From the U.S. Government Accountability Office, www.gao.gov Transcript for: Comptroller General Testifies to U.S. House on GAO's 2015 High Risk List Description: In his February 11, 2015, testimony to the U.S. House of Representatives, Comptroller General Gene Dodaro provides an update of GAO's 2015 High Risk List. Related GAO Work: GAO-15-290: High-Risk Series: An Update; GAO-15-371T: GAO’s 2015: High-Risk Series: An Update; and GAO-15-373T: GAO’s 2015: High-Risk Series: An Update Released: February 2015 [First Screen] [Silence] Committee on Oversight and Government Reform, House of Representatives [Second Screen] [Silence] Updating GAO's High Risk List [Third Screen] [Silence] Comptroller General Gene Dodaro's Opening Statement February 11, 2015 [ Gene Dodaro: ] Thank you very much Mr. Chairman. Good afternoon to you, Ranking Member Cummings, all the members of the committee. I'm very pleased to be here today to discuss GAO's latest high-risk update. We do this with the beginning of each new Congress to identify areas we believe are at highest risk of fraud, waste, abuse, and mismanagement in the federal government or in need of broad-based transformation. Our report today discusses solid, steady progress in most of the 30 high-risk areas that we've had on the list since our last update in 2013. Of the--all the areas we rate according to five criteria to get off the high-risk list. You have to have leadership commitment, top-level attention, you have to have the capacity, the resources and the people with the right skills to be able to fix the problem. You have to have a good corrective-action plan that addresses root cause, a good monitoring effort within our own milestones and metrics that gauge progress, and you have to demonstrate that you're actually fixing the problem. You don't have to be 100 percent fixed, but we have to be convinced that we're on the right path to rectifying the problem, and reducing the risk and eliminating waste, and improving government services. Of the 30 areas, 18 have at least partially met all five criteria, and 11 of those 18 have at least fully met one or more of the criteria, and partially met the others. In two areas, we're recognizing progress so that we're narrowing the scope of the high-risk area. First is on FDA's oversight of medical devices. We are pleased with their efforts to get the recall process under better control and discipline, and also to have a good process to review the applications for new devices in a more risk-based approach. We're still concerned about their need to oversee the global marketplace for medical products and drugs. 80 percent of the ingredients of active drugs come from other countries, about 40 percent of finished drugs, about half the medical devices, so they need to do more there. And also to address drug shortage issues. Secondary is contract management. We believe the Department of Defense has focused more attention at top leadership on contracting tools and techniques and reducing the risk associated with undefinitized contracts, where they start contract work without having a clear agreement with the contractor or they're using time and materials, which is a risky contract approach rather than having deliverables. They still have to improve their areas that, in their acquisition workforce, service acquisitions, and improve their use of contracting in the operational environments to support military operations in theater. We are adding two new areas to the high-risk list this year. First is VA's provision of healthcare service for veterans. We're very concerned about this area. There are five fundamental problems that we've identified: ambiguous policies, inconsistent processes, inadequate oversight and monitoring of the activities, IT challenges, inadequate training of staff, and unclear resource needs and allocations. Congress has passed legislation recently to give them additional 15 billion dollars to help address this problem. That legislation has to be implemented properly. We have over 100 recommendations that we've made to VA that have yet to have been fully implemented, so this is narrated, needs congressional oversight and continued attention. Second, are IT acquisitions and operations across the federal government. Too often, the federal government, and we enumerate this in our report, there's a litany of efforts that have failed after spending hundreds of millions of dollars, or in the case of billions of dollars in many years, they're terminated. There's a longer list of problems where their costs overrun schedule slippages or they fail to deliver the promised functionality and make improvements in the programs that they're supposed to in delivering of services. Here again, the Congress has passed legislation late last year. This committee was instrumental in passing the legislation of Federal Information Technology Reform Act to give CIO's additional authority. Put in place better practices, they have more disciplined approaches to IT management. Here again, just in the last 5 years alone, we've made 737 recommendations, only 23 percent have been fully implemented. So we believe this is a critical area. We're also expanding two areas in the administration, the tax area, we've been focused on the tax gap, which at last count was $385 billion. We're expanding that to include identity theft, and the IRS was able, last year, to stop about $24 billion in fraudulent returns, potentially, but they missed, by their own estimates, about $5.8 billion. We've got some fixes to this we can talk about in the Q&A. We're also expanding cyber security and critical infrastructure protection to include privacy issues. Initially, we designated computer security across the entire federal government, the first time we ever did that, in 1997. We added critical infrastructure protection, because most of the computer assets are in the private sector hands in 2003. Now, there's a lot more incidents involving personally-identifiable information, the number of incidents have doubled over the last 5 years. A privacy law was passed in 1994, it's sorely in need of updating, and we have a number of other recommendations to protect this sensitive information. American people deserve for their information to be protected properly while we're addressing the cyber security issues. I thank you for the opportunity to be here today, and look forward to answering your questions. [Last Screen] [Silence] GAO logo www.gao.gov/highrisk