This is the accessible text file for GAO report number GAO-12-828 entitled 'Freedom of Information Act: Additional Actions Can Strengthen Agency Efforts to Improve Management' which was released on August 30, 2012. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to the Committee on Oversight and Government Reform: House of Representatives: July 2012: Freedom of Information Act: Additional Actions Can Strengthen Agency Efforts to Improve Management: GAO-12-828: GAO Highlights: Highlights of GAO-12-828, a report to the Committee on Oversight and Government Reform, House of Representatives. Why GAO Did This Study: In March 2009, the Attorney General issued guidelines that encouraged agencies to release records requested under FOIA, improve administration of their FOIA operations, and ensure timely disclosure of information to the public. In light of this guidance, GAO was asked to determine: (1) What actions have agencies taken to manage their FOIA programs, including reducing backlogs and use of exemptions, pursuant to the Attorney General’s 2009 FOIA guidelines, and what have been the results of these actions? (2) What actions have agencies taken to make records available to the public by electronic means, pursuant to the e-FOIA Amendments of 1996? (3) To what extent have agencies implemented technology to support FOIA processing? To respond to this request, GAO analyzed statistics and documents, reviewed FOIA libraries, and conducted interviews with officials at 16 agency components within the Departments of Homeland Security, Defense, Justice, and Health and Human Services—-the four agencies that received the most FOIA requests in fiscal year 2010. What GAO Found: The major components of the Departments of Homeland Security, Defense, Justice, and Health and Human Services have taken a variety of actions to improve management of their Freedom of Information Act (FOIA) programs. To reduce their backlogs of outstanding requests, agencies have taken actions that include regularly reporting to management, mobilizing extra resources, and streamlining procedures for responding to requests. These actions have had mixed results. For example, since 2009, 10 of the 16 agency components in GAO’s study succeeded in decreasing their backlogs, 2 had no material change, and the remaining 4 had larger backlogs. The agencies have also taken actions to reduce their use of exemptions-—provisions of FOIA that allow agencies to withhold certain types of information. Agencies’ actions to reduce their use of exemptions included training, reviews, and guidance. While 7 components reduced the rate at which they applied exemptions, 3 stayed about the same, and 6 had an increase. The agency components are generally making records available to the public online, either in their FOIA libraries (dedicated sections of their websites for FOIA-related records) or elsewhere on their agency websites, as required by amendments to the act, referred to as e-FOIA. However, GAO’s review of FOIA libraries found that records may not be easy for the public to locate when they are not in a library. Agency components have used a variety of approaches, including frequent content reviews, to proactively manage their libraries. However, GAO determined that not all agency components are giving sufficient attention to ensuring that frequently requested records are identified and posted online, which has resulted in sparsely populated FOIA libraries. Without consistent oversight and review of the information posted to FOIA libraries, the most current agency efforts or decisions may not be reflected and information can be difficult for the public to locate. This can result in increased FOIA requests, contributing to backlogs and administrative costs. The agency components’ implementation of technology capabilities that have been identified as best practices for FOIA processing—-such as the use of a single tracking system and providing requesters the ability to track the status of requests online-—has varied. The agencies that have not yet implemented these capabilities generally intend to do so. In addition, the agencies that GAO studied use different FOIA processing systems that do not electronically exchange data, which may necessitate manual exchanges of information among agencies to process FOIA requests. What GAO Recommends: GAO is recommending that the four agencies improve the management of their FOIA programs by ensuring that actions are taken to reduce backlogs and use of exemptions, improve FOIA libraries, and implement technology. In written comments on a draft of the report, the four agencies agreed or generally agreed with the recommendations. View [hyperlink, http://www.gao.gov/products/GAO-12-828]. For more information, contact Valerie C. Melvin at (202) 512-6304 or melvinv@gao.gov. [End of section] Contents: Letter: Background: Agencies Have Generally Taken Actions to Improve their FOIA Programs, but Results Have Been Mixed: Agency Components Generally Make Records Available Online, but Approaches to Posting Frequently Requested Records Vary: Agency Components Have Implemented Technology to Support FOIA Processing to Varying Degrees: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Objectives, Scope, and Methodology: Appendix II: Freedom of Information Act Exemptions: Appendix III: Comments from the Department of Homeland Security: Appendix IV: Comments from the Department of Defense: Appendix V: Comments from the Department of Health and Human Services: Appendix VI: Comments from the Department of Justice: Appendix VII: Comments from the National Archives and Records Administration: Appendix VIII: GAO Contact and Staff Acknowledgments: Tables: Table 1: Agency Information Required to be Posted Online Pursuant to the e-FOIA Amendments: Table 2: Detailed View of Agency Components' Implementation of FOIA Capabilities: Figures: Figure 1: Simplified FOIA Process: Figure 2: Disposition of FOIA Requests during Fiscal Year 2011: Figure 3: Number of Backlogged FOIA Requests by Agency Component, 2009- 2011 (in thousands): Figure 4: Exemption Use by Agency Components from 2009 through 2011: Abbreviations: BOP: Federal Bureau of Prisons: CBP: U.S. Customs and Border Protection: CMS: Centers for Medicare and Medicaid Services: DHS: Department of Homeland Security: DHS/Privacy: Department of Homeland Security/Privacy Office: DOD: Department of Defense: e-FOIA: Electronic Freedom of Information Act (amendments): EOIR: Executive Office for Immigration Review: EPA: Environmental Protection Agency: FBI: Federal Bureau of Investigation: FDA: Food and Drug Administration: FOIA: Freedom of Information Act: HHS: Department of Health and Human Services: HHS/OS: Department of Health and Human Services Office of the Secretary: ICE: Immigration and Customs Enforcement: IT: information technology: Justice: Department of Justice: NARA: National Archives and Records Administration: NIH: National Institutes of Health: OGIS: Office of Government Information Services: OIP: Office of Information Policy: OSD/JS: Office of the Secretary of Defense and Joint Staff: USCIS: U.S. Citizenship and Immigration Services: [End of section] United States Government Accountability Office: Washington, DC 20548: July 31, 2012: The Honorable Darrell E. Issa: Chairman: The Honorable Elijah E. Cummings: Ranking Member: Committee on Oversight and Government Reform: House of Representatives: The Freedom of Information Act (FOIA)[Footnote 1] requires that federal agencies provide the public with access to government records and information on the basis of the principles of openness and accountability in government. In this regard, each year hundreds of thousands of FOIA requests are made to federal agencies--with the information released in response to these requests contributing to the disclosure of government waste, fraud, and abuse, as well as other conditions, such as unsafe consumer products and harmful drugs. The e- FOIA amendments of 1996 require, among other things, that agencies make certain categories of records available to the public in electronic format. Further, guidance issued by the Attorney General in March 2009[Footnote 2] and related policies and guidance encourage agencies to reduce their backlogs of FOIA requests, not withhold records merely because they fall within the scope of a FOIA exemption, improve administration of their FOIA operations, and ensure timely disclosure of information to the public. Given this guidance, you asked us to determine: (1) What actions have agencies taken to manage their FOIA programs, including reducing backlogs and use of exemptions, pursuant to the Attorney General's 2009 FOIA guidelines, and what have been the results of these actions? (2) What actions have agencies taken to make records available to the public by electronic means, pursuant to the e-FOIA amendments of 1996? (3) To what extent have agencies implemented technology to support FOIA processing? To address these objectives, we analyzed published statistics and documents, such as agency FOIA reports, and conducted interviews with responsible officials at the four federal agencies that collectively received more than 50 percent of all FOIA requests during fiscal year 2010: the Departments of Homeland Security (DHS), Defense (DOD), Health and Human Services (HHS), and Justice. Because FOIA processing at these agencies is decentralized to the agency component level, we analyzed the FOIA policies, oversight, and processing activities of each agency's central FOIA office and of the three components of each agency that received the most FOIA requests.[Footnote 3] * The DHS agency components are the Privacy Office (DHS/Privacy), which functions as the department's central FOIA office, in addition to the U.S. Citizenship and Immigration Service (USCIS), Immigration and Customs Enforcement (ICE), and U.S. Customs and Border Protection (CBP). * The DOD agency components are the Office of the Secretary of Defense and the Joint Staff (OSD/JS), which processes FOIA requests within the department's central FOIA office, in addition to the Departments of the Army, Navy, and Air Force. * The HHS agency components are the Office of the Secretary (HHS/OS), which functions as the department's central FOIA office, in addition to the Centers for Medicare & Medicaid Services (CMS), the Food and Drug Administration (FDA), and the National Institutes of Health (NIH). * The Justice agency components are the Office of Information Policy (OIP), which functions as the department's central FOIA office, in addition to the Federal Bureau of Investigation (FBI), the Federal Bureau of Prisons (BOP), and the Executive Office for Immigration Review (EOIR). To gauge agencies' actions and results since the Attorney General's March 2009 memorandum, we analyzed data on backlogs and use of exemptions from FOIA.gov for each of the agency components identified, and examined agencies' annual FOIA reports for the years 2009 to 2011. To evaluate agencies' actions to make records available by electronic means, we compared materials posted on each agency component's FOIA library with applicable requirements. To determine the extent to which agencies have implemented technology to support FOIA processing, we compared the capabilities of each agency component's processing system with capabilities that the National Archives and Records Administration's (NARA) Office of Government Information Services (OGIS), OIP, and others have identified as useful. We conducted this performance audit from September 2011 through July 2012 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. See appendix I for a more detailed description of our scope and methodology. Background: FOIA establishes a legal right of access to government records and information on the basis of the principles of openness and accountability in government. Before the act was passed in 1966, the government required individuals to demonstrate "a need to know" before being granted the right to examine a federal record. FOIA established a "right to know" standard, under which an organization or person could receive access to information held by a federal agency without demonstrating a need or reason. The "right to know" standard shifted the burden of proof from the individual to government agencies and required agencies to provide proper justification when denying a request for access to a record. Any "person," with a few narrow exceptions, or entity can file a FOIA request, including foreign nationals, corporations, and organizations. For example, a foreign national can request his or her alien files and a commercial requester, which includes data brokers that file requests on behalf of others, may request a copy of a government contract or grant proposal. In response, an agency is required to provide the relevant record(s) in any readily producible form or format specified by the requester (unless the record falls within a permitted exemption). FOIA generally allows agencies to collect fees for searching and duplicating records in connection with responding to a request. Government agencies can also disclose information through "affirmative agency disclosure" by publishing information in the Federal Register, on the Internet, or by making it available in a reading room.[Footnote 4] Justice and the National Archives and Records Administration Have FOIA- Related Responsibilities: Since it was established 30 years ago, Justice's OIP has been responsible for encouraging compliance, overseeing agencies' implementation of FOIA, and issuing policy guidance. For example, OIP issues FOIA policy guidance, prepares a comprehensive guide addressing various aspects of the act, conducts a variety of FOIA-related training programs for personnel across the government, and offers FOIA counseling services to government staff and the public. In addition, the OPEN Government Act of 2007[Footnote 5] established OGIS within NARA to oversee and assist agencies in implementing FOIA. OGIS's responsibilities include reviewing agency policies and procedures, reviewing agency compliance, recommending policy changes, and offering mediation services. FOIA Amendments and Guidance Are Intended to Improve Agencies' FOIA Processing: The 1996 e-FOIA amendments, among other things, sought to strengthen the requirement that agencies respond to a request in a timely manner and reduce their backlogs of pending requests. To that end, the amendments made a number of procedural changes, including providing requesters with an opportunity to limit the scope of their requests so that they could be processed more quickly, and requiring agencies to determine within 20 working days (an increase from the previously established time frame of 10 days) whether a request would be fulfilled.[Footnote 6] The amendments also authorized agencies to multitrack requests, that is, to process simple and complex requests concurrently on separate tracks to facilitate responding to a relatively simple request more quickly. In addition, the e-FOIA amendments encouraged online, public access to government information by requiring agencies to make specific types of records available in electronic form, including: * agency final opinions, including concurring and dissenting opinions, as well as orders made in the adjudication of cases; * statements of policy and interpretations that have been adopted by the agency and are not published in the Federal Register; * administrative staff manuals and instructions to staff that affect a member of the public; and: * copies of records that have been released to any person through FOIA and which, because of the nature of the subject matter, the agency determines have become or are likely to become the subject of subsequent requests for substantially the same records.[Footnote 7] In 1998, OIP issued e-FOIA implementation guidance that, among other things, called for agencies to organize an electronic reading room so that the public could find records that are required to be posted and to review electronic reading room content regularly--at least quarterly--to ensure that it is accurate and current.[Footnote 8] In addition, OIP's guidance on e-FOIA implementation specifies that once an agency receives--or expects to receive--at least three FOIA requests for a record, the agency is generally obligated to disclose the record as a frequently requested document. In a later effort to reduce agencies' backlogs of FOIA requests, in December 2005, the President issued Executive Order 13392,[Footnote 9] which set forth a directive for citizen-centered and results-oriented FOIA. In particular, the order directed agencies to provide a requester with courteous and appropriate service and ways to learn about the FOIA process, the status of the request, and the public availability of other agency records. The order also instructed agencies to process requests efficiently, achieve measurable process improvements (including a reduction in the backlog of overdue requests), and reform programs that were not producing the appropriate results. To this end, the order--and the FOIA itself--directed each agency to designate a senior official as the agency's Chief FOIA Officer. The Chief FOIA Officer is responsible for ensuring agency-wide compliance with the act by monitoring implementation throughout the agency; recommending changes in policies, practices, staffing, and funding; and reviewing and reporting on the agency's performance in implementing FOIA to agency heads and to Justice. (These reports are referred to as Chief FOIA Officer reports and are in addition to agencies' annual FOIA reports that largely include statistics on FOIA processing that agencies also submit to Justice.) In April 2006, Justice's OIP issued guidance to assist federal agencies in implementing the Executive Order's requirements for reviews and improvement plans.[Footnote 10] The guidance suggested several potential areas for agencies to consider when conducting their reviews, such as automation of request tracking; automated processing and receiving requests; responding to requests electronically; forms of communication with requesters; and systems for handling referrals to other agencies. As previously mentioned, each agency is required to prepare and submit to Justice an annual FOIA report that includes statistics on, among other things, the number of FOIA denials, appeals, and requests pending at the end of the fiscal year. The OPEN Government Act of 2007 amended FOIA in several ways, including requiring additional statistics on timeliness in agencies' annual reports. The act also called for agencies to establish a system to track the status of their requests. OIP's subsequent guidance (issued May 2008) provided information on responding to the requirements of the OPEN Government Act, and directed agencies to omit certain Privacy Act requests, which had previously been included, from their FOIA statistics.[Footnote 11] More recently, in January 2009, the President issued two memorandums, Transparency and Open Government[Footnote 12] and FOIA.[Footnote 13] Both documents focused on increasing the amount of information made public by the government. In particular, the FOIA memorandum directed agencies to adopt a presumption in favor of disclosure in all FOIA decisions, take affirmative steps to make information public, and use modern technology to do so. This echoed Congress's finding, in passing the OPEN Government Act, that FOIA establishes a "strong presumption in favor of disclosure." In March 2009, the Attorney General issued a FOIA policy memorandum, echoing the President's call for increased disclosure of government information by directing agencies to make information available online without waiting for a specific FOIA request. In addition, OIP guidance on these memos stated that agencies should implement systems and establish procedures to routinely identify and systematically post records appropriate for release. As noted by both the President and the Attorney General, such proactive disclosures can not only improve public access to government information, but potentially can reduce the growing number of new FOIA requests. In addition, the memorandum called for agencies to make discretionary disclosures and, as called for in OIP's implementing guidance, analyze whether releasing information would result in foreseeable harm before applying exemptions. The agency is expected to release the information if no harm would occur, unless disclosure is prohibited by law. The Attorney General's memorandum reminded agencies of the OPEN Government Act of 2007 requirement to establish a system to provide individualized tracking numbers for requests that will take longer than ten days to process and to establish a telephone line or internet service to allow requesters to track the status of their request. To help agencies meet this expectation, OIP and OGIS identified capabilities that they consider to be best practices for FOIA processing. Specifically, in September 2010, OIP issued guidance that calls for, among other things, agencies and their components to use technology to process requests electronically. Subsequently, in March 2011, OGIS issued FOIA best practices for agencies and their components to use technology to, for example, receive requests electronically, either by e-mail or online, and allow requesters to easily check the status of their request. Further, in conjunction with the Department of Commerce and the Environmental Protection Agency (EPA), OGIS identified the following 13 system capabilities that enhance FOIA processing: * using a single, componentwide system for tracking requests; * accepting the request online, either through e-mail or online request forms; * assigning the request tracking number and tracking the status of the request electronically; * multitracking requests electronically; * routing requests to the responsible office electronically; * storing and routing responsive records to the appropriate office electronically; * redacting responsive records with appropriate exemptions applied electronically; * calculating and recording processing fees electronically; * allowing supervisors to review the case file to approve redactions and fee calculations for processing electronically; * generating system correspondence, such as e-mails or letters, with requesters; * allowing requesters the ability to track the status of their request online; * tracking appeals electronically; and: * generating periodic reporting statistics, such as monthly backlog and annual report data, used to develop reports. Commerce, EPA, and OGIS also identified the need to support FOIA processing functions that cross organizational boundaries. Such functions include managing interagency referrals and consultations. [Footnote 14] FOIA Request Processing: Agencies are generally required to make a determination on a FOIA request within 20 working days. A request may be received in writing, by telephone, or by electronic means. Once received, the request goes through multiple phases, which include processing requests, searching records, processing records, and releasing records. Figure 1 provides an overview of the process, from the submission of a request to the release of records. Figure 1: Simplified FOIA Process: [Refer to PDF for image: process illustration] Requester submits request: Intake processing: * Receive request; * Assign tracking number if appropriate; * Determine if simple or complex; * Acknowledge request. Search for records: * Initiate search in responsible office; * Review responsive documents; Process records: * Conduct consultations; * Make referrals; * Determine applicable exemptions; * Conduct foreseeable harm analysis; * Redact and mark records. Approve release of records: * Review and approve records for release; * Generate response letter. Send response to requester. Source: GAO analysis of agency information. [End of figure] During the intake phase, a request is to be logged into the agency component's FOIA system, and a tracking number is assigned if the request is estimated to require more than 10 days to address. The request is then reviewed by the FOIA staff to determine its scope and level of complexity.[Footnote 15] The agency then typically sends a letter or e-mail to the requester acknowledging receipt of the request; this typically includes a unique tracking number that the requester can use to check on the status of the request. The FOIA staff is then to begin its search to retrieve responsive records by routing the request to the appropriate program office(s). This step may include searching and reviewing paper and electronic records from multiple locations and program offices. The agency then processes the responsive records, which involves consulting with other agencies as appropriate before releasing records that originated there or referring records to another agency for its disclosure determination and response to the requester. This includes determining whether portions of any record should be withheld based on statutory exemptions.[Footnote 16] Nine specific exemptions can be applied to withhold, for example, classified, confidential commercial, pre-decisional, privacy, and several types of law enforcement information. (Appendix II provides a full listing of the FOIA exemptions.) A request may be denied in full based on one or more exemptions, or it may be partially granted, in which case information may be blacked out (redacted). For example, a Social Security number or other personally identifiable information may be redacted under the exemption for protecting personal information. If no exemption is applied, the request should be granted in full. Before applying certain exemptions, agencies are to conduct a foreseeable harm analysis to determine whether harm will occur if the information is released. Before approving the release of any records, they are to be reviewed by a FOIA supervisor, general counsel, or other appropriate personnel to ensure that the release is proper. Then a response letter is generated for the requester, summarizing the agency's actions regarding the request. Finally, the responsive record(s) are sent to the requester via computer disk, e-mail, or paper. Throughout the FOIA process, the agency is responsible for making information about the status of the request available to the requester. For fiscal year 2011, the 99 agencies that were required to submit annual FOIA reports to Justice reported that 644,165 requests were received and about 4,400 staff were devoted to FOIA processing. According to the agencies' annual reports as aggregated on FOIA.gov, the total reported cost of FOIA activities among the 99 agencies for fiscal year 2011 was $436 million, of which about $6 million was recovered through fees collected from requesters. The agencies collectively reported responding to 631,424 requests. Of these, 236,474 (37 percent) were granted in full; 171,795 (27 percent) were partially granted (i.e., some information was redacted based on one or more exemptions); and 30,369 (5 percent) were denied in full based on exemptions. The remaining 192,786 (31 percent) were denied for reasons not based on exemptions, such as no responsive records were found or the request was withdrawn. Figure 2 shows the disposition of requests that agencies responded to in fiscal year 2011. Figure 2: Disposition of FOIA Requests during Fiscal Year 2011: [Refer to PDF for image: pie-chart] Full grant: 37%; Full denial: 5%; Partial grant: 27%; Denial not based on exemptions: 31%. Source: GAO analysis based on FOIA.gov data. [End of figure] Previous GAO Reviews of FOIA Implementation Efforts: We reported in 2007[Footnote 17] that agency plans for improving FOIA processing had mostly included goals and timetables addressing the areas of improvement emphasized by Executive Order 13392, which set forth a directive for citizen-centered and results-oriented FOIA. Most of the plans provided goals and timetables; some agencies omitted goals in areas where they considered they were already strong. We noted that all the plans focused on making measurable improvements and formed a reasonable basis for carrying out the goals of the Executive Order, although details of a few plans could be improved. Accordingly, we made recommendations to strengthen selected improvement plans, among other things. The agencies generally agreed with our recommendations and took actions to address them. Further, we reported in 2008 that, following the emphasis on backlog reduction in the Executive Order and agency improvement plans, many agencies had shown progress in decreasing their backlog of overdue requests.[Footnote 18] However, we identified several factors that contributed to the requests remaining open and recommended that Justice provide additional guidance to agencies on tracking and reporting overdue requests and planning to meet future backlog goals. As we recommended, Justice's OIP developed guidance on tracking and reporting backlogged requests. In addition, in 2009 we reported that DHS had taken steps to enhance its FOIA program, but that opportunities existed for the department to improve the efficiency and cost-effectiveness of FOIA processing. [Footnote 19] Specifically, we noted that implementation of key practices, such as internal monitoring and oversight, component- specific training, online status-checking, and electronic dissemination of records, could facilitate the processing of information requests at a number of its major components. Accordingly, we recommended that key practices used by certain DHS components and other agencies be implemented more consistently across the department. DHS agreed with our recommendations and has taken steps to address them. Agencies Have Generally Taken Actions to Improve their FOIA Programs, but Results Have Been Mixed: Agencies have taken steps pursuant to the Attorney General's 2009 memorandum aimed at reducing the number of backlogged requests and the use of exemptions. Steps taken to reduce backlogs include regular reporting, mobilizing extra resources, and modifying procedures. Steps taken to reduce use of exemptions include training, foreseeable harm analyses, and reviews. While the majority of the agency components we reviewed have reduced their backlogs, a few agencies have seen substantial backlog growth, and success in reducing the use of exemptions has also been mixed. Agencies Have Taken Steps to Reduce Backlogs, but Some Backlogs Have Increased: The agency components we studied took the following actions aimed at reducing their backlogs of FOIA requests. * Reporting backlog status. A majority of the agency components we studied produced quantitative reports on backlogs for higher-level management at least monthly. For example, Army FOIA staff briefed the Deputy Administrative Assistant to the Secretary of the Army every month on the status of FOIA requests, including a monthly report of backlogs for every unit. This high-level reporting was intended to convey to staff the importance the Army places on the issue. * Mobilizing resources. Agency components redirected or acquired resources to clear backlogs by detailing staff from other work, using overtime and compensatory time, hiring new staff or contractors, and providing assistance to local offices. For example, the Army FOIA office analyzed which field offices had the largest backlogs, then sent teams to those offices to help them. Similarly, OIP used support personnel including law clerks and administrative personnel to address its backlogs. * Changing procedures. Agency components changed procedures so requests could be processed faster. Components changed procedures to, among other things, streamline processes, improve oversight, or change work assignments. For example, the Air Force issued a new FOIA directive in 2010 to implement several changes in handling backlogs, including a requirement for FOIA managers with backlogs to submit backlog reduction plans. OSD/JS worked with its information technology (IT) support staff to develop a scanning tool to improve the search capability of documents throughout the OSD/JS enterprise. This tool improved results when searching for documents responsive to a FOIA request. * Negotiating to simplify requests. Agency components negotiated with the requesters of large, complex requests to reduce the size and shorten the time required to fulfill the request. A negotiation with the requester can result in a reduction in the amount of work that otherwise would have delayed processing the request and likely resulted in increased backlogs. For example, the FBI negotiated with one requester to reduce the size of the request where it had located more than 37,000 pages responsive to the request. Since each page would have to be checked before being released, the request would have required considerable time to process. Instead, the requester agreed to the FBI's offer to provide faster delivery of 1,150 pages already processed under a similar, earlier request. Two examples of components that used several of these actions to successfully reduce their backlogs are described below. * CMS reduced its backlog from 10,312 requests in 2009 to 3,486 requests in 2010, and then to 2,008 requests in 2011. Actions that contributed to its success included mobilizing resources and changing procedures. First, CMS increased the resources devoted to FOIA, enabling it to increase staff in its regions and hire former staff as contractors. Second, CMS changed several procedures related to processing requests. For example, the FOIA office has given regions increased authority to provide information to requesters without a central review. Additionally, CMS implemented an electronic FOIA processing system in 2009 and continued to refine it in 2010. * The Army reduced its FOIA backlog from 3,542 requests in 2009 to 1,141 requests in 2010 and then to 1,000 requests in 2011 due to reporting to management, mobilizing resources, and streamlining processes. Specifically, FOIA staff briefed the Deputy Administrative Assistant to the Secretary of the Army every month on the status of FOIA requests, including a monthly report of backlogs for every unit. This was intended to convey to staff the importance the Army places on the issue and that OSD/JS FOIA officials consider it a best practice. The Army's central FOIA office staff mobilized resources by analyzing which field offices had the largest backlogs, then sending teams to those offices to help them. OSD/JS FOIA staff said they also suggested how field offices could streamline processes. For example, they suggested that the office that handles military service records no longer needed to redact records of World War I veterans and could release them directly since there are no living veterans of that war. As a result of the actions cited, among others, the majority of the agency components we studied succeeded in reducing their FOIA backlogs between 2009 and 2011. Specifically, 10 of the 16 agency components had reduced their backlogs of FOIA requests, 2 had no material change, [Footnote 20] and 4 had increases. Figure 3 shows component backlog levels for 2009 through 2011 arranged in order of the size of their 2011 backlogs. Figure 3: Number of Backlogged FOIA Requests by Agency Component, 2009- 2011: [Refer to PDF for image: vertical bar graph] Agency: DHS/Privacy; 2009: 66; 2010: 15; 2011: 4. Agency: ICE; 2009: 10; 2010: 27; 2011: 18. Agency: NIH; 2009: 70; 2010: 37; 2011: 25. Agency: EOIR; 2009: 183; 2010: 264; 2011: 205. Agency: HHS/OS; 2009: 722; 2010: 525; 2011: 309. Agency: BOP; 2009: 381; 2010: 370; 2011: 317. Agency: DOJ OIP; 2009: 361; 2010: 411; 2011: 469. Agency: AF; 2009: 725; 2010: 626; 2011: 525. Agency: DOD/OSD; 2009: 1,708; 2010: 1,061; 2011: 908. Agency: FBI; 2009: 1,758; 2010: 1,602; 2011: 938. Agency: Army; 2009: 3,542; 2010: 1,141; 2011: 1,000. Agency: Navy; 2009: 1,139; 2010: 798; 2011: 1,658. Agency: CMS; 2009: 10,312; 2010: 3,486; 2011: 2,008. Agency: FDA; 2009: 4,818; 2010: 4,691; 2011: 3,421. Agency: CBP; 2009: 88; 2010: 601; 2011: 4,356. Agency: USCIS; 2009: 16,801; 2010: 8,209; 2011: 35,780. Source: GAO analysis of agency data. [End of figure] Of the four components whose backlogs increased, three had increases in requests received. USCIS had the largest increase, a 62 percent rise in requests received, from 71,429 in 2009 to 115,545 in 2011. Officials of half of the components in our review identified an increase in requests that are identified as complex as a challenge. Two of the four components with increases--Navy and OIP--cited higher numbers of complex requests as contributing to the increase in their backlogs. Without sustaining the actions they have taken, the agency components risk endangering the progress they have made in reducing their backlogs and limit the potential for future progress in this area. Agencies Have Taken Steps to Reduce their Use of Exemptions, but Results Are Mixed: Recent policy and decisions direct agencies to release more information. The Attorney General's March 2009 memorandum instructs agencies to make discretionary disclosures of information that might be withheld under an exemption or exemptions if it would cause no harm to disclose it. The mechanism by which this is carried out is called a "foreseeable harm" analysis. The administration has highlighted two exemptions that offer opportunities for discretionary release. Specifically, OIP guidance stated that exemption 5 (which includes pre- decisional documents and attorney work products), provides the best opportunity for increasing the release of information. In addition, the President's 2011 open government report[Footnote 21] described the potential for reduced use of exemption 2. Further, in March 2011, the Supreme Court, in Milner vs. Navy, substantially narrowed the information to which exemption 2 could be applied. [Footnote 22] Prior to the Milner decision, agencies used a "high two" interpretation that allowed them to withhold predominately internal information if disclosing it could lead to circumvention of the law. The Supreme Court held that this interpretation was invalid and that exemption 2 applies only to personnel practices. Components in our review took a number of actions aimed at reducing the use of exemptions through discretionary disclosures: * Training. All 16 of the agency components we studied provided training to their FOIA staff on the Attorney General's memorandum and the presumption of openness. In addition, OIP regularly conducts training dealing with openness and makes training materials available on its website. The FBI has a structured training process, which includes modules dedicated to specific exemptions and mandatory exams and leads to certification as an FBI "FOIA Professional." * Foreseeable harm analyses. Agency components took steps to facilitate foreseeable harm analyses as called for by the Attorney General. For example, EOIR applied the foreseeable harm test to maximize the amount of deliberative process information posted online as part of an online tool for judges. Further, DHS/Privacy modified the form used to transmit documents responsive to a request, so that each office must now certify that a foreseeable harm review and analysis has been completed for all withheld and partially withheld records. The Army Corps of Engineers and EOIR provided training specifically focused on foreseeable harm analysis. * Reviews. Multiple components subjected exemptions to reviews by senior staff or attorneys before releasing them to verify that there was foreseeable harm. For example, the FBI's FOIA process included a quality control review process, where higher-ranking analysts (GS-13 and 14) review the responsible analysts' use of exemptions as well as the potential release of sensitive information. At OSD/JS, the Chief of the OSD/JS FOIA Requester Service Center reviewed all denials under exemption 5 and sent back those that were not adequately justified. * Compliance with the Milner decision. All but one agency component we reviewed either reduced its use of exemption 2 as a result of the Milner decision, or used it in a small number of cases. CBP and USCIS both reduced the number of times exemption 2 was used in 2011 to fewer than half of their 2009 levels. Examples of actions components took to facilitate compliance included OIP's issuance of guidance on Milner and training developed by ICE. * Distributing guidance. To encourage compliance with the new FOIA policies, OIP issued government-wide guidance on the presumption of openness and on exemptions 2 and 5. Other agencies and components distributed the Attorney General's memorandum and other guidance. DOD and DHS both issued guidance applicable to all of their agency components. About half of the agency components we studied reduced the rate at which they applied exemptions to FOIA requests. Specifically, during the 2009-2011 time period: * Seven of the agency components in our review--USCIS, CBP, OIP, FBI, ICE, Army, and OSD/JS--reduced the average number of exemptions they applied per request. The 3 largest users of exemptions--USCIS, CBP, and ICE--which accounted for 83 percent of all exemptions in our review in 2011, all had reductions. * Three components--EOIR, FDA, and NIH--stayed at about the same level of exemption use.[Footnote 23] * Six components--Navy, BOP, CMS, Air Force, HHS/OS, and DHS/Privacy-- increased their average number of exemptions per request. [Footnote 24] * Most components made progress in reducing the use of exemptions 2 and 5. The use of exemption 5, cited by OIP as providing the best opportunity for discretionary releases, decreased for 11 of the 16 of components, while 12 of 16 agency components reduced the use of exemption 2 following the Milner decision. Figure 4 shows the changes in the average number of exemptions applied per request[Footnote 25] from 2009, when the Attorney General's memorandum was issued, to 2011. Figure 4: Exemption Use by Agency Components from 2009 through 2011: [Refer to PDF for image: vertical bar graph] Number of exemptions per request: Decrease in use of exemptions 2009-2011: Agency: USCIS; 2009: 3.24; 2010: 2.99; 2011: 2.58. Agency: CBP; 2009: 2.72; 2010: 2.97; 2011: 2.2. Agency: DOJ OIP; 2009: 0.9; 2010: 0.7; 2011: 0.62. Agency: FBI; 2009: 3.63; 2010: 3.59; 2011: 3.38. Agency: ICE; 2009: 2.35; 2010: 2.37; 2011: 2.21. Agency: Army; 2009: 0.64; 2010: 0.65; 2011: 0.6. Agency: DOD/OSD; 2009: 1.2; 2010: 1.21; 2011: 1.16. No significant change: Agency: EOIR; 2009: 0.02; 2010: 0.03; 2011: 0.02. Agency: FDA; 2009: 0.04; 2010: 0.04; 2011: 0.05. Agency: NIH; 2009: 0.12; 2010: 0.12; 2011: 0.13. Increase in use of exemptions 2009-2011: Agency: Navy; 2009: 0.69; 2010: 0.81; 2011: 0.74. Agency: BOP; 2009: 0.26; 2010: 0.33; 2011: 0.33. Agency: DHS/Priv; 2009: 1.52; 2010: 1.62; 2011: 1.59. Agency: CMS; 2009: 0.05; 2010: 0.25; 2011: 0.13. Agency: AF; 2009: 0.62; 2010: 0.83; 2011: 0.83. Agency: HHS/OS; 2009: 1.01; 2010: 1.44; 2011: 1.29. Source: GAO analysis of agency data. This figure is calculated based on requests that were granted in full, partially granted, or denied and does not include requests denied for reasons other than exemptions. [End of figure] Although components have acted to reduce the use of exemptions, a component's ability to do so can be limited because not all of the exemptions are equally discretionary. While agencies may, under the law, make discretionary disclosures of exempt information where they are not otherwise prohibited from doing so, some of the exemptions apply to categories of information that are more strictly controlled than others. For example, exemption 1 protects from disclosure properly classified national security information, exemption 3 applies to information that has been exempted from disclosure by another law, exemption 6 protects privacy interests in personal information, and exemption 7 applies to certain information compiled for law enforcement purposes. Exemptions 6 and 7 are the exemptions most frequently used by the components we studied and accounted for more than half of all exemptions reported in 2011 by those components. For all but one component, exemption 6 (privacy) was the most frequently used and it amounted to about 90 percent of CMS's exemptions. Exemption 7 was also frequently used by agency components with law enforcement responsibilities. Accordingly, given the role played by such information in the work of the components in our study, it is unlikely that they will significantly reduce the use of those more strict exemptions. For example, the Air Force cited an increase in interest in congressional travel, which required redactions for privacy and an increased use of exemption 6, and the FBI cited more requests for terrorism-related information, leading to an increase in use of exemption 7 to protect sensitive law enforcement information. Notwithstanding the impact of such exemptions, overall reductions in exemption use generally reflect an increase in discretionary disclosures across the components in our study. Agency Components Generally Make Records Available Online, but Approaches to Posting Frequently Requested Records Vary: As previously discussed, the e-FOIA amendments encourage online, public access to government information and require agencies to make specific types of records available to the public in electronic form: agency final opinions and orders, statements of policy, administrative staff manuals, and frequently requested records. In addition, memorandums from both the President and the Attorney General in 2009 highlight the importance of online disclosure and further direct agencies to make information available without a specific FOIA request. As a result of deficiencies in agencies' FOIA libraries noted by the Attorney General in 2008,[Footnote 26] OIP issued guidance to all Chief FOIA Officers to certify that they were in compliance with FOIA's requirements for posting certain categories of records online. In this guidance, OIP reiterated that "agencies should organize the records in a way that allows for efficient and easy location of specific documents," and that "agencies are obligated to not only maintain, but to continuously update, each of the four categories of reading room records." Most of the agency components we reviewed have made records available online in the four categories of required records, either in their FOIA library or elsewhere on the agency component's website. Specifically, 12 of the 16 agency components we reviewed had posted records in all four of the required categories to their FOIA libraries. In addition, 3 of the 16 agency components we reviewed had posted records in all four of the required categories in either their FOIA library or elsewhere on the agency component's website.[Footnote 27] The remaining agency component had posted records to its FOIA library in only two of the required categories; we could not locate records in the other two categories either in its FOIA library or on the agency component's website. Table 1 summarizes the extent to which the agency components we reviewed made: Table 1: Agency Information Required to be Posted Online Pursuant to the e-FOIA Amendments: Categories of required records: Agency final opinions; DOD: OSD: Required information is available in FOIA library; AF: Required information is available in FOIA library; Army: Required information is available in FOIA library; Navy: Required information is not available in FOIA library but was found on agency component's website (located through independent search); DHS: Priv: Category exists in FOIA library, but required information was not posted and was not found elsewhere; CBP: Required information is available in FOIA library; ICE: n/a; USCIS: Required information is not available in FOIA library but was found on agency component's website (located through independent search); HHS: OS: Required information is available in FOIA library; CMS: Required information is available in FOIA library; FDA: Required information is available in FOIA library; NIH: n/a; Justice: OIP: Required information is available in FOIA library; BOP: n/a; EOIR: Required information is available in FOIA library; FBI: n/a. Categories of required records: Policy statements/interpretation; DOD: OSD: Required information is available in FOIA library; AF: Required information is available in FOIA library; Army: Required information is available in FOIA library; Navy: Required information is available in FOIA library; DHS: Priv: Required information is available in FOIA library; CBP: Required information is available in FOIA library; ICE: Required information is available in FOIA library; USCIS: Required information is available in FOIA library; HHS: OS: Required information is available in FOIA library; CMS: Required information is available in FOIA library; FDA: Required information is available in FOIA library; NIH: Required information is available in FOIA library; Justice: OIP: Required information is available in FOIA library; BOP: Required information is available in FOIA library; EOIR: Required information is available in FOIA library; FBI: Required information is available in FOIA library. Categories of required records: Administrative staff manuals; DOD: OSD: Required information is available in FOIA library; AF: Required information is available in FOIA library; Army: Required information is available in FOIA library; Navy: Required information is not available in FOIA library but was found on agency component's website (located through independent search); DHS: Priv: Category exists in FOIA library, but required information was not posted and was not found elsewhere; CBP: Required information is available in FOIA library; ICE: Required information is available in FOIA library; USCIS: Required information is not available in FOIA library but was found on agency component's website (located through independent search); HHS: OS: Required information is available in FOIA library; CMS: Required information is available in FOIA library; FDA: Required information is available in FOIA library; NIH: Required information is not available in FOIA library but was found on agency component's website (located through independent search); Justice: OIP: Required information is available in FOIA library; BOP: Required information is available in FOIA library; EOIR: Required information is available in FOIA library; FBI: Required information is available in FOIA library; Categories of required records: Frequently requested records; DOD: OSD: Required information is available in FOIA library; AF: Required information is available in FOIA library; Army: Required information is available in FOIA library; Navy: Required information is available in FOIA library; DHS: Priv: Required information is available in FOIA library; CBP: Required information is available in FOIA library; ICE: Required information is available in FOIA library; USCIS: Required information is available in FOIA library; HHS: OS: Required information is available in FOIA library; CMS: Required information is available in FOIA library; FDA: Required information is available in FOIA library; NIH: Required information is available in FOIA library; Justice: OIP: Required information is available in FOIA library; BOP: Required information is available in FOIA library; EOIR: Required information is available in FOIA library; FBI: Required information is available in FOIA library. Source: GAO analysis of agency data. Notes: n/a: Not applicable--agency component stated that it does not adjudicate cases. [End of table] Specifically, DHS/Privacy's FOIA library listed all of the categories of required records, but at the time of our review, no records were posted in two of the categories: final opinions and manuals. According to an agency official, DHS/Privacy is in the process of redesigning its FOIA library and plans to address the issue in the next few months. Although we were able to locate required records in most of the agency components' FOIA libraries, we could not always easily locate records when they were posted elsewhere on the agency components' websites. For example, the components often did not provide links to required documents if they were maintained by an external office, such as the General Counsel's office for agency final opinions.[Footnote 28] In addition, not all components generate records in each required category, and they did not explain the absence of this information from their FOIA libraries. Specifically, we found that: * The USCIS FOIA library listed the four categories of records required under e-FOIA, but only provided a link to policy statements and memorandums in a "related links" sidebar. Although we were able to locate final opinions and staff manuals elsewhere on the USCIS website through an independent search, the FOIA library did not indicate that these records were available elsewhere. A USCIS FOIA official stated that the agency intends to launch a redesigned FOIA library by the end of June 2012. * Navy's FOIA library included, among other things, a number of policy memorandums; however, it did not include documents or external links to final opinions or staff manuals. An independent search of the Navy's website showed that Navy's final opinions were managed on a separate website maintained by the Navy Judge Advocate General and that staff manuals, directives, and other Navy publications could be found on a website maintained by the Secretary of the Navy. * The NIH FOIA library contained, among other things, frequently requested records, but we could not locate documents or external links related to NIH final opinions or staff manuals. An NIH official stated that the agency component does not issue final opinions. Through an independent search, we identified NIH manuals in a central database maintained by NIH's Office of Management Assessment. However, the existence of this required information was not made clear in the FOIA library; there is only a statement that encourages potential FOIA requesters to use the NIH search engine to locate information. * ICE's FOIA library included policy statements, staff manuals, and frequently requested records. However, we could not locate records related to agency final opinions, either in the FOIA library or elsewhere on ICE's website. ICE's FOIA Officer stated that the agency does not issue final opinions and therefore has no records to post. In response to our assessment, ICE has posted information to its FOIA library stating that final opinions related to immigration cases are handled by EOIR. * The FBI's main FOIA web page acknowledged that the agency is required to make certain categories of records available in its FOIA library; it also stated that there were no records available in two categories: agency policy statements and final opinions. However, during our review, we were able to locate one policy statement posted in the FOIA library. FBI's Section Chief, Records Management, stated that the FBI does not issue agency final opinions. In response to our assessment, FBI has updated its main FOIA webpage to provide a link to relevant policies that are available online. Agency Components Have Taken Varied Approaches to Identifying Frequently Requested Records: As noted in table 1, all of the agency components in our review have met the requirement for posting frequently requested records to their FOIA libraries: that is, records that have become or are likely to become of significant interest to the public. In addition, we found that agency components have taken a variety of approaches to identify and manage frequently requested records. This has resulted in differences among agency components in the type and volume of frequently requested records that have been made available to the public. During our review, we identified several agency components whose proactive efforts to release records--through the use of formal policies and procedures, technology improvements, and management initiatives to release more information--have resulted in comprehensive FOIA libraries. For example, * Air Force has established a formal policy to post all records released under FOIA to its FOIA library, with the exception of records that include personally identifiable information. An Air Force official stated that as a result of this policy, the Air Force continuously reviews and updates the contents of its FOIA library, which contained 5,211 records in 41 subject categories, as of June 2012. These categories range from Air Force contracts to radar data to information on congressional travel. Records are managed in an online searchable database, and the public can locate records by name, category, or date posted. * OSD/JS has implemented a procedure to post all records released under FOIA to its FOIA library.[Footnote 29] An OSD/JS official stated that the office has a team dedicated to managing postings to the FOIA library, and, in addition to releasing all FOIA-processed records, it also proactively releases FOIA logs[Footnote 30] and inventories of OSD/JS records stored at the Washington National Records Center. OSD/JS officials reported in June 2012 that the library contained about 3,700 records in eight subject categories and includes, for example, documents related to homeland defense, U.S. foreign policy, and defense research projects. In addition, OSD/JS maintains a directory of frequently requested documents in 10 categories, including, for example, historical and current contracts for eight DOD components.[Footnote 31] OSD/JS also offers a service of providing e- mail notifications to subscribers when new records are posted to the FOIA library. * As of June 2012, FBI's FOIA library, the Vault, contained 6,656 records in 20 subject categories, such as current events, organized crime, and civil rights. The Vault contains historical FBI investigation files and internal memorandums on a variety of topics and individuals, as well as media coverage files, images, and video. FBI's Section Chief, Records Management stated that after establishing the Vault, FBI worked with Google to optimize the site's search capabilities. In addition, the agency recently implemented technology improvements to the Vault that will help them continue to expand the number of records available and allow the public to more easily view and search within files online. FBI also provides e-mail updates to subscribers when new information is posted to its website. * In 2011, CMS redesigned its FOIA library to make it easier for the public to locate information that was already available online through the efforts of various CMS components. Specifically, CMS has created an A to Z subject index of frequently requested information that currently contains 88 subject area categories. These include tools to compare data on hospitals, nursing homes, and Medicare plans; data sets and statistics on Medicaid; and various fee schedules. CMS's FOIA library also provides access to an online tool for downloading personal Medicare claims, their most common FOIA request.[Footnote 32] In addition, since 2011, CMS has required the directors of its centers and program offices to identify semi-annually at least three categories of frequently requested information to add to the A to Z subject index. * FOIA processing at FDA is decentralized across seven major centers, and each of these centers is responsible for identifying and posting frequently requested records to its FOIA library. FDA has broad initiatives to release information proactively online, and FDA's FOIA director estimated that the agency has posted about 360,000 documents and 66 searchable databases to its website.[Footnote 33] In addition, FDA's FOIA director noted that FDA has seen a steady reduction in the number of FOIA requests it has received over the last eleven years: in 2000 FDA received about 25,000 requests, and in 2011 it received 9,301 requests. He stated that this reduction is a direct result of their extensive online library and commitment to proactively releasing information. By contrast, our review of FOIA libraries also identified several agency components that have not taken sufficient action to identify and manage frequently requested records. As a result, these agency components may not be posting all records of significant public interest online. Specifically, * Army's FOIA library has been clearly organized by the four required categories of records established by e-FOIA and includes 23 topic headings in the frequently requested records section. However, at the time of our review, several of these categories did not contain records, and several categories contained only one record.[Footnote 34] In addition, the frequently requested topic headings posted online were different from those generated by the Army's FOIA IT system that were provided to us and which we were told were used to manage online releases. Further, according to results from the FOIA library's search engine, the most current document posted dates to June 2, 2011--over a year ago.[Footnote 35] An Army official stated that Army defers to its 300 components to identify and provide copies of records appropriate for release in the library. In addition, Army typically reviews the content of its FOIA library only once a year. * During our review, we found that the Navy's FOIA library contained few frequently requested records. It consisted primarily of the Navy's purchase card holder list, five documents related to the department's use of depleted uranium, and a fact sheet on UFOs. The Navy has also posted a document with a list of "Top 10 Topics" that provides general instructions on how to request certain types of information such as military or investigation records. An official from Navy's FOIA office stated that the staff reviews the FOIA library quarterly, but they have not developed policies or procedures to actively identify and manage frequently requested records. She further noted that restrictions on server space also limit the office's ability to post documents to its FOIA library. * During our review, the USCIS FOIA library consisted of six frequently requested records: the USCIS FOIA logs, which are updated monthly; two internal memorandums; John Lennon's alien file, which is broken into 84 separate documents; a collection of eight documents related to USCIS's Immigrant Investor Program; and a reference guide for an IT system. In a separate area of its website, USCIS also listed its contracts, as was required by DHS's Chief FOIA Officer in 2009. [Footnote 36] However, we identified only five contracts that were awarded between July 2003 and October 2009. During a March 2012 interview, agency officials acknowledged these deficiencies and stated that they were working to redesign their FOIA library. In June 2012, a USCIS FOIA official stated that the agency plans to launch a new FOIA library by August 2012. A number of factors have contributed to the differences in agency components' ability to post frequently requested records to their FOIA libraries. Some agencies do not disclose as many records to the public due to the types of FOIA requests they receive. Specifically, officials at 7 of the 16 agency components we reviewed stated that the majority of their FOIA requests are for records about the requesters themselves, such as prison records, immigration files, or personal medical information. These types of records are rarely requested multiple times, and as a result, the agency components may find they have fewer frequently requested records appropriate for release in their FOIA library. However, the strongest indicator among the agency components with comprehensive FOIA libraries is that they have taken a proactive approach to ensuring that records of significant public interest are posted online. These agency components, for example, have established policies and procedures to identify records, continuously review their FOIA library to ensure that content is current, or have aligned their FOIA-related efforts with the agency's broader initiatives to release information online. As a result, these agency components have established comprehensive FOIA libraries. Furthermore, as described by one agency component, this commitment to consistently releasing information online has contributed to a decrease in the number of new requests over time. Those agency components with sparsely populated FOIA libraries may not be posting all records of significant public interest online, or available information may be difficult to locate. This can result in increased FOIA requests, which in turn can contribute to increased backlogs and administrative costs. Agency Components Have Implemented Technology to Support FOIA Processing to Varying Degrees: Agency components have implemented technology capabilities to support FOIA processing. However, the extent to which they have implemented capabilities that are considered to be best practices varies. Also, most agency components use FOIA processing systems that do not electronically exchange data. Agency Components Have Systems to Process and Track FOIA Requests, but Implementation of Additional Capabilities Varies: Almost all agency components that we reviewed (15 of the 16) are implementing most of the 13 technology capabilities considered to be best practices for FOIA processing.[Footnote 37] Table 2 summarizes the agency components' implementation of best practices capabilities. Table 2: Detailed View of Agency Components' Implementation of FOIA Capabilities: Technology capabilities: Single tracking system; DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is currently implemented; Navy: Capability is partially implemented; DHS: Priv: Capability is currently implemented; CBP: Capability is currently implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is partially implemented; FDA: Capability is currently implemented; NIH: Capability is currently implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Technology capabilities: Accept request online; DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is currently implemented; Navy: Capability is currently implemented; DHS: Priv: Capability is currently implemented; CBP: Capability is currently implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is currently implemented; FDA: Capability is currently implemented; NIH: Capability is currently implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Technology capabilities: Assign request tracking number and track status; DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is currently implemented; Navy: Capability is currently implemented; DHS: Priv: Capability is currently implemented; CBP: Capability is currently implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is currently implemented; FDA: Capability is currently implemented; NIH: Capability is currently implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Technology capabilities: Route request to responsible office; DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is currently implemented; Navy: Capability is partially implemented; DHS: Priv: Capability is currently implemented; CBP: Capability is currently implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is currently implemented; FDA: Capability is currently implemented; NIH: Capability is currently implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Technology capabilities: Ability to multitrack requests (simple, complex, expedited); DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is currently implemented; Navy: Capability is partially implemented; DHS: Priv: Capability is currently implemented; CBP: Capability is currently implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is currently implemented; FDA: Capability is currently implemented; NIH: Capability is currently implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Technology capabilities: Store and route electronic records; DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is partially implemented; Navy: Capability is not implemented; DHS: Priv: Capability is not implemented; CBP: Capability is not implemented; ICE: Capability is not implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is currently implemented; FDA: Capability is currently implemented; NIH: Capability is not implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Technology capabilities: Electronic redaction capabilities; DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is currently implemented; Navy: Capability is currently implemented; DHS: Priv: Capability is currently implemented; CBP: Capability is currently implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is currently implemented; FDA: Capability is currently implemented; NIH: Capability is currently implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Technology capabilities: Calculate and record processing fees; DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is currently implemented; Navy: Capability is currently implemented; DHS: Priv: Capability is not implemented; CBP: Capability is currently implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is currently implemented; FDA: Capability is currently implemented; NIH: Capability is currently implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Technology capabilities: Review the case file to approve redactions and fee calculations; DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is partially implemented; Navy: Capability is not implemented; DHS: Priv: Capability is not implemented; CBP: Capability is not implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is currently implemented; FDA: Capability is currently implemented; NIH: Capability is not implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Technology capabilities: System-generated correspondence with requesters; DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is currently implemented; Navy: Capability is partially implemented; DHS: Priv: Capability is not implemented; CBP: Capability is not implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is currently implemented; FDA: Capability is currently implemented; NIH: Capability is currently implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Technology capabilities: Requester's ability to track status online; DOD: OSD: Capability is not implemented; AF: Capability is currently implemented; Army: Capability is not implemented; Navy: Capability is not implemented; DHS: Priv: Capability is not implemented; CBP: Capability is not implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is not implemented; CMS: Capability is currently implemented; FDA: Capability is not implemented; NIH: Capability is not implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is not implemented; EOIR: Capability is not implemented; FBI: Capability is currently implemented. Technology capabilities: Track appeals electronically; DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is currently implemented; Navy: Capability is currently implemented; DHS: Priv: Capability is currently implemented; CBP: Capability is currently implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is currently implemented; FDA: Capability is currently implemented; NIH: Capability is currently implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Technology capabilities: Generate periodic report statistics; DOD: OSD: Capability is currently implemented; AF: Capability is currently implemented; Army: Capability is currently implemented; Navy: Capability is partially implemented; DHS: Priv: Capability is currently implemented; CBP: Capability is currently implemented; ICE: Capability is currently implemented; USCIS: Capability is currently implemented; HHS: OS: Capability is currently implemented; CMS: Capability is partially implemented; FDA: Capability is currently implemented; NIH: Capability is currently implemented; Justice: OIP: Capability is currently implemented; BOP: Capability is currently implemented; EOIR: Capability is currently implemented; FBI: Capability is currently implemented. Source: GAO analysis of agency data. [End of table] As the table reflects, 4 of the 16 agency components have implemented all of the technology capabilities for processing and tracking FOIA requests. Specifically, the Air Force, USCIS, OIP, and FBI use a single tracking system that enables agency officials to track the status of the request; store, route, and redact responsive records; and review the case file to approve redactions and fee calculations electronically. These agency components are also able to generate annual reports and monthly backlog statistics. Further, these components have implemented capabilities that enable requesters to submit a request through an online form or e-mail and track the status of their request online. Five agency components have implemented all of these capabilities except the one that allows requesters to track the status of their FOIA request online. The reasons why they have not implemented this capability include the following: * OSD/JS officials stated that they have not implemented this capability because their tracking system is located on a classified network. Although OSD/JS has developed an application that will link to its tracking system and will allow a requester to track his or her request online, it is in the process of ensuring that the appropriate security measures have been put in place before the application is available. OSD/JS intends to have this capability implemented by October 2012. * HHS reported that two of its components--OS and FDA--have not yet implemented the capability that allows a requester to track the status of a request online. HHS/OS officials could not provide a time frame for when this activity would be completed and stated that their FOIA website encourages requesters to contact FOIA personnel, through phone or e-mail, regarding the status of their request, which allows them to clarify any misunderstanding regarding it. FDA officials stated that because of the component's decentralization, and the complexity and volume of records, it is more productive to discuss requests directly with the requester via telephone. * At Justice, BOP officials indicated that they intend to have this capability implemented by October 2012. Additionally, ICE has implemented all of the capabilities but the one associated with enabling agency officials to store and route electronic records. According to ICE officials, their tracking system would not be suitable for storing and routing electronic records and reviewing and approving the electronic case file because the system was not designed to handle these capabilities and would run extremely slowly when tracking a FOIA request. ICE officials stated that they are currently in the process of researching systems that will provide these capabilities. CMS has implemented all but two capabilities. Specifically, it has not fully implemented a single tracking system or the capability to generate periodic report statistics, such as monthly backlog and annual report data. According to CMS officials, while they can track most FOIA cases through their tracking system, contractors do not have access to the system and, instead, track their cases using Microsoft Access, Excel, or other tools. CMS cited challenges in compiling the annual report because it has to use these multiple contractor systems to compile data for the report. Officials stated that they intend to deploy a single tracking system to 21 contractors that handle Medicare administration by the end of fiscal year 2012. Army and NIH have implemented all but three capabilities. Specifically, they have not fully implemented the capabilities that enable agency officials to store and route electronic records and to review the case file to approve redactions and fee calculations, or that allow requesters to track the status of their request online. Army officials stated that they are currently in the process of researching systems that will provide these capabilities. In addition, NIH officials stated that their tracking system does not perform FOIA workflow processing, such as storing and routing electronic records. The officials also stated that they are currently in the process of researching systems that will provide these capabilities. CBP has implemented all but four capabilities, and DHS/Privacy has implemented all but five capabilities. CBP and DHS/Privacy have not implemented the capabilities that enable agency officials to store and route electronic records, review the case file to approve redactions and fee calculations, generate system correspondence with requesters, or allow a requester to track the status of his or her request online. Further, DHS/Privacy has not implemented a technology capability to calculate and record processing fees. According to CBP officials, they are in the process of researching various FOIA systems that have these capabilities and expect to obligate funds for a tracking system that includes them by October 2012. DHS/Privacy officials attribute challenges in implementing the missing technology capabilities to the fact that, at the time the tracking system was implemented, it fulfilled the general tracking needs of the office based on a relatively limited number of requests. However, as the number of requests has increased and the requests have become more complex, DHS/ Privacy has realized the need for a system that can conduct processing capabilities, such as storing and routing electronic records. DHS/ Privacy officials stated that the office intends to implement a system that fulfills the missing technology capabilities by October 2012. Navy has fully implemented only five capabilities. Specifically, it has not fully implemented a single tracking system or the capability to, among other things, multi-track and route requests to the responsible office and generate periodic report statistics. Navy officials attributed challenges to implementing the missing technology capabilities to their reengineering of FOIA processes to identify areas of inefficiencies and stated that they expect to implement a departmentwide system that includes the missing technology capabilities by October 2012. Although OGIS, in conjunction with the EPA and Department of Commerce, identified capabilities to enhance FOIA processing, there is not a requirement for agencies and their components to ensure that their FOIA systems implement these capabilities. Nevertheless, without determining which of the capabilities have the potential to improve their FOIA processing and establishing plans to implement the capabilities, the agency components are likely missing opportunities to improve the efficiency with which they process FOIA requests. Most Agency Components Use FOIA Processing Systems that Do Not Electronically Exchange Data: Effective IT management practices encourage agencies to share common systems to promote interoperability (generally, the ability of systems to exchange data).[Footnote 38] However, the agency components we studied within DHS, DOD, HHS, and Justice use FOIA processing systems that do not electronically exchange data. The use of different systems can increase the time for an agency component to refer a FOIA request to another agency or to consult with other components in addressing a request because they either have to e-mail, mail, or send paper-based referrals and consultations via courier to other agency components for processing.[Footnote 39] For example, referrals and consultations within HHS have to be mailed or e-mailed between its agency components, including NIH, FDA, and CMS. Further, OSD/JS officials noted that routing referrals and consultations among and within its components is not automated among their existing systems. Consequently, referrals and consultations within DOD must be mailed or e-mailed between components, including Air Force, Army, and Navy. According to OSD/JS officials, the department currently has an initiative under way to address transferring the documents associated with interagency referrals and consultations electronically: the Enterprise Referral Process Tool. DOD developed the tool to support transmitting documents between its components when there is a need to refer or consult with other FOIA offices on the disposition of a document requested under FOIA. Instead of needing to attach voluminous documents within an e-mail, the documents can be uploaded to an online system and a link to the location of the documents is provided to the recipient. Department officials stated that this system is currently being used throughout DOD. The department has also partnered with OIP and NARA to encourage other federal agencies to use this system. Nevertheless, while this system facilitates the exchange of documents associated with a referral or consultation, it does not address the lack of interoperability among its components' tracking systems and the fact that routing referrals and consultations across DOD is not automated through existing systems. The inability of agency FOIA processing systems to electronically exchange data also complicates the compiling of agency annual FOIA reports. For example, DOD, DHS, and HHS officials reported that they conduct data calls to their various components to retrieve annual report data from their various FOIA tracking systems. To address this situation, DOD is in the process of developing a unified annual report system that is expected to be used by all DOD components to submit and compile their annual report data by November 2012. In addition, according to DHS officials, they are planning to implement a departmentwide system by October 2013. HHS officials stated that they could not provide plans or a potential time frame for when this need will be addressed. Further, according to Navy and CMS officials, these agency components have encountered similar challenges in compiling data for the annual report because they have not implemented a single tracking system and must compile data from their various subcomponent or contractor systems. Officials from DHS, DOD, HHS, and Justice attributed the inability of FOIA processing systems to electronically exchange data to the fact that there is neither a requirement nor a centralized authority responsible for ensuring that FOIA tracking systems are interoperable across and within agency components. They also pointed to the fact that implementation of FOIA is decentralized and occurs at the agency component level, instead of the department level, which contributes to the current environment of different, non-interoperable agency component tracking systems. Specifically, DOD officials noted that the classified records in the component FOIA processing systems preclude them from being interoperable with non-classified systems. Therefore, classified systems can only be interoperable with other classified systems. This notwithstanding, without identifying potential approaches to electronically exchanging data among their systems, agencies and their components will likely continue to face difficulties in conducting key FOIA activities, including processing interagency referrals and electronically compiling their annual reports. Conclusions: The agency components we studied have taken a variety of actions, subsequent to the Attorney General's March 2009 memorandum, to improve their FOIA programs. Despite these actions, they have achieved mixed results with respect to reducing their backlogs and use of exemptions. Agencies' mixed results with respect to reducing FOIA backlogs and use of exemptions illustrate the importance of their continuing to take the actions we identified to sustain progress and realize additional improvements in these areas. Agency components are generally making records available to the public online, either in their FOIA libraries or elsewhere on their agency websites, although the records may not be easy for the public to locate. Agency components have employed a variety of approaches, including frequent content reviews, to proactively manage their libraries. However, not all agency components are ensuring that frequently requested records are identified and posted online, which has resulted in a handful of FOIA libraries with little content and may lead to recurring FOIA requests for the same information and the administrative costs of processing them. While the agency components in our review have implemented FOIA processing systems that include best practice capabilities to varying degrees, their systems do not electronically share data. Implementation of the remaining capabilities and enabling the electronic exchange of data among FOIA processing systems present potential opportunities for agencies to improve the efficiency of their FOIA processing. Recommendations for Executive Action: To improve the management of FOIA processing, we recommend that the Secretaries of DHS, DOD, and HHS and the Attorney General direct their respective Chief FOIA Officers take the following five actions: * Ensure that the agency components within their departments, as needed, take actions--report backlog status, redirect resources, change procedures, and negotiate to simplify requests--to reduce their backlogs of FOIA requests. * Ensure that the agency components within their departments, as appropriate, conduct training, perform foreseeable harm analyses, complete reviews, comply with the Milner decision, and distribute guidance to reduce their use of exemptions. * Ensure that the agency components within their departments address the deficiencies in their FOIA libraries by making required categories of records easier to locate, clearly indicating when records in required categories do not exist, and expanding the content of FOIA libraries. * Evaluate whether the agency components within their departments could improve the efficiency of their FOIA processing by implementing each of the technology capabilities that they do not already have. * Identify and evaluate potential approaches (e.g., enhancements to or replacement of existing systems) for enabling the electronic exchange of data between the FOIA processing systems of the agency components within their departments. Agency Comments and Our Evaluation: We received written comments on a draft of this report from the four agencies to which we made recommendations--DHS, DOD, HHS, and Justice-- and from NARA. In these comments, the four agencies agreed or generally agreed with our recommendations. In addition, NARA characterized our report as helpful and said it will greatly assist OGIS in its review activities. The comments of the agencies are summarized below: * The Director of DHS's Departmental GAO-OIG Liaison Office stated that the department concurred with our recommendations and described actions DHS has taken or plans to take to address them. For example, the Director stated that the department is committed to reducing the backlog of FOIA requests by implementing actions, such as coordinating and reviewing its components' FOIA processes and detailing FOIA specialists to components experiencing difficulty in reducing their backlogs. DHS's comments are reprinted in appendix III. * The Chief of DOD's Freedom of Information Division stated that the department concurred with our recommendations and described efforts underway or planned to address them. Among these actions, the Chief stated that the department will evaluate the technology gaps identified by GAO no later than June 30, 2013. The department is also in the process of forming a technology working group to address various technology options. DOD's comments are reprinted in appendix IV. * HHS's Assistant Secretary for Legislation stated that the department concurred with our recommendations and described steps taken, underway, or planned to address them. For example, according to the Assistant Secretary, HHS FOIA officials attended training sessions sponsored by Justice and, in turn, provided in-house training to FOIA analysts on changes in case law and disclosure analysis. Further, department FOIA officials elicited the support of program staff to clarify complex program related issues, which enabled the FOIA staff to complete cases involving complex requests quicker. HHS's comments are reprinted in appendix V. * The Director of Justice's Office of Information Policy stated that the department generally agreed with our recommendations and described actions that OIP has taken or is taking. Among these actions, the Director stated that OIP recently designed its FOIA library to make the information and guidance it provides to the public more user- friendly and easier to locate. The new FOIA library separates documents into two functional categories: Operational Documents and FOIA-processed Documents. In addition, the Director stated that OIP's website explains to the public that operational documents include policy statements, staff manuals, final opinions, and orders. The website also explains that the FOIA-processed documents are those that have been disclosed in response to a FOIA request and have either been frequently requested or have been determined to likely be of interest to the public. The Director added that OIP is working with all of the department's components to similarly organize their FOIA libraries in a format that will be useful to the public. Further, OIP plans to issue additional guidance in the upcoming months on proactive disclosures and maintenance of FOIA libraries. Justice's comments are reprinted in appendix VI. * The Archivist of the United States said that the draft report highlighted factors that can make a critical difference in the success of agencies in making records available to the public and pointed out opportunities for agencies to take advantage of technology to improve their efficiencies in processing requests. According to the Archivist, NARA hopes that the FOIA Module, the multi-agency FOIA processing and tracking system sponsored by NARA, EPA, and Commerce that will launch on October 1, 2012, will lead the way in providing a shared service that has the technology capabilities identified by the draft report. NARA's comments are reprinted in appendix VII. The agencies also provided technical comments, which we have incorporated as appropriate. As agreed with your offices, unless you publicly announce the contents of this report earlier, we plan no further distribution of this report until 30 days from the date of this report. At that time, we will send copies of this report to the Secretaries of Defense, Homeland Security, and Health and Human Services, the Attorney General, appropriate congressional committees, and other interested parties. In addition, the report is available at no charge on the GAO website at [hyperlink, http://www.gao.gov]. If you or your staff have questions about this report, please contact me at (202) 512-6304 or melvinv@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Key contributors to this report are listed in appendix VIII. Signed by: Valerie C. Melvin: Director, Information Management and Technology Resources Issues: [End of section] Appendix I: Objectives, Scope, and Methodology: Our objectives were to determine: (1) What actions have agencies taken to manage their Freedom of Information Act (FOIA) programs, including reducing backlogs and the use of exemptions, pursuant to the Attorney General's 2009 FOIA guidelines, and what have been the results of these actions? (2) What actions have agencies taken to make records available to the public by electronic means, pursuant to the e-FOIA amendments of 1996? (3) To what extent have agencies implemented technology to support FOIA processing? To inform our work, we reviewed our prior reports, FOIA and related legislation, policies and guidance issued by the Attorney General and the Office of Management and Budget, and best practices compiled by the National Archives and Records Administration (NARA) and the Department of Justice (Justice). To address the objectives, we analyzed published statistics and documents, such as agency FOIA reports, and conducted interviews with responsible officials at the four federal agencies that received the most requests and that collectively received more than 50 percent of all requests during fiscal year 2010: the Departments of Homeland Security (DHS), Defense (DOD), Health and Human Services (HHS), and Justice. Because FOIA processing at these agencies is decentralized to the agency component level, we analyzed the policies, oversight, and processing activities of each agency's central FOIA office and of the three components of each agency that received the most requests, as described below: * The DHS agency components are the Privacy Office (DHS/Privacy), which functions as the department's central FOIA office, in addition to the U.S. Citizenship and Immigration Service (USCIS), Immigration and Customs Enforcement (ICE), and U.S. Customs and Border Protection (CBP). * The DOD agency components are the Office of the Secretary of Defense and the Joint Staff (OSD/JS), which processes FOIA requests within the department's central FOIA office, in addition to the Departments of the Army, Navy, and Air Force. * The HHS agency components are the Office of the Secretary (HHS/OS), which functions as the department's central FOIA office, in addition to the Centers for Medicare & Medicaid Services (CMS), the Food and Drug Administration (FDA), and the National Institutes of Health (NIH). * The Justice agency components are the Office of Information Policy (OIP), which functions as the department's central FOIA office, in addition to the Federal Bureau of Investigation (FBI), the Federal Bureau of Prisons (BOP), and the Executive Office for Immigration Review (EOIR). For each agency, the four related agency components collectively accounted for at least half of FOIA requests received by the parent agency (at least 90 percent for both DHS and HHS). To determine what actions agencies have taken to manage their FOIA programs, including reducing backlogs and the use of exemptions, and what the results of these actions have been, we examined agencies' annual FOIA reports for the years 2009 to 2011 and Chief FOIA Officer reports for the years 2010 to 2012. In particular, we analyzed data on backlogs and exemptions from FOIA.gov. Specifically, we compared agency component backlogs over time. We also interviewed officials to determine external factors affecting backlogs, such as changes in workload, and to identify specific practices that were helpful in managing backlogs, as well as challenges. For example, we examined periodic reports, such as monthly backlog reports by FOIA offices to management to determine what use agencies and components were making of quantitative data in managing their backlogs. We also analyzed statistics on agency components' use of FOIA exemptions from FOIA.gov and assessed whether agencies were using them less often. We interviewed agency and component FOIA officials and collected documentation to determine what specific steps agencies had taken to reduce the use of exemptions. We reviewed documentation of these steps, including guidance, training materials, policies, procedures, plans, and objectives from agencies' central FOIA offices and agency components. We also interviewed agency officials to determine what other factors might have influenced the use of exemptions. Our recent evaluation of FOIA.gov determined that the data on the website are generally reliable.[Footnote 40] To determine what agency components are doing to make records available to the public by electronic means pursuant to the e-FOIA amendments of 1996, we reviewed the contents of the 16 agency components' websites for the existence of information required to be posted online. These reviews were conducted between April and June 2012. First, we attempted to locate the four categories of required information by starting from the agency component's dedicated FOIA website; more specifically, the subsection of the FOIA website called "FOIA library" or "electronic reading room." If an item could not readily be found in the FOIA library, we attempted to locate the item elsewhere on the agency component's website by using the search engine, or by browsing through the different sections of the website (e.g., we reviewed agency components' Office of General Counsel websites to look for agency final opinions). During this website review, we attempted to establish whether or not information corresponding to a required category was available online; we did not evaluate the merits or adequacy of the information that was posted. For each agency component, we determined whether the required information was: * available in the agency component FOIA library; * not available in the agency component FOIA library, but found elsewhere on the agency component's or agency's website through an independent search; * not available in the agency component FOIA library, and not found elsewhere on the agency component's or agency's website; or: * not applicable to the particular agency component. To evaluate the frequently requested records available in agency components' FOIA libraries, we reviewed OIP guidance on proper implementation and management of a FOIA library, reviewed agency policies and procedures for identifying and managing information in their library, and viewed the contents of the records that had been posted. We also interviewed officials at agency components to understand how records are identified and managed within the library, and how often library contents are reviewed and updated. In addition, we counted the number of artifacts posted to the library, or used the library's search engine to locate available records. To determine the extent to which agencies implemented technology to support FOIA processing, we assessed the capabilities of agencies' central offices and their components' tracking systems. We viewed demonstrations of tracking systems and obtained documentation, such as user manuals and screen prints. We compared capabilities of these systems to relevant legislation, policy guidance, and best practices on improved use of technology (e.g., OPEN Government Act, Attorney General's March 2009 memorandum, NARA/OGIS best practices). We also reviewed agency policies and procedures related to using technology to manage, track, and fulfill requests. We interviewed agency and OGIS officials for further information on how they use technology to gather information on agency plans to implement or enhance FOIA processing. We conducted our work from September 2011 to July 2012 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. [End of section] Appendix II: Freedom of Information Act Exemptions: The act prescribes nine specific categories of information that are exempt from disclosure. Exemption number: (1); Matters that are exempt from FOIA: (A) Specifically authorized under criteria established by an Executive Order to be kept secret in the interest of national defense or foreign policy and (B) are in fact properly classified pursuant to the Executive Order. Exemption number: (2); Matters that are exempt from FOIA: Related solely to the internal personnel rules and practices of an agency. Exemption number: (3); Matters that are exempt from FOIA: Specifically exempted from disclosure by statute (other than section 552b of this title), provided that such statute (A) requires that matters be withheld from the public in such a manner as to leave no discretion on the issue or (B) establishes particular criteria for withholding or refers to particular types of matters to be withheld. Exemption number: (4); Matters that are exempt from FOIA: Trade secrets and commercial or financial information obtained from a person and privileged or confidential. Exemption number: (5); Matters that are exempt from FOIA: Interagency or intra-agency memorandums or letters that would not be available by law to a party other than an agency in litigation with the agency. Exemption number: (6); Matters that are exempt from FOIA: Personnel and medical files and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy. Exemption number: (7); Matters that are exempt from FOIA: Records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information... Exemption number: (7)(A); Matters that are exempt from FOIA: Records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information could reasonably be expected to interfere with enforcement proceedings. Exemption number: (7)(B); Matters that are exempt from FOIA: Records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information would deprive a person of a right to a fair trial or impartial adjudication. Exemption number: (7)(C); Matters that are exempt from FOIA: Records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information could reasonably be expected to constitute an unwarranted invasion of personal privacy. Exemption number: (7)(D); Matters that are exempt from FOIA: Records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information could reasonably be expected to disclose the identity of a confidential source, including a state, local, or foreign agency or authority or any private institution which furnished information on a confidential basis, and, in the case of a record or information compiled by a criminal law enforcement authority in the course of a criminal investigation or by an agency conducting a lawful national security intelligence investigation, information furnished by confidential source. Exemption number: (7)(E); Matters that are exempt from FOIA: Records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law; or. Exemption number: (7)(F); Matters that are exempt from FOIA: Records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information could reasonably be expected to endanger the life or physical safety of an individual. Exemption number: (8); Matters that are exempt from FOIA: Contained in or related to examination, operating, or condition of reports prepared by, on behalf of, or for the use of an agency responsible for the regulation of supervision of financial institutions. Exemption number: (9); Matters that are exempt from FOIA: Geological and geophysical information and data, including maps, concerning wells. Source: 5 U.S.C. § 552(b)(1) through (b)(9). [End of table] [End of section] Appendix III: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, D.C. 20525: July 20, 2012: Valerie C. Melvin: Director, Information Management and Technology Resources Issues: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Re: Draft Report GAO-12-828, "Freedom of Information Act: Additional Actions Can Strengthen Agencies' Efforts to Improve Management" Dear Ms. Melvin: Thank you for the opportunity to review and comment on this draft report. The U.S. Department of Homeland Security (DHS) appreciates the U.S. Government and Accountability Office's (GAO's) work in planning and conducting its review and issuing this report. The Department appreciates GAO's recognition of the significant enhancements made to the DHS Freedom of Information Act (FOIA) program since 2009. Regularly apprising senior management of the status of the Department's backlog, leveraging resources, streamlining operating procedures, and negotiating with requesters to simplify requests has facilitated a 43-percent reduction in backlogged requests from 74,879 in Fiscal Year (FY) 2008 to 42,417 in FY 2011. It is important to note, however, that during FY 2011, DHS received an unprecedented 175,656 requests—more than any federal agency has ever received in a single fiscal year—representing an increase of 35 percent, from the number of requests received during FY 2010. DHS is committed to processing all FOIA requests received as efficiently and effectively as possible, given available resources. The draft report contained five recommendations with which the Department concurs, Specifically, GAO recommended that the Secretary of Homeland Security direct the DIIS Chief FOIA Officer to: Recommendation 1: Ensure that the agency components within their departments, as needed, take actions—report backlog status, redirect resources, change procedures, and negotiate to simplify requests—to reduce their backlogs of FOIA requests. Response: Concur. DHS is committed to reducing its backlog of FOIA requests; it is of paramount importance. Actions taken by the Privacy Office to address the FOIA backlog, including coordinating and reviewing Components' FOIA processes detailing FOIA Specialists to Components having difficulty in reducing their backlogs, most recently to U.S. Customs and Border Protection (CBP) in June 2012, and reviewing actions by other agencies that successfully reduced their backlogs (such as United States Citizenship and Immigration Services). The DHS caseload, to include the backlog, is monitored at both the Component and the Headquarters levels and monthly data arc submitted to the DHS Chief FOIA Officer. A recently implemented procedural change throughout the Department that has brought about immediate reporting changes was the issuance of guidance that directed Components that receive a "misdirected" FOIA request to forward it as quickly as possible. For reporting purposes, when a Component receives a misdirected request and then forwards that request to another Component for response, the forwarding Component will not log the request as its own, instead the responding Component will do so. As a standard practice, Component- and the Headquarters-level FOIA Officers negotiate with volume requesters to cut down the workload. Recommendation 2: Ensure that the agency components within their departments, as appropriate--conduct training, perform foreseeable harm analyses, complete reviews, comply with the Milner decision, and distribute guidance—to reduce their use of exemptions. Response: Concur. Training and education promote the principles of transparency and openness among DHS staff. They also provide a mechanism to standardize FOIA practices and ensure excellence across the Department. Over the past 2 years, the Privacy Office has provided training on such topics as the application of Exemption 2 in the wake of the U.S. Supreme Court's Milner decision and the appropriate use of Exemptions 5, 6, and 7. Significantly improved policy and guidance now undergird DHS ROTA operations, given the direction established by DI- IS leadership since 2009. Well-trained professionals are critical to the Department's ability to advance openness through discretionary releases, particularly when identifying suitable records and applying the standard of foreseeable harm. With the narrowing of Exemption (b)(2), which protects internal personnel rules and practices, DHS as a whole has begun the discretionary release of information that (h)(2) previously could have been denied. For example, CBP and the U.S. Secret Service recently released material that could have been withheld pursuant to Exemption (b)(7)(I3); and the Federal Law Enforcement Training Center, U.S. Immigrations and Customs Enforcement (ICE), and the DHS Directorate for Management. among others, released records eligible for exemption under (b)(5). In addition, the overall DLLS Exemption 5 usage (by percentage) went down in FY 2011 to 32 percent of all cases where• records were reviewed, compared to 50 percent for FY 2008. Recommendation 3: Ensure that the agency components within their departments address the deficiencies in their FOIA libraries by making required categories of records easier to locate, clearly indicating when records in required categories do not exist, and expanding the content of FOIA libraries. Response: Concur. During FT 2012, the Privacy Of redesigned its public- facing Website with an eye toward usability. The new site, launched in April 2012, features a simplified menu and graphic links to rich content. Detailed information explains how to submit a FOIA request and where to direct it, while a link off the index page enables requesters to check the status of submitted requests. The heart of the site is the FOIA Library, which the Privacy Office reorganized and expanded to help users more easily find the information they seek. The FOIA Library groups documents by type, gives prominence to recent releases, and features regularly updated material. Further refinements will be completed, however, to expand the content of the DHS FOIA Library and Component MIA Libraries in the upcoming months. Much information resides on DNS Websites, including material previously only available through a formal FOIA request (e.g., historical documents, daily schedules of senior leaders, management directives, contracts, memoranda related to FOIA operations, and procurement records that include awards, orders, solicitations, and purchase cardholder lists). All Components post their FOIA logs. This year, ICE added detention facility inspections and statistics related to immigration to the list; the U.S. Coast Guard posted safety investigations and mishap reports; and the U.S. Transportation Security Administration disseminated videos of incidents having high public interest. The list of CBP information below illustrates the depth and breadth information currently available online: * Office of Air and Marine in the News: [hyperlink, http://www.cbp.gov/xp/cgov/border_security/air_marine/oam_news.11.xml]; * U.S. Border Patrol in the News [hyperlink, [http://www.cbp.gov/xp/cgov/border_security/border_patrol/press_announce _1p.xml]; * U.S. Border Patrol Statistics [hyperlink, (http://www.cbp.gov/xp/cgov/cgov/border_security/border_patrol/usbp_stat istics]; and; * Essential forms [hyperlink, http://www.cbp.gov/xp/cgov/travel/id_visa/indamiss_can_info.xml]). Recommendation 4: Evaluate whether the agency components within their departments could improve the efficiency of their FOIA processing by implementing each of the technology capabilities that they do not already have. Response: Concur. A successful FOIA program hinges on the technology that enhances productivity, especially when the majority of agency records arc electronic. To address these issues and in anticipation of a steady flow or potential increase in FOIA requests, in 2011 the Privacy Office established a technology action team to investigate options for an electronic FOIA solution for Department- wide deployment. The program that was ultimately adopted is scheduled to come online in September 2012 and will provide the technology tools required to reduce the Department's backlog of pending requests. Recommendation 5: Identify and evaluate potential approaches (e.g., enhancements to or replacement of existing systems) for enabling the electronic exchange of data between the FOIA processing systems of the agency components within their departments. Response: Concur. Recent OHS guidance has focused on the more effective use of existing FOIA resources. For example, a February 2012 policy memorandum issued by the OHS Chief FOIA Officer focused on streamlining the FOIA process through improved intra- and interagency collaboration. The memorandum encouraged DHS Components to seek and exploit opportunities to handle consultations more efficiently by sharing documents electronically, establishing guidelines or agreements with other agencies to handle particular information expeditiously and eliminating the need for consultation altogether through improved communication. Again, thank you for the opportunity to review and comment on this draft report. Technical comments were previously provided under separate cover. Please feel free to contact me if you have any questions. We look forward to working with you in the future. Sincerely, Jim H. Crumpacker: Director: Departmental GAO-OIG Liaison Office: [End of section] Appendix IV: Comments from the Department of Defense: Department of Defense: Freedom of Information Division: 1155 Defense Pentagon: Washington, DC 20301-1155: Ms. Valerie C. Melvin: Director, Defense Capabilities and Management: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Ms. Melvin, This is the Department of Defense response to the GAO Draft Report, GAO-12-828, "Freedom of Information Act: Additional Actions Can Strengthen Agencies' Efforts to Improve Management", dated July 2012 (GAO Code 310973). The Department concurs with all GAO recommendations. The enclosure provides comments on each of the five recommendations the Report presents. In addition, DoD has included comments submitted by individual services. The point of contact for this response within the Department of Defense Freedom of Information Division is Mr. Paul Jacobsmeyer, 571- 372-0479, or e-mail paul.jacobsmeyer@whs.mil. The Department of Defense Inspector General point of contact is Ms. Megan Reedy, 703-604- 8617, or e-mail megan.reedy@dodig.mil. If she is not available, please contact Mr. Luis A. Villalobos, 703-604-9620, or e-mail luis.villalobos@dodig.mil. Sincerely, Signed by: Will Kammer: Chief, FOID: Enclosure: As stated: [End of letter] Enclosure: Department of Defense Comments to the GAO Recommendations: GAO Draft Report Dated July 2012: GAO-12-828 (GAO Code 310973): "Freedom of Information Act: Additional Actions Can Strengthen Agencies' Efforts to Improve Management" Recommendation 1: Ensure that the agency components within their departments, as needed, take actions — report backlog status, redirect resources, change procedures, and negotiate to simplify requests — to reduce their backlogs of FOIA requests. DoD Response: Concur. Currently three of the four components subject to this report have taken definitive steps to comply with Executive direction to reduce FOIA backlogs. The remaining component has taken preemptive measures to address their backlog. The Department anticipates that the Annual Report, based on FY12, will continue to establish compliance with this recommendation. Department of the Navy Comment: DON has assembled a team of FOIA and system engineering experts to study the FOIA organization and workflow processes in DON to determine how resources might be redirected to improve process time, efficiency and effectiveness. Recommendation 2: Ensure that the agency components within their departments, as appropriate — conduct training, perform foreseeable harm analysis, complete reviews, comply with the Milner decision, and distribute guidance — to reduce their use of exemptions. DoD Response: Concur. The Department anticipates that an initial assessment of compliance with this recommendation may be feasible in conjunction with the fulfillment of the FY12 Annual Report. Despite Government-wide, budget driven cutbacks in training, the Department will continue to conduct Department-wide FOIA and Privacy training workshops. These workshops will continue to address the issues of this recommendation. Recommendation 3: Ensure that the agency components within their departments address the deficiencies in their FOIA libraries by making required categories of records easier to locate, clearly indicating when records in required categories do not exist, and expanding the content of FOIA libraries. Don Response: Concur. The Department will address the deficiencies listed on Table 2, p. 23 of the Report, NLT mid-year of FY13. Department of the Navy Comment: The formation of a consolidated DON FOIA Reading Room, and other initiatives mentioned below, may be subject to the availability of future funding. Recommendation 4: Evaluate whether the agency components within their departments could improve the efficiency of their FOIA processing by implementing each of the technology capabilities that they do not already have. DoD Response: Concur. All components will evaluate the technology gaps identified on Table 4, p. 31, NLT 30 June, 2013. Additionally, the Department is forming a technology working group to address options. Department of the Navy Comment: DON is currently expanding the use of a government owned e-FOIA tool across the DON that will significantly increase the technology capabilities considered to be best practices for processing and tracking FOIA requests. Recommendation 5: Identify and evaluate potential approaches (e.g., enhancements to or replacement of existing systems) for enabling the electronic exchange of data between the FOIA processing systems of the agency components within their departments. DoD Response: Concur. The Department will continue to evaluate potential enhancements enabling electronic exchange of data between FOIA processing systems through the use of Inteldocs as an electronic exchange mechanism within DoD. Department of the Navy Comment: DON is currently in the process of expanding the implementation of an e-FOIA tool that enables the electronic exchange of data between DON's FOIA processing systems. [End of section] Appendix V: Comments from the Department of Health and Human Services: Department of Health & Human Services: Office of The Secretary: Assistant Secretary for Legislation: Washington, DC 20201: July 24, 2012: Valerie C. Melvin, Director: Information Management and Technology Resources Issues: U.S. Government Accountability Office: 441 0 Street NW: Washington, DC 20548: Dear Ms. Melvin: Attached are comments on the U.S. Government Accountability Office's (GAO) report entitled, "Freedom of Information Act: Additional Actions Can Strengthen Agencies' Efforts to Improve Management" (GAO-12-828). The Department appreciates the opportunity to review this report prior to publication. Sincerely, Signed by: Jim R. Esquea: Assistant Secretary for Legislation: Attachment: [End of letter] General Comments Of The Department Of Health And Human Services (HHS) On The Government Accountability Office's (GAO) Draft Report Entitled, "Freedom of Information Act: Additional Actions Can Strengthen Agencies' Efforts To Improve Management" (GAO-12-828): The Department appreciates the opportunity to comment on this draft report. GAO Recommendations: The following are HHS's response to GAO's recommendations: To improve the management of FOIA processing, GAO recommends that the Secretaries of Department of Homeland Security (DHS), Department of Defense (DOD), and Health and Human Services (HHS) and the Attorney General direct their respective Chief FOIA Officers take the following five actions: Recommendation: Ensure that the agency components within their departments, as needed, take actions — report backlog status, redirect resources, change procedures, and negotiate to simplify requests—to reduce their backlog of FOIA requests. HHS Response: HHS concurs, and this is illustrative in the steps HHS has taken, as a whole, to improve its FOIA program, especially in its success in reducing its backlog. Significant backlog reductions have occurred in a number of major components in recent years. CMS, for example, has been especially successful in backlog reduction and implemented these, among other strategies, in response to the President's 2009 Open Government Directive, which directed agencies to take steps to reduce FOIA backlogs by 10 percent each year. CMS senior leadership championed the effort and ensured an agency-wide commitment to reducing the backlog. CMS leadership was provided weekly and monthly reports from the regions, central office staff, and the Task Force so they could conduct evaluations, measure performance, and make data driven decisions accordingly. The actions that contributed to its success included mobilizing resources and changing procedures. First, CMS, increased the resources devoted to RNA, by adding staff in its regions and hiring former staff as contractors in its central office. Second, CMS changed several procedures related to processing requests. For example, the FOIA office has given increased authority to its regions to provide information to requestors without a central review. Additionally, CMS implemented an electronic FOIA processing system in 2009 and has continued to refine the system. Recommendation: Ensure that the agency components within their departments, as appropriate--conduct training, perform foreseeable harm analyses, complete reviews, comply with the Milner decision, and distribute guidance--to reduce their use of exemptions. HUN Response: HHS concurs. HHS FOIA officials attended Department of Justice- sponsored training sessions and, in turn, provided in-house training to FOIA analysts on changes in case law and disclosure analysis. HHS agencies also conducted internal training and workgroups for its FOIA staff, regional office and internal components, and participated in HHS training sessions. The FOIA management elicited the support of program staff for training and clarity around complex program related issues, which enabled the FOIA staff to complete complex cases quicker. It is noted that while OS experienced increased its use of certain FOIA exemptions in the past two years, this corresponds to the major increase in FOIA requests processed over the same time period. CMS's average use of exemptions increased for the period studied; however, that was due to changes it made in processing requests for privacy information. Previously, these requests were held in the queue until it received the correct Health Insurance Portability and Accountability Act (HIPAA) authorization forms. In 2010, if the proper authorization was not received, CMS issued a full denial under Exemption (b)(6), and asked the requestor to submit a new request with the correct authorizations. When Exemption (b)(6) is excluded, CMS's change in its use of exemptions was less than 1 percent for the period studied. Recommendation: Ensure that the agency components within their departments address the deficiencies in their FOIA libraries by making required categories of records easier to locate, clearly indicating when records in required categories do not exist, and expanding the content of FOIA libraries. HHS Response: HHS concurs. HHS agencies have taken steps to make information available online, either in its FOIA library or elsewhere on the agency's website. CMS launched a redesign of the FOIA pages on CMS.gov to promote existing online resources and to clearly explain the FOIA request process. In addition to the proactive disclosure requirements mandated by FOIA, CMS has adopted the spirit of openness and transparency and identified records that are of sufficient public interest warranting automatic disclosure on the agency's website. A few examples are listed below: In March 2010, medicare.gov was redesigned in order to make information easier to find and to incorporate additional content. In addition, many of the online tools available on medicare.gov have been significantly enhanced. The Medicaid Plan Finder was launched in 2012 and merged two formerly separate tools. The medicare.gov quality tools, including Nursing Home Compare, Hospital Compare, Home Health Compare, and Dialysis Facility Compare, have been updated to include numerous new quality measures (which feed into our published datasets as noted below). Physician Compare was launched to incorporate new performance metrics required by Affordable Care Act (ACA), and the Supplier Directory has been updated to reflect the durable medical equipment competitive bidding program. All medicare,gov enhancements have incorporated user feedback and usability testing. In November 2011, CMS launched a new medicaid.gov website to improve public access to information about the Medicaid program and to allow for quicker updating of Medicaid program material to the web, In December 2011, CMS launched es.medicare.gov, the first 100 percent Spanish version of medicare.gov. While some material had been made available in other languages, for the first time, Spanish-speaking beneficiaries could access information that was translated from the English site in real. time. To increase access to and use of CMS datasets on hospitals, nursing homes, health plans and many other health care settings and subjects, CMS launched data.medicare.gov and data.cms.gov. Lastly, CMS launched the Medicare Blue Button, which allows beneficiaries to download their health and claims data. Recommendation: Evaluate whether the agency components within their departments could improve the efficiency of their FOIA processing by implementing each of the technology capabilities that they do not already have. HHS Response: HHS concurs. One HHS agency, CMS, has successfully piloted and is in the process of deploying a single tracking system to 21 Medicare Administrators Contractors by the end of the fiscal year. This will enable CMS to house and manage all FOIA requests in one unique tracking system. In addition, CMS will be able to generate periodic statistical reports once it is deployed. Recommendation: Identify and evaluate potential approaches (e.g., enhancements to/or replacement of existing systems) for enabling the electronic exchange of data between the FOIA processing systems of the agency components within their departments. HHS Response: HHS concurs. HHS is willing to explore electronic data exchange of FOIA processing systems. Additional Information on CMS's FOIA Efforts: CMS has one of the largest FOIA workloads in the Department, and it is committed to improving its FOIA performance and meeting the Administration's overall Open Government and transparency goals. Since 2009, CMS has put measures in place to respond to the Attorney General's guidelines that encouraged agencies to release records requested under FOIA, improve administration of their FOIA operations, and ensure timely disclosure of information to the public. As noted in the GAO draft report, CMS successfully reduced its backlog in fiscal year (FY) 2010 and FY 2011, exceeding the Executive Branch's 10 percent reduction goal. To support this effort, CMS engaged senior leadership across the agency and established a sense of urgency, importance, and expectations to enhance accountability for the accomplishment of this work. CMS reengineered the way its processes FOIA requests and nearly doubled the resources committed to FOIA, bringing on board FOIA professionals with extensive CMS experience and increasing regional staffing. In addition, CMS redesigned its website to make information more accessible and it continues to work with its program offices to identify information that can be posted to the Internet. CMS also further refined its FOIA electronic tracking system and deployed electronic redaction software to all FOIA analysts. CMS recognizes that in order to fully implement Open Government and transparency initiatives, it has to view its efforts as a marathon rather than a sprint. CMS is now focusing on longer term strategies to manage its FOIA workload, so that it can sustain and improve both the timeliness of its FOIA responses and the quality of its interactions with the general public regarding CMS requested information. [End of section] Appendix VI: Comments from the Department of Justice: U.S. Department of Justice: Office of Information Policy Suite 11050: 1425 New York Avenue, NW: Washington, DC 20530-0001: Telephone: (202) 514-3642: July 23, 2012: Ms. Valerie C. Melvin: Director: Information Management and Technology Resources Issues: Government Accountability Office: Washington, D.C. 20548: Dear Ms. Melvin: Thank you for the opportunity to review and comment on the draft Government Accountability Office (GAO) report entitled, "Freedom of Information Act: Additional Actions Can Strengthen Agencies' Efforts to Improve Management." Attorney General Holder's FOIA Guidelines issued on March 19. 2009 implement the high standards of open government called for in President Obama's FOIA Memorandum and mark the first time an Attorney General has directed agencies to ensure that they have "an effective system for responding to FOIA requests" and that they use modern technology in their administration of the FOIA. Since the issuance of the Attorney General's Guidelines, the Department of Justice and agencies across the government have focused on improving their FOIA process to increase efficiencies and to utilize technology to provide greater access to information. The Department appreciates GAO's work in conducting this review, which reinforces the importance of agencies' efforts these past three years. The Department is also pleased that GAO was able to use the features provided on FOIA.gov to conduct its review and produce this report. One of the purposes of developing FOIA.gov was to present Annual FOIA Report data in new, innovative ways that shed further light on agency compliance with the FOIA and assist agencies in identifying areas of improvement. The draft GAO report contains live Recommendations for Executive Action which arc restated below in bold text and are followed by our response. To improve the management of FOR processing [GAO] recommends that the Secretaries of DHS, DOD, and HHS and the Attorney General direct their respective Chief FOIA Officers take the following five actions: 1. Ensure that the agency components within their departments, as needed, take actions--report backlog status, redirect resources, change procedures, and negotiate to simplify requests--to reduce their backlogs of FOIA requests. OIP agrees with GAO's recommendation that any agency or agency component that has a backlog of pending FOIA requests should take actions to help reduce its backlog. Backlog reduction has long been a focus of OIP. Indeed, it is OIP that established the requirement for all agencies to report on any backlogs of requests or appeals in their Annual FOIA Reports. Moreover, President Obama's FOIA Memorandum and Attorney General Holder's FOIA Guidelines emphasize the importance of improving timeliness in responding to requests. Reducing agency backlogs is a key aspect of that effort. As detailed in OIP's guidance on implementing the President's and the Attorney General's FOIA Memoranda, all agencies, particularly those with a large volume of requests or a large backlog, must examine their approaches to providing information to requesters in order to look for ways to be able to respond to requests more promptly. OIP has encouraged agencies to take actions such as those noted in GAO's recommendation, as well as others, and has held agencies accountable for making these types of efforts through their Chief FOIA Officer Reports. In those reports OIP has asked agencies to describe their efforts to reduce backlogs and improve timeliness in responding to requests. In 2010, OIP issued a summary of the first Chief FOIA Officer Reports submitted by agencies with findings and guidance for improvement. This summary included guidance on backlog reduction. After reviewing all of the Chief FOIA Officer Reports again last year, OIP conducted an assessment of the efforts made by the Executive Departments, including whether they reduced their backlogs, closed their ten oldest pending requests, or made other efforts that would contribute to more timely responses to requests. In April 2012, OIP issued guidance to all agencies emphasizing the importance of closing their ten oldest pending requests, which is a distinct backlog reduction goal instituted by OIP to ensure that agencies are answering the President's and the Attorney General's call to respond to requests promptly. By systematically closing their ten oldest requests every year, agencies will reduce the age of the government's backlog and eliminate those requests that have been lingering for years. OIP will continue to build on these efforts to encourage agencies to take steps towards reducing their backlogs, including the age of their oldest requests and appeals. Many agencies, including components of the Department of Justice, have taken multiple measures to reduce their backlogs, such as providing updated status reports to managers and high level officials within the agency, redirecting resources, changing procedures to be more efficient, and negotiating with requesters to simplify requests. Indeed, OIP issued guidance to all agencies on the importance of good communication with requesters and the benefits of negotiating the scope of a request. As discussed with GAO during its review, OIP has taken all of these actions in an effort to reduce its own backlog. Nevertheless, some agencies have experienced additional challenges outside of their control such as significant losses in staff and large increases in incoming FOIA requests, as well as increases in the complexity of those requests, which has made it more difficult to achieve backlog reduction goals. Despite these challenges, this past fiscal year, the Department of Justice reduced its overall backlog of pending requests by 26%, over double the Department's targeted goal of 10%. In addition to the types of actions recommended by GAO, OIP has provided guidance to agencies on other efforts that can help improve FOIA administration. For example, OIP has issued proven best practices for agencies to follow in implementing the Attorney General's FOIA Guidelines. Further, shortly after the submission of the Fiscal Year 2011 Annual FOIA Reports, and as agencies were finalizing their 2012 Chief FOIA Officer Reports, OIP issued guidance encouraging agencies to hold FOIA conferences to reflect on the results of those reports and to identify potential areas of improvement, At the Department of Justice, OIP held its FOIA conference with representatives from each of the Department's components. Additionally, OIP works closely with the Department's components throughout the year to make sure that progress is being made in all areas of FOIA administration, including reducing components' backlogs and closing their ten oldest pending requests. OIP has assigned an attorney to serve as a liaison to each component. In addition to providing guidance on specific FOIA issues, the liaison works with the component to keep track of their progress in areas that have been identified for improvement based on the prior year's Annual FOIA Report. OIP will continue to hold FOIA conferences and work with components to help identify ways to reduce backlogs and further improve the Department's FOIA administration. In yet another effort to improve FOIA administration, and as reported in the Department's most recent Open Government Plan, OIP will soon mandate the reporting of key FOIA statistics by all agencies on a quarterly basis. Not only will this provide the public with more timely access to important FOIA data, it will assist agencies and agency components in actively assessing their backlogs and taking appropriate measures to reduce them. 2. Ensure that the agency components within their departments, as appropriate--conduct training, perform foreseeable harm analyses, complete reviews, comply with the Milner decision, and distribute guidance--to reduce their use of exemptions. The Attorney General's Guidelines strongly encourage agencies to make discretionary releases of information, to not withhold information simply because it is technically exempt from disclosure, and to apply a foreseeable harm analysis before withholding records. The Supreme Court, in its decision in Milner v. Department of the Navy, significantly narrowed the scope of Exemption 2 of the FOIA. OIP agrees that agencies should take steps to ensure that they arc both making discretionary releases of information in accordance with the Attorney General's Guidelines and that they are applying Exemption 2 in accordance with the Milner decision. OIP has distributed extensive guidance to all Department of Justice components and agencies across the federal government on the President's and the Attorney General's FOIA Memoranda, including how to apply the presumption of openness and perform a foreseeable harm analysis. OIP also issued extensive guidance on the legal requirements of Exemption 2 of the FOIA after the Supreme Court's narrowing of Exemption 2 in Milner v. Department of the Navy. OIP's guidance contained a thorough discussion of the ruling in Milner, the new contours of Exemption 2. possible alternatives, and the importance of applying the foreseeable harm standard, Additionally, OIP has provided numerous training opportunities on both of these topics, which have been attended by thousands of FOIA professionals across the government. OIP's guidance and much of its training materials are available on its website for access at anytime. OIP also provides a FOIA counselor service that agencies can use to discuss any FOIA questions they might have with an experienced OIP attorney. Each year since the Attorney General's FOIA Guidelines were issued, OIP has encouraged agencies to distribute guidance on implementing the new Guidelines and to conduct or send their FOIA professionals to training events. Through the agency Chief FOIA Officer Reports, OIP has held agencies accountable for distributing guidance, participating in training activities, and having a procedure in place for making discretionary releases. As noted above, in 2010, OIP issued a summary of agencies' first Chief FOIA Officer Reports with findings and guidance for improvement. Among many other things, OIP's findings addressed agencies' efforts in applying the presumption of openness by distributing guidance. attending or conducting training, and having a system in place for making discretionary releases. For example, OIP found a strong correlation between agencies that made discretionary releases and those agencies that had added a step to their administrative process to affirmatively evaluate whether a discretionary release is possible. Accordingly. OIP encouraged those agencies that had not yet included a formal procedure in the FOIA process for considering a discretionary release to make this improvement in their FOIA process. In 2011. OIP once again reviewed all agencies' Chief FOIA Officer Reports and assessed the Executive Departments on the progress they made in these areas. OIP will continue to build on all of these efforts to help ensure that agencies arc working in compliance with the legal requirements of the FOIA, and are implementing the President's and Attorney General's FOIA Memoranda. 3. Ensure that the agency components within their departments address the deficiencies in their FOIA libraries by making required categories of records easier to locate, clearly indicating when records in required categories do not exist, and expanding the content of FOIA libraries. As indicated in Table 2 of GAO's draft report, the FOIA Libraries of the Department of Justice components that GAO reviewed already all contain the material that agencies are required to post online. Nonetheless. OIP agrees that all agencies should actively assess their FOIA Libraries to ensure that they are complete and updated. OIP also agrees that agency FOIA Libraries should be organized in a way that is most useful to the communities that most frequently engage the agency. For example, OIP recently redesigned its FOIA Library to make the information and guidance it provides more user-friendly and easier to locate. The new FOIA Library separates documents into two functional categories: Operational Documents and FOIA-Processed Documents. OIP's website explains to the public that operational documents include policy statements, staff manuals, final opinions and orders, and that FOIA-processed documents are those records that have been disclosed, in full or in part, in response to a FOIA request and have either been frequently requested or have been determined to likely he of interest to the public. OIP is working with all of the Department's components to similarly organize their FOIA Libraries in a format that will he most useful for the public. Moreover, as GAO notes, OIP has issued extensive guidance to agencies on the affirmative disclosure obligations of the FOIA and the efficiencies that can be achieved by posting information online. OIP plans to issue additional guidance in the upcoming months on proactive disclosures and the maintenance of agency FOIA Libraries. 4. Evaluate whether the agency components within their departments could improve the efficiency of their FOIA processing by implementing each of the technology capabilities that they do not already have. OIP agrees that all agencies should actively consider whether they have an effective system in place for responding to requests and whether improvements in technology can increase the efficiency of their FOIA processing. The President's FOIA Memorandum and the Attorney General's FOIA Guidelines focus on the use of technology and the importance of ensuring that an effective system is in place for agencies to respond to requests. OIP has encouraged agencies to look for improvements that can be made in FOIA administration by greater use of technology and agencies have been taking a variety of steps to greater utilize technology. As part of their Chief FOIA Officer Reports, OIP has required agencies to address their use of technology and the steps taken to increase efficiencies. In 2010, OIP conducted the first-ever survey to ascertain the extent to which agencies were utilizing technology for core FOIA tasks such as receiving requests electronically, processing requests using technology, and preparing the Annual FOIA Report electronically. In that first year agencies reported overwhelmingly that they were utilizing technology for those functions. OIP in turn made findings and issued guidance on these areas in its 2010 summary of the Chief FOIA Officer Reports and subsequently scored the Executive Departments on their progress in these areas in its 2011 assessment. As illustrated in Table 4 of GAO's draft report, with the exception of one capability that two components reported currently not having, the Department of Justice components that GAO reviewed have already implemented the technology capabilities that GAO focused on during its review. Although the Bureau of Prisons (BOP) and the Executive Office for Immigration Review (EOIR) currently do not provide online tracking for the status of requests, BOP is planning to have this capability by October 2012 and EOIR is in the process of exploring this option. OIP has, and will continue to, encourage agencies to actively evaluate their FOIA processes to identify potential improvements that can be made to increase efficiencies, particularly in the area of new technology. Additionally, in an effort to assist agencies, including components of the Department of Justice, to increase the efficiency of their FOIA process. OIP has convened a FOIA Technology Working Group that provides a forum for agencies to exchange ideas and experiences in utilizing existing technologies that can improve FOIA administration. Dosing the Group's meetings, agencies discuss various tools and applications such as document management software that can assist with the search and review process, shared platforms that allow for simultaneous review and comment on records, and electronic capabilities that automatically identify duplicative material. One of the most common delays in the processing of FOIA requests across the government is the time spent by FOIA personnel searching for, de-duplicating, and conducting initial responsiveness reviews on records, much of which is done by hand or by using off-the-shelf software with limited capabilities for advanced document review and redaction. A promising development for improving the efficiency of this very time-consuming process is the use of document management software that allows for more efficient processing of large volumes of material. OIP and several of the Department's components have already begun utilizing this type of-software to more quickly respond to requests involving voluminous records. Moreover, the Department is developing a pilot program to assess the business case for leveraging existing "e-discovery" tools for FOIA purposes. The Department is also researching new technologies that will substantially improve the efficiency of the FOIA consultation process by allowing multiple components and agencies to review and comment on records simultaneously. OIP and the Department will continue to build on these efforts to ensure that all agencies have an effective system in place for processing FOIA requests and that agencies are considering the potential benefits of improvements in the use of technology, including the capabilities considered by GAO, as well as a wide range of other promising technologies that can increase efficiencies. Of course, in these times of limited resources, agencies will necessarily need to carefully weigh the costs and benefits of any new technology and identify those improvements that make the most sense for their FOIA program and community of requesters. 5. Identify and evaluate potential approaches (e.g., enhancements to or replacement of existing systems) for enabling the electronic exchange of data between the FOIA processing systems of the agency components within their departments. As indicated above. OIP agrees that agencies should actively look for and weigh the costs and benefits of new approaches in technology that have the potential of increasing the efficiency of their FOIA process. Several agencies reported making such improvements in their 2012 Chief FOIA Officer Reports by adopting agency-wide processing systems that allowed for information and data to he more easily shared between their offices. Similarly, OIP has made improvements to its data exchange capabilities and will continue to explore potential approaches for further enhancing the electronic exchange of data between components of the Department. If you have any questions regarding this response, you or your staff may contact me at (202) 616-5488. Sincerely, Signed by: Melanie Ann Pustay: Director: [End of section] Appendix VII: Comments from the National Archives and Records Administration: National Archives: National Archives and Records Administration: 8601 Adelphi Road: College Park, MD 20740-5001: [hyperlink, http://www.archives.gov] July 20, 2012: Via email: BirdM@gao.gov. Mark T. Bird: Assistant Director: Information Management and Technology Resources Issues: United States Government Accountability Office: 44 G Street, NW: Washington, DC 20548: Dear Mr. Bird, Thank you for the opportunity to review and comment on draft report GA0-12-828, Freedom of Information Act: Additional Actions Can Strengthen Agencies' Efforts to Improve Management. NARA appreciates the opportunity to review and comment on this helpful report. As the draft report recognizes, in addition to the responsibility given in the Freedom of Information Act to the Department of Justice, the 2007 amendments to the FOIA gave NARA's Office of Government Information Services (OGIS) responsibility "to oversee and assist agencies in implementing FOIA." OGIS began operations only in September 2009, subsequent to the Attorney General's FOIA guidance of March 2009 that the draft report uses as a reference point in assessing agency FOIA implementation. Although OGIS has been able to identify useful technological capabilities and best practices for agencies, as noted in the draft report, the office has limited resources to carry out its multi-prong mission. Thus, the GAO review of certain aspects of FOIA implementation by the Departments of Homeland Security (DHS), Defense (DOD), Justice (DOA and Health and Human Services (HHS) and selected components will greatly assist OGIS in its review activities. The draft report highlights factors that can make a critical difference in the success of agencies in making available the records that they are required to disclose under subsection (a)(2) of the FOIA. As the report notes that even when records are posted, members of the public (and agency personnel) often find it difficult to locate those publicly available records whether on agency FOIA web sites or other agency sites. Rather than reducing the need for FOIA requests, the lack of readily accessible records also adds to FOIA backlogs and increases administrative costs. The draft also points out the lost opportunities for agencies to take advantage of technology to improve their efficiencies in processing requests, including the electronic capture of data for internal management and annual reporting. Although OGIS along with the Environmental Protection Agency and Department of Commerce have identified the capabilities that agencies need to comply with FOIA requirements, GAO found that the agencies reviewed in its audit use different FOIA processing systems that do not electronically exchange data, which necessitates manual exchanges of information among agencies to process FOIA requests." Not using shared systems with interoperability also means that the process of referrals and consultations is more cumbersome than it should be. NARA hopes that the FOIA Module, the multi-agency FOIA processing and tracking system sponsored by NARA, EPA and Commerce that will launch on October 1, 2012 will lead the way in providing a shared service that has the capabilities identified by the draft report. Technical comments this information, have been sent under separate cover. If you have questions regarding please contact Mary Drak by email at mary.drak@nara.gov or by phone at 301-837-1668. Signed by: David S. Ferriero: Archivist of the United States: [End of section] Appendix VIII: GAO Contact and Staff Acknowledgments: GAO Contact: Valerie C. Melvin, (202) 512-6304 or melvinv@gao.gov: Staff Acknowledgments: In addition to the contact named above, Mark Bird (assistant director), Heather A. Collins, Nancy Glover, Glenn Spiegel, and Freda Paintsil made key contributions to this report. [End of section] Footnotes: [1] 5 U.S.C. § 552. [2] Memorandum for Heads of Executive Departments and Agencies: The Freedom of Information Act (FOIA), (Washington, D.C.: March 19, 2009). [3] For all agencies, the central FOIA office and the three agency components collectively accounted for at least half of FOIA requests received by its parent agency (at least 90 percent for both DHS and HHS). [4] FOIA requires agencies to make certain categories of records available to the public for "inspection and copying." Traditionally, most agencies had established physical reading rooms, where the public could have access to these records. However, the e-FOIA amendments of 1996 required agencies to post this information online, and as a result, some agencies have begun to phase out their physical reading rooms. [5] P.L. 110-175 (Dec. 31, 2007). [6] The typical 20-day time period may be extended in "unusual circumstances," such as when requests involve a voluminous amount of records or require consultation with another agency. [7] Justice's implementing guidance instructs agencies that when a record is disclosed in response to a FOIA request, the agency is required to determine whether the record has been the subject of multiple FOIA requests (i.e., two or more additional requests) or, in the agency's best judgment based on the nature of the records and the types of requests regularly received, is likely to be the subject of multiple requests in the future. [8] OIP's 1998 Guidance is found in: "Electronic FOIA Amendments Implementation Guidance Outline," FOIA Update, Vol. XIX, No. 1 (Winter 1998) [hyperlink, http://www.justice.gov/oip/foia_updates/Vol_XIX_1/xixpage3.htm], and "Recommendations for FOIA Web Sites," FOIA Update, Vol. XIX, No. 3 (Summer 1998) [hyperlink, http://www.justice.gov/oip/foia_updates/Vol_XIX_3/xix3page3.htm]. Because the disclosure of these required categories of records had historically been made through a physical reading room, the expanded online access provisions, including frequently requested records and other required elements, have commonly come to be called "electronic reading rooms." Recently, OIP has encouraged agencies to use the term "FOIA library" in lieu of "electronic reading room." [9] Executive Order 13392, Improving Agency Disclosure of Information (Washington, D.C.: Dec. 14, 2005). [10] Department of Justice, Executive Order 13392 Implementation Guidance (posted Apr. 27, 2006). See [hyperlink, ttp://www.justice.gov/archive/oip/foiapost/2006foiapost6.htm]. [11] In a Privacy Act request, a requester can ask for information on himself or herself held by a federal agency. [12] Presidential Memorandum of Jan. 21, 2009, Transparency and Open Government. [13] Presidential Memorandum of Jan. 21, 2009, Freedom of Information Act. [14] Referrals involve referring the responsive record to the originating agency for its disclosure determination and direct response to the FOIA requester. Consultations involve consulting with the originating agency before making a direct FOIA response to the requester. [15] Factors that increase the complexity of a request include the volume of information involved, the number of offices that might have responsive documents, the extent to which the information is technical or difficult to understand, and the need to communicate with third parties, such as other agencies or owners of possible proprietary information. [16] Some FOIA requests are closed before reaching this stage, for example, if no responsive documents can be found, if all responsive documents originated with another agency and were referred to that agency for processing, or if after being notified of fees, the requester is unwilling to pay the estimated fees. [17] GAO, Freedom of Information Act: Processing Trends Show Importance of Improvement Plans, [hyperlink, http://www.gao.gov/products/GAO-07-441] (Washington, D.C.: Mar. 30, 2007). [18] GAO, Freedom of Information Act: Agencies Are Making Progress in Reducing Backlog, but Additional Guidance Is Needed, [hyperlink, http://www.gao.gov/products/GAO-08-344] (Washington, D.C.: Mar. 14, 2008). [19] GAO, Freedom of Information Act: DHS Has Taken Steps to Enhance Its Program, but Opportunities Exist to Improve Efficiency and Cost- Effectiveness, [hyperlink, http://www.gao.gov/products/GAO-09-260] (Washington, D.C.: Mar. 20, 2009). [20] Two components with small backlogs had a small increase in the number of their FOIA requests; ICE's backlog increased from 10 requests to 18 and EOIR's increased from 183 to 205. [21] The Obama Administration's Commitment to Open Government: A Status Report, (Washington, D.C., 2011). [22] Milner v. Department of the Navy, 131 S. Ct. 1259 (2011). [23] These three changed by 1 percent or less. [24] Because numbers of responses vary from year to year, we examined the ratio of exemptions to requests (that is, what proportion of requests a given exemption was applied to) for the years 2009-2011. [25] This figure is calculated based on requests that were granted in full, partially granted, or denied and does not include requests denied for reasons other than exemptions. [26] See Attorney General's Report to the President Pursuant to Executive Order 13392, Entitled "Improving Agency Disclosure of Information" (Washington, D.C.: May 30, 2008). In this report, the Attorney General recommended that all agency Chief FOIA Officers review and certify to Justice and OMB that their agency FOIA libraries are in compliance with FOIA. [27] For example, Navy's final opinions can be found on a website maintained by the Navy Judge Advocate General and USCIS's final opinions can be found on a website maintained by its Administrative Appeals Office. [28] For example, USCIS and Navy do not provide direct links to the websites that contain agency final opinions or administrative staff manuals. [29] As also noted by Air Force, records subject to privacy-related exemptions are not posted. [30] A FOIA log is a listing of FOIA requests that have been made to the agency or agency component. [31] These are: Business Transformation Agency; Defense Advanced Research Projects Agency; Defense Human Resources Division; Defense Media Activity; Defense Microelectronics Agency; Defense Security Cooperation Agency; Missile Defense Agency; and Washington Headquarters Services, Acquisition and Procurement Office. [32] CMS FOIA officials noted that this database is currently limited to data from the last three years, so it does not yet meet the needs of individuals looking for more comprehensive data. [33] In addition to FOIA, FDA is statutorily required to post certain information online under the Food and Drug Administration Amendments Act of 2007. [34] The categories that did not contain any records were "Sexual Harassment in the Army," "Discrimination and Racial Conflict," and "WWII Chemical Warfare Services Records;" the categories that contained one record included "Intelligence Documents," "Intelligence Services," "Flights to Cambodia," "Congressional Correspondence/Matters," and "Miscellaneous." [35] Although Army's most recent document dates to June 2, 2011, an Army official stated that it has posted documents to the FOIA library since June 2, 2011. The official stated that Army's search engine indexes the creation date of the document, not the date it was posted. [36] In August 2009, DHS's Chief FOIA Officer issued a memorandum requiring all DHS components to post several additional categories of records to their FOIA libraries, including historical and daily schedules of the most senior agency officials, executed contracts and grants, and FOIA logs, since they are often the subject of FOIA requests. [37] The capability to assign a request tracking number and track the status of requests is a requirement under the OPEN Government Act. [38] As identified in Chief Information Officers Council, A Practical Guide to Federal Enterprise Architecture, version 1.0 (February 2001) and GAO, Organizational Transformation: A Framework for Assessing and Improving Enterprise Architecture Management (version 2.0), [hyperlink, http://www.gao.gov/products/GAO-10-846G] (Washington, D.C.: August 2010). [39] Referrals involve referring the record to the originating agency for its disclosure determination and direct response to the FOIA requester. Consultations involve consulting with that originating agency before responding directly to a FOIA request. [40] GAO, Freedom of Information Act: Key Website Is Generally Reliable, but Action Is Needed to Ensure Completeness of Its Reports, [hyperlink, http://www.gao.gov/products/GAO-12-754] (Washington, D.C., June 28, 2012). [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E-mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548.