one initiative was based on the delay and elimination of certain military construction projects in fiscal year 2021 to, according to DOD officials, fund higher priorities. If a construction project is delayed but still planned, those costs will likely be realized in a future year.
As we reported in November 2020, without processes to standardize development and documentation of savings and to consistently identify reform savings based on reform definitions, decision makers lack reliable information on DOD’s estimated reform savings. Nor do they have information on the extent to which these savings are due to the transformation of its business operations.
What Remains to Be Done
Since we added this area to our High-Risk List, we have made numerous recommendations related to this high-risk area, including 13 that are open. For example, to make progress in its approach to business transformation, DOD should
- provide department-wide guidance on roles, responsibilities, and authorities for business reform efforts, including those that are being transferred from the CMO to other organizations;
- implement and communicate a process for providing resources to support the reform teams and other department reform initiatives, as needed;
- implement a formal process for determining and documenting savings estimates, including underlying analyses that reflect department wide guidance and best practices for economic analysis;
- clarify the department’s definitions of reform and consistently report reform savings based on those definitions; and
- develop formal guidance and policies as they relate to DOD reform and efficiency collaboration efforts for these efforts to be sustained beyond any leadership and organizational changes.
Related GAO Products
Defense Reform: DOD Has Made Progress, but Needs to Further Refine and Formalize Its Reform Efforts. GAO‑21‑74. Washington, D.C.: November 5, 2020.
Defense Management: DOD Needs to Implement Statutory Requirements and Identify Resources for Its Cross-Functional Reform Teams. GAO‑19‑165. Washington, D.C.: January 17, 2019.
Defense Efficiency Initiatives: Observations on DOD’s Reported Reductions to Its Headquarters and Administrative Activities. GAO‑18‑688R. Washington, D.C.: September 24, 2018.
Defense Management: DOD Needs to Address Inefficiencies and Implement Reform across Its Defense Agencies and DOD Field Activities. GAO‑18‑592. Washington, D.C.: September 6, 2018.
Government-wide Personnel Security Clearance Process
Bookmark:The government-wide personnel security clearance process continues to face challenges in the timely processing of clearances, measuring the quality of investigations, and ensuring the security of related information technology systems.
| Why Area Is High Risk We placed the government-wide personnel security clearance process on the High-Risk List in January 2018 because it faces significant challenges related to (1) the timely processing of clearances, (2) measuring investigation quality, and (3) ensuring IT security, among other things. Timeliness. The executive branch has been unable to consistently process personnel security clearances within established timeliness objectives. Quality. A high-quality personnel security clearance process minimizes the risks of unauthorized disclosures of classified information and helps ensure that information about individuals with criminal histories or other questionable behavior is identified and assessed. While the executive branch has taken some steps to measure quality, it has not (1) established measures to ensure the quality of the entire security clearance process, and (2) collected complete data to fully assess performance. IT security. DOD is building and managing the development of NBIS, which will replace OPM’s legacy IT systems. However, OPM has only made limited progress to remediate all identified weaknesses in its IT systems to ensure that key security controls are in place and operating as intended. Contact Information For additional information about this high-risk area, contact Brian M. Mazanec, (202) 512-5130, or mazanecb@gao.gov. |
Since our 2019 High-Risk Report, the rating for the action plan criterion improved from not met to partially met. Our assessment of the other four criteria remains unchanged.
Leadership commitment: met. The Security Clearance, Suitability, and Credentialing Performance Accountability Council (PAC) continues to serve as the entity responsible for driving government-wide implementation of security clearance reform, among other efforts.
The PAC is chaired by the Deputy Director for Management of the Office of Management and Budget (OMB) and is comprised of three other principal members—the Director of National Intelligence (DNI), the Under Secretary of Defense for Intelligence and Security, and the Director of the Office of Personnel Management (OPM) (hereafter PAC Principals).
The PAC continues to make progress in leading agencies to complete long-standing key reform initiatives. Continued and coordinated leadership by the PAC will be important as it works to complete these initiatives, including the government-wide implementation of continuous vetting—a process to review the background of relevant personnel at any time to determine if they continue to meet applicable requirements—and performance measures to gauge the quality of the entire security clearance process.
In addition, the Office of the Director of National Intelligence (ODNI) and OPM have issued various guidance documents, including an executive correspondence in February 2020, that include measures designed to help further eliminate the backlog of background investigations. The administration completed the transfer of the government-wide background investigation mission from OPM to DOD by October 2020. The Defense Counterintelligence and Security Agency (DCSA), which was created as a result of the transfer of the background investigations mission from OPM to the Department of Defense (DOD), serves as the government’s primary investigative service provider and conducts more than 95 percent of the government’s background investigations. DCSA reported that the backlog of investigations declined from approximately 725,000 cases in April 2018 to about 220,000 cases in October 2020.
Senior DOD leadership has also set long-term goals for the development of the National Background Investigations Services (NBIS)—an information technology (IT) system that will be a key component for implementing reforms to the clearance process—and has worked with OPM on the transfer to DOD of the legacy IT systems that support the background investigations process. DCSA assumed operational control of OPM’s legacy IT systems on October 1, 2020, and will maintain those systems until they are replaced by NBIS.
Capacity: partially met. As in 2019, the PAC continues to partially meet the capacity criterion as it transitions the background investigations function from OPM to DOD. OPM and DOD facilitated the transfer of more than 99 percent of National Background Investigations Bureau (NBIB) employees, totaling around 3,000 individuals, to DCSA by September 30, 2019. DCSA officials stated that they transferred 33 remaining OPM personnel around October 1, 2020, and are transferring $266 million in contracts, including those related to OPM’s legacy IT systems.
In our 2019 High-Risk Report, we stated that OMB, ODNI, and DOD should coordinate with responsible executive branch agencies to identify the resources needed to effectively implement reform initiatives within established time frames. In 2020, DCSA began to identify the resources agencies needed to implement Trusted Workforce 2.0, an effort designed to reform and align the three current personnel vetting processes: personnel security clearances, suitability for government employment or fitness to work on behalf of the government, and personnel credentialing.
However, DCSA officials stated that they have not yet developed a strategic workforce plan that identifies the workforce needed to meet the current and future demand for its services. DCSA officials told us that they plan to begin working on a strategic workforce plan once they have more fully established their new agency.
In addition, ODNI should assess the potential effects of continuous vetting on agency resources and develop a plan to address those effects.
Action plan: partially met. The PAC now partially meets the action plan criterion as ODNI, DOD, and OPM have adopted some action plans to reduce the backlog of investigations and to transfer the legacy IT systems that support the background investigation process. Specifically, an NBIB Backlog Mitigation plan issued in December 2018 outlined various mitigation measures to reduce the investigative backlog.
However, PAC officials stated that they have not completed plans to meet clearance processing timeliness objectives or finalized new performance management goals for Trusted Workforce 2.0. Completing the plans and finalizing the goals would help position the PAC in addressing the revised timeliness objectives included in the National Defense Authorization Act (NDAA) for Fiscal Year 2020.
The PAC Principals have issued some guidance to advance personnel vetting reform efforts under Trusted Workforce 2.0. For example, the DNI issued guidance related to continuous evaluation in 2018 and 2019. The DNI and Director of OPM—the Security Executive Agent and the Suitability and Credentialing Executive Agent, respectively—also issued additional implementation guidance in 2020 for continuous vetting—a process similar to continuous evaluation that includes additional data sources to review an individual’s background.
In addition, in January 2021 ODNI and OPM published the Core Vetting Doctrine in the Federal Register for public comment. The Core Vetting Doctrine describes the main principles of Trusted Workforce 2.0 as the overarching framework for the vetting process for the federal workforce. However, ODNI and OPM have not issued other key guidance documents including revised Federal Investigative Standards and Adjudicative Guidelines.
Monitoring: partially met. The PAC continues to partially meet the monitoring criterion by tracking and reporting publicly on the progress of reforms to the clearance process through www.performance.gov—a website that provides information on the performance of executive branch agencies. In addition, the DNI collected data from agencies to monitor the clearance process, including data on the timeliness of investigations and adjudications, reciprocity, and continuous evaluation. Further, DCSA developed a detailed project schedule to monitor the development of NBIS.
ODNI also developed a performance measure to assess investigation quality and collect data using the Quality Assessment Reporting Tool to assess the extent that agencies meet this measure. However, ODNI is not collecting information from all agencies on this measure. Additionally, ODNI officials told us that ODNI does not have measures to assess the quality of the end-to-end process including the adjudication phase. ODNI officials told us that they are modernizing, centralizing, and automating the collection of data from agencies for the clearance process. Officials told us that the automated capabilities will enable them to collect, analyze, and report on the end-to-end personnel vetting process.
Further, additional actions are needed to monitor the performance of the government-wide personnel security clearance process. For example, several statutes require the DNI, in coordination with the other PAC Principals, to annually report on aspects of the clearance process, including certain matters related to the timeliness of clearances.
In its fiscal year 2019 annual report to congressional committees, ODNI reported clearance timeliness information for intelligence community agencies in a section of the report focused on the intelligence community. However, ODNI had collected timeliness information from additional agencies but excluded that information from the report. According to ODNI, this was due to some delays in reporting by a limited number of agencies in light of the government shutdown that fiscal year. Providing more complete timeliness information in annual reports to congressional committees will facilitate improved monitoring and oversight of the clearance process.
Demonstrated progress: partially met. The PAC continues to partially meet the demonstrated progress criterion by reducing the backlog of background investigations, as we discussed earlier. ODNI officials attributed the progress to reducing the backlog, in part, to two executive memorandums issued jointly by ODNI and OPM in June 2018 and February 2020.
These memorandums contain measures designed to reduce the investigation backlog, such as authorizing agencies to defer periodic reinvestigations or apply interim continuous vetting requirements to satisfy periodic reinvestigation requirements.
In addition, DOD has made progress developing NBIS as a secure, shared service for background investigations. DOD created a detailed schedule to manage the development of NBIS and is continuing to refine the schedule over time. DOD officials explained that they developed this schedule using an approach that allows them the flexibility to adapt to unforeseen obstacles when developing NBIS.
Further, the PAC has made mixed progress on the timeliness of completing background investigations and adjudications across government agencies. For example, the average time for executive branch agencies to complete the fastest 90 percent of investigations for initial secret clearances improved from 162 days in fiscal year 2018 to 58 days in fiscal year 2020. However, the PAC has not made progress to increase the number of executive branch agencies that met the timeliness objectives. Specifically, the percent of the 37 agencies providing data that met the timeliness objectives in fiscal year 2020 remained constant or increased for three objectives compared to fiscal year 2018, but decreased for the remaining three objectives. In addition, less than half of executive branch agencies providing data met the timeliness objectives for every measure in fiscal year 2020 except the objective for reinvestigations, as shown in table 7 below.
Source: GAO analysis of Office of the Director of National Intelligence data. | GAO-21-119SP
aFiscal year 2020 data include statistics only for the first three quarters of fiscal year 2020. The COVID-19 pandemic affected executive branch agencies’ operations and resulted in reporting delays, according to ODNI officials.
In addition, PAC officials told us that they began an evidence-based review by evaluating data on the time it has taken agencies to complete the clearance process, as we recommended in December 2017. Such a review could result in adjustments to the objectives. However, the PAC has not completed that effort.
Finally, officials stated that DOD and OPM have not completed efforts to secure OPM’s legacy IT systems used for the personnel security clearance process, including implementing further security improvements to OPM’s IT environment to ensure that key security controls are in place and operating as intended.
What Remains to Be Done
We have made numerous recommendations to PAC members to address risks associated with the personnel security clearance process since 2011, including 14 that are currently open. In addition, in March 2018, we outlined necessary actions and outcomes—anchored in each of our five criteria for removal from the High-Risk List—and our prior recommendations that have to be addressed for this area to be removed from our High-Risk List. These actions and outcomes are outlined below and are directed to OMB, ODNI, DOD, and OPM, unless a lead agency is indicated.
To make progress on meeting capacity, these agencies should
- coordinate with responsible executive branch agencies to complete the effort to identify the resources needed to effectively implement personnel security clearance reform effort initiatives within established time frames (OMB, ODNI, DOD);
- develop and implement a comprehensive strategic workforce plan that identifies the workforce needed to meet the current and future demand for its services (DOD); and
- assess the potential effects of continuous evaluation on agency resources and develop a plan to address those effects, such as modifying the scope of periodic reinvestigations, changing the frequency of periodic reinvestigations, or replacing periodic reinvestigations for certain clearance holders (ODNI).
To make progress on an action plan, these agencies should
- complete plans to meet clearance processing timeliness objectives and finalize new performance management goals for Trusted Workforce 2.0; and
- issue key guidance documents for Trusted Workforce 2.0.
To make progress on monitoring, these agencies should
- develop and report to Congress annually on government-wide, results-oriented performance measures for the quality of the entire security clearance process (ODNI);
- develop performance measures for continuous evaluation that agencies must track and regularly report to ODNI;
- develop performance measures for reciprocity determinations to monitor the extent of government-wide reciprocity and report on those metrics to Congress (ODNI); and
- develop government-wide performance measures on the quality of the entire security clearance process and collect complete data to assess performance for the measures developed (OMB, ODNI).
To improve on demonstrating progress, these agencies should
- complete an evidence-based review of the investigation and adjudication timeliness objectives for completing the fastest 90 percent of initial secret and initial top secret security clearances as well as periodic reinvestigations, and adjust the objectives if appropriate; and
- improve and secure personnel security clearance IT systems, including implementing further security improvements to its IT environment, including contractor-operated systems, to ensure that key security controls are in place and operating as intended (DOD, OPM).
Congressional Actions Needed
The annual assessments of timeliness and quarterly briefings required by the NDAA for Fiscal Year 2018 have served as mechanisms for Congress and the executive branch to monitor timeliness, costs, and continuous evaluation, among other things. Additional reporting requirements in the NDAA for Fiscal Year 2020 serve as another mechanism for Congress and the executive branch to monitor adjudication timeliness, continuous evaluation enrollment, and other related topics.
However, the reporting requirements from the NDAA for Fiscal Year 2018—including the annual timeliness assessments—expire at the end of 2021. Similar to what we stated in our December 2017 report, if Congress has found the information provided in response to these requirements to be beneficial, it may consider extending or renewing the requirements and expanding the scope of those reporting requirements to include information about performance measures on reciprocity determinations and quality in the clearance process.
Related GAO Products
Information Security: OPM Has Implemented Many of GAO’s 80 Recommendations, but Over One-Third Remain Open. GAO‑19‑143R. Washington, D.C.: November 13, 2018.
Personnel Security Clearances: Additional Actions Needed to Implement Key Reforms and Improve Timely Processing of Investigations. GAO‑18‑431T. Washington, D.C.: March 7, 2018.
Personnel Security Clearances: Additional Actions Needed to Ensure Quality, Address Timeliness, and Reduce Investigation Backlog. GAO‑18‑29. Washington, D.C.: December 12, 2017.
Personnel Security Clearances: Plans Needed to Fully Implement and Oversee Continuous Evaluation of Clearance Holders. GAO‑18‑117. Washington, D.C.: November 21, 2017.
Information Security: OPM Has Improved Controls, but Further Efforts Are Needed . GAO‑17‑614. Washington, D.C: August 3, 2017.
Ensuring the Cybersecurity of the Nation
Bookmark:Federal agencies and other entities need to take urgent actions to implement a comprehensive cybersecurity strategy, perform effective oversight, secure federal systems, and protect cyber critical infrastructure, privacy, and sensitive data.
| Why Area Is High Risk Federal agencies and our nation’s critical infrastructures—such as energy, transportation systems, communications, and financial services—are dependent on IT systems and electronic data to carry out operations and to process, maintain, and report essential information. The security of these systems and data is vital to public confidence and national security, prosperity, and well-being. Because many of these systems contain vast amounts of personally identifiable information (PII) and other sensitive information, agencies must protect the confidentiality, integrity, and availability of this information. In addition, they must effectively respond to data breaches and security incidents when they occur. The risks to IT systems supporting the federal government and the nation’s critical infrastructure are increasing, including insider threats from witting or unwitting employees, escalating and emerging threats from around the globe, and the emergence of new and more destructive attacks. We have designated information security as a government-wide high-risk area since 1997. We expanded this high-risk area in 2003 to include protection of critical cyber infrastructure and, in 2015, to include protecting the privacy of PII. Contact Information For additional information about this high-risk area, contact Nick Marinos at (202) 512-9342 or marinosn@gao.gov, Jennifer Franks at (404) 679-1831 or franksj@gao.gov, or Vijay D'Souza at (202) 512-6240 or dsouzav@gao.gov. |
Since our previous 2019 High-Risk Report, ratings for one criterion—leadership commitment—declined from met to partially met. The other four criteria remain unchanged.
Leadership commitment: partially met. The White House’s September 2018 National Cyber Strategy and the National Security Council’s (NSC) accompanying June 2019 Implementation Plan detailed the executive branch’s approach to managing the nation’s cybersecurity. In addition, in September 2020, we reported that the White House identified the NSC as the organization responsible for coordinating the implementation of the National Cyber Strategy.
In light of the elimination of the White House Cybersecurity Coordinator position in May 2018, it had remained unclear what official within the executive branch is to ultimately be responsible for coordinating the execution of the Implementation Plan and holding federal agencies accountable for the plan’s nearly 200 activities moving forward. In January 2021, Congress enacted a statute that established the Office of the National Cyber Director within the Executive Office of the President.
The office is to be headed by a Senate-confirmed National Cyber Director and is to, among other things, coordinate cybersecurity policy and operations across the executive branch. Once this position is filled, the White House can (1) ensure that entities are effectively executing their assigned activities intended to support the nation’s cybersecurity strategy, and (2) coordinate the government’s efforts to overcome the nation’s cyber-related threats and challenges.
It is also important for the United States to have sufficient leadership in building consensus among international organizations regarding internet standards and cultivating norms for acceptable state behavior in cyberspace. In June 2019, the Department of State (State) notified Congress of its intent to establish a new Bureau of Cyberspace Security and Emerging Technologies (CSET) that would focus on cyberspace security and the security aspects of emerging technologies.
However, we reported in September 2020 that officials from six agencies that work with State on cyber diplomacy issues stated that (1) they were unaware of State’s plan to develop CSET, and (2) being informed of State’s plan for CSET could be helpful for maintaining their communications with State. We recommended in September 2020 that State involve federal agencies that contribute to cyber diplomacy to obtain their views and identify any risks, as it implements its plan to establish CSET.
We also reported in July 2020 that the United States does not have a comprehensive internet privacy law governing the collection, use, and sale of personal information by private-sector companies. In addition, no federal law expressly regulates the commercial use of facial recognition technology, including the identifying and tracking of individuals.
Further, in most contexts, federal law does not address how personal data derived from facial recognition technology may be used or shared. As we previously reported, the Federal Trade Commission lacks explicit and comprehensive authority related to privacy issues and the Federal Communications Commission has had a limited role in overseeing internet privacy.
Capacity: partially met. In July 2019, we reported that the Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) had several initiatives under way to assist agencies in meeting challenges related to hiring and retaining cybersecurity risk management personnel. For example, one such initiative included a program offering current federal employees who do not work in the information technology (IT) field the opportunity for hands-on training in cybersecurity for 3 months to help them build foundational skills in cyber defense analysis.
However, federal agencies have not fully assessed and addressed future agency cybersecurity workforce needs. In particular, we reported in March 2019 that the 24 Chief Financial Officers (CFO) Act agencies had likely miscategorized the work roles of many IT and cybersecurity positions. For example, at least 22 of the 24 agencies designated positions as not performing IT, cybersecurity, or cyber-related functions, when they did most likely perform these functions.
In addition, in October 2019, we reported that none of the 24 CFO Act agencies that we reviewed had fully implemented best practices for IT/cybersecurity workforce planning activities. Agencies’ limited implementation of these activities has been due, in part, to not making IT/cybersecurity workforce planning a priority, although laws and guidance have called for them to do so for more than 20 years. Until this occurs, agencies will likely not have the staff with the necessary knowledge, skills, and abilities to address cybersecurity risks and challenges.
In addition, federal and nonfederal critical infrastructure entities continue to face challenges in ensuring that their cybersecurity workforce has the appropriate skills. For example, according to an assessment from the Department of Energy (DOE), the electricity subsector continues to face challenges in recruiting and maintaining experts with strong knowledge of cybersecurity practices, as well as knowledge of industrial control systems supporting the electric grid.
Further, we reported in October 2020 that the Federal Aviation Administration does not currently have a staff training program specific to avionics cybersecurity and none of the agency’s certification staff are required to take cybersecurity training tailored to their oversight roles. Until these challenges are resolved, federal and nonfederal critical infrastructure entities may not have the expertise necessary to address the increasing cybersecurity risks to their systems.
Action plan: partially met. As previously mentioned, the National Cyber Strategy and associated implementation plan outline the executive branch’s approach to cybersecurity that federal agencies are to undertake. However, in September 2020, we reported that the strategy and implementation plan address some, but not all, of the desirable characteristics of national strategies.
For example, although the implementation plan detailed 191 activities that federal entities are to undertake, the plan did not include goals and timelines for 46 of the activities, identify the resources needed to execute 160 activities, or specify a process for monitoring agency progress.
Without a consistent approach to engaging with responsible entities and a comprehensive understanding of what is needed to implement all 191 activities, the executive branch will face challenges in ensuring that the National Cyber Strategy is efficiently executed.
In addition, although sector-specific agencies have developed subordinate strategies for addressing cybersecurity risks and challenges to critical infrastructure, these strategies did not always address the characteristics needed for such strategies. For example, in August 2019, we found that the nation’s electrical grid was becoming more vulnerable to cyberattacks—particularly those involving industrial control systems that support grid operations.
Although DOE had developed plans and an assessment to implement a federal strategy for addressing grid cybersecurity risks, these documents did not fully address all of the characteristics needed for a national strategy, such as conducting a risk assessment that had significant methodological limitations and did not fully analyze grid cybersecurity risks.
Further, although federal agencies have taken steps to develop plans for managing their cybersecurity risks, agencies have not consistently implemented those plans. For example, we reported in July 2019 that only 15 of 23 civilian CFO Act agencies had policies that called for the prioritization of plans of action and milestones (POA&M)—that is, plans that identify the corrective actions needed to remediate cybersecurity deficiencies.
In addition, we reported that 13 of 16 selected agencies had deficiencies in their processes for managing POA&Ms, such as inadequately documenting or tracking their status. As another example, in April 2020, we reported that the Department of Defense (DOD) had not fully implemented three of its key initiatives aimed at managing the department’s most common and pervasive risks. Without consistent implementation of plans for addressing cybersecurity risks, agencies may not be taking the foundational steps needed to ensure that sensitive data is not lost or agency systems are not compromised.
Monitoring: partially met. Although DHS, the General Services Administration (GSA), and OMB have established various programs aimed at helping agencies monitor and address cybersecurity risks, agencies have been challenged in implementing them, for example, in the following areas:
- Continuous diagnostics and mitigation (CDM). DHS established the CDM program to allow federal agencies to automate network monitoring, correlate and analyze security-related information, and enhance risk-based decision-making at both the individual agency and federal levels. We reported in August 2020 that, while the three selected agencies reported that the program improved their network awareness, none of the three agencies had effectively implemented all key CDM program requirements.
- Federal Risk and Authorization Management Program (FedRAMP). Established by OMB and managed by GSA, the FedRAMP program is intended to provide a standardized approach to securing systems, assessing security controls, and continuously monitoring cloud services used by federal agencies. However, we reported in December 2019 that, while OMB required agencies to use FedRAMP to authorize the use of cloud services, it did not monitor or ensure that agencies were doing so. We also reported that FedRAMP participants identified a number of challenges, such as a lack of agency resources required to authorize a cloud service or those needed by the provider to implement the program’s requirements. While GSA had taken steps aimed at addressing these challenges, its guidance on FedRAMP’s requirements and participant’s responsibilities were not always clear and the program’s process for monitoring the status of security controls over cloud services was limited.
- DHS binding operational directives. DHS has established a five-step process for developing and overseeing the implementation of binding operational directives (i.e., mandatory requirements for certain civilian executive branch departments and agencies to safeguard federal information and information systems). The process includes validating agencies’ actions on the directives. We reported in February 2020 that, although DHS had carried out its validation process for selected directives, it had not done so for others. DHS was not well positioned to validate all directives because it lacked a strategy and risk-based approach to check selected agency-reported actions to validate their completion.
In addition, we reported in July 2019 that, with certain exceptions, OMB was generally implementing its government-wide Federal Information Security Modernization Act requirements, including issuing guidance and implementing programs that are intended to improve agencies' information security. However, we noted that OMB had reduced the number of CyberStat meetings (i.e., meetings held in coordination with DHS to engage agency leadership to ensure that agencies are taking the appropriate actions to strengthen their cybersecurity posture).
Specifically, it held 24 meetings in fiscal year 2016 and only three meetings in fiscal year 2018—thereby restricting key activities for overseeing agencies' implementation of information security. Additionally, in May 2019, we reported that OMB had not issued guidance requiring agencies to report on their progress in implementing National Institute of Standards and Technology’s identity proofing guidance (i.e., processes for verifying that individuals who apply online for benefits and services are who they say they are).
Further, sector-specific agencies—agencies that assist in protecting critical infrastructure owners and operators, including enhancing cybersecurity—continue to face challenges in measuring progress that critical infrastructure entities are making toward addressing cybersecurity risks. For example:
- We reported in February 2020 that most of the sector-specific agencies had not developed methods to determine their level and type of cybersecurity framework adoption, as we previously recommended. Specifically, only two of the nine sector-specific agencies—DOD in collaboration with the defense industrial base sector and GSA in conjunction with DHS’s Federal Protective Service—had methods to determine the level and type of framework adoption across their respective sectors.
- We reported in September 2020 that the Department of the Treasury (Treasury)—the designated lead agency for the financial sector—had not fully implemented our previous recommendation to establish metrics related to the value and results of the sector’s cyber risk mitigation efforts. Specifically, the department’s 2016 sector-specific plan, which was to direct the sector’s activities, did not identify ways to measure sector progress and was out of date. Treasury also did not track the content or progress of ongoing cyber risk mitigation efforts within the sector to minimize duplication or ensure results.
Demonstrated progress: partially met. Since 2010, we have made more than 3,300 recommendations to agencies aimed at addressing cybersecurity challenges facing the government— over 500 of which were made since the last high-risk update in March 2019. While agencies have implemented a majority of our recommendations, many face challenges in safeguarding their information systems and information, in part, because many of these recommendations have not been fully implemented.
Specifically, of the roughly 3,300 recommendations made since 2010, more than 750 had not been fully implemented as of December 2020. We have also designated 103 as priority recommendations, meaning that we believe these recommendations warrant priority attention from heads of key departments and agencies. As of December 2020, 67 of our priority recommendations had not been fully implemented.
What Remains to Be Done
Based on our prior work, we have identified four major cybersecurity challenges:
- establishing and implementing a comprehensive cybersecurity strategy and performing effective oversight,
- securing federal systems and information,
- protecting cyber critical infrastructure, and
- protecting privacy and sensitive data.
To address these challenges, we have identified 10 critical actions that the federal government and other entities need to take (see figure 9).
Recent events highlight the urgent need to address the 10 critical actions. In December 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive and alert explaining that an advanced persistent threat actor had been observed leveraging, among other techniques, a software supply chain compromise of an enterprise network management software suite to conduct a cyberattack campaign against U.S. government agencies, critical infrastructure entities, and private sector organizations.
According to CISA, this threat poses a grave risk to the federal, state, local, tribal, and territorial governments, as well as critical infrastructure entities and other private sector organizations. Subsequently, in December 2020, the Federal Bureau of Investigation, CISA, and the Office of the Director of National Intelligence formed a Cyber Unified Coordination Group to coordinate a whole of government response to the significant and ongoing cyberattack campaign.
Agencies need to urgently address the 10 critical actions to effectively respond to this incident and, thus, better position the nation to prevent, or more quickly detect and mitigate the damage of, future cyberattacks. In particular:
- Develop and execute a more comprehensive federal strategy for national cybersecurity and global cyberspace. As previously mentioned, the position of National Cyber Director needs to be filled to coordinate the execution of a national cyber strategy, including implementing activities necessary to effectively respond to significant cybersecurity incidents.
- Mitigate global supply chain risks. We reported in December 2020 that none of the 23 civilian CFO Act agencies had fully implemented seven selected foundational practices for managing information and communications technology supply chain risks. Those agencies need to address the 145 recommendations that we made to address those weaknesses.
- Enhance the federal response to cyber incidents. In July 2019, we reported that most of 16 selected federal agencies had deficiencies in at least one of the activities associated with incident response processes. We and the inspectors general have made thousands of recommendations aimed at improving information security programs and practices—including those relating to incident response processes over the years; however, many of these recommendations remain unimplemented.
We have ongoing work reviewing the federal response to the above-mentioned significant cyberattack campaign.
Congressional Actions Needed
We previously suggested in May 2008 that Congress consider amending laws, such as the Privacy Act of 1974 and the E-Government Act of 2002, because they may not consistently protect personally identifiable information (PII) (i.e., any information that can be used to distinguish an individual's identity).
Specifically, we found that while these laws and guidance set minimum requirements for agencies, they may not consistently protect PII in all circumstances of its collection and use throughout the federal government, and may not fully adhere to key privacy principles. However, our suggested revisions to the Privacy Act of 1974 and the E-Government Act of 2002 had not been enacted as of December 2020.
We also suggested in September 2013 that Congress consider strengthening the consumer privacy framework and review issues such as the adequacy of consumers’ ability to access, correct, and control their personal information, and privacy controls related to new technologies such as web tracking and mobile devices. However, these suggested changes had not been enacted as of December 2020.
Related GAO Products
Information Technology: Federal Agencies Need to Take Urgent Action to Manage Supply Chain Risks. GAO‑21‑171. Washington, D.C.: December 15, 2020.
Aviation Cybersecurity: FAA Should Fully Implement Key Practices to Strengthen Its Oversight of Avionics Risks. GAO‑21‑86. Washington, D.C.: October 9, 2020.
National Security: Additional Actions Needed to Ensure Effectiveness of 5G Strategy. GAO‑21‑155R. Washington, D.C.: October 7, 2020.
Cybersecurity: Clarity of Leadership Urgently Needed to Fully Implement the National Strategy. GAO‑20‑629. Washington, D.C.: September 22, 2020.
Cyber Diplomacy: State Has Not Involved Relevant Federal Agencies in the Development of Its Plan to Establish the Cyberspace Security and Emerging Technologies Bureau. GAO‑20‑607R. Washington, D.C.: September 22, 2020.
Critical Infrastructure Protection: Treasury Needs to Improve Tracking of Financial Sector Cybersecurity Risk Mitigation Efforts. GAO‑20‑631. Washington, D.C.: September 17, 2020.
Cybersecurity: DHS and Selected Agencies Need to Address Shortcomings in Implementation of Network Monitoring Program. GAO‑20‑598. Washington, D.C.: August 18, 2020.
Cybersecurity: DOD Needs to Take Decisive Actions to Improve Cyber Hygiene. GAO‑20‑241. Washington, D.C.: April 13, 2020.
Critical Infrastructure Protection: Additional Actions Needed to Identify Framework Adoption and Resulting Improvements. GAO‑20‑299. Washington, D.C.: February 25, 2020.
Cloud Computing Security: Agencies Increased Their Use of the Federal Authorization Program, but Improved Oversight and Implementation Are Needed . GAO‑20‑126. Washington, D.C.: December 12, 2019.
Critical Infrastructure: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid. GAO‑19‑332. Washington, D.C.: August 26, 2019.
Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges. GAO‑19‑384. Washington, D.C.: July 25, 2019.
Strengthening Department of Homeland Security Management Functions
Bookmark:The Department of Homeland Security needs to continue implementing its Integrated Strategy for High-Risk Management with a particular focus on building its capacity in the areas of acquisition, information technology, and financial management.
| Why Area Is High Risk In 2003, we designated implementing and transforming DHS as high risk because the department had to transform 22 agencies—several with major management challenges—into one department. Given the significant effort required to build and integrate a department as large and complex as DHS, our initial high-risk designation addressed the department’s implementation and transformation efforts including associated management and programmatic challenges. Failure to effectively address these challenges could have serious consequences for U.S. national and economic security. Since 2003, the focus of this high-risk area has evolved in tandem with DHS’s maturation and evolution. In September 2011, we reported in our assessment of DHS’s progress that the department had implemented key homeland security operations and achieved important goals in many areas but continuing weaknesses in DHS’s management functions had been a key theme impacting the department’s implementation efforts. As a result, in our 2013 high-risk update, we narrowed the scope of the high-risk area to strengthening and integrating DHS management functions (human capital, acquisition, information technology, and financial). Contact Information For additional information about this high-risk area, contact Chris Currie (404) 679-1875 or curriec@gao.gov. |
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.
The Department of Homeland Security (DHS) has continued its efforts to strengthen and integrate its acquisition, information technology (IT), financial, and human capital management functions. It has continued to meet three out of five criteria from the High-Risk List (leadership commitment, action plan, and monitoring) and partially meet the remaining two criteria (capacity and demonstrated progress).
Leadership commitment: met. DHS’s top leaders have continued to demonstrate commitment and support for addressing the department’s management challenges. They have also taken actions to institutionalize this commitment to help ensure the success of the department’s efforts.
For example, the Deputy Under Secretary for Management issued strategic guidance to DHS’s component agencies encouraging investment in areas critical to DHS management functions, including financial system modernization, human resource training, and career development programs.
Capacity: partially met. DHS has made progress in its coding of IT management positions. In March 2019, we found that DHS had not consistently assigned the appropriate National Initiative for Cybersecurity Education (NICE) framework work categories to its IT management positions, as required by law. We recommended that DHS review the coding for certain IT management positions, assign the appropriate NICE framework work categories, and assess the accuracy of position descriptions.
In November 2020, DHS officials stated that they had taken steps to ensure that at least one NICE code was assigned to active IT management positions. In addition, according to a December 2020 report, DHS had assigned an appropriate work role code to 98 percent of approximately 5,000 IT management positions.
In October 2020, our review of the nomination and designation process for appointing the Component Acquisition Executive (CAE) position identified instances where the acceptance criteria—standards to evaluate whether an individual is qualified for the position—were not met as described in DHS acquisition guidance. Until the DHS Office of Program Accountability and Risk Management and DHS components consistently execute the nomination and designation process, DHS’s Chief Acquisition Officer cannot be assured that oversight of acquisition programs is being conducted by individuals qualified for the CAE position.
With regard to financial management capacity, DHS has continued its efforts to identify and allocate resources for financial management, but additional progress is needed. For example, in fiscal year 2020 DHS’s financial statement auditor reported several capacity-related issues— including manual processes and lack of automated functions, resource limitations, and untimely training—as causes for the material weaknesses in the areas of financial reporting and information technology controls and information systems. In response to the auditor’s report, DHS stated that it is focused on improving IT controls and has put in place an aggressive multiyear strategy to modernize its financial systems.
Action plan: met. In January 2011, DHS produced its first semiannual Integrated Strategy for High-Risk Management and has issued 18 updated versions, most recently in September 2020. The September 2020 strategy describes DHS’s progress to date and planned corrective actions to further strengthen its management functions.
For example, the strategy includes a multiyear plan to achieve an unmodified opinion on its internal control over financial reporting and substantial compliance with the Federal Financial Management Improvement Act of 1996 by fiscal year 2024. DHS’s strategy and approach, if effectively implemented and sustained, provides a path for DHS to be removed from our High-Risk List.
Monitoring: met. In the most recent September 2020 Integrated Strategy for High Risk Management, DHS included status updates and future planned actions for each of the outcomes that are not yet fully addressed.
Demonstrated progress: partially met. In 2010, we identified, and DHS agreed, that achieving 30 specific outcomes would be critical to addressing the challenges within the department’s management areas. As of December 2020, DHS has fully addressed 17 of the 30 needed outcomes, mostly addressed five (a small amount of work remains), partially addressed five (significant work remains), and initiated actions to address the remaining three (activities have been initiated, but it is too early to report progress).
Source: GAO analysis of DHS documents, interviews, and prior GAO reports. | GAO-21-119SP
a”Fully addressed”: Outcome is fully addressed.
b”Mostly addressed”: Progress is significant and a small amount of work remains.
c”Partially addressed”: Progress is measurable, but significant work remains.
d”Initiated”: Activities have been initiated to address the outcome, but it is too early to report progress.
Important progress and work remaining in key areas include
- Acquisition management. DHS has taken steps to strengthen requirements development across the department, such as re-establishing the Joint Requirements Council in June 2014. However, DHS continues to face challenges in effectively executing its acquisition portfolio. In May 2018, we found that enhancements to DHS’s acquisition management, resource allocation, and requirements policies largely reflect key portfolio management practices. However, in January 2021, we found that, of the 24 major acquisition programs we assessed with approved schedule and cost baseline goals, 10 failed to meet one of these goals at some point in fiscal year 2020.While some of these instances were because of factors outside of a program’s control, such as the Coronavirus Disease 2019, we also found instances where DHS did not implement sound acquisition practices leading to other programs not meeting their schedules or cost goals. For example, two of the 10 programs failed to meet their cost or schedule goals because of an underestimation of the programs’ complexity or requirements.
- IT management. DHS has continued to sustain and mature its department-wide Enterprise Architecture program over the past 6 years. For example, the DHS Chief Information Officer developed a fiscal year 2020-2023 Enterprise Architecture Strategic Plan to provide strategic direction for delivering IT services and solutions across the department. Further, the department has continued to manage its IT investments across the department by using an IT portfolio management approach. For example, in fiscal year 2020, the Office of the Chief Information Officer (OCIO) produced portfolio data and analysis related to each of the Department’s seven IT portfolios. OCIO officials reported that the Chief Information Officer and other DHS leadership used this information to support IT investment oversight and resource allocation recommendations.This portfolio management approach should enable DHS to identify potentially duplicative investments and opportunities to consolidate investments, as well as reduce component-specific investments.In addition, DHS has made progress in implementing recommendations identified in the fiscal years 2016 to 2018 DHS Office of the Inspector General’s (OIG) reports related to IT security weaknesses. However, much work remains for DHS to enhance its information security program.In September 2020, the OIG reported that the department’s information security program was ineffective for fiscal year 2019. Specifically, the OIG identified that DHS did not have an effective strategy or department-wide approach to manage risks for all of its systems, nor did it apply security patches and updates timely to mitigate critical and high-risk security vulnerabilities on selected components’ systems, among others.Additionally, in fiscal year 2020, the department’s financial statement auditor identified that DHS had ineffective design and implementation of controls to remediate IT findings, including insufficient corrective action to address deficiencies that have existed for several years in multiple information systems. Further, for the 17th consecutive year, the auditor designated deficiencies in IT systems controls as a material weakness for financial reporting purposes.As a result, since our 2019 report, DHS has moved from a mostly addressed to a partially addressed rating for one IT management area outcome on IT security. OCIO officials informed us that they are taking steps to address this outcome, such as conducting an independent verification and validation of plans of actions and milestones and performing configuration audit checks for selected operating systems.The December 2020 compromise of an enterprise network management software suite to conduct a cyberattack campaign against U.S. government agencies, including DHS, highlights the urgent need to address these vulnerabilities. In a notification to Congress on December 19, 2020, DHS stated that the DHS OCIO is examining this incident and putting mitigation measures into place. Until DHS adequately mitigates these vulnerabilities, the data maintained on its systems will remain at increased risk of unauthorized modification and disclosure, and systems will remain at risk of disruption.
- Financial management. DHS received an unmodified audit opinion on its financial statements for 8 consecutive years—fiscal years 2013 to 2020. However, similar to its fiscal year 2019 financial statement audit, DHS’s auditor again reported two material weaknesses in the areas of (1) financial reporting, and (2) IT controls and information systems, as well as instances of noncompliance with laws and regulations. According to the auditor, these two material weaknesses led to an adverse opinion on internal controls over financial reporting. These deficiencies hamper DHS’s ability to provide reasonable assurance that its financial reporting is reliable and the department is in compliance with applicable laws and regulations. For DHS to obtain and sustain an unmodified audit opinion on its internal controls over financial reporting, and to achieve substantial compliance with the Federal Financial Management Improvement Act of 1996, DHS needs to continue to strengthen its financial management controls and ensure that key controls are in place to address the auditor’s findings related to the two material weaknesses.In addition, much work remains to modernize components' financial management systems and business processes. Specifically, DHS needs to effectively implement its long-term financial systems modernization efforts at the U.S. Coast Guard, the Federal Emergency Management Agency, and U.S. Immigration and Customs Enforcement. DHS also needs to ensure that key controls are in place to address the auditor’s findings.
- Human capital management. Since our 2019 High-Risk Report, DHS has taken steps to move from a partially to mostly addressed rating on one outcome in the human capital management area. DHS made continued improvements in employee engagement as measured by the Office of Personnel Management’s Federal Employee Viewpoint Survey (FEVS). Starting in 2015, DHS reversed a 5-year downward trend in its scores on the FEVS Employee Engagement Index (EEI). After 4 consecutive years of improvements and a 2019 EEI of 62, DHS surpassed its 2010 benchmark.However, DHS has additional work ahead to improve its employee engagement as its 2019 Employee Engagement Index remained 6 percentage points below the government-wide average and ranked 20th among 20 large and very large federal agencies. Specifically, as we recommended in January 2021, DHS should monitor component employee engagement action planning efforts to ensure the components use performance outcomes to assess the results of their actions and to adjust, reprioritize, and identify new actions to improve employee engagement. DHS agreed with our recommendations and expects to develop written guidance for the component employee engagement action planning process in 2021.
- Management integration. Since 2019, DHS has communicated management priorities through the department planning, programming, budgeting, and execution process. Specifically, in fiscal year 2019, the Deputy Under Secretary for Management issued strategic guidance to components encouraging investment in areas critical to DHS management functions. To achieve this outcome, DHS must continue to demonstrate sustainable progress integrating its management functions within and across the department, as well as fully address the other 13 outcomes it has not yet fully achieved. Outcomes not yet fully achieved include, among others, obtaining an unmodified opinion on independent audits of internal controls and consistently implementing sound acquisition practices.
What Remains to Be Done
Over the years, we have made hundreds of recommendations related to DHS management functions and many have been implemented. However, as of December 2020, there are at least 29 recommendations related to DHS management functions that DHS has not yet implemented.
Continued progress for this high-risk area depends primarily on fully addressing the 13 remaining outcomes. In the coming years, DHS needs to continue its efforts to implement its action plan, the Integrated Strategy for High-Risk Management, to show measurable, sustainable progress in employing corrective actions and achieving outcomes. In doing so, it remains important for DHS to
- maintain its current level of top leadership support and commitment to ensure continued progress in executing its corrective actions through completion;
- continue to identify the people and resources necessary to make progress towards achieving outcomes, work to mitigate shortfalls and prioritize initiatives as needed, and communicate to senior leadership critical resource gaps;
- continue efforts to ensure that key controls are in place to address the auditor’s findings related to the two material weaknesses identified by its financial statement auditor, and continue the financial system modernization efforts underway;
- continue to implement its plan for addressing this high-risk area and periodically provide assessments of its progress to us and Congress;
- closely track and independently validate the effectiveness and sustainability of its corrective actions, and make midcourse adjustments as needed; and
- make continued progress in achieving the 13 outcomes it has not fully addressed and demonstrate that systems, personnel, and policies are in place to ensure that progress can be sustained over time.
Related GAO Products
DHS Annual Assessment: Most Acquisition Programs Are Meeting Goals but Data Provided to Congress Lacks Context Needed for Effective Oversight. GAO‑21‑175. Washington, D.C.: January 19, 2021.
DHS Employee Morale: Some Improvements Made, but Additional Actions Needed to Strengthen Employee Engagement. GAO‑21‑204. Washington, D.C.: January 12, 2021.
Homeland Security Acquisitions: DHS Has Opportunities to Improve Component Acquisition Oversight. GAO‑21‑77. Washington, D.C.: October 20, 2020.
Homeland Security Acquisitions: Outcomes Have Improved but Actions Needed to Enhance Oversight of Schedule Goals. GAO‑20‑170SP. Washington, D.C.: December 19, 2019.
Department of Homeland Security: Continued Leadership Is Critical to Addressing a Range of Management Challenges. GAO‑19‑544T. Washington, D.C.: May 1, 2019.
Cybersecurity Workforce: Agencies Need to Accurately Categorize Positions to Effectively Identify Critical Staffing Needs. GAO‑19‑144. Washington, D.C.: March 12, 2019.
DHS Acquisitions: Additional Practices Could Help Components Better Develop Operational Requirements. GAO‑18‑550. Washington, D.C.: August 8, 2018.
Homeland Security Acquisitions: Leveraging Programs’ Results Could Further DHS’s Progress to Improve Portfolio Management. GAO‑18‑339SP. Washington, D.C.: May 17, 2018.
Cybersecurity Workforce: Urgent Need for DHS to Take Actions to Identify Its Position and Critical Skill Requirements. GAO‑18‑175. Washington, D.C.: February 6, 2018.
Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests
Bookmark:Agencies have made some progress towards ensuring the effective protection of technologies, but several areas remain unaddressed, including improved interagency coordination.
| Why Area Is High Risk DOD spends billions of dollars each year to develop and acquire technologies that provide an advantage for the warfighter. Many of these technologies are also sold or transferred to promote U.S. economic, foreign policy, and national security interests. Foreign entities can also acquire these technologies through investment in the U.S. companies that develop or manufacture them. In addition, they are targets for unauthorized transfer, such as theft, espionage, reverse engineering, and illegal export. The U.S. government has a number of programs and activities to identify and protect technologies critical to U.S. interests. These include export controls—those developed to regulate exports that are transferred to foreign parties consistent with U.S. interests—as well as other activities, including anti-tamper policies, the National Industrial Security Program, and the Committee on Foreign Investment in the United States. These programs and activities are administered by multiple federal agencies, including DOD—the only agency with a role in each of those we identified—and the Departments of Commerce, Homeland Security, Justice, State, and the Treasury. We first designated this area high risk in 2007 and continue to do so given the fragmented nature of these initiatives and lack of communication across the federal agencies involved. Contact Information For additional information about this high-risk area, contact William Russell at (202) 512-4841 or russellw@gao.gov. |
Since our 2019 High-Risk Report, overall ratings for the five criteria remain unchanged, but we restructured our assessment of this area from two segments to one to better align with current federal efforts.
Specifically, we incorporated actions taken to implement export control reforms—previously its own segment—into the discussion of other federal agencies’ protection efforts. We also focused primarily on the Department of Defense’s (DOD) efforts to identify critical acquisition programs and technologies and how this information is shared with other federal agencies to inform their protection efforts.
Leadership commitment: partially met. In October 2018, the Secretary of Defense formed the Protecting Critical Technology Task Force (task force) to, in part, improve DOD’s process for developing and annually updating a list of acquisition programs, technologies, manufacturing capabilities, and research areas that are critical for maintaining a national security technological advantage of the United States over foreign countries of special concern.
Task force officials stated that the list, which DOD is required to establish and maintain in response to the John S. McCain National Defense Authorization Act for Fiscal Year 2019, will help inform government protection programs.
The task force reports directly to the Deputy Secretary of Defense and Vice Chairman of the Joint Chiefs of Staff. As of December 2020, though, DOD had not designated an organization that will assume responsibility for developing the list and overseeing protection efforts once the task force disbands in 2021. In January 2021, we recommended that DOD designate an organization to take over this responsibility to ensure that DOD’s current efforts to protect critical technologies do not stall. DOD partially concurred with this recommendation noting that it has not decided on an oversight mechanism, but recognizes the need for department-wide collaborative efforts to protect critical technologies.
In October 2020, the White House released its National Strategy for Critical and Emerging Technologies, which outlines the administration’s approach to protecting critical technologies as well as promoting investment and innovation. The strategy, which was developed by the National Security Council, encourages unity of effort across federal agencies and identifies 20 technology areas as critical and emerging, including artificial intelligence, biotechnologies, and space technologies.
The strategy further outlines the types of activities the U.S., with its allies and partners, should consider to maintain world leadership in these areas. According to DOD officials, DOD organizations—including the task force—and other federal agencies are expected to coordinate on how they will implement the strategy.
The Foreign Investment Risk Review Modernization Act of 2018 strengthened and modernized the activities of the Committee on Foreign Investment in the U.S., in part, by expanding the scope of covered transactions, increasing the time allowed to review a transaction, and granting special hiring authorities.
Capacity: partially met. DOD is assigning mandatory protection measures to the critical acquisition programs and technologies identified through the task force’s revised process.
However, DOD officials stated that the cost of implementing the protection measures has not been determined and will have to be balanced against competing funding demands. This determination could affect DOD’s ability to fully implement these protection measures as intended. We plan to monitor DOD’s efforts to implement protection measures.
Additionally, in 2018 we recommended that the Department of the Treasury (Treasury) coordinate with member agencies to better understand the workforce necessary to handle the Committee on Foreign Investment in the United States’ increasing workload. We also recommended that DOD identify the resources needed, among other things, to implement the National Industrial Security Program’s new piloted approach for overseeing contractors with access to classified material.
As of December 2020, Treasury has not addressed our recommendation while DOD has taken some action. Specifically, in 2019 DOD centralized its oversight of contractors with facilities that do not store classified materials. This has reduced the burden on field-based industrial security representatives and created an opportunity for the representatives to better address risk and communications with contractors that store classified information at their facilities. We will continue monitoring these efforts, especially since the Foreign Investment Risk Review Modernization Act provides some tools for Treasury and DOD to address workforce needs.
Action plan: partially met. The task force has outlined a revised four-step process to identify, communicate, protect, assess, and oversee DOD’s critical acquisition programs and technologies. For example, it provided guidance and instructions to DOD components on how to identify and prioritize their critical acquisition programs and technologies, as well as protection measures that should be implemented.
However, the task force has not provided direction to DOD components on how to share the annual critical acquisition programs and technologies list effectively across the department and with other federal agencies. In January 2021, we recommended that DOD determine a process for communicating its future critical acquisition programs and technologies lists to all relevant DOD organizations and federal agencies. DOD concurred with this recommendation noting that disseminating its critical acquisition programs and technologies list is key to the department’s efforts to protect critical technologies.
In addition, according to DOD officials, agencies involved in developing the White House’s National Strategy for Critical and Emerging Technologies will be identifying steps to implement the strategy. We will monitor DOD and other agencies’ implementation efforts moving forward.
Related to export controls, the Departments of State and Commerce implemented a recommendation we made in March 2019 by establishing a Memorandum of Understanding between the two agencies to share information from their respective watch lists to facilitate screening export license applications, including those for certain firearms.
In May 2020 we reported that universities raised concern that guidance and outreach from the Departments of State and Commerce did not adequately address university-specific export compliance issues. In addition, we noted that the universities’ perception that DOD misunderstands what constitutes fundamental research could potentially hinder universities’ abilities to conduct research for DOD.
All three agencies concurred with recommendations to update guidance or increase awareness to address these issues but have not yet taken action to implement them. Additionally, the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 amended a provision of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 requiring DOD to establish an initiative to work with institutions of higher education that, among others, perform defense research and engineering activities to support the protection of information about critical technologies relevant to national security.
Monitoring: partially met. DOD’s task force established time frames for implementing its revised four-step process to identify and protect its critical programs and technologies. However, the task force has not yet established metrics to assess the sufficiency of its protection measures.
In January 2021, we recommended that DOD develop and periodically review appropriate metrics to assess the implementation and sufficiency of protection efforts that would enable programs to assess their own protection efforts, and allow military departments or the Office of the Under Secretary of Defense to assess protection efforts more broadly. DOD partially concurred with this recommendation noting that it is considering future technology protection roles and responsibilities that may include establishing metrics to ensure effective implementation of protection requirements across the department.
Additionally, DOD has not implemented a recommendation we made in 2017 to measure progress and develop corresponding metrics related to changes to policies and procedures supporting the anti-tamper program. This program establishes methods, such as encryption and hardware protective coatings, to help delay the exploitation of technologies lost on the battlefield.
Demonstrated progress: partially met. Agencies have taken steps to improve their respective protection program over the past 2 years, but collective coordination of protection efforts across the agencies involved still needs improvement. Among the steps taken, the Departments of State and Commerce established a Memorandum of Understanding to share their watch lists. In addition, Treasury updated information on its website in March 2018 in response to our recommendation to clarify the requirement for geographic coordinates when filing a transaction with the Committee on Foreign Investment in the U.S to better identify potential national security concerns.
DOD’s actions to develop and maintain a list of its critical acquisition programs and technologies are intended to inform interagency protection efforts as well as offer an opportunity to demonstrate progress on information sharing and coordination across the federal agencies.
What Remains to Be Done
The need for action remains across the agencies and within the protection programs. Addressing recommendations we made in January 2021 aimed at strengthening DOD’s efforts to protect its critical technologies and improving coordination among the agencies responsible for programs designed to protect technologies critical to national security could lead to improvements in each of the criteria above. In particular, DOD should
- designate the DOD organization that will be responsible for overseeing the department’s protection efforts;
- provide direction to the DOD components for communicating DOD’s critical acquisition programs and technologies list to other federal agencies; and
- implement protection measures associated with DOD’s revised efforts and establish measurable metrics to monitor the sufficiency of these efforts.
To strengthen agency protection programs, agencies should
- address resource issues in the Committee on Foreign Investment in the United States; and
- follow up on data collection and tracking recommendations for the anti-tamper program.
Related GAO Products
DOD Critical Technologies: Plans for Communicating, Assessing, and Overseeing Protection Efforts Should Be Completed . GAO‑21‑158. Washington, D.C.: January 12, 2021.
Export Controls: State and Commerce Should Improve Guidance and Outreach to Address University-Specific Compliance Issues. GAO‑20‑394. Washington, D.C.: May 12, 2020.
Export Controls: State and Commerce Should Share Watch List Information If Proposed Rules to Transfer Firearms Are Finalized. GAO‑19‑307. Washington, D.C.: March 1, 2019.
Committee on Foreign Investment in the United States: Action Needed to Address Evolving National Security Concerns Facing the Department of Defense. GAO‑18‑494. Washington, D.C.: July 10, 2018.
Defense Industrial Base: Integrating Existing Supplier Data and Addressing Workforce Challenges Could Improve Risk Analysis. GAO‑18‑435. Washington, D.C.: June 13, 2018.
Protecting Classified Information: Defense Security Service Should Address Challenges as New Approach Is Piloted. GAO‑18‑407. Washington, D.C.: May 14, 2018.
Committee on Foreign Investment in the United States: Treasury Should Coordinate Assessments of Resources Needed to Address Increased Workload. GAO‑18‑249. Washington, D.C.: February 14, 2018.
Foreign Military Sales: DOD Needs to Improve Its Use of Performance Information to Manage the Program. GAO‑17‑703. Washington, D.C.: August 22, 2017.
DOD Critical Technologies: Additional Actions Needed to Ensure Consistent Protection of Weapon Systems. GAO-17-292SU. Washington, D.C.: May 9, 2017.
Improving Federal Oversight of Food Safety
Bookmark:A government-wide approach is needed to address fragmentation in the federal food safety oversight system.
| Why Area Is High Risk The safety and quality of the U.S. food supply, both domestic and imported, are governed by a highly complex system stemming from at least 30 federal laws that are collectively administered by 15 federal agencies. We have long reported on the fragmented federal food safety oversight system, which has caused inconsistent oversight, ineffective coordination, and inefficient use of resources. We added federal oversight of food safety to the High-Risk List in 2007. In recent years, we have made recommendations aimed at helping to reduce fragmentation in federal food safety oversight. A 2011 estimate by CDC—its most recent—indicates that, as a result of foodborne illness, roughly one in six Americans (48 million people) gets sick each year, 128,000 are hospitalized, and 3,000 die. CDC data for 2010 to 2014 also show that the number of reported multistate foodborne illness outbreaks is increasing. CDC cites several potential contributors to the increase in reported multistate outbreaks, including greater centralization of food processing practices, wider food distribution, and improved detection and investigation methods. Contact Information For additional information about this high-risk area, contact Steve Morris at Morriss@gao.gov or (202) 512-3841. |
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.
Leadership commitment: partially met. The U.S. Departments of Agriculture (USDA) and Health and Human Services (HHS) have now both demonstrated leadership by updating their strategic and performance-planning documents to better address crosscutting food safety efforts, as we recommended in December 2014.
In addition, according to the Office of Management and Budget (OMB), the administration is working toward greater coordination among federal agencies through the framework of the FDA Food Safety Modernization Act (FSMA), enacted in 2011. For example, the Food and Drug Administration (FDA) has demonstrated leadership by continuing to collaborate with USDA on the Produce Safety Rule, which went into effect in 2016, to support the implementation of FSMA.
However, federal agencies have not developed a national plan or strategy for food safety. Specifically, Congress has not directed OMB to develop a government-wide performance plan for food safety to address our December 2014 matter, and the administration has not taken action to develop such a plan or to address our January 2017 recommendation to develop a national strategy for food safety. To more fully demonstrate leadership in this area, the administration should develop for food safety either a government-wide performance plan or, at a minimum, a national strategy.
Capacity: partially met. Federal food safety agencies would benefit from a centralized collaborative mechanism on food safety. In 2009, the President established the Food Safety Working Group (FSWG) to coordinate federal food safety efforts; however, this group has not met in nearly 10 years. Congressional action is required to formalize such a mechanism through statute.
Identifying resources needed to carry out the food safety mission would be an important part of a government-wide performance plan or, at a minimum, a national strategy for food safety. Developing such a plan or strategy that encompasses the contributions of all federal agencies with a food safety role would demonstrate capacity and could address our December 2014 matter and our January 2017 recommendation.
Action plan: not met. Without an action plan, such as a government-wide performance plan or, at a minimum, a national strategy for food safety, Congress, program managers, and other decision makers are hampered in their ability to identify agencies and programs addressing similar missions and to set priorities, allocate resources, and restructure federal efforts, as needed, to achieve long-term goals.
Such a national strategy for food safety that fulfills government-wide planning needs should, among other things, have a clearly stated purpose, establish sustained leadership, identify resource requirements, and describe how progress will be monitored.
Moreover, without a centralized collaborative mechanism—such as the FSWG—to address food safety, agencies do not have a forum to agree on a set of broad-based food safety goals and objectives that could be articulated in a government-wide performance plan or national strategy on food safety.
Monitoring: not met. A government-wide performance plan or, at a minimum, a national strategy for food safety, would facilitate effective monitoring of federal food safety efforts so the efforts would be clear and transparent to Congress and the public.
To understand federal food safety oversight actions, currently Congress, program managers, other decision makers, and the public must access, attempt to make sense of, and reconcile individual documents across the many federal agencies that administer federal statutes governing food safety and quality.
A government-wide performance plan or national strategy would enable Congress and the agencies to monitor the effectiveness of federal food safety programs, particularly those involving more than one agency, and identify areas needing corrective measures.
Demonstrated progress: partially met. Since our 2019 High-Risk Report, USDA has joined HHS in implementing our 2014 recommendations to update their strategic and performance planning documents to more fully describe how they are working with other agencies to achieve their food safety-related goals and objectives.
Nevertheless, the agency-by-agency focus of individual planning documents does not provide the integrated perspective on federal food safety performance necessary to guide congressional and executive branch decision-making and inform the public about federal actions to ensure food safety. Those individual documents could, however, provide building blocks toward the next step of developing a single, government-wide performance plan for food safety.
FDA and USDA also continue to collaborate on food safety through joint working groups and information sharing practices, such as the Interagency Foodborne Outbreak Response Collaboration and the Interagency Risk Assessment Consortium. However, the development of a broader government-wide performance plan or, at a minimum, a national strategy for food safety is still needed and could involve other agencies, such as those that we have identified as having a food safety role.
These agencies include (1) the Centers for Disease Control and Prevention (CDC), which identifies and coordinates the investigation of foodborne illness outbreaks to protect the public health; (2) the Department of Commerce’s National Marine Fisheries Service, which provides voluntary fee-for-service examinations of seafood for safety and quality; and (3) the Department of Homeland Security’s Customs and Border Protection, which, among other things, inspects imports of food products, plants, and live animals for compliance with U.S. law and assists federal agencies in enforcing their regulations at the border.
A government-wide performance plan or national strategy for food safety that includes the multiple agencies with a food safety role could foster sustained progress in addressing fragmentation in the federal food safety oversight system.
What Remains to Be Done
Since food safety was added to the High-Risk List in 2007, we have made numerous recommendations to enhance collaboration among agencies with food safety responsibilities. As of December 2020, seven of these recommendations are still open. There is one open recommendation that is significant for removing food safety from the High-Risk List:
- In 2017, we recommended that appropriate entities within the Executive Office of the President (EOP), in consultation with relevant federal agencies and other stakeholders, develop a national strategy for food safety that, among other things, establishes high-level sustained leadership, identifies resource requirements, and describes how progress will be monitored. The EOP did not provide comments on our recommendation
Congressional Actions Needed
As of December 2020, there are three open matters for congressional consideration that are significant for removing food safety from the High-Risk List: two since 2007 and one dating to 2001:
- In 2014, we suggested that Congress consider directing OMB to develop a government-wide performance plan for food safety that includes results-oriented goals and performance measures and a discussion of strategies and resources.
- In 2014, we suggested that Congress consider formalizing the FSWG through statute to help ensure sustained leadership across food safety agencies over time.
- In 2001, we suggested that Congress consider commissioning the National Academy of Sciences or a blue ribbon panel to conduct a detailed analysis of alternative organizational food safety structures and report the results of such an analysis to Congress.
We would accept either a government-wide performance plan or, at a minimum, a national strategy for food safety to address many of the concerns raised in our work.
Related GAO Products
Food Safety: FDA and USDA Could Strengthen Existing Efforts to Prepare for Oversight of Cell-Cultured Meat. GAO‑20‑325. Washington, D.C.: April 7, 2020.
Food Safety: Federal Efforts to Manage the Risk of Arsenic in Rice. GAO‑18‑199. Washington, D.C.: March 16, 2018.
Imported Seafood Safety: FDA and USDA Could Strengthen Efforts to Prevent Unsafe Drug Residues. GAO‑17‑443. Washington, D.C.: September 15, 2017.
Food Safety: A National Strategy Is Needed to Address Fragmentation in Federal Oversight. GAO‑17‑74. Washington, D.C.: January 13, 2017.
Food Safety: FDA Coordinating with Stakeholders on New Rules but Challenges Remain and Greater Tribal Consultation Needed. GAO‑16‑425. Washington, D.C.: May 19, 2016.
Federal Food Safety Oversight: Additional Actions Needed to Improve Planning and Collaboration. GAO‑15‑180. Washington, D.C.: December 18, 2014.
Federal Food Safety Oversight: Food Safety Working Group Is a Positive First Step but Governmentwide Planning Is Needed to Address Fragmentation. GAO‑11‑289. Washington, D.C.: March 18, 2011.
Food Safety and Security: Fundamental Changes Needed to Ensure Safe Food. GAO‑02‑47T. Washington, D.C.: October 10, 2001.
Protecting Public Health through Enhanced Oversight of Medical Products
Bookmark:The Food and Drug Administration needs to increase monitoring of medical products manufactured overseas and improve planning for drug shortages.
| Why Area Is High Risk Millions of medical products—drugs, biologics, and medical devices—are used daily by Americans at home, in the hospital, and in other health care settings. FDA has the vital mission of protecting the public health by overseeing the safety and effectiveness of these products marketed in the United States. The agency’s responsibilities begin long before a product is brought to market and continue after FDA approves a product, regardless of whether it is manufactured in the United States or abroad. FDA has been confronted with multiple challenges, including (1) rapid changes in science and technology, (2) globalization as many products are manufactured abroad, (3) unpredictable public health crises, (4) an increasing workload to ensure medical product availability, and (5) the continuing need to monitor the safety of thousands of marketed medical products. The oversight of medical products was added to our High-Risk List in 2009 because these obstacles threatened to compromise FDA’s ability to protect public health. While progress has been made, FDA continues to face these challenges as well as the additional challenge of the COVD-19 pandemic. Contact Information For additional information about this high-risk area, contact Mary Denigan-Macauley or John E. Dicken at (202) 512-7114 or deniganmacauleym@gao.gov or dickenj@gao.gov. |
Since our 2019 High-Risk Report, our assessment of efforts to address ratings for all five criteria remains unchanged. The Food and Drug Administration (FDA) continues to demonstrate leadership support for improving its oversight of medical products for both the globalization and drug availability segments. However, the agency has not fully met the remaining criteria.
In the globalization segment of this high-risk area, the capacity criterion has regressed from met to partially met. In the drug availability segment, the five criteria remain unchanged. FDA’s effective oversight will be especially important to ensuring the availability of medical products needed to fight the Coronavirus Disease 2019 (COVID-19) pandemic.
Response to Globalization
Since our 2019 High-Risk Report, ratings in this segment for four criteria remain unchanged. However, the capacity criterion regressed to partially met.
Leadership commitment: met. FDA met this criterion in 2015. The agency continues to demonstrate leadership commitment by (1) reorganizing its office dedicated to confronting the challenges of globalization in 2019, and (2) releasing a new 5-year strategic plan in March 2020.
Continued commitment from leadership will be important for FDA’s ability to respond to ongoing and evolving challenges. For example, the COVID-19 pandemic affected FDA’s ability to conduct inspections of foreign drug manufacturers, limiting a critical source of information about the quality of drugs manufactured for the U.S. market. Addressing its challenges will require sustained leadership focus.
Capacity: partially met. FDA now partially meets this criterion—regressing from met in our 2019 High-Risk Report. From fiscal years 2012 through 2016, FDA conducted an increasing number of inspections of foreign drug manufacturing establishments. However, in fiscal years 2017 and 2018, these inspections decreased.
FDA officials attributed this decrease to, in part, vacancies in the number of investigators available to conduct inspections. In June 2020, we reported that FDA had vacancies among each of the groups of investigators who conduct foreign inspections. For example, within its foreign offices in China and India, about one-third of its drug investigator positions were vacant.
Further, in March 2020, FDA announced that, due to COVID-19, it was postponing almost all inspections of foreign establishments. While FDA indicated it has other tools to ensure the safety of the U.S. drug supply, the lack of foreign inspections removes a critical source of information about these drugs. As of January 2021, FDA did not have an expected date for resuming regular foreign inspections in all countries.
Action plan: met. FDA met this criterion in 2015 and continues to take steps to meet it. In March 2020, the agency released a 5-year strategic plan to guide the activities of the office that overseas its global activities. It also partnered with European regulators to leverage their resources. By July 2019, FDA had determined that 28 European regulators were capable of conducting inspections that meet FDA’s requirements. In fiscal year 2020, during the postponement of inspections, FDA increased its reliance on inspections from these regulators in lieu of conducting its own inspections.
Monitoring: partially met. FDA has taken steps to better monitor its program for inspecting foreign establishments by improving the accuracy and completeness of information on foreign establishments subject to inspection. However, despite these steps, in June 2020, we reported that data challenges continued to make it difficult for FDA to accurately identify foreign establishments subject to inspection.
Specifically, since 2017, FDA pursued an initiative to inspect approximately 1,000 foreign establishments lacking an inspection history. FDA completed this initiative, but, in doing so, it found that a sizeable percentage of the establishments in its data system did not have to be inspected by FDA (e.g., about 40 percent of those assigned to its office in China in fiscal years 2017 and 2018). For example, some were not subject to inspection because it turned out they did not actually manufacture drugs for the U.S. market. FDA also has not fully developed measures allowing it to systematically track how its foreign office activities contribute to drug safety outcomes.
In addition, FDA has not yet completed its efforts to develop performance measures for the foreign offices and assess their effectiveness. In August 2020, FDA reported that it was revising and updating its measures and its approach to evaluating impact to align with the strategic plan.
Demonstrated progress: partially met. FDA has taken steps to respond to globalization, including (1) improving the accuracy and completeness of its information on foreign manufacturers, and (2) deciding it will no longer allow more than 5 years to elapse between inspections at a specific establishment.
However, in June 2020, we reported that FDA continued to face challenges when conducting foreign inspections that raised questions about their equivalence to domestic inspections. In particular, while domestic inspections are almost always unannounced, officials said that FDA generally preannounces foreign inspections about 12 weeks in advance, which may give manufacturers the opportunity to fix problems. These challenges are further complicated by the pause in inspections resulting from the COVID-19 pandemic. FDA must address these challenges and demonstrate that it can maintain its oversight of drugs manufactured overseas.
What Remains to Be Done
Since we added this area to our High-Risk List, we have made numerous recommendations related to the agency’s response to globalization.
- As of December 2020, two recommendations remain open related to the development of performance measures and assessing the effectiveness of the foreign offices.
- FDA should also ensure all establishments are inspected at an appropriate frequency and take steps to address the staffing and other challenges associated with inspecting foreign establishments. The COVID-19 pandemic has exacerbated some of these challenges, making continued commitment from leadership especially important.
Drug Availability
Since our 2019 High-Risk Report, ratings for all five criterion in this segment remain unchanged. FDA continues to meet the criteria for leadership commitment and for monitoring.
Leadership commitment: met. In the 2015 High-Risk Report, we recognized FDA demonstrated leadership commitment to drug availability by (1) issuing a strategic plan for preventing and mitigating drug shortages, and (2) including in its strategic priorities the agency’s ability to respond to drug shortages.
FDA’s commitment to addressing this public health concern continues to be strong, as evidenced by the continued meeting of its drug shortages task force that started in 2013. Additionally, FDA established an interagency task force in July 2018 to identify the root causes of drug shortages and provide solutions, which culminated in an October 2019 report that offered recommendations for FDA and others.
Capacity: partially met. As noted in the 2019 High-Risk Report, FDA improved its capacity to respond to drug shortages, but the agency alone cannot resolve these shortages. In September 2020, FDA described efforts that it was taking to promote the use of new manufacturing techniques that have the potential to shorten production times and improve the efficiency of manufacturing processes.
In addition, the October 2019 report from FDA’s Drug Shortages Task Force included recommendations for industry, such as to promote contracting practices that would help ensure a more reliable supply of medically important drugs.
Beyond drug shortages, FDA has also faced oversight challenges that could affect the availability of drugs. For example, FDA has reported that (1) it has not had sufficient resources to adequately regulate over-the-counter drugs (e.g., cough and cold medications); and (2) a lengthy regulatory process has hindered the availability of new drug ingredients to the U.S. market. Consequently, the agency noted it has not allowed the marketing of many new over-the-counter drugs or made timely changes to existing over-the-counter drugs based on emerging safety issues or evolving science.
In March 2020, FDA received additional statutory authorities, including the authority to collect user fees from manufacturers of over-the-counter drugs, that officials said could allow FDA to address identified safety risks in a more timely and efficient manner. However, FDA officials said it will take time before FDA is able to fully realize any benefits that might result from these changes. For example, according to FDA, it generally takes 2 years for any newly hired FDA staff to complete training and be fully effective in reviewing scientific information related to the regulation of over-the-counter drugs.
Action plan: partially met. In October 2019, FDA’s Drug Shortages Task Force examined the root causes of drug shortages and made recommendations for FDA and others. However, FDA still has not used the drug shortages data it collects to analyze trends or identify patterns to help predict future shortages to assist with managing efforts. In August 2020, FDA reported it had begun modeling efforts to explore the feasibility of predicting future drug shortages and would identify next steps after it completes these initial efforts.
We also reported on other opportunities FDA has to increase drug availability. Specifically, in August 2019, we reported that in its review of generic versions of brand name drugs, FDA needed to (1) address inconsistencies in written comments provided by FDA reviewers that could lead to longer reviews, and (2) assess the extent to which actions by brand-name drug companies affect the approval of generic versions. In December 2020, FDA indicated it was taking steps to address both issues.
In addition, FDA still needs to take actions to address shortcomings in its broader strategic planning efforts. For example, FDA needs to engage in a strategic planning process to identify challenges that cut across each of its centers responsible for overseeing medical products and document how it will achieve measurable goals and objectives in these areas.
Monitoring: met. In the 2019 High-Risk Report, we recognized that FDA met this criterion through the consistent use of its drug shortage information system to track potential and existing shortages. The agency established formal procedures for using the system and performance measures to evaluate its ability to respond when shortages occur.
FDA has continued to issue annual reports on drug shortages data, most recently in April 2020. At the beginning of the COVID-19 pandemic, FDA asked more than 180 drug manufacturers to evaluate their supply chain for elements manufactured in China; FDA then monitored these companies for drug shortage risks.
Demonstrated progress: partially met. FDA has demonstrated progress to improve its ability to respond to drug shortages. However, FDA has not implemented all of our recommendations, such as periodically analyzing its shortage data to proactively identify risk factors.
Additionally, drug shortages remain a public health concern, and one that has been further complicated by the COVID-19 pandemic. For example, FDA temporarily authorized the emergency use of chloroquine and hydroxychloroquine to treat COVID-19. However, the products then went into shortage and were unavailable to treat other conditions (e.g., lupus and rheumatoid arthritis), for which the drug was already approved.
What Remains to Be Done
Since we added this area to our High-Risk List, we have made numerous recommendations related to drug availability, three of which were made since the last High-Risk Report in March 2019. As of December 2020, nine recommendations remain open. Although FDA alone cannot guarantee drug availability, the agency can take important steps to help ensure that safe and effective drugs are accessible to patients. FDA should implement our recommendations, including to
- conduct periodic analyses to assess drug shortage information to proactively identify risk factors for potential drug shortages;
- take additional steps to address inconsistency in its written comments to generic drug application sponsors that can lead to longer reviews; and
- plan strategically to identify challenges that cut across FDA’s multiple centers overseeing medical products, and document how the agency will achieve measurable goals and objectives in these areas.
Related GAO Products
COVID-19: Federal Efforts Accelerate Vaccine and Therapeutic Development, but More Transparency Needed on Emergency Use Authorizations. GAO‑21‑207. Washington, D.C.: November 17, 2020.
Over-the-Counter Drugs: Information on FDA's Regulation of Most OTC Drugs. GAO‑20‑572. Washington, D.C.: July 29, 2020.
Drug Safety: COVID-19 Complicates Already Challenged FDA Foreign Inspection Program. GAO‑20‑626T. Washington, D.C.: June 2, 2020.
Generic Drug Applications: FDA Should Take Additional Steps to Address Factors That May Affect Approval Rates in the First Review Cycle. GAO‑19‑565. Washington, D.C.: August 7, 2019.
Drug Safety: FDA Has Improved Its Foreign Drug Inspection Program, but Needs to Assess the Effectiveness and Staffing of Its Foreign Offices. GAO‑17‑143. Washington, D.C.: December 16, 2016.
Drug Shortages: Public Health Threat Continues, Despite Efforts to Help Ensure Product Availability. GAO‑14‑194. Washington, D.C.: February 10, 2014.
Transforming EPA’s Process for Assessing and Controlling Toxic Chemicals
Bookmark:The Environmental Protection Agency needs to improve its monitoring efforts to assess and control chemicals that pose risks to human health and the environment.
| Why Area Is High Risk EPA’s ability to effectively implement its mission of protecting public health and the environment is dependent on assessing in a credible and timely manner the risks posed by chemicals in commerce and those that have yet to enter commerce. EPA’s programs under IRIS and TSCA are the two segments in this high-risk area. The IRIS Program’s chemical assessments are the cornerstone of scientifically sound environmental decisions, policies, and regulations under a variety of statutes, such as the Safe Drinking Water Act and the Clean Air Act. EPA prepares assessments of chemical hazards to human health under its IRIS Program, among others, for making environmental protection and risk-management decisions. EPA is authorized under TSCA to review chemicals, including conducting risk evaluations, obtain more information on them, and control chemicals the agency determines pose an unreasonable risk to human health. TSCA was amended in 2016 by the Frank R. Lautenberg Chemical Safety for the 21st Century Act. The Lautenberg Act will take years to implement because of the complexity and scope of the legislation. Because EPA had not developed sufficient chemical assessment information under these programs to limit exposure to many chemicals that may pose substantial health risks, we added this issue to the High-Risk List in 2009 as a government program in need of broad-based transformation. Contact Information For additional information about this high-risk area, contact J. Alfredo Gómez at (202) 512-3841 or gomezj@gao.gov. |
Since our 2019 High-Risk Report, four criteria remain unchanged. However, the rating for monitoring decreased from partially met to not met in 2021. Furthermore, ratings for three criteria in the Integrated Risk Information System (IRIS) Program and four criteria in the Toxic Substances Control Act (TSCA) segments declined.
Integrated Risk Information System
Since 2019, ratings for capacity and action plan remain unchanged, as partially met. However, ratings for leadership commitment, monitoring, and demonstrated progress declined to not met.
Leadership commitment: not met. This rating declined from partially met in 2019. We reported in March 2019 that the Environmental Protection Agency (EPA) Administrator had not identified the IRIS Program as among his top priorities for the agency. Furthermore, the Administrator’s congressional budget justification for fiscal year 2021 proposed a 34 percent ($12.7 million) cut to the Health and Environmental Risk Assessment area’s budget, approximately half of which is the IRIS Program’s budget. This is the fourth year in a row that the Administrator has proposed such a reduction. Although Congress in prior years directed that funding remain at fiscal year 2017 enacted levels, the Administrator’s proposed budget cut contributed to the decline in rating for leadership to not met.
Additionally, EPA’s agency-wide strategic plan for fiscal years 2018 through 2022 does not mention the IRIS Program. Although the strategic plan has a section focused on human health risk assessments, it does not explain how the IRIS Program’s work supports EPA’s goals of protecting human health and the environment.
In our December 2020 report, we found that EPA would benefit from increasing transparency about the IRIS Program’s processes and work. For example, EPA did not publicly explain continued delays in chemical assessment production, and program and regional offices’ processes for nominating chemicals for assessment lacked transparency and structure. We recommended that EPA provide more information publicly about where chemical assessments are in the development process, internal and external steps in the process, and changes to assessment milestones.
Capacity: partially met. According to officials, EPA’s workforce has remained fairly stable since 2018 but the agency could not provide us with documents indicating any workforce planning or analysis. Although the workforce remained stable, in December 2018 EPA decreased the number of assessments the IRIS Program was working on from 22 to 13 (two more assessments were started in 2019 bringing the total to 15 ongoing assessments as of December 2020). EPA did not indicate why there was a reduction in the number of assessments in development. In addition, EPA has not made public any information about the program’s current or future resource capacity for meeting EPA-wide needs for chemical assessments.
Action plan: partially met. We reported in December 2020 that EPA has a draft strategic research action plan for the Health and Environmental Risk Assessment National Research Area, of which the IRIS Program is a part. Although this plan does not address our May 2013 recommendation that EPA develop an agency-wide strategy to address unmet needs internally and to coordinate externally, it calls for coordinating the work of several Office of Research and Development (ORD) programs—including IRIS—that produce chemical assessments. Planning for such coordination of the various assessments ORD produces is encouraging, but reviews of the plan found that it lacks important details.
For example, it did not include an implementation strategy or metrics to define progress or mention the resources the IRIS Program needs to produce chemical assessments to meet user needs. EPA neither provided an update about the plan’s status nor information on the agency’s plans for implementation.
Monitoring: not met. This rating declined from met for two reasons. First, as we reported in December 2020, despite a decline in participation in the assessment nomination process from 2018 to 2019, EPA has not assessed whether this survey is achieving its intended purpose and is generating quality information. While EPA reported that it gathered feedback from its senior leadership about the nomination process, it did not have information on how feedback informed future monitoring efforts. Second, ORD’s advisory committee review of the Health and Environmental Risk Assessment strategic research action plan found that the plan did not include an implementation strategy or metrics to define progress and allow for monitoring.
To make progress in this area, EPA needs to include implementation steps in its strategic plan, define clear metrics for assessing program progress in meeting objectives, and show that it is monitoring the IRIS Program as a whole as well as continuing to assess specific activities—such as the survey—to ensure they are achieving stated objectives.
Demonstrated progress: not met. The IRIS Program’s objective is to issue chemical assessments for use in EPA’s risk evaluation and management activities. However, the program did not issue any completed assessments between August 2018 and December 2020. We also found that since December 2018, the IRIS Program had publicly released nine supporting documents for ongoing chemical assessments—primarily documents that indicate how assessments will be developed—but few chemical assessments had progressed through the assessment development process.
For example, two assessments completed peer review in February 2019—the fourth of seven steps in the assessment development process—but have yet to be finalized and released publicly as of December 2020. For most chemical assessments the program is developing, projected milestone dates have been delayed at least a quarter.
EPA told us that changes in IRIS assessment schedules are typically due to the scientific complexities of each assessment and availability of staff with the appropriate expertise. However, EPA did not identify the scientific complexities associated with any specific assessment or explain why it did not anticipate and resolve these unspecified complexities.
What Remains to Be Done
Since we added the IRIS Program to our High-Risk List in 2009, we have made 14 recommendations related to the IRIS segment of this high-risk area, including five recommendations in our December 2020 report. As of December 2020, nine recommendations remain open. As we noted in several reports, to make progress EPA should, among other things,
- indicate how EPA programs, including the IRIS Program, are being resourced and coordinating with each other to meet EPA-wide needs;
- increase transparency by publishing IRIS agendas on which chemicals EPA is actively assessing and when it plans to start assessments of the other listed chemicals to demonstrate progress; and
- complete an action plan with a strategy to address the needs of EPA program offices and regions when IRIS toxicity assessments are unavailable.
Our December 2020 chemical assessments report provides further information on what remains to be done to address challenges in the IRIS Program.
Congressional Actions Needed
Congress should consider what resources the IRIS Program needs to ensure it can produce the chemical assessments EPA offices require to perform their work.
Toxic Substances Control Act
Since our 2019 High-Risk Report, ratings for demonstrated progress remained unchanged. However, ratings for leadership commitment declined from met to partially met; ratings for capacity, action plan, and monitoring declined from partially met to not met.
Leadership commitment: partially met. TSCA remains an agency priority as noted in testimony by the Administrator and in the most recent budget request. The EPA budget request for fiscal year 2021 includes an increase of $8.5 million for TSCA implementation and $4 million for TSCA records digitization. But in May 2020, the Administrator stated that EPA would not meet its deadlines for releasing the first 10 chemical risk evaluations; EPA stated that it would complete them by the end of 2020. The Administrator also stated in May 2020 that EPA had identified the next 20 high-priority chemicals for risk evaluation and that scoping documents that include information to be included in the risk evaluations, such as the chemical hazards and exposures, would be released in mid-2020.
Capacity: not met. The 2016 Lautenberg Act provided EPA with greater authority to address chemical risks, which consequently increased EPA’s responsibility for regulating chemicals and increased its workload. However, the Office of Pollution Prevention and Toxics (OPPT), which implements TSCA, did not meet statutory deadlines for its first 10 high-priority risk evaluations, according to the EPA Office of the Inspector General’s (OIG) August 2020 report. Furthermore, OIG found that OPPT would be required to produce double the number of risk evaluations by the end of 2022 with only a slight increase in the number of staff.
Additionally, as of December 2020, EPA had not implemented the recommendation we made in 2013 regarding TSCA’s ability to identify resources needed to conduct risk assessments. Specifically, EPA program offices have not identified workforce needs for budget justification purposes since 1987, according to the August 2020 OIG report.
The OIG report also stated that OPPT expected to hire more than 50 staff members in fiscal year 2020 but had not conducted a workforce and workload analysis to demonstrate that, even with 50 additional staff, it would have the capacity to successfully implement the TSCA requirements by the statutory deadlines. Although EPA officials said they are preparing a workforce analysis, they did not provide a draft to us.
In addition to the challenges of meeting existing deadlines, EPA has to incorporate a recent court ruling into its ongoing risk evaluations. Under this ruling, EPA must evaluate the risks associated with the use and disposal of chemicals that are not being, and are not expected to be, manufactured, processed, or distributed—called legacy uses. For example, polychlorinated biphenyls (PCBs) were produced until the late 1970s, when their production was banned in the United States. But older products such as fluorescent lights, caulking, and paints may contain PCBs, and remain a concern for workers and consumers. According to EPA’s OIG, the resulting expansion of the scope of EPA’s risk evaluation process will require the agency to devote more staffing and resources to existing chemical risk evaluations.
Action plan: not met. The TSCA amendments require EPA to publish a plan at the beginning of each calendar year for completing risk evaluations of chemicals already in commerce. The plan must identify (1) risk evaluations to be initiated or completed that year, (2) necessary resources, and (3) an updated schedule for completing risk evaluations.
However, the August 2020 OIG report found that OPPT’s annual plans did not meet the statutory requirement. The plans did not identify steps to complete future work or specify the financial and staff resources needed to initiate or complete the risk evaluations for that year. EPA partially agreed with the OIG’s recommendation to include anticipated implementation efforts and financial and staff resources in its annual reports to Congress, beginning in 2021.
Monitoring: not met. Although OPPT has developed annual performance goals that correspond to EPA’s long-term performance goals, the agency did not provide us with the underlying metrics or information on how they influenced changes to improve performance. The August 2020 OIG report indicates that OPPT has done no workforce or workload planning to ensure it can meet TSCA deadlines. EPA agreed with the OIG’s recommendations to perform a workforce analysis—as mentioned above—and a skills gap analysis.
Demonstrated progress: partially met. EPA took regulatory actions, including finalizing a rule that requires EPA to, for example, review certain new uses of per- and polyfluoroalkyl substances in surface coatings, such as apparel and carpet, before these products can be imported into the U.S.
As required by TSCA, as amended, EPA was due to release its first 10 high-priority risk evaluations in December 2019, but the agency was unable to meet that deadline and required a 6-month extension for all 10 risk evaluations. EPA did not meet the original or extended deadline; they had released nine of 10 risk evaluations by the end of December 2020.
However, EPA did not (1) publicly release scoping documents for its next 20 risk evaluations by the June 2020 deadline, or (2) include in its annual plans updates on its progress in completing the risk evaluations that are due by the end of 2022. And as noted above, a 2019 court ruling will require EPA to revise its risk evaluation process; EPA has not released information about incorporating these changes into its risk evaluations.
What Remains to Be Done
Since we added TSCA implementation to our High-Risk List in 2009, we have made three recommendations related to this high-risk area, of which one remains open. Specifically, EPA needs to carry out workforce planning to ensure it has the resources and plans in place to facilitate progress on chemical risk evaluations and other work implementing TSCA. EPA needs to issue 20 high-priority risk evaluations by December 2022 and submit annual plans to Congress that contain details about resource needs and implementation steps for completing mandated work.
Related GAO Products
Chemical Assessments: Annual Survey Inconsistent with Leading Practices in Program Management. GAO‑21‑156. Washington, D.C.: December 18, 2020.
Chemical Assessments: Status of EPA’s Efforts to Produce Assessments and Implement the Toxic Substances Control Act. GAO‑19‑270. Washington, D.C.: March 4, 2019.
Chemical Assessments: Agencies Coordinate Activities, but Additional Action Could Enhance Efforts. GAO‑14‑763. Washington, D.C.: September 29, 2014.
Chemical Assessments: An Agencywide Strategy May Help EPA Address Unmet Needs for Integrated Risk Information System Assessments. GAO‑13‑369. Washington, D.C.: May 10, 2013.
Toxic Substances: EPA Has Increased Efforts to Assess and Control Chemicals but Could Strengthen Its Approach. GAO‑13‑249. Washington, D.C.: March 22, 2013.
Chemical Assessments: Challenges Remain with EPA’s Integrated Risk Information System Program. GAO‑12‑42. Washington, D.C.: December 9, 2011.
Chemical Assessments: Low Productivity and New Interagency Review Process Limit the Usefulness and Credibility of EPA’s Integrated Risk Information System. GAO‑08‑440. Washington, D.C.: March 7, 2008.
National Efforts to Prevent, Respond to, and Recover from Drug Misuse
Bookmark:Federal agencies must effectively coordinate and implement a strategic national response to drug misuse and make progress toward reducing rates of drug misuse and the resulting harmful effects to society.
| Why Area Is High Risk Drug misuse—the use of illicit drugs and the misuse of prescription drugs—has been a persistent and long-standing public health issue in the United States. Ongoing efforts seek to address drug misuse through education and prevention, substance use disorder treatment, and law enforcement and drug interdiction, as well as programs that serve populations affected by drug misuse. These efforts involve federal, state, local, and tribal governments as well as community groups and the private sector. National rates of drug misuse have increased over the past 2 decades and represent a serious risk to public health. This has resulted in significant loss of life and harmful effects to society and the economy, including billions of dollars in costs. In recent years, the federal government has spent billions of dollars and has enlisted more than a dozen agencies to address drug misuse and its effects. We determined in March 2020 that this issue is high risk. At that time, in consideration of the challenges from the onset of the COVID-19 pandemic, we reported we would be making the high-risk designation effective in 2021. Contact Information For additional information about this high-risk area, contact Triana McNeil at (202) 512-8777 or mcneilt@gao.gov, Alyssa M. Hundrup at (202) 512-7114 or hundrupa@gao.gov, or Jacqueline M. Nowicki at (617) 788-0580 or nowickij@gao.gov. |
As we reported in March 2020, our body of work on drug misuse, and specifically our work since fiscal year 2015, has highlighted challenges the federal government faces to address drug misuse.
In March 2020, we also reported that the severe public health and economic effects of the Coronavirus Disease 2019 (COVID-19) pandemic could further fuel some of the contributing factors of drug misuse, thereby highlighting the need to sustain and build upon ongoing efforts.
We noted that maintaining sustained attention on drug misuse would be challenging, as many of the federal agencies responsible for addressing drug misuse would be focused on addressing the pandemic. In consideration of the challenges from the onset of the COVID-19 pandemic, we reported that the high-risk designation would be effective in 2021. As a result, we will not rate federal agencies’ progress until our next High-Risk Report in 2023.
Leadership commitment. Our work has identified the need for the Office of National Drug Control Policy (ONDCP) to improve its leadership and coordination of the national effort to address drug misuse. Further, we have identified the need for leaders of National Drug Control Program agencies who help implement the National Drug Control Strategy (Strategy)—such as the Departments of Health and Human Services (HHS), Justice, Homeland Security, and Education—to engage in more effective coordination across the government and with stakeholders.
ONDCP’s responsibility to develop the National Drug Control Strategy offers the office an important opportunity to help prioritize, coordinate, and measure key efforts to address the drug crisis. Our work has shown that ONDCP can improve its efforts to develop a National Drug Control Strategy that meets statutory requirements and effectively coordinates national efforts to address drug misuse. In 2017 and 2018, as rates of drug misuse and overdose deaths continued to worsen, ONDCP lacked a statutorily required National Drug Control Strategy. ONDCP produced the National Drug Control Strategy in 2019 and 2020, but neither iteration fully addressed all statutory requirements. The federal government invests billions of dollars each year in programs spanning over a dozen agencies. Therefore, the development and implementation of a comprehensive Strategy is critical to guiding and ensuring the effectiveness of federal activities to address drug misuse.
Our work has also addressed the importance of coordination across federal agencies as well as between federal agencies, other levels of government, and private stakeholders. In addition to its role in developing and issuing the Strategy, ONDCP is uniquely situated to promote coordination across National Drug Control Program agencies.
The 2020 Strategy included some information about existing or new coordinating mechanisms needed to achieve the Strategy’s long-range quantifiable goals and ONDCP’s role in facilitating achievement of such goals. Through these mechanisms, ONDCP has the potential to strengthen coordination and provide sustained leadership.
As we reported in March 2020 when we identified drug misuse as a high-risk issue, it is important for the federal government to coordinate among different levels of government and across issue areas. This includes coordinating with state, local, and tribal agencies, as well as with community groups and organizations in the private sector working to address the drug crisis.
For example, we reported in October 2020 that the federal government has supported the use of prescription drug monitoring programs (PDMP) to help ensure appropriate prescribing of drugs. Physicians we interviewed found PDMPs useful while reporting challenges when PDMPs are not integrated with electronic health record systems.
Capacity. Our past work found that the treatment availability for substance use disorders has not kept pace with needs, and the federal government has faced barriers to increasing treatment capacity.
For example, we reported in December 2020 that, according to Substance Abuse and Mental Health Services Administration (SAMHSA) data, as of May 2020, nearly one-third of counties (31 percent) had no facilities offering any level of substance use disorder treatment. According to stakeholders, shortages in the treatment workforce, insurance reimbursement and payment models, federal and state requirements, and stigma are barriers to expanding substance use disorder treatment.
The 2020 Strategy included a plan to expand treatment of substance use disorders, which is required to identify unmet treatment needs, and a strategy for closing the gap between available and needed treatment, among other things. Additionally, the Fiscal Year 2021 Budget and Performance Summary, which ONDCP issued in June 2020 as a companion document to the Strategy, took further steps to address statutory requirements for identifying resources needed to expand treatment of substance use disorders.
However, the 2020 Strategy did not include the required 5-year projection for the National Drug Control Program and budget priorities. We also found that the 2020 Strategy did not include estimates of federal funding or other resources needed to achieve each of the Strategy’s long-range quantifiable goals. Addressing our December 2019 recommendation that ONDCP develop and document key planning elements for future Strategy iterations would help ensure it has identified funding and other resources needed to address the crisis. ONDCP agreed with this recommendation.
Addressing the drug misuse crisis also requires the capacity to address the effects of drug misuse on individuals and society. For example, providing clearer direction on the role of states and use of grant funding in the nation’s workforce system to address the employment and training needs of those affected by substance use disorders could help ensure the economic well-being of communities affected by drug misuse.
We reported in May 2020 about programs funded through the Workforce Innovation and Opportunity Act that are addressing the employment and training needs of those affected by substance use disorders. We found that the Department of Labor (DOL) did not plan to share information that grantees submit to the agency, such as lessons learned and successes, with all states.
However, doing so could help states better position workforce agencies to address the needs of job seekers affected by substance use disorders and help employers understand and address the perceived risks of hiring job seekers in recovery.
In May 2020, we recommended that DOL share information from targeted grantees with all state workforce agencies, tribal governments, and outlying areas regarding lessons learned and promising practices. DOL agreed with our recommendation and is creating resources that are available to all states. DOL plans to host at least one webinar that could be useful to local workforce boards around the country.
Action plan. Our work has identified limitations in the Strategy, which could serve as an action plan for addressing this high-risk area. The Strategy is required to set forth a comprehensive plan to reduce illicit drug use and related consequences in the United States by limiting the availability of and reducing the demand for illegal drugs, among other things. However, our past work has highlighted ways in which the Strategy does not meet statutory requirements. As noted above, in December 2019, we recommended that ONDCP develop and document key planning elements to help ONDCP structure its ongoing efforts and to better position the agency to meet these statutory requirements for future iterations of the Strategy.
The 2020 Strategy made progress in addressing several statutory requirements. For example, the Fiscal Year 2021 Budget and Performance Summary included information describing how each long-range quantifiable goal in the Strategy will be achieved. The Budget and Performance Summary included for each goal a list of relevant National Drug Control Program agencies; their programs, activities, and assets; and the role of each of those in achieving the Strategy’s goals.
However, as part of our efforts to review key programs that support the Strategy’s prevention goals, we found that the 2020 National Drug Control Assessment, a companion document to the Strategy, did not include complete information on performance measures for a number of programs related to the prevention goal. For example, ONDCP did not report on any performance measures or document how its $100 million Drug-Free Communities Support program contributes to achieving specific goals in the Strategy, and some programs at HHS’s SAMHSA did not include adequate metrics to link the programs’ activities to the prevention goal. We also found that the approximately $10 million grants to states component of Education’s School Climate Transformation Grant program could more fully provide performance information related to the Strategy’s prevention education goal. Without including performance information for these programs, the Strategy and other companion documents are not comprehensive.
To fully ensure that Congress and the public understand how investment in the program contributes to the Strategy, we recommended in November 2020 that these three agencies clarify how the programs help to achieve specific goals of the Strategy. ONDCP and HHS agreed with our recommendations and plan to clarify how their performance metrics link the programs to the Strategy, and Education partially agreed and plans to explore collecting and reporting related performance data. We will continue to monitor the agencies’ efforts and report on progress over time.
Monitoring. Our past work has identified gaps in the availability and reliability of data for measuring the federal government’s progress to address drug misuse.
For example, ONDCP and other federal, state, and local government officials have identified challenges with the timeliness, accuracy, and accessibility of data from law enforcement and public health sources related to both fatal and non-fatal overdose cases. In March 2018, we recommended that ONDCP lead a review on ways to improve overdose data. ONDCP did not indicate whether it agreed with our recommendation.
While ONDCP has made efforts to support and improve existing data sources, ONDCP has not led a review to identify ways to improve the timeliness, accuracy, and accessibility of fatal and non-fatal overdose data.
ONDCP is responsible for evaluating the effectiveness of national drug control policy efforts across the government. But, in March 2020 we reported that ONDCP has not fully developed performance evaluation plans to measure progress against each of the Strategy’s long-range goals, as required by law.
These performance evaluation plans must include, for each long-range goal, for each National Drug Control Program agency, (1) specific performance measures, (2) annual and—to the extent practicable—quarterly objectives and targets for each measure, and (3) an estimate of federal funding and other resources necessary to achieve each performance objective and target.
Without effective long-term plans that clearly articulate goals and objectives and specific measures to track performance, federal agencies cannot fully assess whether taxpayer dollars are invested in ways that will achieve desired outcomes such as reducing access to illicit drugs and expanding treatment for substance use disorders.
We have also made recommendations since fiscal year 2015 to federal agencies to establish outcome-oriented performance measures for drug control programs. Implementing outcome measures can help agencies in assessing the status of program operations, identifying areas that need improvement, and ensuring accountability for end results.
Some agencies have taken action to address our recommendations. For example, as of March 2020, HHS had implemented our recommendation to establish performance measures with targets to expand access to medication-assisted treatment (MAT) for opioid use disorders. HHS has established such performance measures with targets to increase prescriptions for MAT medications and treatment capacity, as measured by the number of providers authorized to treat patients using MAT. Monitoring progress against these targets will help HHS determine whether its efforts to expand treatment are successful or whether new approaches are needed.
Demonstrated progress. Data through 2019 highlight the need to sustain drug misuse prevention, response, and recovery efforts. Rates of drug misuse increased from 2002 through 2019, and the rates of drug overdose deaths have also generally increased nationally from the early 2000s through 2019. Although the rate of drug overdose deaths in 2018 decreased compared to 2017, this improvement was reversed in 2019—specifically, the overdose death rate increased from 2018 to 2019 (from 20.7 to 21.6 deaths per 100,000 population), with the rate in 2019 being similar to the peak in 2017 (21.7 deaths per 100,000 population).
Many agencies responsible for addressing drug misuse are currently engaged in COVID-19 response and relief efforts and the attendant public health and economic effects that could fuel contributing factors of drug misuse, such as unemployment. In December 2020, the Centers for Disease Control and Prevention (CDC) reported—based on its analysis of National Center for Health Statistics provisional data—the largest recorded increase of drug overdose deaths during the 12-month period ending in May 2020. In particular, CDC reported a concerning acceleration of the increase in drug overdose deaths from March 2020 to May 2020, coinciding with the implementation of widespread mitigation measures for the COVID-19 pandemic.
What Remains to Be Done
Maintaining sustained attention on preventing, responding to, and recovering from drug misuse will be challenging in the coming months as many of the federal agencies responsible for addressing drug misuse are currently focused on addressing the COVID-19 pandemic. This makes developing and implementing a coordinated, strategic approach even more important as agencies’ resources are also being diverted, in part, to pandemic priorities.
- Furthermore, implementing the more than 65 of our recommendations since fiscal year 2015 related to preventing, responding to, and recovering from drug misuse could serve to help agencies continue to address these challenges. Our findings and recommendations identify opportunities to strengthen the federal government’s efforts to address this persistent and increasing problem. For example:
- ONDCP should ensure future iterations of the National Drug Control Strategy include all statutorily required elements. Examples of statutorily required elements include a 5-year projection for the National Drug Control Program and budget priorities; a description of how each of the Strategy’s long-range goals will be achieved, including estimates of needed federal resources; and performance evaluation plans for these goals, among other requirements;
- ONDCP should ensure effective, sustained implementation of the 2020 Strategy and future Strategy iterations; and
- HHS, Education, and ONDCP should clarify how grants that can include drug prevention education programs support related goals of the National Drug Control Strategy.
Related GAO Products
Substance Use Disorder: Reliable Data Needed for Substance Abuse Prevention and Treatment Block Grant Program. GAO‑21‑58. Washington, D.C.: December 14, 2020.
Drug Misuse: Agencies Have Not Fully Identified How Grants That Can Support Drug Prevention Education Programs Contribute to National Goals. GAO‑21‑96. Washington, D.C.: November 18, 2020.
Prescription Drug Monitoring Programs: Views on Usefulness and Challenges of Programs. GAO‑21‑22. Washington, D.C.: October 1, 2020.
Bureau of Prisons: Improved Planning Would Help BOP Evaluate and Manage Its Portfolio of Drug Education and Treatment Programs. GAO‑20‑423. Washington, D.C.: May 26, 2020.
Workforce Innovation and Opportunity Act: Additional DOL Actions Needed to Help States and Employers Address Substance Use Disorder. GAO‑20‑337. Washington, D.C.: May 21, 2020.
Drug Misuse: Sustained National Efforts Are Necessary for Prevention, Response, and Recovery. GAO‑20‑474. Washington, D.C.: March 26, 2020.
Drug Control: Actions Needed to Ensure Usefulness of Data on Suspicious Opioid Orders. GAO‑20‑118. Washington, D.C.: January 29, 2020.
Opioid Use Disorder: Barriers to Medicaid Beneficiaries' Access to Treatment Medications. GAO‑20‑233. Washington, D.C.: January 24, 2020.
Drug Control: The Office of National Drug Control Policy Should Develop Key Planning Elements to Meet Statutory Requirements. GAO‑20‑124. Washington, D.C.: December 18, 2019.
Veterans Health Care: Services for Substance Use Disorders, and Efforts to Address Access Issues in Rural Area. GAO‑20‑35. Washington, D.C.: December 2, 2019.
VA Acquisition Management
Bookmark:The Department of Veterans Affairs has established a governance structure for improving its acquisition function, but several long-standing issues remain that, if addressed, would increase its efficiency and effectiveness, including delayed supply chain modernization initiatives.
| Why Area Is High Risk VA has among the highest obligations and number of contract actions in the federal government. In fiscal year 2021, VA is set to receive the largest discretionary budget in its history—$105 billion—to meet its mission to provide health care and other benefits to millions of veterans. VA used almost one-third of its discretionary budget, or $27 billion, in fiscal year 2019 to contract for products and services, including medical supplies. As of July 2020, VA had also received an additional $19.6 billion to address the COVID-19 pandemic. Given this significant taxpayer investment, we added VA’s numerous challenges to efficient acquisitions to our High-Risk List in 2019. We identified seven specific areas of concern: (1) outdated acquisition regulations and policies; (2) lack of an effective medical supplies procurement strategy; (3) inadequate acquisition training; (4) contracting officer workload challenges; (5) lack of reliable data systems; (6) limited contract oversight and incomplete contract file documentation; and (7) leadership instability. VA needs to address these areas of concern and other issues to use its resources in the most efficient manner possible to meet the needs of those who served our country. Contact Information For additional information about this high-risk area, contact Shelby S. Oakley at (202) 512-4841 or oakleys@gao.gov. |
Since we added the Department of Veterans Affairs (VA) Acquisition Management as a high-risk area in 2019, VA has partially met the criteria for leadership commitment and capacity but has not made significant progress on the action plan, monitoring, and demonstrated progress criteria.
Leadership commitment: partially met. The Secretary of Veterans Affairs and VA acquisition leaders have taken steps to demonstrate their commitment to addressing the department’s high-risk designation. The Secretary appointed a Chief Acquisition Officer in August 2018, as we had recommended in November 2017.
VA also established a governance structure and an Executive Steering Committee, which VA senior acquisition officials noted has a top priority to focus on the high-risk areas of concern. The Veterans Health Administration (VHA) leadership also has goals to modernize key systems, but each has experienced implementation delays. VA leaders need to collaborate on an overall strategy for VA acquisition management and set realistic goals and execute steps to achieve them.
Capacity: partially met. VA has begun several enterprise-wide acquisition initiatives, but VA officials are still working to build the agency’s capacity to foster an effective and strategic acquisition approach. VA made good progress in expediting its Veterans Affairs Acquisition Regulation (VAAR) revisions. As of December 2020, VA reports that, of the total 41 planned VAAR revisions, 31 have been issued as draft or final rules. VA also created an acquisition knowledge portal and deployed it to all contracting officers. VA told us that the completed VAAR update will be uploaded into this portal.
In addition, VA’s draft high-risk action plan has goals to address the acquisition training gaps and VA has made some progress. Specifically, VA implemented two of the recommendations from our 2018 report on the Veterans First program. Namely, VA provided training for the more challenging components of the Veterans First Policy implementation and made Veterans First policy training mandatory.
However, in January 2020, we reported that VA’s Federal Supply Schedule (FSS) lacked comprehensive contracting staff training and recommended that VA develop a FSS-specific training program. In August 2020, VA stated that it was taking steps to improve the coverage and comprehensiveness of training for its FSS contracting staff. Because it will take some time to administer this training, we will review the content of this training in early 2021 to assess whether it addresses our recommendation.
As we reported when adding VA Acquisition Management to our High-Risk List in 2019, consistent leadership is necessary to execute and monitor the implementation of key programs. This is essential to ensure that major programs like Medical-Surgical Prime Vendor (MSPV) 2.0 and VA’s FSS—two of VA’s main programs for obtaining medical supplies and services—have the direction, resources, and support needed to execute their missions.
However, we reported in January 2020 that past leadership vacancies in VA’s FSS program led to delays in key policy decisions. Namely, the FSS program director position was vacant for more than 2 years and a key program chief position was also vacant for about 19 months. In November 2017, we also reported repeated vacancies in the MSPV program director position while VA implemented a major change to the way medical centers obtained supplies.
We recommended that VA prioritize hiring a permanent MSPV program director. Although VHA filled this position May 2018 and we closed the recommendation, the position was again vacant in June 2019. As of December 2020, an acting director currently serves in this position.
VHA has also experienced significant delays in its plans to implement procedures and systems to modernize its medical supply chain. As we reported in September 2020:
- VA delayed implementation of MSPV 2.0, originally planned for April 2020, and based on our assessment, VA’s plans will not fully remedy several existing challenges. For example, VA’s formulary—a list of medical and surgical items through MSPV—is managed manually through a series of spreadsheets. This manual process is vulnerable to administrative errors, such as inadvertent omission of supply items or incorrect prices, and will not be addressed by MSPV 2.0.
- VA has a program underway to implement a more modern inventory management system, among other things, through the use of the Department of Defense’s Defense Medical Logistics Standard Support system. However, VA delayed its rollout at initial locations by at least 1 year due to systems integration challenges. According to a senior VA acquisition official, nationwide implementation will occur in 2025 at the earliest. Until then, VA’s inventory system will continue to be a manual, outdated process that leads to inefficiencies.
- VA is expanding a pilot effort to use the Defense Logistics Agency’s (DLA) MSPV program to provide medical and surgical supplies to VA medical centers and eventually replace MSPV 2.0. However, this pilot also faced delays of almost a year. Also, VA lacks a comprehensive methodology to measure pilot success prior to enterprise-wide expansion. In September 2020, we recommended that VA develop a plan to measure the success and scalability of its DLA MSPV pilot and VA agreed.
Action plan: not met. Senior VA acquisition officials told us they are finalizing a high-risk action plan that describes how VA will take corrective actions in the near term. As of December 2020, VA stated that it expects to complete its high-risk action plan by March 2021.
In response to our September 2018 recommendation, VA drafted a fraud risk assessment for the Veterans First Program and, when finalized, plans to post risk assessment tools to its acquisition knowledge portal.
In November 2017, we recommended that VA should, among other things, develop, document, and communicate to stakeholders an overarching strategy for the MSPV program. VA agreed with this recommendation and had planned to implement a new MSPV 2.0 program by April 2020. However, according to a VA senior acquisition official, VA delayed this program and expects implementation in June 2021.
Under MSPV 2.0, clinicians will review requirements for a set list of products, but full implementation of more robust clinician involvement will not occur until after MSPV 2.0 begins. In September 2020, we also recommended that VA seek input from stakeholders within the agency—such as medical center staff—to help inform any needed improvements.
Finally, VA’s Strategic Plan for Fiscal Years 2018-2024 calls for coordination of related efforts to achieve cross-organizational unity of purpose. In January 2020, we recommended that VA take steps to assess duplication between VA’s FSS and MSPV programs to determine if this duplication is necessary or if efficiencies can be gained. This is a priority recommendation.
VA officials stated they are assessing this duplication as part of a broader category management effort. As we reported in November 2020, category management is a federal government-wide initiative to reduce contracting duplication and gain efficiencies, among other things. According to a senior VA acquisition official, VA provided its category management plan, which includes a medical category, to the Office of Management and Budget in October 2020, and VA is taking steps to implement this plan.
Monitoring: not met. Many of VA’s actions to improve acquisition management remain incomplete, thus we cannot substantiate their effectiveness. For example, VA has not demonstrated how it will institute a program to monitor and independently validate the effectiveness and sustainability of its fraud risk assessment. In addition, as we reported in September 2020, VA has an antiquated supply chain inventory system; this restricts effective monitoring and strategic decision-making.
We also found issues with VA’s monitoring of data for the FSS and MSPV programs. In January 2020, we reported that VA does not analyze existing data on the number of veteran-owned small businesses that hold FSS contracts, the types of goods and services they offer, or which schedules have the most or least participation by these businesses.
VHA contracting officers need this information because they must restrict competition to veteran-owned small businesses if (1) the contracting officer reasonably expects that at least two such businesses will submit offers, and (2) the award can be made at a fair and reasonable price that offers best value to the United States, known as the Veterans First preference. We recommended that VA assess data on the participation of and items and services offered by veteran-owned small businesses in the FSS program. VA concurred with our recommendation.
In September 2020, we reported that, for its MSPV program, VA has not defined how it will use prime vendor performance data to conduct program oversight. Without processes to use order completion data to assess prime vendor contract performance, the MSPV program office will be unable to use this information to ensure prime vendors meet the MSPV 2.0 contract terms and to inform actions needed, if any, to improve prime vendor performance.
We recommended that VA develop processes to routinely use transaction-level data to validate prime vendor performance on key program metrics, such as order completion rate, and identify how this information will be used to oversee the prime vendors. VA concurred with this recommendation.
Demonstrated progress: not met. Our work continues to indicate that VA has yet to demonstrate progress for acquisition management. For example, significant delays in VA’s implementation of critical supply chain modernization initiatives, among other things, will continue to strain VA’s acquisition resources and efficiency.
Completion of these initiatives is especially important as VA continues to respond to the Coronavirus Disease 2019 (COVID-19) pandemic. As noted in our June and September 2020 testimonies, VA faces several long-standing medical supply chain challenges, further exacerbated by the demands of the COVID-19 pandemic, causing VA to rely on other supply sources and agencies to get needed supplies to its medical centers.
This situation put stress on an already overburdened acquisition and logistics workforce to address supply chain shortfalls while working within VA’s antiquated inventory system. This resulted in inefficient use of VA’s acquisition funding and staffing resources.
While VA’s supply chain modernization efforts should address some of the issues that led to this High-Risk designation, these efforts are significantly delayed and will take many years to put in place so that VA can provide the most efficient and effective service to our nations veterans.
What Remains to Be Done
Since 2015, we have made 48 recommendations to improve VA acquisition management. As of December 2020, VA has implemented 22 of these recommendations; 26 of them remain open, including those listed below.
VA should take action in the following areas to increase resource efficiency and demonstrate progress:
- complete the revision of its acquisition regulations, which has been in process since 2011, and post to VA’s acquisition knowledge portal;
- implement supply chain modernization initiatives;
- for the DLA MSPV pilot, (1) develop a plan for assessing implementation outcomes at initial VA medical centers; (2) seek input from stakeholders; and (3) provide written guidance to VA logistics officials at VA medical centers on how to prioritize veteran-owned small businesses when purchases are made through this program to achieve VA’s Veterans First goals; and
- assess FSS and MSPV program overlap to determine if this duplication is necessary or if efficiencies can be gained.
Additionally, VA should finalize its High-Risk action plan to identify the root causes of inefficiencies in its acquisition system. Legislation enacted in January 2021 requires VA to submit to congressional committees a plan addressing two of the VA high-risk areas identified in our 2019 High-Risk report—acquisition management and health care—and provide annual updates on its progress in these areas.
Related GAO Products
Federal Buying Power: OMB Can Further Advance Category Management Initiative by Focusing on Requirements, Data, and Training. GAO‑21‑40. Washington, D.C.: November 30, 2020.
VA Acquisition Management: Actions Needed to Improve Management of Medical-Surgical Prime Vendor Program and Inform Future Decisions. GAO‑20‑487. Washington, D.C.: September 30, 2020.
VA Acquisition Management: COVID-19 Response Strains Supply Chain While Modernization Delays Continue. GAO‑20‑716T. Washington, D.C.: September 16, 2020.
VA Acquisition Management: Supply Chain Management and COVID-19 Response. GAO‑20‑638T. Washington, D.C.: June 9, 2020.
Priority Open Recommendations: Department of Veterans Affairs. GAO‑20‑537PR. Washington, D.C.: April 20, 2020.
VA Acquisition Management: Steps Needed to Ensure Healthcare Federal Supply Schedules Remain Useful. GAO‑20‑132. Washington, D.C.: January 9, 2020.
Veterans Affairs: Sustained Leadership Needed to Address High-Risk Issues. GAO‑19‑571T. Washington, D.C.: May 22, 2019.
VA Management Challenges: Actions Needed to Improve Management and Oversight of VA Operations. GAO‑19‑422R. Washington, D.C.: April 10, 2019.
DOE’s Contract and Project Management for the National Nuclear Security Administration and Office of Environmental Management
Bookmark:The National Nuclear Security Administration and the Office of Environmental Management need to improve oversight of contractors and incorporate program and project management best practices.
| Why Area Is High Risk The Department of Energy (DOE) oversees a broad range of programs related to nuclear security and waste cleanup, among other areas. DOE is the largest civilian contracting agency in the federal government. DOE relies primarily on contractors to carry out its programs and projects, spending about 80 percent of its annual budget on contracts. In fiscal year 2020, DOE’s budget was about $38.5 billion. In 1990, we designated DOE’s contract management—including contract administration and project and program management—as a high-risk area. We took this action because DOE’s record of inadequate management and oversight of contractors left the department vulnerable to fraud, waste, abuse, and mismanagement. This high-risk area includes programs (functions or activities that typically involve broad objectives) and projects (temporary efforts with defined scopes). In January 2009, recognizing the progress DOE’s Office of Science made, we narrowed the focus of DOE’s high-risk designation to two DOE program elements—NNSA and EM. In February 2013, we further narrowed the focus to NNSA’s and EM’s contracts and major projects—those with an estimated cost of $750 million or greater—to acknowledge progress NNSA and EM have made in managing nonmajor projects. Contact Information For additional information about this high-risk area, contact Allison Bawden at (202) 512-3841 or bawdena@gao.gov or Nathan Anderson at (202) 512-3841 or andersonn@gao.gov. |
This year we are rating the National Nuclear Security Administration (NNSA) and the Office of Environmental Management (EM) separately to recognize the differences in the actions the offices have taken to address the high-risk area.
We have now revised the overall rating for the leadership commitment criterion from met in 2019 to partially met to reflect the differences between NNSA’s and EM’s performance against this criterion described when rating the offices separately for the first time. Since 2019, the rating for the capacity criterion progressed from not met to partially met because both NNSA and EM have taken actions to improve their capacities for managing their contracts and projects. The three other criteria remain unchanged.
Contract and Project Management for the National Nuclear Security Administration
Since 2019, NNSA has improved its capacity to manage contracts and projects.
Leadership commitment: met. NNSA has continued to show leadership commitment to improving contract and project management. For example, in 2019, NNSA moved oversight of capital asset construction projects into the Office of Acquisition and Project Management earlier in the project life cycle, reflecting a focus on project management in early-stage planning.
NNSA also established program manager or coordinator positions for certain activities and projects, as we found in our June 2019 report on high explosives activities and our October 2020 report on depleted uranium activities. However, in June 2020, we recommended incorporating additional management controls for microelectronics activities, such as investing the coordinator with increased responsibility and authority. NNSA planned to complete a strategic management plan to more clearly articulate the integration of management controls for the various components of its microelectronics activities in fiscal year 2021.
Capacity: partially met. NNSA has taken some steps to improve its capacity to oversee and manage its contracts, projects, and programs and has progressed from not met to partially met. In September 2019, we found that NNSA relied on support service contractors to perform many administrative and technical support functions even where there is risk of contractors performing inherently governmental functions. In 2019, NNSA requested and received an increase to the statutory cap on its number of federal positions to address critical unmet staffing needs. As of December 2020, NNSA had not yet filled the 200 new positions.
Additionally, NNSA determines the number of staff needed to oversee capital asset construction projects. However, NNSA does not have a process to determine the number of acquisition professionals it needs to award and oversee contracts. An April 2020 NNSA internal review found that NNSA had inadequately resourced program offices to oversee two activities and recommended that NNSA strengthen its oversight of the work by management and operating (M&O) contractors.
Action plan: partially met. NNSA has taken some actions to develop an action plan to address contract, project, and program management issues. For example, the committee reports accompanying the House Energy and Water Development appropriations bills for fiscal years 2019 and 2021 directed DOE to report on actions it planned to take to improve contract and project management. DOE issued a report in July 2020. However, the report focused on completed—not planned—actions. Further, the report includes limited information about program management or contract management for activities other than capital asset construction projects.
Monitoring: partially met. Since 2019, NNSA has continued to address contract performance that does not meet expectations. For example, in June 2020, NNSA did not exercise an option on an M&O contract due to concerns about the contractor’s performance. Additionally, as we found in April 2019, NNSA included clauses in an M&O contract with more specific requirements to support NNSA’s oversight of the contractor’s performance.
NNSA monitors contractor performance against cost and schedule baselines monthly for its capital asset construction projects and quarterly for certain programs. However, NNSA has not yet developed a full set of program management tools, as required by its program execution guidance, to monitor schedule performance for some program activities, as we found in our October 2020 review of depleted uranium activities.
Similarly, in September 2020 we reported that NNSA had not yet completed a program management tool to manage and monitor an integrated schedule for multiple plutonium projects and their supporting program.
Demonstrated progress: partially met. NNSA improved its collection of financial information across programs, projects, and contractors. In response to our January 2019 recommendation, NNSA implemented a common data collection format that should result in reliable, enterprise-wide financial data that enable NNSA to report total program costs.
NNSA has improved its cost estimates for projects and programs but continues to face challenges with its schedule estimates and analyses of alternatives. For example, in March 2020, we found that NNSA’s new Uranium Processing Facility project was on schedule and within budget.
Additionally, in July 2020, we found that NNSA’s preliminary cost estimate for one of its nuclear weapon modernization programs, the W80-4 Life Extension Program, substantially met the criteria for a high-quality, reliable cost estimate. However, NNSA did not take into account the program’s schedule risk analysis, and established a key date that may unrealistically constrain the program’s schedule and introduce unnecessary risks. We recommended that NNSA address this issue.
In October 2017, DOE changed its order for project management of capital asset construction projects to apply to projects with total costs of more than $50 million. The order had previously applied to projects of more than $20 million. In June 2019, NNSA initiated a pilot project designed to streamline the construction of certain capital asset construction projects expected to cost less than $50 million. Projects constructed through the pilot are expected to use commercial construction practices and are exempt from NNSA’s project management order. We have not reviewed these projects to determine whether there are differences in meeting cost and schedule targets and recommend the pilot be completed to determine if this new process is more effective.
What Remains to Be Done
As of December 2020, 57 recommendations related to this high-risk area remain open, 21 of which we made since our last high-risk report in March 2019. These recommendations include:
- ensuring that the integrated schedule in development for pit production meets NNSA standards, consistent with best practices for schedule development;
- improving schedule estimates and analyses of alternatives to better align with best practices; and
- improving management controls to improve the oversight and coordination of programs and activities.
Contract and Project Management for the Office of Environmental Management
Since 2019, EM has taken steps to improve capacity but needs to follow through on its actions related to leadership commitment.
Leadership commitment: partially met. In 2019, we rated DOE as met overall for leadership commitment. However, this year our rating reflects a separate assessment of NNSA’s and EM’s performance. EM’s leadership has taken notable actions to demonstrate commitment to improving its contract and project management.
For example, in 2020, EM completed demolition activities at the East Tennessee Technology Park and continues implementation of a new contracting initiative called End State Contracting. In addition, EM recently developed and issued program-wide initiatives intended to improve contract and project management, such as a project management protocol for demolition projects in July 2020 and a general cleanup protocol in November 2020.
However, because these actions were taken over the last few months and are still being implemented, it is too early to evaluate the extent to which these actions address long-standing contract and project management challenges. In addition, the total costs of current and future cleanup activities have increased in recent years at a level far greater than the annual funding available to address them. These future costs now total $406 billion, as of fiscal year 2020, and result in part from persistent project and contract management challenges.
Moreover, EM has lacked continuity in prior initiatives designed to address project and contract management challenges that were ultimately short lived and replaced by different leadership priorities. For example, in June 2017, EM initiated a 45-day review to identify decision-making priorities at each site, but this study was never finalized.
In recent years, we have continued to highlight these significant problems and growing costs and have made several recommendations to DOE to help ensure that (1) EM projects adhere to best practices, and (2) EM applies additional contract management controls. Nonetheless, several key recommendations remain unimplemented.
In addition, frequent turnover in EM leadership over the last decade has hampered EM’s ability to sustain focus on addressing the root causes of these challenges. EM has had six different leaders in the last 5 years—each with different priorities. By applying consistent leadership commitment to recently established contract and project management frameworks, EM will be in a better position to address long-standing contract and project management challenges. Making progress in addressing the root causes of EM’s unsustainable growth in cleanup costs will require enhanced and sustained leadership commitment not only in EM but in the highest levels of the department.
Capacity: partially met. EM has taken some steps to address gaps in its ability to effectively manage contracts and projects and has progressed from not met to partially met on this criterion. For example, EM launched its Acquisition Corps initiative in July 2020 to hire and train additional staff to evaluate bids for EM contract awards. However, as we found in November 2020, EM has significant staffing shortages at its site office responsible for the Waste Isolation Pilot Plant in New Mexico. The shortages may impede EM’s ability to manage contractors executing two capital asset projects needed for the plant to reach full operational status and remain on schedule for constructing additional disposal space.
Action plan: partially met. In 2018, EM initiated a new contracting model—called end-state contracting—that DOE expects will help increase accountability for contractors to improve cost and schedule performance. Also, in fall of 2019, EM contracted with the National Academies of Sciences to evaluate EM’s project management efforts and plans to release a final report in mid-2021. It is too early for us to evaluate the effectiveness of actions, such as implementing the new contracting model, as it has been in place for a short time and has only been applied to a small number of contracts. Further, as discussed above, DOE’s report on improving contract and project management focuses on completed, rather than future, actions.
Furthermore, EM’s efforts to address the root causes of its long-standing contract and project management challenges contain gaps. For example, as we found in December 2020, EM does not have a long-term plan—a leading practice—for its efforts to retrieve nuclear waste from underground tanks at the Hanford Site. This may impede EM’s ability to prepare for technical challenges.
Monitoring: partially met. EM has instituted annual program reviews and begun examining the consistency of expectations in its contracts. However, EM continues to face challenges monitoring the effectiveness of its actions to address contract and project management challenges. For example, we found in February 2019 that DOE does not accurately track or report whether cleanup milestones are met, missed, or postponed, and sites continually renegotiate milestones they are at risk of missing.
DOE has also not ensured that contractors audit subcontractors’ costs, as required. Specifically, as we and the DOE Office of the Inspector General found in March and November 2019, respectively, DOE did not ensure the contractor for the Waste Treatment and Immobilization Plant at Hanford completed required audits, increasing the risk of the contractor passing unallowable costs to DOE that it may be unable to recover.
Demonstrated progress: partially met. EM has made progress at some sites and is at or near completion for several important projects. For example, in August 2020, EM completed construction of the Salt Waste Processing Facility at the Savannah River Site. In October 2020, DOE also completed demolition work at the East Tennessee Technology Park. Further, as we found in January 2021, DOE has made progress in its first phase of decommissioning cleanup at the West Valley Site in New York State.
However, DOE continues to face significant cost and schedule challenges. For example, EM has not consistently developed reliable cost and schedule estimates for its cleanup efforts, including at the Idaho Site, the three gaseous diffusion plants, and the Waste Isolation Pilot Plant in New Mexico. At West Valley, DOE is late in making a final decommissioning decision, and as a result, cannot estimate the scope and cost of the remaining cleanup work.
DOE also continues to face challenges constructing its Waste Treatment and Immobilization Plant at the Hanford Site. Specifically, EM and its contractor consider technical challenges associated with the pretreatment facility to be conceptually resolved; however, EM has not yet designed, engineered, or tested the solutions.
What Remains to Be Done
As of December 2020, 45 of our recommendations related to this high-risk area remain open, 19 of which we made since our last high-risk report in March 2019. These recommendations include
- incorporating project management leading practices for operations activities;
- taking steps to ensure cost and schedule estimates meet best practices; and
- identifying and fully analyzing additional flexibilities that could be used to address the staffing vacancies at DOE’s site office responsible for the Waste Isolation Pilot Plant.
Related GAO Products
Hanford Cleanup: DOE’s Efforts to Close Tank Farms Would Benefit from Clearer Legal Authorities and Communication. GAO‑21‑73. Washington, D.C.: January 7, 2021.
Nuclear Waste Disposal: Better Planning Needed to Avoid Potential Disruptions at Waste Isolation Pilot Plant. GAO‑21‑48. Washington, D.C.: November 19, 2020.
Nuclear Weapons: NNSA Plans to Modernize Critical Depleted Uranium Capabilities and Improve Program Management. GAO‑21‑16. Washington, D.C.: October 15, 2020.
Nuclear Weapons: NNSA Should Further Develop Cost, Schedule, and Risk Information for the W87-1 Warhead Program. GAO‑20‑703. Washington, D.C.: September 9, 2020.
Nuclear Weapons: Action Needed to Address the W80-4 Warhead Program's Schedule Constraints. GAO‑20‑409. Washington, D.C.: July 24, 2020.
Hanford Waste Treatment Plant: DOE Is Pursuing Pretreatment Alternatives, but Its Strategy Is Unclear While Costs Continue to Rise. GAO‑20‑363. Washington, D.C.: May 12, 2020.
Modernizing the Nuclear Security Enterprise: Uranium Processing Facility Is on Schedule and Budget, and NNSA Identified Additional Uranium Program Costs. GAO‑20‑293. Washington, D.C.: March 11, 2020.
Nuclear Cleanup: Actions Needed to Improve Cleanup Efforts at DOE's Three Former Gaseous Diffusion Plants. GAO‑20‑63. Washington, D.C.: December 17, 2019.
Support Service Contracts: NNSA Could Better Manage Potential Risks of Contractors Performing Inherently Governmental Functions. GAO‑19‑608. Washington, D.C.: September 26, 2019.
Department of Energy Contracting: Actions Needed to Strengthen Subcontract Oversight. GAO‑19‑107. Washington, D.C.: March 12, 2019.
NASA Acquisition Management
Bookmark:The National Aeronautics and Space Administration needs to continue implementing its Corrective Action Plan with a focus on improving visibility into human spaceflight long-term costs and building capacity to reduce acquisition risk.
| Why Area Is High Risk NASA plans to invest billions of dollars in the coming years to explore space and conduct aeronautics research, among other things. We designated NASA’s acquisition management as high risk in 1990 in view of NASA’s history of persistent cost growth and schedule delays in the majority of its major projects. We have identified management weaknesses that have exacerbated the inherent technical and engineering risks faced by NASA’s largest projects. Over the past several years, we found that NASA had taken steps to improve its management of its major projects—those projects and programs with an estimated life-cycle cost higher than $250 million. However, NASA has struggled with major project cost and schedule performance. We reported in April 2020 that the cost growth had deteriorated for the third consecutive year while the average schedule delay decreased from 13 to 12 months. Contact Information For additional information about this high-risk area, contact William Russell at (202) 512-4841 or russellw@gao.gov. |
Since our 2019 High-Risk Report, the National Aeronautics and Space Administration (NASA) has taken actions to meet two criteria—leadership commitment and monitoring—in addition to already meeting the criterion for an action plan. The other two criteria—capacity and demonstrated progress—remain partially met.
Leadership commitment: met. NASA has demonstrated leadership commitment by taking steps to improve transparency and monitoring of major project cost and schedules. For example:
- NASA established new requirements for projects higher than $1 billion to conduct a joint cost and schedule confidence level (JCL) assessment at additional reviews throughout a project’s life cycle. These requirements will help ensure that NASA’s most expensive projects update their cost and schedule estimates as risks change.
- Since December 2018, the agency has increased the use of earned value management data. These data measure the value of work accomplished in a given period and compare it with the planned value of work scheduled for that period and the actual cost of work accomplished. In June 2019, NASA senior leadership began having projects submit data to a central repository and requiring earned value management metrics to be reported at an agency-level performance review. Subsequently, NASA officials said that having leadership discuss the data at these reviews has become a helpful tool for project performance.
- NASA committed to establishing cost and schedule baselines for additional capabilities of the Space Launch System (SLS), Orion Multi-Purpose Crew Vehicle (Orion), and Exploration Ground Systems (EGS) that will help to improve visibility into long-term costs of human space exploration programs. This commitment is in response to recommendations related to understanding the long-term costs of NASA’s human exploration programs we made in May and July 2014. In addition, in response to a recommendation in our December 2019 report on NASA’s lunar programs, NASA agreed to prepare a cost estimate for the Artemis III mission—the 2024 lunar landing. NASA needs to complete these efforts in a timely manner or risks rendering them useless. We will follow up on these estimates in future work.
Capacity: partially met. NASA continues to take steps to build capacity to reduce acquisition risk. For example, NASA has made progress embracing tools to support better cost and scheduling practices and, in August 2020, released a new guide with best practices for technology assessments.
In May 2019, we found some subjectivity in the processes NASA uses to identify and assess critical technologies—those that are required for the project to successfully meet customer requirements—which could understate the development risk.
NASA has also identified areas to continue to develop more robust staffing or additional training opportunities. For example:
- The agency’s scheduling workforce continues to be strained. According to Office of the Chief Financial Officer, the skill set required by schedule analysts is in high demand across the government and is a difficult area to recruit and retain talent, especially when competing with the private sector.
- NASA has experienced some challenges completing curriculum development—including for JCL implementation and independent assessments—for its programmatic workforce. This is because it is a duty assigned in addition to regular duties for those working on the effort. NASA initiated these new training courses in response to a NASA-conducted study of its workforce, which found an inadequate number of analysts with proficient skills and limited resources.
NASA’s people and resources will continue to be strained as it works towards an aggressive goal of returning astronauts to the lunar surface by 2024—with the Artemis III mission—while also supporting its increasing portfolio of other nonlunar major projects.
In December 2019, we found that opportunities exist to strengthen analyses and plans for the lunar landing, which include devoting resources to developing a life-cycle cost estimate for the mission. Further, the complexity of the efforts required for this mission provides additional cost and schedule risk that NASA will have to actively manage to ensure that its portfolio of major projects remains affordable.
Action plan: met. In August 2020, NASA completed an update of its December 2018 Corrective Action Plan. The 2018 plan included nine initiatives to strengthen the agency’s project management efforts and improve transparency of external reporting. As part of the 2020 update, NASA reported completing six of nine initiatives, including an initiative to improve transparency of project cost and schedule reporting by comparing current cost and schedule estimates against original baselines. In addition, the 2020 update added four new initiatives, including one to create a schedule repository to improve access to historical and analogous project schedules for planning purposes. This initiative would also allow for the continuous improvement of schedule management guidance and best practices.
Monitoring: met. NASA has instituted a process for monitoring progress and validating the effectiveness of its corrective action plan. This process includes briefing senior leaders on the progress made on action plan initiatives, establishing a working group to evaluate potential new initiatives, and getting approval from senior leaders on action plan updates.
In addition, NASA has updated its semiannual High-Risk Metrics Report. The update includes revised metrics such as reporting project cost and schedule performance against original baselines, progress made against the corrective action plan initiatives, and other metrics for program technical performance, such as mass and power margins.
Demonstrated progress: partially met. NASA’s progress across its portfolio of major projects has been mixed.
The agency has made several notable recent achievements. Of significance, SpaceX, a NASA commercial partner, successfully completed a crewed demonstration of its transportation system including launch, in-orbit, docking, and landing operations in May 2020. This demonstration was a critical step in achieving certification for regular crewed flights to the International Space Station as part of NASA’s Commercial Crew Program. It marked the first time that American astronauts traveled to the station from American soil on a commercially built and operated spacecraft.
Additionally, in July 2020, NASA successfully launched its Mars 2020 mission—part of the Mars Exploration program—which seeks to determine if Mars is, was, or can be a habitable planet.
However, setbacks continued for NASA’s largest programs. We reported in our April 2020 assessment of NASA’s portfolio of major projects that cost growth was approximately 31 percent higher than project baselines—the third consecutive year that cost growth has increased after a period of declining costs. The average launch delay decreased to 12 months, compared to 13 months in the previous year.
Additionally, 10 of 18 projects included in our analysis remained within or below cost commitments, and 12 of 18 remained within schedule commitments.
In June 2020, the NASA Administrator approved another delay for the uncrewed test flight of SLS, Orion, and EGS—known as Artemis I—due to its integration and testing schedule, among other factors. As a result of this most recent delay, NASA has postponed the Artemis I mission 36 months past the original November 2018 baseline launch date.
Accompanying these delays is an estimate that the SLS and EGS programs combined will exceed original development cost estimates by more than $3 billion. NASA has successfully completed some key test events to evaluate these programs’ readiness to support the first uncrewed test flight, but complex integration and testing remain.
Additionally, in our December 2019 report on NASA’s lunar programs, we found that the agency has made decisions related to requirements for individual programs but is behind in taking these steps for the lunar mission as a whole.
As a result, NASA risks the discovery of integration challenges and needed changes late in the development process because it established some requirements for individual lunar programs before finalizing requirements for the overall lunar mission. NASA plans to hold reviews to ensure that requirements align across programs, but had not yet defined these reviews or determined when they would occur.
We also found in our December 2019 report that NASA is ill positioned to effectively communicate its decisions to stakeholders and facilitate a better understanding of its plans because it did not fully assess a range of alternatives to its lunar plans.
Finally, in July 2020, NASA revised its launch readiness date for the James Webb Space Telescope project to October 2021, a 7-month delay from its prior estimate established in June 2018. The latest delay was primarily driven by environmental and deployment test schedule risks and the impact of the Coronavirus Disease 2019 pandemic.
Program officials stated that existing cost reserves would be sufficient to support the later launch date within the program’s $9.7 billion cost commitment. The project’s ability to execute its revised schedule and maintain its cost commitment will continue to be challenged through the remainder of its integration and test phase, which includes a series of environmental tests and deployment events.
In April 2020, we found that additional cost and schedule growth is likely for the portfolio of major projects. We found that new and complex projects are entering the portfolio and several of the most expensive major projects are in the integration and test phase—the phase when challenges are most likely to be found and schedules can slip.
What Remains to Be Done
Since we initially designated this area as high risk, we have made numerous recommendations. As of December 2020, a total of 21 recommendations related to this high-risk area remain open. We made 15 recommendations since the last high-risk update in March 2019, 11 of which remain open.
NASA should take action in the following areas to reduce acquisition risk to its portfolio of major projects and demonstrate progress.
- Establish cost and schedule baselines for additional human spaceflight capabilities in a timely manner to ensure the baselines are a useful programmatic tool and to demonstrate a commitment to improving transparency into long-term human spaceflight costs.
- Implement our recommendations related to its lunar missions, including developing a life-cycle cost estimate for the Artemis III mission, and defining and determining a schedule to ensure requirements are aligned across programs.
- Build capacity by ensuring that NASA’s workforce has the right skills to develop project cost and schedule estimates that meet best practices.
- Demonstrate sustained improvement in cost and schedule performance for new, large, complex programs entering the portfolio.
Related GAO Products
NASA Human Space Exploration: Significant Investments in Future Capabilities Require Strengthened Management Oversight. GAO‑21‑105. Washington, D.C.: December 15, 2020.
NASA: Assessments of Major Projects. GAO‑20‑405. Washington, D.C.: April 29, 2020.
Priority Open Recommendations: National Aeronautics and Space Administration. GAO‑20‑526PR. Washington, D.C.: April 23, 2020.
NASA Commercial Crew Program: Significant Work Remains to Begin Operational Missions to the Space Station. GAO‑20‑121. Washington, D.C.: January 29, 2020.
James Webb Space Telescope: Technical Challenges Have Caused Schedule Strain and May Increase Costs. GAO‑20‑224. Washington, D.C.: January 28, 2020.
NASA Lunar Programs: Opportunities Exist to Strengthen Analyses and Plans for Moon Landing. GAO‑20‑68. Washington, D.C.: December 19, 2019.
NASA: Actions Needed to Improve the Management of Human Spaceflight Programs. GAO‑19‑716T. Washington, D.C.: September 18, 2019.
NASA Human Space Exploration: Persistent Delays and Cost Growth Reinforce Concerns over Management of Programs. GAO‑19‑377. Washington, D.C.: June 19, 2019.
NASA: Assessments of Major Projects. GAO‑19‑262SP. Washington, D.C.: May 30, 2019.
DOD Contract Management
Bookmark:The Department of Defense has significantly mitigated some key contract management risks, particularly risks involving its acquisition workforce, but it should do more to address risks involving contracted services and operational contract support.
| Why Area Is High Risk DOD obligates hundreds of billions of dollars annually on contracts for goods and services. We added DOD’s Contract Management to our High-Risk List in 1992 and have identified three major areas of challenges: Acquisition Workforce, Service Acquisitions, and Operational Contract Support. DOD reduced the size of its acquisition workforce in the mid-1990s as defense budgets decreased. Amid concerns about skill gaps and a growing reliance on contractors, DOD has been rebuilding its workforce since 2009. A skilled acquisition workforce is vital to maintaining military readiness, increasing DOD’s buying power, and achieving savings. DOD’s long-standing challenges in managing service contracts are evident in its difficulties clearly defining requirements, a fragmented and uncoordinated approach to acquiring services, and limited information on what the department plans to spend on specific types of contracted services in its budget forecasts. DOD has spent billions of dollars on contractors to support military activities it conducts around the world. Since 2010, we have reported that DOD has faced difficulties in identifying capability gaps, developing guidance, and integrating operational contractor support into plans and training. Contact Information For additional information about this high-risk area, contact Timothy J. DiNapoli at (202) 512-4841 or dinapolit@gao.gov. |
Since our 2019 High-Risk Report, our overall assessment of all five criteria remains unchanged for Department of Defense (DOD) Contract Management. DOD continues to demonstrate top leadership support for addressing challenges in its (1) acquisition workforce, (2) service acquisitions, and (3) operational contract support (OCS), which is defined as planning for and obtaining supplies, services, and construction from commercial sources in support of joint operations.
DOD has made significant progress addressing challenges with its acquisition workforce, and has met the four remaining criteria. Consequently, we are removing Acquisition Workforce as a specific element within the DOD Contract Management high-risk area. Work still remains to address criteria for service acquisitions and operational contract support.
Over the years since we added this area to our High-Risk List, we have made numerous recommendations related to this high-risk issue, two of which were made since the last high-risk update in March 2019. As of December 2020, 13 recommendations related to this area were open.
Acquisition Workforce (Segment removed)
Since our 2019 High-Risk Report, DOD has continued to meet the criteria of leadership commitment for its acquisition workforce and now meets the other four criteria. DOD’s progress in addressing the shortfalls in acquisition workforce that it identified more than a decade ago enable us to remove this segment from our High-Risk List.
A skilled acquisition workforce is vital to maintaining military readiness, increasing DOD’s buying power, achieving savings, and meeting emerging challenges and complexities. Therefore, it remains essential that DOD continue its efforts to attract, hire, sustain, and improve the defense acquisition workforce, and we will continue to monitor these efforts.
Leadership commitment: met. DOD continues to demonstrate leadership commitment to its acquisition workforce.
DOD’s Office of Human Capital Initiatives remains the focal point for acquisition workforce issues within DOD and works with the military departments to meet workforce needs. Since 2008, this office, in coordination with the Defense Acquisition University, has managed over $5.2 billion in the Defense Acquisition Workforce Development Fund to help DOD hire, train, and retain a workforce that grew from around 126,000 in fiscal year 2008 to nearly 183,000 in fiscal year 2020.
Currently the office is overseeing implementation of a new initiative announced by the Under Secretary of Defense for Acquisition and Sustainment in September 2020, referred to as “Back-to-Basics for the Defense Acquisition Workforce.”
Through this initiative, DOD plans to modernize its approach for certifying the capabilities of its acquisition workforce and to institute a new talent management framework. An official from the Office of Human Capital Initiatives stated that the office’s future role will be to advocate for the acquisition workforce, while the military departments will continue to be responsible for hiring, training, and equipping their own personnel.
Capacity: met. DOD increased the size of its acquisition workforce beyond its initial 2010 target of 147,000 by fiscal year 2015, to nearly 183,000 as of fiscal year 2020.
The larger workforce has allowed DOD to bolster support for critical functions, such as program management, engineering, and contracting, as well as to increase the percentage of acquisition workforce professionals that are in the early and middle stages of their careers to help prevent a sudden loss of talent when senior members of the workforce retire.
Additionally, DOD continues to take steps to ensure that the acquisition workforce has the requisite skills, tools, and training to perform key tasks. For example, in August 2019, DOD completed initial competency assessments of each of its career fields, and some follow-on assessments also have been completed. In response to defense acquisition workforce requirements in the National Defense Authorization Act for Fiscal Year 2020, DOD has started work on transforming the credentialing process for the acquisition workforce by career field.
An official from the Office of Human Capital Initiatives stated that DOD is also developing plans to implement a Civilian Acquisition Training Corps program at selected universities to help create a pipeline of acquisition professionals. In addition, the military departments have largely implemented the eight recommendations we made in our February 2018 report to improve how they train, mentor, retain, and ultimately select program managers—a critical acquisition career field—based upon practices used by leading organizations.
Action plan: met. DOD followed through on its plans to increase the size of its acquisition workforce and to improve the professionalism of the workforce based on education and training standards it established. The latest strategic plan that DOD issued in October 2016 indicated that DOD planned to
- sustain the acquisition workforce size, factoring in workload demand and requirements;
- ensure that its personnel continue to increase their professionalism; and
- continue to expand talent management programs to include recruitment, hiring, training, development, recognition, and retention incentives by using the Defense Acquisition Workforce Development Fund and other appropriate tools.
Since 2016, DOD has demonstrated that it has been able to sustain these efforts and even increase the size of the workforce.
Monitoring: met. DOD continues to track workforce metrics on a quarterly basis, including the overall size of the workforce, the number of personnel by career field, attrition rates, the level of education attained, and the percent that met training requirements, among others. DOD’s goals for the future, as stated in its September 2020 Back to Basics plan, include achieving streamlined and restructured certification requirements, identifying prioritized credentials, and providing for continuous learning.
Demonstrated progress: met. Since 2010, DOD has significantly rebuilt the acquisition workforce as measured by the number of personnel in acquisition career fields, their experience level, education level, and training certification. Metrics tracked by DOD provide evidence that DOD is more than sustaining the size of the acquisition workforce and continues to demonstrate commitment to improving the quality of the acquisition workforce.
DOD’s progress is commendable. However, it does not mean that DOD has eliminated all risk associated with its acquisition workforce. For example, in our DOD Weapon System high-risk area, we identify specific challenges in recruiting, hiring, training, and sustaining test and evaluation staff for cybersecurity and a lack of expertise in software development that adversely affect DOD’s ability to deliver capabilities to the warfighter.
Service Acquisitions
Ratings for this segment have changed since our 2019 High-Risk Report. DOD has partially met the previously unmet action plan criterion. In addition, DOD continues to partially meet the capacity, monitoring, and demonstrated progress criteria. DOD continues to meet the criterion for leadership commitment.
Leadership commitment: met. DOD has demonstrated sustained leadership commitment by revising its service acquisitions instruction in January 2020. The revised instruction updated the Service Requirements Review Board (SRRB) process for reviewing, validating, approving, and verifying requirements for service acquisitions at both the DOD and the component level.
DOD officials told us that department leaders plan to revise the instruction further to account for recent changes to DOD’s overall acquisition framework.
Capacity: partially met. DOD has responded to a recommendation we made in August 2017 to address capacity shortfalls hindering DOD’s management of service acquisitions, but it is too early to assess the effectiveness of DOD’s response. In August 2017, we recommended DOD reassess leadership positions intended to strategically manage service acquisitions by portfolio because we found that the individuals in those positions had limited capacity.
DOD’s revised service acquisitions instruction changed DOD’s management structure and aligned the leadership positions with the Office of Management and Budget’s (OMB) category management efforts, which are intended to help agencies manage entire categories of spending across the government more like a single enterprise. In 2021, DOD plans to issue additional guidance on how the department can use category management to better manage service acquisitions. However, DOD has not yet demonstrated that individuals in key leadership positions have the capacity necessary to effectively implement this guidance.
Action plan: partially met. The January 2020 service acquisitions instruction identified a number of actions that DOD intends to take to further enhance its ability to manage service acquisitions. For example, the instruction updated the process through which the SRRBs can support budget planning. In 2017, we reported that the SRRBs had limited ability to inform budgeting decisions or support trade-off decisions within and across portfolios of service acquisitions.
In 2016, we recommended DOD include its projected spending on service acquisitions in its future-years defense plan. DOD officials have reported that the department may issue additional guidance in October 2021 identifying how components should collect and report information on service acquisitions beyond the budget year. Once issued, this guidance may address our 2016 recommendation and further enhance DOD’s ability to manage current and future service acquisitions.
Monitoring: partially met. Since our 2019 assessment, DOD has taken steps to collect data and develop metrics to monitor service acquisitions, but additional action is needed. For example, DOD’s January 2020 service acquisition instruction established that the department will use OMB’s existing category management metrics to monitor management of service acquisitions.
Additionally, DOD officials told us the department has used the inventory of contracted services to identify capability gaps. This use of the inventory of contracted services constitutes progress since 2016, when we reported that DOD was not using the inventory to help inform workforce and budget decisions, as statutorily required. However, DOD has not yet established how it will monitor implementation of the SRRB process outlined in the new service acquisitions instruction.
Demonstrated progress: partially met. In fiscal years 2019 and 2020, DOD exceeded OMB’s category management targets for contract obligations considered to be strategically managed. However, DOD will not be able to fully demonstrate progress in how it manages service acquisitions through the Future Years Defense Program until the department issues guidance for collecting and reporting on how service acquisitions will be used beyond the budget year.
What Remains to Be Done
As of November 2020, six recommendations related to this high-risk area had not been implemented. To improve the acquisition of services, DOD needs to, among other things,
- issue guidance on how DOD intends to use category management to help better manage service acquisitions, which it intended to do in 2021, and demonstrate service acquisition and category management leaders have the capacity to effectively implement this guidance; and
- issue and implement guidance identifying how components should collect and report information on service acquisitions beyond the budget year.
Operational Contract Support
For this segment, the ratings remain unchanged from our 2019 High-Risk Report.
Leadership commitment: met. DOD continues to demonstrate sustained commitment and strong leadership support in addressing OCS issues. For example, DOD has designated senior leaders within the Office of the Deputy Assistant Secretary of Defense (Logistics) for both OCS and vendor threat mitigation (previously known as vendor vetting).
DOD has also issued and updated a directive delineating roles and responsibilities for OCS planning and execution throughout the department. DOD also has maintained and expanded the role of the Functional Capabilities Integration Board, which serves as the senior governance forum for OCS issues. DOD revised and expanded the board’s charter in March 2020.
Capacity: partially met. DOD continues to face challenges in OCS capability shortfalls that create risk to operational effectiveness, timelines, and resource expenditures and prevent DOD from reaching full OCS capacity.
However, efforts are under way to address these OCS capability shortfalls. For example, DOD has completed four out of 15 actions identified in the August 2018 Joint Requirements Oversight Council memorandum aimed at improving policy, education, personnel, and force structure analysis, and officials stated in December 2020 that the department expects to close four additional actions by April 2021. DOD has also completed a functional competency assessment model that identified nine OCS competency skills for DOD civilians. According to DOD officials, the model will be used to inform education and training, hiring practices, and other manpower decisions. DOD completed and validated this model in November 2019 and expects to finalize it through publication in 2021.
Going forward, it will also be important for DOD to demonstrate that capacity will not diminish at the combatant commands as a result of the dissolution of the Joint Contingency Acquisitions Support Office in 2020. Planners from that organization have for several years been embedded in the commands to help develop OCS annexes to operational plans, and it will be important for DOD to ensure this OCS capability is not lost.
Action plan: met. In October 2019, DOD issued its seventh OCS Action Plan, which is organized around five core areas to address capability shortfalls in training and education, lessons learned, policy changes and emerging requirements. The action plan is DOD’s primary mechanism for measuring progress in these core areas.
Monitoring: met. DOD maintains several formal and informal groups to continue to monitor OCS progress. These include the Functional Capabilities Integration Board senior executive forum and Council of Colonels, the Vendor Threat Mitigation Working Group, and the OCS Data and Information Group. The groups meet regularly and are cochaired by senior officials in the Office of the Secretary of Defense and Joint Staff. Officials in these groups track DOD’s progress toward addressing OCS capability shortfalls identified in the annual OCS Action Plans.
Demonstrated progress: partially met. DOD continues to make progress in addressing recommendations we have previously identified as high priority. For example, in response to our December 2018 recommendation, DOD has developed a draft directive to provide comprehensive, department-wide guidance on vendor threat mitigation. At the same time, it has extended its interim directive-type memorandum to use until the directive is issued. In addition, two combatant commands (Africa and Indo-Pacific Commands) have developed and published command-specific OCS guidance.
However, after several years, DOD has still not issued its revised keystone instruction detailing how OCS should be integrated into plans and training, among other things. Senior DOD officials expect to issue the instruction by the end of March 2021. Additionally, DOD has not issued vendor threat mitigation guidance that will formalize DOD’s process for assessing and responding to risks posed by vendors who support DOD operations outside the United States. DOD officials estimated that this guidance will be issued by June 2021.
What Remains to Be Done
As of November 2020, seven recommendations related to this high-risk area had not been implemented. To enhance DOD’s ability to effectively manage OCS for current and future operations, DOD needs to, among other things,
- address identified OCS capability shortfalls;
- issue comprehensive vendor threat mitigation guidance; and
- issue the revised instruction that integrates OCS throughout the department.
Related GAO Products
Defense Workforce: Steps Needed to Identify Acquisition Training Needs for Non-Acquisition Personnel. GAO‑19‑556. Washington, D.C.: September 5, 2019.
Defense Acquisition Workforce: DOD Increased Use of Human Capital Flexibilities but Could Improve Monitoring. GAO‑19‑509. Washington, D.C.: August 15, 2019.
Operational Contract Support: Actions Needed to Strengthen DOD Vendor Vetting Efforts. GAO-19-37C. Washington, D.C.: December 20, 2018.
DOD Contracted Services: Long-Standing Issues Remain about Using Inventory for Management Decisions. GAO‑18‑330. Washington, D.C.: March 29, 2018.
Defense Acquisition Workforce: Opportunities Exist to Improve Practices for Developing Program Managers. GAO‑18‑217. Washington, D.C.: February 15, 2018.
Defense Contracted Services: DOD Needs to Reassess Key Leadership Roles and Clarify Policies for Requirements Review Boards. GAO‑17‑482. Washington, D.C.: August 31, 2017.
Operational Contract Support: Actions Needed to Enhance Capabilities in the Pacific Region. GAO‑17‑428. Washington, D.C.: June 23, 2017.
Defense Acquisition Workforce: DOD Has Opportunities to Further Enhance Use and Management of Development Fund. GAO‑17‑332. Washington, D.C.: March 28, 2017.
Enforcement of Tax Laws
Bookmark:The Internal Revenue Service needs to increase its capacity to implement new initiatives, improve ongoing enforcement and taxpayer service programs, and combat identity theft refund fraud.
| Why Area Is High Risk This high-risk area, added to the list in 1990, comprises two pressing challenges for IRS—addressing the tax gap and combatting IDT refund fraud. In 2019, IRS estimated that the average annual net tax gap—the difference between taxes owed and taxes paid on time—was $381 billion, on average, for tax years 2011-2013. IRS enforcement of the tax laws helps fund the U.S. government by collecting revenue from noncompliant taxpayers and, perhaps more importantly, promoting voluntary compliance by giving taxpayers confidence that others are paying their fair share. IDT refund fraud occurs when an identity thief files a fraudulent tax return using a legitimate taxpayer’s identifying information and claims a refund. For calendar year 2018, IRS estimates that at least $6.1 billion in individual IDT refund fraud was attempted and that it prevented the theft of at least $6 billion of that amount. IRS estimated that it paid between $90 million and $380 million to fraudsters. Contact Information For additional information about this high-risk area, contact James R. McTigue, Jr., or Jessica Lucas-Judy at (202) 512-9110 or mctiguej@gao.gov or lucasjudyj@gao.gov. |
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.
The Internal Revenue Service (IRS) continues to demonstrate top leadership commitment for improving tax compliance and has made strides in improving tax gap data. The agency has also taken steps to address identity theft (IDT) refund fraud through continued development and deployment of the Return Review Program (RRP), a system which screens returns for potential IDT and other refund fraud before IRS issues refunds.
However, IRS’s capacity to implement new initiatives, carry out ongoing enforcement and taxpayer service programs, and combat IDT refund fraud remains a challenge.
IRS continues to take actions toward meeting three other criteria for removal from our High-Risk List: developing a corrective action plan, monitoring, and demonstrating progress. The Coronavirus Disease 2019 (COVID-19) affected IRS enforcement operations and availability of services. Fraudulent schemes related to COVID-19 relief payments and tax credits may affect IRS capacity to address IDT refund fraud.
Addressing the Tax Gap
Ratings for this segment of the high-risk area remain unchanged since our previous High-Risk Report in 2019, with IRS meeting one criterion, partially meeting three, and not meeting one.
Leadership commitment: met. IRS adopted a more strategic approach to identifying and selecting budget program priorities, among other steps. For instance, IRS’s fiscal year 2018-2022 strategic plan includes a goal to facilitate voluntary compliance and deter noncompliance that could help address the tax gap.
Capacity: not met. IRS continues to face capacity challenges with skills gaps and modernizing an aging technology infrastructure. IRS has not fully implemented strategic workforce planning initiatives, such as conducting workforce analysis, and creating and implementing a workforce plan, which could help address the challenges of carrying out ongoing enforcement and taxpayer service programs under an uncertain budgetary environment.
IRS prioritized hiring for information technology and cybersecurity areas but still faces mission-critical gaps for enforcement staff. In addition, IRS has also not evaluated the costs and benefits of expanding RRP to address more tax enforcement activities, such as underreporting and noncompliance more broadly.
Action plan: partially met. IRS is developing a strategy to improve the services it provides to make voluntary compliance easier for taxpayers and to ensure taxes owed are paid. As we reported in September 2020, IRS did not have performance goals and related measures for improving the taxpayer experience. IRS had said it planned to identify performance goals, measures, and targets as part of its report to Congress required by section 1101 of the Taxpayer First Act (Public Law 116-25). IRS released that report in January 2021. We are reviewing the report to determine the extent to which it addresses our prior recommendations.
Monitoring: partially met. IRS continues to use tax gap data to study compliance behaviors and update formulas designed to identify tax returns with a high likelihood of noncompliance. In 2019, IRS documented plans for addressing the noncompliance identified in its analysis of the National Research Program employment tax results.
However, IRS does not adequately measure the effect of some compliance programs—such as those used for large partnerships—because it has not clearly defined them, tracked the results, or analyzed how to better use audit resources.
Section 2301 of the Taxpayer First Act also allows IRS to further lower the electronic filing threshold for filers that file 100 or more information returns in 2021 or 10 or more in subsequent years. Expanded e-filing will help IRS identify which returns would be most productive to examine.
Additional steps to increase third-party reporting, such as for virtual currency and platform worker earnings, could help provide taxpayers useful information for completing tax returns and give IRS an additional tool to address noncompliance.
Demonstrated progress: partially met. IRS implemented some corrective measures to improve compliance and reduce the tax gap, including its use of RRP to screen individual returns claiming refunds, but more work remains to meet this criterion. IRS also lacks specific quantitative goals to reduce the tax gap or improve voluntary compliance.
Without long-term, quantitative voluntary compliance goals and related performance measures, it will be more difficult for IRS to determine the success of its strategies.
What Remains to Be Done
Over the years since we added this area to our high-risk list, we have made numerous recommendations related to this high-risk issue, 103 of which were made since the last High-Risk Report in 2019. As of December 2020, 213 recommendations are open. IRS should implement all of our recommendations on improving audit effectiveness and resource investments, such as
- re-establishing goals for improving voluntary compliance and developing and documenting a strategy that outlines how it will use its data to update compliance strategies;
- evaluating the costs and benefits of expanding RRP to analyze individual returns not claiming refunds to support other enforcement activities;
- taking steps to increase third-party reporting on taxable transactions involving virtual currency; and
- determining what thresholds would be the most appropriate for payment information reporting for platform workers who are independent contractors and, if warranted, recommending that Congress adjust the thresholds.
Congressional Actions Needed
Given that the tax gap has been a persistent issue, reducing the tax gap will require targeted legislative actions. Specifically, Congress should consider
expanding third-party information reporting. For example, reporting could be required for certain payments that rental real estate owners make to service providers, such as contractors who perform repairs on their rental properties, and for payments that businesses make to corporations for services;
providing IRS with authority—with appropriate safeguards—to correct math errors and to correct errors in cases where information provided by the taxpayer does not match information in government databases; and
establishing requirements for paid tax return preparers to help improve the accuracy of the tax returns they prepare.
Refund Fraud Related to Identity Theft
Ratings for this segment of the high-risk area remain unchanged since our previous High-Risk Report in 2019, with IRS meeting two criteria and partially meeting the other three.
Leadership commitment: met. IRS has demonstrated leadership commitment in addressing IDT refund fraud. For example, IRS has recognized the evolving challenge of IDT refund fraud in its strategic plans, expanded fraud detection activities, and implemented agency-wide antifraud efforts, including bringing officials together from across the organization to discuss potential fraud risks.
Capacity: partially met. RRP is IRS’s primary prerefund system for detecting IDT and other refund fraud, automating some of IRS’s manual processes for screening returns, and identifying fraud schemes. Although IRS can adjust RRP quickly to respond to emerging threats, IRS’s ability to combat IDT fraud continues to be challenged as a result of large-scale cyberattacks on various entities. Further, IRS lacks the governance structure to coordinate all aspects of IRS's efforts to protect taxpayer information while at third-party providers.
Action plan: met. IRS has a strategic plan that acknowledges its responsibility to safeguard taxpayer and IRS data, particularly given the growing incidence and sophistication of cyber and identity theft. It also includes actions that IRS plans to take to combat IDT, such as continuing collaboration with external parties and hiring staff for IDT-related efforts. Further, IRS is using RRP to automatically detect and prevent IDT and other refund fraud in individual returns.
Additionally, the Department of the Treasury established a priority goal for IRS to reduce IDT refund fraud through strategic partnerships, as well as enhanced detection models, data analytics, and filters by December 2021. IRS estimated it reduced the amount of unprotected IDT refund paid by 88 percent, about $1.9 billion, between processing year 2016 and 2018.
Monitoring: partially met. Continuously monitoring performance helps IRS better position itself to improve detection and prevention of identity theft. However, in July 2018, we found ways to improve and expand IDT refund fraud prevention—such as digitizing information from paper returns and making the information available to RRP. In June 2018, we reported that IRS also lacks internal controls to effectively monitor telephone, in-person, and correspondence authentication.
Additionally, as we reported in January 2020, IRS needs to develop a fraud risk profile for business IDT consistent with leading practices. This includes identifying fraud scenarios that pose the greatest risk of business IDT and developing fraud detection mechanisms for at least 25 additional tax forms.
Demonstrated progress: partially met. IRS has demonstrated some progress by developing tools and programs to further detect and prevent IDT refund fraud, such as RRP, which uses advanced analytic techniques and business rules to compare taxpayer-reported information to W-2s.
IRS has also made progress on implementing its foundational authentication initiatives and monitoring required resources to complete them. Further, IRS took steps to implement new federal online authentication standards and expects to be in compliance by February 2023.
Still, IRS has not integrated and prioritized authentication options from its new innovation process into its authentication strategy.
What Remains to Be Done
We have made numerous recommendations related to IDT refund fraud, 14 of which were made since the last High-Risk Report in 2019. As of December 2020, all 14 recommendations are open. IRS should implement all of our recommendations for addressing IDT refund fraud, including
- implementing the most cost-effective method to digitize information provided by taxpayers who file returns on paper;
- implementing improvements to online authentication consistent with federal standards;
- developing internal controls to effectively monitor telephone, in-person, and correspondence authentication;
- developing a governance structure or other form of centralized leadership to coordinate all aspects of IRS's efforts to protect taxpayer information while at third-party providers;
- developing a fraud risk profile for business IDT consistent with leading practices; and
- identifying, prioritizing, and implementing new business IDT fraud filters consistent with its fraud risk profile.
Congressional Actions Needed
Given that IDT refund fraud has been an ongoing issue, combating it will require targeted legislative actions, including
- requiring that returns prepared electronically but filed on paper include a scannable code printed on the return to better leverage RRP’s capabilities; and
- providing IRS with explicit authority to establish security requirements for the information systems of paid preparers and Authorized e-file Providers.
Related GAO Products
Taxpayer Service: IRS Could Improve the Taxpayer Experience by Using Better Service Performance Measures. GAO‑20‑656. Washington, D.C.: September 23, 2020.
Taxpayer Compliance: More Income Reporting Needed for Taxpayers Working Through Online Platforms. GAO‑20‑366. Washington, D.C.: May 28, 2020.
Virtual Currencies: Additional Information Reporting and Clarified Guidance Could Improve Tax Compliance. GAO‑20‑188. Washington, D.C.: February 12, 2020.
Identity Theft: IRS Needs to Better Assess the Risks of Refund Fraud on Business-Related Returns. GAO‑20‑174. Washington, D.C.: January 30, 2020.
Tax Gap: Multiple Strategies Are Needed to Reduce Noncompliance. GAO‑19‑558T. Washington, D.C.: May 9, 2019.
Taxpayer Information: IRS Needs to Improve Oversight of Third-Party Cybersecurity Practices. GAO‑19‑340. Washington, D.C.: May 9, 2019.
Internal Revenue Service: Strategic Human Capital Management is Needed to Address Serious Risks to IRS's Mission. GAO‑19‑176. Washington, D.C.: March 26, 2019.
Medicare Program & Improper Payments
Bookmark:The Centers for Medicare & Medicaid Services has taken some action to reduce improper payments but needs to take further action to address Medicare’s financial and oversight challenges.
| Why Area Is High Risk In calendar year 2020, the Medicare program is estimated to have spent $861.9 billion to provide health care services for approximately 63 million elderly and disabled beneficiaries. This represents approximately 13 percent of federal spending, and spending is expected to increase significantly over the next 10 years. Due to its size, complexity, and susceptibility to mismanagement and improper payments, we first designated Medicare as a high-risk program in 1990. Medicare continues to challenge the federal government because of (1) its outsized impact on the federal budget and the health care sector as a whole, (2) the large number of beneficiaries it serves, and (3) the complexity of its administration. Medicare also faces a significant risk with improper payments—payments that either were made in an incorrect amount or should not have been made at all—which reached an estimated $43 billion in fiscal year 2020. CMS—which administers and oversees the Medicare program—should continue to take actions to prevent and reduce improper payments in the program. Contact Information For additional information about this high-risk area, contact James Cosgrove or Jessica Farb at (202) 512-7114 or cosgrovej@gao.gov and farbj@gao.gov. |
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged for the Medicare Improper Payments segment of this high-risk area. The Centers for Medicare & Medicaid Services (CMS) has maintained its leadership commitment to addressing Medicare improper payments and is meeting the capacity criterion. The agency partially meets the remaining three criteria.
The Medicare program has faced challenges in three additional broad segments—(1) payments, provider incentives, and program management under Medicare fee-for-service (FFS); (2) Medicare Advantage (MA) and other Medicare health plans; and (3) design and oversight of the Medicare program and the effects on beneficiaries.
We continue to not rate CMS’s progress against the high-risk criteria for these three segments for two main reasons. First, the Medicare program is subject to frequent legislative updates to provider payments and other policies. This active congressional participation in the details of the program means that many vital factors are outside of the agency’s control. Second, the Medicare program is in a profound state of transition from a payment system that rewards providers based on the volume and complexity of health care services they deliver to one that ties payments to the quality and efficiency of care.
While we are beginning to evaluate some of the revisions to Medicare’s payment system that have resulted from this transition, these programs take several years to fully implement and some providers are still being transitioned. Nonetheless, we have identified some actions CMS can take to better manage the program.
In response to COVID-19, CMS approved waivers and flexibilities to expand the availability of Medicare services during the pandemic, including things such as waiving certain telehealth and provider enrollment requirements. It is too early to determine the potential effects of the COVID-19 pandemic on the Medicare program, and thereby on CMS’s ability to make progress in addressing high-risk areas—such as the impact of these flexibilities on Medicare’s improper payment rates. However, CMS needs to carefully monitor whether the suspension of these program safeguards may have increased the potential for fraud, waste, and abuse.
Since we added Medicare to our High-Risk List in 1990, we have made more than 750 recommendations related to improper payments and other aspects of the Medicare program, 22 of which were made since the last high-risk update in March 2019. As of December 2020, 89 recommendations remained open.
Improper Payments
Leadership commitment: met. CMS has continued to demonstrate leadership commitment. For example, in 2019, CMS developed a “five pillar” program integrity strategy to address Medicare improper payments. Elements of the strategy include working with law enforcement agencies to identify and take action against providers who defraud the program; improving infrastructure to prevent fraud, waste, and abuse on the front end before claims are paid; and monitoring new and emerging areas of risk.
Capacity: met. The Center for Program Integrity (CPI)—CMS’s centralized entity for Medicare and Medicaid program integrity issues—has experienced an increase in its resources over time, and the agency has established work groups and interagency collaborations to extend its capacity. For example, CMS allocated additional staff to CPI after Congress provided additional funding. CPI’s full-time equivalent positions increased from 177 in 2011 to about 492 in 2021.
We have reported that CMS’s Fraud Prevention System, which analyzes claims to identify health care providers with suspect billing patterns, has also helped speed up certain investigation processes. Further, the Healthcare Fraud Prevention Partnership has helped improve information sharing among payers inside and outside of the government, and as of September 2020 had grown to include 172 federal partners, law enforcement, private payers, and other partners.
Action plan: partially met. CMS continues to identify and report progress on corrective actions related to Medicare improper payments, though work remains to be done to fully meet this criterion. CMS reported this progress in the Department of Health and Human Services’ (HHS) annual Agency Financial Report, which CMS officials stated reflects the agency’s record on its action plan. However, while the fiscal year 2020 report includes targets for reducing Medicare improper payments and highlights corrective actions taken to address root causes of payment errors, it does not identify clear metrics to assess progress, the resources needed to implement corrective actions, or time frames for completing those actions in order to meet its goals.
As of December 2020, CMS officials stated that the agency recently had begun work to enhance its process for analyzing and addressing areas of improper payment risk, using the GAO Fraud Risk Framework, including developing the Vulnerability Collaboration Council to help achieve these goals. CMS officials stated that while the agency will continue to report corrective actions in the Agency Financial Report, the action plans used by CMS to address areas of high risk will be developed through the Vulnerability Collaboration Council process and documented in specific “vulnerability summaries.” For example, the agency has developed a vulnerability summary for a certain type of fraud related to durable medical equipment, prosthetics, orthotics, and supplies, such as orthotic back and knee braces. CMS officials stated that vulnerability summaries for areas noted in the Agency Financial Report have not been finalized.
While CMS has taken steps, through the Vulnerability Collaboration Council, to develop a centralized process to identify, prioritize, track, and mitigate vulnerabilities that affect the integrity of payments, it has not conducted a complete fraud risk assessment or created a risk-based antifraud strategy for each of Medicare’s parts—Medicare FFS, MA, and Medicare Part D (the outpatient prescription drug benefit)—which we recommended in December 2017. This strategy, if implemented, would allow the agency to better ensure it is addressing the full portfolio of risks and strategically targeting the most significant fraud.
Monitoring: partially met. CMS made progress to improve monitoring in some areas, such as its oversight of Medicare provider education efforts and provider enrollment screening processes. However, to make further progress, our recommendation from March 2019 states that CMS should take steps to routinely assess how variations in the documentation requirements between Medicare and the Medicaid program may be affecting estimates of improper payment rates. Without such assessments, CMS may not have the information it needs to ensure the requirements are effective at demonstrating compliance and appropriately address program risks.
Demonstrated progress: partially met. Estimated improper payment rates declined more than 1 percentage point from fiscal year 2018 to 2020 for Medicare FFS and MA—to 6.27 percent and 6.78 percent respectively—and by about a half percentage point to 1.15 percent for Medicare Part D. In total, Medicare improper payments were estimated to be $43 billion in fiscal year 2020. However, the amount of improper payments made in Medicare are significant, accounting for over one-quarter of the total amount of improper payments made government-wide in fiscal year 2019.
In addition, improper payment rates do not yet take into account the potential for improper payments that may result from inappropriate use of flexibilities given to providers and patients during the COVID-19 public health emergency. These flexibilities included such things as the use of program waivers for telehealth services and waivers of a number of provider enrollment requirements, such as certain background checks.
Many of our recommendations that could further lower improper payment rates remain open. For example, CMS has not implemented our recommendation from April 2016 that it seek legislative authority to permit payment for recovery auditors to conduct prepayment claims reviews. Reviewing Medicare claims before payment can prevent improper payment.
Further, CMS made some progress implementing recommendations related to continuing the use of prior authorizations based on our April 2018 report, but further action is needed. For example, CMS added 12 items—seven power wheel chairs and five pressure reducing support surfaces—to its required prior authorization list and resumed its home health services demonstration. However, CMS has yet to fully evaluate its prior authorization programs, such as determining cost savings from its actions.
What Remains to Be Done
To better prevent, identify, and recover improper payments across all parts of the Medicare program, CMS should fully implement our open recommendations related to Medicare program integrity. For example, CMS should
- seek legislative authority to allow recovery auditors to conduct prepayment reviews in addition to postpayment claims reviews;
- routinely assess variations in the documentation requirements between the Medicare and Medicaid programs;
- complete actions to identify those MA benefit plans most at risk for improper payments when selecting plans for risk adjustment data validation audits—audits of MA organizations that help CMS recover improper payments in cases where beneficiary diagnoses are unsupported by medical records;
- fully evaluate its prior authorization programs, such as determining cost savings from its actions to identify new opportunities for prior authorization; and
- through its Vulnerability Collaboration Council, conduct fraud risk assessments and create and implement an antifraud strategy for Medicare, including an approach for evaluation.
Payments, Provider Incentives, and Program Management under Medicare Fee-for-Service
As CMS progresses toward full implementation of its value-based payment system, it will be important for the agency to use reliable quality and efficiency measures and methodological approaches, as highlighted in these two areas.
Hospital Value-Based Purchasing Program. The Hospital Value-Based Purchasing Program provides financial incentives to acute-care hospitals to provide efficient, high-quality care to Medicare beneficiaries. In June 2017, we reported some hospitals with high efficiency scores received bonuses despite having relatively low quality scores. This contradicts CMS’s intention to reward high-quality care provided at a lower cost; we have two open recommendations to ensure the performance scores under the Hospital Value-Based Purchasing Program allow the program to accomplish its goal of balancing both quality and efficiency.
Laboratory tests. Medicare is the largest purchaser of laboratory tests that help health care providers prevent, diagnose, and treat diseases. In 2018, we reported that changes CMS made to how it paid for panel tests (groups of laboratory tests generally performed together) could potentially increase Medicare expenditures by billions of dollars. While CMS has taken steps to ensure the use of lower bundled payment rates for common panel tests, it has not done so for less common panel tests.
What Remains to Be Done
We have recommended to CMS several actions, including the following:
- CMS should revise the formula for calculating a hospital’s total performance score under the Hospital Value-Based Purchasing Program or take other actions so the efficiency score does not have a disproportionate effect on the total performance score; and
- CMS should use bundled rates for all panel tests, rather than paying separately for each component test for some panels.
Medicare Advantage and Other Medicare Health Plans
The MA program provides health care coverage to Medicare beneficiaries through private health plans. The number and percentage of Medicare beneficiaries enrolled in MA has grown steadily over the past several years, increasing from approximately 11 million (24 percent of all Medicare beneficiaries) in 2010 to about 22 million (36 percent of all Medicare beneficiaries) in 2019.
Similar to the FFS program, the MA program has been in a period of transition. For example, in May 2020, CMS finalized guidance for 2021 that expanded access to the MA program by allowing all beneficiaries with end-stage renal disease to enroll in an MA plan for the first time.
MA plan payment adjustments. CMS pays plans in MA a predetermined amount per beneficiary, adjusted for health status. To make this adjustment, CMS calculates a risk score—a relative measure of expected health care costs—for each beneficiary. In January 2012 and January 2013, we reported that CMS’s adjustments to account for differences between FFS and MA providers’ coding of medical diagnoses were too low, resulting in billions of excess payments to MA plans. We have an open recommendation related to improving the accuracy of MA plan payment adjustments.
Encounter data. In January 2017, we reported that CMS had begun to use encounter data—claims-like data collected from the sponsors of MA plans—in its methodology for risk adjusting payments to MA plans. While the encounter data were intended to improve the accuracy of risk adjustment, the data have yet to be fully validated. We have two open recommendations related to improving the quality of encounter data.
Plan enrollment for dual-eligible beneficiaries. As we reported in March 2020, some dual-eligible beneficiaries—those eligible for both Medicare and Medicaid—were enrolled in a special MA plan for dual-eligible beneficiaries, known as a dual-eligible special needs plan (D-SNP), and a Medicaid managed care plan that were offered by the same or related companies.
While this arrangement may create opportunities for better coordination of care for dual-eligible beneficiaries, some beneficiaries are default enrolled in the plans and CMS does not have quality information on their experiences after they are enrolled. We have an open recommendation to improve what is known about the experiences of dual-eligible beneficiaries who have been default enrolled.
What Remains to Be Done
We have recommended to CMS several actions, including that the agency should
- take steps to improve the accuracy of risk score adjustments by, for example, accounting for additional beneficiary characteristics such as sex and health status;
- (1) establish specific plans and time frames for using encounter data for all purposes other than risk adjusting payments to MA organizations; and (2) complete all the steps necessary to validate the data, including performing statistical analyses, reviewing medical records, and providing MA organizations with summary reports on findings; and
- take steps to obtain quality information on the experiences of dual-eligible beneficiaries who have been default enrolled into D-SNPs, such as by obtaining information about the extent to which and reasons that beneficiaries disenroll from a D-SNP after being default enrolled.
Design and Oversight of the Medicare Program and the Effects on Beneficiaries
The design and CMS’s oversight of the Medicare program affect both beneficiaries’ out-of-pocket costs and the quality and safety of care they receive. Medicare FFS’s benefit design does not include a cap on the maximum cost-sharing amount a beneficiary can be responsible for during a given year for covered services. This could leave beneficiaries vulnerable to catastrophic costs, especially if they do not have supplemental insurance.
In addition, Medicare spending can affect the premiums Medicare Part B (hospital outpatient, physician, and other services) beneficiaries pay. In 2020, the Medicare Trustees estimated federal Medicare spending will grow at a faster rate than workers’ earnings and the economy overall. This will impose a significant burden on many Medicare beneficiaries, as changes to the amount beneficiaries pay in premiums each year is based in part on changes to federal Medicare spending.
With regard to quality, CMS has made progress in improving the health and safety of beneficiaries. CMS reported that Medicare Quality Improvement Organizations (QIO) provided oversight that helped to prevent tens of thousands of beneficiaries from needing hospitalization or being readmitted to hospitals.
Additionally, as over one-quarter of people 65 years and older are affected by diabetes, the QIO program launched a diabetes self-management education program. Through the reporting period ending in July 2018, more than 50,000 beneficiaries completed this program, which aims to improve health outcomes and quality of life for beneficiaries with diabetes.
Medicare Trustees report. Over the past 25 years, the boards of trustees have missed 17 of the annual statutory deadlines for submitting the trust fund reports to Congress. In July 2019, we reported that lack of improved efforts to keep congressional committees informed could potentially hinder oversight of the trust funds. We have two open recommendations to improve the timeliness of the boards of trustees’ trust fund reports.
Hospice provider oversight. In October 2019, we reported that additional opportunities exist to strengthen CMS’s oversight of hospice providers. CMS collects data on the quality of hospice care but does not require hospice surveyors—those who conduct the program inspections—to use that data to inform their inspections. We have one open recommendation to improve CMS’s identification of quality of care issues in hospice programs.
What Remains to Be Done
We have recommended several actions, including that
- Treasury take two actions related to the boards of trustees’ reports to Congress: (1) work with CMS to improve the management of the report development schedule and (2) establish a policy to inform Congress of the reports’ expected issuance timeline and reasons for potential delays; and
- CMS incorporate the use of additional information, such as quality measures or other information that could identify potential quality of care issues, into its survey process for overseeing hospice providers.
Related GAO Products
Medicare Hospice Care: Opportunities Exist to Strengthen CMS Oversight of Hospice Providers. GAO‑20‑10. Washington, D.C.: October 18, 2019.
Social Security and Medicare: Improved Schedule Management Needed for More Timely Trust Fund Reports. GAO‑19‑596. Washington, D.C.: July 30, 2019.
Medicare Laboratory Tests: Implementation of New Rates May Lead to Billions in Excess Payments. GAO‑19‑67 Washington, D.C.: November. 30, 2018)
Medicare: CMS Should Take Actions to Continue Prior Authorization Efforts to Reduce Spending. GAO‑18‑341. Washington, D.C.: April 20, 2018.
Medicare and Medicaid: CMS Needs to Fully Align Its Antifraud Efforts with the Fraud Risk Framework. GAO‑18‑88. Washington, D.C.: December 5, 2017.
Medicare: CMS Fraud Prevention System Uses Claims Analysis to Address Fraud. GAO‑17‑710. Washington, D.C.: August 30, 2017.
Hospital Value-Based Purchasing: CMS Should Take Steps to Ensure Lower Quality Hospitals Do Not Qualify for Bonuses. GAO‑17‑551. Washington, D.C.: June 30, 2017.
Medicare Provider Education: Oversight of Efforts to Reduce Improper Billing Needs Improvement. GAO‑17‑290. Washington, D.C.: March 10, 2017.
Strengthening Medicaid Program Integrity
Bookmark:The Centers for Medicare & Medicaid Services has taken steps, but further efforts are needed to reduce improper payments, ensure the appropriate use of program dollars, and improve program data.
| Why Area Is High Risk The size, growth, and diversity of the federal-state Medicaid program present oversight challenges. We designated Medicaid a high-risk program in 2003. In fiscal year 2020, Medicaid covered an estimated 77 million low-income and medically needy individuals at a cost of $673 billion, of which $419 billion was financed by the federal government. Services are increasingly delivered through managed care, under which organizations are paid a set amount per beneficiary to provide or arrange for care. Our recent work highlights the following: (1) Medicaid improper payments represented about 21.4 percent of federal program spending—more than$85 billion—in fiscal year 2020, an increase of nearly $30 billion from 2019. (2) States have increased their reliance on provider taxes and local governments to finance the nonfederal share of Medicaid spending, particularly for supplemental payments to providers. These payments are not linked to claims for beneficiary services and represent a growing share of Medicaid spending, totaling more than $46.3 billion in 2017, the most recent year for which data are available. (3) CMS’s oversight of Medicaid often relies on state-reported expenditure and utilization data. Incomplete and inconsistent state data complicate program oversight. Contact Information For additional information about this high-risk area, contact Carolyn L. Yocom at (202) 512-7114 or yocomc@gao.gov. |
Since our 2019 High-Risk Report, our assessment for all five criteria remains unchanged. The Centers for Medicare & Medicaid Services (CMS) continues to demonstrate leadership support to address risks in the areas of: (1) improper payments, (2) appropriate use of Medicaid dollars by the states, and (3) Medicaid data. Still, work remains to fully meet all of the high-risk criteria. As of December 2020, 89 of our more than 300 recommendations for Medicaid remain open, and several major steps remain to improve program integrity.
Improper Payments
Since our 2019 High-Risk Report, all five criteria remain unchanged.
Leadership commitment: met. CMS continues to demonstrate commitment to oversight of improper payments. In June 2018, CMS communicated the agency’s strategy for improving program integrity, including plans for a number of new efforts to detect and respond to improper payments, including enhanced auditing efforts.
As of July 2020, CMS has continued to take important steps in implementing the strategy, such as (1) starting to audit beneficiary eligibility determinations and managed care payments, and (2) conducting outreach to state auditors as a means of expanding its oversight of improper payments.
Capacity: partially met. CMS continues to take actions to enhance the resources and guidance available to states for program integrity purposes. In July 2019, CMS met with audit contractors to discuss coordination of managed care audits. As a result of the feedback and recommendations received, CMS is evaluating several process improvements and reiterated that audit contractors will continue to work with states to provide support and assistance in Medicaid managed care.
However, it is unclear if these actions will (1) remove known impediments to managed care audits, or (2) increase the number of collaborative audits.
Additionally, one-third of Medicaid improper payments relate to states’ noncompliance with provider screening and enrollment requirements. We reported in October 2019 that CMS has targeted resources to support and oversee states’ implementation efforts through optional contractor site visits and a triennial improper payments review, among other activities. However, because these efforts are optional or focus on specific areas, they do not provide a comprehensive review of provider enrollment and screening. Without an expansion of CMS’s review to include all states, these efforts do not provide sufficiently comprehensive or timely oversight.
Action plan: partially met. In June 2018, CMS outlined a strategy to reduce Medicaid improper payments, which included planned actions that could address some of the concerns we raised in January 2017 and May 2018. However, as of July 2020, CMS (1) still has not detailed the scope and timing of this strategy, including implementation dates; nor (2) indicated how it will use information from other auditors to inform its oversight. Additionally, CMS has not stated when it will integrate state improper payment rates in the Medicaid Scorecard, used to report CMS and state performance in administering Medicaid.
Monitoring: partially met. Although CMS has taken steps to improve its monitoring of managed care overpayments by requiring states to report additional information, our work has identified ongoing concerns related to CMS’s monitoring of improper payments, particularly with regard to identifying and targeting risk.
As we reported in March 2019, CMS has generally more stringent documentation requirements for Medicare than Medicaid for the same services. These inconsistent requirements result in disparities between the programs in identifying improper payments resulting from insufficient documentation. They also raise questions about how well CMS is identifying and addressing program risks in both programs.
Additionally, gaps exist in CMS’s efforts to oversee states’ compliance with third-party liability requirements, which help assure that Medicaid remains the payer of last resort for services for children subject to child support enforcement. As we reported in August 2019, CMS provided incorrect guidance to states about the requirements and did not verify that the states had implemented measures to seek third-party payment for pediatric services.
Demonstrated progress: partially met. While CMS’s overall estimated Medicaid improper payment rate increased from 14.9 percent in fiscal year 2019 to 21.4 percent in fiscal year 2020, the increase was driven in part by a component that had not been measured until 2019. The improper payment rate is comprised of three components: (1) fee-for-service payments to providers, (2) payments to managed care organizations (MCO), and (3) the accuracy of beneficiary eligibility determinations.
The increase in the overall error rate reflects an increase in the beneficiary eligibility component, which was held at the 2014 rate of 3.1 percent through 2018 to allow for revision of the review and increased from 8.4 percent in 2019, when the review resumed, to 14.9 percent in 2020. In addition to the revised review methodology, CMS attributes the 2020 error rate to insufficient documentation to verify beneficiary eligibility and states’ noncompliance with redetermination requirements.
The managed care component of the error rate, which decreased in 2020, continues to not account for all program risks. As we found in our May 2018 report, CMS’s estimates of MCO improper payments do not include a medical review of services or reviews of MCO records or data. We have noted that many entities—such as state auditors—play an important role in ensuring program integrity, and that further collaboration with these stakeholders could address gaps in managed care audits, among other areas.
What Remains to Be Done
Since designating Medicaid as a high-risk area in 2003, we have made at least 55 recommendations related to improper payments, 18 of which were open as of December 2020. To reduce improper payments, CMS needs to, among other things,
- expand its review of states' implementation of provider screening and enrollment requirements to include states that have not participated in optional contractor site visits; and for states not fully compliant with the requirements, annually monitor their implementation progress;
- assess and ensure, as appropriate, that Medicare and Medicaid documentation requirements are necessary and effective at demonstrating compliance with coverage policies while appropriately addressing program risks;
- develop and implement time frames to ensure that the agency completes financial management reviews in a timely manner; and
- expand audit coverage in managed care.
Appropriate Use of Medicaid Dollars
Since our 2019 High-Risk Report, all five criteria remain unchanged. Our work continues to identify risks related to CMS oversight of whether states’ use of Medicaid funds is consistent with Medicaid requirements.
Leadership commitment: partially met.
CMS has taken steps to ensure appropriate use of funds in some areas of the program, but progress was limited in other areas. CMS continues to implement its 2016 policy to better ensure that Medicaid demonstrations—which allow states to test new approaches to providing coverage and for delivering services—are budget neutral (i.e., that the demonstrations do not increase federal costs). CMS has also indicated its intention to revise policies for reviewing proposed changes to existing demonstrations, as we recommended in April 2019, to improve transparency around the potential effects of those changes. However, the budget neutrality policy still permits the use of questionable methods—such as hypothetical rather than actual expenditures—to set demonstration spending limits.
In November 2020, CMS removed a proposed rule from the Unified Agenda of Federal Regulatory and Deregulatory Action, which identifies the rulemakings that are planned or underway throughout the federal government. The proposed rule, if finalized, would have required states to report additional information about Medicaid financing arrangements (which can increase federal spending without a commensurate increase in state spending) and supplemental payments (payments made to providers in addition to claims-based payments).
We have made several recommendations over the last several years related to improving oversight of financing and supplemental payments. We also maintain that additional state reporting in these areas is necessary to ensure that CMS has the information it needs to verify that these payments are being made for Medicaid purposes in an economical and efficient manner.
In December 2020, Congress passed and the President signed into law legislation requiring additional state reporting on supplemental payments, including requiring states to describe how these payments are consistent with economy and efficiency. The effectiveness of these new reporting requirements will depend on how CMS implements them.
Capacity: partially met. CMS has taken actions toward building oversight capacity, but has pulled back on other efforts that held promise. In November 2019, CMS reorganized some of its regional office functions, including financial oversight, in an effort to ensure that financial operations are consistent across the nation. This reorganization ended other assessments of oversight capacity and risk.
Specifically, CMS had developed a standard tool in October 2019 to assess risk and staff capacity for oversight of states’ reported expenditures. CMS planned to conduct a national assessment of whether oversight resources are adequate and target areas of greatest risk as we recommended. However, CMS suspended further efforts to develop and use this tool in November 2019 when it completed the reorganization.
Action plan: partially met. CMS continues to implement policy changes to ensure budget neutrality of demonstrations with the next significant change scheduled to begin in 2021. The timing for other planned actions is unclear. For example, CMS has not made progress on an action plan for oversight of supplemental payments.
Also, CMS has no specific plan for considering the adequacy and allocation of resources for expenditure oversight. It is, instead, taking the approach of assessing the allocation of resources on an ongoing basis despite our findings that resources were not well targeted to the areas of greatest risk.
Monitoring: partially met. For demonstrations, CMS continues to assess the effect of its new budget neutrality policy with the renewal of each demonstration. In January 2020, agency officials told us that CMS had developed a reporting tool for states that will allow for monitoring the policy over time. As of December 2020, the agency has implemented the tool, but it is unclear whether the agency is consistently enforcing reporting requirements.
For supplemental payments, CMS continues to lack a strategy for systematically identifying questionable payments to states for their supplemental payment programs that may not be clearly linked to Medicaid purposes. In December 2020, we reported that states’ reliance on provider taxes and local government funds effectively increased the share of Medicaid payments financed by the federal government by an estimated 5 percentage points to 68 percent in 2018. This shift in the federal share of Medicaid spending was greater for supplemental payments, with the federal government financing 76 percent of certain supplemental payments in 2018.
CMS does not collect consistent or sufficient information on states’ Medicaid payments and the sources of funds states use to finance the nonfederal share. As a result, CMS cannot adequately determine whether payments are consistent with economy and efficiency and financed with permissible sources of funds.
Demonstrated progress: partially met. With regard to oversight of demonstration spending, CMS’s revised 2016 budget neutrality policy reduced total demonstration spending limits by an estimated $159.5 billion for 2016 through 2019, the federal share—59.6 percent—of which is $95.1 billion. Another new budget neutrality policy will take effect for demonstrations renewed on or after January 1, 2021—which should further reduce federal liabilities. However, CMS has not made significant progress towards improving its oversight of supplemental payments, for which reporting remains incomplete.
What Remains to Be Done
Since designating Medicaid as a high-risk area in 2003, we have made at least 61 recommendations related to the appropriate use of program dollars, 21 of which were open as of December 2020. CMS needs to take the following steps, among others, to better assure the appropriate use of Medicaid dollars:
- address questionable methods—particularly relying on hypothetical rather than actual expenditures—used to set demonstration spending limits; develop and document standard operating procedures for monitoring demonstration spending; and develop policies for ensuring transparency when states submit major changes to pending demonstration applications or propose changes to existing demonstrations.
- collect sufficient provider specific information from states on Medicaid payments and the sources of funds states use to finance their share of Medicaid payments; outline clear criteria, data, and a review process to ensure payments are economical and efficient; and write guidance clarifying its policy that requires a link between the distribution of supplemental payments and Medicaid-covered services; and
- complete a risk assessment and take steps, as needed, to assure that resources to oversee expenditures reported by states are adequate and allocated according to risk.
Congressional Actions Needed
Congressional action could improve oversight of Medicaid expenditures.
- In January 2008, we suggested Congress consider establishing statutory requirements for the Secretary of the Department of Health and Human Services to improve the demonstration review process to more clearly outline the methods used to demonstrate budget neutrality.
Medicaid Data
Since our 2019 High-Risk Report, the leadership commitment criterion has progressed from partially met to met and the action plan criterion has progressed from not met to partially met. Ratings for the remaining three criteria remain unchanged. CMS has demonstrated the leadership support needed to address Medicaid data quality. However, our work continues to identify the need for CMS to take additional steps to improve Medicaid data quality and to expedite the use of improved data for program oversight.
Leadership commitment: met. CMS’s ongoing efforts to implement the Transformed Medicaid Statistical Information System (T-MSIS) reflect the agency’s commitment to improve Medicaid data, such as Medicaid eligibility and claims data. As of December 2019, all 50 states, the District of Columbia, and two U.S. territories were submitting data to all eight T-MSIS files. CMS uses a dashboard to share data errors with states and provides states with ongoing technical assistance. CMS also publicly released excerpts of 2016 T-MSIS data and issued corresponding data quality briefs that provide insight on their usability for research and oversight.
In September 2020, CMS released similar data for calendar years 2017 and 2018. These efforts have contributed to improvements in the completeness and accuracy of T-MSIS data compared to what we found in December 2017. In October 2020 we found T-MSIS data sufficiently reliable for use to report on the number of individuals eligible for Medicaid through the Breast and Cervical Cancer Prevention and Treatment Act of 2000. CMS has also used T-MSIS data for targeted research and oversight efforts and is committed to expand such efforts with further improvements in T-MSIS data quality.
Capacity: partially met. CMS revised the state Early and Periodic Screening, Diagnostic, and Treatment (EPSDT) data submission process, providing states with the option of having CMS use T-MSIS data to document EPSDT services on states’ behalf beginning in 2021. CMS also updated its Encounter Data Toolkit in August 2019, which set voluntary guidelines for states to follow when validating MCO claims—known as encounter data.
However, CMS has not provided states with information about how to conduct an independent audit of encounter data or about how to provide CMS with an annual assessment of these data. Without establishing requirements for these processes, CMS efforts to perform effective oversight of encounter data reliability will be limited.
Action plan: partially met. In December 2017, we recommended that CMS develop a plan and time frame for using T-MSIS data for oversight. In January 2021, we report that CMS has begun using T-MSIS data for oversight, including a reporting on the number of beneficiaries receiving substance use disorder services in 2017 and a preliminary analysis of foregone care by children enrolled in Medicaid and the Children’s Health Insurance Program during the Coronavirus Disease 2019 pandemic. However, CMS has not provided a plan for use of T-MSIS data for broad program oversight.
In August 2019, we specifically recommended that CMS develop a plan with time frames to use T-MSIS data to improve EPSDT oversight and streamline state reporting. In June 2020, CMS told us that the agency has begun to use T-MSIS data to recreate certain EPSDT measures from a prior year and will then validate the data. CMS did not provide a time frame for completing this effort or specify when it will begin to use T-MSIS data for EPSDT oversight.
Monitoring: partially met. In August 2019 we recommended that CMS work with states and relevant federal agencies to collect accurate and complete data on blood lead screening for beneficiaries to ensure that CMS can monitor state compliance with its blood lead screening policy.
In June 2020, CMS said it will use T-MSIS data rather than a separate data request to monitor blood lead screening upon state request, but that data limitations hinder agency efforts to obtain complete data on blood lead screening for children enrolled in Medicaid. As a result, CMS’s oversight of blood lead screening for children in Medicaid will be limited, leaving children vulnerable to lead exposure that can cause developmental delays and harm to nearly every body system.
Demonstrated progress: partially met. The ongoing implementation of T-MSIS has been a significant, multiyear effort. CMS continues to take steps to assess and improve data quality. CMS identified 32 top priority items that are critical for program oversight, including data related to beneficiary and provider eligibility and MCO reporting. CMS established standards for each of these items and monitors states’ progress in submitting data that meet them.
CMS notifies states of their compliance status with these priority items and can require states to submit state plans of action to correct areas of noncompliance. In January 2021, we reported that states’ data submissions have improved steadily for most of these items. States continue to face challenges reporting accurate information for certain priority items, such as items related to MCO payments and services, underscoring the need for improvement.
What Remains to Be Done
Since designating Medicaid as a high-risk area in 2003, we have made at least 42 recommendations related to Medicaid data, 15 of which were open as of December 2020. To improve the quality of Medicaid data for use in program oversight, CMS needs to, among other things:
- continue efforts to assess and improve T-MSIS data and articulate specific plans and associated time frames for using T-MSIS data for broad program oversight; and
- provide states with information on: (1) scope and methodology requirements for MCO encounter data audits, (2) required content of the annual assessment report, and (3) circumstances under which federal matching funds can be deferred or disallowed in response to noncompliant encounter data submissions.
Related GAO Products
Medicaid: Data Completeness and Accuracy Have Improved, though Not All Standards Have Been Met. GAO-21-196. Washington, D.C.: January 14, 2021.
Medicaid: CMS Needs More Information on States’ Financing and Payment Arrangements to Improve Oversight. GAO‑21‑98. Washington, D.C.: December 7, 2020.
Medicaid Program Integrity: Action Needed to Ensure CMS Completes Financial Management Reviews in a Timely Manner. GAO‑21‑17. Washington, D.C.: October 14, 2020.
Medicaid Providers: CMS Oversight Should Ensure State Implementation of Screening and Enrollment Requirements. GAO‑20‑8. Washington, D.C.: October 10, 2019.
Medicaid: Additional CMS Data and Oversight Needed to Help Ensure Children Receive Recommended Screenings. GAO‑19‑481. Washington, D.C.: August 16, 2019.
Medicaid Payment: CMS Has Not Overseen States’ Implementation of Changes to Third-Party Liability. GAO‑19‑601. Washington, D.C.: August 9, 2019.
Medicaid Demonstrations: Approvals of Major Changes Need Increased Transparency. GAO‑19‑315. Washington, D.C.: April 17, 2019.
Medicare and Medicaid: CMS Should Assess Documentation Necessary to Identify Improper Payments. GAO‑19‑277. Washington, D.C.: March 27, 2019.
Medicaid: CMS Should Take Steps to Mitigate Program Risks in Managed Care. GAO‑18‑291. Washington, D.C.: May 7, 2018.
Improving and Modernizing Federal Disability Programs
Bookmark:Management attention and efforts are needed across the government to ensure that disability programs provide benefits in a timely manner, reflect current ideas about disability, and achieve positive employment outcomes.
| Why Area Is High Risk An estimated 13 percent of Americans had a disability in 2018. Many of these Americans need help finding or retaining employment, or rely on cash benefits if they cannot work. However, federal disability programs struggle to meet their needs. Three of the largest federal disability programs—two managed by SSA and one by VA—dispensed about $290 billion in cash benefits during fiscal year 2019, and about 19 million people with disabilities were receiving benefits through the programs at the end of 2019. Both agencies struggle to manage their workloads and make timely decisions on benefit claims. In addition, when determining whether individuals qualify for disability benefits, SSA and VA rely on outdated criteria. While both agencies have efforts underway to update medical or occupational information used to make eligibility decisions, they continue to rely on information that can be decades old. In addition to the aforementioned cash benefit programs, we previously identified more than 40 programs managed by nine different agencies that provide a patchwork of employment support for people with disabilities. We reported in 2012 that these programs lacked a unified vision, strategy, or set of goals to guide their outcomes. We designated improving and modernizing federal disability programs as high risk in 2003. Contact Information For additional information about this high-risk area, contact Elizabeth H. Curda at (202) 512-7215 or curdae@gao.gov. |
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.
Ratings also remain the same since 2019 for each of the five segments that form the federal disabilities high-risk area.
Two of the segments are for the Social Security Administration (SSA) and the Department of Veterans Affairs (VA) efforts to manage disability claims workload; two additional segments are for SSA and VA efforts to update disability benefit eligibility criteria; and the fifth segment is for the Office of Management and Budget’s (OMB) efforts to develop unified strategies and goals.
Managing Disability Claims Workloads (SSA)
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.
Leadership commitment: met. SSA moved forward the target year for meeting its goal of processing appeals within 270 days from fiscal year 2022 to 2021. SSA also included eliminating its disability appeals backlog as a key initiative in its fiscal year 2021 annual performance plan.
Capacity: partially met. SSA officials reported that about 1,500 staff were hired in fiscal year 2019 to process initial disability claims, in part, to address increased workload needs in some states. At the same time, they reported having about 600 fewer staff for processing appeals compared to the previous year. SSA also adjusted operations in fiscal year 2020 due to disruptions from the Coronavirus Disease 2019 (COVID-19) pandemic, for example, by increasing the use of telework, pausing in-person medical exams, and conducting hearings by phone. However, we reported in November 2020 that officials involved in processing disability claims have experienced challenges maintaining operations under the pandemic, for example, due to lack of technology for teleworking staff and difficulty scheduling and conducting phone hearings.
Action plan: partially met. SSA’s 2018-2019 appeals plan reiterated the agency’s commitment to addressing its appeals backlog and highlighted actions taken so far, including improvements in information technology. In addition, as of December 2020, SSA had made progress implementing our July 2017 recommendations related to its expansion of service delivery methods but has not completed its efforts. For example, SSA still needs to develop a long-term field office facilities plan that accounts for claimants’ increasing use of remote services and complete system enhancements to ensure the effectiveness of online services.
Monitoring: met. SSA continues to monitor and report on timeliness against goals for processing initial disability claims and appeals.
Demonstrated progress: partially met. SSA demonstrated mixed progress managing initial claims and appeals both pre- and post-pandemic. Pre-pandemic, SSA’s inventory of pending initial claims increased by 14 percent between the end of fiscal years 2017 and 2019. Over the same period, the number of pending appeals decreased by 46 percent, and appeals processing time improved from 605 to 506 days.
As a result of pandemic-related disruptions, officials reported that pending initial claims increased further—by around 35 percent—from the end of fiscal year 2019 to July 2020. In contrast, pending appeals continued to decline—by about 23 percent. Officials stated that SSA did not meet its fiscal year 2020 performance goals for either initial claims or appeals. In addition, substantial progress will be needed for SSA to reach its goal of processing appeals within 270 days by the end of fiscal year 2021.
What Remains to Be Done
Since 2003, we have made 35 recommendations related to this high-risk segment. As of December 2020, seven remain open.
Consistent with these recommendations and ongoing agency efforts, SSA should continue to develop and implement plans for managing its workloads, particularly in light of disruptions caused by the pandemic. Specifically, SSA should continue to:
- refine and implement plans to address its appeals backlog; and
- conduct facilities planning and implement enhancements related to remote service delivery, which could also help address potential future disruptions to initial claims and appeals processing.
Managing Disability Claims Workloads (VA)
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.
Leadership commitment: met. VA leadership has continued to focus on reducing its inventory and backlog of initial disability claims and appeals of claims decisions. For example, in fiscal year 2020 VA created an Executive Advisory Board comprised of senior executive-level staff to guide VA’s effort to address issues related to the high-risk designation.
Capacity: partially met. Since our 2019 High-Risk Report, VA continued building its capacity to process initial claims by hiring nearly 700 staff, expanding its contract exam capacity, and improving information technology to enhance productivity. In 2019, VA implemented legislation to streamline the appeals process, and has hired more than 1,700 staff at the Veterans Benefits Administration (VBA) and the Board of Veterans’ Appeals (Board) to process appeals.
However, VA’s capacity to address initial claims and appeals is being hindered by surges in other workloads, such as Blue Water Navy claims from veterans who served in the offshore waters of the Republic of Vietnam for illnesses linked to Agent Orange exposure, and by COVID-19 preventive measures, such as social distancing and delayed in-person exams and hearings.
Action plan: partially met. In 2019, VA analyzed factors contributing to this high-risk designation and identified six root causes related to the appeals workload. VA addressed its first root cause—constraints due to the legacy appeals process—by implementing a new appeals process and associated plans for new and legacy appeals.
In October 2020, VA provided us with action plans to address the five other root causes it had identified for new and legacy appeals and a separate plan to address COVID-19-related challenges. The root cause analysis and action plans are a key step toward resolving this high-risk area. However, VA’s action plans contained information gaps, such as incomplete solutions to manage surges in initial claims workloads and unclear metrics and milestones.
Monitoring: partially met. VA monitors workloads and the timeliness of initial claims and legacy appeals and has set timeliness goals for some, but not all, of its five appeals options. Board officials said they will establish timeliness goals for the remaining appeal options by March 2021.
VA has made progress in monitoring workloads and performance, but it has not fully addressed our March 2018 priority recommendation to assess the efficacy of the new and legacy appeals processes. Further, VA’s October 2020 action plans lacked clear metrics and milestones, which are needed to help assess and report progress.
Demonstrated progress: partially met. VA has made progress on reducing backlogs for initial claims and appeals. VA reported that it reduced the backlog of initial disability claims from a high of about 611,000 in March 2013 to less than 100,000 in March 2020. Further, VA reduced processing times from an average of 378 days in fiscal year 2013 to 106 days in fiscal year 2019. Through its appeals reform efforts from March 2019 through June 2020, VA increased productivity and reduced inventories. The inventory of legacy appeals decreased at VBA from 268,914 to 89,242 and at the Board from 113,897 to 110,368.
A surge in claims workloads due in part to pandemic-related issues could threaten VA’s progress. For example, the number of backlogged initial claims doubled between March and September 2020. Similarly, in fiscal year 2020, the Board fell short of its production goal by 8,600 hearings. In our continuing work to monitor this area, we determined that VA could take additional steps to develop documented contingency plans for workload surges and demonstrate that it is effectively addressing root causes contributing to the high-risk designation.
What Remains to Be Done
Since 2003, we have made 69 recommendations related to managing VA workloads. As of December 2020, 10 remain open, including two priority recommendations on appeals reform. VA should continue developing and implementing plans to address its workloads at both levels. This includes:
- developing detailed plans to maintain capacity during surges of initial claims;
- comparing the efficacy of the new and legacy appeals processes; and
- developing plans to fully address risks to capacity, including veterans choosing more resource-intensive appeals options.
Updating Disability Benefit Eligibility Criteria (SSA)
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.
Leadership commitment: met. SSA has maintained leadership focus on updating the medical, occupational, and, more recently, vocational criteria that define eligibility for disability benefits.
Capacity: met. SSA added staff to continuously update its medical criteria. SSA also continues to work with the Bureau of Labor Statistics (BLS) to update—and eventually maintain—occupational criteria.
Action plan: partially met. SSA has goals for reviewing its medical criteria on a 3-to-5-year cycle and for refreshing data underlying the occupational criteria on a 5-year cycle. SSA also reported plans to implement new occupational criteria concurrently with new vocational criteria and expects to issue a proposed rule for updating its vocational criteria sometime in fiscal year 2021. However, SSA has not shared with us either documentation or details on how it will develop this proposed rule, or a plan or timeline for concurrently implementing new occupational and vocational criteria.
Monitoring: met. SSA continues to track progress on modernizing its medical and occupational eligibility criteria, for example, through monthly progress reports under its agreement with BLS.
Demonstrated progress: partially met. According to SSA, the agency has produced comprehensive updates of its medical criteria over the past decade for 11 of the 14 body systems (listings of diseases and disorders in each part of the body). Rulemaking efforts are underway for the remaining systems. However, SSA often extended dates for rulemaking beyond its goal of a 3-to-5-year cycle.
SSA generally met its timelines for developing occupational criteria in conjunction with BLS. However, SSA’s plan to issue a related proposed rule on vocational criteria sometime in fiscal year 2021 rather than 2020 will delay implementation of both new vocational and new occupational criteria.
What Remains to Be Done
Since 2003, we have made seven recommendations related to this high-risk segment, all of which were implemented. SSA should continue ongoing efforts to update its disability criteria. Specifically, SSA should:
- ensure capacity aligns with goals for reviewing and, when necessary, updating body system rules on a 3-to-5-year cycle; and
- share details on steps taken to develop new vocational criteria and plans for concurrently implementing vocational and occupational criteria.
Updating Disability Benefit Eligibility Criteria (VA)
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.
Leadership commitment: met. VA leadership has sustained its focus on updating its eligibility criteria to reflect advancements in medicine and changes in the labor market. The criteria is used to assign a degree of disability and a compensation level for veterans with service-connected injuries or conditions.
Capacity: partially met. In April 2020, VA established a program office to manage the continuous update of medical criteria and earnings loss information, and filled more than two-thirds of the 26 planned positions as of December 2020. VA officials report that they have streamlined the process for developing proposed regulations to update the body systems. VA officials also said they finalized a data sharing agreement with the Census Bureau and are finalizing one with SSA to access new data sources to study earnings loss. However, VA’s action plans do not contain enough detail on the resources and time needed to complete these studies and update the criteria.
Action plan: partially met. In October 2020, VA submitted action plans to us for each of the six root causes related to modernizing its criteria, an important step for addressing the underlying factors that contribute to this area of concern. However, the plans lacked key elements, such as clear metrics and milestones.
Monitoring: partially met. VA has developed a project management system to monitor its progress on the current medical criteria update and to revisit these criteria at least once every 10 years, which partially addresses one identified root cause. VA’s October 2020 action plans lacked clear metrics and milestones for monitoring progress demonstrated against its plans, particularly for its earnings loss studies.
Demonstrated progress: partially met. VA has taken actions to strengthen its management functions to keep the updates on course and address root causes associated with past delays. As of December 2020, VA reported that it had updated the medical information for regulations covering eight of the 15 body systems. VA officials said they plan to complete the update for the remaining body systems by 2023. However, VA’s efforts to fully update the criteria are 7 years behind its initial timetable.
VA also continues to study earnings loss. As of December 2020, VA has completed studying eight of more than 700 diagnostic codes in the criteria. However, of these eight codes, information for six is unreliable and nongeneralizable, and VA has not updated the criteria with the usable results.
What Remains to Be Done
Since 2003, we have made three recommendations related to modernizing disability criteria, all of which were implemented. VA should continue to develop and implement plans for updating medical criteria and earnings loss information. This includes:
- dedicating sufficient resources to this effort;
- developing a viable plan for monitoring progress in updating earnings loss information; and
- refining plans to revisit medical criteria at least once every 10 years.
Programs with Unified Strategies and Goals (OMB)
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.
Leadership commitment: partially met. OMB reported that the previous administration has continued to pursue legislative changes and has taken some actions to improve collaboration across federal agencies and support employment of people with disabilities.
However, proposed legislative changes have not been enacted, and OMB does not have (1) a larger vision for coordinating more than 40 programs that provide similar services to support employment of people with disabilities, and (2) overarching, government-wide goals and strategies that could help spur more efficient service delivery across these different programs, and improve employment for people with disabilities in both federal and nonfederal sectors. Taking action in this area is especially important given that employment of people with disabilities fell faster and remains lower than for those without disabilities during the COVID-19 pandemic.
Capacity: partially met. According to OMB, agencies are coordinating on several demonstration projects that may inform the development of consistent goals and measures for federal programs that support employment for people with disabilities. OMB also noted that SSA is developing a set of metrics to assess employment and other outcomes across its demonstration projects, and that these metrics could broadly inform federal efforts to set goals. However, OMB did not specify whether or how it will use results from SSA’s and other agencies’ demonstration projects to establish government-wide goals.
Action plan: not met. OMB has not yet led or coordinated an executive branch effort to establish government-wide goals and associated plans for the employment of people with disabilities outside of the federal sector. OMB reported that new cross-agency priority goals may be considered when developing the next President’s Management Agenda, but OMB did not indicate any plans to consider such goals for the employment of people with disabilities.
Monitoring: partially met. OMB reported that the Department of Labor (DOL) oversees progress toward a 2013 goal for individuals with disabilities to comprise 7 percent of the workforce for federal contractors and subcontractors. Specifically, DOL assesses whether contractors are making good faith efforts to meet this goal and identifies any best practices through regular compliance evaluations. DOL reported in December 2020 that about 17 percent of the contractors the agency reviewed that provided utilization data in fiscal year 2020 met the 7 percent goal.
Demonstrated progress: partially met. In June 2020, we reported that the federal government exceeded a prior goal for hiring people with disabilities in the federal sector. However, we also found that the Office of Personnel Management (OPM) does not routinely track or report the extent to which these new hires stay in their jobs. OMB officials stated that they are not considering any job retention strategies or goals beyond OPM efforts to track data on federal hiring and retention of people with disabilities.
What Remains to Be Done
We identified two actions in February 2012 that needed to be addressed by OMB related to this high-risk segment as part of our work on opportunities to reduce fragmentation, overlap, and duplication in the federal government. In June 2020, we also made one related recommendation to OPM. As of December 2020, one action for OMB and the recommendation to OPM remain open. Specifically:
- OMB should lead or coordinate the development of a set of unifying, government-wide goals for employment of people with disabilities; and
- OPM should routinely track and report retention data for federal employees with disabilities, and make such data available to federal agencies, which could help the administration monitor progress in this area.
Related GAO Products
Social Security Disability: Information on Wait Times, Bankruptcies, and Deaths among Applicants Who Appealed Benefit Denials. GAO‑20‑641R. Washington, D.C.: August 13, 2020.
Disability Employment: Hiring Has Increased but Actions Needed to Assess Retention, Training, and Reasonable Accommodation Efforts. GAO‑20‑384. Washington, D.C.: June 11, 2020.
Social Security Disability: Action Needed to Help Agency Staff Understand and Follow Policies Related to Prescription Opioid Misuse. GAO‑20‑120. Washington, D.C.: January 9, 2020.
VA Disability Compensation: Actions Needed to Enhance Information about Veterans’ Health Outcomes. GAO‑20‑26. Washington, D.C.: December 16, 2019.
VA Disability Exams: Improved Performance Analysis and Training Oversight Needed for Contracted Exams. GAO‑19‑13. Washington, D.C.: October 12, 2018.
Veterans’ Disability Benefits: Better Measures Needed to Assess Regional Office Performance in Processing Claims. GAO‑19‑15. Washington, D.C.: October 3, 2018.
Pension Benefit Guaranty Corporation Insurance Programs
Bookmark:The financial stability of the Pension Benefit Guaranty Corporation’s multiemployer and single employer programs faces many structural challenges that require congressional action.
| Why Area Is High Risk With about $147 billion in assets, PBGC’s portfolio is one of the largest of any federal government corporation. Through its single-employer and multiemployer insurance programs, PBGC insures the pension benefits of more than 34 million American workers and retirees who participate in about 24,600 private-sector defined benefit plans. However, PBGC’s financial future remains uncertain, due in part to the collective risk of the many underfunded pension plans PBGC insures and a long-term decline in the number of traditional defined benefit plans. According to PBGC projections, it is nearly certain that the multiemployer program does not have the needed resources to satisfy the agency's long-term obligations. At the end of fiscal year 2020, PBGC’s net accumulated financial deficit was $48.3 billion—an improvement of $8.2 billion since the end of fiscal year 2019. The multiemployer program, composed of about 1,400 plans, accounted for a deficit of nearly $63.7 billion—an improvement of $1.4 billion since 2019. The single-employer program, composed of about 23,200 plans, accounted for a surplus of $15.5 billion, $6.8 billion more than 2019. However, PBGC estimated that this program’s exposure to potential future losses was $176.2 billion. We designated the single-employer program as high risk in 2003 and the multiemployer program in 2009. Contact Information For additional information about this high-risk area, contact Tranchau (Kris) T. Nguyen at (202) 512-7215 or nguyentt@gao.gov. |
As in prior High-Risk Reports, we do not rate this high-risk area because addressing the identified issues primarily involves congressional action. The Pension Benefit Guaranty Corporation (PBGC) faces both an immediate and critical challenge with its multiemployer program and long-term risks with its single-employer program.
Multiemployer Program
In a March 2013 report on PBGC’s multiemployer program, we recommended that Congress consider comprehensive and balanced structural reforms to reinforce and stabilize the multiemployer system.
In 2014, Congress took action to address this growing crisis by passing the Multiemployer Pension Reform Act (MPRA) that enacted several reforms responsive to our report. Specifically, MPRA provided severely underfunded plans, under certain conditions and only with the approval of federal regulators, the option to reduce the retirement benefits of current retirees to avoid plan insolvency.
The act also expanded PBGC’s ability to intervene when plans are in financial distress. In addition, MPRA more than doubled the flat-rate, or per-participant, premiums paid by multiemployer plans to PBGC’s insurance program and provided for future increases indexed to inflation.
While passage of MPRA helped the financial situation of the multiemployer program, the underlying financial issues facing the program are far from resolved. As of the end of fiscal year 2020, the multiemployer program had a net deficit of $63.7 billion (see fig. 10), and PBGC still projects a looming program insolvency. Based on fiscal year 2019 projections—the latest available—PBGC officials reported there is a 78 percent chance that the program will be insolvent by the year 2026, and insolvency will be a near certainty by the end of 2027.
According to PBGC, the enactment of the Bipartisan American Miners Act of 2019 delayed the projected insolvency of the multiemployer program, primarily by providing federal funding for the United Mine Workers Plan. This improved PBGC’s net financial position by at least $6.0 billion. PBGC’s projections of multiemployer program insolvency do not, however, include any fiscal year 2020 information reflecting the economic effects of—or the federal response to—the coronavirus disease 2019 (COVID-19) pandemic, which may affect the program’s estimated insolvency date.
If the multiemployer program becomes insolvent, participants in insolvent pension plans that receive financial assistance from PBGC will receive a small fraction of current statutory guarantees. PBGC’s fiscal year 2019 projections show that in 2027 the program’s income from premiums would cover less than 14 percent of financial assistance.
Guaranteed benefits in the multiemployer program depend on the years of service a participant earned through qualifying work; the maximum guarantee is currently $12,870 per year for a retiring participant with 30 years of service. PBGC estimates that, under its projection, insolvency of the multiemployer program would result in most participants receiving less than $2,000 per year and in many cases, much less.
Single-Employer Program
Although the net financial position of PBGC’s single-employer program has improved from its highest recorded deficit of about $29.1 billion in 2012 to a $15.5 billion surplus as of the end of fiscal year 2020, the program continues to face ongoing financial risk from the potential termination of large underfunded plans. PBGC estimates that, as of the end of fiscal year 2020, the program is exposed to $176.2 billion of future claims from underfunded plans sponsored by companies with credit ratings below investment grade, an increase of $21.5 billion from the end of fiscal year 2019.
The single employer program has not experienced many large underfunded plan terminations recently, allowing the program to build a surplus, but PBGC's experience shows that the single-employer program’s condition can change quickly and precipitously. For example, the spate of plan terminations in the airline and steel industries from 2001 through 2006 resulted in the program incurring more than $20 billion of net claims. The ongoing economic effects of COVID-19 could affect both plan sponsors’ ability to fund their plans sufficiently and to stay in business, creating risks to the single employer program for the foreseeable future.
Further, PBGC continues to face long-standing, structural challenges due to an overall decline in the defined benefit pension system. The number of single- and multiemployer plans have declined significantly over many decades. Since 1985, there has been a 78 percent decline in the number of plans insured by PBGC—from about 114,400 plans to about 24,600 plans in 2020. In addition, a smaller proportion of program participants are active employees; about 71 percent were active workers in 1985 compared to about 35 percent in 2017, the most recent year available.
Premium Structure
The structure of PBGC’s premium rates—a key component of its funding—has long been another area of concern. Despite periodic increases in premium rates, which are set according to statute, the premiums do not align with the multiplicity of risks PBGC insures against. Under the current premium structure for its multiemployer program, PBGC collects from sponsors only a per-participant flat-rate premium; the plan’s level of funding does not affect the premium sponsors pay.
Under the current premium structure for its single-employer program, PBGC collects from sponsors a per-participant flat-rate premium and a variable-rate premium that is based on a plan’s level of underfunding. To date, no legislation has been enacted to incorporate additional risk factors, such as company financial health or plan investment mix, into PBGC’s premium structure.
Governance Issues
PBGC’s governance structure is another area of weakness noted in several of our past reports. We have long recommended that PBGC’s board—currently composed of the Secretary of Labor, the Secretary of the Treasury, and the Secretary of Commerce—be expanded to include additional members who possess diverse knowledge and expertise useful to PBGC’s mission, such as knowledge in strategic risk assessment and management. We have long emphasized that PBGC requires strong and stable leadership to ensure it can meet its future financial challenges.
What Remains to Be Done
Concerns with PBGC’s multiemployer program are becoming increasingly urgent. Concerns also remain about PBGC’s overall funding structure and governance. Absent additional steps to improve PBGC’s finances, the long-term financial stability of the agency remains uncertain and the retirement benefits of millions of American workers and retirees could be at risk of dramatic reductions.
Congressional Actions Needed
As we have previously recommended, Congress should consider improving the long-term financial stability of both of PBGC’s insurance programs by
- enacting additional structural reforms to reinforce and stabilize the multiemployer system in a way that balances the needs and potential sacrifices of contributing employers, participants, and the federal government;
- authorizing a redesign of PBGC’s premium structure to better align premium rates with risk;
- strengthening funding requirements for plan sponsors, as appropriate given national economic conditions;
- working with PBGC to develop a strategy for funding PBGC claims over the long term; and
- adopting additional changes to PBGC’s governance structure—in particular, expanding the composition of its board of directors.
Related GAO Products
Central States Pension Fund: Investment Policy Decisions and Challenges Facing the Plan. GAO‑18‑106. Washington, D.C.: June 4, 2018.
Central States Pension Fund: Department of Labor Activities under the Consent Decree and Federal Law. GAO‑18‑105. Washington, D.C.: June 4, 2018.
Pension Plan Valuation: Views on Using Multiple Measures to Offer a More Complete Financial Picture. GAO‑14‑264. Washington, D.C.: September 30, 2014.
Private Pensions: Timely Action Needed to Address Impending Multiemployer Plan Insolvencies. GAO‑13‑240. Washington, D.C.: March 28, 2013.
Pension Benefit Guaranty Corporation: Redesigned Premium Structure Could Better Align Rates with Risk from Plan Sponsors. GAO‑13‑58. Washington, D.C.: November 7, 2012.
Pension Benefit Guaranty Corporation: Improvements Needed to Strengthen Governance Structure and Strategic Management. GAO‑11‑182T. Washington, D.C.: December 1, 2010.
National Flood Insurance Program
Bookmark:Congress should consider comprehensive reform of the National Flood Insurance Program to improve the program’s solvency and the nation’s flood resilience. The Federal Emergency Management Agency should finalize improvements to its rate-setting methods.
| Why Area Is High Risk NFIP has experienced significant challenges because FEMA is tasked with two competing goals—keeping flood insurance affordable and keeping the program fiscally solvent. Emphasizing affordability has led to premium rates that in many cases do not reflect the full risk of loss and produce insufficient premiums to pay for claims. In turn, this has transferred some of the financial burden of flood risk from individual property owners to the public at large. Accordingly, we added this area to our High-Risk List in 2006. NFIP has had to borrow from the Department of the Treasury to pay claims from major natural disasters. As of August 2020, FEMA’s debt was $20.5 billion despite Congress having canceled $16 billion in debt in October 2017. Without reforms, the financial condition of NFIP could continue to worsen. Contact Information For additional information about this high-risk area, contact Alicia Puente Cackley at (202) 512-8678 or cackleya@gao.gov. |
Since our 2019 High-Risk Report, there have been no changes to the five criteria ratings because Congress has not yet enacted comprehensive reforms to address the spectrum of challenges confronting the National Flood Insurance Program (NFIP) and the Federal Emergency Management Agency (FEMA) has not yet completed action on key open recommendations.
Leadership commitment: partially met. FEMA leadership continues to show a commitment to implementing our recommendations by, for example, beginning to implement an updated rate-setting methodology. FEMA also continued actions to protect the program’s financial stability, such as by annually purchasing reinsurance. However, Congress has yet to enact comprehensive program reforms related to areas such as premium rates, affordability, and consumer participation.
Capacity: partially met. While FEMA has shown a commitment to acting on key recommendations, delays in fully implementing them reflect limitations in FEMA’s capacity. For example, after multiple delays, FEMA’s effort to modernize NFIP’s insurance policy and claims management system ultimately took 17 years to complete. Similarly, FEMA’s implementation of an updated rate-setting methodology, which relates to our October 2008 recommendation, has been postponed to October 2021. Responding to multiple natural disasters and Coronavirus Disease 2019 (COVID-19) can strain FEMA’s capacity as many FEMA staff are deployed during disasters, which diverts resources from other activities.
Action plan: partially met. FEMA identified actions to address our recommendations and tracks outstanding recommendations through an internal control program to guide its efforts. Multiple times a year, FEMA provides us with updates on actions taken and expected timelines for completion. For example, FEMA tracks and provides us with periodic updates on its efforts to update its methodology for calculating premium rates.
Beyond tracking individual recommendations, however, FEMA still lacks a comprehensive plan to address the issues that placed NFIP on our High-Risk List. Such a plan could help FEMA define causes, identify solutions, and establish metrics for evaluating their effectiveness.
Monitoring: partially met. FEMA has a process to monitor progress in implementing our recommendations, as we noted earlier. However, FEMA lacks a broader process to evaluate the effectiveness and sustainability of its corrective actions. Such a process would help ensure that corrective actions, once taken, have the intended effect.
For example, FEMA could monitor its progress toward outcomes as part of its updated rate-setting method. These intended outcomes include encouraging homeowners to purchase adequate coverage and promoting investment in flood mitigation.
Demonstrated progress: partially met. FEMA has taken steps to implement many of our recommendations, for example, by addressing a potential challenge that we identified in July 2016 for consumers seeking premium refunds when they switch from an NFIP policy to private flood insurance. However, FEMA’s efforts to address our recommendations in other areas are still not complete.
For example, in October 2008 we recommended that FEMA ensure that its premium rate-setting methods accurately reflect the risk of flood losses. FEMA had targeted 2020 to begin implementing an updated premium rate-setting methodology, but postponed these changes until October 2021 to more closely analyze the potential effect on policyholders.
Congress has passed several short-term reauthorizations, most recently when the program was set to expire on September 30, 2020. However, Congress has yet to enact comprehensive reforms related to the six areas we identified in April 2017 (program debt, full-risk-rates, affordability, consumer participation, private-sector involvement, and flood mitigation).
What Remains to Be Done
Over the years since we added this area to our High-Risk List, we have made numerous recommendations related to this high-risk issue. As of December 2020, 14 recommendations were open. NFIP has improved in a number of areas, but to demonstrate progress, FEMA should
- develop a comprehensive plan for actions the agency can take to address the issues that placed NFIP on the High-Risk List;
- initiate broader monitoring of the effectiveness and sustainability of actions to implement our recommendations; and
- continue ongoing efforts to implement updated NFIP rate-setting methods.
Congressional Actions Needed
We have an open matter for Congress to consider from our April 2017 report that examined actions Congress and FEMA could take to reduce federal fiscal exposure and improve resilience to floods. We stated that Congress should consider comprehensive reform, which could include actions in six areas: (1) addressing the current debt; (2) removing existing legislative barriers to FEMA’s ability to revise premium rates to reflect the full risk of loss; (3) addressing affordability; (4) increasing consumer participation; (5) removing barriers to private-sector involvement; and (6) protecting NFIP flood resilience efforts. Congress has not taken action on this matter.
Related GAO Products
National Flood Insurance Program: FEMA Can Improve Community Oversight and Data Sharing. GAO‑20‑396. Washington, D.C.: May 5, 2020.
National Flood Insurance Program: Fiscal Exposure Persists Despite Property Acquisitions. GAO‑20‑508. Washington, D.C.: June 25, 2020.
Flood Insurance: Comprehensive Reform Could Improve Solvency and Enhance Resilience. GAO‑17‑425. Washington, D.C.: April 27, 2017.
Flood Insurance: Potential Barriers Cited to Increased Use of Private Insurance. GAO‑16‑611. Washington, D.C.: July 14, 2016.
Flood Insurance: FEMA’s Rate-Setting Process Warrants Attention. GAO‑09‑12 Washington, D.C.: October 31, 2008.
Managing Risks and Improving VA Health Care
Bookmark:After 6 years on our High-Risk List, the Department of Veterans Affairs (VA) still lacks a clear and comprehensive roadmap to address VA health care concerns and has not demonstrated meaningful progress.
| Why Area Is High Risk VA operates one of the largest health care systems in the nation, providing services to more than 9 million veterans who tend to have greater health care needs than the general population. Due to challenges we identified with VA’s ability to provide timely, cost-effective, and quality care, VA health care was added to the High-Risk List in 2015 with five areas of concern: (1) ambiguous policies and inconsistent processes; (2) inadequate oversight and accountability; (3) information technology challenges; (4) inadequate training for VA staff; and (5) unclear resource needs and allocation priorities. Since our March 2019 High-Risk Report, there are continuing concerns about VA’s ability to ensure the safety and protection of patients and staff, as well as to oversee its programs. VA’s management of its ongoing COVID-19 response underscores the significance of our concerns. For example, in February 2020 we reported on the challenges VA faces due to the increasing long-term care needs of veterans. We have identified problems with VA’s efficient use of funds, concerns amplified by VA’s estimate that its community care obligations will increase 45 percent from fiscal year 2018 to 2022 to total $21.3 billion. Additionally, VA has undertaken a number of major modernization initiatives, which were partly intended to address our high-risk concerns. As of September 2020, VA faces delays in implementing these efforts, such as its new electronic health record and key financial management systems. Contact Information For additional information about this high-risk area, contact Debra A. Draper at (202) 512-7114 or draperd@gao.gov, or Sharon Silas at (202) 512-7114 or silass@gao.gov. |
Since our 2019 High-Risk Report, the rating for the capacity criterion improved from not met to partially met, and ratings for the other four criteria remain unchanged.
As the new VA leadership team sets its priorities, it is critical that a senior leader with sufficient positional authority to drive organizational action is charged with addressing high-risk concerns.
This is particularly important as VA has made limited progress since 2015 in fully developing an action plan, although significant resources and time have been devoted to developing one.
The action plan VA approved in October 2020 included key components for most areas of concern; however, we identified deficiencies with these components. The action plan also lacked thorough integration with VA’s modernization initiatives.
Without a clear roadmap, VA cannot effectively monitor its efforts or demonstrate progress. We have made 432 recommendations related to VA health care since 2010, 129 of which remained open as of December 2020.
Section 7007 of the Johnny Isakson and David P. Roe, M.D. Veterans Health Care and Benefits Improvement Act of 2020, enacted in January 2021, requires VA to submit to Congress a plan addressing certain high-risk areas and provide annual updates on its progress, which provides an important oversight mechanism for VA’s high-risk efforts.
Ambiguous Policies and Inconsistent Processes
Since our 2019 High-Risk Report, ratings for one criterion—capacity—improved and the other four remain unchanged.
Leadership commitment: partially met. VA has continued to establish policy management initiatives at its Veterans Health Administration (VHA), such as the process VHA finished implementing in November 2019 to obtain feedback on national policy from all levels of the organization including the local level. With the many modernization efforts under way that will realign agency roles and responsibilities, such as VHA’s central office reorganization, it is critical that VHA’s policy management initiatives continue to receive support from senior leadership to ensure effective change management.
Capacity: partially met. VA has improved in this criterion due to the policy procedures VHA has established and maintained since 2017, such as eliminating 64 program office memos on access to care that do not conform to national policy requirements. To help accomplish its policy management initiatives, VHA uses a contract—$7.2 million in fiscal year 2020—to support its capacity needs, such as the use of professional policy writers to assist program offices. VHA relies on the continuation of this contractor support to make progress in this area of concern and to maintain the policy procedures it has established.
Action plan: partially met. VA’s action plan includes key components to address ambiguous policies and inconsistent processes, but we identified a number of deficiencies with these components. For example, the action plan does not provide interim steps or milestones for several actions listed as “in progress,” such as identifying responsibilities for policy implementation by the end of fiscal year 2021.
Monitoring: not met. In its action plan, VA described monitoring activities for this area of concern, but did not link those activities to performance measures. In addition, VA noted that it is establishing monitoring procedures, such as plans for collecting documentation of demonstrated progress for each area of concern.
Demonstrated progress: not met. VA cannot show that it is addressing root causes, because its action plan does not include all critical actions or milestones. Our work has indicated continuing policy management issues, and since 2019, we have made 20 recommendations to address these issues. For example, in June 2019, we found that VHA does not have a comprehensive policy defining the roles and responsibilities of the regional networks that manage and oversee VA medical facilities, which makes it difficult to ensure adequate monitoring of the activities of these regional networks.
We recommended that VHA develop such a policy to ensure that it can adequately monitor these regional networks. VA concurred in principle with this recommendation, which remains open.
What Remains to Be Done
We have made 112 recommendations related to this area of concern since 2010. As of December 2020, 37 recommendations remained open. In addition to implementing those recommendations, VA should ensure it has a clear roadmap for accomplishing its policy management initiatives.
Inadequate Oversight and Accountability
Since our 2019 High-Risk Report, ratings for two criteria regressed and three remain unchanged.
Leadership commitment: not met. Since 2019, VA has regressed in this criterion as the Under Secretary for Health position has remained unfilled; instead, VA has had an Executive-in-Charge leading VHA, including its high-risk efforts and major modernization initiatives. Turnover in the senior executives leading high-risk efforts that occurred after root causes and outcomes were established makes leadership commitment in this area of concern unclear.
Capacity: not met. VA had taken steps to establish initial compliance, internal audit, and risk management activities (central components of the agency’s oversight and accountability model) prior to 2019. However, VA’s action plan indicates it has made minimal progress since that time to further develop these activities, and VA has not clearly identified capacity needs for most outcomes in this area of concern.
Action plan: not met. Since 2019, VA has regressed in this criterion as it has not developed the key components of an action plan. Specifically, the action plan did not include thoroughly developed critical actions, milestones, or performance measures to reach its stated outcomes. For example, the action plan states that VHA governance will ensure accountability with its requirements by the end of fiscal year 2020. However, the plan only included one critical action—that its high-risk workgroup identify and collaborate with relevant stakeholders. VA also did not establish any performance measures or metrics. As a result, it is unclear how VA intends to achieve this outcome.
Monitoring: not met. In its action plan, VA included a few monitoring activities for this area of concern, such as reviewing corrective actions. However, the action plan does not say who is responsible for these activities or how VA will track progress on them.
Demonstrated progress: not met. VA cannot show that it is addressing root causes due to the lack of details in its action plan. Our work has indicated continuing oversight and accountability issues, and since 2019, we have made 30 recommendations to address these issues. For example, in September 2020, we found that VA does not have a full understanding of the prevalence and nature of on-campus suicides, hindering its ability to address them. We made three recommendations for VA to obtain accurate data and to complete comprehensive analyses to better understand on-campus suicides. VA agreed with two of our three recommendations, all of which remain open.
Also in September 2020, we found that the Veterans Community Care Program (implemented by VA in June 2019) has metrics to assess the timeliness of appointment scheduling that are inconsistent with scheduling guidance VA staff are instructed to follow. This deficiency limits VA’s ability to determine the effectiveness of the Veterans Community Care Program in improving access to care.
We made three recommendations to address timely access to the Veterans Community Care Program, including that VA align its monitoring metrics with the time frames established for the program’s scheduling process. VA did not concur that it should align metrics with its scheduling process because it already monitors the timeliness of key steps. Because VA’s response does not fully address our recommendation, such as establishing time frames to account for the entire appointment scheduling process, this recommendation remains open. We maintain that VA should implement the recommendation in order to achieve its goal of reducing veterans’ wait times.
What Remains to Be Done
We have made 179 recommendations related to this area of concern since 2010. As of December 2020, 49 recommendations remained open. In addition to implementing those recommendations, VA should demonstrate commitment to oversight and accountability by ensuring it has a clear roadmap that identifies what needs to be done and how it will accomplish these activities.
Congressional Actions Needed
Our findings from September 2020 showed that the Veterans Community Care Program is experiencing the same concerns we previously identified with VA’s prior community care program related to monitoring the timeliness of veterans’ access to community care. We suggested that Congress take action to address these long-standing oversight concerns by requiring VA to establish an overall wait-time performance measure for veterans to receive care under the Veterans Community Care Program. Section 3101 of the Johnny Isakson and David P. Roe, M.D. Veterans Health Care and Benefits Improvement Act of 2020 enacted in January 2021 requires VA to establish by March 5, 2021, an appointment scheduling process for this program, including the maximum number of days allowed to complete each step of the process.
Information Technology Challenges
Since our 2019 High-Risk Report, ratings for two criteria improved and three remain unchanged.
Leadership commitment: partially met. VA has improved in this criterion due to leadership stability in the Chief Information Officer position. VA has a number of information technology initiatives under way to address VHA’s critical business needs, such as electronic health record modernization, community care, and legacy systems. Therefore, it is critical that VA maintain leadership support to prioritize and meet VHA’s information technology needs, including electronic health record modernization efforts delayed in early 2020 and then again due to the COVID-19 pandemic, affecting the implementation of this $16.1 billion initiative. This leadership support is particularly important during the administration transition as the Chief Information Officer position must be appointed.
Capacity: partially met. VA has improved in this criterion due to the significant funding and staff resources provided to electronic health record modernization, with initial deployment of the system taking place in late October 2020 at the first of over 100 locations. However, this effort and the resources needed are still in the early stages.
Action plan: partially met. VA’s action plan includes key components to address information technology challenges, but we identified a number of deficiencies with these components. For example, the action plan states that VA will reduce the number of duplicative information technology systems, but does not establish milestones or a target by which to measure progress toward this outcome. The action plan also states that VA intends to work with internal stakeholders and workgroups on information technology system modernization, but does not provide details on how it will do so.
Monitoring: not met. In its action plan, VA described monitoring activities for most outcomes in this area of concern, but did not link those activities to performance measures. In addition, VA noted that it is establishing monitoring procedures, such as plans for collecting documentation of demonstrated progress for each area of concern.
Demonstrated progress: not met. VA cannot show that it is addressing root causes, because its action plan does not include all critical actions or milestones. Our work has indicated a number of information technology issues, and since 2019, we have made five recommendations to address these issues. For example, in June 2020, we found that VA did not always involve all relevant stakeholders in system configuration decisions for its future electronic health record. Stakeholders, including medical facility clinicians and staff, need to be involved in these decisions to ensure the system will meet their needs.
We recommended that VA take steps to clarify terminology and include adequate detail in descriptions of local workshop sessions for implementation at future facilities. VA agreed with our recommendation, which remains open.
What Remains to Be Done
We have made 26 recommendations related to this area of concern since 2010. As of December 2020, 16 recommendations remained open. In addition to implementing those recommendations, VA should demonstrate commitment to addressing its information technology challenges by ensuring it has a clear roadmap for accomplishing these activities.
Inadequate Training for VA Staff
Since our 2019 High-Risk Report, ratings for two criteria improved and three remain unchanged.
Leadership commitment: partially met. VA has improved in this criterion due to leadership stability since March 2019 in the Chief Learning Officer position and the governance structures it has maintained, such as learning councils made up of program office training staff. However, VA still lacks an enterprise-wide annual training plan, a central initiative for achieving the agency’s identified outcomes.
Capacity: partially met. VA has improved in this criterion due to the working groups and task forces with specific responsibilities VHA has established and maintained for carrying out its training initiatives. These initiatives are highly reliant on organization-wide collaboration, such as from contracting, finance, and policy offices. VA also relies on contracts to support its training initiatives—$1.18 million in fiscal year 2020—that it included as a key capacity item to ensure progress toward its outcomes.
Action plan: partially met. While key components were included for this area of concern in VA’s action plan, we identified a few deficiencies. For example, VA’s critical actions are not linked to its performance measures, making it unclear which activities will enable it to assess progress toward meeting its outcomes.
In addition, the majority of milestones VA included for this area of concern were for activities projected to be completed in fiscal year 2020 or 2021, which may not provide a realistic time frame for what VA is able to accomplish or provide a sufficient roadmap for how VA plans to proceed.
Monitoring: not met. In its action plan, VA described monitoring activities for this area of concern, but did not link those activities to performance measures. In addition, VA noted that it is establishing monitoring procedures, such as plans for collecting documentation of demonstrated progress for each area of concern.
Demonstrated progress: not met. VA cannot show that it is addressing root causes, because its action plan does not contain realistic milestones or align performance measures with critical actions. Our work has identified a number of training issues, and since 2019, we have made six recommendations to address these issues.
For example, in July 2020, we found that VA had not sufficiently trained compliance officers or independent auditors on reviewing disbursement agreements for its Graduate Medical Education program, which reimburses academic affiliates for medical and dental residents’ salaries and benefits. Insufficient training puts VHA at increased risk of making improper payments in this program.
We recommended that VHA develop training for both oversight mechanisms that includes general information on Graduate Medical Education programs and disbursement agreement oversight, as well as detailed information about how each review should be conducted. VA agreed with our recommendations, both of which remain open.
What Remains to Be Done
We have made 23 recommendations related to this area of concern since 2010. As of December 2020, six recommendations remained open. In addition to implementing those recommendations, VA should ensure it has a clear roadmap for improving training.
Unclear Resource Needs and Allocation Priorities
Since our 2019 High-Risk Report, ratings for one criterion improved—capacity—and the other four remain unchanged.
Leadership commitment: partially met. VA has maintained senior leadership in the Chief Financial Officer position and has established workforce policies. VHA has paused its financial management modernization efforts until other initiatives related to electronic health records and supply chain are further along, affecting a key organizational change for determining resource needs.
Capacity: partially met. VA has improved in this criterion as it has completed hiring VHA Office of Finance senior leadership and is in the process of hiring regional network-level analysts for workforce resource activities. VA is also establishing budget submission procedures, but has not clearly identified this effort’s needed resources.
Action plan: partially met. VA’s action plan includes key components to address unclear resource needs and allocation priorities, but we identified a number of deficiencies with these components. For example, over half of VA’s actions in this area of concern were “in planning” or “in progress” with a projected completion date, but the plan did not provide any interim steps or milestones of how VA would make progress toward those dates. In addition, the majority of milestones VA included were for short-term activities mostly occurring in fiscal year 2020 that, while important, do not provide a sufficient roadmap for all that needs to be accomplished and how VA plans to proceed.
Monitoring: not met. In its action plan, VA described monitoring activities for this area of concern, but did not link those activities to performance measures. In addition, VA noted that it is establishing monitoring procedures, such as plans for collecting documentation of demonstrated progress for each area of concern.
Demonstrated progress: not met. VA cannot show that it is addressing root causes, because its action plan does not include all critical actions or milestones. Our work has identified a number of issues with resource allocation, and since 2019, we have made 11 recommendations to address these issues.
For example, in September 2020, we found that VA processes for actuarial modeling—used to estimate resources for providing health care services in the community—lack steps for communicating all relevant information on data quality and overall uncertainty associated with community care budget estimates.
We recommended that VA communicate information on data quality to its actuarial consultant and assess and communicate overall uncertainty associated with actuarial projections to stakeholders. VA agreed with our recommendations, both of which remain open.
What Remains to Be Done
We have made 65 recommendations related to this area of concern since 2010. As of December 2020, 20 recommendations remained open. In addition to implementing those recommendations, VA should ensure that it has a clear roadmap for improving its resource allocation.
Related GAO Products
VA Health Care: Additional Steps Could Help Improve Community Care Budget Estimates. GAO‑20‑669. Washington, D.C.: September 30, 2020.
Veterans Community Care Program: Improvements Needed to Help Ensure Timely Access to Care. GAO‑20‑643. Washington, D.C.: September 28, 2020.
Veteran Suicide: VA Needs Accurate Data and Comprehensive Analyses to Better Understand On-Campus Suicides. GAO‑20‑664. Washington, D.C.: September 9, 2020.
VA Health Care: Actions Needed to Improve Oversight of Graduate Medical Education Reimbursement. GAO‑20‑553. Washington, D.C.: July 17, 2020.
Electronic Health Records: Ongoing Stakeholder Involvement Needed in the Department of Veterans Affairs' Modernization Effort. GAO‑20‑473. Washington, D.C.: June 5, 2020.
VA Health Care: Veterans' Use of Long-Term Care Is Increasing, and VA Faces Challenges in Meeting the Demand. GAO‑20‑284. Washington, D.C.: February 19, 2020.
Veterans Health Care: VA Needs to Improve Its Allocation and Monitoring of Funding. GAO‑19‑670. Washington, D.C.: September 23, 2019.
Veterans Health Administration: Regional Networks Need Improved Oversight and Clearly Defined Roles and Responsibilities. GAO‑19‑462. Washington, D.C.: June 19, 2019.
Appendix III: GAO’s 2021 High-Risk List
Bookmark:Source: GAO. | GAO-21-119SP
aLegislation is likely to be necessary in order to effectively address this area.
Related GAO Products
Bookmark:
The following GAO reports reflect our High-Risk Series reports issued since 2000. For additional GAO products specific to each of the 36 high-risk areas on our updated list, see our High-Risk List website, http://www.gao.gov/highrisk/.
High-Risk Series: Substantial Efforts Needed to Achieve Greater Progress on High-Risk Areas. GAO‑19‑157SP. Washington, D.C.: March 6, 2019.
High-Risk Series: Progress on Many High-Risk Areas, While Substantial Efforts Needed on Others. GAO‑17‑317. Washington, D.C.: February 15, 2017.
High-Risk Series: Key Actions to Make Progress Addressing High-Risk Issues. GAO‑16‑480R. Washington, D.C.: April 25, 2016.
High-Risk Series: An Update. GAO‑15‑290. Washington, D.C.: February 11, 2015.
High-Risk Series: An Update. GAO‑13‑283. Washington, D.C.: February 14, 2013.
High-Risk Series: An Update. GAO‑11‑278. Washington, D.C.: February 16, 2011.
High-Risk Series: An Update. GAO‑09‑271. Washington, D.C.: January 22, 2009.
High-Risk Series: An Update. GAO‑07‑310. Washington, D.C.: January 31, 2007.
High-Risk Series: An Update. GAO‑05‑207. Washington, D.C.: January 1, 2005.
High-Risk Series: An Update. GAO‑03‑119. Washington, D.C.: January 1, 2003.
High-Risk Series: An Update. GAO‑01‑263. Washington, D.C.: January 1, 2001.
Determining Performance and Accountability Challenges and High Risks. GAO‑01‑159SP. Washington, D.C.: November 1, 2000.
References
Figures
- Figure 1: Illustrative Example of High-Risk Progress Criteria Ratings
- Figure 2: Rate of Drug Overdose Deaths in the United States, 2002–2019
- Figure 3: High-Risk Areas’ Progress and Regress on High-Risk Criteria Since 2019
- Figure 4: Criteria for Removal from the High-Risk List and Examples of Actions Leading to Progres
- Figure 5: History of Areas Removed from the High-Risk List
- Figure 6: History of Areas Added to the High-Risk List, by Year
- Figure 7: Projected Cumulative Highway Trust Fund Balance, Fiscal Years 2021 through 2030
- Figure 8: U.S. Government’s Environmental Liability, Fiscal Years 2015-19
- Figure 9: Ten Critical Actions Needed to Address Four Major Cybersecurity Challenges
- Figure 10: Pension Benefit Guaranty Corporation’s (PBGC) Net Financial Position of the Single-Employer and Multiemployer Programs Combined, Fiscal Years 2000 through 2020
Tables
- 2021 High-Risk List Areas Requiring Significant Attention
- GAO’s 2021 High-Risk List
- Table 1: 2021 High-Risk Areas Rated against Five Criteria for Removal from GAO’s High-Risk List
- Table 2: 2021 High-Risk Area Ratings on Five Criteria for Removal from GAO’s High-Risk List
- Table 3: Examples of Congressional Actions Taken on High-Risk Areas
- Table 4: Examples of GAO High-Risk Area Recommendations Leading to Financial Benefits
- Table 5: Changes to the High-Risk List, 1990-2021
- Table 6: Examples of Skills Gaps Related to High-Risk Areas
- Table 7: Percent of Executive Branch Agencies That Met Timeliness Objectives for the Fastest 90 Percent of Security Clearances, Fiscal Years 2018 – 2020
- Table 8: GAO Assessment of DHS Progress in Addressing Key Outcomes
- Table 9: GAO’s 2021 High-Risk List
End Notes
Contacts
Michelle Sager
Director, Strategic Issues, sagerm@gao.gov, (202) 512-6806Congressional Relations
Orice Williams Brown, Managing Director, williamso@gao.gov, (202)-512-4400
U.S. Government Accountability Office
441 G Street NW, Room 7125, Washington, DC 20548
U.S. Government Accountability Office
441 G Street NW, Room 7125, Washington, DC 20548
Public Affairs
Chuck Young, Managing Director, youngc1@gao.gov, (202)-512-4800
U.S. Government Accountability Office
441 G Street NW, Room 7149, Washington, DC 20548
U.S. Government Accountability Office
441 G Street NW, Room 7149, Washington, DC 20548
Strategic Planning and External Liaison
Stephen J. Sanford, Acting Managing Director, spel@gao.gov, (202)-512-4707
U.S. Government Accountability Office
441 G Street NW, Room 7814, Washington, DC 20548
U.S. Government Accountability Office
441 G Street NW, Room 7814, Washington, DC 20548
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at no cost is through our website. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. You can also subscribe to GAO’s email updates to receive notification of newly posted products.
Order by Phone
The price of each GAO publication reflects GAO’s cost of production and distribution. Pricing and ordering information is posted on our website.
To Report Fraud, Waste, and Abuse in Federal Programs
Website: https://www.gao.gov/fraudnet/fraudnet.htm
Automated answering system: (800) 424-5454 or (202) 512-7470
Automated answering system: (800) 424-5454 or (202) 512-7470
Connect with GAO
GAO’s Mission
The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability.
Copyright
This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately.
(104096)