This is the accessible text file for GAO report number GAO-11-157 
entitled 'Department Of Labor: Further Management Improvements Needed 
to Address Information Technology and Financial Controls' which was 
released on March 16, 2011. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Report to Ranking Member, Committee on Education and the Workforce, 
House of Representatives: 

March 2011: 

Department Of Labor: 

Further Management Improvements Needed to Address Information 
Technology and Financial Controls: 

GAO-11-157: 

GAO Highlights: 

Highlights of GAO-11-157, a report to the Ranking Member, Committee on 
Education and the Workforce, House of Representatives. 

Why GAO Did This Study: 

The Department of Labor (Labor) plays a vital role in promoting the 
welfare of American workers through administering and enforcing more 
than 180 federal laws that cover some 10 million employers and 125 
million workers. Since the recent economic downturn, Labor’s role has 
become even more critical as its programs provide additional 
employment and training supports. As such, GAO was asked to determine 
how well Labor is currently adhering to best management practices 
departmentwide to ensure that its programs are operating effectively. 
Specifically, this report assesses Labor’s (1) strategic workforce 
management, (2) management controls to manage and modernize its 
information technology, and (3) accountability over its discretionary 
grants. To do this, GAO collected and reviewed Labor documents related 
to workforce and information technology planning, as well as grants 
management information, and conducted interviews with Labor’s national 
and regional staff. 

What GAO Found: 

Labor strategically manages its current and future workforce needs by 
(1) collecting, analyzing, and disseminating workforce data to its 
program agencies; (2) leading the development of departmentwide human 
capital planning documents; (3) conducting workforce gap analyses 
departmentwide and working with its program agencies to remedy these 
gaps; and (4) monitoring its program agencies’ human capital programs. 
Labor has taken steps to understand its employees’ skills and develop 
competencies to inform its succession planning and, according to Labor’
s workforce data, has maintained sufficient leadership strength in 
recent years. Several program agencies were also developing future 
leaders in various ways, such as providing training or mentoring 
opportunities. To monitor agencies’ activities, Labor employs an 
accountability review to determine their compliance with federal and 
department human capital activities and, more recently, expanded this 
review to include an evaluation of their strategic workforce planning. 

While Labor has established a process to oversee, manage, and 
modernize the department’s IT investments, it has not fully developed 
certain management controls, which may hinder its systems’ ability to 
maximize mission performance and expected IT benefits. Specifically, 
Labor has (1) established an IT governance structure and system 
development processes, but needs better representation from program 
managers with expertise of business operations; (2) provided guidance 
to its program agencies and offices on developing performance 
measurements, but system performance measures for selected investments 
did not comprehensively link to mission and expected outcomes; (3) 
established an investment management process that tracks cost and 
schedule variances for IT investments, but did not ensure that a major 
IT investment had sufficient business representation and adequate 
testing before departmentwide implementation; and (4) implemented a 
security program. However, Labor faces challenges in keeping current 
with certain security requirements and ensuring appropriate user 
access controls. 

Labor’s Employment and Training Administration (ETA) has designed 
policies and procedures to ensure accountability over its 
discretionary grants management process. However, ETA has not 
developed supervisory review procedures nor enhanced its guidance to 
ensure that (1) competitive grant award documentation is properly 
maintained, (2) monitoring activities results are properly and 
consistently documented in its Grants Electronic Management System, 
and (3) Single Audit results are fully integrated as part of 
discretionary grantee monitoring activities. Inadequate guidance and 
quality assurance procedures over discretionary grants may diminish 
ETA's ability to show that competitive grants were properly awarded 
and adequately assess the results of its key monitoring activities. 
ETA's discretionary budget accounted for $11.4 billion, approximately 
80 percent of Labor's estimated discretionary budget in fiscal year 
2010, which includes discretionary grants. 

What GAO Recommends: 

GAO recommends that Labor strengthen its information technology 
planning and discretionary grant management by further developing 
guidance, procedures, and processes. Labor generally agreed with 
GAO’s findings and six recommendations, providing additional 
perspective concerning the portrayal of its security controls and 
grant monitoring procedures. GAO clarified two recommendations in 
response, as discussed in the report. 

View GAO-11-157 or key components. For more information, contact 
Andrew Sherrill at (202) 512-7215 or sherrilla@gao.gov. 

[End of section] 

Contents: 

Letter: 

Background: 

Labor Integrates Workforce Planning Principles Departmentwide and 
Monitors Its Program Agencies' Human Capital Activities through 
Accountability Reviews: 

Labor Established an IT Oversight Process, but Has Not Fully Developed 
Management Controls That Could Improve Mission Performance: 

Labor Has Established Policies for Grants Accountability, but 
Weaknesses Exist in Documentation and Monitoring: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluations: 

Appendix I: Scope and Methodology: 

Appendix II: Select Financial Management Deficiencies Identified at 
the Department of Labor, Fiscal Year 2010: 

Appendix III: Department of Labor Workforce Trends: 

Appendix IV: Comments from the Department of Labor: 

Appendix V: Contact and Acknowledgments: 

Related GAO Products: 

Figures: 

Figure 1: Labor's IT Governance Structure: 

Figure 2: Capital Planning and Investment Control Process: 

Figure 3: Labor's Competency Assessment Process: 

Figure 4: Retirement Eligibility Rates for Labor's Overall Workforce 
and in Selected Program Agencies from Fiscal Year 2005 through 2009: 

Figure 5: Attrition Rates for Labor and Select Program Agencies, 
Fiscal Years 2005-2009: 

Figure 6: Percent of Separations by Type for Labor, Fiscal Years 2005- 
2009: 

Figure 7: Percent of Employees Eligible to Retire for Labor and Select 
Program Agencies, Fiscal Years 2005-2009: 

Figure 8: Percent of Employees Eligible to Retire for Mission Critical 
Occupations in Select Program Agencies, Fiscal Year 2009: 

Figure 9: Federal Tenure Rates for Labor, Fiscal Years 2005-2009: 

Figure 10: Percent of New Hires for Labor and Select Program Agencies, 
Fiscal Years 2005-2009: 

Figure 11: Number of New Hires and Separations for Labor, Fiscal Years 
2005-2009: 

Figure 12: Percent of Special Versus Ordinary Hires for Labor, Fiscal 
Years 2005-2009: 

Abbreviations: 

BLS: Bureau of Labor Statistics: 

CIO: Chief Information Officer: 

CPDF: Central Personnel Data File: 

CPIC: capital planning and investment control: 

EBSA: Employee Benefits Security Administration: 

ESA: Employment Standards Administration: 

ETA: Employment and Training Administration: 

FISMA: Federal Information Security Management Act of 2008: 

FPO: federal project officer: 

FSIO: Financial Systems Integration Office: 

GEMS: Grants Electronic Management System: 

HRC: Human Resource Center: 

IT: Information Technology: 

Labor: Department of Labor: 

MSHA: Mine Safety and Health Administration: 

NCFMS: New Core Financial Management System: 

NIST: National Institute of Standards and Technology: 

OASAM: Office of the Assistant Secretary for Administration and 
Management: 

OCFO: Office of the Chief Financial Officer: 

OCIO: Office of the Chief Information Officer: 

OIG: Office of Inspector General: 

OMB: Office of Management and Budget: 

OPM: Office of Personnel Management: 

OSHA: Occupational Safety and Health Administration: 

Recovery Act: American Recovery and Reinvestment Act of 2009: 

SOL: Office of the Solicitor: 

TRB: Technical Review Board: 

WHD: Wage and Hour Division: 

[End of section] 

United States Government Accountability Office: 
Washington, DC 20548: 

March 16, 2011: 

The Honorable George Miller: 
Ranking Member: 
Committee on Education and the Workforce: 
House of Representatives: 

The Department of Labor (Labor) plays a vital role in promoting the 
welfare of American job seekers, wage earners, and retirees by 
administering and enforcing more than 180 federal labor laws that 
cover some 10 million employers and 125 million workers. Since the 
recent economic downturn, the department's financial and employment 
programs have become even more critical. Labor has a key role to play 
in efforts under the American Recovery and Reinvestment Act of 2009 
(Recovery Act)[Footnote 1] by providing worker training as well as 
assistance and education regarding unemployment and health benefits. 
While Labor is taking steps to manage these expanded responsibilities 
and increased workloads, the department's strategic management of its 
resources--such as agency personnel, information technology systems, 
and financial resources--is even more essential in order to accomplish 
its goals. 

In recent years, we, along with Labor's Office of Inspector General 
(OIG), have identified challenges with Labor's departmental management 
related to its workforce, information technology, and financial 
resources. In light of these challenges, coupled with planned 
departmentwide initiatives, we were asked to determine how well the 
department is currently adhering to best management practices across 
the department. Specifically, this report assesses the extent to which 
(1) Labor is strategically managing its current and future workforce 
needs, (2) Labor has established management controls needed to manage 
and modernize its information technology (IT) in order to support its 
mission, and (3) the design of Labor's key internal control activities 
helps ensure accountability over its discretionary grants. 

To identify the steps that Labor has taken to strategically manage and 
plan for its current and future workforce needs, we reviewed the 
department's planning documents and interviewed Labor officials. We 
selected three of Labor's program agencies--the Employee Benefits 
Security Administration (EBSA), the Occupational Safety and Health 
Administration (OSHA), and the Employment and Training Administration 
(ETA)--in part, due to their authorization to hire additional staff in 
fiscal year 2010. We reviewed their workforce planning efforts and 
compared them to our key workforce planning principles and the Office 
of Personnel Management's (OPM) human capital framework. To identify 
workforce trends, we analyzed data from OPM's Central Personnel Data 
File (CPDF) on Labor's program agencies' mission critical occupations 
from fiscal years 2005 to 2009. To assess the reliability of OPM's 
CPDF, we reviewed our prior data reliability work on the CPDF data 
file as well as updated information about the data. While we concluded 
that the CPDF information was sufficiently reliable to provide 
information on Labor's recent workforce trends, we did not 
independently verify the data as part of this review. 

To assess whether Labor has established management controls needed to 
manage and modernize its IT resources to support its mission, we 
reviewed the department's governance structure, interviewed key 
information technology officials, and obtained and reviewed relevant 
documents. We focused on guidelines to manage IT investments, 
including the capital planning and investment control process. For 
this study, we selected and reviewed information technology and 
guidance related to six Labor program agencies--OSHA, ETA, the Office 
of Workers' Compensation Programs, the Office of the Assistant 
Secretary for Administration and Management (OASAM), Bureau of Labor 
Statistics, and the Wage and Hour Division. In total, these agencies 
comprised about 83 percent of Labor's fiscal year 2010 IT budget. We 
also reviewed Labor's approach in implementing a departmentwide IT 
investment--the New Core Financial Management System--to assess 
adherence to select and control guidelines and the adequacy of 
testing. Further, we reviewed federal statutes and requirements 
pertaining to IT planning, E-Government guidelines, and security 
requirements, as well as our and OMB's frameworks for IT system 
design, implementation, and management. 

To determine the extent to which the design of Labor's key internal 
control activities ensure accountability over the department's 
discretionary grant processes, we reviewed our prior and Labor's OIG 
reports and relevant policies and procedures. We also interviewed key 
financial management officials, including the Office of the Chief 
Financial Officer (OCFO). We performed our internal control review of 
discretionary grants at ETA because the agency's discretionary budget 
accounted for $11.4 billion, or approximately 80 percent, of Labor's 
overall estimated discretionary budget in fiscal year 2010, which 
includes discretionary grants. In addition, in prior years, challenges 
have been reported on ETA's management of its discretionary grants. 
Specifically, we assessed (1) whether the design of ETA's controls is 
adequate to help ensure accountability over its award, monitoring, and 
closeout of discretionary grants and (2) the extent to which ETA uses 
the Single Audit to help the agency in performing oversight functions 
over its grantees. We conducted in-depth reviews of key controls 
designed for its grant management process, which includes its award, 
monitoring, and closeout process. We also selected, as case studies, a 
nongeneralizable sample of 30 ETA discretionary grants that were 
active or closed in fiscal year 2009. For these grants, we reviewed 
documentation in the corresponding grant case files and information in 
ETA's Grants Electronic Management System. For each objective, we 
reviewed relevant federal laws and regulations. 

We conducted this performance audit from August 2009 to March 2011 in 
accordance with generally accepted government auditing standards. The 
standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe the 
evidence obtained provides a reasonable basis for findings and 
conclusions based on our audit objectives. Appendix I discusses our 
scope and methodology in further detail. 

Background: 

Established as a cabinet-level department in 1913, Labor has primary 
responsibility for overseeing the nation's job training programs and 
for enforcing a variety of federal labor laws. Labor defines its 
mission as fostering, promoting, and developing the welfare of the 
wage earners, job seekers, and retirees of the United States; 
improving working conditions; advancing opportunities for profitable 
employment; and assuring work-related benefits and rights. Labor 
administers its various responsibilities through 21 agencies and 
offices with a total staff of approximately 16,500 federal employees 
distributed across the United States. Many of these agencies and 
offices operate through a network of regional, field, district, and 
area offices, and in some cases, local grantees and contractors. 

Historically, Labor has operated as a set of individual agencies, each 
largely working independently with limited centralized control. For 
example, many of the larger agencies--such as OSHA and ETA--manage 
their own administrative needs at the national office level, including 
human capital. As we have previously reported, this organizational 
structure may allow Labor more flexibility to meet a variety of needs 
and focus resources in particular areas, but it may also limit Labor 
in adopting better management practices, such as central planning and 
performance oriented measures.[Footnote 2] To ensure continuity across 
program agencies, Labor's OASAM is responsible for developing 
departmentwide policies, standards, and guidance for the department's 
program agencies related to its human resource and administrative 
management. 

Strategic Human Capital Management: 

Strategic workforce planning, an integral part of human capital 
management, addresses two critical needs: (1) aligning an 
organization's human capital program with its current and emerging 
mission and programmatic goals and (2) developing long-term strategies 
for acquiring, developing, and retaining staff to achieve programmatic 
goals.[Footnote 3] Agency approaches to such planning can vary with 
each agency's particular needs and mission. However, our previous work 
suggests that the workforce planning process incorporate several 
principles, including involving top management, employees, and other 
stakeholders in developing, communicating, and implementing the 
strategic workforce plan; determining skills and competencies needed 
in the future workforce to meet the organization's goals and 
identifying gaps in skills and competencies that an organization needs 
to address; selecting and implementing human capital strategies that 
are targeted toward addressing these skill gaps; and monitoring and 
evaluating the agency's progress toward its human capital goals. 

Workforce planning efforts, including succession planning, can enable 
an agency to remain aware of and be prepared for its current and 
future needs as an organization. When effectively conducted, this 
planning entails the collection of valid and reliable data on such 
indicators as distribution of employee skills and competencies, 
attrition rates, or projected retirement rates and retirement 
eligibility by occupation and organizational unit. Agencies can use an 
organizationwide knowledge and skills inventory and industry 
benchmarks to identify current problems in their workforces and plan 
for future improvements. 

IT Management: 

Labor maintains a large inventory of IT assets supporting mission- 
critical program operations. In fiscal year 2010, the department 
estimated its IT portfolio was worth approximately $466 million, of 
which approximately $401 million was dedicated to maintaining systems 
and $65 million was for modernization and enhancement initiatives, 
including office automation across program agencies and common 
management systems, security, and E-Government.[Footnote 4] The Office 
of the Chief Information Officer is responsible for establishing and 
maintaining each aspect of IT management, including the department's 
IT System Development Life Cycle Management, capital planning and 
investment control, security, and enterprise architecture processes. 
[Footnote 5] Labor's Chief Information Officer (CIO) has also 
established an IT governance structure for the review and management 
of IT investments within the department (see figure 1). The structure 
consists of the CIO, Deputy CIO, and Technical Review Board (TRB). 
[Footnote 6] The TRB serves as a forum to identify and resolve 
departmentwide IT-related issues. The TRB members work together with 
three program offices--Enterprise Architecture, Capital Planning, and 
Security--that report to the Deputy CIO. The Enterprise Architecture 
Program Office reviews IT investments to ensure that they are 
consistent and compliant with departmental standards. The Capital 
Planning Office reviews existing IT investments and makes 
recommendations for new initiatives to the CIO. Further, the Security 
Program Office's role is to identify potential risks and help ensure 
that the department and agency information is adequately safeguarded. 

Labor's IT governance structure also includes five subcommittees--the 
Enterprise Architecture, Capital Planning, IT Architecture, IT 
Security, and Configuration and Control subcommittees. The 
subcommittees meet regularly to review and discuss major IT investment 
projects, issues, and plans across the department and within program 
agencies. The subcommittees identify, manage, and resolve 
departmentwide IT investment issues in their respective areas, and 
each provides recommendations from their respective areas to the TRB. 

Figure 1: Labor's IT Governance Structure: 

[Refer to PDF for image: illustration] 

Top level: 
CIO. 

Second level, reporting to CIO: 
Deputy CIO. 

Third level, reporting to Deputy CIO: 
OCIO Enterprise Architecture Program Office: 
OCIO Capital Planning Office: 
OCIO Security Office. 

All three offices provide advise, counsel,and support to the Technical 
Review Board subcommittees, listed below. 

Set aside from the structure, reporting to both CIO and Deputy CIO: 
Technical Review Board. 

Reporting to the Technical Review Board: 
Enterprise Architecture Subcommittee: 
Capital Planning Subcommittee: 
IT Security Subcommittee: 
* Configuration and Control Subcommittee; 
Configuration and Control Subcommittee. 

Source: DOL. 

[End of figure] 

When properly implemented, an agency's IT investments should help 
streamline business processes to create efficiencies in day-to-day 
operations. Congress recognized the need for added diligence in IT 
investment management with the enactment of the Clinger-Cohen Act of 
1996.[Footnote 7] The Act requires that federal agencies define their 
IT investments and follow a capital planning and investment control 
approach. Our IT investment management framework defines three phases--
select, control, and evaluate (see figure 2).[Footnote 8] In the 
select phase, the costs and benefits of all available projects are 
assessed and the optimal portfolio of projects is selected. During the 
control phase, the project costs and risks are monitored and 
corrective action is applied where needed. In the evaluate phase, 
implemented projects are reviewed to assure that they are producing 
the benefits expected and adjustments are made where appropriate. 
Within an organization, all phases may be underway at once, as they 
may be applied to projects at different stages of their lifecycle. 
[Footnote 9] 

Figure 2: Capital Planning and Investment Control Process: 

[Refer to PDF for image: illustration of a continuous circular process] 

Evaluate existing portfolio: 
Select: 
Control: 
* Reselect (return to Select step); 
Implement modules/systems: 
[Repeat process from beginning] 

Source: GAO. 

[End of figure] 

The security of the information stored in IT systems is also a 
critical management area for federal agencies. Concerned by reports of 
significant weaknesses in the security of federal computing systems, 
Congress passed the Federal Information Security Management Act of 
2002 (FISMA), which requires agencies to develop and implement an 
information security program, independent annual evaluation process, 
and annual report.[Footnote 10] To help implement the provisions of 
FISMA, the National Institute of Standards and Technology (NIST) 
developed a risk management framework for agencies to follow in 
developing information security programs.[Footnote 11] One NIST 
publication related to risk management provides guidelines for 
selecting and specifying security controls for information systems. 
[Footnote 12] 

Financial Management: 

Labor's strategic management of its annual budget--totaling about $206 
billion in fiscal year 2010, including an increase in grant funding 
provided by the Recovery Act--is essential to conducting its mission 
effectively and efficiently. Labor's OCFO is charged with the overall 
responsibility for the financial leadership throughout the department. 
The OCFO's primary duty is to uphold strong financial management and 
accountability while providing timely, accurate, and reliable 
financial information and enhancing internal control. Labor's Chief 
Financial Officer's responsibilities also include leading the 
department's implementation of key governmentwide financial management 
reform legislation, including the Chief Financial Officers Act of 1990 
[Footnote 13] and the Federal Managers' Financial Integrity Act 
[Footnote 14] (along with OMB's implementing guidance in OMB Circular 
No. A-123). Labor's management of its discretionary grants has been 
identified by the department's OIG as one of its top management 
challenges from fiscal years 2007 through 2009.[Footnote 15] Labor's 
OCFO also identified this area as a challenge during its fiscal year 
2009 assessment of the department's internal controls over its grants 
process.[Footnote 16] In addition, we and Labor have previously 
identified challenges related to the department's ability to ensure 
discretionary grants are properly awarded and monitored.[Footnote 17] 

Labor relies heavily on ETA for awarding, monitoring, and closing out 
ETA grants. ETA may award discretionary funding through formula or 
competitive grant processes.[Footnote 18] ETA's grant management 
process consists of four key phases: preaward, award, monitoring, and 
closeout.[Footnote 19] ETA's award phase involves evaluating grant 
applications, awarding new grants, and making continuation awards for 
existing Labor grants. ETA's monitoring phase consists of reviews of 
the grantee's performance, including the grantees' financial and 
administrative compliance, by ETA's federal project officers.[Footnote 
20] ETA monitors most grants in their period-of-performance through a 
risk-based strategy,[Footnote 21] which is described in its Core 
Monitoring Guide and Grant Management Desk Reference Guide.[Footnote 
22] ETA's closeout phase is aimed at ensuring that the agency has 
received all required financial, programmatic, and audit reports and 
has accounted for all federal funds. ETA's Office of Grants Management 
has the responsibility for discretionary grant awards and closeouts, 
while ETA's Office of Regional Management oversees the monitoring 
activities performed by the federal project officers. 

Further, entities receiving Labor grants may also be subject to the 
provisions of the Single Audit Act of 1984, as amended, if certain 
conditions are met.[Footnote 23] The Act established the option of the 
Single Audit for grantees by replacing multiple grant audits as 
required by each individual grant agreement with one audit of a 
recipient as a whole. As such, a Single Audit is an independent 
organizationwide financial audit that covers, among other things, the 
recipient's financial statements, internal controls, and its 
compliance with applicable provisions of laws, regulations, contracts, 
and grant agreements. 

In addition to a continuing management challenge related to 
discretionary grants, Labor was also confronted with a new management 
challenge in 2010 related to its core financial management system. For 
13 consecutive years, until fiscal year 2010, Labor had received clean 
audit opinions on its financial statements.[Footnote 24] In fiscal 
year 2010, Labor's independent auditor was unable to issue an opinion 
on the department's financial statements due to deficiencies related 
to its January 2010 implementation of the New Core Financial 
Management System (NCFMS).[Footnote 25] Labor's auditor also 
identified four material weaknesses[Footnote 26] in internal controls 
related to the preparation of financial statements, accounting for 
budgetary resources, preparation and review of journal entries, and 
access to key financial and support systems. (See appendix II for 
examples of financial management deficiencies resulting from the 
implementation of NCFMS as identified by Labor's auditor in fiscal 
year 2010.) In response to the identified deficiencies by the 
auditors, Labor reported in its fiscal year 2010 Agency Financial 
Report on plans to prioritize its resources to focus, in part, on 
updating existing quality assurance documentation, data quality, and 
training, as well as formally documenting NCFMS financial reporting 
processes by September 30, 2011. 

Labor Integrates Workforce Planning Principles Departmentwide and 
Monitors Its Program Agencies' Human Capital Activities through 
Accountability Reviews: 

To manage its current and future workforce needs strategically, 
Labor's Human Resource Center (HRC)--an office of the Office of the 
Assistant Secretary for Administration and Management--analyzes and 
disseminates workforce data and incorporates several key principles 
into its departmentwide strategic workforce planning. HRC uses data to 
inform Labor's workforce decisions, leads the development of key 
departmentwide workforce documents, communicates regularly with its 
program agencies about human capital policies and procedures, and 
supports and assists program agencies' efforts in their own strategic 
workforce planning. Labor has taken steps to understand its employees' 
skills and develop competencies to measure their abilities and has 
maintained sufficient leadership strength in recent years, according 
to departmentwide workforce data. In addition, several program 
agencies were taking various steps to prepare their employees to 
transition into leadership roles. To monitor each agency's human 
resources activities and workforce planning efforts, HRC uses an 
accountability review mechanism. 

Labor Leads Departmentwide Workforce Planning and Provides Guidance to 
Its Program Agencies: 

To inform its departmentwide strategic workforce planning decisions, 
HRC systematically collects and analyzes workforce data--such as 
hiring and separation rates, employee tenure, and demographic 
information--necessary to develop an overall workforce profile. Our 
prior work has found that collecting and analyzing workforce data are 
fundamental to measuring the effectiveness of an organization's human 
capital approach in support of its mission and goals.[Footnote 27] HRC 
has used these workforce data--such as retirement eligibility rates 
and supervisory ratio data--to assess and inform its overall 
departmental workforce plans and strategies. 

HRC is also responsible for leading the development of key 
departmentwide workforce planning documents, such as the strategic 
human capital plan. In 2003, we reported that these documents should 
be linked to federal agencies' overall strategic goals and outline a 
framework of human capital strategies to ensure that it is well- 
positioned to meet its current and future mission needs.[Footnote 28] 
While the current strategic human capital plan for fiscal years 2008 
through 2011 outlines Labor's framework, officials said it reflects 
the prior administration's human capital goals and no longer guides 
the department.[Footnote 29] Senior Labor officials said that rather 
than revising the multi-year departmentwide strategic human capital 
plan, they required each agency to develop an operating plan for 
fiscal year 2011 that outlines their programmatic priorities, key 
activities, and strategies, as well as links to the department's 
overall strategic plan. 

In addition to providing leadership, HRC actively engages top 
management and program agencies in the department's human capital 
initiatives by meeting with Labor's senior managers and regional human 
resources staff regularly to discuss human resources policy, process, 
and implementation issues. During these meetings, HRC provides 
agencies with departmentwide guidance on federal hiring initiatives 
and workforce planning strategies and shares progress towards annual 
hiring goals. According to the HRC Director, these meetings serve 
different purposes. The monthly meetings with regional human resource 
officers are used to share best practices, obtain feedback on 
predecisional human capital issues, and discuss cross-cutting issues 
that affect the entire department. The issues discussed at the 
biweekly meetings with administrative officers are broader than human 
capital, but allow HRC to share information with and obtain input from 
senior program agency management on human capital issues, as needed. 
Several program agency officials reported that these biweekly, 
departmentwide management meetings serve as an opportunity to interact 
and share information with HRC officials and other program managers. 
[Footnote 30] 

HRC provides assistance to agencies within Labor to support their 
workforce planning efforts, including distributing workforce data to 
its agencies, providing guidance on federal human capital policies, 
and developing tools to help agencies implement these policies. For 
example, as of September 2010, HRC published workforce data on a 
regular basis that highlighted key demographic information about 
Labor's overall workforce.[Footnote 31] Several program agency 
officials we interviewed said that they generally found these 
workforce data to be useful, and some noted that they rely on them to 
inform their own workforce planning efforts. For example, one OSHA 
regional official said he used the data to track progress towards 
their regional hiring goals. In addition to the regularly published 
data reports, other senior program agency officials noted that key 
workforce data specific to their own agency was readily available from 
HRC upon request. 

To help its agencies implement the department's human capital 
initiatives, HRC has developed several workforce planning templates to 
guide their strategic discussions with Labor's program agencies and 
assist these agencies in devising their individual workforce 
strategies. These templates are worksheets used to assist program 
agencies in compiling information they need for particular management 
activities. HRC has identified the need to develop these templates in 
response to the administration's priorities or enacted legislation. 
For example, in fiscal year 2009, Labor developed a template to assist 
some program agencies--including ETA, EBSA, and OSHA--in their efforts 
to hire large numbers of short-term staff in response to the passage 
of the Recovery Act. HRC's template helped to ensure that program 
agencies analyzed information--such as the program agency's mission, 
programmatic needs, and employee skills--and allowed the agencies to 
describe their recruitment and staffing plans to hire for key 
positions. Subsequently, these documents guided HRC and program agency 
discussions and helped tailor program agency planning to their 
specific recruiting and hiring strategies. For instance, as a result 
of these discussions, EBSA and HRC worked together to determine that 
the Student Career Employment Program was the best option to hire 
student workers to address EBSA's Recovery Act workload demands. 
According to EBSA, this strategy was effective because the agency was 
able to identify high caliber applicants and more easily convert 
Student Career Employment Program employees to full-time positions 
within the department, as needed. In another example, HRC developed a 
template to assist each program agency in outlining its action plan to 
meet its diversity goals. The template asked program agencies to 
include elements such as a list of positions in which the agency was 
underrepresented and a recruitment strategy for those positions. 

Several senior program agency officials said these types of workforce 
planning templates were helpful in guiding their thinking about how 
best to meet agency and administration goals. In fact, senior ETA 
officials said they plan to continue to develop written staffing plans 
based on the Recovery Act template. An HRC official said these 
templates are typically developed as needed and have not historically 
been used on a regular basis to inform ongoing strategic workforce 
planning discussions. However, in recognition of the need to conduct 
more proactive, routine strategic workforce planning with its program 
agencies, HRC recently developed additional templates--including a 
recruitment checklist and a document to guide strategic workforce 
conversations--to facilitate routine workforce planning discussions 
with program agencies. HRC and some program agency officials reported 
that these additional templates have led to productive discussions 
about human capital planning. For example, OSHA officials said that 
HRC's recruitment checklist greatly assisted their recruiting efforts. 

While HRC provides guidance and acts as a resource, Labor's program 
agencies have ultimate responsibility for conducting their own 
workforce analysis and planning.[Footnote 32] In addition to 
responding to periodic guidance and completing templates from HRC 
about strategic workforce planning, officials in each of the three 
agencies we reviewed also considered workload data in analyzing their 
workforce needs, which is another critical component of strategically 
managing a federal agency's workforce.[Footnote 33] For example, OSHA 
regional officials said they used data on the number of workplace 
fatalities and the number of employers in high-risk industries to 
determine how to distribute full-time employees among their district 
and area offices and to identify worksites for inspections. ETA 
regional officials stated that they prioritized regional workforce 
needs based on factors such as dollar values and risk levels of grants 
assigned to them. EBSA regional offices are all required to annually 
submit a regional program operating plan to the national office that 
prioritizes workforce needs, taking into consideration workload data, 
such as the number of regulated financial institutions in their region 
and number of inquiries received by their benefit advisors. 

Labor Uses Employee Competency Assessments to Determine Its Workforce 
Needs and Has a Mechanism to Monitor Its Program Agencies' Human 
Capital Activities: 

To ensure that it is hiring and developing its employees to meet the 
needs of the department, Labor has taken steps to identify and assess 
its employees' critical skills and competencies. Our prior work has 
noted that a federal agency needs to identify, develop, and select 
appropriate leaders, managers, and staff to meet its future 
challenges.[Footnote 34] One critical step is effective succession 
planning and management that is focused on strengthening both current 
and future organizational capacity, rather than simply replacing 
individuals. HRC has taken steps to strengthen Labor's organizational 
capacity by identifying core competencies for the department's mission 
critical occupations[Footnote 35] and worked with its program agencies 
to develop strategies to reduce employee skill gaps.[Footnote 36] This 
process, which began at Labor in fiscal year 2002, is cyclical (see 
figure 3). From 2002 through 2003, Labor first developed its mission 
critical occupation models, including (1) general competencies that 
could be applied across the department, such as writing or problem 
solving, and (2) technical competencies for each occupation, such as 
workforce development program knowledge for ETA employees, or 
occupational safety knowledge for OSHA investigators. Subsequently, in 
fiscal year 2004, HRC led a departmentwide process to assess the 
critical skills and competencies of its mission critical employees and 
worked with its agencies to develop agencywide action plans to reduce 
any skill gaps that existed. This online assessment process involved 
managers rating each mission critical employee's competency level in 
the department's Learning Link system, followed by the development of 
summary reports. Agency management reviewed these summary reports to 
identify if skills gaps existed in any of their agency's mission 
critical occupations and, if so, developed an action plan accordingly. 

Figure 3: Labor's Competency Assessment Process: 

[Refer to PDF for image: illustration] 

Circular process: 

1) Identify core competencies and assign to agency’s mission critical 
occupations. 

2) Assess agency mission critical employees’ competency levels. 

3) Develop agency action plans to address existing skill gaps. 

4) Agencies implement action plans to address skill gaps. 

[Repeat process beginning with step 1] 

Source: GAO analysis of Labor’s process. 

[End of figure] 

In fiscal year 2008, the department conducted its second assessment of 
its mission critical employees' skills and asked its program agencies 
to revise their action plans in light of those findings. Then, in 
fiscal year 2010, HRC reviewed and updated its mission critical 
occupations and related competency models that were initially 
developed in 2002 and 2003. Using panels of program agency 
representatives and subject matter experts,[Footnote 37] HRC led this 
departmentwide effort to determine what competencies, if any, should 
be modified in light of changes to individual program agencies' 
mission, goals, and anticipated needs. For example, Labor revised its 
"investigator" mission critical occupation at the Office of Labor 
Management Standards into two separate occupations--Labor Investigator 
and Criminal Investigator--to reflect the program agency's non-law 
enforcement and law enforcement work, respectively. Labor also added a 
new "workforce analyst" mission critical occupation at ETA based on 
input from subject matter experts. Labor intends to use this revised 
list to conduct another assessment of its mission critical employees' 
skills in fiscal year 2011. Agencies will subsequently be asked to 
update their action plans to address any skills gaps. According to 
OPM's official Labor liaison, the department is ahead of other federal 
agencies in conducting this type of competency assessment process. 

This competency assessment process is routinely used to support 
workforce analysis and planning at the department and its program 
agencies, and HRC annually reports its efforts to reduce employee 
skill gaps to OPM.[Footnote 38] For example, in fiscal year 2008, OSHA 
identified skill gaps in its safety and occupational specialist 
workforce in the areas of oral communication, interpersonal skills, 
and inspection. To address these gaps, OSHA developed an action plan, 
including revising OSHA's Training Institute curriculum for employees 
in these areas. Results from the fiscal year 2008 assessment showed 
that OSHA exceeded its target competency levels for these employees. 
In another example, EBSA targeted its employee benefits law 
specialists for improvement in the areas of individual and 
interpersonal effectiveness. The action plan outlined by EBSA included 
offering a comprehensive training program for newly hired specialists, 
and encouraging more experienced specialists to make use of other 
available Web-based or headquarters training courses provided by the 
department, such as effective presentations, problem solving and 
decision making, and customer service. Additionally, EBSA asked that 
each regional office director adopt training plans that would 
specifically assist in maintaining or increasing competency levels in 
these areas. HRC determined that competency levels for EBSA's employee 
benefits law specialists remained constant between fiscal years 2008 
and 2009, and will again target them for improvement in the next 
assessment process. 

Beyond the departmental efforts to work with its program agencies to 
identify and address employee skill gaps, program agencies we reviewed 
took additional steps to assess employee skill gaps in various ways. 
For example, OSHA officials have developed a model that identifies the 
core components of its mission critical inspectors' knowledge base 
above and beyond those identified in the departmentwide process, such 
as promoting compliance and conducting walk-around inspections. To 
ensure that employees obtain these skills, OSHA's Training Institute 
provides relevant training and monitors its employees' developmental 
progress. Senior officials in two of the OSHA regional offices we 
visited said they require employees to utilize individual development 
plans so they can identify current and future skill needs and provide 
training as needed. In another OSHA regional office, a senior official 
said that she identifies and assesses skill gaps through informal, 
regular discussions with her managers. EBSA regional officials said 
that they annually monitored skill gaps during employee performance 
reviews and have identified both individual and group training needs 
to address these gaps. ETA completed a training needs assessment in 
2009 to inform the development of its fiscal year 2010 training 
programs, and noted that the agency is currently planning to improve 
its automated system to maintain data on employee skills and training 
and allow its managers to access this information in real time. 

Building on its skills and competencies data, Labor established a 
succession plan in 2007 and implemented several departmentwide 
programs in subsequent years. However, HRC reported that the plan no 
longer guides the department's efforts. In its fiscal year 2009 report 
to OPM, Labor noted that it had cultivated sufficient leadership 
strength for its future needs, and therefore had placed these 
succession planning programs on hold.[Footnote 39] For example, as of 
December 2009, Labor estimated that it had prepared more than twice 
the number of mid-level staff with the skills necessary to cover 
anticipated attrition of its managers and supervisors. Senior Labor 
officials said they are considering ways to further assess and develop 
portions of their workforce that could assume leadership positions in 
the future and had recently opened a Senior Executive Service 
Candidate program class.[Footnote 40] Given Labor's projected 
leadership capacity, however, officials said that they did not intend 
to revise the 2007 succession plan at this time. 

Although Labor has maintained sufficient leadership strength in recent 
years, more and more of its employees are becoming eligible to retire, 
which could leave critical gaps in leadership and institutional 
knowledge. Between fiscal year 2005 and 2009, the retirement 
eligibility rate of Labor's workforce continued to rise departmentwide 
as well as in two of our three selected program agencies (see figure 
4). 

Figure 4: Retirement Eligibility Rates for Labor's Overall Workforce 
and in Selected Program Agencies from Fiscal Year 2005 through 2009: 

[Refer to PDF for image: combination vertical bar and line graph] 

Percentage of retirement eligibility: 

Fiscal year: 2005; 
OSHA: 15.9%; 
ETA: 23.6%; 
EBSA: 9.8%; 
Overall labor: 16.4%. 

Fiscal year: 2006; 
OSHA: 17.4%; 
ETA: 21.1%; 
EBSA: 9.8%; 
Overall labor: 16.2%. 

Fiscal year: 2007; 
OSHA: 19.1%; 
ETA: 20.7%; 
EBSA: 11.2%; 
Overall labor: 17%. 

Fiscal year: 2008; 
OSHA: 19.3%; 
ETA: 20.4%; 
EBSA: 11.8%; 
Overall labor: 17.9%. 

Fiscal year: 2009; 
OSHA: 19.5%; 
ETA: 21%; 
EBSA: 11.8%; 
Overall labor: 18.5%. 

Source: GAO analysis of CPDF data. 

[End of figure] 

These retirement eligibility data indicate that nearly 20 percent of 
Labor's workforce was eligible to retire in fiscal year 2009, of which 
approximately half of those staff were designated as mission critical. 
Likewise, our review found that 35.5 percent of Labor's workforce had 
21 or more years of federal experience as of fiscal year 2009, 
suggesting that a greater portion of Labor's workforce will be 
eligible to retire over the next decade. In addition to the potential 
loss of talent and knowledge, the percentage of Labor's workforce with 
less than 3 years of federal experience has steadily increased from 
about 9 percent in fiscal year 2005 to more than 13 percent in fiscal 
year 2009 (see appendix III).[Footnote 41] This workforce composition 
could present Labor with challenges in the future as more and more of 
its experienced workforce becomes eligible for retirement. While the 
timing of an eligible employee's retirement may be difficult to 
predict, we found that, on average, a quarter of retirement-eligible 
Labor employees did so each year between fiscal years 2005 and 2009. 
However, Labor officials said that given their leadership capacity and 
recent hiring activity the department will have the staff available to 
replace many of these employees as they retire. 

In addition to HRC assessing ways to develop future leaders across the 
department, program agencies we reviewed were taking various steps to 
develop leaders within their own agency. For example, OSHA's regional 
offices' succession planning activities ranged from informal 
mentoring, providing management training, and using data to track 
retirement-eligible employees. Senior OSHA national office officials 
noted that they planned to further develop agencywide succession 
planning programs in fiscal year 2011. EBSA officials reported that 
they examine the retirement eligibility data of their top management 
at least twice a year and had several programs in place to address the 
retirement of its employees, such as rotational assignments with 
senior executives to provide national and regional office supervisory 
and nonsupervisory employees a broader perspective of the agency's 
work. We also found that ETA's fiscal year 2011 operating plan noted 
agencywide succession planning as a goal, and several ETA regional 
officials said they provided prospective management staff with 
challenging assignments or training opportunities to prepare them for 
advancement. 

To facilitate management of Labor's human capital, HRC developed an 
accountability review mechanism to monitor aspects of their human 
capital activities and plans to broaden the review to include a focus 
on strategic elements of agencies' human capital programs.[Footnote 
42] During these reviews, an HRC audit team uses a survey instrument 
to evaluate a sample of personnel case files, and conducts focus 
groups with agencies' human resources staff, managers, and other 
employees. Once completed, HRC issues a report to the audited office 
with required and recommended actions, and subsequently, determines if 
there are departmentwide issues that require continued action. 
[Footnote 43] According to the Director of HRC's Performance and 
Accountability Office, these accountability reviews historically 
focused on agencies' compliance with relevant OPM and Labor hiring 
regulations. However, in fiscal year 2009, HRC expanded the program to 
align with OPM's Human Capital Assessment and Accountability 
Framework.[Footnote 44] At this time, HRC also added a section on the 
strategic alignment of human capital plans and goals to ensure that 
program agencies develop and document human capital and succession 
plans that are linked to their mission, goals, and objectives. As of 
November 2010, HRC had not yet implemented this part of the review, 
but planned to do so during fiscal year 2011.[Footnote 45] 

Labor Established an IT Oversight Process, but Has Not Fully Developed 
Management Controls That Could Improve Mission Performance: 

Management controls are essential to effectively develop and maintain 
systems. An important control element includes ensuring that 
sufficient representation by business units is obtained to understand 
information needs and how IT supports those needs.[Footnote 46] 
Further, measuring performance is critical to describing how 
effectively IT investments are supporting mission requirements, and 
performing post-implementation reviews of deployed systems provides 
additional opportunities to improve system processes.[Footnote 47] 
Security requirements are also critical controls that need to be in 
place to help prevent unauthorized access. While Labor has established 
controls to oversee, manage, and modernize the department's IT 
investments, it has not fully developed certain management processes 
that could aid in improving mission performance and maximize expected 
IT benefits. Specifically, Labor: 

* established an IT governance structure and system development 
processes, but its structure does not include comprehensive business 
stakeholder representation; 

* required program agencies and offices to develop performance 
measures and provided guidance on developing them, but the performance 
measures for the systems we reviewed varied in quality and often did 
not comprehensively link to productivity and expected outcomes; 

* established an investment management process that tracks cost and 
schedule variances for IT investments, but did not ensure adequate 
stakeholder representation or sufficient testing of a major project 
prior to deployment, and it did not conduct post-implementation 
reviews to assess IT investments; and: 

* implemented a security program, but has been challenged with keeping 
current with NIST requirements; the department also has not ensured 
appropriate user access controls for separated employees or conducted 
periodic reviews to ensure that system access privileges were still 
appropriate and necessary. 

Labor's IT Governance Structure and System Development Efforts Lack 
Adequate Business Unit Representation: 

Because information needs are derived from the business mission goals 
and requirements, business needs are the foundation of any IT 
investment. Sufficient representation from business units is essential 
to understanding information needs and priorities and how these needs 
can best be supported by IT. In 2009, we reported that, unlike 22 of 
the other major federal agencies, Labor did not include business unit 
(i.e., mission) representation on its investment review board[Footnote 
48] as called for in IT investment management best practices.[Footnote 
49] As we noted in that report, IT investments require fundamental 
trade-offs among a multitude of business objectives and are dependent 
on both IT and business units (representing the program agencies that 
perform mission critical work) for defining and implementing the 
department's IT investments. On the basis of these findings, we 
recommended that Labor expand its investment review board to include 
senior business executive representation to ensure that each 
investment meets its respective mission needs. In response, the 
department reported that the senior IT and administrative executives 
who served on the investment review board had in-depth detailed and 
expert knowledge and were capable of representing their units' 
missions and business objectives. However, we have previously reported 
that IT and administrative executives responsible for mission support 
functions do not constitute sufficient business representation 
because, by virtue of their responsibilities, they are not in the best 
position to make business decisions.[Footnote 50] 

While Labor has established an IT governance structure that consists 
of a CIO, a Deputy CIO, and a TRB that have technical knowledge, 
according to Office of the Chief Information Officer (OCIO) officials, 
this board does not have members representing mission-related business 
units. As such, the department's IT governance structure continues to 
lack comprehensive business unit representation to oversee its IT 
investments.[Footnote 51] During our current review, selected program 
managers in the department's business units and system users across 
the department noted an ongoing need for representation in IT 
investments, such as the need to consult both agency management and 
system users in the development of system requirements. Otherwise, 
systems run the risk of not meeting the needs of their intended users. 
For example, an ETA business manager noted that it would be important 
to bring together regional, IT, and business units to discuss current 
and long-term IT issues and that, among other things, they should 
prioritize systems' enhancements and determine how those enhancements 
should be developed over the next few years. Further, ETA regional 
officials expressed concerns that they were not involved in defining 
business and system requirements. Those officials stated that the 
systems did not fully support their grant management process and 
mission needs. Financial managers also indicated that the needs of the 
business units were not comprehensively assessed before Labor deployed 
NCFMS. Additionally, the Wage and Hour Division (WHD) investigators in 
three regions noted that the information system intended to support 
its business processes and manage investigative case findings was 
outdated and difficult to use, requiring an excessive number of 
screens to navigate and also requiring investigators to enter unneeded 
data to avoid system errors. 

During our review, the Deputy CIO agreed that business unit 
representation was important. Further, the official believed that 
Labor has an IT governance process in place that includes the key 
elements of oversight, but that it strives to maintain a balance 
between providing the benefits of oversight and control to agencies 
without being burdensome in resource or administrative requirements. 
The official noted that the department is researching alternative 
approaches to developing a new governance structure that would 
incorporate business unit representation without becoming cumbersome. 
The official added that for two major IT investments, Labor had 
recently established governance bodies to improve business unit 
representation. For example, Labor established a steering committee to 
meet biweekly with administrative officers to obtain their input on a 
new human resource IT system. According to the Deputy CIO, this 
steering committee included representatives from major agencies such 
as Bureau of Labor Statistics (BLS), ETA, and OIG, and has provided 
direction for the human resource initiative. The Deputy CIO 
acknowledged that the department is applying lessons learned from 
issues caused by insufficient business input for NCFMS and, as such, 
would not want to develop another system that did not have adequate 
stakeholder involvement. The official added that now there is an 
increased awareness of the need for better business representation in 
systems development. 

While this steering committee has provided additional business 
representation to Labor's governance structure for the human resources 
project managed by OCIO, it does not support other IT projects 
initiated and managed by other program offices and the Deputy CIO 
noted that Labor's governance structure has not changed. As of 
December 2010, OCIO officials noted that Labor's TRB continued to lack 
business unit representation. Until the department defines and 
implements a comprehensive governance structure that includes adequate 
business representation and involves end users in all major system 
development efforts across the department, it is at risk of updating 
or replacing its outdated systems with new systems capabilities that 
do not fully meet the business goals and needs of the department. 

Labor Requires Agencies to Develop Performance Measures, But Measures 
Vary in Quality and Do Not Comprehensively Link to Expected Benefits 
of IT Investments: 

Comprehensive performance measures are essential to determine if an 
investment is achieving the expected benefits and efficiently and 
effectively supporting an agency's mission. According to the Paperwork 
Reduction Act, agencies are required to establish performance measures 
that depict how effectively systems are supporting mission needs. 
[Footnote 52] OMB provides agencies guidance on developing IT 
performance measures that cover four management areas: (1) mission and 
business results, (2) processes and activities, (3) customer results, 
and (4) technology.[Footnote 53] While Labor has developed guidance 
and requires its agencies and program offices to follow this guidance, 
we found that these measures varied in quality and were not 
comprehensive in assessing each investment's expected benefits. 
[Footnote 54] Specifically, BLS established performance measures to 
assess its consumer price index system and effectively addressed 
expected benefits to support mission performance. For example, one 
measure described that the system intends to provide statistically 
sound, reliable, timely, relevant, and impartial statistical 
information concerning trends in consumer prices and inflation in the 
United States. Further, BLS provided a baseline, target, and actual 
results for this measure. However, measures for four other systems 
(representing three program agencies--OSHA, WHD, and ETA--and one 
office, the OCFO) did not adhere to Labor's guidance to develop 
comprehensive performance measures, limiting Labor's ability to assess 
each investment's expected benefits and determine whether it is 
targeting appropriate resources to improve overall mission goals. 
[Footnote 55] Examples of how performance measures were addressed in 
the four management areas follow: 

Mission and business results. IT investments are designed to support 
the mission and improve business processes. However, comprehensive 
measures to determine whether mission and business results were 
achieved had not been established for the four systems. For example, 
OSHA did not have performance measures that clearly linked its 
existing investigator's case file management system to the agency's 
mission outcomes for securing safe and healthy workplaces.[Footnote 
56] This existing case management system provides OSHA program 
managers with critical mission information, including accident 
summaries, injury inspection data, and workplace health assessments. 
However, the system's technology is outdated and Labor lacks 
comprehensive system performance measures. OSHA's program manager 
stated that the agency is in the process of replacing part of this 
system and intends to develop and track more specific performance 
measures[Footnote 57] when the new system[Footnote 58] is deployed to 
more effectively support mission needs and business results. 

Processes and activities measurements. Processes and activities are 
the basic functions that the IT investment is intended to perform. 
However, comprehensive processes and activities measures had not been 
established for the four systems. For example, while WHD's 
investigative system (1) provides support for managing and reporting 
on business' compliance with labor laws, including the minimum wage, 
overtime, and child labor provisions; and (2) enables investigators, 
managers, and assistants to process complaints; assign, manage, and 
investigate cases; assist with outreach; and record and monitor 
investigator time, a WHD official acknowledged a need for more 
comprehensive performance measures. WHD has defined certain measures 
for this investigative system (to support the tracking of cases), but 
it had not developed comprehensive performance measures for several 
other intended functions, such as processing complaints, assigning and 
investigating cases, and managing case findings and case outcomes. 

Customer results. To be effective, IT investments need to support the 
customer. However, for the four systems, Labor did not comprehensively 
address all five categories of measurement within the customer results 
area as defined by OMB.[Footnote 59] For example, while ETA had 
developed measures corresponding to one category--service coverage-- 
the agency had not developed measures for customer benefit, timeliness 
and responsiveness, service quality, and service availability. ETA's 
system provides the federal project officers' information regarding 
preaward, award, and closeout of grants, and integrates separate 
systems that are used to track the grants process. According to the 
Chief of the Division of Application Systems, the grant management 
process system has more than 100,000 active system users distributed 
nationwide and, as such, customer performance measures are important. 
The official acknowledged that the agency does not have comprehensive 
customer results performance measurements and that, given the 
magnitude of the system, such measures would be useful. The official 
added that the agency does have a dedicated technical support staff 
that provides system users the opportunity to give feedback on system 
speed, accessibility, and availability. 

Technology. OMB defines six measurement categories that are intended 
to capture key elements of performance that directly relate to an IT 
initiative.[Footnote 60] We found that, for the four systems, measures 
within this category were not comprehensively developed. For example, 
OCFO defined two performance measures for NCFMS--(1) reliability and 
availability and (2) quality assurance--but had not developed measures 
for the remaining four categories: technology costs, efficiency, 
information and data, and effectiveness. 

Labor's Chief Enterprise Architect, responsible for providing 
agencies' guidance on performance measures, told us that the 
department requires IT performance measures that describe how systems 
will improve mission performance. The official stated that OCIO has 
developed and implemented an outreach program to advise program 
agencies on how to develop specific quality measures that link 
systems' performance to mission outcomes. However, the department 
relies on the program agencies to establish these measures and ensure 
they are related to the systems' intended goals. The Chief Enterprise 
Architect acknowledged that measures were not comprehensive and added 
that establishing effective performance measures require frequent data 
collection using survey instruments and identification of specific, 
measurable, achievable, realistic, and time-based measures. Labor's 
Deputy CIO also stated that the agencies' measures were not 
comprehensive and that the department could provide better oversight 
to the agencies to ensure more relevant and comprehensive measures are 
formulated, but that doing so is a challenge. According to the Deputy 
CIO, IT staff at the agencies are responsible for developing IT 
performance measures specific to the system, such as assessing the 
time that systems are available for data processing, and the business 
units should also develop measures that determine how well the systems 
are supporting mission needs. Given the magnitude of Labor's IT 
systems and the diversity of users, defining comprehensive performance 
measures that reflect business managers and IT representatives' 
perspectives is important. A BLS financial manager stated that, for 
NCFMS, the department tracked errors but did not (1) determine how the 
system affected business unit productivity or (2) link measures to 
financial management performance. If the department does not require 
comprehensive measures to be developed for all systems, it will lack 
the ability to determine whether systems are achieving business 
outcomes and improving mission performance. Additionally, if program 
agencies do not measure actual-versus-expected performance results for 
their IT systems, Labor will lack the information it needs to 
determine whether it is targeting appropriate resources to improve 
overall mission goals. 

Labor Has Established an Investment Management Process, but Has Not 
Always Fully Evaluated the Development and Implementation of IT 
Investments: 

If managed effectively, IT investments can have a positive impact on 
an agency's performance and accountability. A central tenet of the 
federal approach to IT investment management is the capital planning 
and investment control (CPIC) process, which includes three phases: 
select, control, and evaluate (see figure 2).[Footnote 61] Labor has 
established an investment management process that includes a CPIC 
approach to managing its IT investments. However, we identified 
instances where Labor had not followed selected aspects of the select 
and control phases of this approach to monitor the development and 
implementation of a major IT investment--NCFMS. It also had not 
performed post-implementation reviews of its IT projects as required 
in the evaluate phase, limiting the department's ability to maximize 
the expected benefits of IT investments and increasing the risk of not 
effectively supporting mission needs. 

Labor Did Not Adhere to Certain Aspects of its Select and Control 
Guidelines: 

For the select phase, Labor has established a process to screen and 
score proposed IT investments, consistent with best practices. 
[Footnote 62] As part of its selection methodology, Labor evaluates an 
investment proposal by determining if the project supports the 
department's mission. This includes checking to ensure proper 
stakeholder identification and involvement was performed as part of 
the initial requirements development. It also assesses whether the 
investment needs to be undertaken by Labor or whether some other 
source can better support the need. In addition, it reviews the 
potential for sharing information across the department to avoid 
redundancy in systems. 

During the control phase, the organization should ensure that, as 
projects develop and investment expenditures continue, the project 
continues to meet mission needs at the expected levels of cost and 
risk. If the project is not meeting expectations or if problems have 
arisen, steps should be taken to address the deficiencies. Labor has 
established processes to assess projects during the control phase. 
These processes, for example, include system testing to provide a 
reasonable assurance that the IT investment will perform as expected. 
The department also has processes to (1) track cost and schedule 
variances and (2) review systems' compliance with architecture, 
security, cost benefit analysis, and risk management requirements. 
These processes are consistent with best practices. 

Nonetheless, we found that Labor had not adhered to certain aspects of 
its select and control guidelines for a departmentwide investment-- 
NCFMS--deployed in January 2010.[Footnote 63] Effective system 
development requires (1) adequate stakeholder representation to 
support thorough systems requirements and (2) sufficient testing prior 
to deployment.[Footnote 64] During the select phase, Labor's OCFO 
officials did not obtain adequate stakeholder input prior to the 
development and implementation of NCFMS. As we have noted earlier in 
this report, stakeholders should be involved in helping to develop the 
requirements for the system to help define what functions the system 
needs to perform.[Footnote 65] The systems development teams should 
perform an analysis of these requirements and the OCIO, as part of the 
final CPIC select phase, should review the analysis. However, Labor IT 
personnel and system users from six program agencies and four regional 
offices told us that users were not adequately involved in developing 
NCFMS requirements prior to system deployment. According to a BLS 
program manager, only two individuals representing business units were 
involved in the initial NCFMS team; all other representatives were 
from OCFO. While the Associate Deputy Chief Financial Officer for 
Financial Systems and an official from OCIO stated that the department 
reached out to the program agencies, many agencies decided not to 
engage. 

In the department's comments on this report, Labor officials stated 
that the department consulted agency representatives prior to NCFMS' 
deployment and that many of the system's issues were attributed to 
relearning basic processes, rather than to lack of stakeholder 
involvement. The officials stated that the financial system changed 
the business practice and impacted every financial activity performed 
in the department. Labor officials also stated that NCFMS requirements 
were based on the Financial Systems Integration Office (FSIO) and were 
the result of common requirements developed by experts from throughout 
the federal government. While we agree that relearning basic processes 
can be challenging for users, it does not account for the range of 
system problems experienced nor the volume or types of engineering 
changes required after NCFMS implementation. Further, while FSIO 
requirements provide the functional capabilities, these do not address 
accounting policy or procedures. As such, adequate stakeholder 
involvement is essential to implement these functional requirements, 
configure the system to meet its needs, and adequately test the 
software to ensure that the system has properly implemented the FSIO 
requirements.[Footnote 66] 

Labor also did not comprehensively test NCFMS prior to its deployment. 
This step, which is generally part of the control phase, is intended 
to help demonstrate through testing that the system can function in 
its target environment and to provide reasonable assurances that new 
or modified systems process information correctly.[Footnote 67] 
Effective testing requires organizations to plan and conduct testing 
activities in a structured and disciplined fashion. This includes 
different levels of testing, such as system and user acceptance 
testing.[Footnote 68] Our examination of the test steps for one 
script--procure to pay[Footnote 69]--revealed characteristics of an 
undisciplined testing process.[Footnote 70] As a result, Labor's 
testing efforts did not accomplish a key objective--to obtain 
reasonable assurance that NCFMS would perform as expected. 
Specifically, system testing prior to deployment was inadequate in 
three areas: 

* Quality. The scripts[Footnote 71] used to conduct the testing for 
this process did not include expected results to measure against, 
which would allow errors to be readily identified and corrected. 
Instead, Labor personnel involved in testing the system had to rely on 
their own knowledge in evaluating whether the test results were 
accurate. As we have noted, relying on testers to assess system 
quality without identifying expected results is inadequate because it 
is difficult for the testers to remember all the items needed for 
evaluating whether the system is operating as expected.[Footnote 72] 
In addition, Labor did not set adequate boundary conditions for 
testing.[Footnote 73] For example, one test was to determine whether 
the system would reject more than 100 items, as intended. To 
adequately test this, the department should have determined whether 
the system would accept a quantity just below 100 items, such as 99, 
yet reject a quantity of 101. We found that the department did not 
test these quantities and, as a result, did not have reasonable 
assurance that the system would accurately detect and reject 
quantities beyond established limits.[Footnote 74] 

* Documentation. Adequate documentation of tests performed helps 
obtain reasonable assurance that the tests produce expected results, 
however, Labor did not adequately document test results. For the 26 
steps of the procure to pay script that we reviewed, Labor could not 
provide adequate documentation for 17 steps.[Footnote 75] Test 
documentation provided did not document whether the testing had 
identified any defects. While Labor officials stated that errors had 
been identified and corrected, the test documentation did not identify 
errors or the testing performed to ensure that the defects had been 
corrected. As a result, Labor was limited in its ability to understand 
whether the testing process was effectively implemented and produced 
expected results. 

* Scope. Labor did not test certain aspects of the standardized 
payment processing functions applicable to systems used by federal 
agencies.[Footnote 76] For example, rules such as rejecting the 
delivery of goods at locations other than the appropriate receiving 
site, rejecting invoices, and properly processing a payment were not 
tested. 

In commenting on these findings, Labor noted that the OCIO engaged an 
independent verification and validation contractor with specific 
knowledge of the financial system and that the contractor verified the 
system testing and performed its own independent testing of each 
system segment. Nonetheless, as discussed above, our review of the 
documentation provided by the department to support its testing 
activities indicated that these processes had not been effectively 
implemented. We found that disciplined testing activities had not 
taken place and, as a result of these weaknesses, Labor's testing 
efforts did not provide reasonable assurance that the system would 
perform as expected. 

Before NCFMS' deployment, Labor's OIG also identified inadequate 
system testing, a lack of user acceptance testing and related 
documentation, and a lack of end-to-end testing.[Footnote 77] The OIG 
reported that: 

* not all real-time interface requirements were appropriately tested 
during the user acceptance test phase,[Footnote 78] 

* evidence could not be obtained to determine if failed system test 
cases were corrected and retested, and: 

* a completeness and accuracy validation was not performed between 
real-time interfaces and NCFMS.[Footnote 79] 

According to the OIG report, Labor conducted data interface and system 
testing of the NCFMS system just prior to departmentwide 
implementation. Consequently, Labor may not have allowed sufficient 
time for its personnel to assess the test results and correct errors. 

Labor's systems development guidance requires that user acceptance 
tests be planned and implemented. However, the NCFMS program manager 
acknowledged that to meet project implementation milestones, Labor had 
not appropriately performed user acceptance testing and had not 
adequately documented the testing that was performed. Inadequate 
testing coupled with the premature implementation of NCFMS contributed 
to the department being unable to perform basic accounting functions 
once the system was implemented. Officials at four regional offices 
and five program agencies told us that in NCFMS' first year of 
deployment, the system was cumbersome, time consuming, and caused 
inefficiencies in basic daily operations. 

Further, according to the OIG's December 7, 2010, testimony, 
inadequate testing, among other issues, caused the department to issue 
a disclaimer of an opinion on its fiscal year 2010 financial 
statements.[Footnote 80] Until Labor develops an effective selection 
and control process that ensures key stakeholders are involved and 
adequate requirements analysis and testing has been performed, it 
risks investing in projects that do not effectively meet mission needs. 

Labor Has Not Performed Post-implementation Reviews: 

In addition to not following certain aspects of the CPIC process for 
the select and control phase, Labor has not conducted post- 
implementation reviews of its IT projects as part of its project 
evaluations. Post-implementation reviews are conducted during the 
evaluate phase and actual-versus-expected results are compared after 
an agency fully implements a project. This step is done to (1) assess 
the project's impact on mission performance, (2) identify any changes 
or modifications to the project that may be needed, and (3) revise the 
investment management process based on lessons learned. Post- 
implementation reviews are used to evaluate whether the estimated 
return on investment was actually achieved and to identify how 
effectively the system has supported stakeholders and met baseline 
goals in terms of cost, schedule, and performance. OMB and Labor 
require such reviews in order to assess what the agency achieved with 
the investment. According to Labor's system development guidelines, a 
post-implementation review should be performed within 6-9 months of 
deployment to assess the system's performance and ability to meet 
expected benefits.[Footnote 81] The CPIC program manager said that the 
department has not performed post-implementation reviews of its 
systems because it has devoted resources to the select and control 
CPIC processes and, that, until recently Labor did not have the 
structured guidance available to conduct these reviews. The program 
manager added that the department is in the process of developing post-
implementation review guidance and plans to conduct reviews on 
investments in the future. Without such reviews, Labor may not be able 
to revise its investment management process on the basis of lessons 
learned or identify opportunities to improve system performance. 

Labor Has Implemented a Security Program but Information Security 
Risks Remain: 

Labor has established an information security program and policies 
that address the key requirements of FISMA, but the department faces 
weaknesses in several areas, such as not fully complying with select 
security requirements and ensuring appropriate user access. 
Specifically, Labor has taken the following steps to establish its 
information security program: 

* periodically assessed the risk and magnitude of harm that could 
result from unauthorized access, use, disclosure, disruption, 
modification, or destruction of information or systems; 

* developed risk-based policies and procedures that cost-effectively 
reduce information security risks; 

* developed plans for providing adequate information security for 
networks, facilities, and systems; 

* provided security awareness training for agency personnel and 
contractors; 

* performed periodic testing and evaluation of the effectiveness of 
information security policies, procedures, and practices, performed 
with a frequency based on risk level, but not less than annually; 

* implemented a process for planning, implementing, evaluating, and 
documenting remedial actions to address any deficiencies identified in 
the agency's information security policies, procedures, and practices; 

* developed procedures for detecting, reporting, and responding to 
security incidents; and: 

* developed plans and procedures to ensure the continuity of 
operations for information systems that support the operations and 
assets of the agency. 

Nonetheless, Labor faces several security risks. For example, it is 
challenged with updating its IT operations in accordance with current 
NIST requirements and ensuring appropriate user access. Until Labor 
strengthens its controls over these security weaknesses, its systems 
and the information they store are at increased risk of security 
breaches. 

Labor Has Not Fully Implemented Current Security Requirements: 

Labor is not fully meeting current security requirements for IT 
operations as defined in NIST Special Publication 800-53, guidelines 
that apply to all components of an information system that processes, 
stores, or transmits federal information.[Footnote 82] These 
guidelines set forth security controls that are intended to prevent 
unauthorized access and detect any inappropriate modifications of 
data. This is essential to protect and safeguard information processed 
in systems. Federal agencies are required to follow NIST special 
publications and implement the requirements within one year.[Footnote 
83] However, Labor's Chief Information Security Officer stated that as 
of November 3, 2010, not all program agencies were fully in compliance 
with NIST 800-53 revision 2, which was to be implemented by December 
2008. Further, Labor has not fully implemented the most recent 
requirement, NIST 800-53 revision 3, which was to be implemented by 
August 2010. According to NIST documentation, NIST 800-53 revision 3 
controls are a significant improvement over revision 2 and earlier 
versions, because when implemented they will, among other things, 
provide for organizationwide and continuous security risk assessments 
instead of periodic, isolated system reviews as provided for in 
earlier versions.[Footnote 84] The Chief Information Security Officer 
stated, early in 2010, that Labor planned to have all agencies 
compliant with revision 3 by the end of fiscal year 2011. In 
subsequent comments on a draft of this report, Labor officials stated 
that the department plans to have agencies compliant with revision 3 
by December 2011, and noted that this revised implementation schedule 
was supported by a risk-based analysis of both revisions 2 and 3 and a 
determination that the risks associated with delayed implementation of 
the new controls were low to moderate. Labor officials further noted 
that the controls that were not fully compliant have been documented 
and the department has developed plans for corrective actions. We are 
encouraged by the department's assertions to take action; however, the 
current plans to fully implement revision 3 are about one and a half 
years behind schedule. Until the department fully implements the 
revised controls, Labor will continue to face potential security risks. 

Further, under FISMA, agencies are required to classify their systems 
according to three risk levels--low, moderate, and high. The risk 
classification serves as a basis for determining the level of security 
applied to the system to ensure that information resources are 
adequately protected. Risk classifications are based on the 
confidentiality, integrity, and availability of the information. Labor 
has classified all of its 72 operational systems at the moderate risk 
level since fiscal year 2008, but according to the Deputy CIO and 
Chief Information Security Officer, the department was re-evaluating 
these systems' risk levels. The Chief Information Security Officer 
stated that given the significance of NCFMS on the department's 
financial activities, this system may not be appropriately assessed at 
a moderate risk level. Further, this official also noted two other 
systems that may be misclassified. According to the Deputy CIO, the 
systems' risk levels may be misclassified because the systems have 
matured and evolved over time. As such, in November 2010, Labor 
officials said that they intended to re-evaluate the risk 
classification of agency systems. In January 2011, Labor's Chief 
Information Security Officer stated that the department had, 
consistent with FISMA requirements, conducted its annual review of 
systems' classifications.[Footnote 85] This official stated that the 
department re-evaluated the systems and determined that all 72 
operational IT systems will continue to be assessed at the moderate 
risk level. Nonetheless, while the department stated that it has 
completed its annual evaluation of system risks and indicated that it 
is focusing on risk-based analyses in prioritizing security controls, 
we remain concerned that there are substantive issues with IT controls 
and the condition of information security at the department. As part 
of our work in our high-risk reporting, Labor has been downgraded from 
a significant deficiency in department financial controls in 2009 to a 
material weakness in 2010 based on vulnerabilities with overall 
security management and access controls. The department is 1 of 8 
organizations (out of 24 total) designated with material IT security 
weaknesses in its financial and information systems.[Footnote 86] 

Labor Has Not Completely Implemented Effective Controls to Ensure 
Appropriate User Access: 

Labor has not always limited systems access to appropriate personnel. 
In particular, Labor guidance states that employee system access 
should be terminated at the time an employee separates from the 
department. However, headquarters and regional personnel we 
interviewed said that inappropriate access by former employees had 
been an issue in their respective regions. In addition, the OIG 
reported in November 2010 that Labor had recurring access issues and 
vulnerabilities associated with user access privileges to information 
systems.[Footnote 87] For example, the OIG found that: 

* five of seven information systems tested did not have processes or 
procedures in place for conducting periodic reviews to ensure that 
user system access privileges were still appropriate and necessary, 
creating the risk of unauthorized individuals having access to view, 
update, or delete data in the information system, and: 

* four of seven information systems tested contained active user 
accounts for employees that had separated from the department. 
Specifically, former employees accessed their user accounts in three 
of the four information systems subsequent to separation. 

Labor officials said that inappropriate access to systems occurred 
because systems personnel were not notified of an employee's 
separation. Labor's policy states that a human resources manager is to 
initiate and terminate access to all systems and facilities for 
federal and contractor personnel upon their entry and prior to their 
exit from the department. The Deputy CIO acknowledged that such 
inappropriate access had occurred, however, he said that the 
department was taking corrective action to prevent inappropriate 
access in the future by incorporating this requirement into its new 
human resources management system. Further, Labor stated in its 
response to the IG report that it is taking aggressive steps to 
strengthen IT security and noted increased emphasis on prioritizing IT 
security issues. 

Labor Has Established Policies for Grants Accountability, but 
Weaknesses Exist in Documentation and Monitoring: 

Our review of one of Labor's top management challenges--the 
discretionary grant management process--showed that although ETA had 
designed overall policies intended to provide accountability over its 
discretionary grants award and monitoring processes, it did not have 
sufficient procedures and guidance to help ensure that award and 
monitoring internal control activities are conducted and properly 
documented and that the results of single audits are fully integrated 
with monitoring activities. In its Fiscal Year 2009 Performance and 
Accountability Report,[Footnote 88] Labor acknowledged that the large 
increase in grant funding provided by the enactment of the Recovery 
Act[Footnote 89] exacerbated the challenge facing the department in 
the grants area with respect to ensuring that grant funds are 
appropriately spent on activities that will yield the desired training 
and employment outcomes. 

Specifically, our review of ETA's grant management process showed that 
ETA did not always have sufficient quality assurance procedures and 
comprehensive guidance with respect to (1) maintaining and retaining 
discretionary competitive grant award documentation, (2) properly and 
consistently conducting and documenting federal project officer (FPO) 
monitoring activities, and (3) fully integrating the results of single 
audits in its discretionary grantee monitoring activities. From our 
review of 30 grant files, we identified instances[Footnote 90] in 
which these design deficiencies resulted in ETA's inability to locate 
essential documentation needed to verify that key discretionary award 
processes were performed and instances where evidence supporting key 
monitoring activities were not consistently retained in a central 
location to facilitate management oversight. 

Weaknesses in ETA's Procedures for Retaining Documentation for 
Competitive Discretionary Grant Awards: 

While ETA's discretionary grant management procedures provide guidance 
on key control activities intended to help provide assurance that 
grants are appropriately justified and awarded, these procedures did 
not specify where and how long to retain documentation of grant award 
reviews and results.[Footnote 91] According to ETA's Grant Management 
Desk Reference Guide, the award process for discretionary competitive 
grants requires the preparation of documentation such as conflict of 
interest and nondisclosure statements signed by the members of the 
review panel, and a scoring and written report of the panel's 
evaluation of grantee's response to the solicitation of grant awards. 
In addition, the Employment and Training Order No. 1-08 requires a 
preaward clearance to be performed and documented for prospective 
grantees, which is performed by Labor's Office of Special Programs and 
Emergency Preparedness.[Footnote 92] However, we found that ETA did 
not have guidance with respect to where these required documents were 
to be centrally filed and how long they are to be retained to 
facilitate management oversight. Inadequate documentation of these key 
award activities increases the risk that ETA may not have support to 
show that grantees selected were the best for meeting the government's 
requirement or that in conducting award activities, its members were 
free of any conflicts that would hinder their ability to perform fair 
and objective assessments of discretionary grant applicants. For 
example, our review found instances related to competitive grants 
[Footnote 93] in which agency staff could not locate key discretionary 
grant award documentation including: 

* seven grant files that did not include conflict of interest and 
nondisclosure statements signed by the members of the preaward review 
panel, 

* five grant files that did not include the review panel's preaward 
scoring and related written reports, and: 

* nine grant files that did not include results of preaward clearance, 
such as results of investigations, audit resolution, and other matters. 

Of the ten competitive grant files we reviewed, some files were 
missing multiple documents. For five grants, the files did not contain 
any of the key discretionary grant award documentation--a conflict of 
interest nondisclosure statement, review panel's preaward scoring, and 
related written reports and results of preaward clearance. 

Our Standards for Internal Control in the Federal Government provides 
that internal control and all transactions and other significant 
events should be clearly documented and readily available for 
examination.[Footnote 94] The standards also provide that records 
should be properly managed and maintained, and documentation should 
appear in management directives, administrative polices, or operating 
manuals. According to ETA officials, as of December 2010, the agency 
was in the process of developing standard operating procedures to 
address centralizing the location and retention of award documents. 

Weakness in Properly and Consistently Conducting and Documenting ETA's 
Quality Assurance Monitoring Activities: 

While ETA's grant management procedures require performing and 
documenting the results of its monitoring activities, they did not 
specify quality assurance steps, such as supervisory reviews, 
necessary to ensure that required grant monitoring activities are 
consistently and properly conducted and documented. To monitor 
grantees' compliance with administrative, financial, and performance 
regulations, ETA's guidance requires FPOs to perform a combination of 
office-based reviews referred to as "desk reviews" and, for new and 
"at-risk" grantees, conduct on-site visits at grantees' locations. 
Through desk reviews, FPOs are to analyze grantees' program and 
financial reports, as well as any other related information available 
to identify current risk areas and problems related to grantee 
performance, noncompliance with federal requirements, or mismanagement 
of funds. FPOs are to conduct on-site visits at the grantee's work 
site to observe and review work being done under the provision of the 
grant. 

FPOs begin the grant monitoring process by performing an initial risk 
assessment of the grantee using ETA's Grants Electronic Management 
System (GEMS).[Footnote 95] The initial risk assessment consists of 
the FPOs answering a series of standard questions about the grantee in 
GEMS to determine the risk level. The result of this initial risk 
assessment is then used to determine the type of monitoring activities 
that an FPO will perform on the grantee. For example, monitoring 
activities for new grantees and those rated "at-risk" grantees will 
require an on-site visit, while low-or medium-risk grantees will be 
monitored at the office through desk reviews. Throughout this process, 
FPOs in the regional offices are required to document the results of 
these activities in GEMS, such as documenting deficiencies observed 
and areas of concern relating to the administration and performance of 
each grant. According to key ETA officials, GEMS is also intended to 
be the central repository for data on grant monitoring activities to 
provide information on all grantees that can be shared agencywide. 
ETA's Grant Management Desk Reference Guide provides that GEMS grant 
monitoring records are considered an integral part of the official 
grant file. 

However, ETA's procedures did not specify quality assurance steps 
necessary to help assure that required FPOs' monitoring procedures 
were properly and consistently carried out and documented in GEMS. 
Such quality assurance procedures should be the responsibility of an 
ETA organizational component with an FPO quality assurance role, such 
as ETA's regional management. Without quality assurance procedures, 
such as supervisory reviews, to ensure that complete and consistent 
monitoring is conducted and data results are recorded in GEMS, ETA is 
hampered in its ability to effectively and efficiently account for its 
discretionary grants. For example, as summarized in the following 
bullets, our review found instances in which (1) risk assessments were 
not documented or were changed without proper justification, (2) desk 
reviews of financial and performance information were not documented, 
(3) on-site monitoring activities were not recorded, and (4) final 
desk reviews were not documented.[Footnote 96] 

* Risk assessment. We found one grant where the initial risk 
assessment calculated in GEMS was overridden by the FPOs without 
explanation. In addition, we found seven grants where the quarterly 
risk assessment changed from one quarter to another without 
explanations for the change.[Footnote 97] GEMS data entry forms 
provide a comment box where narrative information regarding the 
results of the risk assessments can be entered; however, we found that 
it was not consistently used by the FPOs.[Footnote 98] The grant risk 
assessment determines the extent of subsequent monitoring activities 
such as site visits, and the lack of narrative to address the 
overriding of the initial risk assessments prevents management from 
understanding the rationale used to change the risk levels. Therefore, 
unexplained risk level changes may place the agency at risk of not 
performing the required level of monitoring for its grants. 

* Quarterly desk reviews. We found three grants where desk reviews 
were not documented for specific quarters during the life of the 
grant. Desk reviews conducted by the FPOs assess information provided 
by the grantee such as financial reports, statements of work, program 
narratives and performance reports, and budget information. The 
results of quarterly desk reviews may also change the risk level of a 
grantee and affect monitoring strategies. ETA's guidance requires the 
performance of desk reviews every quarter while the grant is active. 
Without clear documentation on the results of quarterly desk reviews, 
the agency cannot determine whether the grantee has complied with 
legal requirements of the grant agreement. Further, the failure to 
perform quarterly desk reviews could result in ETA's inability to 
identify issues of nonconformance that would require corrective 
actions by the grantee or issues that require an on-site visit. 

* On-site reports. We found 19 grants where the grantees were either 
new or deemed as "at-risk" and required on-site visits to be performed 
by the FPOs. Of these 19 grants, we found four instances where on-site 
reports were not uploaded into GEMS and three instances where the FPOs 
did not separately enter the findings from the on-site visits. ETA's 
guidance requires FPOs to upload a copy of a report summarizing the 
results of the on-site visit in GEMS. Additionally, this guidance 
requires the FPOs to enter separately all findings from the on-site 
visits into GEMS. Site visits provide FPOs a unique opportunity to 
have a close inspection into the grantee's use of federal funds and 
document whether the project is proceeding according to the grant's 
requirements or whether action must be taken to resolve identified 
issues. Also, on-site visits allow FPOs to identify issues, which they 
normally would not identify while performing a desk review. For 
example, as a result of on-site visits, FPOs have identified instances 
where fiscal agents were writing and depositing checks to themselves 
and timesheets were incomplete. In other instances, FPOs found that 
grantees did not have adequate internal controls to protect government 
assets, invoices were not approved, and reporting activities lacked 
supporting information. The absence of on-site monitoring data in GEMS 
limits the information readily available to share with other staff, 
supervisors, and program managers about issues that may require 
immediate attention. 

* Final desk review. We found three closed grants and one active grant 
where a final desk review had not been documented in GEMS. In 
addition, we found that for eight grants, the required final review 
narrative was not included. ETA's guidance requires FPOs to make a 
final desk review and also include a narrative on the results in GEMS. 
The final desk review provides a documented assessment of the 
performance of the grantee during the period of performance and 
provides important information for future solicitations in which prior 
performance is a criterion. Without timely and adequate documentation 
of the grantee's performance assessment, supervisors and program 
managers are not able to fully assess the grantee's overall 
performance and could place future discretionary funding at risk. 

Standards for Internal Control in the Federal Government requires that 
entities are to provide continuous supervision to provide reasonable 
assurance that internal control objectives are achieved. In addition, 
the standards provide that transactions should be promptly recorded to 
maintain their relevance and value to management in controlling 
operations and making decisions. Moreover, ETA management will not be 
able to effectively obtain and share complete and consistent 
information on the results of grantees' overall performance, including 
the grantees compliance with legal requirements of the grant agreement. 

Weaknesses in Fully Integrating Single Audit Results into 
Discretionary Grant Monitoring: 

The results of Single Audits provide important information for the 
oversight and monitoring of discretionary grant recipients' use of 
federal awards. Our review of ETA's Single Audit process showed that 
while ETA has implemented a resolution process, it has not established 
procedures for using the results of Single Audits in FPOs' monitoring 
activities documented in GEMS.[Footnote 99] ETA officials stated that 
the Single Audit findings and information on their resolution process 
may not always be shared with the FPOs in charge of monitoring the 
grantees. While Labor has procedures for resolving Single Audit 
findings, its procedures did not require that Single Audit results be 
consistently submitted to the FPOs and considered as part of their 
discretionary grant monitoring procedures. Specifically, Labor has a 
centralized process in place to resolve audit findings reported in 
Single Audits through coordination with the regional offices and 
Labor's OIG. Further, ETA requires FPOs, as part of the Core 
Monitoring Guide, to ask their grantees during on-site visits whether 
a Single Audit has been performed and if so, to obtain a copy. 
However, the Guide does not require FPOs to use the information from 
the Single Audits when conducting risk assessments or to document any 
relevant findings in GEMS. According to ETA officials, FPOs may be 
aware of the Single Audit findings for their grantees if during the 
resolution process the FPOs are consulted to obtain information or 
documents to support the corrective action plans prepared by the 
grantee. Not requiring such information to be obtained and retained in 
GEMS may hinder the FPOs' ability to effectively assess risks related 
to a grantees' performance. For example, we identified five grantees 
with Single Audits for which the grant files in GEMS did not contain 
any documentation that the results of the Single Audit findings were 
entered in GEMS. Standards for Internal Control in the Federal 
Government provides that agency officials, program managers, and 
others responsible for managing and controlling program operations 
should receive relevant, reliable, and timely information to make 
operating decisions, monitor performance, and allocate resources. 
Because Single Audit results could help identify problems with 
grantees financial management and program operations, it is important 
for the FPOs to have results of Single Audits when performing risk 
assessments of grantees to determine the level of monitoring 
activities that FPOs will perform on the grantees. 

Conclusions: 

Labor has made strides over the last decade in establishing a 
departmentwide framework for managing its information technology and 
developing an internal control structure for monitoring its financial 
resources. However, opportunities remain for Labor to improve their 
management of these areas. 

While the department has taken steps to ensure mission unit 
representation in selected IT investments, its IT governance structure 
continues to lack necessary input from business units to ensure that 
projects meet mission needs, and performance measures do not always 
reflect actual productivity and benefits of systems. The department 
also does not consistently apply elements for adequately evaluating 
its IT investments, such as implementing best practices for project 
selection and oversight and performing post-implementation reviews. 
Until Labor develops an effective selection and control process that 
ensures key stakeholders are involved and adequate requirements 
analysis is performed, it risks investing in projects that do not 
effectively meet the department or its program agencies' mission 
needs. In this regard, Labor can apply lessons learned from its 
implementation of NFCMS. If Labor does not consistently implement its 
IT investment guidelines and adequately test systems prior to 
deployment, it may run the risk of deploying systems that do not 
support users and operate less effectively, potentially wasting 
limited resources. In addition, risks remain in Labor's implementation 
of its information security program. These include not keeping current 
with security requirements and implementing adequate access controls. 
As a result, Labor has increased vulnerability to security threats, 
such as destruction of and inappropriate access to systems and 
databases. 

Labor should also take steps to strengthen its grant management 
processes. Specifically, ETA's ability to adequately assess the 
results of its monitoring activities for billions in discretionary 
grant funds is diminished, in part, due to its staff not collecting 
and maintaining all needed documentation for performing key monitoring 
activities. By strengthening its policies and procedures for the 
documentation and maintenance of information, ETA would be better 
positioned to determine whether its grantees are using federal dollars 
as intended. 

Recommendations for Executive Action: 

To further strengthen Labor's IT planning and oversight process and 
financial management, we recommend that the Secretary of Labor direct 
the Chief Information Officer to: 

* ensure that the department-level investment review boards and 
governance structure incorporate business unit (i.e., mission) 
representation to effectively define business system requirements; 

* ensure that program agencies implement Labor's guidance to develop 
comprehensive performance measures for their respective systems in 
order to provide reasonable assurance that new systems will provide 
expected functionality and benefits; 

* further refine Labor's IT investment management oversight process in 
the select and control phases to apply lessons learned from its 
implementation of NCFMS to ensure adequate stakeholder involvement and 
comprehensive testing is performed throughout the systems development 
process; 

* conduct post-implementation reviews, where appropriate, to determine 
if the investments are meeting stakeholder needs and realizing 
expected benefits; and: 

* ensure systems fully comply with NIST 800-53 revision 3 guidance 
and, if not, take appropriate steps to meet these requirements. 

We also recommend that the Secretary of Labor direct the Assistant 
Secretary of the Employment and Training Administration to: 

* establish procedures for retaining grant award-related 
documentation, including location and retention period; 

* establish quality assurance procedures, such as supervisory reviews, 
to ensure that grant monitoring activities are performed and 
documented in GEMS. Procedures should identify how the review is to be 
conducted, the regional-level official responsible for reviewing grant 
documentation in GEMS, and the frequency of the reviews, and: 

* establish procedures addressing the communication and incorporation 
of Single Audit findings and related corrective actions as part of the 
ETA's grantee's monitoring activities to be documented in GEMS. 

Agency Comments and Our Evaluations: 

We obtained written comments on a draft of this report from Labor's 
Assistant Secretary for Administration and Management, which are 
reproduced in appendix IV. Labor also provided technical comments that 
we incorporated in the report as appropriate. 

Labor generally agreed with our findings. In response to our five 
recommendations to further strengthen the department's IT planning and 
oversight process, Labor stated, in general, the portrayals of their 
information management controls are substantiated. However, Labor 
raised concerns about how we presented the IT security references. For 
example, Labor stated that the report implies that program agencies 
did not place priority on implementing current security requirements 
and that this is not completely accurate. In response to Labor's 
comments, we revised the wording of the fifth recommendation to 
highlight the need to fully implement current security requirements. 
Labor provided additional clarifying information in its technical 
comments regarding its information technology controls, and we 
incorporated this information as appropriate. 

With respect to discretionary grant management, ETA agreed with our 
recommendation to establish procedures for retaining competitive grant 
award documentation. However, in response to our recommendation to 
establish quality assurance procedures--such as supervisory reviews-- 
to ensure that grant monitoring activities are performed and 
documented in GEMS, ETA stated that the recommendation suggests that 
such steps are not in place and that this is not the case. ETA added 
that they have a broad range of grants management and monitoring 
practices and procedures in place to ensure effective grants 
management review. For example, ETA discussed having performance 
agreements established for regional administrators, managers, and 
FPOs, which include standards that address grant monitoring and other 
grant management responsibilities. However, as evidenced by our 
findings, these standards and procedures do not specify steps 
necessary to assure that required FPOs' monitoring procedures are 
properly and consistently documented in GEMS. As ETA transitions from 
a largely paper-based federal grant management system to electronic 
filing using GEMS, it is important that its main monitoring 
documentation storage system be consistently updated and reviewed to 
reflect the current status and results of its grant monitoring 
activities. By doing so, management will have one central repository, 
where they can effectively obtain and share complete and consistent 
information on the results of grantees' overall performance, including 
the grantees' compliance with legal requirements of the grant 
agreement. In response to Labor's comments, we revised the wording of 
the recommendation to make more clear that the focus is on specifying 
the steps needed to ensure that grant monitoring activities are 
performed and documented in GEMS. 

In response to our recommendation to establish procedures to document 
Single Audit results in GEMS, ETA stated that it recognizes the 
importance of various Labor offices and staff in communicating and 
incorporating Single Audit findings and will continue to further 
strengthen this critical monitoring process. ETA noted that its Core 
Monitoring Guide already requires reviewers to ascertain the status of 
the Single Audit and any open issue as part of their on-site review. 
However, as our report indicates, there is no requirement that the 
results of the Single Audit be documented in GEMS. Not requiring such 
information to be retained in GEMS may hinder the reviewer's ability 
to effectively assess risks related to a grantee's performance. 
Because Single Audit results could help identify problems with 
grantees' financial management and program operations, it is important 
for the reviewers to have these results readily available when 
performing risk assessments of grantees to help determine the level of 
monitoring activities that they will perform on the grantees. 

We are sending copies of this report to the Secretary of Labor, the 
Office of Management and Budget, and other interested parties. We will 
also make copies available to others on request. In addition, the 
report will be available at no charge on the GAO Web site at 
[hyperlink, http://www.gao.gov]. 

Please contact me at (202) 512-7215 or sherrilla@gao.gov if you or 
your staff have any questions concerning this report. Contact points 
for our Offices of Congressional Relations and Public Affairs may be 
found on the last page of this report. Key contributors to this report 
are listed in appendix V. 

Sincerely yours, 

Andrew Sherrill: 
Director, Education, Workforce and Income Security Issues: 

[End of section] 

Appendix I: Scope and Methodology: 

To identify the steps that the Department of Labor (Labor) had taken 
to strategically manage and plan for its current and future workforce 
needs, we reviewed our previous work on strategic human capital 
management and our prior work on the department's management 
challenges. We also reviewed Labor's planning documents, such as 
strategic, human capital, and succession plans, and Labor's annual 
report to the Office of Personnel Management (OPM). Moreover, we 
reviewed our reports and OPM's reports on human capital to identify 
criteria for Labor's workforce and succession planning efforts. 
[Footnote 100] On the basis of this information, we assessed Labor's 
planning documents, such as the human capital strategic plan and 
succession plan, and human capital management practices against our 
key workforce planning principles and OPM's Human Capital Assessment 
and Accountability Framework for federal agencies to determine if any 
areas were in need of improvement. 

We also obtained and reviewed workforce planning documents and data 
for Labor departmentwide and selected program agencies and compared it 
to our key workforce planning principles and OPM's human capital 
framework. In addition, we selected three of Labor's program agencies--
Employee Benefits Security Administration (EBSA), Occupational Safety 
and Health Administration (OSHA), and Employment and Training 
Administration (ETA)--and reviewed their strategic workforce planning 
efforts in more detail. We selected these agencies based on the 
following criteria: 

* their differing organizational structure within Labor; 

* their overall fiscal year 2010 budget and full-time equivalent (FTE) 
levels; and: 

* their authorization to each hire more than 150 additional staff in 
fiscal year 2010. 

At each of these program agencies, we reviewed workforce planning 
documents and data from the national and regional offices, and 
interviewed officials responsible for strategic workforce planning, 
recruitment, hiring, and succession planning. 

To determine Labor's workforce trends, Labor's human capital office 
identified the department's mission-critical occupations. We then 
analyzed data from OPM's Central Personnel Data File (CPDF) on Labor's 
program agencies' from fiscal years 2005 to 2009. To assess the 
reliability of CPDF, we reviewed our prior data reliability work on 
CPDF data and updated information about the data.[Footnote 101] We 
determined that the data were sufficiently reliable to provide 
information on Labor's recent workforce trends. While we concluded 
that the CPDF information was sufficiently reliable for the purposes 
of our review, we did not independently verify the data as part of 
this review. However, to corroborate these data, we requested 
workforce trend data from Labor and compared it to the CPDF data. No 
material differences were found. 

The following describes the steps that we took to identify selected 
workforce trends in CPDF for Labor's employees positioned across the 
department: 

* Hiring. We identified all new hires for fiscal years 2005-2009 by 
using personnel action codes in CPDF for individuals accepting career 
or career conditional positions. These included new hires to Labor 
(both new hires to the government and transfers from other agencies) 
and hires of individuals returning to the government. To put Labor's 
hiring into context, we used attrition data to compare the numbers of 
staff hired with the number of staff leaving. Additionally, we used 
Labor's time-to-hire data from 2009 to describe how quickly Labor 
fills its job vacancies. 

* Attrition rates. To determine the overall attrition rates, we 
analyzed data from the CPDF for fiscal years 2005 through 2009. For 
each fiscal year, we counted the number of permanent (career) 
employees with personnel actions indicating they had separated from 
Labor. Separation data for new hires included resignations, 
retirements, terminations, transfers to other agencies,[Footnote 102] 
and deaths. We did not include a small percentage of individuals with 
inconsistent data such as multiple or different hiring or separation 
dates. The small percentage of employees with inconsistent data is 
similar to the generally reliable data in the CPDF we have reported 
previously. We then divided the total number of separations for each 
fiscal year by the average of the number of these employees in the 
CPDF as of the last pay period of the fiscal year before the fiscal 
year of the separations and the number of these employees in the CPDF 
as of the last pay period of the fiscal year of separation. 

To determine the attrition rates for new hires, we used CPDF data to 
identify the newly hired staff and followed them over time to see how 
many left Labor. We identified all new hires for fiscal years 2005-
2009 by using personnel action codes for accessions to career or 
career conditional positions. Next, we determined whether these 
individuals had personnel actions indicating they had separated from 
Labor. By subtracting the hire date from the separation date, we 
determined how long individuals worked before separating. We 
calculated the attrition rates for a specific time period by dividing 
the number of individuals who left within that time period by the 
total number of new hires tracked for that time period. 

* Separations. To identify the ways staff separated from Labor from 
2005 through 2009, we used the CPDF codes that identify how employees 
separated; including resignations from federal employment, retirement, 
transferred to another federal agency, or separated in another way, 
such as a reduction in force. 

* Retirement eligibility rates. To determine retirement eligibility 
for Labor's employees employed as of the end of September 2009 we used 
CPDF information on service computation date, birth date, and 
retirement plan coverage to calculate the date of eligibility to 
retire with an immediate, unreduced annuity. The rules stipulating the 
number of years of service in conjunction with the age when a person 
would be eligible to retire were used for the retirement plan of which 
the employee was a member. In particular, we calculated retirement 
eligibility for Labor overall, for the selected program agencies, and 
for Labor's overall mission critical versus nonmission critical 
occupations, including the specific mission critical occupations 
within the selected program agencies for fiscal year 2009. 

* Federal tenure rates. To determine federal tenure rates, we examined 
CPDF information on number of years of federal service for overall 
Labor employees between fiscal years 2005 and 2009. We report years of 
federal service rather than years of service with Labor or in a 
particular occupation because the CPDF records the service computation 
date of entry into federal employment rather than date of entry to an 
agency or occupation (the service computation date is adjusted 
whenever an employee leaves federal employment and then returns to 
federal employment). 

To evaluate Labor's controls related to managing and modernizing its 
information technology (IT) investments, we interviewed Labor and 
component agency officials including the Office of the Chief 
Information Officer's (OCIO) capital planning team, enterprise 
architecture team, security team, component agency IT managers, and 
system users. We reviewed relevant provisions in the Clinger-Cohen 
Act, the Paperwork Reduction Act, the Federal Information Security 
Management Act (FISMA),[Footnote 103] Office of Management and Budget, 
and Financial Systems Integration Office[Footnote 104] guidance 
related to defining IT goals and plans, assessing progress toward 
achieving IT goals, and measuring performance of IT operations. 

To assess Labor's ability to manage its IT portfolio we used our 
guidance and Labor guidance to determine the extent to which the 
department's investment management process is effective in evaluating 
investments throughout the development life cycle.[Footnote 105] To 
conduct our assessment, we reviewed relevant Labor policies, 
processes, guidance, and documentation including the department's IT 
Capital Planning Guide, investment board meeting minutes, budget 
documents, cost benefit analyses, and project reviews to identify the 
department's processes in managing IT investments throughout the 
systems development lifecycle. We also: 

* reviewed agency documentation, including select and control reviews, 
submitted to the OCIO for their evaluation of IT investments; 

* reviewed requirements and testing artifacts for the procure to pay 
and trust fund functions to determine adequacy of testing for the New 
Core Financial Management System (NCFMS); 

* interviewed Labor's program agency IT directors and program 
managers; and: 

* interviewed relevant OCIO agency officials to determine the extent 
to which Labor has established responsibility and accountability for 
modernization management. 

To evaluate Labor's IT security program we reviewed the departmentwide 
IT security program and evaluated them against criteria in FISMA and 
other related sources, such as National Institute of Standards and 
Technology (NIST) special publication 800-53, revisions 2 and 3. We 
compared Labor IT security documentation to FISMA criteria to 
determine the quality of compliance with FISMA requirements. We also 
interviewed relevant Labor OCIO, Office of Inspector General (OIG), 
and component agency staff with responsibility for managing IT 
security and obtained relevant support for further analysis from them. 
While we assessed Labor's IT security program and policies, we did not 
perform system security reviews nor evaluate the effectiveness of the 
department's implementation of security controls or NIST requirements. 
We also did not independently assess the assigned risk levels of 
Labor's systems. 

We selected six program agencies--OSHA, ETA, Office of Workers' 
Compensation Programs, Office of the Assistant Secretary for 
Administration and Management (OASAM), Bureau of Labor Statistics 
(BLS), and the Wage and Hour Division--which comprise about 83 percent 
of Labor's fiscal year 2010 IT budget to perform case studies in order 
to determine strengths and weaknesses in the department's ability to 
manage IT investments. Within these agencies we identified systems 
under development and in operation to review. We also reviewed the 
NCFMS modernization effort to assess the department's adherence to 
select and control guidelines. To understand the testing conducted for 
NCFMS, we reviewed 2--procure to pay and trust fund--of 23 test 
scripts to assess the adequacy of testing Labor's financial management 
requirements. For the procure to pay test script we performed analyses 
on 26 of 159 test steps to assess the quality, scope, and adequacy of 
test documentation. Additionally, we met with other program agencies 
as necessary to assess IT management controls. 

In the area of financial management, our objective was to determine 
the extent to which the design of Labor's key internal control 
activities help ensure accountability over one of Labor's top 
management challenges, discretionary grants. Our review of the design 
of internal control over discretionary grants was performed at ETA 
because it accounts for $11.4 billion--approximately 80 percent--of 
Labor's overall estimated discretionary budget in fiscal year 2010, 
which includes discretionary grants. In addition, in prior years 
challenges have been reported on ETA's management of its discretionary 
grants. 

We assessed the extent to which the design of ETA's controls is 
adequate to help ensure accountability over its award, monitoring, and 
closeout of discretionary grants,[Footnote 106] including the extent 
to which ETA uses the Single Audits to help oversee its grantees. To 
assess the design of key controls over ETA's discretionary grant 
management process, we obtained and reviewed relevant ETA policies and 
procedures, interviewed key Labor and ETA officials, and compared 
these policies, procedures, and practices with internal control 
standards. 

To understand the design of controls over monitoring activities to be 
conducted during the period-of-performance for the grantees, we 
reviewed documentation requirements for key activities such as initial 
risk assessments, quarterly desk reviews, and on-site visit reports 
recorded in Labor's Grants Electronic Management System (GEMS). To 
further understand the possible effect of identified control design 
flaws, we selected a nongeneralizable sample of 30 (15 active and 15 
closed) discretionary grants from the E-Grants system, Labor's main 
grant obligation and cost subsidiary system. Such a sample cannot be 
used to draw conclusions on the extent to which there are problems in 
the universe of discretionary grants. To select our sample of 
discretionary grants in fiscal year 2009,[Footnote 107] we stratified 
the population of discretionary grants data by ETA programs that had 
awarded discretionary grants and identified the top five programs that 
disbursed the largest discretionary grants during fiscal year 2009. 
For these programs, we sorted the grants from the highest to the 
lowest total disbursement and categorized the disbursements in three 
tiers--high, medium, and low dollar value. We selected the grants with 
the highest disbursement dollar value from each of the three tiers for 
our sample. For these grants we reviewed documentation in the grant 
files for key activities conducted during the award and close out 
process, such as grant agreement approvals, modification approvals, 
and close out checklists. 

To determine the extent to which ETA has controls designed to use the 
Single Audit process to help the agency in performing oversight and 
monitoring functions over its grantees, we reviewed ETA's procedures 
for coordinating Single Audit reviews and its process for correcting 
identified Single Audit deficiencies. We also interviewed ETA 
officials to better understand the extent to which they have controls 
to use Single Audits to perform oversight functions. In addition to 
further our understanding of the effect of identified control design 
flaws in this area, for the nongeneralizable sample of 30 grant files 
discussed previously, we inquired whether a Single Audit had been 
performed, and if performed, we reviewed documentation and spoke to 
ETA officials to determine if ETA conducted the required resolution 
process for correcting identified Single Audit deficiencies. 

We conducted our review at Labor's national office as well as four 
regional locations: Atlanta, Georgia; Chicago, Illinois; Philadelphia, 
Pennsylvania; and San Francisco, California. These regional offices 
were selected to ensure geographical representation and because 
Labor's OASAM was located in each of these offices. In addition to 
interviewing Labor program agency officials, we also interviewed 
officials from Labor's OIG, OMB, and OPM, as well as representatives 
from Labor's employee unions to better understand Labor's management 
practices. Moreover, for each objective, we reviewed relevant federal 
laws and regulations. 

We conducted this performance audit from August 2009 to March 2011 in 
accordance with generally accepted government auditing standards. The 
standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe the 
evidence obtained provides a reasonable basis for findings and 
conclusions based on our audit objectives. 

[End of section] 

Appendix II: Select Financial Management Deficiencies Identified at 
the Department of Labor, Fiscal Year 2010: 

Challenge or issue: Incomplete and inaccurate data from Labor's 
Accounting and Related Systems or subsidiary systems to NCFMS, which 
were caused by coding, configuration, migration, and interface issues; 
Impact on financial reporting: 
* Significant differences were noted in general ledger accounts and 
subsidiary records for the payroll, trust fund, and property accounts; 
* Certain obligations were not transmitted from Labor's system to the 
U.S. Department of Health and Human Services Payment Management System 
in order for grantees to drawdown funds; 
Status as of fiscal year 2010: 
* The auditors reported that Labor has made progress in addressing 
some of these issues. However, as of the end of fiscal year 2010, not 
all differences had been resolved; 
* The auditors acknowledged Labor had addressed the majority of these 
issues by June 2010. 

Challenge or issue: Incomplete and unresolved reconciliations with the 
Department of the Treasury accounts and intragovernmental transaction; 
Impact on financial reporting: 
* Difference of $1.7 billion difference was noted between Labor's 
general ledger accounts and the fund balance with the Department of 
the Treasury account; 
* Unexplained differences were found in intragovernmental 
transactions. For example, the Unemployment Trust Fund's interest 
receivable, investments, and interest revenue accounts had unexplained 
differences of $158 million, $7.2 billion, and $345 million, 
respectively; 
Status as of fiscal year 2010: 
* According to Labor's auditors, as of September 30, 2010, Labor was 
still unable to reconcile the net differences that were identified in 
its fund balance with the Department of the Treasury accounts and had 
not resolved all errors related to intergovernmental transactions. 

Challenge or issue: Inadequate financial processes and incomplete 
financial statement information; 
Impact on financial reporting: 
* Processes needed to record current year apportionments, evaluate the 
accuracy of the grant accrual, and record property, plant, and 
equipment additions and deletions that were not fully implemented and 
documented for a significant part of the year. Also, significant 
difficulties pertaining to data migration prevented the OCFO from 
finalizing and recording the adjusting entries needed to begin 
preparation of the financial statements; 
* Financial statement drafts received by the auditor contained 
numerous errors. For example, (1) balances between financial statement 
amounts and notes to the financial statements did not reconcile; 
(2) financial information contained large errors that were not 
corrected or adjusted prior to submission, such as similar balances 
that should be repeated in different report areas did not agree and 
were not corrected; and (3) the year end statement reported a 
liability of approximately $13 billion when the amount should have 
been reported as approximately $20 billion; 
Status as of fiscal year 2010: 
* Beginning in fiscal year 2011, Labor reported it plans to prioritize 
the OCFO resources to focus on updating existing quality assurance 
documentation and to formally document NCFMS financial reporting 
processes. Labor anticipates these efforts to be completed by 
September 30, 2011; 
* The auditors reported that Labor subsequently corrected the errors 
identified by the auditors on the financial statement drafts; 
however, financial statement preparation has been a longstanding 
deficiency for Labor. 

Source: Department of Labor, Agency Financial Report, fiscal year 2010. 

Note: We did not independently evaluate the status of the corrective 
actions identified in Labor's fiscal year 2009 Performance 
Accountability Report and its fiscal year 2010 Agency Financial Report. 

[End of table] 

[End of section] 

Appendix III: Department of Labor Workforce Trends: 

The following data illustrates Labor's workforce trends between fiscal 
years 2005 and 2009 for eight of the department's program agencies. We 
selected these agencies because they had 500 or more full-time 
equivalent employees. The agencies are BLS, EBSA, Employment Standards 
Administration (ESA),[Footnote 108] ETA, Mine Safety and Health 
Administration (MSHA), OASAM, OSHA, and Office of the Solicitor (SOL). 
We obtained the data from CPDF. See appendix I for an overview of the 
CPDF data reliability and our methodology for calculating workforce 
trends. 

Attrition within Labor's Workforce: 

Labor averaged an attrition rate[Footnote 109] of about 11 percent 
between fiscal years 2006 and 2008. Attrition was consistently lower 
for mission critical employees.[Footnote 110] Attrition rates within 
the eight selected program agencies varied; for example, SOL ranged 
from about 5 to 8 percent attrition per year, while OASAM ranged from 
about 14 to 17 percent attrition per year (see figure 5). 

Figure 5: Attrition Rates for Labor and Select Program Agencies, 
Fiscal Years 2005-2009: 

[Refer to PDF for image: illustrated table] 

Year: 2005; 
Overall labor: 9.3%; 
Overall mission critical: 6.7%; 
Overall nonmission critical: 13.7%; 
Overall attrition by agency: 
BLS: 8.0%; 
EBSA: 11.2%; 
ESA: 9.1%; 
ETA: 11.2%; 
MSHA: 7.5%; 
OASAM: 13.7%; 
OSHA: 6.1%; 
SOL: 5.2%. 

Year: 2006; 
Overall labor: 11.6%; 
Overall mission critical: 9.3%; 
Overall nonmission critical: 15.5%; 
Overall attrition by agency: 
BLS: 10.2%; 
EBSA: 11.9%; 
ESA: 10.6%; 
ETA: 17.9%; 
MSHA: 9.9%; 
OASAM: 14.7%; 
OSHA: 7.9%; 
SOL: 8.3%. 

Year: 2007; 
Overall labor: 11.0%; 
Overall mission critical: 8.3%; 
Overall nonmission critical: 15.6%; 
Overall attrition by agency: 
BLS: 10.0%; 
EBSA: 14.2%; 
ESA: 10.3%; 
ETA: 10.9%; 
MSHA: 9.2%; 
OASAM: 17.2%; 
OSHA: 9.0%; 
SOL: 7.1%. 

Year: 2008; 
Overall labor: 11.2%; 
Overall mission critical: 9.1%; 
Overall nonmission critical: 14.8%; 
Overall attrition by agency: 
BLS: 9.5%; 
EBSA: 10.7%; 
ESA: 10.4%; 
ETA: 11.7%; 
MSHA: 10.3%; 
OASAM: 16.2%; 
OSHA: 9.8%; 
SOL: 8.3%. 

Year: 2009; 
Overall labor: 9.2%; 
Overall mission critical: 6.9%; 
Overall nonmission critical: 13.6%; 
Overall attrition by agency: 
BLS: 7.1%; 
EBSA: 10.0%; 
ESA: 8.4%; 
ETA: 8.9%; 
MSHA: 7.4%; 
OASAM: 17.0%; 
OSHA: 9.5%; 
SOL: 5.8%. 

Source: GAO analysis of CPDF data. 

[End of figure] 

Types of Separations within Labor's Workforce: 

Of those leaving the department, resignations and retirements 
comprised approximately 70-76 percent of Labor's separations each year 
between fiscal years 2005 and 2009. The proportion of transfers to 
other federal agencies increased each year from about 12 percent in 
fiscal year 2005 to almost 19 percent by fiscal year 2009 (see figure 
6). 

Figure 6: Percent of Separations by Type for Labor, Fiscal Years 2005- 
2009: 

[Refer to PDF for image: stacked horizontal bar graph] 

Percentage of separation by type: 2005; 
Resigned: 31.2%; 
Retired: 40.9%; 
Transfer[A]: 12.1%; 
Other[B]: 15.8%. 

Percentage of separation by type: 2006; 
Resigned: 33%; 
Retired: 43.1%; 
Transfer[A]: 12.4%; 
Other[B]: 11.5%. 

Percentage of separation by type: 2007; 
Resigned: 38%; 
Retired: 36.6%; 
Transfer[A]: 14.8%; 
Other[B]: 10.6%. 

Percentage of separation by type: 2008; 
Resigned: 32.4%; 
Retired: 38.6%; 
Transfer[A]: 18.5%; 
Other[B]: 10.5%. 

Percentage of separation by type: 2009; 
Resigned: 35.7%; 
Retired: 34.1%; 
Transfer[A]: 18.9%; 
Other[B]: 11.3%. 

Source: GAO analysis of CPDF data. 

[A] "Transfer" is when an individual employee accepts a position in a 
different federal agency. 

[B] "Other" includes expired appointments, death, failed probations, 
fires, reductions in force, and unknown. 

[End of figure] 

Retirement Eligibility of Labor's Workforce: 

The retirement eligibility of Labor's workforce has generally been 
increasing between fiscal years 2005 and 2009, with its lowest rate at 
16.2 percent in 2006 and its highest rate at 18.5 percent in 2009 (see 
figure 7). As of 2009, retirement eligibility rates ranged from 11.8 
percent for EBSA to 21 percent for ETA. The average of the 2009 
retirement eligibility rates at the eight selected program agencies 
was 18 percent. 

Figure 7: Percent of Employees Eligible to Retire for Labor and Select 
Program Agencies, Fiscal Years 2005-2009: 

[Refer to PDF for image: illustrated table] 

Year: 2005; 
Overall labor: 16,4%; 
Overall mission critical: 17.7%; 
Overall nonmission critical: 15.6%; 
Overall retirement eligibility per agency: 
BLS: 14.1%; 
EBSA: 9.8%; 
ESA: 15.5%; 
ETA: 23.6%; 
MSHA: 18.9%; 
OASAM: 18.0%; 
OSHA: 15.9%; 
SOL: 16.1%. 

Year: 2006; 
Overall labor: 16.2%; 
Overall mission critical: 17.7%; 
Overall nonmission critical: 15.3%; 
Overall retirement eligibility per agency: 
BLS: 14.0%; 
EBSA: 9.8%; 
ESA: 15.7%; 
ETA: 21.1%; 
MSHA: 17.2%; 
OASAM: 18.9%; 
OSHA: 17.4%; 
SOL: 17.8%. 

Year: 2007; 
Overall labor: 17.0%; 
Overall mission critical: 18.5%; 
Overall nonmission critical: 16.1%; 
Overall retirement eligibility per agency: 
BLS: 15.7%; 
EBSA: 11.2%; 
ESA: 16.5%; 
ETA: 20.7%; 
MSHA: 16.6%; 
OASAM: 18.9%; 
OSHA: 19.1%; 
SOL: 18.2%. 

Year: 2008; 
Overall labor: 17.9%; 
Overall mission critical: 19.3%; 
Overall nonmission critical: 17.1%; 
Overall retirement eligibility per agency: 
BLS: 17.0%; 
EBSA: 11.8%; 
ESA: 18.0%; 
ETA: 20.4%; 
MSHA: 17.6%; 
OASAM: 20.3%; 
OSHA: 19.3%; 
SOL: 18.3%. 

Year: 2009; 
Overall labor: 18.5%; 
Overall mission critical: 20.4%; 
Overall nonmission critical: 17.4%; 
Overall retirement eligibility per agency: 
BLS: 17.7%; 
EBSA: 11.8%; 
ESA: 18.0%; 
ETA: 21.0%; 
MSHA: 18.7%; 
OASAM: 19.4%; 
OSHA: 19.5%; 
SOL: 18.8%. 

Source: GAO analysis of CPDF data. 

[End of figure] 

Of Labor's retirement-eligible employees each year between 2005 and 
2009, about 4 to 5 percent were supervisors. The percentage of 
retirement-eligible employees in nonsupervisory positions ranged 
between 11.8 percent in fiscal year 2006 to 13.5 percent in fiscal 
year 2009. 

Specifically, in seven of the selected program agencies in fiscal year 
2009, there were a larger percentage of mission critical employees 
eligible for retirement than nonmission critical employees. In OASAM, 
however, the reverse was true. Of the approximately 19 percent of 
employees who were retirement eligible as of fiscal year 2009, about 
14 percent were in nonmission critical positions compared to 5 percent 
in mission critical positions (see figure 8). 

Figure 8: Percent of Employees Eligible to Retire for Mission Critical 
Occupations in Select Program Agencies, Fiscal Year 2009: 

[Refer to PDF for image: illustrated table] 

Agency: BLS; 
Overall retirement eligibility: 17.7%; 
Overall retirement eligibility by mission critical occupation: 
Economist: 13.7%; 
Mathematical statistician–1529: 19.6%; 
Mathematical statistician–1530: 30.0%; 
Computer specialist: 14.6%; 
Nonmission critical occupations: 25.7%. 

Agency: EBSA; 
Overall retirement eligibility: 11.8%; 
Overall retirement eligibility by mission critical occupation: 
Benefit advisor: 7.2%; 
Auditor: 15.4%; 
Pension law specialist: 16.9%; 
Investigator: 10.9%; 
Nonmission critical occupations: 14.8%. 

Agency: ESA; 
Overall retirement eligibility: 18.0%; 
Overall retirement eligibility by mission critical occupation: 
Wage and hour compliance investigator–0249: 18.8%; 
Wage and hour investigator–1849: 9.5%; 
Equal opportunity specialist: 19.9%; 
Workmens compensation claims examiner: 15.8%; 
Investigator: 15.6%; 
Nonmission critical occupations: 21.8%. 

Agency: ETA; 
Overall retirement eligibility: 21.0%; 
Overall retirement eligibility by mission critical occupation: 
Unemployment insurance program specialist: 28.4%; 
Workforce analyst: 7.0%; 
Workforce development specialist–0142: 18.6%; 
Workforce development specialist–0301: 12.8%; 
Apprentice and training representative: 27.8%; 
Grant management: 29.6%; 
Nonmission critical occupations: 24.1%. 

Agency: MSHA; 
Overall retirement eligibility: 18.7%; 
Overall retirement eligibility by mission critical occupation: 
Mining engineer: 18.7%; 
Mine inspector: 16.9%; 
Nonmission critical occupations: 22.7%. 

Agency: OASAM; 
Overall retirement eligibility: 19.4%; 
Overall retirement eligibility by mission critical occupation: 
Human resource specialist: 19.6%; 
Computer specialist: 16.9%; 
Nonmission critical occupations: 22.7%. 

Agency: OSHA; 
Overall retirement eligibility: 19.5%; 
Overall retirement eligibility by mission critical occupation: 
Safety specialist–0018: 20.2%; 
Industrial hygenist–0690: 15.6%; 
Nonmission critical occupations: 20.9%. 

Agency: SOL; 
Overall retirement eligibility: 18.8%; 
Overall retirement eligibility by mission critical occupation: 
Attorney: 18.8%; 
Nonmission critical occupations: 18.7%. 

Source: GAO analysis of CPDF data. 

[End of figure] 

Federal Tenure Rates of Labor's Workforce: 

The proportion of employees with fewer years of federal experience has 
increased while the proportion of those with more experience has 
decreased. As of fiscal year 2009, 13.5 percent of Labor's employees 
had less than 3 years of federal experience, up 4 percent from fiscal 
year 2005. The proportion of those with 11 or more years of federal 
experience has generally decreased each year between fiscal years 2005 
and 2009, with 35.5 percent of Labor's workforce having 21 or more 
years of federal experience in fiscal year 2009. In fiscal year 2009, 
about half of Labor's workforce had less than 3 years or more than 21 
years of federal experience; approximately one-quarter had 3-11 years 
of federal experience (see figure 9). 

Figure 9: Federal Tenure Rates for Labor, Fiscal Years 2005-2009: 

[Refer to PDF for image: vertical bar graph] 

Federal tenure rates: 

Year: 2005; 
0 to less than 3 years of federal experience: 9.1%; 
3 to less than 6 years of federal experience: 10.3%; 
6 to less than 11 years of federal experience: 13.7%; 
11 to less than 21 years of federal experience: 29.6%; 
21 or more years of federal experience: 37.4%. 

Year: 2006; 
0 to less than 3 years of federal experience: 10.1%; 
3 to less than 6 years of federal experience: 10.3%; 
6 to less than 11 years of federal experience: 14.5%; 
11 to less than 21 years of federal experience: 28.8%; 
21 or more years of federal experience: 36.3%. 

Year: 2007; 
0 to less than 3 years of federal experience: 11.9%; 
3 to less than 6 years of federal experience: 8.9%; 
6 to less than 11 years of federal experience: 16.7%; 
11 to less than 21 years of federal experience: 27%; 
21 or more years of federal experience: 35.4%. 

Year: 2008; 
0 to less than 3 years of federal experience: 12.4%; 
3 to less than 6 years of federal experience: 9.4%; 
6 to less than 11 years of federal experience: 16.3%; 
11 to less than 21 years of federal experience: 26.4%; 
21 or more years of federal experience: 35.5%. 

Year: 2009; 
0 to less than 3 years of federal experience: 13.5%; 
3 to less than 6 years of federal experience: 10%; 
6 to less than 11 years of federal experience: 16.5%; 
11 to less than 21 years of federal experience: 24.5%; 
21 or more years of federal experience: 35.5%. 

Source: GAO analysis of CPDF data. 

[End of figure] 

Hires within Labor's Workforce: 

Labor hired[Footnote 111] approximately 9-14 percent of its workforce 
per year between fiscal years 2005 and 2009, averaging about 11 
percent per year in fiscal years 2006 to 2008 (see figure 10). 
[Footnote 112] Labor's hires ranged from almost 1,300 employees in 
fiscal year 2005 to more than 2,100 employees in fiscal year 2009, 
averaging about 1,700 employees each year (see figure 11). For each of 
those years, there were approximately equal proportions of mission 
critical and nonmission critical hires. The eight selected program 
agencies varied in their proportions of new hires between fiscal years 
2005 and 2009. For example, in OASAM, approximately 15 to 21 percent 
of its employees each year were new hires, while in SOL approximately 
2.7 to 15.1 percent of its employees were new hires in each of those 
years (see figure 10). 

Figure 10: Percent of New Hires for Labor and Select Program Agencies, 
Fiscal Years 2005-2009: 

[Refer to PDF for image: illustrated table] 

Year: 2005; 
All labor: 8.6%; 
Overall hiring by agency: 
BLS: 8.4%; 
EBSA: 13.6%; 
ESA: 7.7%; 
ETA: 6.1%; 
MSHA: 9.3%; 
OASAM: 15.3%; 
OSHA: 4.3%; 
SOL: 2.7%. 

Year: 2006; 
All labor: 11.2%; 
Overall hiring by agency: 
BLS: 12.6%; 
EBSA: 14.1%; 
ESA: 13.3%; 
ETA: 14.2%; 
MSHA: 7.7%; 
OASAM: 16.5%; 
OSHA: 4.8%; 
SOL: 3.4%. 

Year: 2007; 
All labor: 11.0%; 
Overall hiring by agency: 
BLS: 6.6%; 
EBSA: 12.1%; 
ESA: 10.3%; 
ETA: 11.1%; 
MSHA: 15.8%; 
OASAM: 14.9%; 
OSHA: 8.7%; 
SOL: 5.1%. 

Year: 2008; 
All labor: 10.6%; 
Overall hiring by agency: 
BLS: 4.7%; 
EBSA: 9.7%; 
ESA: 10.5%; 
ETA: 8.9%; 
MSHA: 12.9%; 
OASAM: 17.4%; 
OSHA: 9.4%; 
SOL: 10.3%. 

Year: 2009; 
All labor: 14.2%; 
Overall hiring by agency: 
BLS: 10.4%; 
EBSA: 17.0%; 
ESA: 14.7%; 
ETA: 26.3%; 
MSHA: 10.1%; 
OASAM: 20.8%; 
OSHA: 12.6%; 
SOL: 15.1%. 

Source: GAO analysis of CPDF data. 

[End of figure] 

Figure 11: Number of New Hires and Separations for Labor, Fiscal Years 
2005-2009: 

[Refer to PDF for image: combination vertical bar and line graph] 

Year: 2005; 
Hires: 1,295; 
Separations: 1,528. 

Year: 2006; 
Hires: 1,665; 
Separations: 1,754. 

Year: 2007; 
Hires: 1,645; 
Separations: 1,654. 

Year: 2008; 
Hires: 1,578; 
Separations: 1,711. 

Year: 2009; 
Hires: 2,177; 
Separations: 1,426. 

Source: GAO analysis of CPDF data. 

[End of figure] 

Special Hires versus Ordinary Hires within Labor's Workforce: 

Between fiscal years 2005 and 2009, Labor's ordinary hires have 
generally remained at approximately 60 percent, with the remaining 
being special hires. In fiscal year 2009, ordinary and special hires 
had a greater proportion of mission critical positions (see figure 12). 

Figure 12: Percent of Special Versus Ordinary Hires for Labor, Fiscal 
Years 2005-2009: 

[Refer to PDF for image: stacked horizontal bar graph] 

Percentage of overall Labor: 

Year: 2005; 
Special Hires: Mission critical: 13.4%; 
Special Hires: Nonmission critical: 25.3%; 
Special Hires: Overall: 38.7%; 
Ordinary Hires: Mission critical: 36.5%; 
Ordinary Hires: Nonmission critical: 24.9%; 
Ordinary Hires: Overall: 61.3%. 

Year: 2006; 
Special Hires: Mission critical: 17.1%; 
Special Hires: Nonmission critical: 24.4%; 
Special Hires: Overall: 41.5%; 
Ordinary Hires: Mission critical: 36.1%; 
Ordinary Hires: Nonmission critical: 22.4%; 
Ordinary Hires: Overall: 58.5%. 

Year: 2007; 
Special Hires: Mission critical: 26.8%; 
Special Hires: Nonmission critical: 21.4%; 
Special Hires: Overall: 48.2%; 
Ordinary Hires: Mission critical: 28.2%; 
Ordinary Hires: Nonmission critical: 23.7%; 
Ordinary Hires: Overall: 51.8%. 

Year: 2008; 
Special Hires: Mission critical: 18%; 
Special Hires: Nonmission critical: 19.5%; 
Special Hires: Overall: 37.5%; 
Ordinary Hires: Mission critical: 32.3%; 
Ordinary Hires: Nonmission critical: 30.2%; 
Ordinary Hires: Overall: 62.5%. 

Year: 2009; 
Special Hires: Mission critical: 21.7%; 
Special Hires: Nonmission critical: 16.7%; 
Special Hires: Overall: 38.4%; 
Ordinary Hires: Mission critical: 33.8%; 
Ordinary Hires: Nonmission critical: 27.8%; 
Ordinary Hires: Overall: 61.6%. 

Source: GAO analysis of CPDF data. 

[End of figure] 

[End of section] 

Appendix IV: Comments from the Department of Labor: 

U.S. Department of Labor:	
Office of the Assistant Secretary for Administration: 
Administration and Management: 
Washington, D.C. 20210: 

February 25, 2011: 

Mr. Andrew Sherrill: 
Director, Education, Workforce, and Income Security Issues: 
Government Accountability Office: 
441 G Street, N.W. 
Washington, DC 20548: 

Dear Mr. Sherrill: 

This letter is provided in response to the draft report GAO-11-157, 
Further Management Improvements Needed to Address Information 
Technology and Financial Controls, dated February 2011. The Department 
of Labor (DOL) appreciates the opportunity to provide comments on this 
far-reaching review of our management controls. 

Recommendations #1 - 5, directed to the Chief Information Officer 
(CIO): 

DOL response: In general, the portrayals of our information technology 
management controls are substantiated. However, we have concerns 
regarding how the security references throughout the report were 
presented. For example, the report implies that program agencies 
within DOL, as a whole, did not place priority on implementing current 
security requirements. This is not completely accurate and it is one 
example of a misleading conclusion about our security program. We have 
expressed our comments specific to page references in an enclosure 
accompanying this response. We request the Government Accountability 
Office (GAO) review our comments and consider adjusting the report 
accordingly. 

Recommendation #6 — 8, directed to the Assistant Secretary for 
Employment and Training (ETA): 

Recommendation #6: Establish procedures for retaining grant award-
related documentation, including location and retention period. 

DOL response: ETA concurs with the recommendation to establish 
procedures for retaining pre-award documentation. The agency is in the 
process of developing and disseminating standard operating procedures 
for grant applications and related documents. The procedures will 
provide guidance on the retention of competitive grant applications 
and relevant documentation associated with solicitations for grant 
applications. 

Recommendation #7: Establish quality assurance steps to be performed, 
such as supervisory reviews, and documented in GEMS with respect to 
grantee monitoring activities, including how such procedures are to be 
conducted, how often, and identifying the regional-level responsible 
agency official to perform these duties. 

DOL response: ETA supports continuous improvement of the stewardship 
of its discretionary grants with respect to supervisory reviews and 
documentation of grantee monitoring activities-—including how such 
procedures are to be conducted, and how often the personnel 
responsible to perform those duties-—and our management of 
discretionary grants reflects this principle. However, the 
recommendations suggest that quality assurance steps and supervisory 
review procedures are not currently in place. This is not the case. 

ETA has a broad range of grants management and monitoring practices 
and procedures in place. Over the years, ETA has developed a broad set 
of tools to support effective grants management, including the Core 
Monitoring Guide, the ETA Desk Reference Tool, and the electronic GEMS 
system, among other critical tools to ensure the effective management 
of Federal grants. It should be noted that GEMS is a tool for grants 
management and not the grants management system. However, since the 
creation of GEMS, ETA has continued to upgrade the tool and expand its 
utility. For example, in 2008, ETA established a policy that required 
the use of the GEMS system for the storage of documents from grant 
monitoring and follow-up procurement activities. 

Further, during a grants period of performance, Regional 
Administrators and their managers in ETA's six Regional Offices have 
the primary responsibility for management and oversight of grant 
monitoring and grants management activities, which is performed by 
Federal Project Officers. The performance agreements established for 
Regional Administrators, managers, and Federal Project Officers 
include standards that address grant monitoring and other grants 
management responsibilities for which these staff are accountable. 
Management reports also are retrieved from GEMS on at least a 
quarterly basis, and more often as necessary, and are reviewed by 
managers during regular team meetings where requirements and 
monitoring findings of significance are addressed. 

We continue to build on ETA's quality assurance procedures, training 
and guidance to staff to use the GEMS system effectively as one of our 
grant management system tools. In fact, the GEMS system has proven 
useful in transitioning from a largely paper-based federal grant 
management system to electronic filing and ETA views this as a 
positive approach that continues to make substantial improvements to 
its overall federal grants management activities. 

Recommendation #8: Establish procedures addressing the communication 
and incorporation of Single Audit findings and related corrective 
actions as part of the ETA's grantees' monitoring activities to be 
documented in GEMS. 

DOL Response: ETA's Core Monitoring Guide (and the Financial 
Supplement to the guide) already requires reviewers to ascertain the 
status of the single audit and any open issues as part of onsite 
reviews. It is important to note that agency fiscal staff are 
ultimately responsible for single audit resolutions. ETA involves all 
appropriate individuals, who vary depending upon the audit findings, 
to resolve A-133 and Office of Inspector General audits. All final 
determinations resulting from audit resolutions are forwarded to the 
appropriate national program or regional office for their 
dissemination to the appropriate staff in their respective offices. 
ETA recognizes the importance of the program office, Regional 
Administrators, and their fiscal and program management staff in the 
communication and incorporation of Single Audit findings and will 
continue to further strengthen this critical monitoring process. 

Additional Comments: 

Additional page-specific comments are enclosed. 

Conclusion: 

Thank you again for the opportunity to comment on the draft report. If 
you have any questions or you require further discussion about our 
comments, please have your staff contact Edward C. Hugler, Deputy 
Assistant Secretary, at hugler.edward@dol.gov. or 202-693-4040. 

Sincerely, 

Signed by: 

T. Michael Kerr: 
Assistant Secretary for Administration and Management: 

Enclosure: 

[End of section] 

Appendix V: Contact and Acknowledgments: 

GAO Contact: 

Andrew Sherrill, (202) 512-7215 or sherrilla@gao.gov: 

Acknowledgments: 

The following staff members made key contributions to this report: 
Directors Kay Daly and Valerie Melvin; Assistant Directors Sara 
Schibanoff Kelly, Gale Harris, Elizabeth Martinez, and Christie 
Motley; Jason Holsclaw, Analyst-in-Charge; and Nora Boretti, Rathi 
Bose, Susannah Compton, Melinda Cordero, Pamela Davidson, Peter Del 
Toro, Neil Doherty, Aimee Elivert, Rebecca E. Eyler, Kenrick Isaac, 
Franklin Jackson, Pierre Kamga, Jason Kirwan, Judy Lee, Steven Lozano, 
Chris Martin, Jean McSween, Mimi Nguyen, Scott Pettis, James Rebbe, 
Susan Sachs, Melissa Schermerhorn, Amber Yancey Carroll, and Gregory 
Wilmoth. 

[End of section] 

Related GAO Products: 

Department of Labor: 

Whistleblower Protection: Sustained Management Attention Needed to 
Address Long-standing Program Weaknesses. [hyperlink, 
http://www.gao.gov/products/GAO-10-722]. Washington, D.C.: August 17, 
2010. 

Employment and Training Administration: Increased Authority and 
Accountability Could Improve Research Program. [hyperlink, 
http://www.gao.gov/products/GAO-10-243]. Washington, D.C.: January 29, 
2010. 

Employee Benefits Security Administration: Enforcement Improvements 
Made but Additional Actions Could Further Enhance Pension Plan 
Oversight. [hyperlink, http://www.gao.gov/products/GAO-07-22]. 
Washington, D.C.: January 18, 2007. 

National Emergency Grants: Labor Has Improved Its Grant Award 
Timeliness and Data Collection, but Further Steps Can Improve Process. 
[hyperlink, http://www.gao.gov/products/GAO-06-870]. Washington, D.C.: 
September 5, 2006. 

Major Management Challenges and Program Risks: Department of Labor. 
[hyperlink, http://www.gao.gov/products/GAO-03-106]. Washington, D.C.: 
January 1, 2003. 

Major Management Challenges and Program Risks: Department of Labor. 
[hyperlink, http://www.gao.gov/products/GAO/OCG-99-11]. Washington, 
D.C.: January 1, 1999. 

Strategic Workforce Planning and Human Capital Management: 

Workforce Planning: Interior, EPA, and the Forest Service Should 
Strengthen Linkages to Their Strategic Plans and Improve Evaluation. 
[hyperlink, http://www.gao.gov/products/GAO-10-413]. Washington, D.C.: 
March 31, 2010. 

Human Capital: Selected Agencies Have Opportunities to Enhance 
Existing Succession Planning and Management Efforts. [hyperlink, 
http://www.gao.gov/products/GAO-05-585]. Washington, D.C.: June 30, 
2005. 

Human Capital: Selected Agencies' Statutory Authorities Could Offer 
Options in Developing a Framework for Governmentwide Reform. 
[hyperlink, http://www.gao.gov/products/GAO-05-398R]. Washington, 
D.C.: April 21, 2005. 

Diversity Management: Expert-Identified Leading Practices and Agency 
Examples. [hyperlink, http://www.gao.gov/products/GAO-05-90]. 
Washington, D.C.: January 14, 2005. 

Human Capital: Principles, Criteria, and Processes for Governmentwide 
Federal Human Capital Reform. [hyperlink, 
http://www.gao.gov/products/GAO-05-69SP]. Washington, D.C.: December 
1, 2004. 

Human Capital: A Guide for Assessing Strategic Training and 
Development Efforts in the Federal Government. [hyperlink, 
http://www.gao.gov/products/GAO-04-546G]. Washington, D.C.: March 1, 
2004. 

Human Capital: Selected Agencies' Experiences and Lessons Learned in 
Designing Training and Development Programs. [hyperlink, 
http://www.gao.gov/products/GAO-04-291]. Washington, D.C.: January 30, 
2004. 

Human Capital: Key Principles for Effective Strategic Workforce 
Planning. [hyperlink, http://www.gao.gov/products/GAO-04-39]. 
Washington, D.C.: December 11, 2003. 

Human Capital: Succession Planning and Management Is Critical Driver 
of Organizational Transformation. [hyperlink, 
http://www.gao.gov/products/GAO-04-127T]. Washington, D.C.: October 1, 
2003. 

Human Capital: A Guide for Assessing Strategic Training and 
Development Efforts in the Federal Government (Exposure Draft). 
[hyperlink, http://www.gao.gov/products/GAO-03-893G]. Washington, 
D.C.: July 1, 2003. 

A Model of Strategic Human Capital Management (Exposure Draft). 
[hyperlink, http://www.gao.gov/products/GAO-02-373SP]. Washington, 
D.C.: March 15, 2002. 

Information Technology Management: 

Information Technology: Federal Agencies Need to Strengthen Investment 
Board Oversight of Poorly Planned and Performing Projects. [hyperlink, 
http://www.gao.gov/products/GAO-09-566]. Washington, D.C.: June 2009. 

Information Technology: HHS Has Several Investment Management 
Capabilities in Place, but Needs to Address Key Weaknesses. 
[hyperlink, http://www.gao.gov/products/GAO-06-11]. Washington, D.C.: 
October 28, 2005. 

Information Technology: DOD's Acquisition Policies and Guidance Need 
to Incorporate Additional Best Practices and Controls. [hyperlink, 
http://www.gao.gov/products/GAO-04-722]. Washington, D.C.: July 2004. 

Information Technology Management: Governmentwide Strategic Planning, 
Performance Measurements, and Investment Management Can Be Further 
Improved. [hyperlink, http://www.gao.gov/products/GAO-04-49]. 
Washington, D.C.: January 12, 2004. 

Information Technology: A Framework for Assessing and Improving 
Enterprise Architecture Management (Version 1.1). [hyperlink, 
http://www.gao.gov/products/GAO-03-584G]. Washington, D.C.: April 1, 
2003. 

Financial Management: 

Financial Management: Persistent Financial Management Systems Issues 
Remain for CFO Act Agencies. [hyperlink, 
http://www.gao.gov/products/GAO-08-1018]. Washington, D.C.: September 
30, 2008. 

Financial Management: Improvements Under Way but Serious Financial 
Systems Problems Persist. [hyperlink, 
http://www.gao.gov/products/GAO-06-970]. Washington, D.C.: September 
26, 2006. 

[End of section] 

Footnotes: 

[1] Pub. L. No. 111-5, 123 Stat. 115. 

[2] GAO, Department of Labor: Strategic Planning and Information 
Management Challenges Facing the Department, [hyperlink, 
http://www.gao.gov/products/GAO/T-HEHS-98-88] (Washington, D.C.: Feb. 
5, 1998). 

[3] GAO, Human Capital: Key Principles for Effective Strategic 
Workforce Planning, [hyperlink, http://www.gao.gov/products/GAO-04-39] 
(Washington, D.C.: Dec. 11, 2003). 

[4] The E-Government Act of 2002 (Pub. L. No. 107-347, 116 Stat. 2899) 
was enacted to promote the use of the Internet and other information 
technologies to improve government services for citizens, internal 
government operations, and opportunities for citizen participation in 
government. 

[5] An enterprise architecture is a blueprint for organizational 
change defined in models that describe (in both business and 
technology terms) how the entity operates today and how it intends to 
operate in the future; it also includes a plan for transitioning to 
this future state. 

[6] The TRB consists of the Deputy CIO, who serves as the chair and 
manager, and technical representation from the department's program 
agencies. 

[7] Pub. L. No. 104-106, 110 Stat. 679. 

[8] GAO, Information Technology Investment Management: A Framework for 
Assessing and Improving Process Maturity, version 1.1, [hyperlink, 
http://www.gao.gov/products/GAO-04-394G] (Washington D.C.: Mar. 1, 
2004). 

[9] According to the Paperwork Reduction Act, each agency shall assume 
responsibility for maximizing the value and assessing and managing the 
risks of major information systems initiatives through a select, 
control, and evaluate process. 

[10] FISMA was enacted as Title III, E-Government Act of 2002, Pub. L. 
No. 107-347, 116 Stat. 2899, 2946. 

[11] NIST, Guide for Applying the Risk Management Framework to Federal 
Information Systems, Special Publication 800-37, revision 1 
(Gaithersburg, Md., February 2010). 

[12] NIST, Recommended Security Controls for Federal Information 
Systems and Organizations, Special Publication 800-53, revision 3 
(Gaithersburg, Md., August 2009). 

[13] Pub. L. No. 101-576, 104 Stat. 2838. 

[14] 31 U.S.C. § 3512(c), (d). 

[15] U.S. Department of Labor, Fiscal Year 2007 Performance and 
Accountability Report (Washington, D.C., Nov. 15, 2007); Fiscal Year 
2008 Performance and Accountability Report (Nov. 17, 2008); and Fiscal 
Year 2009 Performance and Accountability Report (Nov. 16, 2009). 

[16] U.S. Department of Labor, Office of the Chief Financial Officer, 
Fiscal Year 2009 OMB Circular A-123, Appendix A, Assessment of 
Internal Control Over Financial Reporting July 1, 2008 through June 
30, 2009 (Nov. 15, 2009). Appendix A of OMB Circular A-123, 
Management's Responsibility for Internal Control, provides a 
methodology for agency management to assess, document, and report on 
the internal controls over financial reporting. Labor's fiscal year 
2009 A-123, appendix A assessment included an internal control 
assessment and testing for grants management among other significant 
business processes. Labor's fiscal year 2009 OMB Circular A-123 
assessment identified deficiencies over monitoring of ETA's grantees. 

[17] GAO, Employment and Training Program Grants: Evaluating Impact 
and Enhancing Monitoring Would Improve Accountability, GAO-08-486 
(Washington, D.C.: May 7, 2008). U.S. Department of Labor, Office of 
Inspector General-Office of Audit, High Growth Job Training 
Initiative: Decisions for Non-competitive Awards Not Adequately 
Justified, 02-08-201-03-390 (Washington, D.C., Nov. 2, 2007) and 
Selected High Growth Job Training Initiative Grants: Value Not 
Demonstrated, 02-08-204-03-390 (Washington, D.C., Apr. 29, 2008). 

[18] Discretionary competitive grants are awarded through a 
solicitation process. Labor issues two types of discretionary grants: 
limited-competition and competitive grants. Limited-competition grants 
are awards for programs where funds are made available through a 
defined application process to members of a defined eligible applicant 
group, who meet specific requirements and offer a program designed to 
deliver acceptable results. Competitive grants are awards for programs 
where available funds are announced in the Federal Register and 
through a Solicitation for Grant Application. A Technical Review Panel 
is required to be convened for competitive grants to select grantees 
with the best technical approach for meeting the government's 
requirements; or the organization that best provides for the 
requirements specified in the Solicitation for Grant Application. In 
addition to competitive grants, Labor also issues formula grants. 
Formula funded grants are awarded under programs where the 
distribution of funds is prescribed by formula contained in federal 
statute or established by departmental regulation or administrative 
policy. Formula programs are typically funded through an annual 
funding agreement and operate pursuant to an approved annual or multi-
year plan. 

[19] Our review excluded the preaward phase because this phase does 
not involve grantee related activities. 

[20] Federal project officers have overall responsibility for 
monitoring the conduct and progress of grantees, including conducting 
on-site visits. Specifically, they are responsible for collaborating 
with the grantees--both in the planning and implementation of the 
program and in the evaluation of activities--and making 
recommendations regarding program continuance. 

[21] Labor's risk-based approach focuses on the readiness and capacity 
of the grantee to administer the grant, including complying with 
applicable laws and regulations and specific program requirements. 

[22] The Core Monitoring Guide and the Grant Management Desk Reference 
Guide are ETA's basic references of policies and procedures that the 
federal project officer relies on to evaluate the administration of 
grants. 

[23] Single Audits are prepared to meet the requirements of the Single 
Audit Act, as amended, (codified at 31 U.S.C. §§7501-7507) and provide 
a source of information on internal control and compliance findings 
and the underlying causes and risks. The Single Audit Act requires 
states, local governments, and nonprofit organizations expending 
$500,000 or more in federal awards in a year to obtain an audit in 
accordance with the requirements in the Act. A Single Audit consists 
of (1) an audit and opinions on the fair presentation of the financial 
statements and the Schedule of Expenditures of Federal Awards; (2) 
gaining an understanding of and testing internal control over 
financial reporting and the entity's compliance with laws, 
regulations, and contract or grant provisions that have a direct and 
material effect on certain federal programs (that is, the program 
requirements); and (3) an audit and an opinion on compliance with 
applicable program requirements for certain federal programs. 

[24] A clean audit opinion provides independent confirmation that the 
department's financial statements are presented fairly and in 
conformity with generally accepted accounting principles. 

[25] In January 2010, Labor implemented NCFMS, a new financial 
accounting and reporting system, in an effort to modernize its legacy 
accounting and reporting system, called the Department of Labor 
Accounting and Related Systems. NCFMS is intended to enhance Labor's 
ability to provide greater financial efficiency, transparency, and 
accountability. 

[26] A material weakness is a deficiency, or combination of 
deficiencies, in an internal control such that there is a reasonable 
possibility that a material misstatement of the entity's financial 
statements will not be prevented, or detected and corrected, on a 
timely basis. 

[27] GAO, A Model for Strategic Human Capital Management, [hyperlink, 
http://www.gao.gov/products/GAO-02-373SP] (Washington, D.C.: Mar. 15, 
2002). 

[28] [hyperlink, http://www.gao.gov/products/GAO-04-39]. 

[29] U.S. Department of Labor, Sustaining a Model Workforce for the 
21ST Century: Human Capital Strategic Plan 2008-2011 (Washington, 
D.C.). 

[30] In addition to these OASAM-led meetings, the HRC director is a 
participant at the weekly Management Review Board meeting led by 
Labor's Deputy Secretary. During these meetings, HRC officials brief 
the Deputy Secretary on key human capital initiatives, as appropriate, 
and gather his input on strategic human capital management for the 
department. 

[31] These data include information such as hiring and separation 
rates, grade level and occupational distribution, retirement 
eligibility, tenure, diversity, and frequency of use of recruitment 
and retention incentives. 

[32] While HRC maintains departmentwide information, certain program 
agencies manage their own human capital initiatives at the national 
level, in part, due to program agencies' different missions, budgets, 
and workforce needs. Further, in each of the three program agencies 
where we reviewed human capital operations, the national office 
delegated some of the human capital decision-making to the regional 
administrators, such as determining where to distribute staff among 
their respective programs and suboffices. 

[33] [hyperlink, http://www.gao.gov/products/GAO-02-373SP]. 

[34] GAO, Human Capital: Succession Planning and Management Is 
Critical Driver of Organizational Transformation, [hyperlink, 
http://www.gao.gov/products/GAO-04-127T] (Washington, D.C.: Oct. 1, 
2003). 

[35] Mission critical occupations are those which an agency considers 
core to carrying out its mission. Such occupations usually reflect the 
primary work of the organization without which mission-critical work 
cannot be completed. 

[36] This type of analysis is used to identify critical skills and 
competencies currently needed by a federal agency's workforce and 
those that will be needed in the future. By conducting such analyses, 
federal agencies are able to better inform and appropriately focus 
their succession planning efforts. See GAO, Human Capital: Selected 
Agencies Have Opportunities to Enhance Existing Succession Planning 
and Management Efforts, [hyperlink, 
http://www.gao.gov/products/GAO-05-585] (Washington, D.C.: June 30, 
2005). 

[37] HRC assembled a team of 15 subject matter experts from 12 program 
agencies to provide input into this process. 

[38] U.S. Department of Labor, Fiscal Year 2009 Annual Human Capital 
Management Report (Washington, D.C., December 2009). This report is 
required of all federal agencies and must include details such as 
human capital goals and objectives, workforce analysis, performance 
measures and milestones, and human capital accountability systems. See 
5 C.F.R. § 250.203. 

[39] U.S. Department of Labor, Fiscal Year 2009 Annual Human Capital 
Management Report (Washington, D.C., December 2009). 

[40] According to Labor's workforce data, close to 42 percent of the 
department's senior executives were eligible to retire as of January 
10, 2011. 

[41] According to Labor's data, in fiscal year 2010, Labor hired 
approximately 1,700 permanent employees (including new hires and 
conversions), of which more than 1,200 employees had less than 3 years 
of federal experience. 

[42] According to Labor, its accountability review program was 
developed, in part, in response to regulatory requirements. HRC 
evaluates each of the department's human resource offices every 2 
years on a rotating schedule. 

[43] In fiscal year 2010, HRC identified departmentwide problems with 
(1) outdated and inaccurate position descriptions, (2) insufficient 
hiring documentation and personnel actions in their automated system, 
and (3) untimely applicant notifications. HRC uses these summary 
findings to inform discussion topics for its monthly manager meetings 
and issues advisories to all Labor agencies to correct or clarify 
their policies. 

[44] HRC expanded the survey instrument to include reviews of each 
program agencies' recruiting and hiring initiatives, performance 
management, knowledge management, and personnel security. 

[45] In fiscal year 2010, Labor conducted six reviews, and has 
scheduled seven for fiscal year 2011. 

[46] [hyperlink, http://www.gao.gov/products/GAO-04-394G]. This 
framework emphasizes the importance of management controls, including 
the need for business unit representation. As described in the 
framework, an IT governance structure should be comprised of senior 
executives representing the heads of business units and supporting 
units, such as financial management. The purpose is to ensure buy-in 
from senior executives and users representing various departments. 

[47] The Clinger-Cohen Act requires agencies to establish performance 
measures to identify how IT contributes to program productivity; OMB 
circular A-130 requires agencies to conduct post-implementation 
reviews to assess the project's impact on mission performance and 
document lessons learned. 

[48] Labor's investment review board is known as their technical 
review board. 

[49] GAO, Information Technology: Federal Agencies Need to Strengthen 
Investment Board Oversight of Poorly Planned and Performing Projects, 
[hyperlink, http://www.gao.gov/products/GAO-09-566] (Washington, D.C.: 
June 30, 2009). 

[50] GAO, Information Technology: HHS Has Several Investment 
Management Capabilities in Place, but Needs to Address Key Weaknesses, 
[hyperlink, http://www.gao.gov/products/GAO-06-11] (Washington, D.C.: 
Oct. 28, 2005). 

[51] The TRB members represent information technology management from 
the program agencies. The TRB members have support from five 
subcommittees, which are responsible for major IT issues, such as 
security capital planning and enterprise architecture functions. See 
figure 1 for a detailed description of Labor's IT governance structure. 

[52] The Clinger-Cohen Act requires agencies to establish a variety of 
performance measures, such as those related to how IT contributes to 
program productivity, efficiency, and effectiveness, and to monitor 
the actual-versus-expected performance of those measures. Further, to 
be effective, as part of the federal enterprise architecture, agencies 
should include a performance reference model in order to provide a 
means for using an agency's enterprise architecture to measure the 
success of IT investments and their impact on strategic outcomes. 

[53] Executive Office of the President of the United States, Federal 
Enterprise Architecture: Consolidated Reference Model Document, 
version 2.3 (October 2007). 

[54] U.S. Department of Labor Enterprise Architecture Program 
Management Office, DEAMS Requirements and Guidance Reference Manual, 
version 2.5 (January 2010). 

[55] The four systems that did not comprehensively adhere to Labor 
guidance on performance measures were OSHA's information system, WHD's 
Wage and Hour Investigative Support and Reporting Database, ETA's 
grants management system (eGrants), and OCFO's NCFMS. 

[56] This type of measurement could have included determining if 
consistent data inputs provided accurate names and addresses of the 
worksites assessed for violations. For example, if there was an 
explosion at one business site the metric would assess the system 
accuracy in identifying other site locations and associated 
inspections. Another metric would be to identify if the name of the 
worksite was consistent across all inspections. 

[57] An example of a performance measure that will support mission 
needs and business results that OSHA intends to track with the new 
system includes capturing information on fatalities and gathering data 
on fatalities to non-English-speaking individuals. 

[58] The new system, OSHA Information System, is intended to replace 
part of the existing legacy systems that have obsolete technology and 
to provide support for the agency's mission needs. According to OSHA 
officials, Labor is scheduled to begin field deployment during the 3rd 
quarter of fiscal year 2011. Initially, the new Web-based system will 
include enforcement, consultation, health sampling, and establishment 
processing modules. 

[59] The five categories for the customer results measurement area 
are: (1) customer benefit, (2) service coverage, (3) timeliness and 
responsiveness, (4) service quality, and (5) service availability. 

[60] The six categories for the technology measurement areas are: (1) 
technology costs, (2) quality assurance, (3) efficiency, (4) 
information and data, (5) reliability and availability, and (6) 
effectiveness. An IT initiative, according to OMB, can include 
applications, infrastructure, or services provided in support of a 
process or program. 

[61] According to the Paperwork Reduction Act, with respect to federal 
information technology, each agency shall assume responsibility for 
maximizing the value and assessing and managing the risks of major 
information systems initiatives through a process that is used to 
select, control, and evaluate the results of major information systems 
initiatives. 

[62] GAO, Assessing Risks and Returns: A Guide for Evaluating Federal 
Agencies' IT Investment Decision-making, [hyperlink, 
http://www.gao.gov/products/GAO/AIMD-10.1.13] (Washington, D.C.: Feb. 
3, 1997). This guidance states that the starting point for the 
selection phase is the screening process and that assurances should be 
provided that all necessary project proposal and justification steps 
have been performed. Also, the costs, benefits, and risks of all IT 
projects--such as proposed, under development, and operational--are 
then assessed. Finally, a senior management decision-making body 
should make decisions about which projects to select for funding based 
on mission needs and organizational priorities. The systems and 
projects that are selected for funding make up the portfolio of IT 
investments. 

[63] NCFMS is critical for the effective operation of the department 
and is the financial system that supports all Labor agencies and 
offices. NCFMS is intended to process and report financial 
transactions and support administrative functions, such as travel and 
vendor invoices, as well as interface with other major departmental 
systems, such as Labor's grants management system. 

[64] The Information Technology Investment Management framework states 
that the starting point for the selection phase is the screening 
process, and that assurances should be provided that all necessary 
project proposal and justification steps have been performed. This 
includes checking to ensure that stakeholders were involved. Also, the 
costs, benefits, and risks of all IT projects--such as proposed, under 
development, and operational--are then assessed. Finally, a senior 
management decision-making body should make decisions about which 
projects to select for funding based on mission needs and 
organizational priorities. The systems and projects that are selected 
for funding make up the portfolio of IT investments. 

[65] GAO, Information Technology: DOD's Acquisition Policies and 
Guidance Need to Incorporate Additional Best Practices and Controls, 
[hyperlink, http://www.gao.gov/products/GAO-04-722] (Washington, D.C.: 
July 30, 2004). 

[66] We found that systems problems reported by Labor in part related 
to improperly testing system user requirements to determine if FSIO 
requirements had been effectively implemented. For example, Labor 
reported that it was unable to properly perform the Treasury 
confirmation process on some payments, even though FSIO has 
requirements for performing this function. 

[67] According to the Institute of Electrical and Electronics 
Engineers, the key components of ensuring that systems will perform as 
intended include, but are not limited to, (1) preparing selected test 
requirements, test cases, and test specifications for analyzing test 
results; (2) testing the software product as appropriate in selected 
areas of the target environment; and (3) testing that representative 
users can successfully achieve their intended tasks using the software 
product. 

[68] User acceptance testing involves evaluating system 
interoperability, all documentation, system reliability, and the level 
to which the system meets user requirements. 

[69] As defined by Labor, the "procure to pay" process is the process 
used to obtain and pay for goods. The process begins with the receipt 
of the invoice from a vendor. The Labor Finance Center records the 
invoice information in the system based on the invoice received. Once 
data are entered, the invoice is routed for the necessary approvals 
and certified by the authorized certifying officer. Once certified, 
payment schedules are created and sent to Treasury for payment. 

[70] To understand the testing conducted for NCFMS, we reviewed 2 
(procure to pay and trust fund) of the 23 test scripts to assess the 
adequacy of testing Labor's financial management requirements. The 
procure to pay test scripts were intended to provide the essential 
standardized set of financial management activities and the trust fund 
scripts were intended to, among other actions, test the processing of 
billions in unemployment dollars annually. After reviewing the two 
test scripts, we interviewed Labor officials on 26 of the 159 procure 
to pay test steps. Of the 26 test steps, 17 did not have sufficient 
documentation to show they were tested adequately. The department did 
not comprehensively document the expected test results, actual 
results, identified errors, or any corrections, if performed. As we 
have previously reported in our testing guide, test results should be 
fully documented so that the information can be used to (1) validate 
that test criteria have been met and (2) assist in assessing and 
correcting defects. GAO, Year 2000 Computing Crisis: A Testing Guide, 
[hyperlink, http://www.gao.gov/products/GAO/AIMD-10.1.21] (Washington, 
D.C.: Nov. 1, 1998). 

[71] A test script is a list of sequential actions that testers follow 
when executing a test. If a test requires that special setup 
activities be performed, these actions are identified in the test 
script. 

[72] GAO, Business Modernization: Improvements Needed in Management of 
NASA's Integrated Financial Management Program, [hyperlink, 
http://www.gao.gov/products/GAO-03-507] (Washington, D.C.: Apr. 30, 
2003). 

[73] Boundary condition testing is the boundary or limit conditions of 
the software being tested. 

[74] Instead of testing quantities just below and above the 
established limit of 100, such as 99 and 101; Labor tested the 
quantities of 40, 50, 100, and 110, potentially not identifying system 
errors. 

[75] For example, one of the tests required that certain accounting 
entries be posted to the general ledger; however, Labor did not have 
documentation available to show that the general ledger was posted. 

[76] Financial Systems Integration Office, Financial Management 
Systems Standard Business Process for U.S. Government Agencies, 
Standard Business Processes (September 2009). 

[77] U.S. Department of Labor, Office of Inspector General-Office of 
Audit, Department of Labor (DOL) New Core Financial Management System 
(NCFMS) Pre-Implementation Performance Audit Report, 22-10-014-13-001 
(Jan. 13, 2010). Also, end-to-end testing refers to user-level testing 
that verifies that the integrated component works correctly as part of 
the overall system, and that the existing components of the system 
work as before. 

[78] According to the OIG, integration testing includes the real-time 
interfaces that connect with NCFMS. The purpose of real-time interface 
testing is to evaluate and verify the exchange of data, transmission 
and control, and processing times. 

[79] According to the OIG, without testing the completeness and 
accuracy of data being transferred between the batch interfaces and 
NCFMS, errors may occur that limit the system's ability to process 
financial data properly and meet Labor's financial reporting 
requirements. 

[80] A disclaimer of opinion is an auditor's statement disclaiming any 
opinion regarding an entity's financial condition due to an inability 
to gather certain relevant facts. 

[81] U.S. Department of Labor, Office of the Chief Information 
Officer, System Development Life Cycle Management (SDLCM) Manual, 
version 2.2 (Washington, D.C., November 2006). 

[82] U.S. Department of Commerce, National Institute of Standards and 
Technology, Recommended Security Controls for Federal Information 
Systems and Organizations, Special Publication 800-53 revision 3 
(Gaithersburg, Md., August 2009). 

[83] Office of Management and Budget, FY 2010 Reporting Instructions 
for the Federal Information Security Management Act and Agency Privacy 
Management (Washington, D.C., Apr. 21, 2010). 

[84] Patricia Toth, Computer Security Division, Information Technology 
Laboratory, NIST Next Generation Risk Management: Information Security 
Transformation for the Federal Government (May 11, 2010); Dr. Ron 
Ross, Computer Security Division, Information Technology Laboratory, 
NIST, State of Transformation: Next Generation Risk Management for the 
Federal Government, (Mar. 24, 2010). 

[85] Under FISMA, agencies perform an annual independent evaluation of 
their information security program and practices, and report 
assessments of risk of their IT systems, using determinations of high, 
moderate, and low risk, as described in NIST FIPS pub. 199. 

[86] GAO, High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-11-278] (Washington, D.C.: Feb.16, 
2011). 

[87] U.S. Department of Labor, Office of Inspector General, FY 2010 
Independent Auditors' Report, 22-11-002-13-001 (Nov. 15, 2010) and 
Semiannual Report To Congress, Volume 64 (October 2010). 

[88] U.S. Department of Labor, Fiscal Year 2009 Performance and 
Accountability Report (Nov. 16, 2009). 

[89] With the enactment of the Recovery Act, Congress increased 
Labor's grant funding by an additional $45 billion, of which $4.8 
billion was budgeted through 2009 for discretionary funds. 

[90] The purpose of our testing was not to determine the extent to 
which there were deficiencies in the documentation systems of ETA's 
discretionary grants process, but rather to illustrate the possible 
effect of identified control design flaws. For this purpose, we 
selected a nongeneralizable sample of 30 (15 active and 15 closed) 
discretionary grants. For additional information about our sample 
methodology, see appendix I. 

[91] ETA, Employment and Training Order No. 1-08--Grant Management 
Policies and Responsibilities within the Employment and Training 
Administration (June 18, 2008), and Grant Management Desk Reference 
(February 2009). 

[92] As part of this procedure, the Office of Special Programs and 
Emergency Preparedness is required to conduct a preaward clearance 
that includes a review of documents obtained from official grant 
files, reflecting financial accountability, incident reports, 
investigations, audit resolutions, and outstanding debt. The preaward 
clearance also includes consultation with Labor's OIG to identify 
debarment issues and audit findings that could affect the award 
process. 

[93] Our nongeneralizable sample included 10 competitive grants where 
this documentation would have been required. 

[94] GAO, Internal Control: Standards for Internal Control in the 
Federal Government, [hyperlink, 
http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: 
November 1999). 

[95] In 2008, GEMS was designated as ETA's primary electronic grant 
monitoring system. It is intended to be the repository for grant 
documentation related to risk assessment, monitoring, on-site visits, 
quarterly desk reviews, technical assistance, and any other monitoring 
documentation created in the period of performance. 

[96] To understand the possible effect of identified control design 
flaws, we selected a nongeneralizable sample of 30 (15 active and 15 
closed) discretionary grants. For additional information about our 
sample, see appendix I. Of the 30 selected grant files, we found 2 
that were closed in fiscal year 2009 but did not include monitoring 
activities in GEMS. According to ETA officials, one of the grant files 
selected was awarded prior to 2006 and therefore, was not managed in 
GEMS. For the other grant, ETA officials stated that the information 
was incorrectly filed under another project number and they have now 
corrected this error. 

[97] For the majority of the seven grants, the quarterly risk 
assessments changed from medium-risk to low-risk but no explanations 
were provided to justify such changes. 

[98] According to ETA officials, GEMS was upgraded to include a 
notification box that prompts the FPOs to provide an explanation when 
they overrode an initial and quarterly risk assessment. For initial 
risk assessment, the upgrade went into affect for all grants that were 
active as of April 2010. The upgrade for quarterly risk assessment 
applied to all desk reviews for the period ending March 31, 2010, and 
forward. If properly implemented, these changes should address the 
design deficiency noted in our sampled grants, which were issued prior 
to the GEMS upgrade. 

[99] ETA's Single Audit resolution process, which is primarily 
conducted at ETA headquarters, includes reviewing a grantee's audit 
report and corrective action plans to determine whether the corrective 
action plans address the findings, contacting a grantee for follow-up 
questions, and issuing a final determination letter after OIG's 
approval. The final determination (also called a management decision) 
is the process through which the grant officer determines if 
appropriate actions required to correct audit deficiencies have been 
met. Once the grant officer approves the actions to correct the audit 
deficiencies, a final determination letter is issued, which is 
approved by Labor's OIG. 

[100] [hyperlink, http://www.gao.gov/products/GAO-04-39], [hyperlink, 
http://www.gao.gov/products/GAO-05-585], and [hyperlink, 
http://www.gao.gov/products/GAO-02-373SP]. OPM, Human Capital 
Standards for Success: Human Capital Assessment and Accountability 
Framework. 

[101] GAO, OPM's Central Personnel Data File: Data Appear Sufficiently 
Reliable to Meet Most Customer Needs, [hyperlink, 
http://www.gao.gov/products/GAO/GGD-98-199] (Washington, D.C.: Sept. 
30, 1998) and Human Capital: Diversity in the Federal SES and Senior 
Levels of the U.S. Postal Service and Processes for Selecting New 
Executives, [hyperlink, http://www.gao.gov/products/GAO-08-609T] 
(Washington, D.C.: Apr. 3, 2008.) 

[102] A mass transfer is when a unit or function along with its 
employees of an agency is transferred to a different agency. A 
voluntary transfer is when an individual employee accepts a position 
in a different agency. 

[103] The Clinger-Cohen Act of 1996, Pub. L. No. 104-106, 110 Stat. 
186 (1996). U.S. Department of Commerce, National Institute of 
Standards and Technology, Recommended Security Controls for Federal 
Information Systems and Organizations, Special Publication 800-53 
revision 3 (Gaithersburg, MD, August 2009); Office of Management and 
Budget, FY 2010 Reporting Instructions for the Federal Information 
Security Management Act and Agency Privacy Management (Washington, 
D.C.: Apr. 21, 2010); and the Federal Information Security Management 
Act of 2002, enacted as Title III, E-Government Act of 2002, Pub. L. 
No. 107-347, 116 Stat. 2899, 2946. 

[104] Executive Office of the President of the United States, Federal 
Enterprise Architecture: Consolidated Reference Model Document, 
version 2.3 (Washington, D.C., October 2007) and U.S. General Services 
Administration, Financial Systems Integration Office, Financial 
Management Systems Standard Business Process for U.S. Government 
Agencies, Standard Business Processes (Washington, D.C., September 
2009). 

[105] [hyperlink, http://www.gao.gov/products/GAO-04-394G]; 
Information Technology Management: Governmentwide Strategic Planning, 
Performance Measurements, and Investment Management Can Be Further 
Improved, [hyperlink, http://www.gao.gov/products/GAO-04-49] 
(Washington, D.C.: Jan. 12, 2004); [hyperlink, 
http://www.gao.gov/products/GAO-03-584G]; [hyperlink, 
http://www.gao.gov/products/GAO/AIMD-98-89]; and [hyperlink, 
http://www.gao.gov/products/GAO/AIMD-10.1.13]. 

[106] Our review did not include the preaward phase because it does 
not involve grantee related activities. 

[107] The E-grants system included 1,357 discretionary grants that 
were active as of September 30, 2009, and 374 discretionary grants 
that were closed during fiscal year 2009. 

[108] In November 2009, ESA was reorganized into four stand-alone 
program agencies that report directly to the Secretary of Labor--the 
Wage and Hour Division, Office of Federal Contracts Compliance 
Programs, Office of Workers' Compensation Programs, and Office of 
Labor Management Standards. CPDF data presented in this report uses 
data from ESA overall, prior to this reorganization. 

[109] We calculated attrition by dividing the total number of 
separations for each fiscal year by the average of the number of these 
employees in the CPDF as of the last pay period of the fiscal year 
before the fiscal year of the separations and the number of these 
employees in the CPDF as of the last pay period of the fiscal year of 
separation. 

[110] Throughout this appendix, references to mission critical 
occupations include those that Labor considered mission critical as of 
fiscal year 2008. 

[111] We identified all Labor hires for fiscal years 2005-2009 by 
using personnel action codes in CPDF for accessions to career or 
career conditional positions within each of these years. Accessions 
include new hires to the agency and hires of individuals returning to 
the government. 

[112] Hiring data for each fiscal year may not reflect employees who 
were hired and did not stay through the end of the fiscal year. 

[113] We refer to "ordinary" federal hires as those hired through the 
competitive process. We refer to "special hire" as those employees 
hired under certain flexible hiring authorities. OPM has established 
many flexible hiring authorities for critical occupations, hard-to-
fill occupations, populations of applicants targeted by law or 
executive order, occupations for which examining and ranking are not 
feasible, and selected other situations. Special hires include, for 
example, those hired through the Presidential Management Fellowship 
Program and the Veterans Recruitment Appointment. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: