This is the accessible text file for GAO report number GAO-11-194 
entitled 'Department of Education: Improved Oversight and Controls 
Could Help Education Better Respond to Evolving Priorities' which was 
released on February 10, 2011. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Report to the Ranking Member, Committee on Education and the 
Workforce, House of Representatives: 

February 2011: 

Department of Education: 

Improved Oversight and Controls Could Help Education Better Respond to 
Evolving Priorities: 

GAO-11-194: 

GAO Highlights: 

Highlights of GAO-11-194, a report to the Ranking Member, Committee on 
Education and the Workforce, House of Representatives. 

Why GAO Did This Study: 

The U.S. Department of Education (Education) manages one of the 
largest discretionary appropriations of any federal agency, and plays 
a key role in supporting efforts to meet the nation’s education goals. 
While Education managed a discretionary appropriation of over $160 
billion in fiscal year 2009 and was responsible for administering 
about 200 grant programs, it has the smallest workforce of any cabinet 
agency. As requested, this report examines (1) the key high-level 
management challenges facing Education, (2) Education’s strategic 
management of its workforce, (3) Education’s design of internal 
controls to help ensure accountability over contracts and student aid 
grants, and (4) Education’s information technology (IT) management 
controls. To do this, GAO reviewed relevant Education documents and 
interviewed Education program and management officials about strategic 
workforce management, IT, contracts, and Pell Grants. 

What GAO Found: 

Education faces challenges in managing expanded responsibilities and 
evolving program priorities. In recent years Education has faced a 
large increase in the amount of grant funding and programs that it is 
responsible for managing. Education’s annual budget increased by 
nearly 36 percent in real terms between fiscal years 2000 and 2008, 
and Congress authorized additional funds under the American Recovery 
and Reinvestment Act of 2009 (Recovery Act). Education will be further 
challenged to administer additional competitive programs under the 
Recovery Act, and current legislative proposals may shift additional 
programs to competitive award processes. This new emphasis on 
competitive programs may change job requirements for grants managers 
and increase demands on staff to monitor these programs. 

Education has improved its strategic workforce planning and 
performance management systems, but lacks workload data and sufficient 
oversight of performance standards and appraisals. Education has 
addressed many key elements of effective strategic workforce planning 
identified by GAO. However, a lack of reliable data on workload has 
limited the ability of the agency to accurately estimate resource 
needs and inform workforce planning efforts. Education has recently 
made improvements to its performance management system, but the system 
lacks sufficient oversight to ensure that performance standards and 
appraisals are consistent across the department. 

Education has developed overall guidance directed at maintaining 
financial accountability over two of its challenging resource 
management areas—contract monitoring and Pell Grants. However, 
Education has not yet developed and implemented detailed procedures 
for all control activities essential to ensuring that its contract 
monitoring policy directives are effectively carried out, including 
conducting supervisory reviews and documenting contract monitoring 
activity. Such deficiencies impair Education’s ability to maintain 
effective financial accountability over its significant contract 
resource investment. GAO’s review of internal controls over its Pell 
Grants program did not identify any flaws in their overall design. 

Education has developed key IT management controls, but still faces 
challenges with planning and investment management. Education has 
developed an information resources management strategic plan as 
required, but did so prior to the development of an updated department 
strategic plan, and without incorporating the IT goals from other key 
planning documents. In addition, Education has established controls to 
evaluate its IT investments, but has not conducted postimplementation 
reviews as required. Education has taken steps to improve IT security 
and privacy, but is still working to address a 2009 recommendation by 
the Education Office of the Inspector General about implementing 
appropriate security controls. 

What GAO Recommends: 

GAO recommends that Education take steps to better estimate workloads; 
strengthen safeguards over its performance management system; properly 
implement established contract monitoring guidelines; and improve its 
management controls over IT resources. Education generally agreed with 
our recommendations. 

View [hyperlink, http://www.gao.gov/products/GAO-11-194] or key 
components. For more information, contact George A. Scott at (202) 512-
7215 or scottg@gao.gov. 

[End of section] 

Contents: 

Letter: 

Background: 

Education Faces Challenges in Managing Added Responsibilities and 
Shifting Program Priorities: 

Education Has Implemented Workforce Management Initiatives but Lacks 
Workload Data and Sufficient Performance Management Oversight: 

Education Has Policies over Contract Monitoring and Pell Grants, but 
FSA's Contract Monitoring Procedures Are Insufficient: 

Education Has Established Important Information Technology Management 
Controls, but Planning And Investment Management Challenges Remain: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Objectives, Scope, and Methodology: 

Appendix II: Summary of Changes to Education's Performance Management 
System, Implemented in 2010: 

Appendix III: Education IT Governance Structure: 

Appendix IV: Comments from the Department of Education: 

Appendix V: GAO Contact and Staff Acknowledgments: 

Tables: 

Table 1: Key Principles for Effective Strategic Workforce Planning and 
Key Education Efforts, Fiscal Years 2001 through 2010: 

Table 2: Key Pell Grant Program Financial Accountability Controls: 

Figures: 

Figure 1: Organizational Structure of Education Offices Included in 
GAO Review: 

Figure 2: Education Grants Awarded and Staffing Levels, Fiscal Years 
2000 through 2010: 

Figure 3: Education Department Offices Included in Our Review of 
Strategic Workforce Planning and Employee Performance Management: 

Figure 4: Education Department Offices Related to Our Review of 
Information Technology Controls and Management, Fiscal Year 2010: 

Figure 5: Education IT Governance Process: 

Abbreviations: 

EDPAS: Education Department Performance Appraisal System: 

Education: Department of Education: 

FISMA: Federal Information Security Management Act: 

FSA: Federal Student Aid: 

IRM: Information Resources Management: 

IT: information technology: 

OCIO: Office of the Chief Information Officer: 

OIG: Office of Inspector General: 

OPM: Office of Personnel Management: 

OMB: Office of Management and Budget: 

PAAT: Performance Assessment and Accountability Tool: 

REACH: Results Achieved: 

Recovery Act: American Recovery and Reinvestment Act of 2009: 

[End of section] 

United States Government Accountability Office: 
Washington, DC 20548: 

February 10, 2011: 

The Honorable George Miller:
Ranking Member:
Committee on Education and the Workforce:
House of Representatives: 

Dear Mr. Miller: 

The U.S. Department of Education (Education) is responsible for 
managing one of the largest discretionary appropriations of any 
federal agency and plays a key role in kindergarten through grade 12 
(K-12) and postsecondary education by supporting and funding efforts 
to improve student achievement and ensure equal access.[Footnote 1] 
During fiscal year 2009, Education managed a discretionary 
appropriation in excess of $160 billion--an increase of approximately 
170 percent over the previous fiscal year, primarily due to $98.2 
billion in additional funding provided by the American Recovery and 
Reinvestment Act of 2009 (Recovery Act).[Footnote 2] Education 
administers about 200 programs that award grants for K-12 and higher 
education to grantees that include states, school districts, and 
institutions of higher education. Education is also responsible for 
administering student financial aid for more than 14 million 
postsecondary students through loans, grants, and other assistance, 
including Pell Grants, which are grants to low-income students to 
promote access to higher education. Despite a large discretionary 
budget relative to most federal agencies, Education has the smallest 
workforce of any cabinet-level agency. In fiscal year 2010, Education 
had approximately 4,200 employees in headquarters and field offices, 
and the number has decreased over the past decade. The department has 
over 20 offices, including those responsible for programs and research 
(program offices) and for management and business operations 
(management offices) to support program activities. 

Given the increasing amount of federal funding it is responsible for 
administering and its decreasing staff resources, Education must rely 
on effective management of resources, including human capital, grants 
and contracts, and information technology (IT), to accomplish its 
diverse goals. In prior reports, GAO and Education's Office of 
Inspector General (OIG) have identified issues with Education's 
management of these resources. In response to your request, we 
addressed the following questions: (1) What key, high-level management 
challenges does Education face? (2) To what extent does Education have 
human capital strategic planning and management strategies to meet its 
workforce needs? (3) To what extent has Education designed internal 
controls to help ensure accountability over contracts and student aid 
grants? (4) To what extent has Education established management 
controls needed to oversee, manage, and modernize its IT to support 
its mission? 

To identify key, high-level management challenges faced by Education, 
we reviewed Education's historical budget and staffing information, 
the department's budget request and program proposals, and previous 
relevant OIG and GAO reports. We interviewed officials at Education, 
the federal Office of Personnel Management (OPM) and Office of 
Management and Budget (OMB), and former high-ranking Education 
managers. We also reviewed grant award and student loan data. We 
assessed the reliability of Education data by interviewing agency 
officials knowledgeable about the data and determined that the data 
were sufficiently reliable for the purposes of this report. For human 
capital strategic planning and performance management, we reviewed 
Education documents that included the Human Capital Management plan, 
performance management policies, and sample performance expectations. 
We interviewed Education officials responsible for overall management 
of the department, officials from five selected Education program 
offices,[Footnote 3] former Education officials, and a senior official 
from Education's labor union. To determine whether the design of 
Education's internal controls was adequate to help ensure 
accountability over contracts and student aid grants, we focused our 
review on key internal control activities at Education's Office of 
Federal Student Aid (FSA) because it administers student aid grants 
and incurred approximately 58 percent of Education's contract 
obligations in fiscal year 2009.[Footnote 4] For contracts, we focused 
our review on the design of controls over contract monitoring because 
it has been a long-standing management challenge for the department. 
To examine the design of controls over contract monitoring processes, 
we assessed related policies and procedures using governmentwide 
internal controls standards, interviewed officials in FSA, and 
reviewed a nongeneralizable sample of 28 contracts[Footnote 5] and two 
interagency acquisitions[Footnote 6] from fiscal year 2009. To review 
the design of controls for student aid grants, we focused on Pell 
Grants because this program accounted for over 91 percent of all 
student aid grant disbursements in fiscal year 2009 and because this 
program was not covered in a recent GAO study that examined internal 
controls for other Education grants.[Footnote 7] To obtain an 
understanding of the design of controls over Pell Grants, we analyzed 
FSA's policies and procedures using GAO's Standards for Internal 
Controls in the Federal Government.[Footnote 8] We also reviewed 
Education's and FSA's assessment of their internal controls under the 
requirements of OMB Circular No. A-123. To assess IT management, we 
reviewed Education's IT strategic plans, investment controls, and 
information security and privacy plans, and interviewed officials 
responsible for IT functions in seven management and program 
offices.[Footnote 9] We also selected and assessed 12 investments, 
representing about 73 percent of the department's total IT budget, to 
determine the extent to which Education has established management 
controls needed to oversee, manage, and modernize its IT to support 
its mission.[Footnote 10] We interviewed officials in Education's 
Office of the Chief Information Officer (OCIO), Education's OIG, and 
Office of Management responsible for IT security and privacy programs. 
We also reviewed relevant federal laws and regulations. Appendix I 
provides a detailed description of our scope and methodology. 

We conducted this performance audit from October 2009 to February 2011 
in accordance with generally accepted government auditing standards. 
Those standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe 
that the evidence obtained provides a reasonable basis for our 
findings and conclusions based on our audit objectives. 

Background: 

The Department of Education was established in 1980 and designated by 
the President as a cabinet-level agency to promote student achievement 
and preparation for global competitiveness by fostering educational 
excellence and ensuring access to equal educational opportunity. 
[Footnote 11] In 2009, the department reported that its elementary and 
secondary programs provided funding to more than 14,000 school 
districts serving approximately 56 million students attending some 
97,000 public schools and 28,000 private schools. As part of this 
effort, Education provides funds to support the education of low-
income students, students with disabilities, and others, and oversees 
certain education-related civil rights issues. Department programs 
also provide assistance to postsecondary students, and financial and 
other supports to postsecondary institutions. 

Education's program offices--such as the Office of Elementary and 
Secondary Education and the Office of Postsecondary Education-- 
administer grants to entities that provide education or education- 
related services to students. Management offices--such as the Chief 
Financial Officer--provide technical assistance and guidance to the 
program offices, and have overall responsibility for managing key 
support functions at Education. For example, the Office of Management 
has primary responsibility for human capital management at Education. 
The organizational structure of Education offices included in our 
review is shown in figure 1. 

Figure 1: Organizational Structure of Education Offices Included in 
GAO Review: 

[Refer to PDF for image: illustration] 

Management offices: 
* Budget Service: 
* Chief Financial Officer: 
* Communications and Outreach: 
* Inspector General: 
* Office of Management: 

Management Offices: Provides technical assistance, guidance, and 
oversight to Program offices. 

Program Offices: 
* Civil Rights: 
* Elementary and Secondary Education: 
* Federal Student Aid: 
* Institute of Education Sciences: 
* Postsecondary Education: 
* Special Education and Rehabilitative Services: 
* White House Initiatives: 

Program Offices: Reports staffing, resource,and policy information to 
Management Offices. 

Program Offices: Administer Education programs. 

Source: GAO analysis of Education documents. 

[End of figure] 

Different offices have responsibility for human capital management, 
financial management, and information technology. A description of how 
each of these support functions is managed at Education is below. 

Human Capital Management: 

The Office of Management has primary responsibility for Education's 
human capital management and is composed of six organizations, such as 
Human Capital and Client Services, and Security Services. The Office 
of Management's human capital responsibilities include strategic 
workforce planning, which is the systematic assessment of current and 
future workforce needs and implementation of strategies to fill gaps 
in staff and skills, and performance management for Education staff. 
The Office of Management coordinates with other management and program 
offices that also play important roles in human capital management. 
For example, the Office of Management provides advice and guidance to 
program offices on regulatory and policy requirements regarding the 
performance management system. 

Financial Management: 

Education's Chief Financial Officer is charged with overall 
responsibility for developing and implementing sound financial 
management policies, procedures, systems, and program controls 
throughout Education. Education's Chief Financial Officer's 
responsibilities include leading Education's implementation of key 
governmentwide financial management reform legislation, including the 
Chief Financial Officers Act of 1990[Footnote 12] and the Federal 
Managers' Financial Integrity Act of 1982[Footnote 13] (along with 
OMB's implementing guidance in Circular No. A-123). Specifically, in 
accordance with this and other legislation, Education's Chief 
Financial Officer is responsible for preparing and submitting 
Education's overall financial statements for annual audit and for 
directing the establishment of systems and controls necessary to 
provide financial accountability over Education's programs and 
resources. Since fiscal year 2002, Education has consistently received 
unqualified audit opinions on its financial statements. However, in 
its 2009 report on the department's management challenges, Education's 
OIG also noted that Education faced challenges in effectively managing 
key resources, such as in the areas of student aid grants and contract 
monitoring.[Footnote 14] 

Led by its Chief Operating Officer, FSA manages and administers 
student financial aid programs authorized under Title IV of the Higher 
Education Act of 1965, as amended.[Footnote 15] FSA contracts with a 
range of service providers for operational needs, such as managing FSA 
systems for processing student aid applications, disbursing student 
aid, and servicing student loans. In fiscal year 2009, FSA reported 
obligating over $870 million under contracts, or approximately 58 
percent of Education's total contract obligations.[Footnote 16] FSA is 
required to follow requirements set forth in applicable procurement 
laws, in the Federal Acquisition Regulation,[Footnote 17] and in 
Education's directives and policies and procedures, but also has the 
authority to create its own policies and procedures. FSA's contract 
management staff includes contracting officers, contract specialists, 
and contracting officers' representatives. According to Education's 
Departmental Directive--OCFO 02-108, Contract Monitoring for Program 
Officials--the contracting officer is responsible for the overall 
monitoring and administration of contracts, including ensuring both 
parties perform under applicable contract terms and conditions. 
[Footnote 18] To assist in monitoring activities, such as assessing a 
contractor's compliance with contract requirements, a contracting 
officer may appoint, in writing, a contracting officer's 
representative. Contracting officers' representatives report to 
applicable program offices and assist with technical oversight and 
administration of a specific contract. For example, according to the 
Departmental Directive, contracting officers' representatives should 
monitor individual contracts to ensure technical performance of a 
contractor and should review and make timely recommendations to the 
contracting officer on actions related to payment requests (invoices), 
deliverables (goods or services provided by contractor), and status 
reports. 

FSA's responsibilities include program administration and monitoring 
of Pell Grants. For the 2009-2010 award year, FSA reported disbursing 
$29 billion in Pell Grants to approximately 8 million students, with 
an average award of $3,591.[Footnote 19] Pell Grant amounts to 
students vary based on student and family expected contribution, cost 
of attendance, and enrollment status (full-time or part-time). Pell 
Grants are awarded to students through nearly 5,400 participating 
schools. 

Information Technology Management: 

Education has established three primary IT goals: 

* ensuring that IT investments support the department's mission 
objectives; 

* sharing technology services, in addition to providing basic 
infrastructure services; and: 

* ensuring the effectiveness of IT governance, information processing, 
and technology utilization. 

The OCIO has primary responsibility for ensuring that Education's IT 
is acquired and managed consistent with requirements and priorities, 
providing management advice and assistance on investments and 
operations, and providing services to effectively manage information. 
The office focuses on the deployment, operation, and maintenance of 
the department's technical infrastructure. 

Education's fiscal year 2010 budget for IT was approximately $814 
million, with $53 million for development and modernization and $762 
million for maintenance. This included 210 investments, with 26 of 
those classified as major investments.[Footnote 20] From fiscal years 
2006 through 2009, Education reported spending over $2.2 billion on IT 
investments, comprised of approximately $231 million for development 
and modernization and approximately $2 billion for maintenance. 

Education Faces Challenges in Managing Added Responsibilities and 
Shifting Program Priorities: 

In recent years, Education has faced expanded responsibilities that 
have challenged the department to strategically allocate resources to 
balance new duties with ongoing ones. The nearly $100 billion in 
additional funding appropriated under the Recovery Act added 
significantly to Education's responsibilities temporarily,[Footnote 
21] but increases in program funds it administers and program 
activities have occurred for a decade, reflecting a longer-term trend 
of increasing responsibilities. Prior to the Recovery Act, from fiscal 
years 2000 through 2008, Education's annual budget increased by nearly 
36 percent in real terms, from approximately $44 billion to $60 
billion in 2008 dollars.[Footnote 22] Further, the number of grants it 
awarded increased from about 14,000 in 2000 to about 21,000 just 2 
years later and has since remained around 18,000,[Footnote 23] even as 
the number of full-time equivalent staff decreased by 13 percent from 
fiscal years 2000 to 2009. In addition, FSA became the sole lender for 
all new federal student loans as of July 2010. This new responsibility 
is projected by Education to increase the Direct Loan portfolio that 
Education originates and services by approximately 127 percent between 
the end of FY 2009 and FY 2011.[Footnote 24] The changes in 
Education's responsibilities and staffing are shown in figure 2. 

Figure 2: Education Grants Awarded and Staffing Levels, Fiscal Years 
2000 through 2010: 

[Refer to PDF for image: two vertical bar graphs; data combined below] 

Fiscal year: 2000; 
Number of grants awarded[A]: 14,100; 
Staffing: 4,600. 

Fiscal year: 2001; 
Number of grants awarded[A]: 16,600; 
Staffing: 4,600. 

Fiscal year: 2002; 
Number of grants awarded[A]: 20,800; 
Staffing: 4,500. 

Fiscal year: 2003; 
Number of grants awarded[A]: 20,200; 
Staffing: 4,500. 

Fiscal year: 2004; 
Number of grants awarded[A]: 18,900; 
Staffing: 4,400. 

Fiscal year: 2005; 
Number of grants awarded[A]: 18,800; 
Staffing: 4,300. 

Fiscal year: 2006; 
Number of grants awarded[A]: 17,100; 
Staffing: 4,200. 

Fiscal year: 2007; 
Number of grants awarded[A]: 16,900; 
Staffing: 4,100. 

Fiscal year: 2008; 
Number of grants awarded[A]: 17,900; 
Staffing: 4,100. 

Fiscal year: 2009; 
Number of grants awarded[A]: 19,100; 
Staffing: 4,000. 

Fiscal year: 2010; 
Number of grants awarded[A]: 18,200; 
Staffing: 4,200. 

Source: Education data from the Grant Administration and Payment 
System and the Federal Personnel Payroll System. 

[A] The number of grants awarded excludes Pell Grants. 

[End of figure] 

Legislative changes have further affected workloads in some Education 
offices. For example, primarily due to the large but temporary 
increase in Education funding under the Recovery Act, the Office of 
Elementary and Secondary Education was responsible for managing 
approximately $45 billion in additional grant funding and over 700 
more grants in fiscal year 2009 compared to 2008. In addition, 
according to Education officials, the reauthorization of the Higher 
Education Act of 1965 in August 2008[Footnote 25] and enactment of the 
Consolidated Appropriations Act, 2010 in December 2009[Footnote 26] 
added four new programs in the Office of Postsecondary Education for 
fiscal year 2009, resulting in nearly 103 new grant applications for 
review and 66 new grant awards to monitor. New programs and changes to 
existing programs often increased Education's workload, requiring 
staff to develop new guidance and provide technical assistance to 
program participants. To meet these new legislative requirements, 
Education officials told us they reassigned staff but expressed 
concerns that ongoing responsibilities and longer-term department 
goals may suffer as a result. Previously, we reported that Education 
officials said some efforts related to the Recovery Act, such as 
issuing written guidance, had strained staff capacity,[Footnote 27] 
and officials in the Offices of Elementary and Secondary Education and 
Postsecondary Education described reassigning staff from longer-term 
efforts to meet immediate needs associated with new programs. For 
example, a Postsecondary Education manager told us that staff were 
reassigned from strategic planning to grant management. 

These increased responsibilities also increase risk in managing grants 
and contracts, identified as long-standing weaknesses in our previous 
work[Footnote 28] and by Education's OIG.[Footnote 29] For example, we 
previously reported that Education was unable to perform necessary 
grant follow-up and monitoring and recommended that Education improve 
its oversight of risk management, increase financial expertise among 
its grant monitoring staff, and develop an accessible mechanism to 
share information. In addition, Education increasingly relies on 
contractors, many of them for IT services, to fulfill its 
responsibilities.[Footnote 30] In fiscal year 2010, Education had 
nearly $1.8 billion in contract obligations, which is about a 22 
percent increase over the fiscal year 2009 level. Education is taking 
steps to improve grant and contract monitoring, but has cited limited 
resources and staff expertise as impediments to addressing 
recommendations from GAO and OIG reports. 

Shifting program priorities also would demand different skills of 
employees. In the Recovery Act, Congress authorized two new 
competitive grant programs for K-12 schools, including the $4.35 
billion Race to the Top Fund, through which grants are awarded to 
individual states based on selection criteria such as how well 
proposals address education reform. Education has proposed further 
transitions from formula grant programs--which calculate grant amounts 
based on factors identified by law, such as high concentrations of 
students from families living in poverty--to competitive grant 
programs in which states or other entities compete against each other 
for limited funds awarded on the merits of their proposals.[Footnote 
31] Competitive grants may change job requirements for grants managers 
and increase demands on staff for reviewing applications and 
monitoring grantees. According to Education and OMB officials, 
administering competitive grants requires analytical skills and 
greater program expertise of staff, who must evaluate applications and 
select a limited number of recipients as opposed to granting awards on 
a formula set by law. For example, the Race to the Top Fund required 
staff to develop guidance on selection criteria and provide technical 
assistance on reporting requirements. Education managers told us that 
competitive grant programs will require the department to hire staff 
with appropriate skills and train existing staff. 

Education Has Implemented Workforce Management Initiatives but Lacks 
Workload Data and Sufficient Performance Management Oversight: 

Education has implemented many new workforce management initiatives, 
but it lacks critical data on employee workloads to guide its 
strategic planning and does not provide sufficient oversight of its 
process for managing individual employee performance to ensure 
consistency across the department. Strategic workforce planning and 
employee performance management are important because Education's 
staff has decreased even as department responsibilities have grown. We 
evaluated Education's strategic workforce planning and performance 
management practices and procedures, as well as their implementation 
in five program offices: the Office for Civil Rights, the Office of 
Elementary and Secondary Education, the Office of Postsecondary 
Education, the Office of Special Education and Rehabilitative 
Services, and the White House Initiative on Educational Excellence for 
Hispanic Americans. The organizational structure of the offices 
included in our review is shown in figure 3. 

Figure 3: Education Department Offices Included in Our Review of 
Strategic Workforce Planning and Employee Performance Management: 

[Refer to PDF for image: illustration] 

Management Offices: 
* Office of Management; 
* Budget Service. 

Management Offices: Provides technical assistance, guidance, and 
oversight to Program Offices. 

Program Offices: 
* Elementary and Secondary Education; 
* Postsecondary Education; 
* Special Education and Rehabilitative Services; 
* Civil Rights; 
* White House Initiative on Educational Excellence for Hispanic 
Americans. 

Program Offices: Reports staffing, resource,and policy information to 
Management Offices. 

Program Offices: Administer Education programs. 

Source: GAO analysis of Education documents. 

[End of figure] 

Education Has Implemented Strategic Workforce Planning but Lacks 
Reliable Workload Data to Better Meet Shifting Priorities: 

Education has developed and implemented initiatives that address many 
of our key principles for effective strategic workforce planning, 
[Footnote 32] including identifying workforce needs and developing 
ways to attract and train staff to meet those needs across the 
department. Education has worked to involve staff and top management 
in planning, and its Office of Management has taken a lead role. In 
fiscal year 2009, Education began quarterly workforce meetings led by 
senior managers[Footnote 33] to increase communication with program 
offices on human capital challenges and workforce needs, as well as to 
increase program office accountability for strategic workforce 
planning. Managers told us the reviews have spurred planning efforts 
within some program offices, and focused attention on hiring, 
succession planning, and organizational restructuring to help meet 
workforce needs. Education also established a human capital policy 
group in 2010 to advise senior leadership on strategies and to foster 
collaboration across the department. 

Education management has identified core competencies for its mission- 
critical occupations and begun to develop strategies to address gaps 
in employee skills, a key principle of effective strategic workforce 
planning.[Footnote 34] Since fiscal year 2003, Education identified 
competencies for its 14 mission-critical occupations, such as 
vocational rehabilitation specialist, management/program analyst, and 
financial management specialist/accountant/auditor, and assessed the 
skills of over 1,400 employees in these occupations. Education also 
used the results of a skills-gap analysis to develop targeted 
training. For example, in 2009, within three mission-critical 
occupations, Education identified large gaps in written and oral 
communications and in project and time management, and used this 
information to determine that these skill gaps should be closed 
through hiring and training. Education offered training courses in 
grants monitoring, technical writing, and presentation skills to help 
close gaps identified in 2009 and reported that it met its goal of 
closing at least 50 percent of the gaps in these competencies by 
September 30, 2010. 

Education is also engaged in succession planning and recruitment 
efforts intended to develop a pipeline of high-quality and diverse 
candidates. Education anticipates 35 percent of its permanent 
workforce will be eligible to retire by fiscal year 2012. In fiscal 
year 2008, Education created a departmentwide leadership succession 
plan and created additional incentives for prospective employees. In 
2010, it launched a 9 month training and development program for new 
managers. We have previously reported that successful organizations 
use strategic workforce planning to identify current needs and 
anticipate human capital issues, such as changes in mission-critical 
skills that could jeopardize organization goals.[Footnote 35] More 
information about Education's strategic workforce planning efforts is 
shown in table 1. 

Table 1: Key Principles for Effective Strategic Workforce Planning and 
Key Education Efforts, Fiscal Years 2001 through 2010: 

Key principle: Involve top management, employees, and other 
stakeholders in developing, communicating, and implementing strategic 
workforce plan; 
Key Department of Education efforts: Quarterly Workforce Review--
Education's top-level management across the agency hold quarterly 
meetings in order to increase coordination and communication across 
program offices, increase offices' accountability for strategic 
workforce planning, and align human capital needs with the budget; 
Fiscal year implemented: 2009. 

Key principle: Involve top management, employees, and other 
stakeholders in developing, communicating, and implementing strategic 
workforce plan; 
Key Department of Education efforts: Human Capital Policy Group--This 
high-level management advisory group was created to assist senior 
leadership in setting human capital strategies for Education's 
employees, foster collaboration across organizational boundaries, and 
facilitate a coordinated corporate approach; 
Fiscal year implemented: 2010. 

Key principle: Determine critical skills and competencies needed to 
achieve current and future programmatic results; 
Key Department of Education efforts: Updated Mission-Critical 
Occupations--Identified 11 mission-critical occupations for the 
department and 3 governmentwide; 
identified general and technical competencies (e.g., reading a 
financial statement) for each occupation using focus groups; 
updated these occupations in 2009 to include grants management 
specialist; 
Fiscal year implemented: 2009. 

Key principle: Determine critical skills and competencies needed to 
achieve current and future programmatic results; 
Key Department of Education efforts: Mission-Critical Occupation 
Competency Model--Established descriptions of skill levels for each 
competency in mission-critical occupations and guidance for 
supervisors on proficiency targets for each; 
Fiscal year implemented: 2003. 

Key principle: Develop strategies tailored to address gaps in number, 
deployment, and alignment of workforce to enable and sustain critical 
skills and competencies; 
Key Department of Education efforts: Leadership Succession Plan--
Prepared for planned and unplanned attrition, loss of institutional 
knowledge, and leadership transitions; 
Fiscal year implemented: 2006-2007; updated in 2008-2009, revision 
expected in March 2011; 
* Leadership Succession Review Pilot Program--Designed to build a 
talent pool for leadership continuity, develop potential successors, 
identify best candidates for positions and promotion, and to 
strategically direct resources for talent development to yield greater 
return on investment in each program office; 
Fiscal year implemented: 2010; 
* Pathways to Leadership Program--Designed to develop leadership 
pipeline for mid-level employees who aspire to supervising, managing, 
and leading others; 
Fiscal year implemented: 2009; 
* Transition to Supervisor Training--Created new 9 month program that 
develops new supervisors, team leaders, and managers; 
Fiscal year implemented: 2010. 

Key principle: Develop strategies tailored to address gaps in number, 
deployment, and alignment of workforce to enable and sustain critical 
skills and competencies; 
Key Department of Education efforts: Talent Enhancement Program-- 
Created new career development and mentoring programs and leadership 
succession strategy so employees can gain experience in other offices 
and programs; 
Fiscal year implemented: In development. 

Key principle: Build capacity needed to address administrative, 
educational, and other requirements to support workforce planning 
strategies; 
Key Department of Education efforts: Hiring Plan & Corporate 
Recruitment Strategy--Human resource specialists consulted with hiring 
officials on recruitment options and incentives available to attract 
best-qualified candidates, including hiring incentives, retention 
allowance, student loan repayment, tuition reimbursement, and others; 
Fiscal year implemented: 2009. 

Key principle: Monitor and evaluate progress toward human capital 
goals and contribution of those results to achieving programmatic 
results; 
Key Department of Education efforts: Human Capital Management Plan-- 
Requires an annual tactical roadmap that provides a framework to 
monitor and evaluate results of Human Capital Management Plan which 
are reported in the Human Capital Management Report; 
Fiscal year implemented: 2008. 

Key principle: Monitor and evaluate progress toward human capital 
goals and contribution of those results to achieving programmatic 
results; 
Key Department of Education efforts: Mission Critical Occupations Gap 
Analysis & Leadership Competency Gap Analysis Report--Summarized 
results of 2009 Mission Critical Occupations Competency Assessment and 
Leadership Competency Assessment to identify the strengths and 
developmental needs of workforce; 
Fiscal year implemented: 2010. 

Source: GAO analysis of Education Documents. 

[End of table] 

Education has begun taking steps to use data about workloads for 
individuals and offices to allocate staff and estimate budget 
requests, but these efforts are in the early stages. Our work on 
strategic workforce planning states that staffing decisions should be 
based on valid and reliable data, and in prior reports, we found that 
workload data help decision makers determine how to allocate resources 
effectively, justify staffing requests, and streamline administrative 
processes to improve efficiency.[Footnote 36] Valid and reliable data 
are critical in helping agencies develop credible cost estimates so 
managers can evaluate affordability and performance relative to 
project plans and to support budget estimates. Managers in Education's 
Budget Service Office said they initiated a project in 2009 to analyze 
workload data and identify indicators that affect workload for grant 
programs across Education offices. The managers said this information 
will help them estimate workforce needs and improve budget 
projections, and may allow comparisons of workloads of employees with 
similar job titles and responsibilities in different Education offices 
so offices can better justify staffing requests. In addition, two 
program offices--the Office of Special Education and Rehabilitative 
Services and the Office of Elementary and Secondary Education--hired a 
contractor in September 2010 for an additional study of workload 
specific to their offices' unique needs to determine an optimal number 
and mix of full-time employees based on data about workload and 
current skills. Education managers told us that they plan to use the 
results of the workload study to inform the Budget Service analysis. 
The Budget Service Office has not established a timeline for 
completion or implementation of its analysis, and results of the 
workload study conducted by the two program offices are expected in 
late 2011. 

While the Budget Service Office plans to analyze workload data when 
new types of programs are initiated to determine staffing needs, 
Budget Service officials told us that using this data has been a 
challenge because Education's programs vary in terms of complexity. 
Education officials indicated that Education does not provide guidance 
to program offices about how to use this information to estimate 
workloads and incorporate workload data into workforce planning. 
Program offices typically estimate workforce needs using data such as 
retirement eligibility, the number of grants administered, and grant 
size, but program managers told us they lack a reliable method for 
estimating workforce needs based on key indicators that drive 
workload. For example, program offices do not systematically analyze 
the level of skill needed and the amount of work involved for key 
steps in the grant-making process such as providing technical 
assistance to grantees. As a result, program offices estimate 
workloads inconsistently and based on historical precedents and 
professional judgment. This has created challenges for the department, 
according to senior managers. For example, when staff members were 
shifted to the Office of Elementary and Secondary Education to 
administer newly added Recovery Act programs, there was no reliable 
way to estimate workload. Education managers said they relied on 
professional judgment to estimate how many staff members were needed 
and how it would affect other program offices. In addition, these 
managers told us a shift from formula to competitive grants will have 
a major impact on workload, but they do not currently have data 
necessary to estimate the impact on Education's workload in order to 
plan for such a shift. For example, managers told us that competitive 
grants require more staff time for making decisions about which 
applicants receive grants, but could not estimate how much more staff 
time. 

Education Has Taken Steps to Improve Management of Employee 
Performance but Lacks Sufficient Oversight to Ensure Consistency in 
Standards and Appraisals: 

In fall 2010, Education implemented a modified performance management 
system, Results Achieved (REACH), in order to improve employee 
satisfaction with the process and encourage feedback to employees on 
their performance throughout the year. Prior to the implementation of 
the new system, the 2008 Federal Human Capital Survey[Footnote 37] 
found 57 percent of Education employees said their appraisals were 
fair reflections of their performance, and approximately 53 percent 
reported understanding what they were expected to do to receive 
certain ratings. Education's results for these two questions were 
lower than the average for all federal agencies, which were 63.2 
percent and 64.3 percent, respectively. Education's former performance 
management system--Education Department Performance Appraisal System 
(EDPAS)--did not require managers to provide ongoing feedback and 
coaching to employees except at the annual midpoint and year-end 
appraisal period. REACH emphasizes the need to provide feedback 
throughout the year. We previously reported that effective performance 
management systems provide candid and constructive feedback throughout 
the performance management process to help individuals maximize their 
contribution to and understanding of an agency's goals and objectives. 
[Footnote 38] 

Education's modified performance management system is also designed to 
improve the clarity of individual performance standards and better 
align them with organizational goals. Although Education had developed 
extensive requirements on the EDPAS system, REACH introduces a 
requirement for measurable, aligned, specific, realistic, and time- 
based performance standards that clearly define the performance 
necessary to accomplish ratings at the satisfactory level.[Footnote 
39] Management officials told us supervisors struggled under the 
previous system with writing clear and measurable standards to 
distinguish achievements of individuals, making it difficult to 
justify ratings. We previously found that agencies should set 
standards that allow for distinctions in performance. In addition, 
REACH emphasizes alignment between individual standards and 
organizational goals. We previously reported that an explicit 
alignment of daily activities with broader results helps individuals 
see a connection between their work and organizational goals.[Footnote 
40] For a summary of changes to Education's performance management 
system, see appendix II. 

In modifying its performance management system, Education sought input 
from employees and stakeholders through internal focus groups, and 
created a stakeholder input team to receive contributions from 
employees, program offices, and managers. Education made several 
changes based on employee feedback, such as shifting from a paper to 
electronic system. Education managers told us that the paper-based 
system was cumbersome. Senior managers also sought union input, and a 
union official told us senior managers solicited feedback on how the 
new system could be better implemented. 

While the REACH performance management system made many positive 
changes, Education retained its procedures for upper management review 
of performance standards and employee appraisals for employees at the 
satisfactory level or higher. The system requires a supervisor's 
review before employees' performance standards and appraisals are 
final. After the supervisor develops performance standards and 
appraisals, the approving official--the second-level supervisor--must 
sign off. Management also periodically reviews the distribution of 
appraisal scores within program offices. For example, managers told us 
they compare average appraisal scores in an office to an analysis of 
whether the office met its annual objectives. If, for example, the 
office met its objectives but staff received low appraisals relative 
to other offices, officials said this is an issue for senior managers 
to explain. In addition, Education periodically reviews its appraisal 
system, including a random sample of performance standards, using 
OPM's Performance Assessment and Accountability Tool (PAAT).[Footnote 
41] An OPM official told us that Education's current performance 
management system meets regulatory requirements.[Footnote 42] 

Even with these efforts, Education does not have adequate safeguards 
to ensure consistency in performance standards and appraisals across 
the department. Education does not have a formal review process to 
determine whether standards and ratings for employees in one office 
are consistent with those of employees in other program or regional 
offices with similar job titles and responsibilities. Although 
Education requires review by a second-level supervisor, ratings of 
satisfactory or higher are not subject to higher-level review by 
someone with a departmentwide perspective. As a result, Education is 
unable to ensure that employees with the same job title and 
responsibilities are rated consistently. For example, one regional 
manager said that although they make an effort to ensure consistency 
in performance standards and appraisals within their office, there is 
no effort to ensure consistency with other regional offices and 
headquarters. Education managers said that several years ago, in an 
attempt to promote consistency, Office of Management officials 
reviewed and scored a sample of performance standards in each program 
office and found inconsistency among supervisors. However, these 
managers said that the Office of Management ended these reviews due to 
resistance from supervisors who had concerns that reviewers did not 
have adequate understanding of employees' work. We have previously 
reported that agencies should have safeguards to achieve consistency 
in a performance management system.[Footnote 43] At other agencies, we 
found this type of review applied as a part of performance management 
decisions in order to better ensure consistency. For example, several 
federal financial regulatory agencies provide agencywide reviews by 
offices outside an employee's work unit, such as the human capital 
office, for individual performance appraisals.[Footnote 44] 

Education Has Policies over Contract Monitoring and Pell Grants, but 
FSA's Contract Monitoring Procedures Are Insufficient: 

Education has policies that are designed to help ensure accountability 
over contract monitoring and Pell Grants, but FSA did not have 
sufficient procedures and guidance to implement Education's 
Departmental Directive on contract monitoring, which resulted in 
contract files that were missing key documentation and inconsistencies 
in how contract monitoring activities were documented. While 
contracting and grant programs are spread across Education offices, we 
focused our work on FSA because it obligated over $870 million under 
contracts or approximately 58 percent of Education's total contract 
obligations in fiscal year 2009 and is responsible for administering 
Pell Grants.[Footnote 45] 

FSA Procedures and Guidance are Insufficient to Implement Education's 
Contract Monitoring Directive: 

FSA has not fully developed detailed guidance or procedures to 
implement Education's Departmental Directive and other policies for 
contract monitoring, resulting in inconsistencies in how certain 
control activities were performed. Education has issued its 
Departmental Directive to manage its contract monitoring 
responsibilities. In addition, Education has also issued certain 
operating procedures for documenting past performance reports and for 
writing contract monitoring plans.[Footnote 46] However, as detailed 
below, our analysis of FSA's policies and procedures and our review of 
28 FSA contract files[Footnote 47] and two FSA interagency acquisition 
files showed that FSA did not have (1) adequate guidance on how to 
document and file evidence of inspection of contracted goods and 
services; (2) clear guidance on how, when, and where monitoring 
activities and results should be documented and retained; and (3) 
quality control procedures to help ensure that contract file 
documentation and contractor's past performance reports were completed 
and documented in a timely manner. A 2007 report by Education's OIG 
also cited similar deficiencies related to two of our findings on 
improper communication of acceptance and rejection of deliverables and 
on instances of missing contracting officers' representatives 
appointment memoranda.[Footnote 48] 

GAO's Standards for Internal Control in the Federal Government 
provides that management should establish control mechanisms and 
activities, and monitor and evaluate these controls. Therefore, clear 
guidance and quality controls such as qualified and continuous 
supervision should be provided to ensure that internal control 
objectives are achieved. In addition, without clear guidance and 
quality control procedures, FSA may not be able to effectively and 
efficiently maintain financial accountability over its significant 
contract obligations. 

FSA could improve its guidance on how to document and file evidence of 
deliverables inspection. The Federal Acquisition Regulation requires 
that agencies prescribe procedures and instructions for the use, 
preparation, and distribution of material inspection and for receiving 
reports to evidence government inspection. According to FSA's 
procedures, inspections of contract deliverables are acknowledged in 
Education's Financial Management Support System by entering receipt 
information into the system. However, these procedures do not provide 
for obtaining and retaining documentation of activities related to 
inspection of deliverables performed by the contracting officer or the 
delegated contracting officers' representatives. In addition, these 
procedures do not provide for retaining a record when deliverables are 
recommended for rejection by the contracting officer's representative. 
[Footnote 49] Also, according to FSA Acquisition officials, the 
Financial Management Support System lacks adequate controls to ensure 
that only designated contracting officers' representatives 
knowledgeable about the specific contract enter the receipt in the 
system certifying the inspection and recommendation of acceptance of 
deliverables. Without adequate policies and procedures for documenting 
inspection of deliverables, FSA management may not be able to 
determine if the contracting officers confirmed whether deliverables 
were received or inspected for conformance with contract terms and 
conditions by the designated staff prior to accepting goods and 
services. Also, the lack of controls to ensure only designated 
representatives enter receipts in the Financial Management Support 
System increases the risk of improper payments of vendor's invoices. 
In addition, the lack of clear guidance on the information and 
documentation that should be maintained increases the risk that FSA 
may not be maintaining key documentation which could impede FSA's 
ability to hold contractors accountable as well as its ability to 
readily identify contractor performance issues. 

While we found that contracting officers and contracting officers' 
representatives were performing monitoring activities, FSA did not 
have clear guidance on how, when, and where contract monitoring 
activities and results should be documented in the contracting 
officer's representative's file and the official contract file. As a 
result, monitoring activities and results were inconsistently 
documented and it was difficult to readily obtain consistent insight 
into the status of contract monitoring activities. FSA's file 
management policy establishes a formal system for the maintenance and 
filing of official contract records, including documentation 
checklists that are organized by specific categories.[Footnote 50] For 
example, the policy states that section III of the contract file 
should be used for contract administration documentation, which 
includes monitoring activities such as periodic technical reports, 
inspection, acceptance and shipping reports, invoices, progress 
payments, and contract payment information. However, we found that 
this policy does not address where to file certain monitoring 
documentation such as contract monitoring plans, evaluations of 
technical reports, and documentation of site visits. Except for 
reviews of invoices, we could not find evidence of contract monitoring 
results in the 28 contract files we reviewed. Through interviews with 
contracting officers' representatives, we found that monitoring 
results documentation was maintained on their computers or in hard 
copies in their offices. According to the Departmental Directive, if 
the contracting officer's representative deems certain monitoring 
documentation significant, such documentation is to be placed in the 
program office contract file and a copy of the documentation is to be 
sent to the contracting officer for entry into the official contract 
file.[Footnote 51] However, the lack of clear procedural guidance on 
what contract monitoring documentation should be kept in the official 
contract file made it difficult to have a central point of reference 
from which to readily obtain up-to-date monitoring results such as 
received deliverables or performance issues, without continued 
assistance from the contracting officer's representative. 

FSA contracting officials informed us they did not have a formal 
system in place to document ongoing contractor performance issues and 
that sharing of contract monitoring activities and results was done 
through communications between the contracting officer and the 
contracting officer's representative. According to the Departmental 
Directive, the purpose of detailed record-keeping is to build a 
complete history of each project so that information is not lost or 
forgotten, and so that others (e.g., a supervisor or a newly 
designated contracting officer's representative) could get a clear 
picture of what has occurred during the life of the contract. Without 
clear guidance and procedures for documenting and retaining contract 
monitoring activities and results, Education's management may not have 
sufficient support in a government action against a contractor for 
failing to meet contract objectives and diminishes its ability to 
share contract monitoring information in the case of staff attrition. 

We also found that while FSA had quality control policies and 
procedures in place, they were insufficient to help ensure contract 
files were complete. FSA Acquisition management stated that they 
perform contract review procedures as part of staff performance 
evaluations, Contract Review Boards, and contract management reviews. 
However, these reviews do not require a review of the contract files 
in their entirety. In addition, these review procedures do not specify 
what key contract monitoring documentation should be considered as a 
part of their review. As a result, we found instances in which the 28 
contract files we reviewed did not always contain evidence of key 
contract monitoring activities such as contractor's performance 
evaluations, contract monitoring plans, and memoranda documenting the 
appointment of a contracting officer's representative,[Footnote 52] as 
described below. 

* Five contracts, for which a performance evaluation was required, did 
not have them.[Footnote 53] Education's procedures provide that for 
contracts in excess of $100,000 contracting officers and contracting 
officers' representatives are to evaluate and document whether the 
contractor performed in accordance with contract terms annually. 
However, without fully completed contractor's evaluations, FSA is at 
risk of not having pertinent performance information to address 
problems or concerns with a contractor, to make proper decisions on 
whether to extend a contract with a current contractor, or to share 
information about contractor's performance. 

* Twenty-six contracts did not have a stand-alone written contract 
monitoring plan which was required, even though we found that 
contracts were being monitored through various methods. These 
contracts ranged from approximately $10,000 to over $41 million in 
obligated funds for a total of approximately $130 million for all 26 
contracts. The Departmental Directive and other related guidance 
provide that all contracts[Footnote 54] must have a contract 
monitoring plan that includes information such as reporting and 
compliance requirements, and the methods of tracking, inspecting, and 
accepting deliverables.[Footnote 55] Without written monitoring plans, 
FSA lacks an effective tool to determine the types of monitoring 
activities planned and whether monitoring activities had occurred in 
accordance with established policies and procedures. 

* Nine contracts reviewed were missing contracting officer's 
representative appointment memoranda. For five of these nine 
contracts, an employee who was not designated by an appointment 
memorandum was acting as a representative, routinely entering receipts 
for contracted goods and services and recommending the acceptance of 
deliverables. For the other four contracts, an employee was acting as 
the backup for the appointed contracting officer's representative 
during the absence of the designated representative without an 
appointment memorandum.[Footnote 56] Because contracting officers' 
representatives are the designated representatives in charge of 
monitoring contract performance, it is important that their 
designations are clear, and that related duties and responsibilities 
are adequately defined. In addition, because contracting officers rely 
on the representatives' recommendations to accept deliverables and 
approve invoices, it is important that only designated officials with 
contract knowledge perform inspections and recommendations. Without 
review procedures to ensure that all contracting officers' 
representatives have proper designations of duties and 
responsibilities, FSA is at risk of not knowing whether contracting 
officers' representatives acted within the scope of their duties, and 
whether inspections of the deliverables were performed by the 
designated and knowledgeable staff. 

FSA management informed us that it performed contract review 
procedures as part of staff performance evaluations, Contract Review 
Boards, and contract management reviews. However, these reviews, while 
they serve other purposes, do not provide ongoing assessments for FSA 
to take necessary corrective actions to best ensure timely 
implementation of contract monitoring controls. 

Pell Grant Controls Designed to Provide Financial Accountability: 

Our review of internal controls over FSA's Pell Grant program did not 
identify any flaws in overall design. Consequently, if fully and 
effectively implemented, the controls should provide reasonable 
assurance that Education can adequately maintain financial 
accountability over the billions of dollars it disburses annually to 
participating schools on behalf of eligible postsecondary students. 

Specifically, our review of FSA's policies, procedures, and additional 
related supporting documentation showed that FSA has a range of 
internal control activities designed to provide financial 
accountability over Pell Grant resources, including key financial 
controls summarized in table 2. 

Table 2: Key Pell Grant Program Financial Accountability Controls: 

Process: Student eligibility[A]; 
Internal control activity: To verify student eligibility, FSA's 
Central Processing System is used to compute the amount of Pell Grants 
for which a student is eligible and perform matches with other federal 
agency records. For example, the Central Processing System data is 
matched with Social Security Administration data to ensure that 
applicants and their parents have a valid social security number and 
to verify the applicant's citizenship status. (2009-2010 Federal 
Student Aid Handbook, Volume 1, Chapter 1, The Application Process: 
FAFSA to ISIR and Chapter 2, Citizenship). 

Process: School eligibility; 
Internal control activity: FSA developed controls to help ensure that 
only schools meeting program requirements participate in the Pell 
Grant program. One of the key controls calls for FSA staff to review 
school applications, and supporting documentation, including 
accreditations, state licenses, and audited financial statements to 
assess the initial and continuing eligibility of schools participating 
in the program. (2009-2010 Federal Student Aid Handbook, Volume 2, 
School Eligibility and Operations, 2009-2010). 

Process: Disbursements and reconciliations; 
Internal control activity: FSA's Common Origination and Disbursement 
System includes various edit checks on disbursement records to help 
ensure that records are complete, accurate, and from eligible schools. 
FSA staff also perform monthly and year-end reconciliations of Pell 
Grants received by schools to amounts disbursed to students. (2009-
2010 COD Technical Reference, Volume 2, Common Record Technical 
Reference, Section 4, Edits, April 2010 and Grant Reconciliation 
Procedures, September 9, 2010). 

Source: GAO analysis of Department of Education's policies and 
procedures. 

[A] In addition to FSA controls, schools have a role in determining 
and verifying student eligibility and application data, and making 
accurate award computations and disbursements. 

[End of table] 

In addition, FSA, based on its OMB Circular No. A-123 assessment, 
provided reasonable assurance that its internal controls over Pell 
Grant financial reporting as of June 30, 2010, were operating 
effectively and no material weaknesses or reportable conditions were 
found in the design of financial reporting internal controls. FSA's 
assessment included all of the key controls processes discussed in 
table 2, including controls over student eligibility, school 
eligibility, disbursements, and reconciliations. 

FSA has designed controls over the Pell Grant process to help protect 
the government's interest in providing financial aid, but the program 
is heavily dependent on schools establishing their own companion 
controls to help assure Pell Grants are proper and in correct amounts. 
Specifically, risks still exist in the Pell Grant process due to the 
role of schools in determining and verifying student eligibility and 
application data, and making accurate award computations and 
disbursements. For example, fiscal year 2009 audits of two schools by 
Education's OIG found that these schools did not have adequate 
procedures, which resulted in improper disbursements of federal 
student aid to students who attended ineligible locations of an 
eligible school and in failure to return funds that were disbursed to 
students who withdrew from school.[Footnote 57] Education's OIG found 
that these schools had breakdowns in controls that did not prevent or 
detect improper disbursements. Also, in Education's fiscal year 2010 
Agency Financial Report,[Footnote 58] Education reported an estimate 
of over $1 billion of improper payments caused in part by applicants 
who incorrectly report their income on student aid applications. 
[Footnote 59] To help address this problem, Education's fiscal year 
2010 Agency Financial Report noted that FSA implemented a process for 
applicants to transfer certain tax return data from an Internal 
Revenue Service Web site to their online student aid applications. 
This process was piloted on January 28, 2010, and went live in 
September 2010. Additionally, FSA reported that it continues to 
explore ways to facilitate the detection of errors and simplify the 
application process. 

While the focus of our work was on whether FSA's financial controls 
over Pell Grants were designed to provide reasonable assurance that it 
can maintain effective accountability over its significant grant 
resources, we did identify a deficiency in the reconciliation process, 
which resulted in a relatively minor (approximately $12,000) 
unreconciled disbursement transaction that existing controls detected 
but did not correct. FSA subsequently developed a corrective action 
plan with an estimated completion date of March 18, 2011, to correct 
the unreconciled amount and to establish an additional control to 
timely and properly research and resolve any such unreconciled 
differences in the future. Further, FSA's 2010 assessment conducted in 
accordance with OMB Circular No. A-123 also identified some relatively 
minor deficiencies in the implementation of its Pell Grant controls 
for which it has already developed and implemented corrective actions. 
[Footnote 60] 

Education Has Established Important Information Technology Management 
Controls, but Planning And Investment Management Challenges Remain: 

Education has established IT strategic planning and management 
controls, but challenges remain in some areas of its management, 
including the effective use of an information resources management 
(IRM) strategic plan to guide its efforts. Specifically, the 
department is relying on an IRM strategic plan that was prepared 
without the benefit of being informed by a current departmentwide 
strategic plan and that did not reflect how IT activities will support 
critical goals from other departmental planning documents. In 
addition, Education has inconsistently implemented OMB's and its own 
guidelines for investment management. Without effective IT strategic 
planning and investment management controls, Education jeopardizes its 
ability to effectively support its mission and efficiently use its $3 
billion IT investment. To review Education's IT management, we focused 
on seven program and management offices and 12 selected investments 
representing about 73 percent of the department's total IT budget. The 
organizational structure of the offices and the IT investments 
included in our review are shown in figure 4. 

Figure 4: Education Department Offices Related to Our Review of 
Information Technology Controls and Management, Fiscal Year 2010: 

[Refer to PDF for image: illustration] 

Management Offices: 
* Chief Information Officer [3, 4, 5, 6]; 
* Planning, Evaluation, and Policy {5, 8]; 
* Communications and Outreach; 
* Office of Management[A]; 
* Inspector General. 

Program Offices: 
* Federal Student Aid [9, 10, 11, 12]; 
* Elementary and Secondary Education: 
- Migrant Education [1]; 
* Institute of Education Sciences: 
- National Center for Education Statistics: Assessment Division [2]. 

Management Offices: Provides technical assistance, guidance, and 
oversight to Program Offices. 

Program Offices: Reports staffing, resource,and policy information to 
Management Offices. 

Program Offices: Administer Education programs. 

Source: GAO analysis of Education documents. 

Note: The 12 investments are the (1) Migrant Student Information 
Exchange; (2) National Assessment of Educational Progress; (3) 
Contracts and Purchasing Support System; (4) Education Department 
Utility for Communications, Applications, and Technical Environment; 
(5) Budget Formulation and Execution Line of Business; (6) G-5 Grants 
Management; (7) Integrated Support Services; (8) EDFacts; (9) National 
Student Loan Data System; (10) Enterprise Web Portal; (11) Common 
Services for Borrowers; and (12) Common Origination and Disbursement. 

[A] The Office of Management was included because of the office's 
privacy-related responsibilities. 

[End of figure] 

Education Developed an IRM Strategic Plan to Guide Its IT Investments, 
but Did So without the Benefit of a Current Departmentwide Strategic 
Plan: 

Strategic planning is essential to define what an organization seeks 
to accomplish, identify strategies to achieve desired results, and 
measure progress to subsequently determine how well it is succeeding 
in reaching results-oriented goals and objectives.[Footnote 61] 
[Footnote 62] The Government Performance and Results Act of 1993 
requires federal agencies to prepare and submit a strategic plan to 
the Director of OMB and to Congress, and to update or revise the plan 
at least every 3 years.[Footnote 63] Further, OMB Circular A-130, 
Management of Federal Information Resources, requires agencies to 
develop an IRM strategic plan to support the agency's strategic plan, 
provide a description of how information resources management 
activities are expected to help accomplish the agency's mission, and 
ensure that IRM decisions are integrated with organizational planning 
and program decisions. 

In September 2010, Education released its IRM strategic plan for 
fiscal years 2010 through 2014. The plan describes how IT activities 
will be used to support the department's mission and operations and 
includes three primary technology goals: (1) aligning IT investments 
with Education business objectives; (2) establishing the OCIO as 
provider of common and infrastructure services; and (3) ensuring the 
effectiveness of IT governance, data and information processing, and 
use of technology across the department. However, while Education met 
OMB's requirement to update its IRM strategic plan and identified how 
IT activities will be used to support its mission, the plan was 
developed prior to, and thus, was not informed by a current 
departmental strategic plan. The most recent update of the IRM plan, 
as well as the previous 2006 revision, were both completed prior to 
the department releasing its respective strategic plans. Specifically, 
while the previous IRM plan was completed in 2006, the departmental 
strategic plan was not issued until 2007, and the department 
subsequently did not update its IRM plan to reflect any relevant 
changes in the department's strategic direction. More recently, 
Education issued its updated IRM strategic plan in September 2010, but 
as of January 2011, the departmental strategic plan had not yet been 
published. An official in the Office of the Deputy Secretary indicated 
that this departmental strategic plan was in draft form and commented 
that the goals of this plan were still evolving. 

An OCIO official stated that the sequence in updating the department 
and IRM strategic plans has hindered that office's ability to identify 
performance measures and goals that are essential to ensuring that IT 
effectively supports the department's mission. Moreover, insight into 
the department's current strategic direction is critical because the 
Deputy Secretary of Education has set a goal of increasing the 
department's budget for new investments by fiscal year 2012.[Footnote 
64] According to the Director, Information Technology Program 
Services, the department has, in part, mitigated risks of these IT 
investments not being aligned with the department current strategic 
priorities by organizing similar IT investments into IT categories or 
"segments,"[Footnote 65] such as grants management, developing 
modernization plans[Footnote 66] and collaborating with business 
segment owners. The official stated that when deciding whether to 
allocate funds to IT investments, the department uses segment 
modernization plans to rank the investments to determine the degree to 
which they support the department's strategic priorities. While it is 
good practice to take these actions to mitigate risks, without an 
overall IRM strategic plan that is informed by the department's 
current strategic plan, there remains a risk that IT investments may 
not be aligned to the department's most current priorities. An OCIO 
official recognized this potential risk and as such, stated that the 
department intends to update the IRM strategic plan when a department 
strategic plan is released in the first half of 2011. 

Further, Education's 2010 IRM strategic plan did not incorporate 
critical goals from three other planning documents--the Open 
Government plan, the Strategic Sustainability Performance plan, and 
the Data Center Consolidation plan--that reflect the department's 
planned use of IT to support its mission.[Footnote 67] [Footnote 68] 
While the updated IRM strategic plan includes the goals of Education's 
open government plan--which aims to, among other things, make 
Education activities more transparent--the IRM plan does not 
specifically address how IT activities will support that effort. For 
example, the open government plan identifies a goal for making more 
data and information available to the public. However, the IRM 
strategic plan does not include plans, resources, or time frames to 
show how IT activities will support these goals. An OCIO official 
indicated that, while the department prepared an open government plan 
in accordance with OMB guidance, in order to meet the IRM strategic 
planning time frame, the department decided to address how IT will be 
used to accomplish these goals at a later time. Addressing these goals 
in the IRM strategic plan is critical to ensure that competing IT 
resources are effectively prioritized to meet the open government 
goals. Further, with regard to the Strategic Sustainability 
Performance Plan, an official in Education's OCIO noted that although 
this plan was published in June 2010, the office had not been aware of 
the plan when updating the IRM strategic plan in September 2010. As 
such, the goals from the Strategic Sustainability Performance Plan 
were not addressed in the IRM plan. Additionally, while an OCIO 
official noted that a major investment involving a data center that 
aims to provide information technology services for the department was 
addressed in the IRM plan, Education did not address other IT-related 
goals included in the department's Data Center Consolidation plan. The 
official stated that both the Strategic Sustainability Performance 
Plan and the Data Center Consolidation Plan are intended to be 
addressed when the IRM plan is next updated. By not including these 
goals in the IRM strategic plan, Education lacks an essential means of 
ensuring that it can comprehensively and effectively support the 
department's goals to, for example, reduce technology energy 
consumption in the data centers and streamline operations. Because the 
department updated the IRM strategic plan before it finalized its 
current strategic direction, it may not effectively prioritize IT 
investments in support of the department's mission. 

Education Has Established Processes for Managing IT Investments but 
Has Not Always Implemented OMB and Department Guidelines: 

Education has developed an IT investment management process and 
guidelines to address selection, control, and evaluation of its 
investments.[Footnote 69] For example, Education has a documented 
policy, implemented in 2006, which states all IT initiatives must 
support and be aligned with the department's business objectives and 
strategic plan to minimize duplication.[Footnote 70] Further, in 2009 
the department revised its guidance to prioritize investments based on 
decisions from its Planning and Investment Review Working Group; it 
also made the Chief Information Officer responsible for the 
department's IT investment management process.[Footnote 71] 
Additionally, Education has established key oversight bodies to 
monitor and control IT investments. The Investment Review Board, whose 
membership represents the department's offices and critical areas, 
including acquisition, budget, IT management, and planning, is the 
executive decision-making body for investments, with responsibility 
for reviewing proposals and recommendations of the Chief Information 
Officer. According to Education, the Planning and Investment Review 
Working Group, whose membership includes senior managers with 
specialized knowledge and skills in the various disciplines that 
comprise the work of the department, assesses the effectiveness of 
Education's investment management process and provides recommendations 
for improving the process. These elements of Education's governance 
structure are consistent with IT investment management best practices. 
[Footnote 72] See appendix III for a description of Education's 
governance structure. 

While Education has developed guidelines to support IT investment 
management best practices, the department has not consistently 
conducted postimplementation reviews. An Education directive 
stipulates that postimplementation reviews are to be conducted during 
the evaluation phase of IT investments.[Footnote 73] 
Postimplementation reviews are used to evaluate whether the estimated 
return on investment was actually achieved and to identify lessons 
learned.[Footnote 74] Specifically, a postimplementation review should 
evaluate stakeholder and user satisfaction with the end product, 
mission impact, and technical capability, as well as provide decision 
makers with lessons learned so they can improve investment decision-
making processes. 

Of the 10 completed IT investments that we reviewed--representing 6 
department and 4 FSA investments--only 3 had undergone post 
implementation reviews. These three reviews were performed by FSA on 
its IT investments. The Education Chief Information Officer had not 
conducted postimplementation reviews for any of the six department 
investments that required such reviews.[Footnote 75] Moreover, the 
department had not finalized or approved the guidance for performing 
them. The department's 2005 IT investment management process guide 
reports that in 2004, Education outlined a process for conducting such 
reviews. According to the department, it postponed implementing this 
review process in February 2005 because other IT capital planning 
activities took priority. Further, an Education official stated that 
the department conducts operational analyses that satisfy the 
requirement to conduct postimplementation reviews. However, according 
to Education's own documentation, these reviews serve different 
purposes.[Footnote 76] Specifically, an operational analysis allows an 
agency to understand only how a particular investment is performing, 
whereas a postimplementation review is intended to improve the 
investment management process by identifying differences between 
estimated and actual investment costs and benefits and lessons learned 
for continuous improvements.[Footnote 77] By not performing 
postimplementation reviews of department-level investments, Education 
limits its ability to apply lessons learned from IT investments to 
improve the effectiveness of the department's overall IT investment 
management process. 

Education Has Taken Steps to Establish Its IT Information Security and 
Privacy Programs but Has an Unresolved Issue with Protecting Access to 
Data: 

Education has established an information security program that 
addresses key components of the Federal Information Security 
Management Act of 2002 (FISMA).[Footnote 78] FISMA was enacted into 
law on December 17, 2002, as Title III of the E-Government Act of 
2002.[Footnote 79] FISMA requires federal agencies to develop and 
implement an agencywide security program for the information and 
information systems that support the operations and assets of the 
agency. FISMA's eight key components include periodic risk assessment, 
risk-based policies and procedures, a security plan, security 
awareness training, periodic security testing, a remedial action 
process, security incident procedures, and continuity of operations 
plans. An Education OCIO official stated that the department has taken 
a number of steps to establish this program. We reviewed the 
department's security guidance, policies, and procedures and verified 
that Education has responded to key FISMA requirements that include, 
among other things, 

* developing, maintaining, and updating an inventory of major 
information systems operated by the department or under its control; 

* developing policies and procedures aimed at reducing information 
security risks; 

* providing security awareness training for agency personnel and 
contractors; 

* performing periodic testing and evaluation of the effectiveness of 
information security policies, procedures, and practices; and: 

* implementing a process for planning, implementing, evaluating, and 
documenting remedial action to address any deficiencies identified in 
its policies, procedures, and practices. 

Further, Education is responsible for protecting and controlling the 
personal information it collects to perform its missions.[Footnote 80] 
These laws and guidance define specific privacy responsibilities that 
include, for example, reviewing and evaluating the privacy 
implications of agency policies, regulations, and initiatives; 
producing reports on the status of privacy protections; and ensuring 
that employees and contractors receive appropriate training. 

The Education Senior Agency Official for Privacy stated that the 
department conducts assessments to ensure that personally identifiable 
information is adequately protected from inappropriate disclosure. 
[Footnote 81] In addition, this official stated that Education has 
developed a program that discusses privacy implications of agency 
policies, instructs employees to respond to possible privacy 
incidents, and describes training that employees and contractors are 
to receive. According to the officials, and our review of related 
department documentation and FISMA reporting, Education has taken the 
following specific actions: 

* Using a system to track notices to the public required under law 
about IT systems that maintain personal information.[Footnote 82] 

* Inventorying data assets, program offices to which they belong, and 
whether the assets store or contain personally identifiable 
information. 

* Developing guidance on privacy by creating several privacy 
directives and establishing a Social Security number best practices 
guide to address OMB guidelines.[Footnote 83] Education is taking 
steps to follow OMB's mandate to reduce and remove duplicative 
personally identifiable information and the use of Social Security 
numbers in its databases. For example, some Education organizations 
have retired systems or merged duplicate systems to reduce the use of 
Social Security numbers. 

According to Education officials and our review of related security 
guidelines, the department has taken steps to fulfill OMB 
organizational and reporting elements on privacy guidelines and 
statutory privacy requirements. In addition, as we have previously 
reported, a chief privacy officer is critical to serving as a focal 
point for a department's overall privacy responsibilities.[Footnote 
84] According to Education's Open Government Plan, it plans to 
establish a chief privacy officer to ensure that, as required by law, 
individual privacy is protected.[Footnote 85] A senior agency official 
for privacy said the department expects to have the position filled by 
January 2011. 

Nonetheless, although Education has taken important steps to improve 
security protections, it has not resolved a long-standing critical 
access control issue. In a memorandum dated June 23, 2006, OMB 
directed agencies to ensure that there are adequate controls over 
critical systems, such as Education's student loan and grants systems. 
[Footnote 86] A critical control measure that OMB recommended was two-
factor authentication, which improves the control over system access 
by using something the employee knows--a password or PIN--and 
something in the employee's possession--an authenticator or token--to 
identify users. In 2007 and again in 2009 Education's OIG found that, 
to protect privacy from an escalating threat and to manage risk to 
Education operations, the department and FSA should consider moving 
more quickly toward implementing two-factor authentication for all 
users (students, lenders, employees, contractors, and other third 
parties) because an uncertain number of accounts are vulnerable to 
threats. The 2009 OIG report recommended that the Chief Information 
Officer accelerate two-factor authentication for protecting the 
confidentiality, integrity, and availability of personally 
identifiable data residing on public Web sites. However, the 
department has not implemented this security measure. Implementation 
of this security measure is essential due to the increasing number of 
Pell grants and direct loans being administered by FSA. Education 
officials stated that they are currently taking steps to incorporate 
two-factor authentication into department system architectures and 
fund the implementation of two-factor authentication. A senior advisor 
at FSA provided us with the major milestones for implementing a two-
factor authentication for department employees by midsummer 2011. 

Conclusions: 

The U.S. Department of Education is tasked with responsibility over a 
broad array of complex federal education programs. In recent years, 
the federal role in education has expanded significantly, and with it, 
so have its responsibilities as staff resources have decreased. In 
order for Education to carry out its responsibilities, it must 
establish and carry out an effective set of management practices. Our 
work for this report in the key management areas we reviewed 
demonstrates that Education has, in general, addressed many of these 
challenges and worked to put in place a number of good management 
practices, but that there are several areas in which Education could 
build on its these efforts. 

With respect to strategic workforce planning, Education will be 
challenged to figure out how best to allocate its workforce to address 
its top priorities. To the extent that it can improve the quality of 
the workload data it uses to make decisions on how to allocate its 
staff, it will be in a better position to move quickly and decisively 
to address its changing priorities. Currently, Education's program 
offices use professional judgment to estimate workload, making it 
difficult to compare estimates across program offices. Until Education 
establishes a more consistent agencywide approach to developing 
workload estimates, the department may not be able to respond 
effectively to rapidly changing legislative demands or efficiently 
meet its strategic goals. In addition, Education recently implemented 
a new performance management system with many key improvements over 
its previous system. While it is critical that any performance 
management system ensure the consistency of ratings, Education's new 
system still lacks safeguards in this regard. Until Education 
systematically reviews decisions made by supervisors about performance 
standards or appraisals before they are finalized, Education cannot be 
certain that its performance management system treats employees 
consistently across the department. 

Education has designed internal controls to help ensure accountability 
over contract monitoring and Pell Grants, but does not have adequate 
assurance that FSA is following departmental contract monitoring 
policies. FSA is responsible for administering a number of large, 
complex contracts that play a key role in its ability to oversee and 
administer its financial student aid programs. Accordingly, it is 
critical for FSA to exercise full and proper oversight of these 
contracts. Until FSA develops guidance on how to file and retain 
deliverable inspection evidence, guidance on how to document contract 
monitoring activities and results, and quality control procedures such 
as formal supervisory reviews, assurances of documentation of contract 
monitoring do not exist, hindering effective oversight of FSA 
contracts. For Pell Grants, we did not identify any significant flaws 
in the overall design of controls. 

IT systems are critical to Education's ability to carry out its 
increasing workload. Although it has established important IT 
management controls, several challenges remain to ensure that the 
department is overseeing, managing, and modernizing IT to support its 
mission. Unless Education has an IRM strategic plan that is aligned 
with, and informed by, the current departmentwide strategic plan, and 
the IRM strategic plan describes how IT activities will fulfill key 
goals and department initiatives, Education may not comprehensively 
and effectively support its mission. Education also has not finalized 
guidance for, nor consistently performed, postimplementation reviews, 
which are critical to assessing IT investments. If the department does 
not conduct postimplementation reviews for IT investments, it cannot 
effectively incorporate experiences and lessons learned from system 
development efforts that may save the agency time and money. 

Recommendations for Executive Action: 

To build on Education's current efforts to improve human capital 
management, we recommend the Secretary of Education take the following 
two actions: 

1. Provide guidance to program offices on developing data-based 
estimates of workload, and incorporating these data into department 
workforce planning. This effort could include conducting an assessment 
of workload, developing an evidence-based estimate of staff needed to 
meet agency responsibilities using valid and reliable data, and using 
this estimate to inform agency budget requests and expenditures for 
human resources. 

2. Develop a formal process for reviewing performance standards and 
performance appraisal decisions to help ensure Education's performance 
management system is consistent across the department. For example, 
such a review could include an analysis of standards and appraisals 
for all Education employees over a 3 to 5 year cycle to assess whether 
performance standards and appraisal decisions are being applied 
consistently. 

To help improve contract monitoring controls, we recommend that the 
Secretary of Education direct the Chief Operating Officer of FSA to 
take the following three actions: 

1. Develop procedures that detail how to file and retain evidence 
demonstrating receipt and acceptance of contracted goods and services. 

2. Develop procedures that outline how contract monitoring activities 
and results should be documented, retained, and shared. 

3. Develop comprehensive quality control procedures that include 
guidance for review of contract files and contractor past performance 
reports to ensure that files are complete and contain documentation to 
evidence compliance with departmental contracting policies, including 
the following documents: 

* contractor performance evaluations, 

* contract monitoring plans, and: 

* contracting officers' representative appointment memoranda. 

We recommend the Secretary of Education build on Education's IT 
management efforts by directing the Chief Information Officer to take 
the following three actions: 

1. Ensure that during the strategic planning process, the IRM 
strategic plan is aligned with and informed by the department's 
strategic plan to eliminate any potential risk of major IT investments 
not supporting the department's most current priorities. 

2. Update the IRM strategic plan to reflect goals from the Open 
Government, Strategic Sustainability Performance, and Data Center 
Consolidation plans. 

3. Finalize and approve department guidance for implementing 
postimplementation reviews and conduct these reviews, where 
appropriate, to assess lessons learned and identify potential 
improvements to the IT management process. 

Agency Comments and Our Evaluation: 

We provided a draft of this report to Education for review and comment 
and received a written response, which is reprinted in appendix IV. 
Education agreed with our recommendations and highlighted several 
steps it has taken, or intends to take, to address issues raised in 
our report. For example, to improve human capital management, 
Education responded that it has already identified data that primarily 
impacts workload of formula and discretionary grant programs and that 
it plans to take several steps to improve the quality of its workload 
data and how it is used to inform decision making. In addition, 
Education plans to convene a working group this year to determine how 
best to conduct a review of all employees performance standards and 
appraisals. In response to our recommendation to improve contracting 
monitoring controls, Education generally agreed with our 
recommendations and noted that FSA will develop guidance to improve 
how it documents and retains contracting activities and to require 
contracting officers to inspect and document findings and corrective 
actions related to contracting officers' representatives' records. In 
addition, FSA said it will develop and document methods to address 
quality controls for contract files. In response to our recommendation 
to build on Education's IT management efforts, Education noted that it 
has already taken steps to align the IRM strategic plan with the 
department's strategic plan and other critical plans. Education plans 
to take further steps by updating the IRM Strategic plan with the 
latest department strategic plan once it is finalized and by providing 
greater detail in the IRM strategic plan on the goals of other 
critical plans. Finally, Education noted that, as a part of an effort 
to increase the portion of its IT portfolio dedicated to 
modernization, the department will release a post implementation 
review guide and begin conducting these reviews by the second half of 
fiscal year 2011, assuming projects are ready for that stage of 
review. We are encouraged that the department is implementing a 
process for conducting postimplementation reviews on future 
investments. However, it is important that such reviews also be 
performed on already-deployed systems, as five out of the six projects 
we reviewed were deployed over the last 4 years did not have 
postimplementation reviews performed. These reviews could help 
Education determine whether the estimated return on the department's 
investments was realized and identify any lessons learned. Education 
also provided technical comments that we incorporated as appropriate. 

We are sending copies of this report to the appropriate congressional 
committee and the Secretary of Education. In addition, the report will 
be available at no charge on GAO's Web site at [hyperlink, 
http://www.gao.gov]. 

If you or your staff have any questions about this report, please 
contact me at (202) 512-7215 or scottg@gao.gov. Contact points for our 
Offices of Congressional Relations and Public Affairs may be found on 
the last page of this report. GAO staff who made major contributions 
to this report are listed in appendix V. 

Sincerely yours, 

Signed by: 

George A. Scott:
Director, Education, Workforce and Income Security Issues: 

[End of section] 

Appendix I: Objectives, Scope, and Methodology: 

To describe the Department of Education's (Education) high-level 
management challenges, we reviewed documents detailing the shifting 
landscape faced by Education and how that may challenge the agency. 
These documents included Education's historical budget and staffing 
information, its fiscal year 2011 budget request, the Recovery Act, 
and the fiscal year 2009 through fiscal year 2012 workforce plan. We 
also reviewed grant award and student loan data. We assessed the 
reliability of Education data by interviewing agency officials 
knowledgeable about the data and determined that the data were 
sufficiently reliable for the purposes of this report. In addition, we 
examined the administration's proposal to reauthorize the Elementary 
and Secondary Education Act of 1965, which could include major changes 
to Education's role and responsibilities. We reviewed past GAO work 
and Office of Inspector General (OIG) work, including the fiscal year 
2011 Management Challenges. We conducted interviews with high-level 
Education officials with responsibility for overall management of the 
agency. We also interviewed officials at the Office of Management and 
Budget (OMB) and the Office of Personnel Management (OPM), and former 
high-ranking Education officials, to obtain their perspectives on key 
management challenges facing Education. 

To assess the extent to which Education has human capital strategic 
planning and management strategies to meet its needs, we focused our 
work on two key aspects of human capital management--strategic 
workforce planning and performance management. Both were identified as 
key areas of focus after our initial interviews with Education, former 
Education, OIG, and OMB officials, and after our review of the 2008 
Federal Human Capital Survey. We reviewed documents related to 
Education's strategic workforce planning and performance management 
efforts. The strategic workforce planning documents included 
Education's quarterly workforce review, Leadership Succession 
Management plan, corporate recruitment strategy, and Human Capital 
Management plan. The documents related to performance management 
included Education's current and former performance management 
policies, sample employee performance standards that were submitted to 
OPM using the Performance Assessment and Accountability Tool (PAAT), 
employee performance management system training modules, the 2008 
Federal Human Capital Survey results, and OPM's PAAT handbook. We also 
conducted interviews with officials responsible for the overall 
planning and management of Education's human capital efforts, and in 
five program offices--Office of Elementary and Secondary Education, 
Office of Postsecondary Education, Office for Civil Rights, Office of 
Special Education and Rehabilitative Services, and the White House 
Initiative on Educational Excellence for Hispanic Americans. These 
offices were selected based on the number of staff, the work functions 
of the employees in the office, and the results of the 2008 OPM 
Federal Human Capital Survey. In addition to four program offices with 
large staffs, we included a smaller office, the White House Initiative 
on Educational Excellence for Hispanic Americans, to capture the 
experience of officials from a smaller program office. We also 
interviewed a senior official from Education's labor union. We used 
criteria developed by GAO to assess Education's efforts to identify 
risks and implement improvements in human capital processes. For 
strategic workforce planning, we used a GAO report identifying key 
principles of strategic workforce planning--Human Capital: Key 
Principles for Effective Strategic Workforce Planning (GAO-04-39)--and 
the GAO Cost Estimating and Assessment Guide (GAO-09-3SP) that 
addresses the importance of workload data for estimating agency 
budgets. For performance management criteria, we used Results-Oriented 
Cultures: Creating a Clear Linkage between Individual Performance and 
Organizational Success (GAO-03-488). 

In the area of financial management, our objective was to determine 
whether the design of Education's internal controls was adequate to 
help provide accountability over (1) contracts and (2) student aid 
grants. Our review focused on key internal control activities at 
Education's Office of Federal Student Aid (FSA) because it administers 
student aid grants and incurred approximately 58 percent of 
Education's contract obligations in fiscal year 2009. Fiscal year 2009 
was the most recent year for which transactions for an entire fiscal 
year were available for our review. For contracts, we focused our 
review on the design of controls over contract monitoring because it 
has been a long-standing management challenge for the department. To 
obtain an understanding of the design of controls over FSA's contract 
monitoring process, we assessed applicable Education policies and 
procedures using governmentwide internal controls standards and 
interviewed FSA officials. To further understand the effect of 
identified design controls weaknesses, we selected a nongeneralizable 
sample of 15 active and 13 closed contracts and 2 closed interagency 
acquisitions from Education's Contracts Purchasing Support System. 
[Footnote 87] These 28 contracts and 2 interagency acquisitions had in 
total $171.5 million of contract obligations as of September 30, 2009. 
Contracts and interagency acquisitions selected were either closed in 
2009 or active in 2009, but could have been obligated since October 1, 
2006. The Departmental Directive defines contracts to include awards 
and notices of awards; job orders or task letters issued under basic 
ordering agreements; letter contracts; and orders, such as purchase 
orders, under which a contract becomes effective by written acceptance 
or performance. Therefore, our sample of 28 contracts may include job 
orders performed under the same vendor but treated as separate 
"contracts" under the Departmental Directive for contract monitoring 
purposes. To ensure that we reviewed monitoring controls over 
contracts and interagency acquisitions, hereafter referred to as 
acquisitions, with various award amounts, we sorted both the active 
and the closed acquisitions populations into five strata by obligated 
amount of the acquisitions. To maximize the total dollar value of the 
acquisitions included in our selection, we selected more acquisitions 
from strata with larger award amounts. In addition, we selected the 
acquisitions with the largest award amounts from each stratum. 

We focused on Pell Grants because it accounted for over 91 percent of 
all student aid grant disbursements in fiscal year 2009 and because a 
recent GAO study examined internal controls for other Education 
grants.[Footnote 88] To obtain an understanding of the design of 
controls over Pell Grants, we reviewed relevant Pell Grant policies 
and procedures using GAO's Standards for Internal Controls in the 
Federal Government[Footnote 89] and interviewed FSA officials. We also 
reviewed documentation such as process cycle memos and flowcharts 
related to the assessment of internal control activities over Pell 
Grant financial reporting, which was performed by FSA in accordance 
with OMB Circular No. A-123, Appendix A, Management's Responsibility 
for Internal Control Over Financial Reporting. To obtain an 
understanding of the scope and methodology of FSA's procedures related 
to the OMB Circular No. A-123 review process, we reviewed FSA's OMB 
Circular No. A-123 test plans and sampling methodology. Using a 
nongeneralizable sample selection,[Footnote 90] FSA's OMB Circular No. 
A-123 assessment covered financial reporting internal control 
activities from July 1, 2009, through June 30, 2010, including areas 
such as student eligibility, disbursements, and reconciliations. To 
validate the accuracy of the results issued by the FSA's OMB Circular 
No. A-123 assessment, we reperformed a selected number of FSA's 
sampled transactions for each one of its testing procedures. Our 
assessment did not include an evaluation of internal controls at 
schools that have a role in determining, and if necessary, verifying 
student eligibility and application data, and making accurate award 
computations and disbursements. 

To assess the extent to which Education has established management 
controls needed to oversee, manage, and modernize its information 
technology to support its mission, we reviewed strategic planning, 
investment controls, and information security and privacy plans for 
information technology (IT). We conducted interviews with officials 
responsible for IT functions in seven Education management and program 
offices: FSA; the Institute of Education Sciences; Office of 
Elementary and Secondary Education; Office of the Chief Information 
Officer; Office of Management; Office of Communications and Outreach; 
and Office of Planning, Evaluation, and Policy Development. We 
selected these six offices because they had at least one major IT 
investment. Additionally, we selected 12 investments representing 
approximately 73 percent of the department's total IT budget.[Footnote 
91] These investments are: 

* Migrant Student Information Exchange; 

* National Assessment of Educational Progress; 

* Contracts and Purchasing Support System; 

* Education Department Utility for Communications, Applications, and 
Technical Environment; 

* Budget Formulation and Execution Line of Business; 

* G-5 Grants Management; 

* Integrated Support Services; 

* EDFacts; 

* National Student Loan Data System (now Aid Data); 

* Enterprise Web Portals (now Enterprise IT Services); 

* Common Services for Borrowers (now Aid Servicing); and: 

* Common Origination and Disbursement (now Aid Delivery): 

We selected at least one major investment from each of the offices 
that had major IT investments to determine how department guidance is 
implemented at the system level. In making the selections, we 
considered whether the investments spanned multiple offices across 
Education; had potential IT security issues; called for major spending 
from Education's IT systems budget and were under development or 
operational. We also reviewed Education's Information Resource 
Management (IRM) strategic plan to determine the extent to which 
Education had included the critical elements, such as addressing all 
agency IRM requirements in its strategic plan as described in OMB 
Circulars A-11 and A-130. Further, to determine how effectively 
Education is identifying weaknesses and opportunities for improvement 
in investments throughout the systems development lifecycle, we 
reviewed relevant Education policies, procedures, guidance, and 
documentation. Specifically, we looked at its postimplementation 
review guide, investment board charters, budget documents, and project 
reviews and presentations. To assess the quality of Education's IT 
security program, we used requirements in the Federal Information 
Security Management Act of 2002 (FISMA) and relevant department and 
inspectors general reporting. We assessed Education's level of 
compliance with FISMA requirements by reviewing relevant Office of 
Inspector General (OIG) reports (including access controls and service 
continuity), and met with personnel from OIG, the Office of the Chief 
Information Officer, and other Education IT security personnel. We did 
not conduct our own assessment of the IT security program. However, to 
validate the information provided by the agency officials, we reviewed 
Education's (1) FISMA reporting and security risk levels of systems; 
(2) policies and procedures related to reducing security risks, 
including Education's certification and accreditation program; (3) 
incident reporting and handling processes to identify how the 
department was responding to security violations; and (4) security 
training materials and guidance to ascertain that the department had a 
program in place to respond to FISMA training requirements. To assess 
Education's privacy program, we interviewed officials responsible for 
privacy and reviewed Education's directives and guidelines on privacy 
to determine to what extent the department's privacy program 
implemented applicable laws and guidance. 

We conducted this performance audit from October 2009 to February 2011 
in accordance with generally accepted government auditing standards. 
Those standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe 
that the evidence obtained provides a reasonable basis for our 
findings and conclusions based on our audit objectives. 

[End of section] 

Appendix II: Summary of Changes to Education's Performance Management 
System, Implemented in 2010: 

Education's goal: Establish more transparency throughout process; 
EDPAS (Former system): During appraisal year, feedback emphasized 
between employee and supervisor at annual midpoint and rating period; 
REACH (Revised system): Feedback and communication emphasized between 
employee and supervisor over course of year. 

Education's goal: Establish more transparency throughout process; 
EDPAS (Former system): At midpoint review, a discussion between 
supervisor and employee occurred, and each signed performance plan to 
document the discussion; 
REACH (Revised system): Employee and supervisor provided a space in 
new software to write midpoint narratives so employee better 
understands midpoint status. 

Education's goal: Simplify process for employee and supervisor; 
EDPAS (Former system): Parts of the performance management process 
were paper-based; 
for example, performance plans had to be printed and signed; 
REACH (Revised system): New software makes the entire performance 
management process electronic. 

Education's goal: Improve performance standards; 
EDPAS (Former system): Did not require performance standards to be 
clear, specific, measurable goals aligned to organizational goals; 
REACH (Revised system): Each performance standard should be aligned, 
measurable, specific, realistic, time-based, and clearly define 
expected performance. 

Education's goal: Differentiate between levels of employee performance; 
EDPAS (Former system): Five-tier rating system for performance 
included unacceptable, minimally successful, successful, highly 
successful, and outstanding; 
REACH (Revised system): Four-tier rating system for performance 
includes unsatisfactory results, achieves results, achieves high 
results, and achieves exceptional results. 

Education's goal: Differentiate between levels of employee performance; 
EDPAS (Former system): Employees were eligible for performance awards 
at the highly successful and outstanding levels; 
REACH (Revised system): Employees are eligible for performance awards 
at the achieves results, achieves high results, and achieves 
exceptional results levels. 

Education's goal: Improve managers' understanding of responsibilities, 
and encourage employees to take active role in own professional 
development; 
EDPAS (Former system): New employees were provided orientation on 
EDPAS, and all employees encouraged to take performance management 
trainings when offered; 
REACH (Revised system): Required joint training for supervisors and 
employees on REACH, and a performance management toolkit is available 
as a reference for employees and supervisors. 

Source: GAO analysis of Education policies and procedures and 
interviews with Education officials. 

[End of table] 

[End of section] 

Appendix III: Education IT Governance Structure: 

The Office of the Chief Information Officer provides advice and 
assistance to the Secretary and other senior officials to ensure that 
IT is acquired and information resources are managed in a manner that 
is consistent with laws and executive orders. The capital planning and 
investment control is a decision-making process for ensuring IT 
investments integrate strategic planning, budgeting, procurement, and 
the management of IT in support of agency missions and business needs. 
Capital planning and investment control at Education consists of three 
phases: select, control, and evaluate.[Footnote 92] To carry out these 
responsibilities, Education has set up an IT governance process as 
shown in figure 5. 

Figure 5: Education IT Governance Process: 

[Refer to PDF for image: illustration] 

Top level: 
Secretary of Education. 

Second level, reporting to Secretary of Education: 
Chief Information Officer (CIO). 
* Investment Review Board (IRB); 
* Planning and Investment Review Working Group (PIRWG); 
* Enterprise Architecture Advisory Committee (EAAC); 
* Enterprise Architecture Review Board (EARB). 

Providing support to CIO: 
* Investment Acquisition Management Team (IAMT). 

Providing support to EAAC and EARB: 
* Enterprise Architecture Program Office (EAPO). 

Source: Department of Education. 

[End of figure] 

The IT governance process is managed through a review board and 
subordinate working groups. The Investment Review Board is the highest 
level decision-making body for the department's IT investment 
management process. Membership of the board includes the Deputy 
Secretary, Chief Information Officer, Assistant Secretary for 
Management, Chief Financial Officer, Director of Budget, Senior 
Counselor to the Secretary of Federal Student Aid, and additional 
principal officers of the department representing business units. It 
meets quarterly, or more frequently if required, to support the IT 
investment management process. The Investment Review Board sets the 
priorities and objectives used to assess IT initiatives and oversees 
the entire IT portfolio. During the select phase, the Investment 
Review Board receives funding recommendations from the Planning and 
Investment Review Working Group. Upon Investment Review Board 
approval, the IT portfolio is submitted to OMB as part of Education's 
budget request. 

The Planning and Investment Review Working Group is comprised of 
senior managers with specialized knowledge and skills in the various 
disciplines that comprise the work of the department. It meets 
monthly, or more frequently if required, to support the IT investment 
management process, the Chief Information Officer, and the Investment 
Review Board. Members represent the department's principal offices and 
critical areas including acquisition, budget, information technology 
management, and planning. During the select phase, the Planning and 
Investment Review Working Group reviews candidate investments and 
makes funding recommendations to the Investment Review Board. The 
working group reviews the IT portfolio from a departmentwide 
perspective and makes recommendations to the Chief Information Officer 
to inform decisions on selecting, controlling, and evaluating 
investments. 

The Enterprise Architecture Advisory Committee meets quarterly to 
develop and maintain segment architectures, propose business 
modernization and shared service investments to the Planning and 
Investment Review Working Group, assess opportunities for IT reuse and 
collaboration, and review the department's IT portfolio for enterprise 
architecture compliance. The Enterprise Architecture Advisory 
Committee is comprised of senior managers from the principal office 
responsible for supporting a segment of the department's enterprise 
architecture. 

The Enterprise Architecture Review Board maintains the department's 
technical standards and conducts reviews in accordance with the 
department's lifecycle management framework. 

The Investment and Acquisition Team is responsible for developing and 
implementing strategies and programs designed to enhance the 
department's OMB Exhibit 300 business case preparation and capital 
investment management and planning and for day-to-day oversight of its 
capital planning and investment control processes. The Investment and 
Acquisition Team reports to Information Technology Program Services, 
which in turn reports to the Chief Information Officer.[Footnote 93] 

The Enterprise Architecture Program Office is responsible for 
maintaining the departmental enterprise architecture, which includes 
reviewing all IT investments and making recommendations to the 
Planning and Investment Review Working Group. 

FSA Has Additional Responsibilities for IT Governance: 

FSA is responsible for administration of the information and financial 
systems that support student financial assistance programs. As a 
performance-based organization, FSA has been given independent control 
of its budget allocations and expenditures, personnel decisions and 
processes, procurements, and other administrative and management 
functions. FSA has also established a separate investment review board 
to provide oversight of its investment management and ensure effective 
utilization of investment dollars and human capital. 

[End of section] 

Appendix IV: Comments from the Department of Education: 

United States Department Of Education: 
The Deputy Secretary: 
400 Maryland Ave. S.W. 
Washington, DC 20202: 
[hyperlink, http://www.cd.gov] 

January 24, 2011: 

Mr. George Scott: 
Director, Education, Workforce, and Income Security Issues: 
Government Accountability Office: 
441 G Street, NW: 
Washington, DC 20548: 

Dear Mr. Scott: 

I am writing in response to your request for comments on the U.S. 
Government Accountability Office's (GAO's) draft report (GAO-11-194) 
dated January 2011, entitled "Department of Education: Improved 
Oversight and Controls Could Help Education Better Respond to Evolving
Priorities." I appreciate the opportunity to comment on the draft 
report on behalf of the U.S. Department of Education (the Department).
The Department takes very serious') its stewardship role in 
administering all of its programs. including those newly created by 
significant legislation such as the American Recovery and Reinvestment 
Act of 2009 (ARRA). Over the last two years. our workforce effectively 
administered grantmaking at an unprecedented scale and level of 
complexity. In addition. during this time. the Department also 
successfully completed the transition to direct student loans. We 
wholeheartedly agree that continuous improvement is key to meeting the 
evolving needs of the Department and to further enhancing the impact. 
We must also ensure our infrastructure is able to meet the demands of 
this increased responsibility, and acknowledge GAO's recognition of 
this effort and recommendations for improvement. The Department's 
responses to the report's recommendations follow. 

Recommendation Area 1: To build on Education's current efforts to 
improve human capital management, we recommend the Secretary of 
Education: 

1. Provide guidance to program offices on developing data-based 
estimates of workload, and incorporating these data into department 
workforce planning. This effort could include conducting an assessment 
of workload, developing an evidence-based estimate of staff needed to
meet agency responsibilities using valid and reliable data, and using 
this estimate to infOrm agency budget requests and expenditures for 
human resources. 

Generally, the Department agrees with GAO's recommendation. It is 
important to note that developing a set of workforce planning tools 
and algorithms to accurately forecast new and/or shifting resource 
needs, changing skill requirements, and potential process 
"bottlenecks" is complex and resource intensive. It also requires 
specific expertise that is not widely available within the Department. 

Many complex variables govern the work of the Department. These 
variables include items that are quantitative and predictable (e.g., 
number of new grants) on the one hand, and subjective, nuanced, or 
outside of the Department's control on the other (e.g., timing of 
final appropriation, need for and complexity of supporting 
regulations). We have discovered that these complexities present many 
challenges in creating useful Department workload models. In addition 
to these challenges, we also have limited resources — dollars and 
staffing — to take the Department's current workload analysis efforts 
to the next level of rigor. Despite these and other challenges, and 
compared to other federal agencies, the Department has demonstrated 
exemplary performance over the past several years in the effective use 
and distribution of taxpayer dollars. We are entrusted with more 
program dollars per FTE (Full Time Equivalent) than any other 
government agency with the third largest discretionary appropriation 
and a direct loan program. As noted by GAO, we were able to shift our 
workforce to meet the demands of ARRA. These achievements have been 
the result, in part, of unprecedented work in the Department over the 
past several years, which included the development of an FTE model to 
assess workload impact. 

Initial Department efforts to improve workload analysis primarily 
focused on identifying "key drivers" of work for the Department's 
formula and discretionary grant programs. Based on interviews with the 
Department's grantmaking experts, an initial set of workload drivers 
were identified. These drivers are basic data elements, including 
program dollar size, the number of new and continuing awards 
distributed each year, the frequency of grant competitions, the 
complexity of the grant competitions, and the number of site visits 
performed. Subjective drivers were also identified, including the 
level of innovation and/or flexibility that exists in the grant 
program. 

With an acknowledgment that the Department has limited resources to 
develop and implement a workload analysis system that fully integrates 
Department-wide human capital, operations, and cost data, we are 
determined to make continued progress. Our next steps include: 

* Building on the Department's Budget Service's fiscal year (FY) 2010 
workload project, categorizing, and analyzing grant work by common 
program characteristics (that is, grouping common workload drivers 
among the Department's program offices); 

* Analyzing the results of in-process workload data studies 
commissioned by program offices (i.e., Office of Special and Education 
and Rehabilitative Services and Office of Elementary and Secondary 
Education) for Department-wide application; and; 

* Developing grantmaking workload activity "standards." 

The Office of Management, Human Capital and Client Services will 
continue collaborating with the Department's Budget Service, program 
offices, and other Department support offices to develop workload 
guidance to be used across the Department. Additional specific actions 
will include appropriately reclassifying positions from the current 
343-Management and Program Analyst series to the 1109-Grants 
Management series established by the Office of Personnel Management in 
November 2010. Updating grants management position descriptions and 
gathering more reliable data around full-time equivalents in this 
series will lead to more effective workload modeling and workforce 
planning in the critical grants management area. 

2. Develop a formal process for reviewing performance standards and 
performance appraisal decisions to help ensure Education's performance 
management system is consistent across the department. For example, 
such a review could include an analysis of standards and appraisals 
for all Education employees over a 3 to 5 year cycle to assess whether 
performance standards and appraisal decisions are being applied 
consistently. 

Performance management in government has been historically 
challenging. This is especially true in four primary areas: aligning 
performance expectations with strategic goals and operational 
priorities, developing standards that are quantifiable and measurable, 
calibrating across these standards to consistently identify varying 
levels of performance, and reliably assessing performance against 
these standards. 

The Department's approach over the past several years has been to 
improve strategic alignment and development of standards for both 
organizational and individual commitments. We have established 
organizational metrics that set expectations for each business unit 
and serve as the basis for organizational performance ratings. This 
Organizational Assessment ("OA") tool provides for a quantitative and 
qualitative review, and provides a link to strategic and operational 
priorities. We have begun to change the performance culture for all 
employees with a greater focus on measurable results aligned to 
organizational and strategic priorities. This coincides with the 
launch of a redesigned performance appraisal system called REsults 
ACHieved ("REACH") for the FY 2011 performance cycle. As part of this 
launch, the Department provided manager training on setting 
expectations and creating an effective performance management culture. 
We are also providing performance plan coaching for supervisors and 
employees on writing effective performance plans with standards that 
are specific, measurable, aligned, realistic, and time-based. In the 
FY 2010 performance cycle, the Department became a leader in 
government by explicitly basing a percentage of the senior executives' 
individual bonuses on their organizations' performance rating. In FY 
2011, we will explore extending this practice that aligns individual 
and organizational performance to all employees. 

The Department agrees with GAO's recommendation that we should also 
incorporate a review process. We have recently developed written 
policy and reached agreement with the union to conduct ongoing 
assessments of REACH. We will convene a joint working group this year 
to determine how best to conduct this review. At a minimum, we expect 
that it will include a review of 100 percent of our employees over a 5-
year period. as suggested by GAO. We will continue our efforts to 
enhance and improve performance management across the Department. 

Recommendation Area 2: To help improve contract monitoring controls, 
we recommend that the Secretary of Education direct the Chief 
Operating Officer of FSA to: 

1. Develop procedures that detail how to file and retain evidence 
demonstrating receipt and acceptance of contracted goods and services.
The Department agrees with GAO's recommendation as it pertains to 
activities preceding receipt and acceptance. FSA successfully adjusted 
its contracting activities to meet the requirements of both the 
Ensuring Continued Access to Student Loans Act and the Student Aid and 
Fiscal Responsibility Act, §2212 of the Health Care and Education 
Reconciliation Act. Our work has included significant effort to 
renegotiate existing contracts and also put in place new contracts 
such as Title IV Additional Servicer vehicles. Altogether, over the 
past two years FSA has seen nearly a 50 percent increase in contract 
spending for which it is accountable without a corresponding growth in 
staff and absent additional investment in contract management 
information technology systems. Given the significant role of 
contracting in delivering FSA's mission, we appreciate GAO's 
acknowledgment that we appropriately utilize the Financial Management 
Support System (FMSS) to capture evidence of receipt and acceptance of 
our contracted goods and services. We also engage in a variety of 
activities preceding entry of receipt and acceptance. We agree with 
GAO's finding that its reviewers were not able to efficiently validate 
information about these activities without direct intervention by the 
Contracting Officer (CO) or Contracting Officer's Representative (COR). 

We do not currently have guidance on how to document and retain 
artifacts of activities preceding receipt and acceptance. 
Consequently, the Department will develop guidance that details how to 
file and retain receipt and acceptance supporting documents in the 
contract and COR files to supplement what we capture in FMSS. The 
procedures will be prepared for distribution to each COR and CO, and 
COs will be directed to include a copy of the procedures as an 
attachment to each COR appointment letter. A copy of this guidance 
will also be distributed as part of the on-boarding process for each 
incoming Contract Specialist or CO. 

Furthermore, the Department will investigate whether the commercial 
application of FMSS includes features that would enable either the 
linking to, or storage of, additional recordation or documentation. 
Funding for alternative procurement management packages that may 
provide these important features or functions is not currently 
included in the budget. 

2. Develop procedures that outline how contract monitoring activities 
and results should be documented, retained, and shared.
The Department agrees with GAO's recommendation. GAO noted 
considerable evidence of FSA's contract monitoring activities, 
including many of the practices identified in the Office of Federal 
Procurement Policy's Guide to Acquisition Best Practices. These 
practices include the use of Service-Level Agreements, incentive and 
disincentive contract terms, and Quality Surveillance Assurance Plans. 
Nevertheless, we share GAO's vision for continuous improvement in this 
area. GAO's recommendation is especially timely considering the 
increased mobility of the acquisition workforce. Without clear 
guidance on how monitoring activities must be documented, the 
potential exists for knowledge of important contract events to be lost 
when personnel leave the organization. 

Information pertaining to contract monitoring activities will be 
included in the guidance identified in Recommendation 1. In addition, 
Federal Student Aid will issue guidance requiring COs to inspect COR 
records, document their review findings and require corrective 
actions, if appropriate, at least annually. 

3. Develop comprehensive quality control procedures that include 
guidance for review of contract files and contractor past performance 
reports to ensure that files are complete and contain documentation to 
evidence compliance with departmental contracting policies. including 
the following documents: 

* Contractor performance evaluations, 

* Contract monitoring plans, and, 

* Contracting officer's representative appointment memoranda. 

The Department agrees with GAO's recommendation. We understand the 
importance of full accountability in ensuring that taxpayer dollars 
are appropriately leveraged through contracts to achieve the 
Department's mission. Federal Student Aid's increased spending on 
contracts over the past few years has been substantially due to the 
passage of significant legislation such as the Ensuring Continued 
Access to Student Loans Act, the Student Aid and Fiscal Responsibility 
Act, and §2212 of the Health Care and Education Reconciliation Act. 
Because of these additional requirements, we are assessing the need 
for additional tools and guidance, and greater management oversight, 
to ensure contract files include all required documentation. Federal 
Student Aid will continue to use historically effective quality 
control procedures such as Contract Review Boards, Contract Management 
Reviews, and soon-to-be implemented peer reviews. Likewise, FSA will 
work to make better use of data contained in acquisition systems to 
effect improvements in this area. 

GAO's review documented limited incidences of missing performance 
evaluations and COR appointment memoranda. Even so, we share in GAO's 
goal of consistent documentation of all contract monitoring 
activities. To achieve this goal, we shall implement greater internal 
controls to improve assurances that all required documentation is 
included in contract files. Past performance records will be monitored 
to ensure evaluations are prepared on a timely basis. The Department's 
Administrative Communications System Directive on contract monitoring 
will be revisited with acquisition personnel, as will the issue of COR 
appointment memoranda. FSA will also develop and document methods to 
address quality control at all obligation levels. 

Recommendation Area 3: We recommend the Secretary of Education build 
on Education's IT management efforts by directing the Chief 
Information Officer to: 

1. Align the IRM strategic plan with the department's strategic plan 
to eliminate any potential risk of major IT investments not supporting 
the department's most current priorities. 

The Department concurs with GAO's recommendation and has addressed 
this issue. Alignment between the Department's published Strategic 
Plan and the IRM Strategic Plan is demonstrated in section 3.1 of the 
current (September 2010) release of the IRM Strategic Plan. The agency 
will update the IRM Strategic Plan to reflect the latest Department 
Strategic Plan. During the interim, risks related to the misalignment 
of dates between the IRM and Department strategic plans were discussed 
in the Planning and Investment Review Working Group (PIRWG) and the 
Investment Review Board (IRB). Agency officials determined that the 
modernization plans adequately conveyed current goals and priorities 
and mitigated the risk of selecting investments that did not align 
with the Department's current priorities. Further, the Department 
supports the use of modernization plans based on IT category or 
"segments," such as grants management and 1T security. These plans 
ensure a better alignment of investments and allow more precise 
allocation of IT resources to key milestones that accomplish the 
Department's mission. 

2. Update the IRM strategic plan to reflect goals from the Open 
Government, Strategic Sustainability Performance, and Data Center 
Consolidation plans. 

The Department concurs with the recommendation and will address in 
greater detail the contents of each of these plans. Each of these 
plans received significant internal review by the appropriate subject 
matter experts, and each plan received positive feedback from external 
reviewers in the public and private sectors. The Department recognizes 
that timing of updates to each of these documents presents a 
significant challenge to continuous alignment with the IRM Strategic 
Plan; however, the benefit of ensuring that IT resources are most 
effectively and efficiently applied to the highest priorities of the 
Department is our goal. Specifically, the Office of the Chief 
Information Officer (OCIO) will collaborate more broadly among the 
subject matter experts, leveraging internal working groups to address 
the contents of the Open Government, Strategic Sustainability 
Performance, and Data Center Consolidation plans in the FY 2011 update 
to the IRM Strategic Plan. 

3. Finalize and approve department guidance for implementing post 
implementation reviews and conduct these reviews, where appropriate, 
to assess lessons learned and identify potential improvements to the 
IT management process. 

The Department concurs with the recommendation. GAO's review 
documented that the Department has not conducted post-implementation 
reviews. Over the last several years, the Department's IT portfolio 
has been dominated by maintenance of current systems. Many of these 
systems have been operating successfully for more than a decade. In FY 
2009, the Deputy Secretary and Investment Review Board Chair 
established the goal of increasing the portion of the IT portfolio 
dedicated to enhancements and modernization. As a result of this 
effort, the agency will have new capabilities deployed in FY 2011. 
Concurrent with the deployment of these new capabilities, the OCIO 
will deploy procedures to conduct post-implementation reviews. The 
Department is on schedule to release the post-implementation review 
guide and template in January 2011. The OCIO plans to begin conducting 
these reviews by the second half of FY 2011, assuming projects are 
available in that stage of the lifecycle. 

We appreciate the opportunity to review the draft report and comment 
on the recommendations. If you have any questions or concerns 
regarding our response, please have your staff members contact Beverly 
Ortega Babers at (202) 205-0167. 

Sincerely, 

Signed by: 

Anthony W. Miller: 

[End of section] 

Appendix V: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

George A. Scott, (202) 512-7215 or scottg@gao.gov: 

Staff Acknowledgments: 

Bryon Gordon, Assistant Director; Scott Spicer, analyst-in-charge; and 
Sheranda Campbell managed this assignment. Alise Nacson and Leigh Ann 
Sennette also made significant contributions to the human capital 
component of the project. Kay Daly, Elizabeth Martinez, Rathi Bose, 
Chau Dinh, and Rebecca Riklin managed the Pell Grants and contracts 
component of this assignment. Judy Lee, Pierre Kamga, and Joshua 
Edelman also made contributions to the Pell Grants and contracts work. 
Valerie Melvin, Christie Motley, and Charles Youman managed the 
information technology component of this assignment, and Rebecca 
Alvarez, Cortland Bradford, Neil Doherty, Scott Pettis, and Bradley 
Roach also made contributions to the information technology work. 
Additionally, Susan Aschoff, Rebecca Eyler, Janice Latimer, Steven 
Lozano, Jean McSween, James Rebbe, Karen Richey, and William Woods 
aided in this assignment. 

[End of section] 

Footnotes: 

[1] Discretionary appropriations refers to budgetary resources that 
are provided in appropriation acts, other than those that fund 
mandatory programs. Mandatory spending refers to budget authority that 
is provided in laws other than appropriations acts and the outlays 
that result from such budget authority. Discretionary appropriations 
constituted most of Education's budget in fiscal year 2009. 

[2] Pub. L. No. 111-5, 123 Stat. 115 (2009). 

[3] These offices were selected based on the number of staff, the work 
functions of the employees in the office, and the results of the 2008 
OPM Federal Human Capital Survey. 

[4] Fiscal year 2009 was the most recent year for which transactions 
for an entire fiscal year were available for our review. 

[5] We selected 15 active and 13 closed contracts and two closed 
interagency acquisitions based on award amounts to ensure we reviewed 
monitoring controls over contracts and interagency acquisitions with 
various award amounts while still maximizing the total dollar value of 
contracts and interagency acquisitions included in our selection. The 
active contracts population consisted of 309 contracts and interagency 
acquisitions obligated since October 1, 2006, and active as of 
September 30, 2009. The closed contracts population consisted of 233 
contracts and interagency acquisitions obligated since October 1, 
2006, and closed in fiscal year 2009 (from October 1, 2008 to 
September 30, 2009). 

[6] According to the Federal Acquisition Regulation, interagency 
acquisitions are procedures by which an agency needing supplies or 
services obtains them from another agency by an assisted or direct 
acquisition. 

[7] GAO, Grant Monitoring: Department of Education Could Improve Its 
Processes with Greater Focus on Assessing Risks, Acquiring Financial 
Skills, and Sharing Information, [hyperlink, 
http://www.gao.gov/products/GAO-10-57] (Washington, D.C.: Nov. 19, 
2009). 

[8] GAO, Standards for Internal Control in the Federal Government, 
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] 
(Washington, D.C.: November 1999). 

[9] We selected six offices because they had at least one major IT 
investment. The Office of Management was included because of the 
office's privacy-related responsibilities. 

[10] We selected at least one major IT investment (obligating more 
than $500,000 annually) from each of the offices that had major IT 
investments to determine how department guidance is implemented at the 
system level. In selecting these investments we considered whether the 
investments span multiple offices across Education, had potential IT 
security issues, called for major spending from Education's IT systems 
budget, and were under development or operational. 

[11] Department of Education Organization Act, Pub. L. No. 96-88, 93 
Stat. 668 (1979). 

[12] Pub. L. No. 101-576, 104 Stat. 2838 (1990). 

[13] 31 U.S.C. § 3512(c), (d). 

[14] Department of Education, FY 2009 Agency Financial Report (Nov. 
16, 2009). 

[15] 20 U.S.C. § 1070 et seq. These postsecondary programs include the 
William D. Ford Federal Direct Loan Program, the Federal Family 
Education Loan Program, Pell Grants, and certain campus-based programs. 

[16] An obligation is a definite commitment that creates a legal 
liability of the government for the payment of goods or services 
ordered or received, such as a contract, and federal agencies must 
record and report obligations as part of their system for tracking 
federal funds. For more details on methods of tracking federal funds, 
see appendix III of GAO, A Glossary of Terms Used in the Federal 
Budget Process, [hyperlink, http://www.gao.gov/products/GAO-05-734SP] 
(Washington, D.C.: September 2005). 

[17] 48 C.F.R. ch. 1. 

[18] FSA's contracting officers are part of FSA's Acquisition Group. 

[19] The Federal Pell Grant Program provides need-based grants to low- 
income undergraduate and certain postbaccalaureate students to promote 
access to postsecondary education. Students may use their grants at 
any one of nearly 5,400 participating schools. The Pell Grant award 
year begins on July 1 and ends on June 30 of the following year, which 
differs from the October 1 to September 30 federal fiscal year. 

[20] A major investment is defined in OMB Circular A-11 as a financial 
management investment obligating more than $500,000 annually. 
Additionally, such an investment may be a system or acquisition 
requiring special management attention because of its importance to 
the mission or function of the agency, a component of the agency, or 
another organization. OMB, Preparation, Submission, and Execution of 
the Budget, Circular A-11 (Washington, D.C., July 21, 2010). 

[21] For the three largest programs under the Recovery Act, recipients 
must obligate all funds by September 30, 2011. Education is 
responsible for monitoring the use of these funds. 

[22] According to an Education financial report, nearly all of 
Education's nonadministrative appropriations support grants or loans 
for K-12 and higher education. In fiscal year 2009, administrative 
expenditures were less than 1 percent of the department's 
appropriations. 

[23] The number of grants awarded excludes Pell Grants because these 
grants are funded with both discretionary and mandatory funds. 
However, FSA reported a nearly 60 percent increase in the amount of 
aid disbursed to students in fiscal year 2010 compared to 2009. 

[24] In March 2010, the Health Care and Education Reconciliation Act 
of 2010 (Pub. L. No. 111-152, 124 Stat. 1029 (2010)) terminated 
authority as of June 30, 2010, for the Federal Family Education Loan 
Program, under which nonfederal lenders made student loans guaranteed 
by the federal government. Instead, borrowers who would have been 
eligible to receive these loans can receive loans made directly by 
Education. However, those outstanding loans made by nonfederal lenders 
and guaranteed repayment by the federal government after that date 
will continue under the same structure with FSA oversight for possibly 
30 years, depending on the repayment plan. 

[25] Higher Education Opportunity Act, Pub. L. No. 110-315, 122 Stat. 
3078 (2008). 

[26] Consolidated Appropriations Act, 2010, Pub. L. No. 111-117, 123 
Stat. 3034 (2009). 

[27] GAO, Recovery Act: Opportunities to Improve Management and 
Strengthen Accountability over States' and Localities' Uses of Funds, 
[hyperlink, http://www.gao.gov/products/GAO-10-999] (Washington, D.C.: 
Sept. 20, 2010). 

[28] GAO, Low-Income and Minority Serving Institutions: Sustained 
Attention Needed to Improve Education's Oversight of Grant Programs, 
[hyperlink, http://www.gao.gov/products/GAO-10-659] (Washington, D.C.: 
May 27, 2010), and Grant Monitoring: Department of Education Could 
Improve Its Processes with Greater Focus on Assessing Risks, Acquiring 
Financial Skills, and Sharing Information, [hyperlink, 
http://www.gao.gov/products/GAO-10-57] (Washington, D.C.: Nov. 19, 
2009). 

[29] Department of Education, Office of Inspector General, FY 2011 
Management Challenges (October 2010). 

[30] In fiscal year 2010, 93 percent of contracts obligations were IT 
related. 

[31] Department of Education, A Blueprint for Reform: The 
Reauthorization of the Elementary and Secondary Education Act (March 
2010). 

[32] GAO, Human Capital: Key Principles for Effective Strategic 
Workforce Planning, [hyperlink, http://www.gao.gov/products/GAO-04-39] 
(Washington, D.C.: Dec. 11, 2003). These principles include: (1) 
involving top management, employees, and other stakeholders in the 
strategic workforce plan; (2) determining skills and competencies 
needed in the future workforce to meet the organization's goals and 
identifying gaps in skills and competencies; (3) developing strategies 
tailored to address these gaps; (4) building the capability to address 
these gaps; and (5) monitoring and evaluating the agency's progress 
toward its human capital goals and the contribution that human capital 
results have made toward achieving programmatic results. 

[33] Senior-level officials include the Assistant Deputy Secretary, 
the Chief Human Capital Officer, and the Chief Financial and Budget 
Officer. 

[34] [hyperlink, http://www.gao.gov/products/GAO-04-39]. 

[35] [hyperlink, http://www.gao.gov/products/GAO-04-39]. 

[36] GAO, GAO Cost Estimating and Assessment Guide: Best Practices for 
Developing and Managing Capital Program Costs, [hyperlink, 
http://www.gao.gov/products/GAO-09-3SP] (Washington, D.C.: March 2009). 

[37] This survey is a tool that gauges the attitudes and impressions 
of federal employees in four areas of their work: leadership and 
knowledge management, results-oriented performance culture, talent 
management, and job satisfaction. The survey was first implemented in 
2002 and is conducted every 2 years. 

[38] GAO, Results-Oriented Cultures: Creating a Clear Linkage between 
Individual Performance and Organizational Success, [hyperlink, 
http://www.gao.gov/products/GAO-03-488] (Washington, D.C.: March 2003). 

[39] Education refers to the satisfactory appraisal level as "achieves 
results." 

[40] [hyperlink, http://www.gao.gov/products/GAO-03-488]. 

[41] The PAAT is used to evaluate an agency's performance system to 
determine how well appraisal systems meet OPM's criteria for the 
design, implementation, and results expected for effectiveness. 

[42] Under 5 C.F.R. § 430.210, OPM determines whether an appraisal 
system meets applicable law, regulation, or OPM policy and, if not, 
directs an agency to implement an appropriate system or to take other 
corrective action. 

[43] GAO, Human Capital: DOD Needs to Improve Implementation of and 
Address Employee Concerns about Its National Security Personnel 
System, [hyperlink, http://www.gao.gov/products/GAO-08-773] 
(Washington, D.C.: Sept. 10, 2008). 

[44] GAO, Financial Regulators: Agencies Have Implemented Key 
Performance Management Practices, but Opportunities Exist for 
Improvement, [hyperlink, http://www.gao.gov/products/GAO-07-678] 
(Washington, D.C.: June 18, 2007). 

[45] Our work focused on Pell Grants because it accounted for over 91 
percent of all student aid grant disbursements in fiscal year 2009 and 
a recent GAO study examined internal controls for other Education 
grants. For more information, see GAO, Grant Monitoring: Department of 
Education Could Improve Its Processes with Greater Focus on Assessing 
Risks, Acquiring Financial Skills, and Sharing Information, 
[hyperlink, http://www.gao.gov/products/GAO-10-57] (Washington, D.C.: 
Nov. 19, 2009). 

[46] U.S. Department of Education, Financial Management and 
Accountability, Procedure for Performing Contractor Performance 
Evaluation (CO-107) (May 4, 2006) and U.S. Department of Education, 
Financial Management and Accountability, Procedure for Writing and 
Implementing a Contract Monitoring Plan (CO-111) (Revised on June 4, 
2007). 

[47] Education's Departmental Directive, OCFO 2-108, defines contracts 
as awards and notices of awards; job orders or task letters issued 
under basic ordering agreements; letter contracts; orders, such as 
purchase orders, under which a contract becomes effective by written 
acceptance or performance; and bilateral contract modifications. 
Therefore, our selection of contracts may include purchase orders or 
new task orders for the same original contract. This guidance further 
provides that each task order should be treated as a separate contract 
and should be monitored according to the guidance in this directive. 

[48] U.S. Department of Education, Office of Inspector General, 
Controls Over Contract Monitoring for Federal Student Aid Contracts, 
ED-OIG/A19G0006 (Aug. 24, 2007). 

[49] FSA Acquisition Policy Letter, Invoice Payment Procedure, ACQ-07- 
001, provides that the contracting officers' representatives shall 
identify, through e-mail, to the contracting officers those 
deliverables that do not conform to the contract requirements. FSA 
management does not have guidance on retaining these e-mails. 

[50] FSA Acquisition Policy Letter, Contract Records File Management, 
ACQ-08-001. 

[51] Education's Departmental Directive provides that the contracting 
officer's representative shall use his or her judgment to determine if 
any of the contractor's actions are significant and worthy of 
documentation. 

[52] Contracting officers' representatives report to applicable FSA 
program offices and perform contract management duties, as assigned, 
including monitoring individual contracts to ensure technical 
performance of a contractor and inspecting and making recommendations 
to the contracting officer on actions related to invoices and 
deliverables. Contracting officers' representatives are designated but 
not supervised by contracting officers who are part of FSA's 
Acquisition Group. 

[53] According to Education's guidance on performing contractor 
evaluations, contracting officers and contracting officers' 
representatives must complete contractor performance evaluations 
annually and at the completion of a contract in excess of $100,000. 
Our nongeneralizable sample included 11 contract and interagency 
acquisition files that were obligated for less than the simplified 
acquisition threshold of $100,000 and, therefore, did not require 
annual contractor performance evaluations. 

[54] Our sample included two interagency acquisitions that were 
government printing acquisitions under subpart 8.8 of the Federal 
Acquisition Regulation. According to an agency official, the 
Departmental Directive is not applicable to interagency acquisitions 
including government printing acquisitions. For interagency 
acquisitions, generally, section 17.502-1(b) of the Federal 
Acquisition Regulation requires agencies to define in advance the 
roles that the requesting and servicing agencies will take with regard 
to contract administration and management. 

[55] A contract monitoring plan is a written document outlining how 
the department will manage a contract from award to the completion of 
the contract period. A contract monitoring plan is usually prepared by 
the contracting officer or contracting specialist in coordination with 
the contracting officer's representative and lists the key performance 
objectives to monitor the effectiveness and efficiency of the contract. 

[56] Education's Departmental Directive provides that contracting 
officers' representatives responsible for monitoring individual 
contracts must be appointed in writing by the contracting officer 
through an appointment memorandum. The Departmental Directive also 
states that no program official can act on a contracting officer's 
behalf, or perform any duties normally reserved for the contracting 
officer's designee, without specific written delegation of authority 
from the contracting officer for that particular contract. 

[57] Department of Education, Office of Inspector General, Touro 
College's Title IV, Higher Education Act Programs, Institutional and 
Program Eligibility (Oct. 30, 2008). Department of Education, Office 
of Inspector General, TUI University's Administration of Higher 
Education Act, Title IV Student Financial Assistance Programs (Aug. 5, 
2009). 

[58] U.S. Department of Education, FY 2010 Agency Financial Report 
(Nov. 15, 2010). 

[59] An improper payment is defined as any payment that should not 
have been made or that was made in an incorrect amount (including 
overpayments and underpayments) under statutory, contractual, 
administrative, or other legally applicable requirements. 

[60] Deficiencies included, for example, the lack of a signature on a 
form documenting that a participating school should not receive funds 
and deficiencies in FSA's tracking of annual audit reports required of 
participating schools. FSA's corrective action plans included, for 
example, enhancing procedures to require FSA staff to confirm all 
required steps are taken so that documentation is complete and to 
perform more frequent quality control reviews of its report on missing 
audits. 

[61] GAO, Information Resources Management: Comprehensive Strategic 
Plan Needed to Address Mounting Challenges, [hyperlink, 
http://www.gao.gov/products/GAO-02-292] (Washington, D.C.: Feb. 22, 
2002). 

[62] The Paperwork Reduction Act of 1995 and OMB Circular A-130 state 
that agencies should prepare a strategic IRM plan that describes how 
Information Resources Management activities will help accomplish 
agency missions. OMB Circular A-130 states that the IRM plan should 
support the agency strategic plan. 44 U.S.C. § 3506(b)(2), OMB, 
Management of Federal Information Resources, Circular A-130 
(Washington, D.C., Nov. 28, 2000). 

[63] 5 U.S.C. § 306 (as of Dec. 31, 2010). 

[64] The department's modernization efforts represented 6 percent of 
its IT budget in Fiscal Year 2010--the lowest percentage of the major 
25 government agencies. The department plans to increase the 
percentage of the budget allocated to modernization to 15 percent by 
2012. 

[65] A segment is a part of the overall enterprise architecture that 
can be pursued as separate initiative. As such, segments serve as a 
bridge between the departmentwide enterprise architecture and the 
individual programs with separate system investments. For example 
segments can be grouped into categories, such as core mission areas 
(e.g., grants management), business services (e.g., financial 
management), and enterprise services (e.g., records management). An 
enterprise architecture is a blueprint for organizational 
transformation and IT modernization. Generally it consists of 
snapshots of the enterprise's current operational and technological 
environment, and its target environment, and contains a capital 
investment road map for transitioning from the current version to the 
target environment. 

[66] The objective of the department's segment modernization plans is 
to enable segment owners to help identify and prioritize IT investment 
decisions. This includes identifying business needs, evaluating 
current capabilities, and ensuring that these business needs are 
aligned to performance goals. 

[67] For example, Education's Open Government Plan (June 25, 2010) 
states that the development of the plan uncovered some internal 
challenges in data management and technology processes that need to be 
resolved. Education's Strategic Sustainability Performance Plan (June 
8, 2010) includes a goal to reduce technology energy consumption in 
the department's data centers. The Data Center Consolidation Plan 
(Aug. 31, 2010) established goals to streamline operations. 

[68] According to OMB Circular A-130, the IRM strategic plan should 
address all agency IRM requirements. 

[69] Selection refers to a process when the organization identifies 
and analyzes each project's risks and returns before committing 
significant funds to any project and selects those IT projects that 
will best support its mission needs. Control refers to the process of 
ensuring that projects meet mission needs at the expected levels of 
cost and risk as they are implemented. Evaluation refers to the 
process that takes place after a project has been fully implemented 
where the organization compares the actual versus expected results. 
GAO, Information Technology Investment Management: A Framework for 
Assessing and Improving Process Maturity, [hyperlink, 
http://www.gao.gov/products/GAO-04-394G] (Washington, D.C.: March 
2004). 

[70] Department of Education, Information Technology Investment 
Management (ITIM) and Software Acquisition Policy, Directive OCIO: 3- 
108 (Sept. 15, 2006). 

[71] Department of Education, IT Investment Management Process Guide, 
Version 1.1 (December 2009). 

[72] An agency's IT investment review board is necessary because it is 
a key component in the investment management process and ensures the 
organization has effective oversight for its IT projects throughout 
all phases of their lifecycles. While the board should not micromanage 
each project, it should maintain adequate oversight and observe each 
project's performance and progress toward predefined cost and schedule 
expectations, as well as each project's anticipated benefits and risk 
exposure. See [hyperlink, http://www.gao.gov/products/GAO-04-394G]. 

[73] Department of Education, Lifecycle Management Framework 
Directive, OCIO 1-106, (2005); Department of Education, Information 
Technology Investment Management and Software Acquisition Policy, 
Directive, OCIO 3-108 (2006). Agencies must conduct postimplementation 
reviews of capital programming and acquisition processes and projects 
to validate estimated benefits and costs and document effective 
management practices. See OMB, Preparation, Submission, and Execution 
of the Budget, Circular A-11 (Washington, D.C., July 21, 2010). 

[74] According to the OMB Capital Planning Guide, post implementation 
reviews of IT projects serve as a diagnostic tool to evaluate the 
overall effectiveness of an agency's capital planning and acquisition 
process. 

[75] Of these six IT investments only one--the Contracts and 
Purchasing Support System--has been in operation for more than a 
decade; the remaining five were deployed within the last 4 years. 

[76] Department of Education, IT Investment Management Process Guide, 
Version 1.1. 

[77] OMB, Capital Programming Guide, Supplement to OMB Circular A-11, 
Part 7: Planning, Budgeting, and Acquisition of Capital Assets 
(Washington, D.C., June 2006). 

[78] The eight key components are (1) periodically assessing the risk 
from unauthorized access, use, disclosure, disruption, modification, 
or destruction of information or systems; (2) developing risk-based 
policies and procedures to reduce information security risks; (3) 
developing plans for providing adequate information security for 
systems; (4) providing security awareness training for agency 
personnel and contractors; (5) performing periodic testing and 
evaluating the effectiveness of information security policies, 
procedures, and practices; (6) implementing a process for remedial 
action to address deficiencies identified in the agency's IT security; 
(7) developing procedures for detecting, reporting, and responding to 
security incidents; and (8) developing plans and procedures to ensure 
the continuity of operations for information systems that support the 
operations and assets of the agency. In addition, an annually updated 
inventory of major information systems operated by or under the 
control of the agency is also required. 

[79] Pub. L. No. 107-347, 116 Stat. 2899, 2946 (2002). 

[80] Government agencies have an obligation under the Privacy Act of 
1974 (5 U.S.C. § 552a) and the E-Government Act (E-Gov Act) of 2002 
(Pub. L. No. 107-347, 116 Stat. 2899 (2002)) to protect the privacy of 
individuals about whom they collect personal information. 

[81] As used in this report, personally identifiable information is 
any information about an individual maintained by an agency, including 
(1) any information that can be used to distinguish or trace an 
individual's identity, such as name, Social Security number, date and 
place of birth, mothers' maiden name, or biometric records; and (2) 
any other information that is linked or linkable to an individual, 
such as medical, educational, financial, and employment information. 

[82] See 5 U.S.C. § 552a(e)(4), (e)(11). 

[83] Office of Management and Budget, Safeguarding Against and 
Responding to the Breach of Personally Identifiable Information, OMB 
memorandum M-07-16, (Washington, D.C., May 22, 2007). Specifically, 
OMB guidelines state that agencies review and reduce the volume of 
personally identifiable information. Agencies are required to review 
their current holdings of all personally identifiable information and 
ensure, to the maximum extent practicable, such holdings are accurate, 
relevant, timely, and complete, and reduce them to the minimum 
necessary for the proper performance of a documented agency function. 
OMB also mandates the reduction of the use of Social Security numbers. 

[84] GAO, Privacy: Agencies Should Ensure That Designated Senior 
Officials Have Oversight of Key Functions, [hyperlink, 
http://www.gao.gov/products/GAO-08-603] (Washington, D.C.: May 30, 
2008). 

[85] Privacy Act of 1974, 5 U.S.C. § 552a, as amended. 

[86] OMB, Protection of Sensitive Agency Information, Memorandum M-06- 
16 (June 23, 2006). 

[87] The active contracts population consisted of 309 contracts and 
interagency acquisitions obligated since October 1, 2006, and active 
as September 30, 2009. The closed contracts population consisted of 
233 contracts and interagency acquisitions obligated since October 1, 
2006, and closed in fiscal year 2009 (between October 1, 2008, and 
September 30, 2009). 

[88] GAO, Grant Monitoring: Department of Education Could Improve Its 
Processes with Greater Focus on Assessing Risks, Acquiring Financial 
Skills, and Sharing Information, [hyperlink, 
http://www.gao.gov/products/GAO-10-57] (Washington, D.C.: Nov. 19, 
2009). 

[89] GAO, Standards for Internal Control in the Federal Government, 
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] 
(Washington, D.C.: November 1999). 

[90] FSA followed the United States Chief Financial Officers Council's 
Implementation Guide for OMB Circular A-123, Management's 
Responsibility for Internal Control, Appendix A, Internal Control over 
Financial Reporting to select samples. 

[91] A major investment is defined in OMB Circular A-11 as a financial 
management investment obligating more than $500,000 annually. 
Additionally, such an investment may be a system or acquisition 
requiring special management attention because of its importance to 
the mission or function of the agency, a component of the agency, or 
another organization. OMB, Preparation, Submission, and Execution of 
the Budget, Circular A-11 (Washington, D.C., July 21, 2010). 

[92] Selection refers to a process when the organization identifies 
and analyzes each project's risks and returns before committing 
significant funds to any project and selects those IT projects that 
will best support its mission needs. Control refers to the process of 
ensuring that projects meet mission needs at the expected levels of 
cost and risk as they are implemented. Evaluation refers to the 
process that takes place after a project has been fully implemented 
where the organization compares the actual versus expected results. 
GAO, Information Technology Investment Management: A Framework for 
Assessing and Improving Process Maturity, [hyperlink, 
http://www.gao.gov/products/GAO-04-394G] (Washington, D.C.: March 
2004). 

[93] Information Technology Program Services has other 
responsibilities in addition to the capital planning and investment 
control processes performed by the Investment and Acquisition 
Management Team. For example, the Project Management Team provides a 
single point of access to department principal offices for 
coordinating the provision of IT services and capabilities and the 
Development Services Team manages the web-based applications that 
support and enhance the agency's online business processes. The 
Director of Information Technology Program Services reports to the 
Chief Information Officer. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: