GAO/OIG-10-5, Semiannual Report: October 1, 2009, through March 31, 2010

This is the accessible text file for GAO report number GAO/OIG-10-5 
entitled 'Semiannual Report: October 1, 2009, through March 31, 2010' 
which was released on July 14, 2010. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Office of the Inspector General: 
United States Government Accountability Office: 
GAO/OIG: 

June 2010: 

Semiannual Report: 
October 1, 2009 – March 31, 2010 

GAO/OIG-5: 

Office of the Inspector General: 
United States Government Accountability Office: 

Memorandum: 

Date: June 15, 2010: 

To: Acting Comptroller General Gene L. Dodaro: 

From: [Signed by] Inspector General Frances Garcia: 

Subject: Semiannual Report: October 1, 2009, through March 31, 2010: 

In accordance with Section 5 of the Government Accountability Office 
Act of 2008 (GAO Act), I am submitting my semiannual report for the 
first half of fiscal year 2010 for your comments and its transmission 
to the Congress. 

During this period, the Office of the Inspector General (OIG) 
continued its efforts to finalize a number of actions to implement 
requirements contained in the GAO Act and certain provisions in the 
Inspector General Reform Act of 2008. For example, we substantially 
revised and strengthened the OIG order to reflect our statutory role 
and responsibilities and are moving forward to obtain the input and 
concurrence of other stakeholders, which is an important and necessary 
step in the process of adopting and implementing the revised OIG 
order. We also made changes to the OIG Web site and the OIG Hotline in 
order to improve the visibility of OIG and to enhance GAO employees' 
understanding of OIG's role, as well as to encourage employees to use 
the Hotline to report to OIG any situation involving possible 
wrongdoing at GAO. In addition, we continued to participate in the 
activities of the broader Inspector General community, including the 
Council of Inspectors General on Integrity and Efficiency and the 
Legislative Branch Inspectors General quarterly meetings. 

Audits and Inspections: 

During the reporting period, we issued two audit reports with 
recommendations and conducted an inspection. The audits evaluated 
GAO's (1) testimony performance measure[Footnote 1] and (2) 
information security program and practices for fiscal year 2009. 
[Footnote 2] (See the attachment for a summary of these reports and 
GAO actions to address the reports' recommendations.) Furthermore, we 
completed the first phase of our audit of GAO's fiscal year 2009 
financial benefit claims of $1 billion or more, which focused on the 
reasonableness of the amounts claimed. As the Acting Comptroller 
General requested, we advised him of our results, including that we 
determined GAO had a reasonable basis to claim these benefits, before 
the publication of GAO's fiscal year 2009 Performance and 
Accountability Report [Footnote 3]--hereafter referred to as the 
annual performance report. The Inspector General cited this work in 
her November 5, 2009, memorandum to the Acting Comptroller General, 
which was published in GAO's annual performance report. Phase two of 
our financial benefits performance measure work, part of our ongoing 
work, analyzes the adjustments that GAO made to claimed benefit 
amounts in response to our audit. Our ongoing work also includes a 
review examining the effectiveness of agency controls to reduce the 
risk of employee misuse of government travel cards. 

We also conducted an inspection of the policies and procedures for 
conducting investigations used by GAO's Forensic Audits and Special 
Investigations mission team. We did this inspection to determine 
whether these policies and procedures are consistent with federal 
investigation quality standards and were followed for specific 
investigative work. 

Investigations and Hotline Activities: 

Regarding our efforts to identify potential fraud, waste, and abuse 
within GAO, OIG has a toll-free Hotline number that is staffed by a 
contractor 24 hours a day, 7 days a week.[Footnote 4] The Hotline is 
OIG's primary source of complaints. OIG staff also receive complaints 
via telephone calls, faxes, e-mail messages, and personal visits 
during regular duty hours. During the 6-month reporting period, we 
addressed 145 inquiries and allegations (referred to in the following 
table and text as complaints). 

Table 1: Summary of OIG Activity October 1, 2009 - March 31, 2010: 

Complaints: 

Open at start of period: 3; 
Received: 142; 
Referred to FraudNet (Non-GAO-related): 103; 
Closed, insufficient information/no basis: 22; 
Referred to other GAO units: 5; 
Completed: 2; 
Open at end of period: 13. 

Source: GAO OIG. 

[End of table] 

Of the 3 open cases from the prior semiannual report period, we closed 
1 after conducting some initial investigative work and determining 
that no additional action was needed. The other 2 cases remained open 
at the end of this reporting period. Also, in this reporting period, 
we received 142 complaints through our Hotline and other sources. 
Because 103 of these 142 complaints concerned matters related to other 
federal agencies, we referred them to GAO's FraudNet--a governmentwide 
Hotline that receives complaints of fraud, waste, and abuse of federal 
funds. We assisted the Federal Bureau of Investigation in 1 
investigation of a complaint about a multimillion-dollar fabricated 
check that was purported to have been issued by GAO, and we closed 
another investigation of a complaint submitted by another federal 
agency regarding an employee's potential misrepresentation of GAO or 
its officials. This latter investigation, which OIG began then 
referred to another GAO unit, determined that the employee did not 
commit an ethics violation. However, the investigation did result in 
the employee undergoing additional training. We closed an additional 
21 cases due to insufficient information or after initial evaluation 
of the complaints determined that there was no basis for action. We 
also referred to other GAO units another 5 cases that involved e-mail 
scams, a health-and-safety concern, and a concern that the format used 
by GAO in its report products may result in excessive paper use. At 
the end of the reporting period, 13 cases remained open, which 
included 11 received during this reporting period. 

Agency Actions on Recommendations Made in Prior OIG Reports: 

In response to recommendations made in prior OIG reports, GAO has 
taken the following actions: 

* Based on four recommendations in our report on four GAO performance 
measures that address employee satisfaction,[Footnote 5] the agency 
made the following changes. First, to provide greater clarity that the 
leadership measure assesses employee satisfaction with immediate 
supervisors, GAO changed the measure's name from "leadership" to 
"effective leadership by supervisors." Second, to give a more complete 
interpretation of the measures, the agency has provided additional 
information on how the measures are calculated in its annual 
performance report.[Footnote 6] Third, to provide more useful 
information on the agency's progress in creating a more diverse work 
environment, GAO made changes to the questions comprising the 
leadership measure. Fourth, the agency developed written procedures to 
ensure that future changes made to performance measures, and any 
effects from these changes, are promptly reported in its annual 
performance report. 

* Based on work we had initiated on evaluating the performance data 
for GAO's timeliness performance measure, GAO completed its analysis 
of the issues that we raised and took some steps to revise how the 
agency reported the data in its fiscal year 2009 annual performance 
report. Our work focused on GAO's electronic customer feedback form 
and its question on customer satisfaction with the timeliness of GAO 
reports. The answers to this question provide the basis for the 
performance measure data. Among the actions taken, GAO no longer 
represents its electronic customer feedback form as a survey to avoid 
any confusion that this outreach approach meets standards and 
guidelines for statistical surveys. Also, to assist readers in 
understanding GAO's approach, the agency has added an explanation of 
how it calculated its on-time percentage in its annual performance 
report. 

Moreover, GAO took final action that closed two open recommendations 
from a report issued prior to this reporting period. Based on our 
September 2008 report on diversity at GAO,[Footnote 7] the agency made 
final its order[Footnote 8] to establish an annual requirement for a 
Workforce Diversity Plan and to clarify responsibilities and 
procedures when a complaint involves staff within GAO's Office of 
Opportunity and Inclusiveness. 

Finally, I want to thank GAO's Executive Committee, managers, and 
staff for their cooperation during our reviews. 

Attachment: 

cc: 
Chief Administrative Officer, GAO: 
Acting General Counsel, GAO: 
Chair and Members, GAO Audit Advisory Committee: 

[End of section] 

Attachment 1: 

Summary of GAO Office of the Inspector General:
Reports and GAO Actions: 

Reports Issued October 1, 2009, through March 31, 2009[Footnote 9]: 

Testimony Measure: Verification of Performance Data Could Be Improved 
(GAO/OIG-10-1, Nov. 18, 2009): 

Findings: The Office of the Inspector General (OIG) found that the 
number of hearings was slightly less than the 304 reported as 
performance data for fiscal year 2008. Based on the results of our 
work, the agency's Office of Congressional Relations reviewed the 
fiscal year 2008 data and stated that the actual number of hearings 
was 298. The primary reason for the difference was that 5 hearings--at 
which two GAO officials provided separate testimonies--were counted 
twice, for a total of 10 hearings. We identified several factors that 
contributed to the difference, such as the need to update existing 
procedures to verify the accuracy of testimony performance measure 
data. 

Recommendation and GAO Actions: OIG recommended that GAO management 
include in its revised procedures specific steps for addressing the 
type of issues identified in our review and verifying the accuracy of 
testimony performance data prior to their publication. GAO agreed with 
our recommendation and has issued revised procedures to address the 
issues discussed in this report. In addition, the agency has revised 
the number of hearings that it reports for fiscal year 2008 in its 
annual performance reports. 

Information Security: Evaluation of GAO's Information Security Program 
and Practices for Fiscal Year 2009 (GAO/OIG-10-3, Jan. 4, 2010). 
[Footnote 10] 

Findings: Overall, the OIG's evaluation showed that GAO has 
established an information security program consistent with the 
requirements of the Federal Information Security Management Act of 
2002, Office of Management and Budget (OMB) implementing guidance, and 
guidance and standards issued by the National Institute of Standards 
and Technology (NIST). However, it also found that GAO's information 
security policies and procedures were not always applied, and that 
some could be improved to help ensure that they are consistent with 
the OMB and NIST guidance. For example, OIG found that during fiscal 
year 2009, GAO greatly increased its systems inventory from 12 to 35 
systems but did not complete all of the required security processes 
and procedures (such as preparing system security plans) for many of 
the newly added systems. In addition, GAO's incident response and 
handling procedures provide a process for investigating security 
events, such as a denial-of-service attack; however, the decision of 
whether to classify such events as an incident--and thus, to consider 
reporting them to other external organizations--needs additional 
management involvement. Also, GAO has continued to make progress in 
establishing its privacy program and protecting personally 
identifiable information. Implementing additional requirements, such 
as providing annual privacy awareness training, would help to further 
strengthen this program. 

Recommendations and GAO Actions: This report includes recommendations 
to GAO to (1) complete and document required information security 
processes and procedures for all systems in the systems inventory, (2) 
modify the agency's incident handling and response procedures to 
increase Chief Information Officer involvement in the incident 
classification process to help ensure that security events are 
appropriately classified and reported, and (3) continue efforts to 
implement additional requirements for the agency's privacy program. 
GAO concurred with these recommendations and plans to complete 
implementation of planned actions by September 30, 2010. GAO reported 
that its planned actions include the following: (1) completing system 
security plans for systems added to GAO's inventory in fiscal year 
2009; (2) establishing a process to provide the Chief Information 
Officer with a monthly briefing on monitored security events that 
require further analysis; and (3) drafting a privacy incident response 
guide with breach identification, notification, and remediation 
procedures, proposing revisions to a computer security response guide, 
and drafting a privacy training module for all staff. 

[End of section] 

Footnotes: 

[1] GAO, Office of the Inspector General, Testimony Measure: 
Verification of Performance Data Could Be Improved, [hyperlink, 
http://www.gao.gov/products/GAO/OIG-10-1] (Washington, D.C.: Nov. 18, 
2009). 

[2] GAO, Office of the Inspector General, Information Security: 
Evaluation of GAO's Information Security Program and Practices for 
Fiscal Year 2009, [hyperlink, http://www.gao.gov/products/GAO/OIG-10-3 
(Washington, D.C.: Jan. 4, 2010). 

[3] GAO, Performance and Accountability Report--Fiscal Year 2009, 
[hyperlink, http://www.gao.gov/products/GAO-10-234SP] (Washington, 
D.C.: Nov. 13, 2009). 

[4] The toll-free number is (866) 680-7963. 

[5] GAO, Office of the Inspector General, Four People Measures: Many 
Attributes of Successful Measures Met; Opportunities Exist for Further 
Enhancements, [hyperlink, http://www.gao.gov/products/GAO/OIG-09-3] 
(Washington, D.C.: Aug. 31, 2009). 

[6] All four measures are derived from staff's responses to GAO's 
Employee Feedback Survey. 

[7] GAO, Office of the Inspector General, Diversity At GAO: Sustained 
Attention Needed to Build on Gains in SES and Managers, [hyperlink, 
http://www.gao.gov/products/GAO-08-1098] (Washington, D.C.: Sept. 10, 
2008). 

[8] GAO, Order 2713.2, Discrimination Complaint Resolution Process 
(Washington, D.C.: Dec. 9, 2009). 

[9] We also issued our previous semiannual report--GAO, Office of the 
Inspector General, Semiannual Report: April 1, 2009, through September 
30, 2009, [hyperlink, http://www.gao.gov/products/GAO/OIG-10-2] 
(Washington, D.C.: Dec. 7, 2009). 

[10] Because the full report contains sensitive information, only our 
Highlights page is publicly available on [hyperlink, 
http://www.gao.gov]. However, congressional members can request the 
full report. 

[End of section] 

Reporting Fraud, Waste, and Abuse in GAO’s Internal Operations: 

To report fraud, waste, and abuse in GAO’s internal operations, do one 
of the following. (You may do so anonymously.) 

* Call toll-free (866) 680-7963 to speak with a hotline specialist, 
available 24 hours a day, 7 days a week. 

* Send an e-mail to OIGHotline@gao.gov. 

* Send a fax to the OIG Fraud, Waste, and Abuse Hotline at (202) 512-
8361. 

* Write to: 
GAO Office of Inspector General: 
441 G Street NW, Room 1808: 
Washington, DC 20548: 

Obtaining Copies of GAO/OIG Reports and Testimony: 

To obtain copies of OIG reports and testimony, go to GAO’s Web site: 
[hyperlink, http://www.gao.gov/about/workforce/ig.html]. 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov, 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548. 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov, 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548: