http://www.gao.gov/docsearch/repandtest.html Tue, 24 Nov 2009 12:25:48 +0100 FeedCreator 1.7.2-ppt http://www.gao.gov/images/title_object.jpg http://www.gao.gov/ http://www.gao.gov/pdfs/GAO-10-60?source=ra As a result of internal control deficiencies discussed in GAO's 2007 report on certain contracts at the Centers for Medicare and Medicaid Services (CMS), GAO was asked to identify the extent to which CMS (1) implemented effective control procedures over contract actions, and (2) established a strong control environment for contract management. GAO used a statistical random sample of 2008 CMS contract actions (including contract awards and modifications) to assess CMS internal control procedures. The results were projected to the population of 2008 CMS contract actions. GAO also determined the extent to which CMS implemented recommendations GAO made in 2007 to improve internal control over contracting and payments to contractors. GAO reviewed contract file documentation and interviewed senior acquisition management officials. Pervasive deficiencies in CMS contract management internal controlincrease the risk of improper payments or waste. Specifically, based on our statistical random sample of 2008 CMS contract actions, GAO estimates that at least 84.3 percent of fiscal year 2008 contract actions contained at least one instance where a key control was not adequately implemented. GAO also estimates that at least 37.2 percent of fiscal year 2008 contract actions had three or more instances in which a key control was not adequately implemented. The contract actions GAO evaluated were generally subject to the Federal Acquisition Regulation. For example, CMS used cost reimbursement contracts without first ensuring that the contractor had an adequate accounting system. Also, project officers did not always certify invoices for payment. These deficiencies were due in part to a lack of agency-specific policies and procedures to help ensure proper contracting expenditures. These control deficiencies also stem from a weak overall control environment as characterized primarily by inadequate strategic planning for staffing and funding resources. CMS also did not accurately capture data on the nature and extent of its contracting, which hinders CMS's ability to manage its acquisition function by identifying areas of risk, due to a lack of quality assurance procedures over data entry. CMS also has not substantially addressed seven of the nine recommendations made by GAO in 2007 to improve internal control over contracting and payments to contractors. For example, CMS has not made progress in clarifying the roles and responsibilities for implementing certain contractor oversight responsibilities and, as of July 2009, CMS still had a backlog of contacts that were overdue for closeout, putting CMS at increased risk of not identifying or recovering improper payments or waste. The continuing weaknesses in contracting activities and limited progress in addressing known deficiencies will continue to put billions of taxpayer dollars at risk of improper payments or waste. Tue, 24 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-30?source=ra Recent congressional initiatives seek to focus funds for certain federal social programs on interventions for which randomized experiments show sizable, sustained benefits to participants or society. The private, nonprofit Coalition for Evidence-Based Policy undertook the Top Tier Evidence initiative to help federal programs identify interventions that meet this standard. The Government Accountability Office (GAO) was asked to examine (1) the validity and transparency of the Coalition's process, (2) how its process compared to that of six federally supported efforts to identify effective interventions, (3) the types of interventions best suited for assessment with randomized experiments, and (4) alternative rigorous methods used to assess effectiveness. GAO reviewed documents, observed the Coalition's advisory panel deliberate on interventions meeting its top tier standard, and reviewed other documents describing the processes the federally supported efforts had used. GAO reviewed the literature on evaluation methods and consulted experts on the use of randomized experiments. The Coalition generally agreed with the findings. The Departments of Education and Health and Human Services provided technical comments on a draft of this report. The Department of Justice provided no comments. The Coalition's Top Tier Evidence initiative criteria for assessing evaluation quality conform to general social science research standards, but other features of its overall process differ from common practice for drawing conclusions about intervention effectiveness. The Top Tier initiative clearly describes how it identifies candidate interventions but is not as transparent about how it determines whether an intervention meets the top tier criteria. In the absence of detailed guidance, the panel defined sizable and sustained effects through case discussion. Over time, it increasingly obtained agreement on whether an intervention met the top tier criteria. The major difference in rating study quality between the Top Tier and the six other initiatives examined is a product of the Top Tier standard as set out in certain legislative provisions: the other efforts accept well-designed, well-conducted, nonrandomized studies as credible evidence. The Top Tier initiative's choice of broad topics (such as early childhood interventions), emphasis on long-term effects, and use of narrow evidence criteria combine to provide limited information on what is effective in achieving specific outcomes. The panel recommended only 6 of 63 interventions reviewed as providing "sizeable, sustained effects on important outcomes." The other initiatives acknowledge a continuum of evidence credibility by reporting an intervention's effectiveness on a scale of high to low confidence. The program evaluation literature generally agrees that well-conducted randomized experiments are best suited for assessing effectiveness when multiple causal influences create uncertainty about what caused results. However, they are often difficult, and sometimes impossible, to carry out. An evaluation must be able to control exposure to the intervention and ensure that treatment and control groups' experiences remain separate and distinct throughout the study. Several rigorous alternatives to randomized experiments are considered appropriate for other situations: quasi-experimental comparison group studies, statistical analyses of observational data, and--in some circumstances--in-depth case studies. The credibility of their estimates of program effects relies on how well the studies' designs rule out competing causal explanations. Collecting additional data and targeting comparisons can help rule out other explanations. GAO concludes that (1) requiring evidence from randomized studies as sole proof of effectiveness will likely exclude many potentially effective and worthwhile practices; (2) reliable assessments of evaluation results require research expertise but can be improved with detailed protocols and training; (3) deciding to adopt an intervention involves other considerations in addition to effectiveness, such as cost and suitability to the local community; and (4) improved evaluation quality would also help identify effective interventions. Mon, 23 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-115?source=ra Built in 1943, the Kansas City Plant (KCP)--the National Nuclear Security Administration's (NNSA) primary production plant for manufacturing nonnuclear components of nuclear warheads and bombs--is to be modernized because of its age and the high cost of maintenance and operation. Among other changes, NNSA plans to relocate KCP to a new facility and increase components obtained from external suppliers from about 54 to 70 percent. KCP's continued supply of these components is essential for maintaining a reliable nuclear weapons stockpile. GAO was asked to determine (1) how KCP developed plans for modernization, (2) actions KCP has taken to ensure uninterrupted production of components, and (3) actions KCP has taken to address the risks of outsourcing. GAO reviewed planning documents and met with officials from NNSA, KCP, and Sandia National Laboratories, which designs many of the components produced at KCP. KCP evaluated several alternatives on behalf of NNSA to modernize its facility based on whether the alternative (1) was consistent with NNSA's goals for maintaining a smaller facility for producing nuclear weapons and one that could quickly adapt to change, (2) met NNSA's commitments to Congress to operate a new facility by 2012, and (3) minimized costs and implementation risks. Based on KCP's analyses of alternatives, NNSA chose to have a private developer build a new building in Kansas City 8 miles from the current facility, which NNSA would then lease through the General Services Administration (GSA) for a period of 20 years. However, in evaluating a financing method, KCP compared alternatives using cost estimates limited to 20 years. Twenty years is far shorter than the useful life of a production facility that is properly maintained; the current facility has operated for more than 60 years. NNSA and KCP officials acknowledge that while leasing a facility through GSA under a 20-year scenario is less costly than purchasing, it can be more costly over the longer term. Because KCP's analysis did not consider costs beyond 20 years, NNSA cannot be certain if other alternatives, such as purchasing the facility, might have offered lower costs over the longer term. KCP officials developed extensive plans to ensure that the production of components is not interrupted because of the transition to the new facility. However, its schedule--which is critical to ensuring that the move does not disrupt production--does not fully adhere to best practices GAO identified for schedule development and related DOE scheduling guidance. In February 2009, GAO assessed KCP's schedule and found that, among other things, KCP had not adequately sequenced all activities in its schedule in the order in which they are to be carried out. GAO followed up in July 2009 and found that although KCP officials have made progress in addressing several of these problems, the schedule still has some shortcomings. KCP has taken steps to mitigate some risks of increased outsourcing, but NNSA has not provided adequate oversight or clear and up-to-date export control guidance tailored for NNSA production and laboratory sites to effectively manage associated nuclear weapons proliferation risks. As such, KCP has not implemented a formal, risk-based approach to identify specific components and technologies that may be used by potential adversaries to develop or advance their nuclear capabilities. Lacking effective NNSA-specific guidance and a risk-based approach, KCP instead treats all components as if they pose equal proliferation risks. As such, items such as a common, commercially available screw are considered to be at the same level of proliferation risk as a complex mechanism designed to arm nuclear weapons. Further, KCP's primary means of addressing this issue rests on its suppliers' self-enforced compliance with a contract clause that outlines the suppliers' responsibility to abide by applicable export control laws. Under this broadly applied approach to managing export control--where all components are treated as equal risks--NNSA may be missing opportunities at KCP to systematically identify and more effectively mitigate those risks that pose the greatest threats. Mon, 23 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-42R?source=ra The Indian Health Service (IHS), an agency in the Department of Health and Human Services (HHS), provides health care services to American Indians and Alaskan Natives. For fiscal year 2009, Congress appropriated approximately $3.6 billion for health care services to be made available through IHS. The agency provides direct medical care, including primary care services, ancillary services, and some specialty services, through its network of facilities, including hospitals, health centers, and clinics. IHS also provides funding to direct care facilities that are operated by tribes. IHS headquarters oversees 12 area offices that cover 161 service units in 35 states. The Indian Health Care Improvement Act of 1976, as amended, authorizes IHS to collect reimbursement for services provided at IHS facilities from third-party insurers, including Medicare, the federal health insurance program for elderly and disabled individuals; Medicaid, a joint federal and state health financing program for certain low-income families and individuals; and private health insurers. IHS is allowed to retain funds collected from these insurers without a corresponding offset against its appropriations, so that all revenue collected by a facility remains with that facility, supplementing its appropriations. For fiscal year 2008, IHS reported that it collected about $795 million from all third-party insurers, of which about $94 million, or 12 percent, was collected from private insurers. The remaining 88 percent was collected from the Medicare and Medicaid programs. According to IHS, these funds were used to purchase new medical equipment and medical supplies, and to provide compensation and benefits for IHS employees. Given the importance of these collections to IHS's mission, Congress asked us to examine several areas related to IHS's billings and collections activities. Specifically, Congress asked us to review IHS's policies and procedures for writing off amounts owed to the agency by private insurers, internal control procedures related to billing and collection, and the amounts and reasons for denied claims and claims written off as uncollectible by IHS. Because IHS was unable to provide much of the information we requested on the amounts of denied and adjusted claims and amounts written off for more than 6 months after our requests for these data, this report examines (1) the design of IHS's policies and procedures for billing and collecting revenue from private insurers including write-offs of uncollectible claims, and (2) the adequacy of IHS headquarters' monitoring of area office and service unit compliance with policies and procedures for the billing and collection of revenue from private insurers. The design of IHS's policies and procedures for billing and collection activities--as reflected in Part 5 and Part 9 of the Indian Health Manual, and IHS's Revenue Operations Manual--is generally consistent with FSIO's standard business processes for managing federal accounts receivable, which include key processes related to the four phases of IHS's business revenue cycle. For example, FSIO specifies that there typically are triggering events that require establishing a receivable as well as processes for capturing, verifying, and reviewing customer information. Consistent with these expectations, IHS's policies and procedures include specific guidance on obtaining and verifying patient data at registration and for recording these data in RPMS. IHS headquarters' monitoring activities of area office and service unit compliance with billing and collection policies and procedures are inadequate, but agency officials told us they are taking steps to increase oversight. Federal internal control standards require agency management to conduct monitoring of program quality and performance. Part 5 of the Indian Health Manual requires the Director of ORAP to monitor area office and service unit compliance with IHS policies and procedures for billing and collecting revenue through IHS-wide policy compliance reviews and internal audits. Before implementing the Web-based tool, ORAP's monitoring of policy compliance had consisted of a small number of on-site compliance reviews at IHS service units and through regular meetings with field staff. Mon, 23 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-11?source=ra The Department of the Treasury's Financial Management Service (FMS) collections program provides services to agencies to collect, deposit, and account for collections through a variety of methods. Electronic collection methods can reduce government borrowing costs and agency administrative costs, while improving compliance and security. The Government Accountability Office (GAO) was asked to identify (1) the extent to which agencies other than the Internal Revenue Service (IRS) use various collection methods, (2) ways to maximize the benefits of and overcome any barriers to agency use of the various collection methods, and (3) issues that FMS should consider in its plans to improve the efficiency and security of collections. GAO analyzed collections data, plans, and documents from FMS and five case-study agencies in the Departments of the Interior and Commerce that use a variety of collection methods, observed fee collection methods, and interviewed FMS and case-study agency officials. GAO also interviewed selected payer groups for case study agencies. Over the past 5 years, more than 80 percent of funds collected by agencies other than the Internal Revenue Service (IRS) were collected using fully electronic methods, including wire transfers and credit cards. As shown in the figure below, from fiscal year 2005 through 2009 there was a significant shift from nonelectronic collection methods to partly electronic methods. This shift was largely a result of a growth in electronic check-processing capacity. Moving to electronic collection methods can reduce costs and mitigate risks, such as theft, but the specific circumstances of individual agencies and payers have affected agencies' ability to fully adopt these methods. Use of electronic methods can result in cost savings, increased processing speed and accuracy, and improved security of staff and deposits. Specifically, FMS reports that on average the government saves 78 cents for each electronic transaction. Additionally, case-study agencies and payer groups GAO spoke with reported reduced costs when using electronic collection methods. Despite the advantages, payer characteristics, other agency considerations, and set-up costs or required system changes have limited agencies' adoption of electronic collection methods. Also, agencies may not have enough information to make cost-effective decisions about their choice of collection method. FMS is implementing a plan to improve the efficiency and effectiveness of federal collections, but the plan excludes important cost considerations and does not use all available incentives. Specifically, the plan does not consider the cost differences among different electronic methods or ensure the consistent application of policies on reimbursement for certain services. The FMS plan also does not include a strategy for incorporating key lessons-learned from agency reviews into its guidance and communicating that information to agencies. With such information, agencies not scheduled for review until later years could begin to transition to more efficient methods. Fri, 20 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-39?source=ra In fiscal year 2008, the Department of Defense (DOD) obligated $200 billion on services contracts, including $42 billion for professional and management services. The Government Accountability Office (GAO) previously identified weaknesses in DOD's management and oversight of services contracts, contributing to DOD contract management being on GAO's high-risk list. For selected professional and management support contracts, GAO was asked to examine (1) the extent to which DOD considered the risks of contractors closely supporting inherently governmental functions at key decision points, (2) how DOD implemented performance-based practices, (3) the extent to which DOD designated trained surveillance personnel, and (4) whether a new review process may improve DOD's management of such contracts. GAO reviewed federal regulations, agency policies and guidance, and analyzed seven acquisitions approved from 2004 to 2007 and 64 related task orders for services. DOD policies do not require assessments of the risks associated with contractors closely supporting inherently governmental functions as part of its management reviews of acquisition strategies nor when task orders are issued for professional and management services. Such risks include the potential loss of government control over and accountability for mission-related policy and program decisions. Though all seven acquisitions and more than 75 percent of the task orders GAO reviewed provided for such services, GAO found no evidence that these risks were among those considered in the documentation reviewed. DOD guidance issued after these acquisitions were approved requires that consideration be given to using civilian personnel rather than contractors when the activities closely support inherently governmental functions. This guidance, however, does not require DOD personnel to consider and document risks posed when contractors perform these activities. Further, DOD personnel were unaware of the need to provide enhanced oversight when contracting for such services. DOD faces challenges in defining requirements and outcome-based measures when acquiring professional and management services. DOD personnel generally expressed task order requirements in terms of a broad range of activities that contractors may perform, but used standards and measures that were not always well-suited to assess outcomes. DOD made more use of objective measures to assess cost and schedule performance, but generally relied on subjective measures to assess the quality of the contractors' work. For example, DOD often measured quality based on the number of complaints lodged against the contractor, which provided little detail into how desired outcomes were achieved. DOD also missed opportunities to include objective measures that may have been better suited to assess outcomes. DOD officials stated that developing outcome-based, objective measures is challenging, but noted that initiatives are under way to better utilize such approaches. DOD has made progress in ensuring that trained surveillance personnel are assigned to monitor contract performance. Surveillance personnel were assigned to all 64 of the task orders GAO reviewed, and all but 3 had received required training. GAO identified, however, 3 instances of surveillance personnel who were not assigned before the contractor began work on a task order and 20 instances of personnel who did not receive training prior to beginning surveillance duties. In September 2008, DOD implemented a new peer review process that is tasked to address, among other issues, contractors closely supporting inherently governmental functions, the use of performance-based practices, and contractor surveillance. As of October 2009, four pre-award reviews and one post-award review of professional and management support contracts have been conducted and it is too early to tell whether such reviews will encourage DOD personnel to address these issues across the range of DOD's services contracts. Fri, 20 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-260T?source=ra Recent cases of corporate fraud and mismanagement heighten the Department of Justice's (DOJ) need to appropriately punish and deter corporate crime. Recently, DOJ has made more use of deferred prosecution and non-prosecution agreements (DPAs and NPAs), in which prosecutors may require company reform, among other things, in exchange for deferring prosecution, and may also require companies to hire an independent monitor to oversee compliance. This testimony addresses (1) the extent to which prosecutors adhered to DOJ's monitor selection guidelines, (2) the prior work experience of monitors and companies' opinions of this experience, and (3) the extent to which companies raised concerns about their monitors, and whether DOJ had defined its role in resolving these concerns. Among other steps, GAO reviewed DOJ guidance and examined the 152 agreements negotiated from 1993 (when the first 2 were signed) through September 2009. GAO also interviewed DOJ officials, obtained information on the prior work experience of monitors who had been selected, and interviewed representatives from 13 companies with agreements that required monitors. These results, while not generalizable, provide insights into monitor selection and oversight. Prosecutors adhered to DOJ guidance issued in March 2008 in selecting monitors required under agreements entered into since that time. Monitor selections in two cases have not yet been made due to challenges in identifying candidates with proper experience and resources and without potential conflicts of interests with the companies. DOJ issued guidance in March 2008 to help ensure that the monitor selection process is collaborative and based on merit; this guidance also requires prosecutors to obtain Deputy Attorney General approval for the monitor selection. For DPAs and NPAs requiring independent monitors, companies hired a total of 42 different individuals to oversee the agreements; 23 of the 42 monitors had previous experience working for DOJ--which some companies valued in a monitor choice--and those without prior DOJ experience had worked in other federal, state, or local government agencies, the private sector, or academia. The length of time between the monitor's leaving DOJ and selection as a monitor ranged from 1 year to over 30 years, with an average of 13 years. While most of the companies we interviewed did not express concerns about monitors having prior DOJ experience, some companies raised general concerns about potential impediments to independence or impartiality if the monitor had previously worked for DOJ or had associations with DOJ officials. Representatives for more than half of the 13 companies with whom GAO spoke raised concerns about the monitor's cost, scope, and amount of work completed--including the completion of compliance reports required in the DPA or NPA--and were unclear as to the extent DOJ could be involved in resolving such disputes, but DOJ has not clearly communicated to companies its role in resolving such concerns. Companies and DOJ have different perceptions about the extent to which DOJ can help to resolve monitor disputes. DOJ officials GAO interviewed said that companies should take responsibility for negotiating the monitor's contract and ensuring the monitor is performing its duties, but that DOJ is willing to become involved in monitor disputes. However, some company officials were unaware that they could raise monitor concerns to DOJ or were reluctant to do so. Internal control standards state that agency management should ensure there are adequate means of communicating with, and obtaining information from, external stakeholders that may have a significant impact on the agency achieving its goals. While one of the DOJ litigating divisions and one U.S. Attorney's Office have made efforts to articulate in the DPAs and NPAs what role they could play in resolving monitor issues, other DOJ litigation divisions and U.S. Attorney's Offices have not done so. Clearly communicating to companies the role DOJ will play in addressing companies' disputes with monitors would help increase awareness among companies and better position DOJ to be notified of potential issues related to monitor performance. Thu, 19 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-45?source=ra When a consumer uses a credit card to make a purchase, the merchant does not receive the full purchase amount because a certain portion of the sale is deducted to compensate the merchant's bank, the bank that issued the card, and the card network that processes the transaction. The level and growth of these rates have become increasingly controversial. The 2009 Credit Card Accountability, Responsibility, and Disclosure Act directed GAO to review (1) how the fees merchants pay have changed over time and the factors affecting the competitiveness of the credit card market, (2) how credit card competition has affected consumers, (3) the benefits and costs to merchants of accepting cards and their ability to negotiate those costs, and (4) the potential impact of various options intended to lower merchant costs. To address these objectives, GAO reviewed and analyzed relevant studies, literature, and data on the card payment market and interviewed industry participants, including large and small card issuers (including community banks and credit unions), card processors, card networks, large merchants representing a significant proportion of retail sales, and small merchants from a variety of industries, and academic experts. GAO provided a draft of this report to the Department of Justice, the Federal Trade Commission, and federal banking regulators, and we incorporated their technical comments where appropriate. According to Federal Reserve analysis, total costs of accepting credit cards for merchants have risen over time as consumers use cards more. Part of these increased costs also may be the result of how Visa and MasterCard competed to attract and retain issuers to offer cards by increasing the number of interchange fee categories and the level of these rates. Concerns remain over whether the level of these rates reflects market power--the ability of some card networks to raise prices without suffering competitive effects--or whether these fees reflect the costs that issuers incur to maintain credit card programs. Issuers, particularly smaller issuers such as community banks and credit unions, report relying on interchange fees as a significant source of revenue for their credit card operations, and analyses by banking regulators indicate such operations traditionally have been among the most profitable types of activities for large banks. Some consumers have benefited from competition in the credit card market, as cards often have no annual fees, lower interest rates than they did years ago, and greater rewards. However, consumers who do not use credit cards may be paying higher prices for goods and services, as merchants pass on their increasing card acceptance costs to all of their customers. For merchants, the benefits of accepting credit cards include increased sales and reduced labor costs. However, representatives from some of the large merchants with whom we spoke said their increased payment costs outstripped any increased sales. These merchants also reported that their inability to refuse popular cards and network rules (which prevent charging more for credit card than for cash payments or rejecting higher-cost cards) limited their ability to negotiate payment costs. Interchange fees are not federally regulated in the United States, but concerns about card costs have prompted federal investigations and private lawsuits, and authorities in more than 30 countries have taken or are considering taking actions to address such fees and other card network practices. Proposals for reducing interchange fees in the United States or other countries have included (1) setting or limiting interchange fees, (2) requiring their disclosure to consumers, (3) prohibiting card networks from imposing rules on merchants that limit their ability to steer customers away from higher-cost cards, and (4) granting antitrust waivers to allow merchants and issuers to voluntarily negotiate rates. If these measures were adopted here, merchants would benefit from lower interchange fees. Consumers would also benefit if merchants reduced prices for goods and services, but identifying such savings would be difficult. Consumers also might face higher card use costs if issuers raised other fees or interest rates to compensate for lost interchange fee income. Each of these options also presents challenges for implementation, such as determining at which rate to set, providing more information to consumers, or addressing the interests of both large and small issuers and merchants in bargaining efforts. Thu, 19 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-56?source=ra The Department of Defense (DOD) implemented the post-deployment health reassessment (PDHRA), which is required to be administered to servicemembers 90 to 180 days after their return from deployment. DOD established the PDHRA program to identify and address servicemembers' health concerns that emerge over time following deployments. This report is the second in response to a Senate Armed Services Committee report directing the Government Accountability Office (GAO) to review DOD's administration of the PDHRA, and to additional congressional requests. In this report, GAO examined (1) the extent to which DOD's central repository contains PDHRA questionnaires for active and Reserve component servicemembers who returned from deployment to Iraq or Afghanistan and (2) how DOD monitors the administration of the PDHRA to Reserve component servicemembers. To conduct this review, GAO performed a quantitative analysis using DOD deployment and PDHRA data, reviewed relevant PDHRA policies, and interviewed DOD officials. DOD policy requires that the military services electronically submit PDHRA questionnaires to DOD's central repository. Based on two separate queries to this repository in 2009, GAO did not find PDHRA questionnaires for a substantial percentage of the 319,000 active and Reserve component servicemembers who returned from deployment to Iraq or Afghanistan between January 1, 2007, and May 31, 2008. GAO's first query on April 15, 2009, showed that only 77 percent of this population of interest had questionnaires in the central repository, leaving approximately 74,000 servicemembers without questionnaires in the repository. On September 4, 2009, GAO queried DOD's central repository again to update its April 2009 data and found that DOD's central repository was still missing PDHRA questionnaires for about 72,000 servicemembers, or 23 percent of the servicemembers in GAO's original population of interest. When PDHRA questionnaires are not in DOD's central repository, DOD does not have reasonable assurance that servicemembers to whom the PDHRA requirement applies were given the opportunity to fill out the questionnaire and identify and address health concerns that could emerge over time following deployment. DOD uses four methods to monitor the contractor, Logistics Health, Inc. (LHI), that administers the PDHRA to Reserve component servicemembers. The four monitoring methods are: (1) reviews of periodic reports from LHI; (2) inspections of LHI's administration of the PDHRA; (3) feedback on LHI's administration of the PDHRA from military service officials; and (4) weekly telephone discussions with LHI staff. These methods are used to help ensure that the objective of the PDHRA program is being met for Reserve component servicemembers. Through these methods, DOD identified a number of potential problems that may pose risks to the PDHRA program objective and to the welfare and safety of Reserve component servicemembers. However, GAO found that when monitoring the administration of the PDHRA to Reserve component servicemembers, DOD does not maintain clear documentation that is consistent with federal internal control standards. GAO found that the documentation generated by DOD generally did not clearly describe the potential problems, the actions taken to address the problems, and whether these actions had resolved the problems. Overall, this lack of clear documentation does not allow DOD to have reasonable assurance that potential problems related to the administration of the PDHRA to Reserve component servicemembers have been addressed and resolved. Thu, 19 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-57?source=ra The Department of Education (Education) awards about $45 billion in grants each year to school districts, states, and other entities. In addition, the American Recovery and Reinvestment Act of 2009 provided an additional $97 billion in grant funding. In a series of reports from 2002 to 2009, Education's Inspector General cited a number of grantees for failing to comply with financial and programmatic requirements of their grant agreements. GAO was asked to determine: (1) what progress Education has made in implementing a risk-based approach to grant monitoring, (2) to what extent Education's program offices have the expertise necessary to monitor grantees' compliance with grant program requirements, and (3) to what extent information is shared and used within Education to ensure the effectiveness of grant monitoring. To do this, GAO reviewed agency documentation related to Education's internal controls and interviewed senior Education officials and staff in 12 of the 34 offices that monitor grants. In October 2006, Education began to look at ways to improve the efficiency and effectiveness of the department's grant management processes; in particular, it sought ways to more effectively monitor its grants after they were made. In 2007, Education created the Risk Management Service (RMS) to work with all components of the department to ensure that each office has an effective risk management strategy in place. Effective monitoring protocols and tools based on accepted control standards are key to ensuring that waste, fraud, and abuse are not overlooked and program funds are being spent appropriately. Such tools include identifying the nature and extent of grantee risks and managing those risks, having skilled staff to oversee grantees to ensure they are using sound financial practices and meeting program objectives and requirements, and using and sharing information about grantees throughout the organization. Our review of Education's current grant monitoring processes and controls found that it: (1)Has made uneven progress in implementing a department-wide, risk-based approach to grant monitoring. Education has not disseminated department-wide guidance on grantee risk assessment, but it has planned some new efforts in this area. In the absence of guidance on a department-wide risk assessment strategy, individual program offices have developed their own strategies for assessing and managing risk that vary in rigor. (2) Has limited financial expertise and training, hindering effective monitoring of grantees' compliance with financial requirements. Education has monitoring tools that aid in reviewing basic financial compliance, but the lack of staff expertise limits the ability to probe more deeply into grantees' use of funds. (3) Lacks a systematic means of sharing information on grantees and promising practices in grant monitoring throughout the department. These shortcomings can lead to weaknesses in program implementation that ultimately result in failure to effectively serve the students, parents, teachers, and administrators those programs were designed to help. Thu, 19 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-13?source=ra The Department of Homeland Security's (DHS) U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program stores and processes biometric and biographic information to, among other things, control and monitor the entry and exit of foreign visitors. Currently, an entry capability is operating at almost 300 U.S. ports of entry, but an exit capability is not. The Government Accountability Office (GAO) has previously reported on limitations in DHS's efforts to plan and execute its efforts to deliver US-VISIT exit, and made recommendations to improve these areas. GAO was asked to determine (1) the status of DHS's efforts to deliver a comprehensive exit solution and (2) to what extent DHS is applying an integrated approach to managing its comprehensive exit solution. To accomplish this, GAO assessed US-VISIT exit project plans, schedules, and other management documentation against relevant criteria, and it observed exit pilots. DHS has established a Comprehensive Exit project within its US-VISIT program that consists of six components that are at varying stages of completion. To DHS's credit, the US-VISIT program office has established integrated project management plans for, and has adopted an integrated approach to, interacting with and involving stakeholders in its Comprehensive Exit project. However, it has not adopted an integrated approach to scheduling, executing, and tracking the work that needs to be accomplished to deliver a comprehensive exit solution. Rather, it is relying on several separate and distinct schedules to manage individual components and the US-VISIT prime contractor's work that supports these components. Moreover, neither of the two component schedules that GAO reviewed are reliable because they have not been derived in accordance with relevant guidance. Specifically, both the Air Exit Pilots schedule and the Temporary Worker Visa Exit Pilot schedule only fully meet one of nine key schedule estimating practices, and either partially, minimally, or do not meet the remaining eight. In contrast, the prime contractor's schedule is largely reliable, as it fully or substantially meets all nine practices. Without a master schedule for the Comprehensive Exit project that is integrated and derived in accordance with relevant guidance, DHS cannot reliably commit to when and how the work will be accomplished to deliver a comprehensive exit solution to its almost 300 ports of entry, and it cannot adequately monitor and manage its progress toward this end. Thu, 19 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-223?source=ra The American Recovery and Reinvestment Act of 2009 (Recovery Act) requires recipients of funding from federal agencies to report quarterly on jobs created or retained with Recovery Act funding. The first recipient reports filed in October 2009 cover activity from February through September 30, 2009. GAO is required to comment on the jobs created or retained as reported by recipients. This report addresses (1) the extent to which recipients were able to fulfill their reporting requirements and the processes in place to help ensure data quality and (2) how macroeconomic data and methods, and the recipient reports, can be used to assess the employment effects of the Recovery Act. GAO performed an initial set of basic analyses on the final recipient report data that first became available at www.recovery.gov on October 30, 2009; reviewed documents; interviewed relevant state and federal officials; and conducted fieldwork in selected states, focusing on a sample of highway and education projects. On October 30, www.recovery.gov (the federal Web site on Recovery Act spending) reported that more than 100,000 recipients reported hundreds of thousands of jobs created or retained. Given the national scale of the recipient reporting exercise and the limited time frames in which it was implemented, the ability of the reporting mechanism to handle the volume of data from a wide variety of recipients represents a solid first step in moving toward more transparency and accountability for federal funds. Because this effort will be an ongoing process of cumulative reporting, GAO's first review represents a snapshot in time. While recipients GAO contacted appear to have made good faith efforts to ensure complete and accurate reporting, GAO's fieldwork and initial review and analysis of recipient data from www.recovery.gov, indicate that there are a range of significant reporting and quality issues that need to be addressed For example, GAO's review of prime recipient reports identified the following: Erroneous or questionable data entries that merit further review: (1) 3,978 reports that showed no dollar amount received or expended but included more than 50,000 jobs created or retained; (2) 9,247 reports that showed no jobs but included expended amounts approaching $1 billion, and (3) Instances of other reporting anomalies such as discrepancies between award amounts and the amounts reported as received which, although relatively small in number, indicate problematic issues in the reporting. Coverage: While OMB estimates that more than 90 percent of recipients reported, questions remain about the other 10 percent. Quality review: While less than 1 percent were marked as having undergone review by the prime recipient, over three quarters of the prime reports were marked as having undergone review by a federal agency. Full-time equivalent (FTE) calculations: Full-time equivalent (FTE) calculations: Under OMB guidance, jobs created or retained were to be expressed as FTEs. GAO found that data were reported inconsistently even though significant guidance and training was provided by OMB and federal agencies. While FTEs should allow for the aggregation of different types of jobs--part time, full time or temporary--differing interpretations of the FTE guidance compromise the ability to aggregate the data. Although there were problems of inconsistent interpretation of the guidance, the reporting process went relatively well for highway projects. Transportation had an established procedure for reporting prior to enactment of the Recovery Act. In the cases of Education and Housing, which do not have this prior reporting experience, GAO found more problems. Some of these have been reported in the press. State and federal officials are examining these problems and have stated their intention to deal with them. Thu, 19 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-224T?source=ra This testimony discusses the report being issued today on the first set of recipient reports made available in October 2009 in response to the American Recovery and Reinvestment Act's section 1512 requirement. On October 30, Recovery.gov (the federal Web site on Recovery Act spending) reported that more than 100,000 recipients had reported hundreds of thousands of jobs created or retained. GAO is required to comment quarterly on the estimates of jobs created or retained as reported by direct recipients of Recovery Act funding from federal agencies. In the first quarterly GAO report, being released today, we address the following issues: (1) the extent to which recipients were able to fulfill their reporting requirements and the processes in place to help ensure recipient reporting data quality and (2) how macroeconomic data and methods, and the recipient reports, can be used to help gauge the employment effects of the Recovery Act. Because the recipient reporting effort will be an ongoing process of cumulative reporting, our review represents a snapshot in time. At this juncture, given the national scale of the recipient reporting exercise and the limited time frames in which it was implemented, the ability of the reporting mechanism to handle the volume of data from a wide variety of recipients represents a solid first step in moving toward more transparency and accountability for federal funds; however, there is a range of significant reporting and quality issues that need to be addressed. Consequently, our report contains several recommendations to improve data quality that Office of Management and Budget (OMB) staff generally agreed to implement. We will continue to review the processes that federal agencies and recipients have in place to ensure the future completeness and accuracy of data reported. Finally, our report notes that because the recipient reports cover about one-third of Recovery Act funds, both the data in those reports and other macroeconomic data and methods together can offer a more complete view of the overall employment impact of the Recovery Act. As detailed in our report, our analysis and fieldwork indicate there are significant issues to be addressed in reporting, data quality, and consistent application of OMB guidance in several areas. Many entries merit further attention due to an unexpected or atypical data value or relationship between data. As part of our review, we examined the relationship between recipient reports showing the presence or absence of any full-time equivalent (FTE) counts with the presence or absence of funding amounts shown in either or both data fields for "amount of Recovery Act funds received" and "amount of Recovery Act funds expended." Forty-four percent of the prime recipient reports showed an FTE value. However,we identified 3,978 prime recipient reports where FTEs were reported but no dollar amount was reported in the data fields for amount of Recovery Act funds received and amount of Recovery Act funds expended. These records account for 58,386 of the total 640,329 FTEs reported. While OMB estimates that more than 90 percent of recipients reported, questions remain about the other 10 percent. Less than 1 percent of the records were marked as having undergone review by the prime recipient. The small percentage reviewed by the prime recipients themselves during the OMB review time frame warrants further examination. While it may be the case that the recipients' data quality review efforts prior to initial submission of their reports were seen as not needing further revision during the review timeframe, it may also be indicative of problems with the process of noting and recording when and how the prime recipient reviews occur and the setting of the review flag. In addition, the report record data included a flag as to whether a correction was initiated. Overall, slightly more than a quarter of the reports were marked as having undergone a correction during the period of review. In its guidance to recipients for estimating employment effects, OMB instructed recipients to report solely the direct employment effects as "jobs created or retained" as a single number. Problems with the interpretation of this guidance or the calculation of FTEs were one of the most significant problems we found. Jobs created or retained expressed in FTEs raised questions and concerns for some recipients. One source of inconsistency was variation in the period of performance used to calculate FTEs, which occurred in both the highway and education programs we examined. While there were problems of inconsistent interpretation of the guidance, the reporting process went relatively well for highway projects. DOT had an established procedure for reporting prior to enactment of the Recovery Act. As our report shows, in the cases of Education and the Department of Housing and Urban Development, which do not have this prior reporting experience, we found more problems. State and federal officials are examining identified issues and have stated their intention to deal with them. Thu, 19 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-255T?source=ra The Small Business Administration (SBA), which, along with federal procuring activities, administers the Service-Disabled Veteran-Owned Small Business (SDVOSB) program, reported in fiscal year 2008 that $6.5 billion in federal contracts were awarded to firms who self-certified themselves as SDVOSBs. Government contracts to SDVOSBs accounted for only 1.5 percent of all government contract dollars paid in fiscal year 2008. Since the SDVOSB program began, the government has not met its annual mandated goal of 3 percent. In addition to SBA's statutory authority over administration of the SDVOSB program, several other government agencies have separate authority over issues related to the SDVOSB program. The Veterans Benefits, Health Care, and Information Technology Act requires the Department of Veterans Affairs (VA) to maintain a database of SDVOSBs and Veteran-Owned Small Businesses (VOSB) so contractor eligibility can be verified on VA SDVOSB and VOSB contracts. In addition, The Office of Federal Procurement Policy (OFPP), within the Office of Management and Budget, provides overall direction for governmentwide procurement policies, regulations, and procedures and to promote economy, efficiency, and effectiveness in the acquisition processes. The Office's primary focus is on the Federal Acquisition Regulation (FAR), the governmentwide regulation governing agency acquisitions of goods and services, including SDVOSB set-aside and sole-source contract actions. Fraud and abuse in the SDVOSB program allowed ineligible firms to improperly receive millions of dollars in set-aside and sole-source SDVOSB contracts, potentially denying legitimate service-disabled veterans and their firms the benefits of this program. We identified 10 case-study examples of firms that did not meet SDVOSB program eligibility requirements, which received approximately $100 million in SDVOSB contracts, and over $300 million in additional 8(a), HUBZone, and non-SDVOSB federal government contracts. SBA found four of the firms ineligible for the SDVOSB program through the agency's bid protest process. Nevertheless, because there are no requirements to terminate contracts when firms are found ineligible, several contracting agencies allowed the ineligible firms to continue their work. For example, bid-protest decisions do not always result in the termination of contracts with ineligible firms, even when termination costs would be minimal in cases where contract work had not begun. As some of our case studies show, even when firms are found ineligible to receive a contract, they can still retain it because current regulations do not require that the contracting agency terminate the contract.In addition, we identified six other case-study firms that were not eligible for the SDVOSB program. The misrepresentations case-study firms made included a firm whose owner was not a service-disabled veteran, a serviced-disabled veteran who did not control the firm's day-to-day operations, a service-disabled veteran who was a full-time contract federal employee at MacDill Air Force Base, and firms that served as a "pass-through" for large and sometimes foreign-based corporations. In the case of a pass-through, a firm or joint venture lists a service-disabled veteran as the majority owner, but contrary to program requirements, all work is performed and managed by a non-service-disabled person or a separate firm. Federal regulations set requirements for a small business to qualify as an SDVOSB. Specifically, SDVOSB eligibility regulations mandate that a firm must be a small business and at least 51 percent-owned by one or more service-disabled veterans who control the management and daily business operations of the firm. The lack of effective fraud-prevention controls by SBA and agencies awarding contracts allowed these ineligible firms to receive approximately $100 million of sole-source or set-aside SDVOSB contracts over the last several years. The SDVOSB program is essentially an eligibility-based program. However, neither the SBA, except when responding to a protest, nor contracting officials are currently verifying the eligibility of firms claiming to be SDVOSBs. For example, currently the SBA and contracting agencies do not have a process in place to access the VA service-disabled veteran's database listing individuals that are valid service-disabled veterans. In addition, contracting officers are not required to validate that a firm's owner is a service-disabled veteran prior to award. Unlike other small business contracting programs, such as the HUBZone and 8(a) programs, there also are no documentation submissions to substantiate eligibility for the program or application process associated with the SDVOSB program. This lack of controls substantially increases the risk for fraud and abuse in the SDVOSB program. The only process in place to detect fraud in the SDVOSB program involves a formal bid protest process at the SBA, whereby interested parties to a contract award can protest if they feel a firm misrepresented its small business size or SDVOSB eligibility in its bid submission. However, as shown by our case studies, this self-policing process does not prevent ineligible firms from receiving SDVOSB contracts. Thu, 19 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-108?source=ra The Service-Disabled Veteran-Owned Small Business (SDVOSB) program is intended to provide federal contracting opportunities to qualified firms. In fiscal year 2007, the Small Business Administration (SBA) reported $4 billion in governmentwide sole source and set aside SDVOSB contract awards. Given the amount of federal contract dollars being awarded to SDVOSB firms, GAO was asked to determine (1) whether cases of fraud and abuse exist within the SDVOSB program, and (2) whether the program has effective fraud-prevention controls in place. To identify whether cases exist, GAO reviewed SDVOSB contract awards and protests since 2003, and complaints sent to our fraud hotline. GAO defined a case as one or more affiliated firms who were awarded one or more SDVOSB contracts. To assess fraud-prevention controls, GAO reviewed laws and regulations and conducted interviews with SBA and Department of Veterans Affairs (VA) officials. GAO did not attempt to project the extent of fraud and abuse in the program. GAO found that the SDVOSB program is vulnerable to fraud and abuse, which could result in legitimate service-disabled veterans' firms losing contracts to ineligible firms. The 10 case-study firms identified in this report received approximately $100 million from SDVOSB contracts through fraud or abuse of the program, or both. For example, contracts for Hurricane Katrina trailer maintenance were awarded to a firm whose owner was not a service-disabled veteran. GAO also found SDVOSB companies used as a pass-through for large, sometimes multinational corporations. In another case a full-time federal contract employee at MacDill Air Force Base set up a SDVOSB company that passed a $900,000 furniture contract on to a company where his wife worked, which passed the work to a furniture manufacturer that actually delivered and installed the furniture. GAO found that the government does not have effective fraud-prevention controls in place for the SDVOSB program. Specifically, SBA and agencies awarding SDVOSB contracts do not have processes in place to validate a firm's eligibility for the program prior to bid submission. SBA and contracting agencies also currently do not have a database of individuals that are service-disabled veterans, a key eligibility requirement for the program. According to VA, it is developing a database, called VetBiz, of validated SDVOSBs, but currently it is only used for contracting by the VA. SBA's bid-protest process is the only governmentwide control over the SDVOSB program. However, although ineligible firms have been identified through bid protests, firms found ineligible do not face real consequences, can be allowed to complete the contracts received, and are not suspended or debarred. Thu, 19 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-77?source=ra When sponsors terminate underfunded plans during bankruptcy, it can deplete resources of the Pension Benefit Guaranty Corporation (PBGC), which protects the pensions of almost 44 million American workers and retirees who participate in over 29,000 defined benefit pension plans. In 2009, PBGC reported an estimated deficit of over $30 billion. GAO was asked to determine what pay and other compensation executives received in the years preceding their company's termination of an underfunded defined benefit pension plan. To identify case study examples GAO analyzed a listing of the 1,246 underfunded plans that were terminated from 1999 to 2008 and selected public companies with large unfunded liabilities, large unfunded liabilities per participant, and a large number of plan participants. GAO reviewed documents provided by companies and executives, and interviewed PBGC and company officials. GAO also reviewed Securities and Exchange Commission (SEC) filings and PBGC documents disclosing plan underfunding at the time of termination and missed contributions. Executive compensation figures may be understated because some company executives could not be located, did not respond to document requests, declined interviews, and did not give GAO access to their tax records. GAO found that 40 executives for 10 companies received approximately $350 million in pay and other compensation in the years leading up to the termination of their companies' underfunded pension plans. GAO identified salaries, bonuses, and benefits provided to small groups of high-ranking executives at these companies during the 5 years leading up to the termination of their pension plans. For example, beyond the tens of millions in base salaries received, GAO found that executives also received millions of dollars in stock awards, income tax reimbursements, retention bonuses, severance packages, and supplemental executive-only retirement plans. In some cases, plan participants had their benefits reduced due to the underfunding of the plan when it was terminated. For example, a retired pilot saw his monthly pension payment reduced by two-thirds. The reduction in benefits occurred because federal law caps the benefits PBGC can guarantee when it takes over an underfunded pension plan. In addition, PBGC has no oversight power with regard to executive compensation prior to a company's bankruptcy. During bankruptcy, executive compensation must be approved by the bankruptcy court, and after this approval PBGC has extremely limited ability to recover those payments to executives. GAO did not find any illegal activity with respect to executive compensation on the part of either the 10 companies or the 40 executives under review. Thu, 19 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-236T?source=ra The Federal Protective Service (FPS) within the Department of Homeland Security (DHS) is responsible for providing law enforcement and related security services for nearly 9,000 federal facilities under the control and custody of the General Services Administration (GSA). In 2004 GAO identified a set of key protection practices from the collective practices of federal agencies and the private sector, which included allocation of resources using risk management, strategic management of human capital, leveraging of technology, information sharing and coordination, and performance measurement and testing. This testimony is based on past reports and testimonies and discusses (1) limitations FPS faces in protecting GSA buildings and resulting vulnerabilities; and (2) actions FPS is taking. To perform this work, GAO used its key practices as criteria, visited a number of GSA buildings, surveyed tenant agencies, analyzed pertinent laws and DHS and GSA documents, conducted covert testing at 10 judgmentally selected high-security buildings in four cities, and interviewed officials from DHS, GSA, and tenant agencies, and contractors and guards. FPS's approach to securing GSA buildings reflects some aspects of key protection practices; however, GAO found limitations in each area and identified vulnerabilities. More specifically: (1) FPS faces obstacles in allocating resources using risk management. FPS uses an outdated risk assessment tool and a subjective, time-consuming process to assess risk. In addition, resource allocation decisions are the responsibility of GSA and tenant agencies. This leads to uncertainty about whether risks are being mitigated. Also, FPS continues to struggle with funding challenges that impede its ability to allocate resources effectively. (2) FPS does not have a strategic human capital management plan to guide its current and future workforce planning efforts, making it difficult to discern how effective its transition to an inspector-based workforce will be. Furthermore, because contract guards were not properly trained and did not comply with post orders, GAO investigators concealing components for an improvised explosive device passed undetected by FPS guards at 10 of 10 high-security facilities in four major cities. (3) FPS lacks a systematic approach for leveraging technology, and inspectors do not provide tenant agencies with an analysis of alternative technologies, their cost, and the associated reduction in risk. As a result, there is limited assurance that the recommendations inspectors make are the best available alternatives, and tenant agencies must make resource allocation decisions without key information. (4) FPS has developed information sharing and coordination mechanisms with GSA and tenant agencies, but there is inconsistency in the type of information shared and the frequency of coordination. (5) FPS lacks a reliable data management system for accurately tracking performance measurement and testing. Without such a system, it is difficult for FPS to evaluate and improve the effectiveness of its efforts, allocate resources, or make informed risk management decisions. FPS is taking actions to better protect GSA buildings, in part as a result of GAO's recommendations. For example, FPS is developing a new risk assessment program and has recently focused on improving oversight of its contract guard program. Additionally, GAO has recommended that FPS implement specific actions to make greater use of key practices and otherwise improve security. However, FPS has not completed many related corrective actions and FPS faces implementation challenges as well. Nonetheless, adhering to key practices and implementing GAO's recommendations in specific areas would enhance FPS's chances for future success, and could position FPS to become a leader and benchmark agency for facility protection in the federal government. Wed, 18 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO/OIG-10-1?source=ra GAO's mission is to support Congress in meeting its constitutional responsibilities and to help improve the performance and ensure the accountability of the federal government for the benefit of the American people. To accomplish its mission, GAO provides objective and reliable information and informed analysis to Congress, federal agencies, and the public. To help monitor its performance in serving Congress, GAO uses the testimony performance measure. On occasion, more than one GAO official may testify at the same hearing. Performance data for this measure comes from GAO's Congressional Hearing System, which is managed by the Office of Congressional Relations. Data is entered into the system by administrative staff from (1) organizational units (generally referred to as mission teams) whose officials are testifying and (2) the Office of Congressional Relations under limited circumstances. The Congressional Hearing System captures information, for example, about the date and topic of the hearing, the name of the committee or subcommittee holding the hearing, and the name of the GAO witness. The Government Performance and Results Act of 1993 (GPRA) requires federal agencies to develop strategic plans with long-term, outcome-oriented goals and objectives; annual goals linked to the long-term goals; and annual reports on the results achieved. As a legislative branch agency, GAO is not required to comply with GPRA but generally does follow the intent of this law. To follow the intent of GPRA, GAO uses a strategic planning and management process based on strategic goals and objectives. To help monitor its performance, the agency has developed various performance measures, including the testimony measure. We identified a total of eight errors in GAO's fiscal year 2008 testimony performance data. From our random sample of 54 hearings, we found six errors. Five of the six errors resulted from 5 hearings--at which two GAO officials provided separate testimonies--being counted twice (in this case, as 10 hearings) in the Congressional Hearing System. The sixth error from our sample was the result of a planned testimony being issued as a statement for the record and the Congressional Hearing System's data not being updated to reflect this change. Statements for the record are not to be included in the testimony measure. Separate from our sample, we learned about two other errors. The first error involved a January 2008 testimony that was not entered into the agency's hearings database in a timely manner and thus was not included in the total number of hearings reported for fiscal year 2008. The second error was identified by the Office of Congressional Relations' review of fiscal year 2008 testimony performance data. The error involved a January 2008 hearing, where two GAO officials provided separate testimonies, that was inadvertently entered twice into the Congressional Hearing System--and thus was counted as two hearings. Office of Congressional Relations managers state they have corrected the eight errors. Our work shows that several factors contributed to inaccurate fiscal year 2008 performance data for GAO's testimony measure. First, while the Office of Congressional Relations has internal procedures that in part address maintaining the Congressional Hearing System database and producing related hearing reports, these procedures do not specifically mention the testimony measure, its definition, or the performance data. The procedures also do not include specific steps for checking and testing the performance data before it is reported in GAO's annual performance report. Second, while Office of Congressional Relations procedures stress the importance of updating Congressional Hearing System data when changes occur, one of the errors we identified happened because data had not been updated when a planned testimony was issued as a statement for the record. Third, unit administrative staff who enter data in the Congressional Hearing System told us that it is difficult for them to know when more than one GAO testimony will be delivered at a hearing. Finally, a report used to check GAO hearing data was not effective in identifying data errors related to hearings being counted twice. We believe the actions initiated by the Office of Congressional Relations--updating its procedures and developing a new report from the Congressional Hearing System--will help reduce the risk of future errors in GAO testimony performance data. As procedures are updated, we believe consideration should be given to adding specific steps that address the three types of data errors identified in our review: (1) the miscounting of hearings where more than one GAO testimony is presented, (2) not properly updating hearing data when a planned testimony is not presented, and (3) untimely posting of data. In addition, we believe that steps are needed to verify the accuracy of testimony performance data prior to their publication in GAO's annual performance report. Wed, 18 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-142?source=ra There is ongoing concern about the security of federal buildings and their occupants. The Federal Protective Service (FPS) within the Department of Homeland Security (DHS) is responsible for providing law enforcement and related security services for nearly 9,000 federal buildings under the control and custody of the General Services Administration (GSA). In 2004, GAO identified a set of key protection practices from the collective practices of federal agencies and the private sector that included: allocating resources using risk management, leveraging technology, and information sharing and coordination. As requested, GAO determined whether FPS's security efforts for GSA buildings reflected key practices. To meet this objective, GAO used its key practices as criteria, visited five sites to gain firsthand knowledge, analyzed pertinent DHS and GSA documents, and interviewed DHS, GSA, and tenant agency officials. FPS's approach to securing GSA buildings reflects some aspects of key protection practices, and FPS has several improvements underway such as a new risk assessment program and a countermeasure acquisition program. While FPS's protection activities exhibit some aspects of the key practices, GAO found limitations in each of the areas. FPS assesses risk and recommends countermeasures to GSA and tenant agencies; however, FPS's ability to influence the allocation of resources using risk management is limited because resource allocation decisions are the responsibility of GSA and tenant agencies, which may be unwilling to fund FPS's countermeasure recommendations. Moreover, FPS uses an outdated risk assessment tool and a subjective, time-consuming process. As a result, GSA and tenant agencies are uncertain whether risks are being mitigated. Concerned with the quality and timeliness of FPS's risk assessment services, GSA and tenant agencies are pursuing some of these activities on their own. Although FPS is developing a new risk management program, full implementation is not planned until the end of fiscal year 2011 and has already experienced delays. With regard to leveraging technology, FPS inspectors have considerable latitude for selecting technologies and countermeasures that tenant agencies fund, but FPS provides inspectors with little training and guidance for making cost-effective choices. Additionally, FPS does not provide tenant agencies with an analysis of alternative technologies, their cost, and associated reduction in risk. As a result, there is limited assurance that the recommendations inspectors make are the best available alternatives and tenant agencies must make resource allocation decisions without key information. Although FPS is developing a program to standardize security equipment and contracting, the program has run behind schedule and lacks an evaluative component for assessing the cost-effectiveness of competing technologies and countermeasures. FPS has developed information sharing and coordination mechanisms with GSA and tenant agencies, but there is inconsistency in the type of information shared and the frequency of coordination. Lack of coordination through regular contact can lead to communication breakdowns. For example, during a construction project at one location, the surveillance equipment that FPS was responsible for maintaining was removed from the site during 2007. FPS and tenant agency representatives disagree over whether FPS was notified of this action. Furthermore, FPS and GSA disagree over what building risk assessment information can be shared. FPS maintains that the sensitive information contained in the assessments is not needed for GSA to carry out its mission. However, GSA maintains that restricted access to the risk assessments constrains its ability to protect buildings and occupants. Wed, 18 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-252T?source=ra The Department of Homeland Security's (DHS) Domestic Nuclear Detection Office (DNDO) is responsible for addressing the threat of nuclear smuggling. Radiation detection portal monitors are key elements in the nation's defenses against such threats. DHS has sponsored testing to develop new monitors, known as advanced spectroscopic portal (ASP) monitors, to replace radiation detection equipment being used at ports of entry. DNDO expects that ASPs may offer improvements over current-generation portal monitors, particularly the potential to identify as well as detect radioactive material and thereby to reduce both the risk of missed threats and the rate of innocent alarms, which DNDO considers to be key limitations of radiation detection equipment currently used by Customs and Border Protection (CBP) at U.S. ports of entry. However, ASPs cost significantly more than current generation portal monitors. Due to concerns about ASPs' cost and performance, Congress has required that the Secretary of Homeland Security certify that ASPs provide a significant increase in operational effectiveness before obligating funds for full-scale ASP procurement. In May 2009, GAO issued a report (GAO-09-655) on the status of the ongoing ASP testing round. This testimony (1) discusses the principal findings and recommendations from GAO's May report on ASP testing and (2) updates those findings based on information from DNDO and CBP officials on the results of testing conducted since the report's issuance. DHS, DNDO, and CBP's oral comments on GAO's new findings were included as appropriate. GAO's May 2009 report on ASP testing found that DHS increased the rigor in comparison with previous tests and thereby added credibility to the test results. However, GAO's report also questioned whether the benefits of the ASPs justify its high cost. In particular, the DHS criteria for a significant increase in operational effectiveness require only a marginal improvement in the detection of certain weapons-usable nuclear materials, which DNDO considers a key limitation of current-generation portal monitors. The marginal improvement required of ASPs is particularly notable given that DNDO has not completed efforts to fine-tune current-generation equipment to provide greater sensitivity. Moreover, the test results showed that ASPs performed better than current-generation portal monitors in detection of such materials concealed by light shielding approximating the threat guidance for setting detection thresholds, but that differences in sensitivity were less notable when shielding was slightly below or above that level. Finally, DNDO had not yet updated its cost-benefit analysis to take into account the results of ASP testing and did not plan to complete computer simulations that could provide additional insight into ASP capabilities and limitations prior to certification even though test delays have allowed more time to conduct the simulations. DNDO officials believed the other tests were sufficient for ASPs to demonstrate a significant increase in operational effectiveness. GAO recommended that DHS assess ASPs against the full potential of current-generation equipment and revise the program schedule to allow time to conduct computer simulations and to uncover and resolve problems with ASPs before full-scale deployment. DHS agreed to a phased deployment that should allow time to uncover ASP problems but disagreed with the other recommendations, which GAO believes remain valid. The results of DNDO's most recent round of field testing raise continuing issues. In July 2009, DNDO resumed the field testing of ASPs that it initiated in January 2009 but suspended because of serious performance problems. However, the July tests also revealed critical performance deficiencies. For example, the ASP had a high number of false positive alarms for the detection of certain nuclear materials. According to CBP, these false alarms are very disruptive in a port environment because any alarm for this type of nuclear material causes CBP to take enhanced security precautions. To address these false alarms, DNDO plans to modify the ASP to make these monitors less sensitive to these nuclear materials and thereby diminishing the ASPs' capability. As GAO reported earlier this year, previous testing results demonstrated that the ASPs represented a marginal improvement in detecting these materials. By reducing the sensitivity to nuclear materials even further, it is uncertain exactly what improvement in detecting these materials the ASPs are providing or whether DNDO might be able to achieve a similar level of performance as the modified ASPs by improving the current-generation portal monitors that are already in place. In addition, the July 2009 testing also identified a critical equipment failure, including an alert malfunction, which DNDO is taking steps to resolve for future testing. Tue, 17 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-230T?source=ra Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the federal government. In recent months, federal officials have cited the continued efforts of foreign nations and criminals to target government and private sector networks; terrorist groups have expressed a desire to use cyber attacks to target the United States; and press accounts have reported attacks on the Web sites of government agencies. The ever-increasing dependence of federal agencies on computerized systems to carry out essential, everyday operations can make them vulnerable to an array of cyber-based risks. Thus it is increasingly important for the federal government to have effective information security controls in place to safeguard its systems and the information they contain. GAO was asked to provide a statement describing (1) cyber threats to federal information systems and cyber-based critical infrastructures, (2) control deficiencies at federal agencies that make these systems and infrastructures vulnerable to cyber threats, and (3) opportunities that exist for improving federal cybersecurity. In preparing this statement, GAO relied on its previously published work in this area. Cyber-based threats to federal systems and critical infrastructure are evolving and growing. These threats can be unintentional or intentional, targeted or non-targeted, and can come from a variety of sources, including criminals, terrorists, and adversarial foreign nations, as well as hackers and disgruntled employees. These potential attackers have a variety of techniques at their disposal, which can vastly enhance the reach and impact of their actions. For example, cyber attackers do not need to be physically close to their targets, their attacks can easily cross state and national borders, and cyber attackers can more easily preserve their anonymity. Further, the growing interconnectivity between information systems, the Internet, and other infrastructure presents increasing opportunities for such attacks. In addition, reports of security incidents from federal agencies are on the rise, increasing by over 200 percent from fiscal year 2006 to fiscal year 2008. Compounding the growing number and kinds of threats, GAO--along with agencies and their inspectors general--has identified significant weaknesses in the security controls on federal information systems, resulting in pervasive vulnerabilities. These include deficiencies in the security of financial systems and information and vulnerabilities in other critical federal information systems. GAO has identified weaknesses in all major categories of information security controls at federal agencies. For example, in fiscal year 2008, weaknesses were reported in such controls at 23 of 24 major agencies. Specifically, agencies did not consistently authenticate users to prevent unauthorized access to systems; apply encryption to protect sensitive data; and log, audit, and monitor security-relevant events, among other actions. An underlying cause of these weaknesses is agencies' failure to fully or effectively implement information security programs, which entails assessing and managing risk, developing and implementing security policies and procedures, promoting security awareness and training, monitoring the adequacy of security controls, and implementing appropriate remedial actions. Multiple opportunities exist to enhance cybersecurity. In light of weaknesses in agencies' information security controls, GAO and inspectors general have made hundreds of recommendations to improve security, many of which agencies are implementing. In addition, the White House and the Office of Management and Budget, collaborating with other agencies, have launched several initiatives aimed at improving aspects of federal cybersecurity. The Department of Homeland Security, which plays a key role in coordinating cybersecurity activities, also needs to fulfill its responsibilities, such as developing capabilities for protecting cyber-reliant critical infrastructures and implementing lessons learned from a major cyber simulation exercise. Finally, a panel of experts convened by GAO made several recommendations for improving the nation's cybersecurity strategy. Realizing these opportunities for improvement can help ensure that the federal government's systems, information, and critical cyber-reliant infrastructure are effectively protected. Tue, 17 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-259T?source=ra The U.S. Department of the Interior's Bureau of Land Management (BLM), Fish and Wildlife Service, and National Park Service, and the U.S. Department of Agriculture's Forest Service manage about 628 million acres of public land, mostly in 11 western states and Alaska. Under the Federal Land Transaction Facilitation Act (FLTFA) of 2000, revenue raised from selling BLM lands is available to the agencies, primarily to acquire nonfederal land within the boundaries of land they already own--known as inholdings. These inholdings can create significant land management problems. To acquire land, the agencies can nominate parcels under state-level interagency agreements or the Secretaries can use their discretion to initiate acquisitions. FLTFA expires in July 2010. This testimony discusses GAO's 2008 report: Federal Land Management: Federal Land Transaction Facilitation Act Restrictions and Management Weaknesses Limit Future Sales and Acquisitions (GAO-08-196). Specifically, the testimony discusses (1) FLTFA revenue generated, (2) challenges to future sales, (3) FLTFA expenditures, (4) challenges to future acquisitions, and (5) agencies' implementation of GAO's recommendations. Among other things, GAO examined the act, agency guidance, and FLTFA sale and acquisition data, interviewed agency officials, and obtained some updated information. (1) BLM raised most FLTFA revenue from land sales in Nevada. As of August 2009, BLM reported raising a total of $113.4 million from sale of about 29,400 acres. Since FLTFA was enacted in 2000 through August 2009, about 78 percent of the revenue raised, or about $88 million, has come from land transactions in Nevada. (2) BLM faces challenges to future sales under FLTFA. In particular, BLM state and field officials most frequently cited the limited availability of knowledgeable realty staff to conduct sales. We identified two additional issues hampering land sales activity under FLTFA. First, while BLM had identified land for sale in its land use plans, it had not made these sales a priority during the first 7 years of the FLTFA program. Furthermore, BLM had not set goals for sales or developed a sales implementation strategy. Second, some of the additional land BLM had identified for sale since the act would not generate revenue for acquisitions because the act only allows the deposit of revenue from the sale of lands identified for disposal on or before the date of the act. (3) Agencies had purchased few parcels with FLTFA revenue. In 2008, we reported that between August 2007--7 years after FLTFA was enacted--and January 2008, the four land management agencies had spent $13.3 million of the $95.7 million in revenue raised under FLTFA: $10.1 million using the Secretaries' discretion to acquire nine parcels of land and $3.2 million for administrative expenses to prepare land for FLTFA sales. More recently, as of November 2009, BLM reported spending a total of $43.8 million to acquire 28 parcels, including $24.6 million for 12 parcels through the state-level interagency process. (4) Agencies face challenges to completing additional acquisitions. BLM state and field officials GAO interviewed most commonly cited the time, cost, and complexity of the land acquisition process as a challenge to completing land acquisitions. Furthermore, the act's requirement to spend the majority of funds in the state in which revenue was generated has had the effect of making little revenue available for acquisitions outside of Nevada. The agencies also had not established procedures to track the implementation of the act's requirement that at least 80 percent of FLTFA revenue raised in each state be used to acquire inholdings in that state or to track the extent to which BLM is complying with agreed-upon fund allocations among the four participating agencies. (5) BLM has taken steps to implement GAO's recommendations. Specifically, BLM established FLTFA sale goals for fiscal years 2009 and 2010 and established a sales incentive program providing seed funds to state and field offices to identify and pre-screen properties for possible sale under FLTFA. As of November 2009, six states have agreed to participate in the program. Tue, 17 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-86R?source=ra Over the past few decades, the cost of tuition, room, and board for undergraduate students has increased, making it more difficult for some students and families to afford the cost of college. While students have historically relied on federal loans and grants and family contributions to pay for college, a growing number have turned to private education loans to help them cover the cost. In 2007-08, private loan volume, including private sector and state sponsored loans, totaled $19 billion, up from $3 billion in 1997-98, according to the 2008 College Board report on student aid. Unlike federal loans, private education loans are not guaranteed by the federal government and are typically more costly for students than loans offered through federal programs. Despite their generally higher cost, about 26 percent of students who obtained private education loans in 2007-08 did not obtain Federal Stafford loans, and more than one-half of these students did not apply for Federal financial aid, according to the Institute for College Access and Success. In 2007-08, 14 percent of undergraduate students obtained private education loans, according to the Institute for College Access and Success, and the average private loan amount was $6,533. This letter discusses GAO's work under the mandated study in section 1122 of the Higher Education Opportunity Act of 2008 (HEOA) directs the Government Accountability Office (GAO) to assess the impact of private lenders' use of nonindividual factors--factors other than the borrower's own credit worthiness, such as the cohort default rate or graduation rate of the school the student attends-- in making loan decisions. To address the issues raised in the mandate, GAO framed its study around three key questions: (1) What are the key characteristics of private education loan borrowers and the types of schools they attend?; (2) How do lenders use nonindividual factors--including cohort default rate, graduation rate, and accreditation--in making lending decisions for private education loans?; and (3) What is the impact of using these factors on loan products and rates students pay and their access to loans, by gender, race, income, and institution type? Specifically, according to NPSAS, nearly one-third of the students at the highest cost institutions ($25,000 or more per year) took out private loans. In addition, while students attending proprietary schools accounted for approximately 10 percent of the undergraduate population, over 40 percent of them borrowed private loans. Moreover, a slightly higher percentage of dependent undergraduate students borrowed private education loans (15 percent) compared to independent students (13 percent), and a higher percentage of dependent students from middle and high income families (17 percent and 15 percent, respectively) borrowed private loans compared to dependent students from low income families (about 12 percent).9 In addition, a slightly higher proportion of female students borrowed private education loans (about 15 percent for females and 13 percent for males). While there were varying differences in the percentages of undergraduate students borrowing private education loans by race/ethnicity, Black or African American students were the highest percentage of borrowers. Students who attended certain types of schools were more likely to take out private loans; and in addition, there were small differences that were statistically significant for private loan borrowers with respect to dependent and independent students, family income, gender, and greater differences between some race and ethnicity groups. Private lenders may use nonindividual factors to select the institutions at which they will lend to students and to establish loan terms and conditions, including interest rates, according to lenders and industry experts. Lenders generally view longer programs of study, high graduation rate, and low cohort default rate as more favorable conditions when making lending decisions, according to experts and lenders we interviewed. Lenders, researchers, and industry experts confirmed that lenders have historically used nonindividual factors to help them make lending decisions, especially because students often lack sufficient credit history upon which to base decisions. The student loan lending landscape has changed significantly since the HEOA, which mandated GAO's study, was passed. Many of the lenders offering private loans have exited the market in response to limited access to capital resulting from the credit crisis, according to researchers, lenders, and experts we interviewed. In 2008-09, the private loan volume totaled about $12 billion, according to the 2009 College Board report on student aid. Lenders who have continued their private student loans programs reportedly tightened their lending practices, which have limited some students' access to these loans, according to some researchers we interviewed. Tue, 17 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-262T?source=ra U.S. trade preference programs promote economic development in poorer nations by providing duty-free export opportunities in the United States. The Generalized System of Preferences, Caribbean Basin Initiative, Andean Trade Preference Act, and African Growth and Opportunity Act unilaterally reduce U.S. tariffs for many products from over 130 countries. However, two of these programs expire partially or in full this year, and Congress is exploring options as it considers renewal. This testimony describes the growth in preference program imports, identifies policy trade-offs, and summarizes the Government Accountability Office (GAO) recommendations and options suggested by a panel of experts on the African Growth and Opportunity Act (AGOA). The testimony is based on studies issued in September 2007, March 2008, and August 2009. For those studies, GAO analyzed trade data, reviewed trade literature and program documents, interviewed U.S. officials, did fieldwork in nine countries, and convened a panel of experts. Total U.S. preference imports grew from $20 billion in 1992 to $110 billion in 2008, with most of this growth taking place since 2000. The increases from preference program countries primarily reflect the addition of new eligible products, increased petroleum imports from some African countries, and the rapid growth of exports from countries such as India, Thailand, and Brazil. Preference programs give rise to three critical policy trade-offs. First, opportunities for beneficiary countries to export products duty free must be balanced against U.S. industry interests. Some products of importance to developing countries, notably agriculture and apparel, are ineligible by statute as a result. Second, some developing countries, such as Bangladesh and Cambodia, are not included in U.S. regional preference programs; however, there is concern that they are already competitive in marketing apparel to the United States and that giving them greater duty-free access could harm the apparel industry in Africa and elsewhere. Third, Congress faces a trade-off between longer preference program renewals, which may encourage investment, and shorter renewals, which may provide leverage to encourage countries to act in accordance with U.S. interests such as trade liberalization. GAO reported in March 2008 that preference programs have proliferated and become increasingly complex, which has contributed to a lack of systematic review. Moreover, we found that there was little to no reporting on the impact of these programs. In addition, GAO solicited options from a panel of experts in June 2009 for improving the competitiveness of the textile and apparel sector in AGOA countries. Options they suggested included aligning trade capacity building with trade preference programs, modifying rules of origin to facilitate joint production among trade preference program beneficiaries and free trade partners, and creating non-punitive and voluntary incentives to encourage the use of inputs from the United States or its trade preference partners to stimulate investment in beneficiary countries. Tue, 17 Nov 2009 00:00:00 +0100 http://www.gao.gov/pdfs/GAO-10-65?source=ra In fiscal year 2008, the Department of Veterans Affairs (VA) identified three material internal control weaknesses over financial reporting--financial management system functionality, IT security controls, and financial management oversight. VA is developing a new financial system--FLITE--but full implementation is not expected until 2014. Therefore, the Subcommittee asked us to determine whether VA corrective action plans and oversight are appropriately focused on near-term actions to provide improved financial information. This report addresses (1) the nature of the internal control weaknesses identified in the VA fiscal year 2008 financial audit report and how long they have been outstanding, (2) whether VA had plans appropriately focused on near-term corrective actions, and (3) whether VA had appropriate oversight mechanisms in place to help assure that near-term corrective action plans are implemented on schedule. GAO reviewed corrective action plans for significant deficiencies underlying 2 of the 3 material weaknesses and performed additional analysis for two underlying significant deficiencies. VA's fiscal year 2008 material weaknesses in financial management system functionality and financial management oversight have been reported since fiscal years 2000 and 2005, respectively. These two material weaknesses are comprised of 16 underlying significant financial reporting control deficiencies. Although VA had eliminated some significant deficiencies in prior years, other deficiencies have emerged. As a result, continuing serious deficiencies in financial reporting leave VA at risk of processing errors and misstatements in its financial statements. Although VA had corrective action plans in place intended to result in near-term remediation of the 16 fiscal year 2008 significant control deficiencies, many of these plans did not contain the detail needed to provide VA officials with assurance that the plans could be effectively implemented on schedule. VA lacked documented policies and procedures needed to assure the consistent and comprehensive design of these corrective action plans, and 8 of 13 of VA's plans for correcting its financial reporting deficiencies lacked key information regarding milestones for action steps and validation activities.As of August 2009, VA had missed milestones in 5 of the 13 corrective action plans. For example, our analysis of plans for remediating deficiencies regarding the capitalization of property, plant, and equipment and inadequate benefit payment reconciliations showed that slipping milestones could jeopardize VA's timely completion of these plans, and consequently may impair VA's ability to obtain improved data reliability within the time frames originally envisioned. VA lacked documented policies and procedures for overseeing implementation of the corrective action plans, but recently took steps intended to better coordinate its oversight activities. Mon, 16 Nov 2009 00:00:00 +0100