This is the accessible text file for GAO report number GAO-07-310 entitled 'High-Risk Series: An Update' which was released on January 31, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: January 2007: High-Risk Series: An Update: GAO-07-310: GAO Highlights: Highlights of GAO-07-310, a report to Congress on GAO’s High-Risk Series Why GAO Did This Study: GAO’s audits and evaluations identify federal programs and operations that, in some cases, are high risk due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement. In recent years, GAO also has identified high-risk areas to focus on the need for broad-based transformations to address major economy, efficiency, or effectiveness challenges. Since 1990, GAO has periodically reported on government operations it has designated as high risk. In this 2007 update for the 110th Congress, GAO presents the status of high-risk areas identified in 2005 and new high-risk areas warranting attention by Congress and the executive branch. Lasting solutions to high-risk problems offer the potential to save billions of dollars, dramatically improve service to the public, strengthen confidence and trust in the performance and accountability of the U.S. government, and ensure the ability of government to deliver on its promises. What GAO Found: In its January 2005 update, GAO identified 25 high-risk areas and, in March 2006, added a 26th area. Since 2005, progress has been made in all areas, although the extent varies by area. Both the executive branch and Congress have shown a continuing commitment to addressing high-risk challenges and taken steps to help correct several of their root causes. High-risk areas were also among the suggested areas for oversight for the 110th Congress that GAO recently provided to congressional leadership. Sufficient progress has been made to remove the high-risk designation from two areas: U.S. Postal Service transformation efforts and long-term outlook and HUD single-family mortgage insurance and rental housing assistance programs. Other areas made significant progress, but not enough to be removed from the list this cycle. Continued attention from the executive branch and Congress is needed to make additional progress in other high-risk areas. This year, GAO is designating three new high-risk areas. The first new area—critical to the nation’s economic development—involves transportation financing and capacity. Revenues to support federal transportation trust funds are eroding at a time when investment is needed to expand capacity to address congestion caused by increasing passenger and freight travel. Given these problems, Congress and, for some issues, the Department of Transportation should reassess the federal role, revenue increase mechanisms, and funding allocations to better position the federal government to address financing and capacity challenges. The second area involves effective protection of technologies critical to U.S. national security. Technologies that underpin U.S. economic and military strength continue to be targets for theft, espionage, reverse engineering, and illegal export. Government programs established decades ago to protect critical technologies are ill-equipped to weigh competing U.S. interests as the security environment and technological innovation continue to evolve in the 21st century. Accordingly, we are designating the effective identification and protection of critical technologies as a governmentwide high-risk area that warrants a strategic re-examination of existing programs to identify needed changes and ensure the advancement of U.S. interests. The third area being designated as high risk involves federal oversight of food safety because of risks to the economy and to public health and safety. Agriculture, as the largest industry and employer in the United States, generates more than $1 trillion in economic activity annually. Any food contamination could undermine consumer confidence in the government’s ability to ensure the safety of the U.S. food supply, as well as cause severe economic consequences. The current fragmented federal system has caused inconsistent oversight, ineffective coordination, and inefficient use of resources. GAO has recommended that Congress consider a fundamental re-examination of the system and other improvements to help ensure the rapid detection of and response to any accidental or deliberate contamination of food before public health and safety is compromised. What GAO Recommends: This report contains GAO’s views on what remains to be done to bring about lasting solutions for each high-risk area. Perseverance by the executive branch in implementing GAO’s recommended solutions and continued oversight and action by Congress are both essential to achieving and sustaining progress. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-310. To view the full product, click on the link above. For more information, contact George H. Stalcup at (202) 512-9490 or stalcupg@gao.gov. [End of Section] GAO's 2007 High-Risk List: 2007 High-Risk Areas: Addressing Challenges in Broad-Based Transformations: * Strategic Human Capital Management[A]; * Managing Federal Real Property[A]; * Protecting the Federal Government's Information systems and the Nation's Critical Infrastructures; * Implementing and Transforming the Department of Homeland Security; * Establishing Appropriate and Effective Information-Sharing Mechanisms to Improve Homeland Security; * DOD Approach to Business Transformation[A]; - DOD Business Systems Modernization; - DOD Personnel Security Clearance Program; - DOD Support Infrastucture Management; - DOD Financial Management; - DOD Supply Chain Management; - DOD Weapons Systems Acquisition; * FAA Air Traffic Control Modernization; * Financing the Nation's Transportation System[A] (New); * Ensuring the effective Protection of Technologies Critical to U.S. National Security Interests[A] (New); * Transforming Federal Oversight of Food Safety[A] (New). Managing Federal Contracting More Effectively; * DOD Contract Management; * DOE Contract Management; * NASA Contract Management; * Management of Interagency Contracting. Assessing the Efficiency and Effectiveness of tax law Administration; * Enforcement of tax laws[A]; * IRS Business Systems Modernization. Modernizing and safeguarding Insurance and Benefit Programs; * Modernizing Federal Disability Programs[A]; * Pension Benefit Guaranty Corporation Single-Employer Pension Insurance Program; * Medicare Program[A]; * Medicaid Program[A]; * National Flood Insurance Program[A]. Source: GAO. [A] Legislation is likely to be necessary, as a supplement to actions by the executive branch, in order to effectively address this high-risk area. [End of table] Contents: Letter: Historical Perspective: High-Risk Designations Removed: U.S. Postal Service's Transformation Efforts and Long-Term Outlook: HUD's Single-Family Mortgage Insurance and Rental Housing Assistance Programs: New High-Risk Areas: Financing the Nation's Transportation System: Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests: Transforming Federal Oversight of Food Safety: Progress Being Made in Other High-Risk Areas: Highlights for Each High-Risk Area: Tables: Table 1: Changes to GAO's High-Risk List, 1990 to 2007: Table 2: Areas Removed from GAO's High-Risk List, 1990-2007: Table 3: Year That Areas on GAO's 2007 High-Risk List Were Designated as High Risk: Table 4: U.S. Government Programs for the Identification and Protection of Critical Technologies: Figure: Figure 1: Current Highway Trust Fund Year-End Balance Forecasts: United States Government Accountability Office: Washington, DC 20548: Comptroller General of the United States: January 2007: The President of the Senate: The Speaker of the House of Representatives: Since 1990, GAO has periodically reported on government programs and operations that it identifies as "high risk." This effort, which is supported by the Senate Committee on Homeland Security and Governmental Affairs and the House Committee on Oversight and Government Reform, has brought a much needed focus to a targeted list of major challenges that are impeding effective government and costing the government billions of dollars each year. To help improve these high-risk operations, GAO has made hundreds of recommendations. Moreover, GAO's focus on high- risk problems contributed to Congress enacting a series of governmentwide reforms to address critical human capital challenges, strengthen financial management, improve information technology practices, and instill a more effective, credible, and results-oriented government. GAO's high-risk status reports are provided at the start of each new Congress to help in setting congressional oversight agendas. These reports also help Congress and the executive branch carry out their responsibilities while improving the government's performance and enhancing its accountability for the benefit of the American people. In this regard, I recently provided congressional leadership with a set of recommendations based on GAO's work, including work on areas we have designated as high risk, for its consideration in developing the oversight agenda of the 110th Congress. Together, the high-risk update and the recommendations for oversight can help congressional decision makers focus on the key management challenges facing the nation. The nation also continues to face broader policy challenges associated with the current long-term fiscal imbalance and other key sustainability challenges, as well as the need to ensure the federal government is transparent, economical, efficient, effective, ethical, and equitable. Addressing these challenges will require Congress to make tough choices that fundamentally re-examine and transform the government to be more effective in the 21st century. The infrastructure to support these decisions is not fully in place, and focused attention by the legislative and executive branches is needed to make progress. In this regard, in the coming months, I plan to highlight the set of tools needed to support more strategic decision making related to these broader challenges facing our nation. These tools will center on expanding the governmentwide focus on results; improving transparency through better financial and performance management reporting; building structures and processes that facilitate more strategic, systemic, and integrated solutions; and transforming federal organizations, functions, and operations. This report summarizes progress made in correcting high-risk problems, actions under way, and further actions that GAO believes are needed. In addition, GAO has determined that sufficient progress has been made to remove the high-risk designation from two areas: the U.S. Postal Service's transformation efforts and long-term outlook, and the Department of Housing and Urban Development's single-family mortgage insurance and rental housing assistance programs. GAO has also designated three new areas as high risk: financing the nation's transportation system, ensuring the effective protection of technologies critical to U.S. national security interests, and transforming federal oversight of food safety. Furthermore, the Department of Defense (DOD) continues to dominate the high-risk list. Specifically, DOD has eight of its own high-risk areas and shares responsibility for seven governmentwide high-risk areas. In recent years, GAO's high-risk program has increasingly focused on those major programs and operations that need urgent attention and transformation in order to ensure that our national government functions in the most economical, efficient, and effective manner possible. Further, the administration has looked to GAO's program in shaping governmentwide initiatives such as the President's Management Agenda; and more recently, the administration undertook an effort to encourage agencies to develop corrective action plans for high-risk areas. As in prior GAO high-risk update reports, federal programs and operations are also emphasized when they are at high risk because of their greater vulnerabilities to fraud, waste, abuse, and mismanagement. In addition, some of these high-risk agencies, programs, or policies are in need of transformation, and several items will require action by both the executive branch and Congress. Our objective for the high-risk list is to bring visibility and urgency to these areas in order to prompt needed actions sooner rather than later. Copies of this update are being sent to the President, the congressional leadership, other Members of Congress, the Director of the Office of Management and Budget, and the heads of major departments and agencies. Signed by: David M. Walker: Comptroller General of the United States: Historical Perspective: In 1990, GAO began a program to report on government operations that we identified as "high risk." Since then, generally coinciding with the start of each new Congress, we have periodically reported on the status of progress to address high-risk areas and updated our high-risk list. Our most recent high-risk update was in January 2005.[Footnote 1] Overall, our high-risk program has served to identify and help resolve serious weaknesses in areas that involve substantial resources and provide critical services to the public. Since our program began, the government has taken high-risk problems seriously and has made long- needed progress toward correcting them. In some cases, progress has been sufficient for us to remove the high-risk designation. A summary of changes to our high-risk list over the past 17 years are shown in table 1. Areas removed from the high-risk list over that same period are shown in table 2. The areas on GAO's 2007 high-risk list, and the year each was designated as high risk, are shown in table 3. Table 1: Changes to GAO's High-Risk List, 1990 to 2007: Original high-risk list in 1990; Number of areas: 14. High-risk areas added since 1990; Number of areas: 33. High-risk areas removed since 1990; Number of areas: 18. High-risk areas consolidated since 1990; Number of areas: 2. High-risk list in 2007; Number of areas: 27. Source: GAO. [End of table] Table 2: Areas Removed from GAO's High-Risk List, 1990-2007: Area: Federal Transit Administration Grant Management; Year removed: 1995; Year designated high risk: 1990. Area: Pension Benefit Guaranty Corporation; Year removed: 1995; Year designated high risk: 1990. Area: Resolution Trust Corporation; Year removed: 1995; Year designated high risk: 1990. Area: State Department Management of Overseas Real Property; Year removed: 1995; Year designated high risk: 1990. Area: Bank Insurance Fund; Year removed: 1995; Year designated high risk: 1991. Area: Customs Service Financial Management; Year removed: 1999; Year designated high risk: 1991. Area: Farm Loan Programs; Year removed: 2001; Year designated high risk: 1990. Area: Superfund Program; Year removed: 2001; Year designated high risk: 1990. Area: National Weather Service Modernization; Year removed: 2001; Year designated high risk: 1995. Area: The 2000 Census; Year removed: 2001; Year designated high risk: 1997. Area: The Year 2000 Computing Challenge; Year removed: 2001; Year designated high risk: 1997. Area: Asset Forfeiture Programs; Year removed: 2003; Year designated high risk: 1990. Area: Supplemental Security Income; Year removed: 2003; Year designated high risk: 1997. Area: Student Financial Aid Programs; Year removed: 2005; Year designated high risk: 1990. Area: Federal Aviation Administration Financial Management; Year removed: 2005; Year designated high risk: 1999. Area: Forest Service Financial Management; Year removed: 2005; Year designated high risk: 1999. Area: HUD Single-Family Mortgage Insurance and Rental Housing Assistance Programs; Year removed: 2007; Year designated high risk: 1994. Area: U.S. Postal Service Transformation Efforts and Long-Term Outlook; Year removed: 2007; Year designated high risk: 2001. Source: GAO. [End of table] Table 3: Year That Areas on GAO's 2007 High-Risk List Were Designated as High Risk: Area: Medicare Program; Year designated high risk: 1990. Area: DOD Supply Chain Management; Year designated high risk: 1990. Area: DOD Weapon Systems Acquisition; Year designated high risk: 1990. Area: DOE Contract Management; Year designated high risk: 1990. Area: NASA Contract Management; Year designated high risk: 1990. Area: Enforcement of Tax Laws; Year designated high risk: 1990. Area: DOD Contract Management; Year designated high risk: 1992. Area: DOD Financial Management; Year designated high risk: 1995. Area: DOD Business Systems Modernization; Year designated high risk: 1995. Area: IRS Business Systems Modernization; Year designated high risk: 1995. Area: FAA Air Traffic Control Modernization; Year designated high risk: 1995. Area: Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures; Year designated high risk: 1997. Area: DOD Support Infrastructure Management; Year designated high risk: 1997. Area: Strategic Human Capital Management; Year designated high risk: 2001. Area: Medicaid Program; Year designated high risk: 2003. Area: Managing Federal Real Property; Year designated high risk: 2003. Area: Modernizing Federal Disability Programs; Year designated high risk: 2003. Area: Implementing and Transforming the Department of Homeland Security; Year designated high risk: 2003. Area: Pension Benefit Guaranty Corporation Single-Employer Pension Insurance Program; Year designated high risk: 2003. Area: Establishing Appropriate and Effective Information-Sharing Mechanisms to Improve Homeland Security; Year designated high risk: 2005. Area: DOD Approach to Business Transformation; Year designated high risk: 2005. Area: DOD Personnel Security Clearance Program; Year designated high risk: 2005. Area: Management of Interagency Contracting; Year designated high risk: 2005. Area: National Flood Insurance Program; Year designated high risk: 2006. Area: Financing the Nation's Transportation System; Year designated high risk: 2007. Area: Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests; Year designated high risk: 2007. Area: Transforming Federal Oversight of Food Safety; Year designated high risk: 2007. Source: GAO. [End of table] Over the years, 18 areas have been removed from the high-risk list. Eight of these were among the 14 programs and operations we determined to be high risk at the outset of our efforts to monitor such programs. These results demonstrate that the sustained attention and commitment by Congress and agencies to resolve serious, long-standing high-risk problems have paid off, as root causes of the government's exposure for more than half of our original high-risk list have been successfully addressed. Historically, high-risk areas have been so designated because of traditional vulnerabilities related to their greater susceptibility to fraud, waste, abuse, and mismanagement. As our high-risk program has evolved, we have increasingly used the high-risk designation to draw attention to areas associated with broad-based transformations needed to achieve greater economy, efficiency, effectiveness, accountability, and sustainability of selected key government programs and operations. Perseverance by the executive branch is needed in implementing our recommended solutions for addressing these high-risk areas. Continued congressional oversight and, in some cases, additional legislative action will also be key to achieving progress, particularly in addressing challenges in broad-based transformations. To determine which federal government programs and functions should be designated high risk, we use our guidance document, Determining Performance and Accountability Challenges and High Risks.[Footnote 2] In determining whether a government program or operation is high risk, we consider whether it involves national significance or a management function that is key to performance and accountability. We also consider whether the risk is: * an inherent problem, such as may arise when the nature of a program creates susceptibility to fraud, waste, and abuse, or: * a systemic problem, such as may arise when the programmatic; management support; or financial systems, policies, and procedures established by an agency to carry out a program are ineffective, creating a material weakness. Further, we consider qualitative factors, such as whether the risk: * involves public health or safety, service delivery, national security, national defense, economic growth, or privacy or citizens' rights, or: * could result in significantly impaired service; program failure; injury or loss of life; or significantly reduced economy, efficiency, or effectiveness. In addition, we also consider the exposure to loss in monetary or other quantitative terms. At a minimum, $1 billion must be at risk in areas such as the value of major assets being impaired; revenue sources not being realized; major agency assets being lost, stolen, damaged, wasted, or underutilized; improper payments; and contingencies or potential liabilities. Before making a high-risk designation, we also consider corrective measures planned or under way to resolve a material control weakness and the status and effectiveness of these actions. When legislative and agency actions, including those in response to our recommendations, result in significant and sustainable progress toward resolving a high-risk problem, we remove the high-risk designation. Key determinants here include a demonstrated strong commitment to and top leadership support for addressing problems, the capacity to do so, a corrective action plan, and demonstrated progress in implementing corrective measures. The next section discusses how we applied our criteria in determining what high-risk designations to remove and what to add for our 2007 update. [End of section] High-Risk Designations Removed: For our 2007 high-risk update, we determined that sufficient progress has been made to warrant removing two areas from the high-risk list: the U.S. Postal Service's transformation efforts and long-term outlook and the Department of Housing and Urban Development's (HUD) single- family mortgage insurance and rental housing assistance programs. As we have with areas previously removed from the high-risk list, we will continue to monitor these programs, as appropriate, to ensure that the improvements we have noted are sustained. U.S. Postal Service Transformation Efforts and Long-Term Outlook: In 2001, we designated the Postal Service's (Service) transformation efforts and long-term outlook as high risk because the Service's financial outlook had deteriorated significantly. The Service had a projected deficit of $2 billion to $3 billion, severe cash flow pressures, its debt was approaching the statutory borrowing limit; cost growth was outpacing revenue increases; and productivity gains were limited. Other challenges the Service faced included liabilities that exceeded assets by $3 billion at the end of fiscal year 2002; major liabilities and obligations estimated at close to $100 billion; a restructuring of the workforce due to impending retirements and operational changes; and long-standing labor-management relations problems. We were also concerned that the Service had no comprehensive plan to address its financial, operational, or human capital challenges, including how it planned to reduce its debt, and it did not have adequate financial reporting and transparency that would allow the public to understand changes in its financial situation. Thus, we recommended that the Service develop a comprehensive plan, in conjunction with other stakeholders, that would identify the actions needed to address its challenges and provide publicly available quarterly financial reports with sufficient information to understand the Service's current and projected financial condition. As the Service's financial difficulties continued in 2002, we concluded that the need for a comprehensive transformation of the Service was more urgent than ever. The Service's basic business model, which assumed that rising mail volume would cover rising costs and mitigate rate increases, was outmoded as mail volumes stagnated or deteriorated in an increasingly competitive environment. We called for Congress to act on comprehensive postal reform legislation. In our January 2003 high-risk report, we noted that the Service had made progress by issuing a Transformation Plan in April 2002 and was beginning to implement the plan. However, no consensus had been reached on the Service's future, and we continued to have concerns about its financial outlook. Subsequently, the Service gained some financial breathing room primarily because legislation enacted in April 2003 reduced the Service's payments for its pension obligations, which allowed the Service to achieve record net income, repay debt, and delay rate increases until January 2006. In addition, a presidential commission issued a report in July 2003 with a proposed future vision for the Service and recommendations to ensure the viability of postal services, and Congress considered proposed postal reform legislation. Since 2003, the Service has continued to make progress in addressing its financial and human capital challenges, it improved its financial reporting by instituting quarterly financial reports, and it updated its Transformation Plan in September 2005. At the end of fiscal year 2005, the Service had paid off its debt. In addition, as of the end of fiscal year 2006, it had achieved 7 consecutive years of productivity gains, positive net income for fiscal years 2003 through 2006, more than $5 billion in cost savings since 2001, and it reduced its complement by 95,000 since 2001. Also, in December 2006, the Service reached tentative compensation contract agreements, subject to ratification by union members, with three of its four major unions. Very importantly, significant progress was also made when Congress enacted comprehensive postal reform legislation in December 2006, which provides a framework for modernizing the Service's rate-setting processes and addresses the Service's long-term financial obligations by returning responsibility for employees' military pension benefits to the U.S. Treasury and establishing a mechanism for prefunding retiree health benefits. The Postal Service's management has demonstrated a commitment to implementing the Transformation Plan and addressing many of the financial and human capital challenges it faces. Also, the new postal reform legislation gives the Service additional pricing flexibility and allows it to retain earnings, which provide additional mechanisms to address continuing challenges related to the Service's increasingly competitive environment, given new and emerging technologies. These continuing challenges include (1) generating sufficient revenues as First-Class Mail volume declines and the changing mail mix provides less revenue contribution than First-Class Mail, (2) controlling costs as compensation and benefit costs rise, (3) continuing work-hour reductions while maintaining service, (4) optimizing its infrastructure and workforce to reduce costs and improve operational efficiency, and (5) providing reliable data to assess performance. Some of the Service's challenges relate to governmentwide challenges that remain on our high-risk list, such as strategic human capital management and managing federal real property. In the human capital area, the Service continues to faces challenges related to managing workforce changes due to retirements and network consolidations and implementing performance-based compensation systems. In the real property area, significant challenges remain related to how the Service is planning and implementing infrastructure realignment to reduce excess capacity as well as reflect changes in operations. Further challenges persist related to the Service's identification and disposal of excess property. We plan to closely monitor these challenges to ensure that they are addressed. We will also monitor the implementation of the postal reform legislation to determine how the results and impacts compare with legislative intentions. HUD Single-Family Mortgage Insurance and Rental Housing Assistance Programs: In 1994, we designated the U.S. Department of Housing and Urban Development (HUD) as high risk because of fundamental management and organizational problems that put billions of dollars in insured mortgages and housing and community development assistance at risk. In 2001, we narrowed the high-risk designation to HUD's single-family mortgage insurance and rental housing assistance programs because progress was made overall, but significant and persistent problems in these two program areas remained. Consistent with this designation, four of the five material weaknesses cited in the audit report on HUD's fiscal year 2001 financial statements related to these programs. Under these programs, HUD manages more than $400 billion in insured mortgages and annually spends about $30 billion to subsidize rents for lower- income households. To accomplish this, HUD relies on thousands of intermediaries, including lenders, appraisers, property management contractors, public housing agencies, and multifamily property owners. Historically, weaknesses in HUD's oversight of these entities have made the programs vulnerable to fraud, waste, and abuse. For example, in prior high-risk updates we noted that deficiencies in HUD's approval, monitoring, and enforcement efforts for lenders and appraisers increased the risk of insurance losses. In the rental assistance program area, we reported that problems with HUD's monitoring of public housing agencies and multifamily property owners contributed to billions of dollars in improper rent subsidy payments (i.e., payments that were too high or too low). In our January 2005 high-risk update, we reported that HUD had demonstrated commitment to and progress in addressing weaknesses in the two high-risk program areas but that some of HUD's corrective actions were in the early stages of implementation and additional steps were needed to resolve ongoing problems. For example, in the single-family mortgage insurance area, we reported that HUD had improved its oversight of lenders and appraisers and issued or proposed regulations to strengthen lender accountability and combat predatory lending practices. However, we also noted that HUD continued to grant loan underwriting authority to lenders that had not met the agency's performance standards, and that weaknesses in HUD's process for paying single-family property management contractors made the agency vulnerable to questionable and potentially fraudulent payments. In the rental housing assistance program area, we reported that HUD made progress in reducing improper rental assistance payments. However, we also noted that HUD had not fully implemented a critical part of its efforts to reduce improper rental assistance payments--the verification of tenant incomes using a Web-based data system--and it was uncertain whether the agency would be able to sustain the reductions it had already achieved. HUD had also made progress in ensuring that HUD- assisted housing met the agency's physical condition standards. Since 2005, HUD has continued to demonstrate a commitment to and capacity for resolving risks, develop corrective action plans, institute programs to monitor and evaluate the effectiveness of corrective measures, and demonstrate progress in implementing corrective measures. For example, HUD has continued to take actions to address long-standing problems in its single-family mortgage insurance programs, and has addressed more recently identified problems. More specifically: * In accordance with our recommendations, HUD has made progress in implementing its corrective action plan for improving oversight of lenders. Specifically, HUD has developed and implemented new and clearer guidance for granting lenders underwriting authority. HUD has hired a contractor to review the implementation of the new guidance and plans to conduct additional monitoring through periodic internal reviews. Additionally, in 2005, HUD modified its system for rating the underwriting quality of loans in a way intended to focus more on underwriting errors that are likely to affect HUD's insurance risk.[Footnote 3] * HUD made substantial progress in implementing its corrective action plan to address weaknesses we identified in its process for paying single-family property management contractors.[Footnote 4] For example, in response to our recommendations, HUD has developed a financial control manual that contains internal control procedures and policies, including strict documentation requirements, for HUD field staff to use in reviewing and approving payments. To ensure the effectiveness of these corrective measures, HUD retained an independent public accountant to periodically review the performance of the property managers and test HUD field offices for compliance with the internal control policies and procedures. * In September 2005, we reported that HUD consistently underestimated the subsidy costs for its single-family mortgage insurance program.[Footnote 5] To more reliably estimate program costs, we recommended that HUD study and report in the annual actuarial review of its insurance fund the impact of variables not in the agency's loan performance models that have been found in other studies to influence credit risk. Consistent with our recommendation, a HUD contractor incorporated variables for down-payment assistance and borrower credit history into the actuarial review. According to HUD, the contractor will continue to improve the forecasting ability of the models as necessary using research and development funds provided for in the contract. The audit report on HUD's fiscal year 2006 financial statements eliminated the agency's only two outstanding material weaknesses because of the improvements HUD made to its process for estimating subsidy costs. * In an April 2006 report, we cited factors limiting the effectiveness of HUD's mortgage scorecard (an automated tool that evaluates the default risk of borrowers).[Footnote 6] In response to our recommendations, HUD developed a policy and procedures manual that calls for annual (1) monitoring of the scorecard's ability to predict loan default, (2) testing of additional predictive variables to include in the scorecard, and (3) updating the scorecard with recent loan performance data. HUD has also taken actions to address the remaining problems in its rental housing assistance programs. For example: * HUD continued to reduce the amount of improper rent subsidies and exceeded goals set in The President's Management Agenda, Fiscal Year 2002. HUD's goal for fiscal year 2005 was to reduce improper rent subsidies by 50 percent, compared with fiscal year 2000, when HUD paid an estimated $2.2 billion in improper subsidies. HUD exceeded this goal by reducing estimated improper subsidies to $925 million in fiscal year 2005, a decline of 58 percent. Although the amount of improper subsidies is still sizable, because of this progress the audit report on HUD's fiscal year 2005 financial statements eliminated a long- standing material weakness related to oversight and monitoring of subsidy calculations. In accordance with the Improper Payments Information Act of 2002, HUD plans to continue monitoring the effectiveness of its corrective actions by making annual estimates of improper payments. * In 2006, HUD executed an important part of its plan for reducing improper rental assistance payments by implementing a Web-based system that provides public housing agencies with an efficient method for validating the incomes of families receiving assistance. This system, which HUD also plans to implement for multifamily property owners, utilizes a database containing wage, unemployment, and new hire information compiled by the Department of Health and Human Services. HUD expects that the system will avoid an estimated $6 billion in improper rent subsidies over 10 years. * In response to our recommendations, HUD made on-site reviews of public housing agencies' compliance with policies for determining rent subsidies a permanent part of its oversight activities.[Footnote 7] Beginning in fiscal year 2006, HUD committed resources to review 275 public housing agencies annually. HUD also developed and implemented a system designed to collect complete and consistent information from these reviews to help focus corrective actions where needed. * HUD has continued to monitor the physical condition of HUD-assisted housing, and its assessments indicate a substantial level of compliance with the agency's physical standards. HUD physical inspections showed that in fiscal years 2005 and 2006, about 94 percent of HUD-assisted properties had satisfactory inspection scores. In addition, HUD has made progress on human capital, acquisition management, and information technology issues that in previous years we cited as major management challenges contributing to HUD's high-risk designation. For example, consistent with our recommendations, in 2005 HUD finalized guidance for implementing a comprehensive strategic workforce plan that identifies the knowledge, skills, and abilities HUD needs and the actions that it plans to take to build its workforce for the future.[Footnote 8] HUD also developed a new succession management plan to help ensure that the large number of staff expected to retire over the next several years are replaced with qualified employees. In the acquisition management area, HUD responded to our recommendations by developing guidance emphasizing the use of contract administration plans and a risk-based approach for overseeing the work of contractors.[Footnote 9] Finally, HUD has made progress in its information technology by reducing the number of noncompliant financial management systems from 17 in 2003 to 2 in 2006. We are removing the high-risk designation from HUD's single-family mortgage insurance and rental housing assistance programs because of the agency's progress in addressing problems in these areas. However, it will be important for HUD to continue to place a high priority on efficient and effective management of these programs. Proposed program changes could introduce new risks and oversight challenges. More specifically, HUD has proposed changes to its single-family mortgage insurance program that would increase the size of the mortgages the agency could insure, give the agency flexibility to set insurance premiums based on the credit risk of borrowers, and reduce down-payment requirements from the current 3 percent to potentially zero. However, to implement this legislative proposal, HUD would have to manage new risks and accurately estimate the costs of program changes. The administration has also made legislative proposals to replace HUD's largest rental housing assistance program (the Housing Choice Voucher program) with a broader-purpose grant program. While such proposals could help control rental subsidy costs and increase administrative flexibility for public housing agencies, they also could complicate HUD's oversight efforts by eliminating the uniformity of the current program. [End of section] New High-Risk Areas: GAO's use of the high-risk designation to draw attention to the challenges associated with the economy, efficiency, and effectiveness of government programs and operations in need of broad-based transformation has led to important progress. We will also continue to identify high-risk areas based on the more traditional focus on fraud, waste, abuse, and mismanagement. Our focus will continue to be on identifying the root causes behind vulnerabilities, as well as actions needed on the part of the agencies involved and, if appropriate, Congress. For 2007, we have designated the following three new areas as high risk: financing the nation's transportation system, ensuring the effective protection of technologies critical to U.S. national security interests, and transforming federal oversight of food safety. Financing the Nation's Transportation System: The nation's economic vitality and its citizens' quality of life depend significantly on the efficiency of its transportation infrastructure. This efficiency is threatened by increasing congestion. For example, travel on roads is expected to increase by about 25 percent from 2000 to 2010, freight traffic is expected to increase by 43 percent from 1998 to 2010, and air traffic is expected to triple by 2025. As congestion increases, the federal government faces the challenge of providing funds to help maintain and expand the nation's transportation system and ensuring that these funds are used efficiently. However, revenues from traditional funding mechanisms may not keep pace with demand. Furthermore, the nation's long-term fiscal challenges limit the ability of decision makers to look to other revenue sources that are currently funding security and other vital needs, raising questions about the ability of federal programs to provide the robust growth that many transportation advocates believe is required to meet the nation's mobility needs. Compounding these funding constraints is the absence of a link between federal grant funding levels and specific performance- related goals and outcomes, resulting in little assurance that federal funding is being channeled to the nation's most critical mobility needs. In addition, federal funding is often tied to a single transportation mode, which may limit the use of federal funds to finance the greatest improvements in mobility. Revenues to support the Highway Trust Fund--the major source of federal highway and transit funding--are eroding. Receipts for the Highway Trust Fund, which are derived from motor fuel and truck-related taxes (on truck and trailer sales, truck tires, and heavy-vehicle use) are continuing to grow. However, the federal motor fuel tax rate of 18.4 cents per gallon has not been increased since 1993, and thus the purchasing power of fuel tax revenues has eroded with inflation. Furthermore, that erosion will continue with the introduction of more fuel-efficient vehicles and alternative-fueled vehicles in the coming years, raising the question of whether fuel taxes are a sustainable source for financing transportation. In addition, funding authorized in the recently enacted highway and transit program legislation is expected to outstrip the growth in trust fund receipts. As a result, the Department of the Treasury and the Congressional Budget Office are forecasting that the trust fund balance will steadily decline and reach a negative balance by the end of fiscal year 2011. (See fig. 1.) On a positive note, the 2005 reauthorization of the trust fund and its related programs established a commission--chaired by the Secretary of Transportation and which will report later this year--to recommend approaches for placing the trust fund on a sustainable path. Figure 1: Current Highway Trust Fund Year-End Balance Forecasts: [See PDF for image] Source: GAO analysis of data provided in the President's budget and by CBO. [End of figure] In the face of these constraints, state and local governments are pursuing alternative mechanisms that have the potential to meet mobility and financing needs and help decision makers carry out and grow their surface transportation programs. For example, many states are pursuing tolling projects that have the promise to raise revenues, improve capital investment decisions by better targeting spending for new capacity, and enhance private-sector investment in public infrastructure. Tolls that vary according to the level of congestion (called congestion or value pricing) can maintain a predetermined level of service, create incentives for drivers to avoid driving alone in congested conditions, and encourage drivers to use public transportation or travel at less congested times. One state, Oregon, is studying the technical feasibility of replacing its motor fuel tax with a per-mile user fee. Intercity passenger rail service is also at a critical juncture. The existing intercity passenger rail system is in poor financial condition, and the federal funds provided for it are not targeted to the greatest public benefits, such as transportation congestion relief. The current service provider (Amtrak) continues to rely heavily on federal subsidies--over $1 billion annually in recent years--and will require billions more to address deferred maintenance and achieve a "state of good repair."[Footnote 10] This current crisis is not unusual; Amtrak has struggled to become financially solvent since its inception. We have recommended that Congress consider restructuring the nation's intercity passenger rail system, which would entail establishing clear goals for the system, defining the roles of key stakeholders (including the federal government), and developing funding mechanisms that include cost sharing between the federal government and other beneficiaries. The freight railroad industry is projected to grow substantially with expected increases in freight traffic, but the industry's ability to fund this projected growth is largely uncertain. For private companies seeking to maximize returns for shareholders, railroad investment poses a substantial risk. But railroad investment is critical to freight mobility and economic growth, and investments in rail projects can produce public benefits, such as reducing highway congestion, strengthening intermodal connections and the efficiency of the publicly owned transportation system, and enhancing public safety and the environment. As a result, the federal and state governments have increasingly invested public funds in freight rail projects, such as the $100 million that Congress provided in 2005 for rail infrastructure improvements in the Chicago area. In the years ahead, Congress is likely to receive further requests for funding and face additional decisions about potential federal policy responses and the federal role in the nation's freight railroad infrastructure. In the highly constrained federal funding environment, such policy responses need to recognize that the freight transportation system functions in a competitive marketplace, calling for a mode-neutral approach. Currently, as we have reported, the trucking and barge industries have a competitive price advantage over railroads because trucks and barges use infrastructure that is owned and maintained by the government, whereas rail companies use infrastructure that they pay to own and maintain.[Footnote 11] In addition, decision makers will be challenged to make investment decisions that reflect public priorities and are designed to achieve demonstrable, wide-ranging public benefits that warrant the commitment of scarce federal funds. Federal aviation programs are also facing growing infrastructure demands and constrained resources. To meet the anticipated increases in commercial aviation travel, the Federal Aviation Administration (FAA) and aviation stakeholders are developing the "next-generation air transportation system" (NGATS) to modernize the nation's air traffic control (ATC) infrastructure and increase capacity. This effort is complex and costly: Under one scenario that includes a limited, preliminary cost estimate for NGATS, FAA's budget would, on average, exceed FAA's fiscal year 2006 appropriation level by about $1 billion a year (in today's dollars) through 2025. FAA and some stakeholders have raised doubts about the ability of the current funding system--the Aviation Trust Fund--to generate revenues to meet these budgetary needs equitably and efficiently over time. Specifically, FAA and some stakeholders are concerned that as FAA's workload (and, therefore, costs) rises, there will be no corresponding increase in its revenues because of the greater use of smaller aircraft and a decline in inflation-adjusted airfares. Trends in these data provide support for these concerns. While FAA has a history of cost control problems associated with ATC modernization, it has made a number of important management improvements. However, questions remain about FAA's ability to manage the transition to NGATS cost-effectively. However, failing to meet these infrastructure challenges in aviation may have significant consequences, since aviation is an integral part of the economy. FAA is expected to release its proposal to reform the current funding system within the next few months. Given the common challenges spanning the nation's transportation infrastructure, Congress and, for some issues, the Department of Transportation should reassess the following issues for all transportation modes to better position the federal government to address these challenges: 1. the appropriate federal role and strategy in funding, selecting, and evaluating transportation investments; 2. mechanisms to seek alternative sources of revenues and, where appropriate, to increase revenues for infrastructure improvements, including user fees and alternatives to stimulate private investment, while considering their impact on the federal budget; and: 3. funding allocation and monitoring methods to ensure the equity, efficiency, accountability, and performance of transportation investments. Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests: U.S. military strategy is premised on technological superiority on the battlefield. The Department of Defense spends billions of dollars each year for the development and production of high technology weaponry to maintain superiority. These weapons and militarily useful technologies are sold overseas by U.S. companies for economic reasons and by the U.S. government for foreign policy, security, and economic reasons. Yet, the technologies that underpin U.S. military and economic strength continue to be targets for theft, espionage, reverse engineering, and illegal export. At the same time, the programs the U.S. government has in place to protect critical technologies by weighing competing and sometimes conflicting national security, foreign policy, and economic interests have long been criticized by industry and allies for their inability to adapt to a changing world environment and their lack of efficiency. The U.S. government has a myriad of laws, regulations, policies, and processes intended to identify and protect critical technologies so they can be transferred to foreign parties in a manner consistent with U.S. interests. The government's technology protection programs include those that regulate U.S. defense-related exports and investigate proposed foreign acquisitions of U.S. national security-related companies. (See table 4.) Responsibility for administering or overseeing the different programs is divided among multiple federal agencies and several congressional committees. However, in the decades since these programs were put in place, significant forces have heightened the U.S. government's challenge of weighing security concerns with the desire to reap economic benefits. Most notably, in the aftermath of the September 2001 terrorist attacks, the threats facing the nation have been redefined. In addition, the economy has become increasingly globalized as countries open their markets and the pace of technological innovation has quickened worldwide. Government programs established decades ago to protect critical technologies are ill-equipped to weigh competing U.S. interests as these forces continue to evolve in the 21st century. Accordingly, we are designating the effective identification and protection of critical technologies as a governmentwide high-risk area, which warrants a strategic re- examination of existing programs to identify needed changes and ensure the advancement of U.S. interests. Table 4: U.S. Government Programs for the Identification and Protection of Critical Technologies: Program: Militarily Critical Technologies Program; Agencies: Defense; Program's purpose: Identify and assess technologies that are critical for retaining U.S. military dominance; Legal authority: Export Administration Act of 1979. Program: Dual-Use Export Control System; Agencies: Commerce (lead), State, Central Intelligence Agency, Defense, Energy, Homeland Security, and Justice; Program's purpose: Regulate export of dual-use items by U.S. companies after weighing economic, national security, and foreign policy interests; Legal authority: Export Administration Act of 1979. Program: Arms Export Control System; Agencies: State (lead), Defense, Homeland Security, and Justice; Program's purpose: Regulate export of arms by U.S. companies, giving primacy to national security and foreign policy concerns; Legal authority: Arms Export Control Act of 1976. Program: Foreign Military Sales Program; Agencies: State and Defense (leads), Homeland Security; Program's purpose: Provide foreign governments with U.S. defense articles and services to help promote interoperability while lowering the unit costs of weapon systems; Legal authority: Arms Export Control Act of 1976. Program: National Disclosure Policy Process; Agencies: State, Defense, and intelligence community; Program's purpose: Determine the releasibility of classified military information, including classified weapons and military technologies, to foreign governments; Legal authority: National Security Decision Memorandum 119 of 1971. Program: Committee on Foreign Investment in the United States (CFIUS); Agencies: Treasury (lead), Commerce, Defense, Homeland Security, Justice, State, and six offices from the Executive Office of the President; Program's purpose: Investigate the impact of foreign acquisitions on national security and to suspend or prohibit acquisitions that might threaten national security; Legal authority: Exon-Florio Amendment of 1988 to the Defense Production Act of 1950. Program: National Industrial Security Program; Agencies: Defense (lead), applicable to other departments and agencies; Program's purpose: Ensure that contractors (including those under foreign influence, control, or ownership) appropriately safeguard classified information in their possession; Legal authority: Executive Order No. 12829 of 1993. Program: Anti-Tamper Policy; Agencies: Defense; Program's purpose: Establish anti-tamper techniques on weapons systems when warranted as a method to protect critical technologies on these systems; Legal authority: Defense Policy Memorandum, 1999. Sources: GAO (analysis); cited legal authorities (data). [End of table] Over the years, we have identified weaknesses in the effectiveness and efficiency of government programs designed to protect critical technologies while advancing U.S. interests. While each program has its own set of challenges, we found that these weaknesses are largely attributable to poor coordination within complex interagency processes, inefficiencies in program operations, and a lack of systematic evaluations for assessing program effectiveness and identifying corrective actions. The impacts of these weaknesses are not always visible or immediate but, as we have reported, increase the risk of military gains by entities with interests contrary to those of the United States and of financial harm to U.S. companies. Others, including the Office of the National Counterintelligence Executive, congressional committees, and inspectors general, have also reported on vulnerabilities in these programs and the resulting harm--both actual and potential--to U.S. security and economic interests. Several of the programs designed to protect critical technologies are inherently complex. Multiple departments and agencies representing various interests, which at times can be competing and even divergent, participate in decisions about the control and protection of critical U.S. technologies. However, as exemplified below, poor coordination and fundamental disagreements among the departments have had unintended consequences for both national security and economic interests. * Commerce and State have yet to clearly determine which department controls the export of certain missile technology items, which increases the risk that these items will fall into the wrong hands or creates an unlevel playing field for U.S. companies.[Footnote 12] Since Commerce and State have different restrictions on these items, it is important that they define who controls the items. Otherwise, the exporter--not the government--is left to determine which restrictions apply and the type of governmental review. * The departments participating in the Committee on Foreign Investment in the United States (CFIUS) lack a coordinated approach for defining what constitutes a threat to national security and what warrants an investigation to ensure that the risk of foreign ownership is mitigated.[Footnote 13] This lack of agreement among the members, which limits CFIUS's analyses of proposed and completed foreign acquisitions, has been intensified by continued economic globalization and by increasingly diffuse threats. Some CFIUS members have argued that taking a more traditional and narrow view of what constitutes a national security threat can limit the protection of critical infrastructure or the preservation of technological superiority in the defense arena. Recently, member agencies indicated a need for changes to the process and some are currently under way. * Within Defense, the military services and programs have different interpretations of what constitutes military critical technologies, which can result in different conclusions about what technologies need protection through the application of anti-tamper techniques.[Footnote 14] Defense does not coordinate or oversee how the services and programs identify critical technologies needing anti-tamper protection. This creates the vulnerability of having the same technology protected on one weapon system but not on another, thereby exposing both systems to exploitation and compromise. While government officials responsible for administering the programs designed to protect critical technologies may appropriately take time to make decisions as they consider the multiple interests involved, inefficiencies in the various programs have created unnecessary delays in sharing critical technologies with allies. * Although State has implemented a series of initiatives primarily designed to expedite the processing of arms export licenses, we found that these initiatives have generally not been successful.[Footnote 15] Most notably, the department designated the processing of license applications in support of Operations Iraqi Freedom and Enduring Freedom its top priority and established an expedited process for reviewing those applications. However, only 19 percent of the applications submitted through the expedited process for these operations were processed within the goals set by the department.[Footnote 16] These included applications for protective body armor for U.S. and coalition forces and aircraft defensive systems. The departments charged with protecting critical technologies have not systematically evaluated their respective programs to determine whether they are fulfilling their missions in a changing environment and whether corrective actions are needed. * Given its lack of systematic evaluations, Commerce cannot readily identify weaknesses in the dual-use export control system or implement needed corrective measures that allow U.S. companies to compete in the global marketplace while minimizing the risk to other U.S. interests.[Footnote 17] As we and the Office of Management and Budget have reported, Commerce has not established performance measures that provide a basis for assessing the effectiveness of the dual-use export control system. Instead, Commerce relies on narrow measures related to the efficiencies of its processes and anecdotal indications to gauge how well the system is functioning. * After the September 2001 terrorist attacks, State did not make fundamental or significant changes to the arms export control system, its objectives, or implementing regulations.[Footnote 18] State officials maintained that such changes are not needed because they regard the system as effective in keeping U.S. defense items out of enemy hands while ensuring that allies can obtain needed arms. However, State's conclusions regarding the system appear without basis because State has not provided evidence that it systematically assessed the effectiveness of its controls or major initiatives that were intended to facilitate sales to allies. Further, our reports have documented weaknesses and challenges over the years that point to vulnerabilities in the arms export control system and its ability to protect U.S. interests. * Defense cannot provide assurances that its oversight of foreign owned or influenced contractors is sufficient to reduce the risk of foreign interests gaining unauthorized access to U.S. classified information.[Footnote 19] Specifically, Defense does not systematically collect information to know if contractors are reporting certain business transactions, which would enable Defense to know when a contractor has come under foreign influence and determine what protective measures may be needed to reduce the risk of information compromise. For example, one foreign-owned contractor appeared to have had access to U.S. classified information for at least 6 months before a protective measure was implemented. Moreover, Defense neither centrally collects information to determine the magnitude of contractors under foreign influence nor assesses the effectiveness of its oversight so it can identify weaknesses in its protective measures and make necessary adjustments. We have recommended numerous corrective actions to address these weaknesses and inefficiencies, but the departments involved have not implemented many of the recommendations that address the most fundamental problems affecting the protection of critical technologies and the advancement of U.S. interests. Legislation has been introduced to modify or reform aspects of the programs for protecting critical technologies. For example, legislation was introduced in the 109th Congress to reauthorize the Export Administration Act.[Footnote 20] Also, the House of Representatives passed legislation in 2005 to create an interagency strategic export control board charged with conducting a comprehensive evaluation of U.S. export controls and developing recommendations for consolidating export control functions. In addition, the House and Senate passed two different bills in the last Congress, and new legislation has recently been introduced in the House to reform CFIUS and its approach to evaluating proposed foreign acquisitions. However, to date, legislation has not been enacted to overhaul these programs and executive action has not resulted in fundamental changes to these programs. Implementation of our outstanding recommendations should be an interim step in improving the effectiveness and efficiency of existing government programs intended to identify and protect critical technologies. However, further actions are needed. The executive and legislative branches need to re-examine the current government programs to determine whether and how they can collectively achieve their mission and evaluate alternative approaches. The results of these efforts should provide the basis for establishing a comprehensive framework with clear responsibilities and accountability for identifying and protecting critical technologies as global forces continue to reshape U.S. national security and economic interests. Transforming Federal Oversight of Food Safety: This nation enjoys a plentiful and varied food supply that is generally considered to be safe. However, the patchwork nature of the federal oversight of food safety calls into question whether the government can plan more strategically to inspect food production processes, identify and react more quickly to any outbreaks of contaminated food, and focus on achieving results to promote the safety and integrity of the nation's food supply. This challenge is even more urgent since the terrorist attacks of September 11, 2001, heightened awareness of agriculture's vulnerabilities to terrorism, such as the deliberate contamination of food or the introduction of disease to livestock, poultry, and crops. Over several years, we have reported on issues that suggest that food safety could be designated as a high-risk area because of the need for transforming the federal oversight framework to reduce risks to public health as well as the economy. Either an accidental or deliberate contamination of food or the introduction of disease to livestock, poultry, and crops could undermine consumer confidence in the government's ability to ensure the safety of the U.S. food supply, as well as cause severe economic consequences. Each year, about 76 million people contract a food-borne illness in the United States; about 325,000 require hospitalization; and about 5,000 die, according to the Centers for Disease Control and Prevention. In addition, agriculture, as the largest industry and employer in the United States, generates more than $1 trillion in economic activity annually, or about 13 percent of the gross domestic product. The value of U.S. agricultural exports exceeded $68 billion in fiscal year 2006. An introduction of a highly infectious foreign animal disease, such as avian influenza or foot-and-mouth disease, would cause severe economic disruption, including substantial losses from halted exports. Similarly, food contamination, such as the recent E. coli outbreaks, can have a detrimental impact on local economies. For example, industry representatives estimate losses from the recent California spinach E. coli outbreak to range from $37 million to $74 million. A challenge for the 21st century is how several federal agencies can integrate the myriad food safety programs and strategically manage their portfolios to promote the safety and integrity of the nation's food supply.[Footnote 21] In numerous previous reports, we have described the fragmented federal food safety system in which 15 agencies collectively administer at least 30 laws related to food safety. The two primary agencies are the U.S. Department of Agriculture (USDA), which is responsible for the safety of meat, poultry, and processed egg products and the Food and Drug Administration (FDA), which is responsible for virtually all other foods. Among other agencies with responsibilities related to food safety, the National Marine Fisheries Service in the Department of Commerce conducts voluntary, fee-for-service inspections of seafood safety and quality; the Environmental Protection Agency (EPA) regulates the use of pesticides and maximum allowable residue levels on food commodities and animal feed; and the Department of Homeland Security (DHS) is responsible for coordinating agencies' food security activities. The food safety system is further complicated by the subtle differences in food products that dictate which agency regulates a product as well as the frequency with which inspections occur. For example, how a packaged ham-and-cheese sandwich is regulated depends on how the sandwich is presented. USDA inspects manufacturers of packaged open- face meat or poultry sandwiches (e.g., those with one slice of bread), but FDA inspects manufacturers of packaged closed-face meat or poultry sandwiches (e.g., those with two slices of bread). Although there are no differences in the risks posed by these products, USDA inspects wholesale manufacturers of open-face sandwiches sold in interstate commerce daily, while FDA inspects closed-face sandwiches an average of once every 5 years. This federal regulatory system for food safety evolved piecemeal, typically in response to particular health threats or economic crises. During the past 30 years, we have detailed problems with the fragmented federal food safety system and reported that the system has caused inconsistent oversight, ineffective coordination, and inefficient use of resources. Our most recent work demonstrates that these challenges persist. Specifically: * Existing statutes give agencies different regulatory and enforcement authorities. For example, food products under FDA's jurisdiction may be marketed without the agency's prior approval. On the other hand, food products under USDA's jurisdiction must generally be inspected and approved as meeting federal standards before being sold to the public. Under current law, USDA inspectors maintain continuous inspection at slaughter facilities and examine each slaughtered meat and poultry carcass. They also visit each processing facility at least once during each operating day. For foods under FDA's jurisdiction, however, federal law does not mandate the frequency of inspections.[Footnote 22] * We reported that federal agencies are spending resources on overlapping food safety activities.[Footnote 23] USDA and FDA both inspect shipments of imported food at 18 U.S. ports-of-entry. However, these two agencies do not share inspection resources at these ports. For example, USDA officials told us that all USDA-import inspectors are assigned to and located at USDA-approved import inspection facilities and some of these facilities handle and store FDA-regulated products. USDA has no jurisdiction over these FDA-regulated products. Although USDA maintains a daily presence at these facilities, the FDA-regulated products may remain at the facilities for some time awaiting FDA inspection. In fiscal year 2003, USDA spent almost $16 million on imported food inspections, and FDA spent more than $115 million. * Food recalls are voluntary and federal agencies responsible for food safety have no authority to compel companies to carry out recalls--with the exception of FDA's authority to require a recall for infant formula. USDA and FDA provide guidance to companies for carrying out voluntary recalls. We reported that USDA and FDA can do a better job in carrying out their food recall programs so they can quickly remove potentially unsafe food from the marketplace.[Footnote 24] These agencies do not know how promptly and completely companies are carrying out recalls, do not promptly verify that recalls have reached all segments of the distribution chain, and use procedures to alert consumers to a recall that may not be effective. * The terrorist attacks of September 11, 2001, have heightened concerns about agriculture's vulnerability to terrorism. The Homeland Security Act of 2002 assigned DHS the lead coordination responsibility for protecting the nation against terrorist attacks, including agroterrorism. Subsequent presidential directives further define agencies' specific roles in protecting agriculture and the food system against terrorist attacks. We reported that in carrying out these new responsibilities, agencies have taken steps to better manage the risks of agroterrorism, including developing national plans and adopting standard protocols.[Footnote 25] However, we also found several management problems that can reduce the effectiveness of the agencies' routine efforts to protect against agroterrorism. For example, there are weaknesses in the flow of critical information among key stakeholders and shortcomings in DHS's coordination of federal working groups and research efforts. * In response to the nation's pressing fiscal challenges, agencies may have to explore new approaches to achieve their missions. FDA is responsible for ensuring the safety of seafood. More than 80 percent of the seafood that Americans consume is imported. We reported in 2001 that FDA's seafood inspection program did not sufficiently protect consumers.[Footnote 26] For example, FDA tested about 1 percent of imported seafood products. We subsequently found that FDA's program has shown some improvement. More foreign firms are inspected, and inspections show that more U.S. seafood importers are complying with its requirements.[Footnote 27] Given FDA officials' concerns about limited inspection resources, we also identified options, such as using personnel in the National Oceanic and Atmospheric Administration's Seafood Inspection Program to augment FDA's inspection capacity or state regulatory laboratories for analyzing imported seafood. FDA agreed with these options. * We reported that in fiscal year 2003, four agencies--USDA, FDA, EPA, and the National Marine Fisheries Service--spent $1.7 billion on food safety-related activities.[Footnote 28] USDA and FDA together were responsible for nearly 90 percent of federal expenditures for food safety. However, these expenditures were not based on the volume of foods regulated by the agencies or consumed by the public. The majority of federal expenditures for food safety inspection were directed toward USDA's programs for ensuring the safety of meat, poultry, and egg products; however, USDA is responsible for regulating about 20 percent of the food supply. In contrast, FDA, which is responsible for regulating about 80 percent of the food supply, accounted for only about 24 percent of expenditures. Others have called for fundamental changes to the federal food safety system overall. In 1998, the National Academy of Sciences concluded that the system is not well equipped to meet emerging challenges.[Footnote 29] In response to the academy's report, the President established a Council on Food Safety which released a Food Safety Strategic Plan in January 2001. The plan recognized the need for a comprehensive food safety statute and concluded "the current organizational structure makes it more difficult to achieve future improvements in efficiency, efficacy, and allocation of resources based on risk." While many of the recommendations we made have been acted upon, a fundamental re-examination of the federal food safety system is warranted. Taken as a whole, our work indicates that Congress and the executive branch can and should create the environment needed to look across the activities of individual programs within specific agencies and toward the goals that the federal government is trying to achieve. To that end, we have recommended, among other things, that Congress enact comprehensive, uniform, and risk-based food safety legislation and commission the National Academy of Sciences or a blue ribbon panel to conduct a detailed analysis of alternative organizational food safety structures.[Footnote 30] We have also recommended that the executive branch reconvene the President's Council on Food Safety to facilitate interagency coordination on food safety regulation and programs. These actions can begin to address the fragmentation in the federal oversight of food safety. Going forward, to build a sustained focus on the safety and the integrity of the nation's food supply, Congress and the executive branch can integrate various expectations for food safety with congressional oversight and through agencies' strategic planning processes. The development of a governmentwide performance plan that is mission-based, has a results-orientation, and provides a cross-agency perspective offers a framework to help ensure agencies' goals are complementary and mutually reinforcing. Further, with pressing fiscal challenges, this plan can assist decision makers in balancing trade- offs and comparing performance when resource allocation and restructuring decisions are made. [End of section] Progress Being Made in Other High-Risk Areas: For other areas that remain on our 2007 high-risk list, there has been important but varying levels of progress, although not yet enough progress to remove these areas from the list. Top administration officials have expressed their commitment to ensuring that high-risk areas receive adequate attention and oversight. The Office of Management and Budget (OMB) has led an initiative to prompt agencies to develop detailed action plans for each area on our high-risk list. These plans are to identify specific goals and milestones that address and reduce the risks identified by us within each high-risk area. Further, OMB has encouraged agencies to consult with us regarding the problems our past work has identified, and the many recommendations for corrective actions we have made. While progress on developing and implementing plans has been mixed, such a concerted effort by agencies and ongoing attention by OMB are critical; our experience over the past 17 years has shown that perseverance is required to fully resolve high- risk areas. Congress, too, will continue to play an important role through its oversight and, where appropriate, through legislative action targeting both specific problems and the high-risk areas overall. Examples of progress in other programs or operations that were previously designated as high risk are discussed below and in the highlights pages that follow this section. * The Department of Health and Human Services and its Centers for Medicare & Medicaid Services (CMS) have made some progress to improve the fiscal integrity and oversight of the Medicaid program, which was designated high risk in 2003. For example, CMS has taken steps to improve its oversight of certain Medicaid financial management activities, including efforts to oversee states' financing methods. It also issued a comprehensive 5-year plan in July 2006 that outlined initial activities planned for implementing the Medicaid Integrity Program required by the Deficit Reduction Act of 2005. However, several oversight weaknesses previously identified by us have not yet been addressed. For example, CMS has not incorporated the use of key Medicaid data systems into its oversight of states' Medicaid claims, or clarified and communicated its policies in several high-risk areas, such as supplemental payment arrangements and administrative costs. The results of CMS's actions will need to be assessed to determine their effectiveness in improving the program's fiscal integrity, and more action is needed before the program's high-risk designation can be removed. * Regarding the Medicare program, the Centers for Medicare & Medicaid Services (CMS) has made some progress in the last 2 years in reforming and refining payment methods, enhancing program integrity, improving program management, and overseeing patient safety and care. For example, CMS is improving how it sets or updates rates for hospital services, durable medical equipment, and certain drugs and devices supplied in medical facilities. Medicare's most recent estimate of its national rate of improper payments was 4.4 percent--the lowest since measurement began in 1996. Nevertheless, Medicare's size, complexity, and vulnerability to mismanagement and improper payments suggest that its high-risk designation cannot be removed. For example, GAO found weaknesses in CMS's information security controls that could make sensitive, personally identifiable medical information vulnerable to unauthorized access. Similarly, call centers sponsored by the agency or private drug plans fell short in providing accurate and complete information to callers inquiring about the new prescription drug benefit. * The administration and real property-holding agencies have made progress toward strategically managing federal real property. In response to both an executive order aimed at improving real property management and the President's Management Agenda initiative on real property, agencies have, among other things, established asset management plans, standardized data reporting, and adopted performance measures. Also, the administration has created a Federal Real Property Council and plans to work with Congress to provide agencies with tools to better manage real property. These actions have addressed our prior concern that a strategic governmentwide focus on solving the problems was lacking, but the underlying conditions that led to the high-risk designation continue to exist. * Since the 2005 high-risk update, the Department of Homeland Security (DHS) has made progress in addressing major transformation, management, and program challenges, which prior GAO work has identified as key to successfully transforming 22 agencies into one department and effectively carrying out its homeland security and other missions. DHS has produced a strategic plan that contains most elements required by the Government Performance and Results Act and the under secretary of management is working to integrate some management functions. However, DHS has not linked its goals to resource requirements in its strategic plan and has not involved all stakeholders in its strategic planning process. Moreover, DHS lacks not only a comprehensive strategy with overall goals and a timeline but also a dedicated management integration team to support its management integration efforts. DHS and its components are developing corrective action plans to address material weaknesses identified by the financial statement auditor, but recent audits found its financial systems do not conform to federal requirements, and financial statements contain numerous material weaknesses. DHS is working to develop a departmentwide framework for managing information but has not implemented an effective process for informed decision making by senior leadership about competing technology investment options or a comprehensive information security program to protect its information and systems. DHS has taken some actions to integrate the legacy agency workforces that make up its components and has made progress in establishing human capital capabilities for the US-VISIT program, but DHS has not linked its new human capital system to its strategic plan. DHS has made progress in enhancing communication among its acquisition organizations through its strategic sourcing and small business programs, but some components remain exempted from the unified acquisition organization, and the chief procurement officer has insufficient staff for departmentwide oversight. In addition, DHS has continued to form necessary partnerships and has undertaken a number of efforts with private entities, but key partnering challenges continue as DHS seeks to leverage resources and more effectively carry out its homeland security responsibilities. In their program activities, DHS and the Transportation Security Administration (TSA) have taken numerous actions to strengthen commercial aviation security, and the Coast Guard has moved to control costs by offering incentives to contractors that attempt to foster competition for subcontracts. However, TSA faces the difficult task of assessing and allocating resources across all transportation modes based on risk, while adapting to changing threats within the commercial aviation industry. DHS agencies have made progress in activities to refine the screening of foreign visitors to the United States, target potentially dangerous cargo, and provide the personnel necessary to effectively fulfill border security and trade agency missions. However, trade and visitor screening systems have weaknesses that must be overcome to better ensure border and trade security. DHS has also enhanced the efficiency of certain immigration services, reducing the size of the backlog of immigration-benefit applications. However, DHS has not adopted a comprehensive risk management approach when it comes to the detection and investigation of immigration fraud. Finally, DHS has made revisions to the National Response Plan to clarify federal roles and responsibilities. In response to concerns raised by us and others, Congress clarified the roles and responsibilities of the Federal Emergency Management Agency (FEMA) in the DHS fiscal year 2007 appropriations act and designated the FEMA Administrator as the "Principal Advisor" to the President on emergency management. However, DHS has yet to develop necessary disaster capabilities and to create accountability systems that effectively balance the need for fast and flexible response against the need to prevent waste, fraud, and abuse. * During the past 2 years, the Internal Revenue Service (IRS) has made progress in its enforcement efforts. Notably, enforcement revenue rose from $43.1 billion in fiscal year 2004 to $48.7 billion in fiscal year 2006. Based on preliminary data, IRS increased the overall percentage of tax returns examined between fiscal year 2004 and fiscal year 2006 by about 30 percent. IRS completed research in 2005 on individual taxpayers' compliance and is currently using the results to better target operational audits. IRS also set a long-term goal to increase the compliance rate. Despite these promising developments, challenges remain. IRS's most recent estimate of the gross tax gap (the difference between the taxes that should have been paid voluntarily and on time and what was actually paid) was $345 billion for tax year 2001. Although IRS estimates that it would eventually collect $55 billion of this amount, a net tax gap of $290 billion would remain. Given the magnitude of the tax gap, even a relatively small percentage reduction in the gap would yield billions of dollars in additional revenue for the government. IRS needs periodic, if not annual, measurements of compliance to gauge the extent to which compliance is changing and to effectively target its service and enforcement efforts. Further, IRS lacks a data-based plan to improve compliance and reach its long-term goal. Real progress in reducing the tax gap will require efforts beyond enforcement. IRS will need to develop and execute multiple strategies over a sustained period including working with Treasury to develop new and innovative solutions to improve compliance. Statutory changes will be needed as well to meaningfully reduce the gap and we have presented options, such as additional withholding for selected parties and additional information reporting on the cost basis for securities sales, for Congress to consider. * We first added the Pension Benefit Guaranty Corporation's (PBGC) single-employer pension insurance program as a high-risk area in July 2003 because the program's financial health was threatened by structural weaknesses in pension funding rules, the program's premium structure, and the potential for large bankruptcies among sponsors with underfunded plans in weak industries. Since then, Congress passed major pension reform legislation that was signed into law. The reforms include revisions to the defined benefit pension funding rules, changes to the PBGC program's insurance premium structure, and other changes aimed at limiting the risk that underfunded plans might pose to PBGC. While some of these reforms represent progress, their ultimate impact on the single-employer program's deficit is unclear. Many of these reforms will be phased in gradually, postponing their potentially positive effect on plan funding, while other changes could have the effect of increasing PBGC's financial exposure. * The Federal Aviation Administration (FAA) has made significant progress in addressing air traffic control modernization program weaknesses since it was designated as high risk in 1995. For example, FAA has established a framework for improving its system management capabilities and addressed weakness on selected air traffic control systems; implemented key components of a cost accounting system and established a cost estimating methodology; and made progress in establishing an organizational culture that supports sound acquisitions. FAA has also developed an action plan with the Office of Management and Budget to continue to address these issues. Additionally, FAA has reported that it has exceeded its targets for delivering selected system acquisitions on cost and schedule for the past 3 years. However, FAA-improved system management capabilities have yet to be institutionalized, the cost estimating methodology has not yet been fully implemented, and major systems will be coming on line in the next few years. Moreover, FAA still faces many human capital challenges, including obtaining the technical and contract management expertise needed to define, implement, and integrate numerous complex programs and systems. With FAA expecting to spend about $9.4 billion between now and the end of fiscal year 2011 to upgrade and replace air traffic control systems, these actions are as critical as ever. * Since 2005, DOD has taken some positive steps toward addressing challenges related to the supply chain management high-risk area. For example, in collaboration with OMB, DOD developed a plan to address some of the systemic weaknesses in supply chain management. The plan encompasses 10 initiatives, such as war reserve materiel improvements and the expanded use of radio frequency identification, aimed at the three focus areas we have identified from our prior work: requirements forecasting, asset visibility, and materiel distribution. This plan provides a framework for addressing systemic weaknesses and focusing long-term efforts to improve supply support to the warfighter. DOD has made some progress implementing these initiatives, and DOD leadership has demonstrated a commitment to resolving supply chain management problems. However, successful resolution of these long-standing problems will take several years of continued efforts, and the department faces challenges and risks in successful implementation of proposed changes. For example, DOD's plan generally lacks outcome- focused performance metrics for many of its initiatives, making it difficult to track and demonstrate progress in improving the three focus areas. Further, DOD's ability to make coordinated, systemic improvements that cut across the multiple organizations involved in the materiel distribution system has been hindered by problems defining who has accountability and authority for making such improvements. [This page is intentionally left blank.] [End of section] Highlights for Each High-Risk Area: Overall, the government continues to take high-risk problems seriously and is making long-needed progress toward correcting them. Congress has also acted to address several individual high-risk areas through hearings and legislation. Continued perseverance in addressing high- risk areas will ultimately yield significant benefits. Lasting solutions to high-risk problems offer the potential to save billions of dollars, dramatically improve service to the American public, strengthen public confidence and trust in the performance and accountability of our national government, and ensure the ability of government to deliver on its promises. We have prepared highlights of each of the 27 high-risk areas on our updated list, showing (1) why the area is high risk, (2) the actions that have been taken and that are under way to address the problem since our last update report as well as the issues that are yet to be resolved, and (3) what remains to be done to address the risk. These highlights are presented on the following pages. Highlights: High-Risk Series: Strategic Human Capital Management: GAO Highlights: For additional information about this high-risk area, contact J. Christopher Mihm at (202) 512-6806 or mihmj@gao.gov. Why Area Is High Risk: GAO first added strategic human capital management as a governmentwide high-risk area in 2001 because federal agencies lacked a strategic approach to human capital management that integrates human capital efforts with agency mission and program goals. The area remains high risk because the federal government now faces one of the most significant transformations to the civil service in half a century, as momentum grows toward making governmentwide changes to agency pay, classification, and performance management systems. What GAO Found: Progress in addressing federal human capital challenges has been made since 2001, but significant opportunities remain to improve strategic human capital management to respond to current and emerging 21st century challenges. For example, the federal government has not transformed, in many cases, how it classifies, compensates, develops, and motivates its employees to achieve maximum results within available resources and existing authorities. A key challenge is determining how to update the government’s classification and compensation systems to be more market based and performance oriented. Although this shift must be part of a broader strategy of change management and performance improvement initiatives, progress was made when Congress and the administration modernized the senior executive performance-based pay system by requiring a clearer link between individual and organizational performance and pay. This shift to a performance-based pay system can help transform the culture of federal agencies, and the lessons learned from implementing this reform effort will be critical to modernizing the performance management and pay systems under which other federal employees will be compensated. Progress was also made when Congress recognized that agencies needed more effective human capital systems to succeed in their transformations. Congress gave the Departments of Homeland Security and Defense statutory authorities intended to help them manage their people more strategically. In this environment, however, where nearly 900,000 employees will work under systems now exempt from the rules of Title 5, the federal government is rapidly approaching the point where “standard governmentwide” human capital policies and process are neither standard nor governmentwide. Before implementing any future human capital reforms, agencies should demonstrate they have met certain conditions, including that they have developed an institutional infrastructure that can support reform. This infrastructure should include, among other things, (1) a modern, credible performance management system that provides clear linkage between institutional, unit, and individual performance-oriented outcomes; and (2) adequate safeguards to ensure the fair, effective, credible, and nondiscriminatory implementation of the system. As the government’s human capital leader, OPM has a key role in helping agencies build the needed infrastructure and is likely to certify agency readiness to implement reforms. OPM is taking steps to help agencies prepare for reform. For example, OPM’s Human Capital Assessment and Accountability Framework is designed to help agencies implement effective human capital management systems and improve their human capital management practices. Given OPM’s responsibility, it must ensure it has the capacity to assist agencies and to lead these important human capital transformations. This includes developing an internal workforce capacity with adequate skills and competencies, effective partnerships with the Chief Human Capital Officers Council, and an evaluation strategy to monitor progress. What Remains to Be Done: Moving forward, there is still a need for a governmentwide framework to advance human capital reform in order to avoid further fragmentation within the civil service, ensure management flexibility as appropriate, allow a reasonable degree of consistency, provide adequate safeguards, and maintain a level playing field among federal agencies competing for talent. Agencies must continue to assess their workforce needs and make use of available authorities. Congress should make pay and performance management reform the first step in any governmentwide reform effort, and the Office of Personnel Management (OPM) should evaluate and learn from its approach to implementing the performance-based pay system for senior executives and apply these lessons to future human capital reforms. Related GAO Products: Strategic Human Capital Management: Office of Personnel Management: Key Lessons Learned to Date for Strengthening Capacity to Lead and Implement Human Capital Reforms. GAO- 07-90. Washington, D.C.: January 19, 2007. Human Capital: Aligning Senior Executives' Performance with Organizational Results Is an Important Step Toward Governmentwide Transformation. GAO-06-1125T. Washington, D.C.: September 26, 2006. Office of Personnel Management: OPM Is Taking Steps to Strengthen Its Internal Capacity for Leading Human Capital Reform. GAO-06-861T. Washington, D.C.: June 27, 2006. Human Capital: Trends in Executive and Judicial Pay. GAO-06-708. Washington, D.C.: June 21, 2006. Human Capital: Agencies Are Using Buyouts and Early Outs with Increasing Frequency to Help Reshape Their Workforces. GAO-06-324. Washington, D.C.: March 31, 2006. Human Capital: Observations on Final Regulations for DOD's National Security Personnel System. GAO-06-227T. Washington, D.C.: November 17, 2005. Human Capital: Designing and Managing Market-Based and More Performance- Oriented Pay Systems. GAO-05-1048T. Washington, D.C.: September 27, 2005. Human Capital: DOD's National Security Personnel System Faces Implementation Challenges. GAO-05-730. Washington, D.C.: July 14, 2005. Human Capital: Agencies Need Leadership and the Supporting Infrastructure to Take Advantage of New Flexibilities. GAO-05-616T. Washington, D.C.: April 21, 2005. Human Capital: Observations on Final DHS Human Capital Regulations. GAO- 05-391T. Washington, D.C.: March 2, 2005. Also see [Hyperlink, http://www.gao.gov] for numerous speeches and presentations from the Comptroller General on human capital challenges in general and as they apply to specific agencies. [End of section] Highlights of High-Risk Series: Managing Federal Real Property: GAO Highlights: For additional information about this high-risk area, contact Mark Goldstein at (202) 512-2834 or goldsteinm@gao.gov. Why Area Is High Risk: In January 2003, GAO designated federal real property as a high-risk area because of long-standing problems with excess and underutilized property, deteriorating facilities, unreliable real property data, and reliance on costly leasing. Federal agencies were also facing many challenges in protecting their facilities against the threat of terrorism. Progress has been made, but the problems that led to the designation of federal real property as a high-risk area still exist. In addition, deep-rooted obstacles, including competing stakeholder interests and legal and budgetary limitations, could significantly hamper a governmentwide transformation. As a result, this area remains high risk. What GAO Found: The administration and real property-holding agencies have made progress toward strategically managing federal real property. In response to the President’s Management Agenda initiative and Executive Order 13327, issued in February 2004, agencies have, among other things, established asset management plans, standardized data reporting, and adopted performance measures. Also, the administration has created a Federal Real Property Council and plans to work with Congress to provide agencies with tools to better manage real property. These are positive steps, but the underlying conditions still exist. For example, the Departments of Energy (Energy) and Homeland Security (DHS) and the National Aeronautics and Space Administration (NASA) reported that over 10 percent of their facilities are excess or underutilized. In addition, Energy, NASA, the General Services Administration (GSA), and the Departments of the Interior (Interior), State (State), and Veterans Affairs (VA) reported repair and maintenance backlogs for buildings and structures that total over $16 billion. Also, Energy, Interior, GSA, State, and VA reported an increased reliance on leasing to meet space needs. While agencies have made progress in collecting real property data, data reliability is still a challenge at DOD and other agencies. Finally, agencies reported using risk-based approaches to prioritize security needs, which GAO has recommended, but cited obstacles such as a lack of resources for security enhancements. In past high-risk updates, GAO called for a transformation strategy to address the long-standing problems in this area. While the administration’s approach is generally consistent with what GAO envisioned, certain areas warrant further attention. Specifically, problems are exacerbated by deep-rooted obstacles that include competing stakeholder interests, legal and budgetary limitations, and the need for improved capital planning. For example, agencies cite local interests as barriers to disposing of excess property and agencies’ limited ability to pursue ownership leads them to lease property that would be more cost-effective to own over time. Figure: Examples of Excess Federal Facilities: [See PDF for Image] Source: VA and USPS. From left to right: former Main VA Hospital Building, Milwaukee; former Main Post Office, Chicago. [End of Figure] What Remains to be Done: After fully implementing the executive order on real property reform and related President’s Management Agenda initiatives, agencies will need to show significant progress toward eliminating the problems that led to this area’s designation as high risk, such as reducing inventories of facilities to a minimum and making headway in addressing the repair backlog. In addition, the Office of Management and Budget (OMB) and agencies, through the Federal Real Property Council, will need to focus on developing strategies to address deep-rooted obstacles to a successful transformation, such as competing stakeholder interests. Related Products: Managing Federal Real Property: DOD's Overseas Infrastructure Master Plans Continue to Evolve. GAO-06- 913R. Washington, D.C.: August 22, 2006. Embassy Construction: State Has Made Progress Constructing New Embassies, but Better Planning Is Needed for Operations and Maintenance Requirements. GAO-06-641. Washington, D.C.: June 30, 2006. Federal Real Property: Most Public Benefit Conveyances Used as Intended, but Opportunities Exist to Enhance Federal Oversight. GAO-06- 511. Washington, D.C.: June 21, 2006. Federal Courthouses: Rent Increases Due to New Space and Growing Energy and Security Costs Require Better Tracking and Management. GAO-06-613. Washington, D.C.: June 20, 2006. Homeland Security: Guidance and Standards Are Needed for Measuring the Effectiveness of Agencies' Facility Protection Efforts. GAO-06-612. Washington, D.C.: May 31, 2006. Federal Real Property: Excess and Underutilized Property Is an Ongoing Problem. GAO-06-248T. Washington, D.C.: February 6, 2006. Federal Real Property: Reliance on Costly Leasing to Meet New Space Needs Is an Ongoing Problem. GAO-06-136T. Washington, D.C.: October 6, 2005. VA Health Care: Key Challenges to Aligning Capital Assets and Enhancing Veterans' Care. GAO-05-429. Washington, D.C.: August 5, 2005. Military Bases: Analysis of DOD's 2005 Selection Process and Recommendations for Base Closures and Realignments. GAO-05-785. Washington, D.C.: July 1, 2005. Federal Real Property: Further Actions Needed to Address Long-standing and Complex Problems. GAO-05-848T. Washington, D.C.: June 22, 2005. Smithsonian Institution: Facilities Management Reorganization Is Progressing, but Funding Remains a Challenge. GAO-05-369. Washington, D.C.: April 25, 2005. U.S. Postal Service: The Service's Strategy for Realigning Its Mail Processing Infrastructure Lacks Clarity, Criteria, and Accountability. GAO-05-261. Washington, D.C.: April 8, 2005. [End of Section] Highlights of High-Risk Series: Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures: GAO Highlights: For additional information about this high-risk area, contact David Powner at (202) 512-9286 or pownerd@gao.gov, or Gregory C. Wilshusen at (202) 512-6244 or wilshuseng@gao.gov. Why Area is High Risk: Federal agencies and our nation’s critical infrastructures—such as power distribution, water supply, telecommunications, national defense, and emergency services— rely extensively on computerized information systems and electronic data to carry out their missions. The security of these systems and data is essential to preventing disruptions in critical operations, fraud, and inappropriate disclosure of sensitive information. Protecting federal computer systems and the systems that support critical infrastructures—referred to as cyber critical infrastructure protection, or cyber CIP—is a continuing concern. Federal information security has been on GAO’s list of high-risk areas since 1997; in 2003, GAO expanded this high-risk area to include cyber CIP. The continued risks to information systems include escalating and emerging threats such as phishing, spyware, and spam; the ease of obtaining and using hacking tools; the steady advance in the sophistication of attack technology; and the emergence of new and more destructive attacks. What GAO Found: With the enactment of the Federal Information Security Management Act of 2002 (FISMA), Congress continued its work to improve federal information security by permanently authorizing and strengthening key information security requirements. The administration has also made progress in a number of efforts, including issuing guidance to federal agencies on appropriate measures to protect sensitive information. In addition, the governmentwide percentage of information systems reported as completing formal technical evaluation and receiving management authorization to operate increased from 62 percent to 85 percent between 2003 and 2005. However, significant information security weaknesses at federal agencies continue to place a broad array of federal operations and assets at risk of fraud, misuse, and disruption. Although recent reporting by these agencies showed some improvements, GAO found that many still have not complied consistently with FISMA’s overall requirement to develop, document, and implement agencywide information security programs. For example, agencies are not consistently: * developing and maintaining current security plans, * creating and testing contingency plans, and: * evaluating and monitoring the effectiveness of security controls managed by contractors. Without consistent implementation of information security management programs, weaknesses in information security controls will persist. As the focal point for federal efforts to protect the nation’s critical infrastructures, the Department of Homeland Security (DHS) and its National Cyber Security Division have key cybersecurity responsibilities. These include developing a national plan for critical infrastructure protection, including cybersecurity; planning for and coordinating cyber incident response and recovery; and identifying and assessing cyber threats and vulnerabilities. DHS has taken steps to fulfill its responsibilities, including establishing the U.S. Computer Emergency Readiness Team, developing high-level plans for infrastructure protection and incident response, establishing public/private working groups to facilitate coordination among government and industry, and organizing exercises in which government and private industry can practice responding to cyber events. However, DHS has not yet completely fulfilled any of its key responsibilities. For example, DHS has not yet developed national cyber threat and vulnerability assessments or public/private recovery plans for cybersecurity. Progress has been impeded by several challenges, including the reluctance of many in the private sector to share information with DHS, and a lack of departmental organizational stability and leadership needed to gain the trust of other stakeholders in the cybersecurity world. Until DHS fulfills its cybersecurity responsibilities, our nation’s critical infrastructures will remain at risk. What Remains to Be Done: Additional federal efforts are needed to establish effective information security programs that are consistent with FISMA, including testing and evaluating the effectiveness of controls and resolving known weaknesses. Federal cyber CIP actions should include implementing plans to fulfill key cybersecurity responsibilities, such as improving analysis and warning capabilities and developing a public/private Internet recovery plan. Related Products: Protecting the Federal Government's Information Systems and the nation's Critical Infrastructures: Information Security: Federal Reserve Needs to Address Treasury Auction Systems. GAO-06-659. Washington, D.C.: August 30, 2006. Information Security: Leadership Needed to Address Weaknesses and Privacy Issues at Veterans Affairs. GAO-06-897T. Washington, D.C.: June 20, 2006. DHS Faces Challenges in Developing a Joint Public/Private Recovery Plan, GAO-06-672. Washington, D.C.: June 16, 2006. Information Security: Continued Progress Needed to Strengthen Controls at the Internal Revenue Service. GAO-06-328. Washington, D.C.: March 23, 2006. Information Sharing: The Federal Government Needs to Establish Policies and Processes for Sharing Terrorism-Related and Sensitive but Unclassified Information. GAO-06-385. Washington, D.C.: March 17, 2006. Information Security: Federal Agencies Show Mixed Progress in Implementing Statutory Requirements. GAO-06-527T. Washington, D.C.: March 16, 2006. Information Security: Department of Health and Human Services Needs to Fully Implement Its Program. GAO-06-267. Washington, D.C.: February 24, 2006. Information Security: Progress Made, but Federal Aviation Administration Needs to Improve Controls over Air Traffic Control Systems. GAO-05-712. Washington, D.C.: August 26, 2005. Critical Infrastructure Protection: Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities, GAO-05- 434. Washington, D.C.: May 26, 2005. Information Security: Federal Agencies Need to Improve Controls over Wireless Networks. GAO-05-383. Washington, D.C.: May 17, 2005. Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems. GAO-05-231. Washington, D.C.: May 13, 2005. Information Security: Improving Oversight of Access to Federal Systems and Data by Contractors Can Reduce Risk. GAO-05-362. Washington, D.C.: April 22, 2005. [End of Section] Highlights: High-Risk Series: Implementing and Transforming the Department of Homeland Security: GAO Highlights: For additional information about this high-risk area, contact Norm Rabkin at (202) 512-8777 or rabkinn@gao.gov. Why Area Is High Risk: GAO designated implementing and transforming the Department of Homeland Security (DHS) as high risk in 2003 because DHS had to transform 22 agencies—several with major management challenges—into one department, and failure to effectively address its management challenges and program risks could have serious consequences for our national security. The areas GAO identified as at risk include planning and priority setting; accountability and oversight; and a broad array of management, programmatic, and partnering challenges. What GAO Found: Although DHS has made progress transforming its 22 agencies into a fully functioning department, this transformation remains high risk. DHS has yet to implement a corrective action plan that includes a comprehensive transformation strategy and its management systems—especially related to financial, information, acquisition, and human capital management—are not yet integrated and wholly operational. DHS also faces challenges to effectively carry out its program activities and enhance partnerships with private and public sector entities to leverage resources. The array of management and programmatic challenges continues to limit DHS’s ability to carry out its roles under the National Homeland Security Strategy in an effective risk-based way. A DHS-wide transformation strategy should include a strategic plan that identifies specific budgetary, human capital, and other resources needed to achieve stated goals. The strategy also should involve key stakeholders to ensure resource investments target the highest priorities. GAO’s work has shown that several DHS programs have not developed outcome-based measures to assess performance. Further, DHS is limited in its ability to use risk management to guide resource use, as DHS has not performed comprehensive risk assessments in transportation, trade, critical infrastructure, or immigration and customs systems. Serious transformation challenges remain in DHS management systems. For example, DHS lacks a comprehensive management strategy with overall goals, timelines, and a team dedicated to support its integration efforts. Also, the latest independent audit of DHS’s financial statements revealed 10 material weaknesses and confirmed that DHS’s financial management systems still do not conform to federal requirements. Further, DHS has not institutionalized a strategic framework for information management to, among other things, guide technology investments; and DHS human capital and acquisition systems will require continued attention to help prevent waste and ensure that DHS can allocate its resources efficiently and effectively. Since GAO’s January 2005 high-risk update, DHS has taken actions to improve program activities in areas such as cargo, transportation, and border security; Coast Guard management; disaster preparedness; and immigration services. However, DHS continues to face programmatic and partnering challenges. To help ensure its missions are achieved, DHS must overcome continued challenges related to cargo, transportation, and border security; systematic visitor tracking; outdated Coast Guard asset capabilities; and balancing homeland security with other missions, such as disaster preparedness. DHS and the Federal Emergency Management Agency have made progress in forming partnerships to better prepare for and execute disaster response, but they need to continue to develop (1) clearly defined leadership roles and responsibilities, (2) necessary disaster response capabilities, and (3) accountability systems to provide effective services while protecting against waste, fraud, and abuse. What Remains to Be Done: GAO’s prior work on mergers and acquisitions, undertaken before the creation of DHS, concluded that successful transformations of large organizations, even those faced with less strenuous reorganizations than DHS, can take years to achieve. For DHS to successfully transform into a more effective organization, it needs to (1) develop a departmentwide transformation strategy that adopts risk management and strategic management principles and establishes key milestones and performance measures to focus its limited resources; (2) improve management systems, including financial systems, information management, human capital, and acquisitions; and (3) continue to identify and implement corrective actions to address programmatic and partnering challenges. GAO Products: Aviation Security: TSA Oversight of Checked Baggage Screening Procedures Could Be Strengthened. GAO-06-869. Washington, D.C.: July 28, 2006. Homeland Security: Challenges in Creating an Effective Acquisition Organization. GAO-06-1012T. Washington, D.C.: July 27, 2006. Homeland Security: Progress Continues, but Challenges Remain on Department's Management of Information Technology. GAO-06-598T. Washington, D.C.: March 29, 2006. Financial Management Systems: DHS Has an Opportunity to Incorporate Best Practices in Modernization Efforts. GAO-06-553T. Washington, D.C.: March 29, 2006. Emergency Preparedness and Response: Some Issues and Challenges Associated with Major Emergency Incidents. GAO-06-467T. Washington, D.C.: February 23, 2006. Risk Management: Further Refinements Needed to Assess Risks and Prioritize Protective Measures at Ports and Other Critical Infrastructure. GAO-06-91. Washington, D.C.: December 15, 2005. Department of Homeland Security: Strategic Management of Training Important for Successful Transformation. GAO-05-888. Washington, D.C.: September 23, 2005. Results-Oriented Government: Improvements to DHS's Planning Process Would Enhance Usefulness and Accountability. GAO-05-300. Washington, D.C.: March 31, 2005. Department of Homeland Security: A Comprehensive and Sustained Approach Needed to Achieve Management Integration. GAO-05-139. Washington, D.C.: March 16, 2005. DHS Products: Major Management Challenges Facing the Department of Homeland Security. DHS Office of the Inspector General. OIG-07-12. Washington, D.C.: December 2006. [End of section] Highlights: High-Risk Series: Establishing Appropriate and Effective Information-Sharing Mechanisms to Improve Homeland Security: GAO Highlights: For additional information about this high-risk area, contact Eileen Larence, at (202) 512-6510, larencee@gao.gov, or Dave Powner, (202) 512- 9286 or pownerd@gao.gov. Why Area Is High Risk: In January 2005, we designated information sharing for homeland security a high-risk area because the federal government still faces formidable challenges in analyzing and disseminating key information among federal, state, local, and private partners in a timely, accurate, and useful manner. Since 9/11, multiple federal agencies have been assigned key roles for improving the sharing of information critical to homeland protection to address a major vulnerability exposed by the attacks, and this important function has received increasing attention. However, the underlying conditions that led to the designation continue and more needs to be done to address these problems and the obstacles that hinder information sharing. As a result, this area remains high risk. What GAO Found: More than 5 years after 9/11, the federal government still lacks an implemented set of policies and processes for sharing terrorism information, but has issued a government-wide strategy on how it will put in place the overall framework, policies, and architecture for sharing with critical partners—actions that we and others have recommended. Agencies also have taken a number of independent steps to better share information, but they must be successfully integrated into this framework. Progress at the federal level to improve sharing includes creation of the National Counterterrorism Center to operate as a partnership of intelligence agencies so they can analyze and disseminate national intelligence data; creation of a national database of known and suspected terrorists for screening persons coming into and exiting the country; and formation of a working group to resolve agencies’ myriad requirements for restricting access to sensitive information. However, as we reported in March 2006, the federal government still has not implemented the governmentwide policies and processes that the 9/11 Commission recommended and that Congress mandated. For example, the Intelligence Reform and Terrorism Prevention Act of 2004 required that action be taken to facilitate the sharing of terrorism information by establishing an “information sharing environment (ISE),” yet this environment remains in the planning stage. A final plan for the environment, which was released on November 16, 2006, defines key tasks and milestones for developing the information sharing environment, including identifying barriers and ways to resolve them, as GAO recommended. Completing the information sharing environment is a complex task that will take multiple years and long-term administration and congressional support and oversight, and will pose cultural, operational, and technical challenges that will require a collaborated response. Federal agencies are also focusing on better sharing with states, localities, and the private sector—a critical step since they are our first line of defense against terrorists—but these efforts are not without challenges. The Federal Bureau of Investigation (FBI) has expanded its Joint Terrorism Task Forces that bring together personnel from all levels of government. The Department of Homeland Security (DHS) implemented an information network to share homeland security information. States and localities are creating their own information “fusion” centers, some with FBI and DHS support. And DHS has implemented a program to protect sensitive information the private sector provides on security at critical infrastructure assets, such as nuclear and chemical facilities. But, the DHS Inspector General found that users of the information network were confused and frustrated with the system and as a result do not regularly use it; and DHS has still not won all of the private sector’s trust that the agency can adequately protect and effectively use the information that sector provides. These challenges will require longer-term actions to resolve. What Remains to Be Done: GAO has made several recommendations agencies are beginning to address, including: * assessing progress made on the key steps and milestones implementing the ISE and removing barriers to implementation; * consolidating and consistently applying restrictions on sensitive information so they do not hinder sharing; and: * defining what information agencies need from the private sector for homeland security, how they will use it, and how they will protect it, as well as providing incentives and building trusted relationships to promote sharing with these critical security partners. Related Products: Establishing Appropriate and Effective Information- Sharing Mechanisms to Improve Homeland Security: Managing Sensitive Information: DOJ Needs a More Complete Staffing Strategy for Managing Classified Information and a Set of Internal Controls for Other Sensitive Information. GAO-07-83. Washington, D.C.: October 20, 2006. Critical Infrastructure Protection: Progress Coordinating Government and Private Sector Efforts Varies by Sectors' Characteristics. GAO-07- 39. Washington, D.C.: October 16, 2006. Terrorist Watch List Screening: Efforts to Help Reduce Adverse Effects on the Public. GAO-06-1031. Washington, D.C.: September 29, 2006. Critical Infrastructure Protection: DHS Leadership Needed to Enhance Cybersecurity. GAO-06-1087T. Washington, D.C.: September 13, 2006. Maritime Security: Information-Sharing Efforts Are Improving. GAO-06- 933T. Washington, D.C.: July 10, 2006. Managing Sensitive Information: Actions Needed to Ensure Recent Changes in DOE Oversight Do Not Weaken an Effective Classification System. GAO- 06-785. Washington, D.C.: June 30, 2006. Managing Sensitive Information: DOD Can More Effectively Reduce the Risk of Classification Errors. GAO-06-706. Washington, D.C.: June 30, 2006. Information Sharing: DHS Should Take Steps to Encourage More Widespread Use of Its Program to Protect and Share Critical Infrastructure Information. GAO-06-383. Washington, D.C.: April 17, 2006. Information Sharing: The Federal Government Needs to Establish Policies and Processes for Sharing Terrorism-Related and Sensitive but Unclassified Information. GAO-06-385. Washington, D.C.: March 17, 2006. [End of section] Highlights: High-Risk Series: Department of Defense Approach to Business Transformation: GAO Highlights: For additional information about this high-risk area, contact Sharon Pickup at (202) 512-9619 or pickups@gao.gov. Why Area Is High Risk: In 2005, GAO added the Department of Defense’s (DOD) approach to business transformation as a high-risk area because (1) DOD’s business improvement efforts and control over resources were fragmented, (2) DOD lacked an integrated and enterprisewide business transformation plan and investment strategy, and (3) DOD had not designated a senior management official at an appropriate level with the authority to be responsible and accountable for enterprisewide business transformation. To illustrate the magnitude of the risk DOD faces with its business transformation efforts, the department bears sole responsibility for eight defense-specific high-risk areas and shares responsibility for six other high-risk areas—all of which are related to business operations. What GAO Found: DOD spends billions of dollars to sustain key business operations intended to support the warfighter, including systems and processes related to the management of contracts, finances, the supply chain, support infrastructure, and weapons systems acquisition. GAO has reported on inefficiencies in DOD’s business operations, such as the lack of sustained leadership and a comprehensive, integrated, and enterprisewide business plan. Moreover, at a time of increasing military operations and growing fiscal constraints, billions of dollars have been wasted annually because of the lack of adequate transparency and appropriate accountability across DOD’s business areas. DOD’s top management has demonstrated a commitment to transforming the department’s business operations and has established a governance structure that consists of several elements. For example, in September 2006, DOD released an enterprise transition plan that is intended to be both a roadmap and management tool for modernizing its business processes and information technology assets. DOD also established the Defense Business Systems Management Committee (DBSMC), which is composed of senior-level DOD officials and is intended to serve as the primary transformation leadership and oversight mechanism, and the Business Transformation Agency (BTA) to support the DBSMC. BTA is to execute enterprise-level business transformation by, among other things, integrating departmental lines of business, following a corporate model. Finally, as required by Congress, DOD is studying the feasibility and advisability of establishing a Chief Management Officer (CMO) to oversee the department’s business transformation process. As part of this effort, the Defense Business Board, an advisory panel, examined various options and endorsed the CMO concept in May 2006. These steps are positive, but DOD still lacks some critical elements that are needed to ensure a successful and sustainable business transformation effort. While the enterprise transition plan and supporting governance structure are important steps toward developing a strategic plan and DOD-wide oversight, the primary focus has been on business systems modernization. Enterprise-level business transformation is much broader—encompassing planning, management, structure, and processes. DOD’s lack of a comprehensive, integrated, enterprisewide business transformation plan linked with performance goals, objectives, and rewards for all key business areas has been a continuing weakness. Such an integrated transformation plan would be instrumental in setting investment priorities and guiding key resource decisions. DOD also continues to lack the sustained leadership at the right level to achieve successful and lasting transformation. The DBSMC is led by political appointees whose terms expire when administrations change and does not provide long-term sustained leadership needed to successfully achieve business transformation. Because of the complexity and long-term nature of DOD’s business transformation efforts, a CMO with significant authority, experience, and tenure is needed to provide sustained leadership and momentum. What Remains to Be Done: DOD still needs to develop a clear, comprehensive, integrated, and enterprisewide business transformation plan that addresses all of DOD’s major business areas and includes specific goals, measures, and accountability mechanisms to measure progress. DOD also needs to establish sustained leadership that is responsible and accountable for overall business transformation efforts. One option to achieve this goal is to legislatively create a chief management officer to provide sustained leadership and have overall responsibility and accountability for business transformation. Related products: Department of Defense Approach to Business Transformation: Defense Business Transformation: A Comprehensive Plan, Integrated Efforts, and Sustained Leadership Are Needed to Ensure Success. GAO-07- 229T. Washington, D.C.: November 16, 2006. Defense Transformation: Accountability Challenges. GAO-06-1083CG. Washington, D.C.: August 22, 2006. Department of Defense: Sustained Leadership Is Critical to Effective Financial and Business Management Transformation. GAO-06-1006T. Washington, D.C.: August 3, 2006. Business Systems Modernization: DOD Continues to Improve Institutional Approach, but Further Steps Needed. GAO-06-658. Washington, D.C.: May 15, 2006. GAO High-Risk Program. GAO-06-497T. Washington, D.C.: March 15, 2006. Defense Management: Additional Actions Needed to Enhance DOD's Risk- Based Approach for Making Resource Decisions. GAO-06-13. Washington, D.C.: November 15, 2005. Defense Management: Foundational Steps Being Taken to Manage DOD Business Systems Modernization, but Much Remains to Be Accomplished to Effect True Business Transformation. GAO-06-234T. Washington, D.C.: November 9, 2005. 21st Century Challenges: Transforming Government to Meet Current and Emerging Challenges. GAO-05-830T. Washington, D.C.: July 13, 2005. DOD Business Transformation: Sustained Leadership Needed to Address Long-standing Financial and Business Management Problems. GAO-05-723T. Washington, D.C.: June 8, 2005. Defense Management: Key Elements Needed to Successfully Transform DOD Business Operations. GAO-05-629T. Washington, D.C.: April 28, 2005. Transformation Challenges. presentation to the Defense Business Transformation Forum. Queenstown, MD: April 17, 2005. Defense Management: Successful Business Transformation Requires Sound Strategic Planning and Sustained Leadership. GAO-05-520T. Washington, D.C.: April 13, 2005. [End of section] Highlights: High-Risk Series: Department of Defense Business Systems Modernization: GAO Highlights: For additional information about this high-risk area, contact Randolph C. Hite at (202) 512-3439 or hiter@gao.gov. Why Area Is High Risk: The Department of Defense (DOD) is spending billions of dollars to modernize its business systems as part of its overall business transformation efforts. While DOD has made important progress on key aspects of its business systems modernization efforts, challenges remain. As a result, DOD as a whole is not yet where it needs to be to effectively and efficiently manage an undertaking with the size, complexity, and significance of its departmentwide business systems modernization. GAO first designated this program as high risk in 1995; it remains so today. What GAO Found: DOD, one of the largest and most complex organizations in the world, reportedly relies on over 3,100 business systems to support its business functions. For years, DOD has attempted to modernize these systems, and GAO has provided numerous recommendations to help it do so. For example, in 2001, GAO provided the department with a set of recommendations to help in developing and using an enterprise architecture (modernization blueprint) and establishing effective investment management controls to guide and constrain how the billions of dollars each year are spent on business systems. GAO also made numerous project-specific and DOD-wide recommendations aimed at ensuring that the department follows proven best practices when it acquires information technology (IT) systems and services. To its credit, DOD has made important progress in defining and beginning to implement institutional management controls. For example, the department has developed a revision of its business enterprise architecture that addresses important elements related to legislative provisions and best practices that we previously identified as missing. In addition, it has defined and begun implementing investment controls to guide and constrain its departmentwide systems modernization. However, the business enterprise architecture (and its supporting component architectures) does not yet include all of the elements needed to provide a sufficient frame of reference to optimally guide and constrain DOD-wide system investment decision making. In addition, the scope and intent of the department’s business systems transition plan do not address DOD’s complete portfolio of IT investments. Further, the business system investment process is not fully evolved and institutionalized at all levels of the organization. Beyond this, the more formidable challenge to addressing this high-risk area is ensuring that the thousands of DOD business system programs and projects and IT services employ acquisition management rigor and discipline. Specifically, our work has continued to show program- specific management weaknesses, including not economically justifying investments on the basis of reliable estimates of future costs and benefits; not pursuing investments within the context of an enterprise architecture; and not adequately conducting key acquisition functions, such as requirements management, risk management, test management, performance management, and contract management. Until DOD fully defines and consistently implements the full range of business systems modernization management controls (institutional and program specific), it will be not be able to adequately ensure that its IT system and service investments are the right solutions for addressing its business needs, that they are being managed to produce expected capabilities efficiently and cost effectively, and that business stakeholders are satisfied. What Remains to Be Done: Key aspects of the business systems modernization efforts still need to be fully addressed. At the institutional level, the supporting component architectures need to be developed and aligned with the corporate architecture to complete the federated business enterprise architecture, the enterprise transition plan needs to be expanded to include the department’s complete investment portfolios, and the investment process needs to evolve and be institutionalized at all levels of the organization. Furthermore, DOD needs to ensure that its business system programs and projects are managed with integrated institutional controls and that they consistently deliver promised benefits and capabilities on time and within budget. Related Products: Department of Defense Business Systems Modernization: Department of Defense: Sustained Leadership Is Critical to Effective Financial and Business Management Transformation. GAO-06-1006T. Washington, D.C.: August 3, 2006. Business Systems Modernization: DOD Continues to Improve Institutional Approach, but Further Steps Needed. GAO-06-658. Washington, D.C.: May 15, 2006. DOD Business Transformation: Defense Travel System Continues to Face Implementation Challenges. GAO-06-18. Washington, D.C.: January 18, 2006. DOD Systems Modernization: Uncertain Joint Use and Marginal Expected Value of Military Asset Deployment System Warrant Reassessment of Planned Investment. GAO-06-171. Washington, D.C.: December 15, 2005. DOD Systems Modernization: Planned Investment in the Naval Tactical Command Support System Needs to Be Reassessed. GAO-06-215. Washington, D.C.: December 5, 2005. DOD Business Systems Modernization: Important Progress Made in Establishing Foundational Architecture Products and Investment Management Practices, but Much Work Remains. GAO-06-219. Washington, D.C.: November 23, 2005. Defense Management: Foundational Steps Being Taken to Manage DOD Business Systems Modernization, but Much Remains to Be Accomplished to Effect True Business Transformation. GAO-06-234T. Washington, D.C.: November 9, 2005. DOD Business Systems Modernization: Long-standing Weaknesses in Enterprise Architecture Development Need to Be Addressed. GAO-05-702. Washington, D.C.: July 22, 2005. Army Depot Maintenance: Ineffective Oversight of Depot Maintenance Operations and System Implementation Efforts. GAO-05-441. Washington, D.C.: June 30, 2005. DOD Business Transformation: Sustained Leadership Needed to Address Long-standing Financial and Business Management Problems. GAO-05-723T. Washington, D.C.: June 8, 2005. DOD Systems Modernization: Management of Integrated Military Human Capital Program Needs Additional Improvements. GAO-05-189. Washington, D.C.: February 11, 2005. [End of section] Highlights: High-Risk Series: Department of Defense Personnel Security Clearance Program: GAO Highlights: For additional information about this high-risk area, contact Derek B. Stewart at (202) 512-5559 or stewartd@gao.gov. Why Area Is High Risk: The Department of Defense (DOD) is responsible for about 2.5 million security clearances issued to servicemembers, DOD civilians, and industry personnel who work on contracts for DOD and 23 other federal agencies. The clearances give workers access to information, the unauthorized disclosure of which could, in some cases, cause exceptionally grave damage. Long-standing delays in determining clearance eligibility and other challenges led GAO to designate DOD’s personnel security clearance program as a high-risk area in January 2005. DOD transferred its security clearance investigations functions to the Office of Personnel Management (OPM) in February 2005 and now obtains almost all of its clearance investigations from OPM, which conducts about 90 percent of all federal clearance investigations. Executive Order 13381 assigned the Office of Management and Budget (OMB) responsibility for effective implementation of policy relating to determinations of eligibility for access to classified information. What GAO Found: Problems continue with DOD’s clearance program even though OMB, OPM, and DOD took positive steps to monitor some GAO-identified concerns. For example, their November 2005 plan outlined many timeliness measures, but included only two measures of quality, both of which were deficient. DOD’s consistently inaccurate projections of clearance requests have impeded workload planning and funding. Although OMB set a government goal of projected cases and actual requests being within 5 percent of one another, OPM reported that DOD exceeded its projected number by 59 percent for the first half of fiscal year 2006. In addition, GAO reviewed 50 OPM-produced investigative reports and found documentation missing from 47. Despite the missing information, which in most cases pertained to residences, employment, and education, DOD adjudicators granted clearance eligibility but did not request missing investigative information or fully document unresolved issues in 27 of the 50 reviewed reports. Incomplete investigative or adjudicative reports could undermine OMB’s efforts to achieve clearance reciprocity (an agency accepting a clearance awarded by another agency). OPM has reported that it is using new personnel and procedures to improve the quality of its investigative reports. Furthermore, clearances continue to take longer than the time prescribed in government goals. This occurred in the application- submission, investigation, and adjudication (determining clearance eligibility) phases of the clearance process, despite positive steps that include additional congressional and OMB oversight, DOD’s growing use of OPM’s electronic application-submission system, and OPM obtaining more investigators. For example, GAO found that the application-submission phase averaged 111 days for industry personnel seeking initial top secret clearances, but the government goal is 14 days. Multiple reviews of applications and manually entering data from paper forms are two reasons for the delays. OPM stated that paper submissions take on average 14 days longer than electronic submissions. For August 2006, OPM reported that 54 percent of DOD applications were submitted using OPM’s electronic submission system. In the investigation phase, GAO found that it took an average of 286 days for initial clearances—compared with the goal of 180 days—and 419 days for clearance updates for the 2,259 industry personnel who were granted clearance eligibility in January and February 2006. Although OPM increased its workforce, it faces many impediments to improving investigation timeliness, including the backlog of requests for investigations and difficulty obtaining national, state, and local records. The average time for adjudication was 39 days for industry personnel, compared with a mandate that starts in December 2006 requiring that 80 percent of adjudications be completed in 30 days. DOD adjudicators have, however, noted that current procedures to measure adjudication timeliness include 2-3 weeks for OPM to print and ship its investigative reports, rather than delivering them electronically. Delays in determining initial clearance eligibility can increase the cost of performing classified work, and delays in updating clearances may increase the risk of national security breaches. What Remains to Be Done: To improve its security clearance program, DOD needs to take actions that include (1) improving the accuracy of its projected need for clearances, (2) working with OMB and OPM to fully measure and report all of the time required to determine clearance eligibility, (3) partnering with OPM to improve the timeliness and completeness of clearance-application submissions and investigative reports, and (4) implementing procedures to eliminate documentation problems. Related products: Department of Defense Personnel Security Clearance Program: DOD Personnel Clearances: Additional OMB Actions Are Needed to Improve the Security Clearance Process. GAO-06-1070. Washington, D.C.: September 28, 2006. DOD Personnel Clearances: Questions and Answers for the Record Following the Second in a Series of Hearings on Fixing the Security Clearance Process. GAO-06-693R. Washington, D.C.: June 14, 2006. DOD Personnel Clearances: New Concerns Slow Processing of Clearances for Industry Personnel. GAO-06-748T. Washington, D.C.: May 17, 2006. DOD Personnel Clearances: Funding Challenges and Other Impediments Slow Clearances for Industry Personnel. GAO-06-747T. Washington, D.C.: May 17, 2006. Questions for the Record Related to DOD's Personnel Security Clearance Program and the Government Plan for Improving the Clearance Process. GAO-06-323R. Washington, D.C.: January 17, 2006. DOD Personnel Clearances: Government Plan Addresses Some Long-standing Problems with DOD's Program, But Concerns Remain. GAO-06-233T. Washington, D.C.: November 9, 2005. Questions for the Record Related to DOD's Personnel Security Clearance Program. GAO-05-988R. Washington, D.C.: August 19, 2005. DOD Personnel Clearances: Some Progress Has Been Made but Hurdles Remain to Overcome the Challenges That Led to GAO's High-Risk Designation. GAO-05-842T. Washington, D.C.: June 28, 2005. [End of section] Highlights: High-Risk Series: Department of Defense Support Infrastructure Management: GAO Highlights: For additional information about this high-risk area, contact Henry L. Hinton at (202) 512-4300 or hintonh@gao.gov. Why Area Is High Risk: In 1997, GAO identified the Department of Defense’s (DOD) management of its support infrastructure as a high-risk area because infrastructure costs impacted the department’s ability to devote funds to other more critical programs and needs. GAO has frequently reported in recent years on the long-term challenges DOD faces in managing its portfolio of facilities, halting the degradation of facilities, and reducing unneeded infrastructure to free up funds to better maintain enduring facilities and meet other needs. Because of these long-standing issues, DOD’s management of support infrastructure remains a high-risk area. What GAO Found: While DOD has made progress and expects to continue to improve its support infrastructure, it faces long-term challenges. Following the end of the Cold War, DOD reduced the size of its military force, and efforts have been made to reduce its infrastructure through five domestic base realignment and closure rounds, consolidation of overseas bases, and demolition of excess facilities. DOD is also updating its installations strategic plan to better address infrastructure issues, revising its readiness reporting to better gauge facility conditions, establishing real property inventory data requirements to better support the needs of asset management, and continuing to modify its suite of analytical tools to better forecast funding requirements. DOD has also achieved efficiencies and quality-of-life improvements through the privatization of military family housing and through the renovation and new construction of barracks for single service members. Opportunities remain to further reduce DOD’s infrastructure; additionally, the department continues to face significant challenges in funding its base operations and the sustainment, restoration, and modernization of its facilities as well as addressing lingering management issues. Although DOD has reported that it has reduced its domestic infrastructure by about 20 percent in the first four base closure rounds, questions exist regarding the actual amount of facilities to be reduced in the latest base closure round. At the same time, DOD officials recognize that the department will continue to have excess facilities and a long-term need for its facilities disposal program. Also, questions continue to be raised over the adequacy of funds provided to base operations support services and to the sustainment, restoration, and modernization of facilities. In a 2005 report, GAO noted that DOD did not have a common framework for identifying base-operating support functions and funding requirements to ensure adequate delivery of services, particularly in a joint environment. GAO reported that hundreds of millions of operation and maintenance dollars designated for facilities sustainment and other purposes were moved by the services to pay for base operations support due in part to (1) funding shortfalls, (2) a lack of a common terminology across the services in defining base support functions, and (3) the lack of a mature analytic process for developing credible and consistent requirements. While such funding movements are permissible, GAO found that they were disruptive to the orderly provision of services and contributed to the overall degradation of facilities. In another report, GAO found that many of DOD’s training ranges were in deteriorated condition and lacked modernization which adversely affected training activities and jeopardized the safety of military personnel. GAO also reported that there were opportunities for DOD to strengthen the management and implementation of its global basing strategy, improve the management of its utilities privatization program, and enhance the oversight of its privatized housing projects. Concerns continued to be raised by various installation officials in fiscal year 2006 over shortfalls in funding for base operations and facilities. What Remains to Be Done: DOD needs a comprehensive, integrated, long-range plan to better guide, justify funding requirements, and sustain the implementation of its infrastructure initiatives. The plan should clearly establish goals and milestones, identify specific tasks in improving quality of life and readiness, capture shortfalls, include metrics to measure progress, assign responsibilities for managing and coordinating the various efforts, and identify the resources needed to meet DOD’s vision for its infrastructure. A key to making this approach successful is management commitment to obtain adequate resources for the diverse initiatives that will resolve DOD’s infrastructure issues when other important priorities, such as the global war on terrorism and modernization, compete for funding. Related Products: Department of Defense Support Infrastructure Management: Defense Management: Comprehensive Strategy and Annual Reporting Are Needed to Measure Progress and Costs of DOD's Global Posture Restructuring. GAO-06-852. Washington, D.C.: September 13, 2006. Defense Infrastructure: Actions Taken to Improve the Management of Utility Privatization, but Some Concerns Remain. GAO-06-914. Washington, D.C.: September 5, 2006. DOD's Overseas Infrastructure Master Plans Continue to Evolve. GAO-06- 913R. Washington, D.C.: August 22, 2006. Limitations in the Air Force's Proposed Housing Plan for Spangdahlem Air Base, Germany. GAO-06-736R. Washington, D.C.: May 19, 2006. Military Housing: Management Issues Require Attention as the Privatization Program Matures. GAO-06-438. Washington, D.C.: April 28, 2006. Military Training: Funding Requests for Joint Urban Operations Training and Facilities Should Be Based on Sound Strategy and Requirements. GAO- 06-193. Washington, D.C.: December 8, 2005. Military Bases: Observations on DOD's 2005 Base Realignment and Closure Selection Process and Recommendations. GAO-05-905. Washington, D.C.: July 18, 2005. Military Bases: Analysis of DOD's 2005 Selection Process and Recommendations for Base Closures and Realignments. GAO-05-785. Washington, D.C.: July 1, 2005. Defense Infrastructure: Issues Need to Be Addressed in Managing and Funding Base Operations and Facilities Support. GAO-05-556. Washington, D.C.: June 15, 2005. Military Training: Better Planning and Funding Priority Needed to Improve Conditions of Military Training Ranges. GAO-05-534. Washington, D.C.: June 10, 2005. Defense Infrastructure: Management Issue Requiring Attention in Utility Privatization. GAO-05-433. Washington, D.C.: May 12, 2005. [End of section] Highlights: High-Risk Series: Department of Defense Financial Management: GAO Highlights: For additional information about this high-risk area, contact McCoy Williams at (202) 512-9095 or williamsm1@gao.gov. Why Area is High Risk: The Department of Defense (DOD) is a massive and complex organization. Efficient and effective management and accountability of DOD’s hundreds of billions of dollars of resources require timely, reliable, and useful information. However, DOD’s pervasive financial and related business management and system deficiencies adversely affect its ability to control costs; ensure basic accountability; anticipate future costs and claims on the budget; measure performance; maintain funds control; prevent and detect fraud, waste, and abuse; and address pressing management issues. GAO first designated DOD financial management as high risk in 1995. What GAO Found: DOD’s senior civilian and military leaders, committed to the department’s business transformation effort, continue to take positive steps towards improving DOD’s financial and related-business operations. However, to date, tangible evidence of improvement remains limited. DOD’s continuing, substantial financial management weaknesses adversely affect its ability to produce auditable financial information, and more importantly, to provide timely and reliable information for use in making informed decisions. Table: Examples of the Impact of Financial Management Problems at DOD: Business area affected: Cost accounting; Problem identified and its impact: DOD’s inadequate systems and processes for recording and reporting costs of the global war on terrorism contributed to uncertainty regarding costs and proper use of funds. Business area affected: Military pay; Problem identified and its impact: Pay problems rooted in the complex, cumbersome processes used to pay Army soldiers have generated overpayments. As a result, hundreds of separated battle-injured soldiers experienced collection action on military debts incurred through no fault of their own. Due to their lack of income, 16 of 19 case study soldiers reported that they had difficulty paying for basic household expenses. Business area affected: Accounting; Problem identified and its impact: DOD had to write off tens of billions of dollars in disbursement and collection transactions resulting from decades of financial management and system weaknesses. Until DOD can resolve these weaknesses and identify and charge transactions to the proper appropriation accounts, its appropriation accounts will remain unreliable and another costly write-off process may be required. Business area affected: Environmental liabilities; Problem identified and its impact: None of the military services had adequate controls in place to help ensure that all identified contaminated sites were included in their environmental liability cost estimates. These weaknesses affect the reliability of DOD and governmentwide estimates, as well as ultimately the cost and timing of cleanup activities. Business area affected: Systems; Problem identified and its impact: DOD still has not addressed the underlying problems associated with weak systems requirements management and testing in the Defense Travel System (DTS). Until DTS’s requirements management practices are improved, DOD will not have reasonable assurance that DTS can provide the intended functionality. Source: GAO. [End of Table] Overhauling DOD’s business operations represents a daunting challenge. In December 2005, DOD issued its Financial Improvement and Audit Readiness (FIAR) Plan to provide DOD components with a road map for achieving the following objectives: (1) resolving problems affecting the accuracy, reliability, and timeliness of financial information; and (2) obtaining clean financial statement audit opinions. The FIAR Plan, which does not establish specific target dates for achieving clean financial statement audit opinions within DOD, recognizes that it will take several years before DOD is able to implement the systems, processes, and other improvements needed to address its financial management challenges. Ultimately, the FIAR Plan’s success will be measured by its capability to achieve sustained improvements in DOD’s ability to support decision making, analysis, oversight, and reporting. What Remains to Be Done: GAO has made numerous recommendations intended to improve DOD’s financial management. DOD’s financial management reform effort should include the following key elements: (1) a reform plan implemented as part of a comprehensive, integrated business transformation plan; (2) sustained leadership and resource control; (3) clear lines of authority; (4) results-oriented performance measures; (5) appropriate individual and organizational incentives and consequences; and (6) a consistent and sustained emphasis on improving the department’s ability to provide timely, reliable, and useful information for decision making, oversight, and reporting. Related Products: Department of Defense Financial Management: Defense Travel System: Reported Savings Questionable and Implementation Challenges Remain. GAO-06-980. Washington, D.C.: September 26, 2006. Financial Management: Improvements Under Way but Serious Financial Systems Problems Persist. GAO-06-970. Washington, D.C.: September 26, 2006. Department of Defense: Sustained Leadership Is Critical to Effective Financial and Business Management Transformation. GAO-06-1006T. Washington, D.C.: August 3, 2006. Defense Working Capital Fund: Military Services Did Not Calculate and Report Carryover Amounts Correctly. GAO-06-530. Washington, D.C.: June 27, 2006. Military Pay: Hundreds of Battle-Injured GWOT Soldiers Have Struggled to Resolve Military Debts. GAO-06-494. Washington, D.C.: April 27, 2006. Environmental Liabilities: Long-Term Fiscal Planning Hampered by Control Weaknesses and Uncertainties in the Federal Government's Estimates. GAO-06-427. Washington, D.C.: March 31, 2006. Fiscal Year 2005 U.S. Government Financial Statements: Sustained Improvement in Federal Financial Management Is Crucial to Addressing Our Nation's Financial Condition and Long-Term Fiscal Imbalance. GAO- 06-406T. Washington, D.C.: March 1, 2006. DOD Business Transformation: Defense Travel System Continues to Face Implementation Challenges. GAO-06-18. Washington, D.C.: January 18, 2006. Global War on Terrorism: DOD Needs to Improve the Reliability of Cost Data and Provide Additional Guidance to Control Costs. GAO-05-882. Washington, D.C.: September 21, 2005. Army Corps of Engineers: Improved Planning and Financial Management Should Replace Reliance on Reprogramming Actions to Manage Project Funds. GAO-05-946. Washington, D.C.: September 16, 2005. DOD Problem Disbursements: Long-standing Accounting Weaknesses Result in Inaccurate Records and Substantial Write-offs. GAO-05-521. Washington, D.C.: June 2, 2005. [End of section] Highlights: High-Risk Series: Department of Defense Supply Chain Management: GAO Highlights: For additional information about this high-risk area, contact William M. Solis at (202) 512-8365 or solisw@gao.gov. Why Area Is High Risk: As a result of weaknesses in the Department of Defense’s (DOD) management of supply inventories and responsiveness to warfighter requirements, supply chain management has been on GAO’s high-risk list since 1990. The availability of spare parts and other critical supply items affects the readiness and operational capabilities of U.S. military forces, and the supply chain can determine whether U.S. military forces win or lose on the battlefield. The investment of resources in the supply chain is substantial, amounting to more than $150 billion in fiscal year 2005, according to DOD. GAO’s prior work over the last several years has identified three focus areas that are critical to resolving supply chain management problems: requirements forecasting, asset visibility, and materiel distribution. What GAO Found: While DOD has taken a number of positive steps toward improving its supply chain management, it has continued to experience weaknesses in its ability to provide efficient and effective supply support. Consequently, the department has been unable to consistently meet its goal of delivering the “right items to the right place at the right time” to support the deployment and sustainment of military forces. For example, DOD experienced substantial delays in meeting warfighter requirements for truck armor kits during Operation Iraqi Freedom (OIF), placing troops at greater risk as they conducted wartime operations in vehicles not equipped with the preferred level of protection. Since the onset of OIF, systemic deficiencies contributing to supply shortages have included inaccurate Army war reserve requirements, inaccurate supply forecasts, insufficient and delayed funding, delayed acquisition, and ineffective distribution. Although DOD has taken actions to improve and streamline aspects of its supply chain, barriers remain. For example, DOD’s ability to make coordinated, systemic improvements that cut across the multiple organizations involved in the materiel distribution system has been hindered by problems defining who has accountability and authority for making such improvements. Beginning in 2005, DOD developed a plan to address long-term systemic weaknesses in supply chain management. The plan encompasses 10 initiatives, such as war reserve materiel improvements and the expanded use of radio frequency identification, that address the three focus areas GAO has identified. DOD leadership has demonstrated a commitment to resolving supply chain management problems, and DOD is making progress implementing initiatives in the plan. However, it will take several years to fully implement these initiatives. Further, the department faces challenges and risks in successfully implementing its proposed changes across the department and measuring progress. For example, DOD lacks outcome-focused performance measures for many of its initiatives, making it difficult to track and demonstrate progress in improving the three focus areas. In a separate effort, DOD has been developing a “road map” for its future logistics programs and initiatives. The road map is intended to portray where the department is headed in the logistics area, how it will get there, and what progress is being made toward achieving its objectives. The road map also is intended to link ongoing capability development, program reviews, and budgeting. Once completed, the road map could potentially fill a long-term need for a comprehensive, departmentwide logistics re-engineering strategy to guide implementation of DOD, service, and defense agency supply chain initiatives. What Remains to Be Done: To successfully resolve supply chain management problems, DOD needs to sustain top leadership commitment and long-term institutional support for the supply chain management improvement plan; obtain necessary resource commitments from the military services, the Defense Logistics Agency, and other organizations; make substantial progress in implementing improvement initiatives across the department; and establish a program to demonstrate progress and validate the effectiveness of the initiatives. DOD also should ensure that its logistics road map provides a comprehensive, integrated strategy for guiding supply chain management improvement efforts. Related Products: Department of Defense Supple Chain Management: DOD's High-Risk Areas: Progress Made Implementing Supply Chain Management Recommendations, but Full Extent of Improvement Unknown. GAO- 07-234. Washington, D.C.: January 17, 2007. DOD's High-Risk Areas: Challenges Remain to Achieving and Demonstrating Progress in Supply Chain Management. GAO-06-983T. Washington, D.C.: July 25, 2006. Defense Logistics: Lack of a Synchronized Approach between the Marine Corps and Army Affected the Timely Production and Installation of Marine Corps Truck Armor. GAO-06-274. Washington, D.C.: June 22, 2006. Defense Management: Attention Is Needed to Improve Oversight of DLA Prime Vendor Program. GAO-06-739R. Washington, D.C.: June 19, 2006. Defense Inventory: Actions Needed to Improve Inventory Retention Management. GAO-06-512. Washington, D.C.: May 25, 2006. Defense Logistics: Several Factors Limited the Production and Installation of Army Truck Armor during Current Wartime Operations. GAO- 06-160. Washington, D.C.: March 22, 2006. DOD's High-Risk Areas: High-Level Commitment and Oversight Needed for DOD Supply Chain Plan to Succeed. GAO-06-113T. Washington, D.C.: October 6, 2005. Defense Logistics: Better Strategic Planning Can Help Ensure DOD's Successful Implementation of Passive Radio Frequency Identification. GAO-05-345. Washington, D.C.: September 12, 2005. Defense Logistics: DOD Has Begun to Improve Supply Distribution Operations, but Further Actions Are Needed to Sustain These Efforts. GAO-05-775. Washington, D.C.: August 11, 2005. Defense Logistics: Actions Needed to Improve the Availability of Critical Items during Current and Future Operations. GAO-05-275. Washington, D.C.: April 8, 2005. [End of section] Highlights: High-Risk Series: Department of Defense Weapon Systems Acquisition: GAO Highlights: For additional information about this high-risk area, contact Katherine V. Schinasi (202) 512-4841 or schinasik@gao.gov. Why Area Is High Risk: Developing and acquiring high performance weapons is central to the Department of Defense’s (DOD) ability to fight and win wars. DOD’s investment in weapons is growing—from about $157 billion in fiscal year 2006 to an estimated $188 billion by fiscal year 2011—as it pushes to transform itself to meet a broad range of complex threats. Weapon systems routinely take much longer to field, cost more to buy, and require more support than provided for in investment plans. When acquisition programs require more resources than planned, the buying power of the defense dollar is reduced because trade-offs among other weapon programs or defense needs must be made. Consequently, GAO has designated this as a high-risk area since 1990. What GAO Found: DOD is facing a cascading number of problems in managing its acquisitions. Significant cost increases mean DOD can neither produce as many weapons as intended nor be relied on to deliver weapons to the warfighter when promised. DOD knows what to do to achieve more successful outcomes but finds it difficult to apply the necessary discipline and controls or assign much-needed accountability. DOD has written into policy an approach that emphasizes attaining a certain level of knowledge at critical junctures before managers agree to invest more money in the next phase of weapon system development. This knowledge-based approach results in evolutionary—that is incremental, manageable, predictable—development and inserts several controls to help managers gauge progress in meeting cost, schedule, and performance goals. But DOD has not been employing the knowledge-based approach, discipline has been lacking, and business cases have not measured up. In particular, the department accepts high levels of technology risk at the start of major acquisition programs. Mature technologies are pivotal to developing new products. Without mature technologies at the outset, a program will almost certainly incur cost and schedule problems. However, DOD’s acquisition community works with technologies before they are ready and takes on responsibility for technology development and product development concurrently. Our work has also shown that DOD allows programs to begin without establishing a sound business case in terms of requirements, technology, knowledge-based acquisition strategy, time, cost and funding. And once programs begin, requirements and funding change over time. In fact, program managers consider requirements and funding instability—which occur throughout the program—to be their biggest obstacles to success. Program approvals in DOD have shown a decided lack of restraint. DOD’s requirements process generates more demand for new programs than fiscal resources can support. DOD compounds the problem by approving so many highly complex and interdependent programs. Once too many programs are approved, the budgeting process must broker trades to stay within realistic funding levels. Because programs are funded annually and departmentwide cross-portfolio priorities have not been established, competition for funding continues over time, forcing programs to view success as the ability to secure the next funding increment rather than delivering capabilities when and as promised. DOD has recognized these problems and plans to take a series of corrective actions, some of which are mandated by law. It is focusing on laying a better foundation for programs before they begin product development. DOD has just begun piloting some of these actions, so the proof of actual implementation may be years away. These initiatives also may not necessarily be applied to programs already under way. What Remains to Be Done: DOD needs to take additional steps to achieve outcomes that justify its investments. These steps include: * developing and implementing an acquisition investment strategy, * ensuring that individual programs are executable, and: * clearly delineating responsibilities and holding people accountable. While DOD has incorporated into policy a framework that supports a knowledge-based acquisition process similar to that used by leading organizations, it must establish stronger controls to ensure that decisions on individual programs are informed by demonstrated knowledge. Related products: Department of Defense Weapon System Acquisition: Defense Acquisitions: Actions Needed to Get Better Results on Weapon Systems Investments. GAO-06-585T. Washington, D.C.: April 5, 2006. Best Practices: Best Practices: Stronger Practices Needed to Improve DOD Technology Transition Processes. GAO-06-883. Washington, D.C.: September 14, 2006. Defense Acquisitions: Major Weapon Systems Continue to Experience Cost and Schedule Problems under DOD's Revised Policy. GAO-06-368. Washington, D.C.: April 13, 2006. Space Acquisitions: Improvements Needed in Space Systems Acquisitions and Keys to Achieving Them. GAO-06-626T. Washington, D.C.: April 6, 2006. Defense Acquisitions: Assessments of Selected Major Weapon Programs. GAO-06-391. Washington, D.C.: March 31, 2006. Best Practices: Better Support of Weapon System Program Managers Needed to Improve Outcomes. GAO-06-110. Washington, D.C.: November 30, 2005. Weapon System Reviews: Defense Acquisitions: Restructured JTRS Program Reduces Risk, but Significant Challenges Remain. GAO-06-955. Washington, D.C.: September 11, 2006. Tactical Aircraft: Questions Concerning the F-22A's Business Case. GAO- 06-991T. Washington, D.C.: July 25, 2006. Space Acquisitions: DOD Needs Additional Knowledge as It Embarks on a New Approach for Transformational Satellite Communications System. GAO- 06-537. Washington, D.C.: May 24, 2006. Electronic Warfare: Option of Upgrading Additional EA-6Bs Could Reduce Risk in Development of EA-18G. GAO-06-446. Washington, D.C.: April 26, 2006. Joint Strike Fighter: DOD Plans to Enter Production before Testing Demonstrates Acceptable Performance. GAO-06-356. Washington, D.C.: March 15, 2006. Defense Acquisitions: Missile Defense Agency Fields Initial Capability but Falls Short of Original Goals. GAO-06-327. Washington, D.C.: March 15, 2006. Defense Acquisitions: Improved Business Case Is Needed for Future Combat System's Successful Outcome. GAO-06-367. Washington, D.C.: March 14, 2006. [End of section] Highlights: High-Risk Series: Federal Aviation Administration Air Traffic Control Modernization: GAO Highlights: For additional information about this high-risk area, contact David A. Powner at (202) 512-9286 or pownerd@gao.gov, or Gerald L. Dillingham, Ph.D., at (202) 512-2834 or dillinghamg@gao.gov. Why Area Is High Risk: Over the last two decades, the Federal Aviation Administration (FAA) has been conducting a major modernization of its air traffic control systems and facilities. FAA has implemented many systems and improvements to date, and it is currently pursuing efforts on 45 projects and planning to transition to a next-generation air transportation system. Key efforts include projects to augment the Global Positioning System to aid in approaches and landings, to improve radar systems for terminal environments, and to provide new color displays and data processing to air traffic controllers. GAO initially designated FAA’s modernization program as high risk in 1995, and while progress has been made, it remains high risk today. What GAO Found: Faced with growing air traffic and aging equipment, in 1981 FAA initiated an ambitious effort to modernize its air traffic control system. This modernization includes the acquisition of new systems and facilities and has now been extended to plan for a next-generation air transportation system. Over the years, projects within this modernization program have experienced cost overruns, schedule delays, and performance shortfalls. GAO has reported on the root causes of these problems, including (1) immature capabilities for acquiring systems, (2) lack of an institutionalized architecture, (3) inadequate cost estimating and accounting practices, (4) an incomplete investment management process, and (5) an organizational culture that impairs modernization efforts. FAA has made important progress in addressing these weaknesses, but more remains to be done in each of these areas. For example, FAA has: * established a framework for improving system management capabilities and addressed weaknesses GAO identified on four major air traffic control systems, but has not yet institutionalized these improved capabilities; * continued to develop an enterprise architecture—a blueprint of the agency’s current and target operations and infrastructure—and has included initial requirements for the next-generation air transportation system, but further refinements are expected; * implemented key components of a cost accounting system; * established a cost estimating methodology, but has yet to implement it; * implemented basic investment management capabilities, but has not yet integrated these practices across the agency; * sought to establish an organizational culture that supports sound acquisitions, but still faces many human capital challenges, including obtaining the technical and contract management expertise needed to define, implement, and integrate numerous complex programs and systems. Until the agency fully addresses these residual issues, it will continue to risk the project management problems affecting cost, schedule, and performance that have plagued its ability to acquire systems for improving air traffic control. Figure: Image of Air Plane and Air Traffic Control: [See PDF for Image] Sources: GAO and PhotoDisc(images). [End of Figure] What Remains to Be Done: GAO has made over 45 specific recommendations to address root causes of FAA’s modernization problems. The agency has made progress on these recommendations, but more must be done to institutionalize system management improvements, develop and enforce an enterprise architecture, implement effective cost estimation practices and investment management processes, and improve human capital management. With FAA expecting to spend about $9.4 billion through fiscal year 2011 to upgrade and replace air traffic control systems, these actions are as critical as ever. Related Products: Federal Aviation Administration Air Traffic Control Modernization: Next Generation Air Transportation System: Progress and Challenges Associated with the Transformation of the National Airspace System. GAO- 07-25. Washington, D.C.: November 13, 2006. National Airspace System Modernization: Observations on Potential Funding Options for FAA and the Next Generation Airspace System. GAO- 06-1114T. Washington, D.C.: September 27, 2006. Next Generation Air Transportation System: Preliminary Analysis of Progress and Challenges Associated with the Transformation of the National Airspace System. GAO-06-915T. Washington, D.C.: July 25, 2006. Air Traffic Control Modernization: Status of the Current Program and Planning for the Next Generation Air Transportation System. GAO-06- 653T. Washington, D.C.: June 21, 2006. Air Traffic Control: Status of the Current Modernization Program and Planning for the Next Generation System. GAO-06-738T. Washington, D.C.: May 4, 2006. Next Generation Air Transportation System: Preliminary Analysis of the Joint Planning and Development Office's Planning, Progress, and Challenges. GAO-06-574T. Washington, D.C.: March 29, 2006. National Airspace System: Transformation Will Require Cultural Change, Balanced Funding Priorities, and Use of All Available Management Tools. GAO-06-154. Washington, D.C.: October 14, 2005. Air Traffic Operations: The Federal Aviation Administration Needs to Address Major Air Traffic Operating Cost Control Changes. GAO-05-724. Washington, D.C.: June 23, 2005. National Airspace System: FAA Has Made Progress but Continues to Face Challenges in Acquiring Major Air Traffic Control Systems. GAO-05-331. Washington, D.C.: June 10, 2005. Federal Aviation Administration: Stronger Architecture Program Needed to Guide Systems Modernization Efforts. GAO-05-266. Washington, D.C.: April 29, 2005. [End of section] Highlights: High-Risk Series: Financing the Nation's Transportation System: GAO Highlights: For additional information about this high-risk area, contact Patricia Dalton at (202) 512-2834 or daltonp@gao.gov. Why Area Is High Risk: The nation’s economic vitality and its citizens’ quality of life depend significantly on the efficiency of its transportation infrastructure. Increasingly, however, congestion is threatening the efficiency of this infrastructure, and the federal government faces the dual challenge of providing funds to help maintain and expand the nation’s transportation system and of ensuring that these funds are used efficiently. Compounding this challenge are increasing costs of security enhancements and growing federal funding constraints and policies that limit the use of federal funds to finance improvements in mobility. What GAO Found: Highway and transit financing. Revenues to support the Highway Trust Fund—the major source of federal highway and transit funding—are eroding. Receipts for the fund, which are derived from motor fuel and truck-related taxes, are continuing to grow but are declining in purchasing power because the federal motor fuel tax rate has not been increased since 1993. Furthermore, as vehicles become more fuel efficient and increasingly run on alternative fuels, fuel taxes may not be a sustainable source of transportation financing in the future. Funding authorized in the recently enacted highway and transit program legislation is expected to outstrip the growth in trust fund receipts, leading to a forecasted decline in the trust fund balance and a negative balance by the end of fiscal year 2011. In the face of these constraints, state and local governments are pursuing alternative financing mechanisms, including tolling projects. Intercity passenger and freight rail financing. The intercity passenger rail system is in poor financial condition, and the federal subsidies provided for it are not targeted to the greatest public benefits, such as transportation congestion relief. GAO has recommended funding mechanisms that include cost sharing between the federal government and other beneficiaries. The freight railroad industry is projected to grow substantially, but the industry’s ability to finance the capacity needed to meet this projected growth is uncertain. Increasingly, the expected public benefits of rail projects, such as reductions in highway congestion and improved intermodal connections, have led the federal and state governments to invest public funds in freight rail projects. Decision makers face additional decisions in the years ahead and will be challenged to make investment decisions that reflect public priorities and achieve demonstrable, wide-ranging public benefits. Aviation financing. Federal aviation programs are also facing growing infrastructure demands and constrained resources. To meet projected increases in commercial aviation travel, the Federal Aviation Administration (FAA) and aviation stakeholders are developing a “next generation air transportation system” to modernize the nation’s air traffic control (ATC) infrastructure and increase capacity. This effort is complex and costly: Under one limited, preliminary estimate, FAA’s budget would, on average, exceed FAA’s fiscal year 2006 appropriation level by about $1 billion a year (in today’s dollars) through 2025. FAA and others have questioned whether the current funding system—the Aviation Trust Fund—can generate revenues to meet these budgetary needs. While FAA’s workload and costs are expected to rise, in part because of increased use of smaller aircraft, FAA’s revenues may not keep pace because of projected declines in inflation- adjusted airfares. While FAA has made some important management improvements with cost control problems associated with ATC modernization, some questions remain about FAA’s ability to manage the transition to the next generation system cost-effectively. What Remains to Be Done: In light of the growing demand for funds to maintain and expand the nation’s transportation system and the increasing constraints on federal discretionary spending, GAO recommends a reassessment, for all transportation modes, of (1) the federal role and strategy in funding, selecting, and evaluating transportation investments; (2) mechanisms to seek alternative revenue sources and, where appropriate, to increase revenues for infrastructure improvements, including user fees and alternatives to stimulate private investment, while considering their impact on the federal budget; and (3) methods of allocating funds to ensure the equity, efficiency, accountability, and performance of transportation investments. Related Products: Financing the Nation's Transportation System: Intercity Passenger Rail: National Policy and Strategies Needed to Maximize Public Benefits from Federal Expenditures. GAO-07-15. Washington, D.C.: November 13, 2006. [End of section] Freight Railroads: Industry Health Has Improved, but Concerns about Competition and Capacity Should be Addressed. GAO-07-94. Washington, D.C.: October 6, 2006. Aviation Finance: Observations on Potential FAA Funding Options. GAO- 06-973. Washington, D.C.: September 29, 2006. National Airspace System Modernization: Observations on Potential Funding Options for FAA and the Next Generation Airspace System. GAO- 06-1114T. Washington, D.C.: September 27, 2006. Highway Finance: States' Expanding Use of Tolling Illustrates Diverse Challenges and Strategies. GAO-06-554. Washington, D.C.: June 28, 2006. Highway Trust Fund: Overview of Highway Trust Fund Estimates. GAO-06- 572T. Washington, D.C.: April 4, 2006. Freight Transportation: Short Sea Shipping Option Shows Importance of Systematic Approach to Public Investment Decisions. GAO-05-768. Washington, D.C.: July 29, 2005. Highlights of an Expert Panel: The Benefits and Costs of Highway and Transit Investments. GAO-05-423SP. Washington, D.C.: May 6, 2005. Highway And Transit Investments: Options for Improving Information on Projects' Benefits and Costs and Increasing Accountability for Results. GAO-05-172. Washington, D.C.: January 24, 2005. Federal-Aid Highways: Trends, Effect on State Spending, and Options for Future Program Design. GAO-04-802. Washington, D.C.: August 31, 2004. Surface Transportation: Many Factors Affect Investment Decisions. GAO- 04-744. Washington, D.C.: June 30, 2004. [End of section] Highlights: High-Risk Series: Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests: GAO Highlights: For additional information about this high-risk area, contact Ann Calvaresi-Barr at (202) 512-4841 or calvaresibarra@gao.gov. Why Area Is High Risk: To maintain technological superiority on the battlefield, the Department of Defense annually spends billions of dollars to develop and produce advanced weaponry. At the same time, these weapons and militarily useful technologies are sold overseas by the U.S. government and companies for foreign policy, security, and economic reasons. However, these technologies are targets for theft, espionage, reverse engineering, and illegal export. The U.S. government has a myriad of programs intended to identify and protect critical technologies so they can be transferred to foreign parties consistent with varying U.S. interests. Yet these programs—established decades ago—are ill-equipped to weigh competing U.S. interests in the current security environment and as technological innovation evolves in the 21st century. Accordingly, GAO is designating the effective identification and protection of critical technologies as a governmentwide high-risk area. What GAO Found: Over the years, GAO has identified weaknesses in the effectiveness and efficiency of government programs designed to protect critical technologies while advancing U.S. interests. These programs include those that regulate U.S. defense-related exports, investigate proposed foreign acquisitions of U.S. national security-related companies, and oversee contractors under foreign influence that work with classified information. Multiple agencies are responsible for administering these programs, including the Departments of Commerce, Defense, State, and Treasury. While each program has its own set of challenges, GAO found that these weaknesses are largely attributable to poor coordination within complex interagency processes, inefficiencies in program operations, and a lack of evaluations for regularly assessing program effectiveness and identifying corrective actions. The impacts of these weaknesses are not always visible or immediate but increase the risk of military gains by entities with interests contrary to those of the United States and of financial harm to U.S. companies. Several of the programs designed to protect critical technologies are inherently complex. However, poor coordination and fundamental disagreements among the departments have had unintended consequences for both national security and economic interests. For instance, the departments that investigate proposed foreign acquisitions currently lack a coordinated approach for defining what constitutes a threat to national security and what warrants an investigation to ensure that the risk of foreign ownership is mitigated. Also, while the government officials responsible for protecting critical technologies may appropriately take time to make decisions as they consider the multiple interests involved, inefficiencies in the various programs have created unnecessary delays in sharing critical technologies with allies. In addition, the departments charged with protecting critical technologies have not systematically evaluated their respective programs to determine whether they are fulfilling their missions in a changing environment and whether corrective actions are needed. For example, following the 2001 terror attacks, Commerce and State did not systematically assess the effectiveness of their respective export control programs and, therefore, were not in a position to identify and implement corrective measures. While GAO has recommended numerous corrective actions to address these weaknesses and inefficiencies, the departments involved have not implemented many of the recommendations that address the most fundamental problems affecting the protection of critical technologies, such as clearly determining which department controls the export of certain defense technologies. Legislation has been introduced to reform aspects of these programs. However, to date legislation has not been enacted to overhaul the programs and executive action has not resulted in fundamental changes to these programs as global forces continue to reshape U.S. national security and economic interests. What Remains to Be Done: To improve existing technology protection programs, agencies need to implement the many GAO recommendations that remain unaddressed. In addition, further action is needed. The legislative and executive branches should strategically examine existing programs, evaluate alternative approaches, and develop a comprehensive framework with clear responsibilities and accountability for identifying and protecting critical technologies. Related Products: Ensuring the Effective Protection of the Technologies Critical to U.S. National Security Interests: Export Controls: Challenges Exist in Enforcement of an Inherently Complex System. GAO-07-265. Washington, D.C.: December 20, 2006. Defense Technologies: DOD's Critical Technologies Lists Rarely Inform Export Control and Other Policy Decisions. GAO-06-793. Washington, D.C.: July 28, 2006. DOD Excess Property: Control Breakdowns Present Significant Security Risk and Continuing Waste and Inefficiency. GAO-06-943. Washington, D.C.: July 25, 2006. President's Justification of the High Performance Computer Control Threshold Does Not Fully Address National Defense Authorization Act of 1998 Requirements. GAO-06-754R. Washington, D.C.: June 30, 2006. Export Controls: Improvements to Commerce's Dual-Use System Needed to Ensure Protection of U.S. Interests in the Post-9/11 Environment. GAO- 06-638. Washington, D.C.: June 26, 2006. Defense Trade: Enhancements to the Implementation of Exon-Florio Could Strengthen the Law's Effectiveness. GAO-05-686. Washington, D.C.: September 28, 2005. Industrial Security: DOD Cannot Ensure Its Oversight of Contractors under Foreign Influence Is Sufficient. GAO-05-681. Washington, D.C.: July 15, 2005. Defense Trade: Arms Export Control Vulnerabilities and Inefficiencies in the Post-9/11 Security Environment. GAO-05-468R. Washington, D.C.: April 7, 2005. Defense Trade: Arms Export Control System in the Post-9/11 Environment. GAO-05-234. Washington, D.C.: February 16, 2005. Defense Acquisitions: DOD Needs to Better Support Program Managers' Implementation of Anti-Tamper Protection. GAO-04-302. Washington, D.C.: March 31, 2004. Defense Trade: Better Information Needed to Support Decisions Affecting Proposed Weapons Transfers. GAO-03-694. Washington, D.C.: July 11, 2003. Export Controls: Clarification of Jurisdiction for Missile Technology Items Needed. GAO-02-120. Washington, D.C.: October 9, 2001. [End of section] Highlights: High-Risk Series: Transforming Federal Oversight of Food Safety: GAO Highlights: For additional information about this high-risk area, contact Lisa Shames at (202) 512-3841 or shamesl@gao.gov. Why Area Is High Risk: Each year, about 76 million people contract a foodborne illness in the U.S.; about 325,000 require hospitalization; and about 5,000 die. In addition, agriculture, as the largest industry and employer in the United States, generates more than $1 trillion in economic activity annually. The value of U.S. agricultural exports exceeded $68 billion in fiscal year 2006. What GAO Found: This nation enjoys a plentiful and varied food supply that is generally considered to be safe. However, the patchwork nature of the federal oversight of food safety calls into question whether the government can plan more strategically to inspect food production processes, identify and react more quickly to any outbreaks of contaminated food, and focus on achieving results to promote the safety and the integrity of the nation’s food supply. This challenge is even more urgent since the terrorist attacks of September 11, 2001, heightened awareness of agriculture’s vulnerabilities to terrorism. A 21st century challenge is to integrate the fragmented federal food safety system in which 15 agencies collectively administer at least 30 laws related to food safety. The two primary agencies are the U.S. Department of Agriculture (USDA), which is responsible for the safety of meat, poultry, and processed egg products, and the Food and Drug Administration (FDA), which is responsible for virtually all other foods. The Department of Homeland Security (DHS) is responsible for coordinating agencies’ food security activities. During the past 30 years, GAO has reported that the system has caused inconsistent oversight, ineffective coordination, and inefficient use of resources. GAO’s most recent work demonstrates that these challenges persist. Specifically: * Existing statutes give agencies different regulatory and enforcement authorities. Food products under FDA’s jurisdiction may be marketed without prior approval while under USDA’s jurisdiction they must generally be inspected and approved as meeting federal standards before being sold to the public. USDA inspectors examine each slaughtered carcass and visit each facility at least once during each operating day. For foods under FDA’s jurisdiction, however, federal law does not mandate the frequency of inspections. * Food recalls are voluntary. However, USDA and FDA do not know how promptly and completely companies are carrying out recalls, do not promptly verify that recalls have reached all segments of the distribution chain, and use procedures to alert consumers to a recall that may not be effective. * Agencies have taken steps to better manage the risks of agroterrorism, including the development of national plans and the adoption of standard protocols. However, there are weaknesses regarding the flow of critical information among key stakeholders and shortcomings in DHS’s coordination of federal working groups and research efforts. Transformation of the federal oversight framework for food safety is needed to reduce the risks to public health and as well as the economy. What Remains to Be Done: While many of the recommendations GAO made have been acted upon, a fundamental re-examination of the federal food safety system is warranted. GAO has recommended comprehensive, uniform, and risk-based food safety legislation, a detailed analysis of alternative organizational food safety structures, and a reconvened Council on Food Safety to facilitate interagency coordination on food safety regulation and programs. Going forward, to build a sustained focus on the safety and integrity of the nation’s food supply, developing a governmentwide performance plan that is mission based, has a results orientation, and provides a cross-agency perspective offers a framework to help ensure agencies’ goals are complementary and mutually reinforcing. Related Products: Transforming Federal Oversight of Food Safety: Homeland Security: Management and Coordination Problems Increase the Vulnerability of U.S. Agriculture to Foreign Pests and Disease. GAO-06- 644. Washington, D.C.: May 19, 2006. Oversight of Food Safety Activities: Federal Agencies Should Pursue Opportunities to Reduce Overlap and Better Leverage Resources. GAO-05- 213. Washington, D.C.: March 30, 2005. Food Safety: Experiences of Seven Countries in Consolidating Their Food Safety Systems. GAO-05-212. Washington, D.C.: February 22, 2005. Food Safety: USDA and FDA Need to Better Ensure Prompt and Complete Recalls of Potentially Unsafe Food. GAO-05-51. Washington, D.C.: October 6, 2004. Antibiotic Resistance: Federal Agencies Need to Better Focus Efforts to Address Risk to Humans from Antibiotic Use in Animals. GAO-04-490. Washington, D.C.: April 22, 2004. School Meal Program: Few Instances of Foodborne Outbreaks Reported, but Opportunities Exist to Enhance Outbreak Data and Food Safety Practices. GAO-03-530. Washington, D.C.: May 9, 2003. Food-Processing Security: Voluntary Efforts Are Under Way, but Federal Agencies Cannot Fully Assess Their Implementation. GAO-03-342. Washington, D.C.: February 14, 2003. Meat and Poultry: Better USDA Oversight and Enforcement of Safety Rules Needed to Reduce Risk of Foodborne Illnesses. GAO-02-902. Washington, D.C.: August 30, 2002. Genetically Modified Foods: Experts View Regimen of Safety Tests as Adequate, but FDA's Evaluation Process Could Be Enhanced. GAO-02-566. Washington, D.C.: May 23, 2002. Food Safety: Improvements Needed in Overseeing the Safety of Dietary Supplements and "Functional Foods." GAO/RCED-00-156. Washington, D.C.: July 11, 2000. [End of section] Highlights: High-Risk Series: Department of Defense Contract Management: GAO Highlights: For additional information about this high-risk area, contact Katherine V. Schinasi at (202) 512-4841 or schinasik@gao.gov. Why Area Is High Risk: The Department of Defense (DOD) obligated nearly $270 billion in fiscal year 2005 to equip and support the military forces, but is not able to assure it is using sound business practices to acquire the goods and services needed to meet the warfighter’s needs. For example, DOD is increasingly relying on contractor-provided services but has not fully implemented a strategic approach to buying services. Additionally, DOD has not always made sound use of various techniques to acquire goods and services. Further, DOD has not had a comprehensive plan to ensure its workforce has the right skills and capabilities. GAO designated DOD contract management as a high-risk area in 1992. What GAO Found: DOD continues to experience poor acquisition outcomes and missed opportunities to improve its approach to buying goods and services. For example, in November 2006, GAO reported that DOD’s management approach lacked the necessary strategic vision and sustained commitment to address service acquisition risks and foster better outcomes. In this regard, DOD had not developed a strategy to gauge whether ongoing and planned initiatives would achieve intended results. At the transactional level, DOD focused primarily on awarding contracts, with less attention paid to formulating acquisition requirements or assessing service delivery. Further, the results of individual acquisitions were generally not used to inform strategic decision making. Overall, GAO found that DOD was ill-positioned to determine whether investments in services were achieving desired outcomes. GAO identified weaknesses across a broad spectrum of contractual business arrangements. For example, GAO found that DOD frequently initiated work on Iraq reconstruction efforts before requirements were defined or understood, resulting in increased costs, schedule delays, and reduced scopes of work. When requirements were not clear, DOD often entered into arrangements that allowed contractors to begin work, but imposed additional risks on DOD. For example, DOD contracting officials were less likely to remove costs questioned by auditors from a contractor’s proposal when the contractor had already incurred the costs. In five audits that questioned about $600 million in costs, contracting officials determined that the contractor should be paid for all but $38 million. DOD did not always take advantage of the benefits of competition. For example, DOD awarded contracts for guard services on an authorized sole-source basis despite recognizing it was paying about 25 percent more than it had under previously competed contracts. Another element of a sound business arrangement is the use of award and incentive fees to encourage improved contractor performance. GAO found that DOD often used criteria that were not directly related to outcomes, generally paid a significant portion of the available fee regardless of outcomes, and provided contractors opportunities to earn unearned or deferred fees. GAO estimated that DOD paid out an estimated $8 billion in award fees on contracts in the study population, regardless of whether outcomes fell short of DOD’s expectations, were satisfactory, or exceeded expectations. Providing effective oversight is essential to ensure DOD does not pay more than the value of the goods delivered or services performed. At times, DOD’s oversight was wanting, as it did not always task personnel with oversight duties or establish clear lines of accountability, especially on interagency contracts. Conducting oversight and meeting other challenges, however, require a capable workforce. In June 2006, DOD released a strategic plan for its acquisition workforce that specifies the steps it plans to take over the next 2 years to identify the skills and competencies needed for the future. What Remains to Be Done: To improve outcomes, DOD needs to: * take action at the strategic and transactional level to improve its acquisition of services; * definitize contracts in a timely fashion, reassess its acquisition strategies to provide for competition, and revise its award fee guidance; and: * improve its oversight procedures. DOD generally concurred with GAO’s recommendations and is taking action to implement them. Improving outcomes will require DOD leadership to set the appropriate tone at the top and ensure its personnel adhere to sound contracting practices. Related Products: Department of Defense Contract Management: Defense Acquisitions: Tailored Approach Needed to Improve Service Acquisition Outcomes. GAO-07-20. Washington, D.C.: November 9, 2006. DOD Contracting: Efforts Needed to Address Commercial Air Force Acquisition Risk. GAO-06-995. Washington, D.C.: September 29, 2006. Rebuilding Iraq: Continued Progress Requires Overcoming Contract Management Challenges. GAO-06-1130T. Washington, D.C.: September 28, 2006. Iraq Contract Costs: DOD Consideration of Defense Contract Audit Agency's Findings. GAO-06-1132. Washington, D.C.: September 25, 2006. Contract Management: Service Contract Approach to Aircraft Simulator Training Has Room for Improvement. GAO-06-830. Washington, D.C.: September 22, 2006. DOD Acquisitions: Contracting for Better Outcomes. GAO-06-800T. Washington, D.C.: September 7, 2006. Contract Management: DOD Vulnerabilities to Contracting Fraud, Waste, and Abuse. GAO-06-838R. Washington, D.C.: July 7, 2006. Defense Management: Attention Is Needed to Improve Oversight of DLA Prime Vendor Program. GAO-06-739R. Washington, D.C.: June 19, 2006. Hurricane Katrina: Army Corps of Engineers Contract for Mississippi Classrooms. GAO-06-454. Washington, D.C.: May 1, 2006. Contract Security Guards: Army's Guard Program Requires Greater Oversight and Reassessment of Acquisition Approach. GAO-06-284. Washington, D.C.: April 3, 2006. Defense Acquisitions: DOD Has Paid Billions in Award and Incentive Fees Regardless of Acquisition Outcomes. GAO-06-66. Washington, D.C.: December 19, 2005. Contract Management: Opportunities to Improve Surveillance on Department of Defense Service Contracts. GAO-05-274. Washington, D.C.: March 17, 2005. [End of section] Highlights: High-Risk series: Department of Energy Contract Management: GAO Highlights: For additional information about this high-risk area, contact Robert A. Robinson at (202) 512-3841 or robinsonr@gao.gov. Why Area Is High Risk: The Department of Energy (DOE)—the largest contracting agency in the federal government after the Department of Defense—relies primarily on contractors to carry out its diverse missions and operate its laboratories and other facilities. About 90 percent of DOE’s budget, or about $22 billion annually, is spent on contracts. In 1990, GAO designated DOE contract management as a high-risk area because of DOE’s record of both inadequate management and oversight of contractors and failure to hold contractors accountable. What GAO Found: DOE’s contract management, including both contract administration and project management, continues to be at high risk for fraud, waste, abuse, and mismanagement. In January 2005, GAO reported that the department was making efforts to strengthen contracting guidance and improve performance accountability for contractors and DOE project managers but that performance problems continued on DOE’s major projects. These conditions have not substantially changed. Over the last 2 years, however, DOE has continued efforts to address its contract and project management problems. For example, the Office of Environmental Management, which is responsible for overseeing the department’s annual $7 billion in environmental cleanup work, is in the process of integrating contract and project management under a new deputy assistant secretary for acquisition and project management. The new position is aimed at improving efficiency and oversight of contracting and project management. Also, in a departmentwide effort to improve project oversight, DOE recently announced it had certified all of its federal project directors as having completed rigorous competency and training requirements. In addition, DOE began taking steps to assess the accuracy of the cost and schedule data used to oversee contractor performance in implementing projects. Finally, in response to an Office of Management and Budget request to federal agencies with activities on GAO’s high-risk list, DOE developed an action plan to strengthen the department’s management of contracts and projects. The plan includes an implementation schedule and performance measures for assessing its effectiveness. While DOE is continuing its improvement efforts, GAO found that performance problems still regularly occur on DOE’s major projects. For example, DOE continued to experience significant cost and schedule growth in constructing facilities to stabilize and treat 55 million gallons of radioactive waste in Hanford, Washington. Since the contract was awarded in 2000, the estimated project costs have increased from $4.3 billion to over $12 billion, and the completion date for constructing the facilities has been extended 8 years to 2019. This resulted, in large part, from DOE’s continued reliance on a practice of concurrently designing and constructing one-of-a-kind facilities, as well as poor contractor performance and inadequate oversight by the department. In general, GAO found that DOE did not ensure, prior to awarding its contracts for major projects, that the contracts included effective performance incentives for contractors to control project costs and schedule. Additionally, in developing its action plan to strengthen contract and project management, the department did not conduct a root-cause analysis to fully understand the causes of its contract and project management problems. What Remains to Be Done: To further strengthen DOE’s contract and project management so that it can demonstrate improved results from its contractors, GAO made a series of recommendations that collectively call for DOE to improve its measures for assessing both contractor performance and the department’s progress toward addressing weaknesses in contract and project management, to improve its oversight of contractors, and to strengthen accountability for performance. DOE generally agreed with the recommendations. In some cases, DOE asserted that its ongoing efforts already addressed the recommendations; however, GAO concluded that further improvements were needed. Related Products: Department of Energy Contract Management: Nuclear Cleanup of Rocky Flats: DOE Can Use Lessons Learned to Improve Oversight of Other Sites' Cleanup Activities. GAO-06-352. Washington, D.C.: July 10, 2006. DOE Contracting: Better Performance Measures and Management Needed to Address Delays in Awarding Contracts. GAO-06-722. Washington, D.C.: June 30, 2006. DOE Contracting: Improved Program Management Could Help Achieve Small Business Goal. GAO-06-501. Washington, D.C.: April 7, 2006. Hanford Waste Treatment Plant: Contractor and DOE Management Problems Have Led to Higher Costs, Construction Delays, and Safety Concerns. GAO- 06-602T. Washington, D.C.: April 6, 2006. Yucca Mountain: Quality Assurance at DOE's Planned Nuclear Waste Repository Needs Increased Management Attention. GAO-06-313. Washington, D.C.: March 17, 2006. Stand-Down of Los Alamos National Laboratory: Total Costs Uncertain; Almost All Mission-Critical Programs Were Affected but Have Recovered. GAO-06-83. Washington, D.C.: November 18, 2005. Department of Energy: Improved Guidance, Oversight, and Planning Are Needed to Better Identify Cost-Saving Alternatives for Managing Low- Level Radioactive Waste. GAO-06-94. Washington, D.C.: October 31, 2005. Department of Energy: Additional Opportunities Exist for Reducing Laboratory Contractors' Support Costs. GAO-05-897. Washington, D.C.: September 9, 2005. Department of Energy: Improved Oversight Could Better Ensure Opportunities for Small Business Subcontracting. GAO-05-459. Washington, D.C.: May 13, 2005. Department of Energy: Further Actions Are Needed to Strengthen Contract Management for Major Projects. GAO-05-123. Washington, D.C.: March 18, 2005. [End of section] Highlights: High-Risk Series: National Aeronautics and Space Administration Contract Management: GAO Highlights: For additional information about this high-risk area, contact Allen Li at (202) 512-4841or lia@gao.gov. Why Area Is High Risk: NASA’s success largely depends on the work of its contractors—on which NASA spends about 85 percent of its annual budget. In 1990, GAO designated NASA’s contract management as high risk. This area has been designated as high risk principally because NASA has lacked a modern financial management system to provide accurate and reliable information on contract spending and placed little emphasis on product performance, cost controls, and program outcomes. These weaknesses pose significant challenges to NASA’s ability to implement corrective actions and make informed investment decisions. Due to the considerable challenges NASA continues to face in implementing effective systems and processes, contract management remains high risk. What GAO Found: We reported in 2003 that NASA’s integrated financial management program did not address many of its most significant management challenges, including producing credible cost estimates and providing the information needed to monitor contractor performance. Since then, NASA has made some progress towards implementing its system. For example, the agency has instituted a corrective action plan focused on the recommendations we made in conjunction with our 2005 review, to include (1) releasing an updated version of its architecture and information technology investment sequencing plan; (2) initiating reviews of proposed and existing investments to determine alignment with the architecture; (3) implementing a requirements management process that complies with applicable standards and NASA requirements, including validation processes that capture necessary metrics that allow officials to evaluate the effectiveness of processes; and (4) implementing life-cycle cost estimates for the program. As we reported in 2006, the key for federal agencies, including NASA, to avoid the long-standing problems that have plagued financial management system improvement efforts is to (1) develop a concept of operations; (2) define standard business processes, which may include reengineering existing processes; and (3) effectively implement the disciplined processes necessary to manage the project. Although NASA has made progress toward implementing disciplined project management processes, limited progress has been made in other areas, including reengineering NASA’s contractor cost reporting process. As a result, the system still does not provide cost information that program managers and cost estimators need to develop credible estimates and compare budgeted and actual cost with the work performed on the contract. In addition to establishing an integrated financial management system, much work remains to ensure effective program management and contractor oversight. As GAO previously reported, NASA often does not obtain from its contractors the financial data and performance information needed to assess progress on its contracts. In addition, NASA does not yet have the full complement of analytical tools and staff trained needed to perform cost analyses, including earned value management. Until NASA has the data, tools, and analytical skills needed to alert program managers of potential cost overruns and schedule delays and take corrective action before discrepancies occur, it will continue to face challenges in effectively overseeing its contractors. NASA plans to spend nearly $230 billion alone, over the next two decades, to implement the President’s 2004 Vision for Space Exploration. Implementing the Vision, including establishing a permanent lunar outpost, will entail a multitude of contracts and will require a sustained commitment from multiple administrations and Congresses over the length of the program. The realistic identification of needed resources and accurate accounting of cost and contractor performance would go a long way to provide support for such a sustained commitment and provide the basis for congressional oversight. What Remains to Be Done: While progress has been made, NASA needs to take additional steps in order to improve contract management and program oversight. These include: * consistently instilling a disciplined cost-estimating process in project development efforts, * reengineering key business processes to include contractor cost reporting processes, and: * ensuring that it obtains the information needed to assess progress on its contracts. Strong executive leadership will be critical for ensuring that its financial management organization delivers the kind of analysis and forward-looking information needed to manage its many complex programs. Related Products: National Aeronautics and Space Administration Contract Management: NASA: Sound Management and Oversight Key to Addressing Crew Exploration Vehicle Project Risks. GAO-06-1127T. September 28, 2006. Enterprise Architecture: Leadership Remains Key to Establishing and Leveraging Architectures for Organizational Transformation. GAO-06- 831. Washington, D.C.: August 14, 2006. NASA: Long-Term Commitment to and Investment in Space Exploration Program Requires More Knowledge. GAO-06-817R. Washington, D.C.: July 17, 2006. NASA's James Webb Space Telescope: Knowledge-Based Acquisition Approach Key to Addressing Program Challenges. GAO-06-634. Washington, D.C.: July 14, 2006. Financial Management Systems: Additional Efforts Needed to Address Key Causes of Modernization Failures. GAO-06-184. Washington, D.C.: March 15, 2006. NASA: Implementing a Knowledge-Based Acquisition Framework Could Lead to Better Investment Decisions and Project Outcomes. GAO-06-218. Washington, D.C.: December 21, 2005. NASA: Long-standing Financial Management Challenges Threaten the Agency's Ability to Manage Its Programs. GAO-06-216T. Washington, D.C.: October 27, 2005. Business Modernization: Some Progress Made toward Implementing GAO Recommendations Related to NASA's Integrated Financial Management Program. GAO-05-799R. Washington, D.C.: September 9, 2005. [End of Section] Highlights: High-Risk series: Management of Interagency Contracting: GAO Highlights: For additional information about this high-risk area, contact William T. Woods at (202) 512-8214 or woodsw@gao.gov. Why Area Is High Risk: Federal agencies have increasingly turned to interagency contracting—a process by which one agency uses other agencies’ contracts and contracting services—as a way to streamline the procurement process. This contracting method can offer benefits of improved efficiency and convenience, but it needs to be effectively managed. Due to continued growth in the use of these contracts, the limited expertise of some customers and service providers in using these contracts, and unclear lines of responsibility, GAO designated interagency contracting as a high-risk area in 2005. Proper use of this contracting method requires strong internal controls, clear definition of roles and responsibilities, and training for both customers and servicing agencies. GAO’s work and that of agency inspectors general has continued to find cases in which agencies have not adequately met these challenges. What GAO Found: Governmentwide, the use of interagency contracts to procure goods and services has continued to increase over the past several years. In particular, spending through the General Services Administration (GSA) schedule contracts has increased by $4 billion during the last 2 years. Figure: GSA Schedule Sales, Fiscal Years 1996 through 2006: [see PDF for Image] Source: GSA. [End of Figure] Interagency contracts provide agencies with convenient access to commonly needed goods and services, for which the agencies that establish these contracts and provide contracting services charge a fee to support their operations. When used correctly, interagency contracts provide opportunities to streamline the procurement process and achieve savings through leveraging the government’s buying power. However, monitoring and oversight of these contracts have not kept up with their growth, and there are no complete and reliable data on how much is spent governmentwide through interagency contracts or the amount of fees paid by agencies using this contracting method. GAO and agency inspectors general continue to find that the agencies involved in the interagency contracting process have not always obtained required competition, evaluated contracting alternatives, or conducted adequate oversight. For example, there have been recent cases in which agencies have issued orders that were beyond the scope of the underlying contracts, internal controls for ensuring proper payments were not in place, and oversight responsibilities were not clearly defined. Agencies have begun to address these challenges by issuing new guidance and adding training requirements to improve the expertise of the acquisition workforce, and the Office of Management and Budget has convened a working group to improve the management of interagency contracting. However, work remains to ensure these contracts and contracting services are properly managed and that intended efficiencies are achieved. What Remains to Be Done: While agencies have taken some action in response to GAO recommendations, specific and targeted approaches are still needed to address interagency contracting management risks. Roles and responsibilities of both customers and servicing agencies need to be clearly defined; servicing agencies need to continue to adopt and implement policies and processes that ensure that customer service demands do not override sound contracting practices; and agencies need to track the use of this contracting method to assess whether it provides good outcomes. Related Products: Management of Interagency Contracting: Interagency Contracting: Improved Guidance, Planning, and Oversight Would Enable the Department of Homeland Security to Address Risks. GAO- 06-996. Washington, D.C.: September 27, 2006. Homeland Security: Contract Management and Oversight for Visitor and Immigrant Status Program Need to Be Strengthened. GAO-06-404. Washington, D.C.: June 9, 2006. Department of Energy, Office of Worker Advocacy: Deficient Controls Led to Millions of Dollars in Improper and Questionable Payments to Contractors. GAO-06-547. Washington, D.C.: May 31, 2006. Federal Bureau of Investigation: Weak Controls over Trilogy Project Led to Payment of Questionable Contractor Costs and Missing Assets. GAO-06- 306. Washington, D.C.: February 28, 2006. U.S. Office of Special Counsel: Selected Contracting and Human Capital Issues. GAO-06-16. Washington, D.C.: November 17, 2005. Improvements Needed to the Federal Procurement Data System--Next Generation. GAO-05-960R. Washington, D.C.: September 27, 2005. Interagency Contracting: Franchise Funds Provide Convenience, but Value to DOD Is Not Demonstrated. GAO-05-456. Washington, D.C.: July 29, 2005. Interagency Contracting: Problems with DOD's and Interior's Orders to Support Military Operations. GAO-05-201. Washington, D.C.: April 29, 2005. Homeland Security: Successes and Challenges in DHS's Efforts to Create an Effective Acquisition Organization. GAO-05-179. Washington, D.C.: March 29, 2005. Contract Management: Opportunities to Improve Pricing of GSA Multiple Award Schedules Contracts. GAO-05-229. February 11, 2005. [End of Section] Highlights: High-Risk Series: Enforcement of Tax Laws: GAO Highlights: For additional information about this high-risk area, contact Michael Brostek or James White at (202) 512-9110 or at brostekm@gao.gov or whitej@gao.gov. Why Area Is High Risk: Internal Revenue Service (IRS) enforcement of the tax laws is vital to promote compliance by giving taxpayers confidence that others are paying their fair share. In 1990, GAO designated one aspect of enforcement—collection of tax debt—as high risk, later broadening it to include both unpaid taxes known to IRS and unpaid taxes IRS has not detected. In 1995, GAO added a new high-risk area related to the Earned Income Credit, a refundable tax credit available to certain low-income, working taxpayers. In 2005, GAO combined these two IRS high-risk issues under enforcement of tax laws, in part, to reflect IRS’s current appropriations. What GAO Found: IRS has made noticeable progress in its enforcement efforts. In 2006, enforcement revenue rose about 13 percent compared to 2004 levels. Based on preliminary data, IRS increased the overall percentage of tax returns examined between 2004 and 2006 by about 30 percent. IRS completed compliance research on individual taxpayers under its National Research Program (NRP) in 2005 and is using the results to better target operational audits. IRS also set a long-term goal to increase the compliance rate. Nevertheless, IRS’s most recent estimate is that the gross tax gap (the difference between the taxes that should have been paid voluntarily and on time and what was actually paid) was $345 billion for tax year 2001. IRS estimated that it would eventually collect $55 billion of this amount, leaving a net tax gap of $290 billion in unpaid taxes. IRS lacks a data-based plan to improve compliance. Such a plan would require quantitative estimates of how changes to its service and enforcement programs affect compliance. Given the considerable challenges to quantifying the relationship between IRS’s efforts and changes in compliance levels, a long-term research effort will be needed. In the interim, IRS’s plans need to clearly describe why the specific service and enforcement strategies it proposes are likely to improve compliance. Although the NRP does not quantify the effect of IRS’s programs on compliance, it provides invaluable information on individual taxpayers’ compliance. IRS has begun another study on S-corporations’ compliance. However, IRS has no plans to repeat the study on individual taxpayers, which took years to plan and execute, or conduct similar research on all other significant components of the tax gap. To further improve available information, IRS needs periodic, if not annual, measurements of compliance levels to gauge the extent to which compliance is improving or declining and to effectively target its service and enforcement efforts. Real progress in reducing the tax gap will require efforts beyond current enforcement. IRS and Congress will need to develop and IRS will need to execute multiple strategies over a sustained period. Strategies could include simplifying the tax code or specific code sections, improving service to taxpayers, obtaining new sources of information to help identify and deter noncompliance, and expanding the use of proven tools for obtaining high levels of compliance, like additional withholding of taxes and third-party information reporting. Further, IRS will need to leverage technology to better help taxpayers who want to comply as well as more efficiently detect noncompliance. Technology could reduce the costs of providing individualized service to taxpayers. In an era of tight budgets, technology could also help increase the productivity of enforcement staff. What Remains to Be Done: To improve its enforcement of tax laws, IRS must: * develop a data-based plan and specific recommendations to improve compliance; * continue to perform compliance research on a regular basis, use the results to justify resource requests, target scarce enforcement resources, and develop other corrective measures for all aspects of tax law enforcement; * develop, in consultation with the Department of the Treasury, new and innovative solutions to improve compliance; and: * continue to modernize its technology that underpins service and enforcement efforts. Related Products: Enforcement of Tax Laws: Tax Debt Collection: IRS Needs to Complete Steps to Help Ensure Contracting Out Achieves Desired Results and Best Use of Federal Resources. GAO-06-1065. Washington, D.C.: September 29, 2006. Business Tax Reform: Simplification and Increased Uniformity of Taxation Would Yield Benefits. GAO-06-1113T. Washington, D.C.: September 20, 2006. Individual Income Tax Policy: Streamlining, Simplification, and Additional Reforms Are Desirable. GAO-06-1028T. Washington, D.C.: August 3, 2006. Tax Compliance: Opportunities Exist to Reduce the Tax Gap Using a Variety of Approaches. GAO-06-1000T. Washington, D.C.: July 26, 2006. Capital Gains Tax Gap: Requiring Brokers to Report Securities Cost Basis Would Improve Compliance if Related Challenges Are Addressed. GAO- 06-603. Washington, D.C.: June 13, 2006. Tax Compliance: Challenges to Corporate Tax Enforcement and Options to Improve Securities Basis Reporting. GAO-06-851T. Washington, D.C.: June 13, 2006. Business Systems Modernization: IRS Needs to Complete Recent Efforts to Develop Policies and Procedures to Guide Requirements Development and Management. GAO-06-310. Washington, D.C.: March 20, 2006. Financial Management: Thousands of GSA Contractors Abuse the Federal Tax System. GAO-06-492T. Washington, D.C.: March 14, 2006. Tax Gap: Making Significant Progress in Improving Tax Compliance Rests on Enhancing Current IRS Techniques and Adopting New Legislative Actions. GAO-06-453T. Washington, D.C.: February 15, 2006. Tax Gap: Multiple Strategies, Better Compliance Data, and Long-Term Goals Are Needed to Improve Taxpayer Compliance. GAO-06-208T. Washington, D.C.: October 26, 2005. Financial Management: Thousands of Civilian Agency Contractors Abuse the Federal Tax System with Little Consequence. GAO-05-637. Washington, D.C.: June 16, 2005. [End of Section] Highlights: High-Risk Series: Internal Revenue Service Business Systems Modernization: GAO Highlights: For additional information about this high-risk area, contact David A. Powner at (202) 512-9286 or pownerd@gao.gov, or Steven J. Sebastian at (202) 512-3406 or sebastians@gao.gov. Why Area Is High Risk: The Internal Revenue Service’s (IRS) highly complex, multibillion- dollar Business Systems Modernization (BSM) program is critical to (1) the successful transformation of the agency’s manual paper-intensive business operations, (2) fulfillment of its obligations under the IRS Restructuring and Reform Act, and (3) providing the reliable and timely financial management information needed to better enable IRS to justify its resource allocation decisions and congressional budgetary requests. Despite progress in improving modernization management controls and capabilities and addressing long-standing financial management weaknesses, significant challenges and serious risks remain. What GAO Found: IRS has long relied on obsolete automated systems for key operational and financial management functions, and its attempts to modernize these aging computer systems span several decades. A long history of continuing delays and design difficulties and their impact on IRS’s operations led GAO to designate IRS’s systems modernization and its financial management as separate high-risk areas in 1995. In 2005, GAO noted that, despite progress in establishing management controls, in acquiring foundational system infrastructure and applications, and in addressing several financial management deficiencies, including deficiencies in controls over budgetary activity and property and equipment, both BSM and financial management remained high risk. Since resolution of IRS’s most serious remaining financial management problems depended largely upon the success of BSM, GAO combined the two issues into one high-risk area. IRS has made further progress since 2005 in addressing GAO’s concerns about the management of BSM. For example, IRS (1) delivered releases of key automated systems associated with processing various individual returns for single and head-of-household taxpayers and accepting electronic returns for select businesses and tax-exempt organizations, (2) made progress in addressing high-priority program initiatives and significant risks and issues affecting its systems, and (3) developed a high-level modernization vision and strategy to address program changes and provide a modernization road map. In addition, IRS implemented the initial phase of several key automated financial management systems, including a cost accounting module that it populated with data; developed a methodology to allocate costs to its business units; and improved the reliability of its property and equipment records. IRS has also taken corrective actions related to aspects of financial management that are not dependent on automated systems, such as further improving physical security over hard-copy tax receipts and related data. However, GAO recently reported that while some project releases were delivered within cost or schedule commitments, others continued to experience cost increases or schedule delays. In addition, critical management controls and capabilities have not yet been fully implemented or institutionalized. Further, the outdated legacy financial management systems IRS continues to rely on are not integrated with supporting records for several material balances, do not provide adequate audit trails for those balances, and cannot provide current information to support decision making. IRS is taking action to resolve these issues and to address GAO’s recommendations related to BSM and financial management. However, more remains to be done to fully address the problems that have affected past systems modernization efforts and that continue to affect IRS’s ability to successfully modernize its operational and financial management systems. What Remains to Be Done: While IRS has made progress in reducing risk with systems modernization and financial management, improvements made have not been sustained long enough to provide confidence that the program is fully stable. In addition, many challenges remain, including (1) improving processes for designing, developing and delivering modernized IT systems; and (2) developing and utilizing cost-based performance measures to assist in measuring the effectiveness of programs over time. Related Products: Internal Revenue Service Business Systems Modernization: Financial Audit: IRS's Fiscal Years 2006 and 2005 Financial Statements. GAO-07-136. Washington, D.C.: November, 9, 2006. Internal Revenue Service: Status of Recommendations from Financial Audits and Related Management Reports. GAO-06-560. Washington, D.C.: June 6, 2006. Management Report: Improvements Needed in IRS's Internal Controls. GAO- 06-543R. Washington, D.C.: May 12, 2006. Internal Revenue Service: Assessment of the Interim Results of the 2006 Filing Season and Fiscal Year 2007 Budget Request. GAO-06-499T. Washington, D.C.: April 27, 2006. Internal Revenue Service: Assessment of the Interim Results of the 2006 Filing Season and Fiscal Year 2007 Budget Request. GAO-06-615T. Washington, D.C.: April 6, 2006. Business Systems Modernization: IRS Needs to Complete Recent Efforts to Develop Policies and Procedures to Guide Requirements Development and Management. GAO-06-310. Washington, D.C.: March 20, 2006. Business Systems Modernization: Internal Revenue Service's Fiscal Year 2006 Expenditure Plan. GAO-06-360. Washington, D.C.: February 21, 2006. Financial Audit: IRS's Fiscal Years 2005 and 2004 Financial Statements. GAO-06-137. Washington, D.C.: November 10, 2005. Business Systems Modernization: Internal Revenue Service's Fiscal Year 2005 Expenditure Plan. GAO-05-774. Washington, D.C.: July 22, 2005. IRS Modernization: Continued Progress Requires Addressing Resource Management Challenges. GAO-05-707T. Washington, D.C.: May 19, 2005. Internal Revenue Service: Status of Recommendations from Financial Audits and Related Management Reports. GAO-05-393. Washington, D.C.: April 29, 2005. Management Report: Improvements Needed in IRS's Internal Controls. GAO- 05-247R. Washington, D.C.: April 27, 2005. Management Report: Review of Controls over Safeguarding Taxpayer Receipts and Information at the Brookhaven Service Center Campus. GAO- 05-319R. March 10, 2005. Opportunities to Improve Timeliness of IRS Lien Releases. GAO-05-26R. Washington, D.C.: January 10, 2005. [End of Section] Highlights: High-Risk Series: Modernizing Federal Disability Programs: GAO Highlights: For additional information about this high-risk area, contact Robert E. Robertson at (202) 512-7215 or robertsonr@gao.gov, or Daniel Bertoni at (202) 512-7215 or bertonid@gao.gov. Why Area Is High Risk: In January 2003, GAO designated modernizing federal disability programs as a high-risk area because of challenges that continue today. For example, despite opportunities afforded by medical and technological advances and the growing expectations that people with disabilities can and want to work, federal disability programs remain grounded in outmoded concepts that equate medical conditions with work incapacity. Moreover, just as the disability programs are positioned to grow rapidly with current demographics, the Social Security Administration (SSA) and the Department of Veterans Affairs (VA) face difficult challenges in providing timely and consistent disability decisions. Modernizing federal disability programs remains a high-risk area as solutions are likely to require fundamental changes, including regulatory and legislative action. What GAO Found: GAO’s work examining federal disability programs has found that the major disability programs are neither well aligned with the 21st century environment nor positioned to provide meaningful and timely support. In particular, SSA’s and VA’s disability programs are based on definitions and concepts that originated over 50 years ago, despite scientific advances that have reduced the severity of some medical conditions and have allowed individuals to live with greater independence and function in work settings. Furthermore, as both programs experience unprecedented growth in the number and complexity of claims filed each year, they continue to face ongoing challenges to make timely, accurate, and consistent decisions. Although SSA and, to a lesser extent, VA have made some progress toward improving their disability programs, significant challenges remain. * Programs are grounded in outmoded concepts of disability. Disability criteria have not been updated to reflect the current state of science, medicine, technology, and labor market conditions. SSA has stated that it is in the process of moving from a “disabled for life” approach to one that helps individuals with disabilities return to work. To this end, SSA has drafted an action plan for modernizing its disability programs that includes removing barriers and disincentives to work and providing work supports earlier. These efforts could potentially shift SSA’s disability programs toward enhancing the productive capabilities of program beneficiaries. VA’s approach to modernization rests largely upon implementing recommendations, if any, that could arise from a review of the appropriateness of VA disability benefits now being conducted by a congressionally appointed commission. The commission is expected to report to Congress in October 2007. As these agencies proceed with their plans, one challenge they face is to coordinate their modernization efforts with other programs providing disability assistance. * Agencies have difficulty managing disability programs. Both SSA and VA still have lengthy disability claims processing times and have limited assurance of the accuracy and consistency of disability decisions. While SSA has begun to implement (1) an electronic disability processing system aimed at eliminating delays caused by the handling of paper claim files and (2) a comprehensive process improvement initiative aimed at making decisions earlier in the process, it is too early to measure the success of these actions. Similarly, in its budget justification for fiscal year 2007, VA identified several steps it plans to take to improve the timeliness of its disability decisions, including moving toward an electronic file system. However, it is not clear whether VA will be able to achieve its planned improvements. What Remains to Be Done: While SSA and VA have taken some actions in response to prior GAO recommendations, GAO continues to believe that SSA and VA should take a lead role in examining the fundamental causes of program problems and seek the regulatory and legislative solutions needed to transform their programs so that they are aligned with the current state of science, medicine, technology, and labor market conditions. Moreover, these agencies should continue to develop and implement strategies to better manage the programs’ accuracy, timeliness, and consistency of decision making. Related Products: Modernizing Federal Disability Programs: Social Security Disability Programs: Clearer Guidance Could Help SSA Apply the Medical Improvement Standard More Consistently. GAO-07-8. Washington, D.C.: October 3, 2006. Social Security Administration: Agency Is Positioning Itself to Implement Its New Disability Determination Process, but Key Facets Are Still in Development. GAO-06-779T. Washington, D.C.: June 15, 2006. Veterans' Disability Benefits: VA Should Improve Its Management of Individual Unemployability Benefits by Strengthening Criteria, Guidance, and Procedures. GAO-06-309. Washington, D.C.: May 30, 2006. Social Security Administration: Administrative Review Process for Adjudicating Initial Disability Claims. GAO-06-640R. Washington, D.C.: May 16, 2006. VA Disability Benefits: Routine Monitoring of Disability Decisions Could Improve Consistency. GAO-06-120T. Washington, D.C.: October 20, 2005. Computer-Based Patient Records: VA and DOD Made Progress, but Much Work Remains to Fully Share Medical Information. GAO-05-1051T. Washington, D.C.: September 28, 2005. Federal Disability Assistance: Wide Array of Programs Needs to Be Examined in Light of 21st Century Challenges. GAO-05-626. Washington, D.C.: June 2, 2005. Veterans' Disability Benefits: Claims Processing Problems Persist and Major Performance Improvements May Be Difficult. GAO-05-749T. Washington, D.C.: May 26, 2005. VA Disability Benefits and Health Care: Providing Certain Services to the Seriously Injured Poses Challenges. GAO-05-444T. Washington, D.C.: March 17, 2005. Social Security Administration: Better Planning Could Make the Ticket Program More Effective. GAO-05-248. Washington, D.C.: March 2, 2005. Vocational Rehabilitation: More VA and DOD Collaboration Needed to Expedite Services for Seriously Injured Servicemembers. GAO-05-167. Washington, D.C.: January 14, 2005. [End of Section] Highlights: High-Risk Series: Pension Benefit Guaranty Corporation Single-Employer Pension Insurance Program: GAO Highlights: For additional information about this high-risk area, contact Barbara Bovbjerg at (202) 512-5491 or bovbjergb@gao.gov. Why Area Is High Risk: The Pension Benefit Guaranty Corporation (PBGC)’s single-employer program insures the pension benefits of over 34 million participants in more than 28,000 private defined benefit (DB) plans. The program’s financial condition has declined from a $9.7 billion surplus in 2000 to an $18.1 billion deficit as of September 30, 2006. PBGC-insured plans had cumulative underfunding of $350 billion, including $73 billion in plans sponsored by financially weak firms. While Congress passed a major pension reform law, the program remains exposed to the threat of terminations of large underfunded plans in weak industries and of sponsors voluntarily terminating or freezing their DB plans. GAO placed the program on its high-risk list in July 2003. What GAO Found: Recently enacted comprehensive pension reform legislation addressed many GAO concerns about the financial condition of PBGC’s single- employer program, although the program remains high risk because of its large deficit (see figure) and uncertainty about the future of the DB system. The Pension Protection Act (PPA) included provisions aimed at shoring up DB plan funding, such as raising the funding targets DB plans must meet, reducing the period over which sponsors can “smooth” reported plan assets and liabilities, and restricting sponsors’ ability to substitute “credit balances” for cash contributions. Other reforms also may increase PBGC revenues by raising flat-rate premiums, expanding variable-rate premiums, and introducing a termination premium for some bankrupt sponsors, while limiting PBGC’s guarantee to pay certain benefits. Congress also clarified the legal status of hybrid cash balance plans, potentially encouraging sponsorship of such plans. While these measures should help, PPA’s overall impact on the single- employer program’s deficit is unclear. PPA did not fully close potential plan funding gaps, and it provided funding relief to plan sponsors in troubled industries. As a result, PBGC may be exposed to additional terminations of large underfunded plans. In fact, PBGC projects that PPA may lower contributions and raise claims relative to previous law, and the Congressional Budget Office forecasts large continued losses for the program. PPA is also unlikely to reverse the long-term decline of the DB system or help PBGC make up its current deficit, as stricter funding requirements and higher premiums may lead sponsors to terminate or freeze their plans. These challenges facing the DB system, coupled with Social Security’s financial deficits and uncertainty about the adequacy and risks of defined contribution plans, raise concerns about the future retirement security of American workers. Figure: Net Financial of PBGC's Single-Employer Program: [See PDF for Image] Source: Pension Benefit Guaranty Corporation. Note: Net position equals program assets less the current value of future benefit obligations for terminated plans and those deemed likely to default. Values are for the end of the fiscal year. [End of Figure] What Remains to Be Done: Although recent comprehensive legislative reform contains measures to improve plan funding and shore up PBGC’s finances, Congress may need to carefully monitor its effects on PBGC’s programs and on DB plans, and may need to take additional action to safeguard the private pension system’s role in national retirement security. In the longer term, Congress will also need to consider even more broadly how the risks and responsibilities for retirement security should be shared among individuals, employers, and government. Related Products: Pension Benefit Guaranty Corporation Single-Employer Pension Insurance: Private Pensions: Opportunities Exist to Further Improve the Transparency of PBGC's Financial Disclosures. GAO-06-429. Washington, D.C.: March 27, 2006. Private Pensions: Information on Cash Balance Pension Plans. GAO-06- 42. Washington, D.C.: November 3, 2005. Private Pensions: Questions Concerning the Pension Benefit Guaranty Corporation's Practices Regarding Single-Employer Probable Claims. GAO- 05-991R. Washington, D.C.: September 9, 2005. Private Pensions: The Pension Benefit Guaranty Corporation and Long- Term Budgetary Challenges. GAO-05-772T. Washington, D.C.: June 9, 2005. Private Pensions: Revision of Defined Benefit Pension Plan Funding Rules Is an Essential Component of Comprehensive Pension Reform. GAO- 05-794T. Washington, D.C.: June 7, 2005. Private Pensions: Government Actions Could Improve the Timeliness and Content of Form 5500 Pension Information. GAO-05-491. Washington, D.C.: June 3, 2005. Highlights of a GAO Forum: The Future of the Defined Benefit System and the Pension Benefit Guaranty Corporation. GAO-05-578SP. Washington, D.C.: June 1, 2005. Private Pensions: Recent Experiences of Large Defined Benefit Plans Illustrate Weaknesses in Funding Rules. GAO-05-294. Washington, D.C.: May 31, 2005. Pension Benefit Guaranty Corporation: Structural Problems Limit Agency's Ability to Protect Itself from Risk. GAO-05-360T. Washington, D.C.: March 2, 2005. [End of section] Highlights: High-Risk Series: Medicare Program: GAO Highlights: For additional information about this high-risk area, contact Marjorie Kanof at (202) 512-5055 or kanofm@gao.gov. Why Area Is High Risk: Since 1990, GAO has designated Medicare a high-risk program. It is a program vulnerable to improper payment and mismanagement, in part due to its sheer size and complexity. In 2005, the program covered over 42 million elderly and disabled beneficiaries and had estimated outlays of over $330 billion, while its most recent estimate of improper payments was about $11 billion. In 2006, Medicare added a new prescription drug benefit that is estimated to cost about $1 trillion in its first 10 years. Absent reform, the program’s spending growth will be unsustainable over time—increasing from an estimated 3.2 percent of GDP in 2006 to 7.3 percent by 2035. While fundamental financing reform is not within the authority of the Centers for Medicare & Medicaid Services (CMS)—the agency that administers Medicare—it has broad responsibility for setting payment rates that encourage efficient delivery of services and control spending, safeguarding the program from loss, improving its management, and overseeing patient safety and care. What GAO Found: Medicare’s design, coupled with rising health care costs and the coming retirement of the baby boomers, presents fiscal and other challenges that demand a strong management response. CMS has made some progress in meeting key challenges it has the authority to tackle, but further action is needed to increase Medicare’s efficiency, integrity, and effectiveness. Reforming and refining payments. Medicare faces financial pressure from growing spending in key areas, such as for physician services, while CMS continues to have difficulty in obtaining maximum value for dollars spent. Nevertheless, in the past 2 years, CMS has taken promising steps in areas where it has authority to refine how it sets or updates Medicare payment rates, such as for hospital services, durable medical equipment, and certain drugs and devices supplied in medical facilities. Enhancing program integrity. Medicare’s November 2006 estimate of its national rate of improper payments was 4.4 percent—the lowest since measurement began in 1996. However certain providers—such as suppliers of durable medical equipment—continue to receive improper payments at a higher rate. CMS has acted on some of GAO’s 2005 recommendations to increase oversight of suppliers and is implementing quality standards for them that will be overseen by accreditation organizations. Improving program management. In 2005, CMS successfully began a multiyear effort to reform its contracting practices by instituting competitive procedures to select its Medicare administrative contractors. CMS has also taken steps to strengthen its processes for managing investments in information technology, but still has limited capabilities to do so. Further, GAO found weaknesses in CMS’s information security controls that could make sensitive, personally identifiable medical information vulnerable to unauthorized access. In addition, the start of CMS’s new Medicare prescription drug benefit was not smooth. Prior to implementation, GAO warned of potential weaknesses in CMS’s approach to enrolling the 6 million beneficiaries eligible for both Medicare and Medicaid. Subsequent problems led several state Medicaid agencies to continue providing drug coverage to these beneficiaries until their enrollment issues could be resolved. In addition, call centers sponsored by the agency or private drug plans fell short in providing accurate and complete information to callers inquiring about the prescription drug benefit. Overseeing patient safety and care. CMS has implemented important improvements to state and federal oversight activities of nursing home quality since 1998. Nevertheless, despite 8 years of effort, CMS has not implemented a more rigorous inspection process that is critical to ensuring that annual inspections do not overlook serious quality-of- care problems. On the other hand, CMS is acting on GAO’s 2006 recommendations to strengthen its oversight of clinical laboratories. What Remains to Be Done: CMS has implemented many GAO recommendations, but further action must be taken to refine Medicare’s payment methods and the collection of data used as a basis for setting payment rates; address integrity weaknesses; improve its management of critical functions, such as ensuring the accuracy, usefulness, and clarity of information provided to the public; and address quality-of-care shortcomings in services provided to beneficiaries. Related Products; Medicare Program: Information Security: The Centers for Medicare & Medicaid Services Needs to Improve Controls over Key Communication Network. GAO-06-750. Washington, D.C.: August 30, 2006. Medicare: CMS's Proposed Approach to Set Hospital Inpatient Payments Appears Promising. GAO-06-880. Washington, D.C.: July 28, 2006. Medicare Physician Payments: Trends in Service Utilization, Spending, and Fees Prompt Consideration of Alternative Payment Approaches. GAO- 06-1008T. Washington, D.C.: July 25, 2006. Medicare Part B Drugs: CMS Data Source for Setting Payments Is Practical but Concerns Remain. GAO-06-971T. Washington, D.C.: July 13, 2006. Medicare Part D: Prescription Drug Plan Sponsor Call Center Responses Were Prompt, but Not Consistently Accurate and Complete. GAO-06-710. Washington, D.C.: June 30, 2006. Clinical Lab Quality: CMS and Survey Organization Oversight Should Be Strengthened. GAO-06-416. Washington, D.C.: June 16, 2006. Medicare: Communications to Beneficiaries on the Prescription Drug Benefit Could Be Improved. GAO-06-654. Washington, D.C.: May 3, 2006. Nursing Homes: Despite Increased Oversight, Challenges Remain in Ensuring High-Quality Care and Resident Safety. GAO-06-117. Washington, D.C.: December 28, 2005. Medicare: Contingency Plans to Address Potential Problems with the Transition of Dual-Eligible Beneficiaries from Medicaid to Medicare Drug Coverage. GAO-06-278R. Washington, D.C.: December 16, 2005. Information Technology: Centers for Medicare & Medicaid Services Needs to Establish Critical Investment Management Capabilities. GAO-06-12. October 28, 2005. Medicare: More Effective Screening and Stronger Enrollment Standards Needed for Medical Equipment Suppliers. GAO-05-656. Washington, D.C.: September 22, 2005. Medicare Contracting Reform: CMS's Plan Has Gaps and Its Anticipated Savings Are Uncertain. GAO-05-873. Washington, D.C.: August 17, 2005. [End of Section] Highlights: High-Risk Series: Medicaid Program: GAO Highlights: For additional information about this high-risk area, contact Kathryn G. Allen at (202) 512-7118 or allenk@gao.gov. Why Area Is High Risk: In 2003, GAO designated Medicaid a high-risk program in part because of growing concerns about the quality of fiscal oversight, which is necessary to prevent inappropriate program spending. Medicaid, the federal-state program that covers acute health care and long-term care services for about 56 million low-income individuals, consists of more than 50 distinct state-based programs that cost the federal government and states an estimated $298 billion in fiscal year 2004. The program accounts for more than 20 percent of states’ expenditures, exerting continuing pressure on state budgets. The federal government, by a formula established in law, can pay from half to more than three- fourths of each state’s Medicaid expenditures. The Centers for Medicare & Medicaid Services (CMS) in the Department of Health and Human Services (HHS) is responsible for overseeing the program at the federal level, while the states administer their respective programs’ day-to-day operations. What GAO Found: Congress and CMS have taken important steps to improve Medicaid’s fiscal integrity and financial management, but the program remains high risk due to concerns about the program’s size, growth, and diversity, as well as the adequacy of fiscal oversight. The program remains at risk due to concerns in several areas: Financing methods that leverage federal funds inappropriately. For more than a decade, some states created the illusion that they had made large Medicaid supplemental payments to certain government providers in order to generate excessive federal matching payments. In reality, the states only temporarily made payments to these providers but then required that the payments be returned. CMS has taken steps to improve its oversight of Medicaid financial management activities, including its efforts to oversee states’ financing methods. However, several oversight weaknesses have not been addressed. For example, CMS has not developed a financial management strategic plan for Medicaid, incorporated the use of key Medicaid data systems into its oversight of states’ claims, or clarified and communicated its policies in several high-risk areas, including supplemental payment arrangements. Waiver programs that inappropriately increase the federal government’s financial liability. The Secretary of HHS has authority to waive certain statutory provisions to allow states to test new ideas for achieving program objectives. Each waiver program must be “budget neutral”: It should not be approved if it would increase the federal financial liability beyond what it would have been without the program. Since the mid-1990s, HHS has permitted states to use questionable methods to demonstrate budget neutrality for waiver programs projected to increase federal costs. For example, GAO earlier reported that HHS’s rationale for approving four states’ waiver program spending limits as budget neutral was unclear and not documented. Inappropriate billing by providers serving program beneficiaries. Medicaid is vulnerable to fraud, waste, and abuse by providers who submit inappropriate claims, which in turn can result in substantial financial losses to states and the federal government. There has been a wide disparity between the level of staff and financial resources that CMS has expended to support and oversee state activities to control fraud and abuse, and the amount of federal Medicaid dollars at risk of fraud and abuse. The Deficit Reduction Act of 2005 (DRA) created the Medicaid Integrity Program and appropriated funds to fight fraud and abuse. As required by DRA, CMS issued a comprehensive 5-year plan in July 2006 that outlined CMS’s organizational structure and initial activities to begin implementing the Medicaid Integrity Program. What Remains to Be Done: A GAO recommendation to Congress to limit Medicaid payments to government facilities to the costs of providing services remains open. HHS has not acted on GAO recommendations to develop methods to better ensure the budget neutrality of Medicaid waiver programs. And CMS has not acted on recommendations to develop a Medicaid financial management strategic plan, identify needed systems projects, and improve guidance to states in certain areas. Related Products: Medicaid Program: Medicaid Third-Party Liability: Federal Guidance Needed to Help States Address Continuing Problems. GAO-06-862. Washington, D.C.: September 15, 2006. Medicaid Financial Management: Steps Taken to Improve Federal Oversight but Other Actions Needed to Sustain Efforts. GAO-06-705. Washington, D.C.: June 22, 2006. Medicaid Integrity: Implementation of New Program Provides Opportunities for Federal Leadership to Combat Fraud, Waste, and Abuse. GAO-06-578T. Washington, D.C.: March 28, 2006. Medicaid Financing: States' Use of Contingency-Fee Consultants to Maximize Federal Reimbursements Highlights Need for Improved Federal Oversight. GAO-05-748. Washington, D.C.: June 28, 2005. Medicaid: States' Efforts to Maximize Federal Reimbursements Highlight Need for Improved Federal Oversight. GAO-05-836T. Washington, D.C.: June 28, 2005. Medicaid Waivers: HHS Approvals of Pharmacy Plus Demonstrations Continue to Raise Cost and Oversight Concerns. GAO-04-480. Washington, D.C.: June 30, 2004. Medicaid and SCHIP: Recent HHS Approvals of Demonstration Waiver Projects Raise Concerns. GAO-02-817. Washington, D.C.: July 12, 2002. [End of Section] Highlights: High-Risk Series: National Flood Insurance Program: GAO Highlights: For additional information about this high-risk area, contact Orice Williams at (202) 512-5837 or williamso@gao.gov. Why Area Is High Risk: GAO placed the National Flood Insurance Program (NFIP) on its high-risk list in March 2006 because the NFIP will unlikely generate sufficient revenues to repay the billions borrowed from the Department of the Treasury to cover flood claims from the 2005 hurricanes. And it is unlikely that NFIP—a key component of the federal government’s efforts to minimize the damage and financial impact of floods—could cover catastrophic losses in future years. Estimated claims for Hurricanes Katrina, Rita, and Wilma far surpass the total claims paid in the 38- year history of the NFIP. The insufficient revenues highlight structural weaknesses in how the program is funded. The Federal Emergency Management Agency (FEMA) is the Department of Homeland Security agency responsible for managing the NFIP. FEMA has taken some steps to address these issues, including reducing the number of subsidized and repetitive loss properties insured, but still faces complex challenges in addressing these issues. What GAO Found: The NFIP, by design, is not actuarially sound. It subsidizes insurance rates for about 26 percent of policies, primarily for certain high-risk buildings constructed before NFIP flood plain regulations were established in their communities. Although policyholders with subsidized rates on average pay more than nonsubsidized policyholders (because the risk of loss is higher), the subsidized rates may be only 35 percent to 40 percent of the true risk premium. Nonsubsidized policyholders pay premiums based on the average historical loss year. However, total collected premiums will unlikely be sufficient to pay all expected flood losses over time. In January 2006, FEMA estimated an annual shortfall in premium income of $750 million because of the policy subsidies. This shortfall is compounded by the losses associated with subsidized properties that have had repeated flood losses (known as repetitive loss properties). Although repetitive loss properties represent only 1 percent of NFIP insured buildings, they account for 25 percent to 30 percent of all claims losses. In addition, the program is not structured to build loss reserves like a typical commercial insurance company, and it does not build and hold capital. Instead, it generally pays claims and expenses out of current premium income. When it has insufficient income to pay claims, the NFIP has authority to borrow from Treasury. Between 1990 and 2003, the NFIP had to borrow from Treasury during three extended periods to cover flood losses. Each time, the NFIP was able to repay, with interest, those borrowed funds. As shown below, the unprecedented losses from the 2005 hurricanes greatly exceeded losses of previous years. It is highly unlikely that the NFIP, as currently funded, could generate revenues to repay Treasury, particularly if future hurricanes result in loss levels greater than the average historical loss levels. From September 2005 to March 2006, Congress three times increased FEMA’s authority to borrow from Treasury—from $1.5 billion originally to $20.8 billion—to help pay for claims from the 2005 hurricane season. As of August 31, 2006, the NFIP has paid out $17.3 billion in claims for 2005 floods. Figure: Flood Loss Payments by Year of Flood Event, 1978 through August 2006: [See PDF for Image] Source: FEMA. [End of Figure] What Remains to Be Done: Comprehensive reform will likely be needed to stabilize the long-term finances of this program. GAO will continue to provide FEMA and Congress with recommendations to help both consider ways to improve the sufficiency of NFIP’s financial resources and current funding mechanism, mitigate losses from repetitive loss properties, increase compliance with mandatory purchase requirements, and expedite FEMA’s $1.5 billion flood map modernization efforts. Related Products: National Flood Insurance Program: GAO's High-Risk Program. GAO-06-497T. Washington, D.C.: March 15, 2006. Federal Emergency Management Agency: Challenges for the National Flood Insurance Program. GAO-06-335T. Washington, D.C.: January 25, 2006. Federal Emergency Management Agency: Improvements Needed to Enhance Oversight and Management of the National Flood Insurance Program. GAO- 06-119. Washington, D.C.: October 18, 2005. Federal Emergency Management Agency: Oversight and Management of the National Flood Insurance Program. GAO-06-183T. Washington, D.C.: October 20, 2005. Federal Emergency Management Agency: Challenges Facing the National Flood Insurance Program. GAO-06-174T. Washington, D.C.: October 18, 2005. Flood Map Modernization: Federal Emergency Management Agency's Implementation of a National Strategy. GAO-05-894T. Washington, D.C.: July 12, 2005. National Flood Insurance Program: Oversight of Policy Issuance and Claims. GAO-05-532T. Washington, D.C.: April 14, 2005. Flood Map Modernization: Program Strategy Shows Promise, but Challenges Remain. GAO-04-417. Washington, D.C.: March 31, 2004. National Flood Insurance Program: Actions to Address Repetitive Loss Properties. GAO-04-401T. Washington, D.C.: March 25, 2004. [End of section] (450513): FOOTNOTES [1] GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: January 2005). [2] GAO, Determining Performance and Accountability Challenges and High Risks, GAO-01-159SP (Washington, D.C.: November 2000). [3] GAO, Single-Family Housing: Progress Made, but Opportunities Exist to Improve HUD's Oversight of FHA Lenders, GAO-05-13 (Washington, D.C.: Nov. 12, 2004). [4] GAO, HUD Single-Family and Multifamily Property Programs: Inadequate Controls Resulted in Questionable Payments and Potential Fraud, GAO-04-390 (Washington, D.C.: Mar. 3, 2004). [5] GAO, Mortgage Financing: FHA's $7 Billion Reestimate Reflects Higher Claims and Changing Loan Performance Estimates, GAO-05-875 (Washington, D.C.: Sept. 2, 2005). [6] GAO, Mortgage Financing: HUD Could Realize Additional Benefits from Its Mortgage Scorecard, GAO-06-435 (Washington, D.C.: Apr. 13, 2006). [7] GAO, HUD Rental Assistance: Progress and Challenges in Measuring and Reducing Improper Rent Subsidies, GAO-05-224 (Washington, D.C.: Feb. 18, 2005). [8] GAO, HUD Human Capital Management: Comprehensive Strategic Workforce Planning Needed, GAO-02-839 (Washington, D.C.: July 24, 2002). [9] GAO, HUD Management: Actions Needed to Improve Acquisition Management, GAO-03-157 (Washington, D.C.: Nov. 15, 2002). [10] "State of good repair" is the outcome expected from the capital investment needed to restore Amtrak's right-of-way (track, signals, and auxiliary structures), other infrastructure (e.g., stations), and equipment to a condition that requires only routine maintenance. [11] As we have reported, the trucking and barge industries pay fees and taxes to use this government-funded infrastructure, but their payments generally do not cover the costs they impose on highways and waterways. [12] GAO, Export Controls: Clarification of Jurisdiction for Missile Technology Items Needed, GAO-02-120 (Washington, D.C.: Oct. 9, 2001); and Export Controls: Improvements to Commerce's Dual-Use System Needed to Ensure Protection of U.S. Interests in the Post-9/11 Environment, GAO-06-638 (Washington, D.C.: June 26, 2006). [13] GAO, Defense Trade: Enhancements to the Implementation of Exon- Florio Could Strengthen the Law's Effectiveness, GAO-05-686 (Washington, D.C.: Sept. 28, 2005). [14] GAO, Defense Acquisitions: DOD Needs to Better Support Program Managers' Implementation of Anti-Tamper Protection, GAO-04-302 (Washington, D.C.: Mar. 31, 2004). [15] GAO, Defense Trade: Arms Export Control System in the Post-9/11 Environment, GAO-05-234 (Washington, D.C.: Feb. 16, 2005); and Defense Trade: Arms Export Control Vulnerabilities and Inefficiencies in the Post-9/11 Security Environment, GAO-05-468R (Washington, D.C.: Apr. 7, 2005). [16] This covers license applications processed between October 1, 2001, and April 30, 2004. [17] GAO, Export Controls: Improvements to Commerce's Dual-Use System Needed to Ensure Protection of U.S. Interests in the Post-9/11 Environment, GAO-06-638 (Washington, D.C.: June 26, 2006). [18] GAO, Defense Trade: Arms Export Control Vulnerabilities and Inefficiencies in the Post-9/11 Security Environment, GAO-05-468R (Washington, D.C.: Apr. 7, 2005). [19] GAO, Industrial Security: DOD Cannot Ensure Its Oversight of Contractors under Foreign Influence Is Sufficient, GAO-05-681 (Washington, D.C.: July 15, 2005). [20] The Export Administration Act is not permanent legislation. When the authority granted under the act lapsed in 2001, the controls established under the act and the implementing regulations were continued under Executive Order 13222, which was issued under the authority provided by the International Emergency Economic Powers Act. [21] GAO, 21st Century Challenges: Reexamining the Base of the Federal Government, GAO-05-325SP (Washington, D.C.: February 2005). [22] GAO, Overseeing the U.S. Food Supply: Steps Should Be Taken to Reduce Overlapping Inspections and Related Activities, GAO-05-549T (Washington, D.C.: May 17, 2004). [23] GAO, Oversight of Food Safety Activities: Federal Agencies Should Pursue Opportunities to Reduce Overlap and Better Leverage Resources, GAO-05-213 (Washington, D.C.: Mar. 30, 2005). [24] GAO, Food Safety: USDA and FDA Need to Better Ensure Prompt and Complete Recalls of Potentially Unsafe Food, GAO-05-51 (Washington, D.C.: Oct. 6, 2004). [25] GAO, Homeland Security: Much Is Being Done to Protect Agriculture from a Terrorist Attack, but Important Challenges Remain, GAO-05-214 (Washington, D.C.: Mar. 8, 2005). [26] GAO, Food Safety: Federal Oversight of Seafood Does Not Sufficiently Protect Consumers, GAO-01-204 (Washington, D.C.: Jan. 31, 2001). [27] GAO, Food Safety: FDA's Imported Seafood Safety Program Shows Some Progress, but Further Improvements Are Needed, GAO-04-246 (Washington, D.C.: Jan. 30, 2004). [28] GAO, Overseeing the U.S. Food Supply: Steps Should Be Taken to Reduce Overlapping Inspections and Related Activities, GAO-05-549T (Washington, D.C.: May 17, 2005). [29] Institute of Medicine, Ensuring Safe Food from Production to Consumption, Washington, D.C.: National Academy Press, 1998. [30] GAO, Food Safety and Security: Fundamental Changes Needed to Ensure Safe Food, GAO-02-47T (Washington, D.C.: Oct. 10, 2001). GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: