Subscribe: GAO Reports
http://www.gao.gov/rss/reports.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
agencies  data  department  dhs  federal  found  gao found  gao  high risk  high  information  management  risk  security 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: GAO Reports

GAO Reports



Reports News from the GAO



Last Build Date: Thu, 23 Feb 2017 06:48:48 -0500

 



GAO-17-161, Grants Management: EPA Has Taken Steps to Improve Competition for Discretionary Grants but Could Make Information More Readily Available, January 23, 2017

Wed, 22 Feb 2017 12:00:00 -0500

What GAO Found The Environmental Protection Agency (EPA) manages competition for its discretionary grants through a process established by its competition policy and implemented by its program and regional offices. Under the policy, offices are to advertise discretionary grant opportunities on Grants.gov—a website for federal grant announcements—and may also advertise using other methods, such as trade journals and e-mail lists. The announcements must describe eligibility and evaluation criteria, and the process may be customized to assess (1) all applications against eligibility criteria and (2) eligible applications for merit against evaluation criteria. Under the policy, EPA established a Grants Competition Advocate, a senior official who provides guidance to and oversight of the offices. EPA officials said this position has been key to improving competition for discretionary grants. From fiscal years 2013 through 2015, EPA provided nearly $1.5 billion in discretionary grants to about 2,000 unique grantees, with state governments, nonprofits, and Indian tribes receiving the largest shares, according to GAO's analysis of EPA data. Of the $1.5 billion, $579 million was for new grants subject to the competition policy, and according to EPA, the agency met its performance target to competitively award at least 90 percent of these new grant dollars or awards annually. Some discretionary grants are not subject to the competition policy for several reasons—for example because they are available by law only to Indian tribes. Of the remaining approximately $920 million, $282 million was for new grants not subject to the competition policy, and about $632 million was for amendments to existing grants, such as for added work. Publicly available information from EPA about its discretionary grants is neither easy to identify nor complete. For example, different information about the grants, such as dollar amounts, is available at four federal websites; but three of these websites do not have a way to search all the grants, and the fourth cannot identify the grants because EPA does not flag them in its submissions to the website. EPA officials plan to better flag these grants in the future; however, to obtain complete information, users would still have to search several websites containing different parts of this information. Also, GAO found that the unofficial reports EPA makes publicly available on the number of applications received for its grant competitions contain limited information. Moreover, these reports are not current because EPA relies on manual processes to collect the information from its offices, which can cause reporting delays. Further, GAO found that although EPA's internal grants management system has a field for tracking grant types, a lack of clarity in EPA's guidance may contribute to EPA staff's inconsistent use of this field. Consequently, EPA cannot easily identify discretionary grants in its system or collect complete and accurate information on them. EPA is transitioning to a new system that is expected to be operational in 2018 and to provide the capability to collect more timely and complete information. However, EPA officials said they do not have plans to use the new system to improve their publicly available reports, which is inconsistent with effective internal and external communication suggested by federal internal control standards. More complete information could help Congress and other decision makers better monitor EPA's management of discretionary grants. Why GAO Did This Study EPA annually awards hundreds of discretionary grants, totaling about $500 million. EPA has the discretion to determine grantees and amounts for these grants, which fund a range of activities, from environmental research to wetlands restoration. EPA awards and manages discretionary grants at 10 headquarters program offices and 10 regional offices. Past reviews by GAO and EPA's Inspector General found that EPA has faced challenges managing such grants, including procuring insufficient competition for [...]



GAO-17-412T, Union Activities: VA Should Improve the Way It Tracks the Amount of Official Time Used by Its Employees, February 16, 2017

Thu, 16 Feb 2017 12:00:00 -0500

What GAO Found The Department of Veterans Affairs (VA) cannot accurately track the amount of work time employees spend on union representational activities, referred to as official time, agency-wide because it does not have a standardized way for its facilities to record and calculate official time. Specifically: Recording official time—VA uses two separate time and attendance systems that capture official time differently. VA’s new system (VA Time and Attendance System, or VATAS), which VA began rolling out at some facilities in 2013, has specific codes to record official time, but the older system does not. The inconsistent recording of official time raises questions about VA’s ability to monitor its use, but VATAS could help to standardize this process. In rolling out the new system, which VA expects to complete agency-wide in 2018, VA has provided inconsistent training and guidance on how to use the codes in VATAS. While VA has taken steps to provide better training and guidance on recording official time, GAO recently found that timekeepers at two of three selected facilities where VATAS has been rolled out were still not using the codes. Without consistent guidance and training, personnel may not know how to properly record official time in the new system.  Calculating official time—VA provides its facilities with a range of options for calculating the amount of official time used. VA annually collects and compiles these data agency-wide using the Labor-Management Relations (LMR) Official Time Tracking System—separate and distinct from VA’s time and attendance systems. In calculating official time, facilities may use records, estimates, or other methods, which results in inconsistent data. VA officials told GAO that all facilities will eventually be able to rely on VATAS time and attendance records to calculate official time when submitting data in the LMR system. The full implementation of VATAS will provide VA with an alternative to using the LMR system to collect and compile more reliable official time data. Without reliable data, VA cannot monitor the use of official time agency-wide or share reliable data with the Office of Personnel Management (OPM), which reports on the government-wide use of official time. At all five selected VA facilities, designated space for representational activities comprised less than 1 percent of the overall square footage at each location, according to GAO’s analysis. VA does not collect or track data from individual facilities on the amount of space designated for representational activities. Union officials at three of the five facilities GAO visited said that limited space for representational activities made it difficult to provide privacy for employees. A VA official said that certain VA facilities may have space constraints depending on where they are located and the number of veterans served, for example.  At most selected VA facilities, VA managers and union officials GAO interviewed cited similar benefits of employees using official time, such as improving decision-making and resolving problems. However, they had differing views on challenges associated with employees’ use of official time, such as when and how much official time may be used. Why GAO Did This Study In fiscal year 2012, there were over 250,000 bargaining unit employees at VA, and these employees spent about 1.1 million hours performing union representational activities on official time, according to an OPM report. The ways in which VA manages its human resources, including the use of official time, have received increased scrutiny in recent years. GAO was asked to review the amount of official time used by VA employees as well as the amount of space designated for representational activities.  This report examines (1) the extent to which VA tracks official time, (2) what is known about the amount of designated space used for union representational activities at selected VA facilities, and (3) the views of VA managers an[...]



GAO-17-331, Southwest Border Security: Additional Actions Needed to Better Assess Fencing's Contributions to Operations and Provide Guidance for Identifying Capability Gaps, February 16, 2017

Thu, 16 Feb 2017 12:00:00 -0500

What GAO Found Border fencing is intended to benefit border security operations in various ways, according to officials from the U.S. Border Patrol (Border Patrol), which is within the Department of Homeland Security's (DHS) U.S. Customs and Border Protection (CBP). For example, according to officials, border fencing supports Border Patrol agents' ability to execute essential tasks, such as identifying illicit-cross border activities. CBP collects data that could help provide insight into how border fencing contributes to border security operations, including the location of illegal entries. However, CBP has not developed metrics that systematically use these, among other data it collects, to assess the contributions of border fencing to its mission. For example, CBP could potentially use these data to determine the extent to which border fencing diverts illegal entrants into more rural and remote environments, and border fencing's impact, if any, on apprehension rates over time. Developing metrics to assess the contributions of fencing to border security operations could better position CBP to make resource allocation decisions with the best information available to inform competing mission priorities and investments. Pedestrian Fencing in San Diego, California, April 2016 CBP is taking a number of steps to sustain tactical infrastructure (TI) along the southwest border; however, it continues to face certain challenges in maintaining this infrastructure, such as addressing maintenance of roads owned or operated by other public and private entities. In 2014, according to Border Patrol officials, Border Patrol began implementing the Requirements Management Process that is designed to facilitate planning for funding and deploying TI and other requirements. Border Patrol headquarters and sector officials told GAO that Border Patrol lacks adequate guidance for identifying, funding, and deploying TI needs as part of this process. In addition, officials reported experiencing some confusion about their roles and responsibilities in this process. Developing guidance on this process would be consistent with federal internal control standards and would provide more reasonable assurance that the process is consistently followed across Border Patrol. This is a public version of a For Official Use Only—Law Enforcement Sensitive report that GAO issued in December 2016. Information DHS deemed For Official Use Only—Law Enforcement Sensitive has been redacted. Why GAO Did This Study In fiscal years 2013 through 2015, Border Patrol recorded a total of 2.1 million estimated known illegal entries between ports of entry along the southwest border. In an effort to secure the border between ports of entry, CBP spent approximately $2.4 billion between fiscal years 2007 and 2015 to deploy TI — fencing, gates, roads, bridges, lighting, and drainage infrastructure—along the nearly 2,000 mile southwest border. GAO was asked to review the use of border fencing along the southwest border. In this report, GAO examines (1) border fencing's intended contributions to border security operations and the extent to which CBP has assessed these contributions and (2) the extent that CBP has processes in place to ensure sustainment and deployment of TI along the southwest border and challenges in doing so. GAO reviewed CBP documentation and data and interviewed officials in headquarters and three southwest border locations. These locations were selected based on CBP's extensive investments in TI in such areas. What GAO Recommends GAO recommends that Border Patrol develop metrics to assess the contributions of pedestrian and vehicle fencing to border security along the southwest border and develop guidance for its process for identifying, funding, and deploying TI assets for border security operations. DHS concurred with the recommendations. For more information, contact Rebecca Gambler at (202) 512-8777 or gamblerr@gao.gov.



GAO-17-159, Single Audits: Improvements Needed in Selected Agencies' Oversight of Federal Awards, February 16, 2017

Thu, 16 Feb 2017 12:00:00 -0500

What GAO Found Federal agencies have oversight responsibilities for the funds that they award to nonfederal entities and can assign these responsibilities to their subagencies (i.e., operating units or divisions). Nonfederal entities are required to undergo a single audit if their expenditures of federal awards in a fiscal year exceed a certain threshold. A single audit is an audit of the award recipient's expenditure of federal awards and of its financial statements and can identify deficiencies in the award recipient's compliance with the provisions of laws, regulations, contracts, or grant agreements and in its financial management and internal control systems. Correcting such deficiencies can help reasonably assure the effective use of federal funds and reduce federal improper payments. Of the five agencies in GAO's study—the Departments of Agriculture, Education, Health and Human Services (HHS), Housing and Urban Development (HUD), and Transportation—some of the agencies' subagencies that GAO reviewed did not effectively design policies and procedures to reasonably assure the timely submission of single audit reports by award recipients. The Office of Management and Budget's (OMB) guidance requires that federal awarding agencies ensure that award recipients submit single audit reports within certain time frames. This can help assure that single audit findings are timely corrected. Most of the selected subagencies in GAO's review did not effectively design policies and procedures to reasonably assure that they issued timely management decisions containing the information required by OMB guidance. This guidance requires agencies to evaluate each award recipient's audit findings and corrective action plans and issue a management decision within 6 months of receipt of the single audit report as to the actions award recipients must take to correct each single audit finding. Such decisions may add clarity about the agency's position on the single audit finding and the corrective action. Assessment of Selected Subagencies' Policies and Procedures for Single Audit Oversight Only the two selected subagencies in Education had policies and procedures for using risk-based approaches to manage high-risk and recurring single audit findings. High-risk single audit findings may be seriously detrimental to federal programs and could result in improper payments. Recurring single audit findings have persisted for more than one audit period and may need more attention or resources to correct. With over 30,000 single audit reports submitted for fiscal year 2015 and constraints in resources for conducting federal oversight, managing single audit findings using a risk-based approach can assist in identifying and prioritizing problem areas. Why GAO Did This Study In fiscal year 2015, federal agencies outlaid over $600 billion in federal awards to state and local governments, according to OMB. The Single Audit Act of 1984, as amended, requires that federal agencies oversee their awards to nonfederal entities. OMB Circular No. A-133 provided guidance for implementing the act during GAO's audit. GAO was asked to examine federal agency oversight of single audits. This report examines whether selected agencies effectively designed policies and procedures to reasonably assure that (1) recipients submit timely single audit reports and (2) award recipients take action on single audit findings by issuing timely management decisions. GAO also examined whether selected agencies had policies and procedures for managing high-risk and recurring audit findings. GAO selected the five agencies with the largest dollar amounts of reported outlays for grants to state and local governments in fiscal year 2013. For each agency, GAO reviewed its two subagencies accounting for over 80 percent of outlays, reviewed written policies and procedures, and interviewed the respective officials. What GAO Recommends GAO is making 21 recommendations. One Agricultur[...]



GAO-17-137, NASA Commercial Crew Program: Schedule Pressure Increases as Contractors Delay Key Events, February 16, 2017

Thu, 16 Feb 2017 12:00:00 -0500

What GAO Found Both of the Commercial Crew Program's contractors have made progress developing their crew transportation systems, but both also have aggressive development schedules that are increasingly under pressure. The two contractors—Boeing and Space Exploration Technologies, Corp. (SpaceX)—are developing transportation systems that must meet the National Aeronautics and Space Administration's (NASA) standards for human spaceflight—a process called certification. Both Boeing and SpaceX have determined that they will not be able to meet their original 2017 certification dates and both expect certification to be delayed until 2018, as shown in the figure below. The schedule pressures are amplified by NASA's need to provide a viable crew transportation option to the International Space Station (ISS) before its current contract with Russia's space agency runs out in 2019. If NASA needs to purchase additional seats from Russia, the contracting process typically takes 3 years. Without a viable contingency option for ensuring uninterrupted access to the ISS in the event of further Commercial Crew delays, NASA risks not being able to maximize the return on its multibillion dollar investment in the space station. Commercial Crew Program: SpaceX and Boeing's Certification Delays Both contractors are also dealing with a variety of risks that could further delay certification, including program concerns about the adequacy of information on certain key systems to support certification. Another top program risk is the ability of NASA and its contractors to meet crew safety requirements. The Commercial Crew Program is using mechanisms laid out in its contracts to gain a high level of visibility into the contractors' crew transportation systems. The program is using a different model than every other spacecraft NASA has built for humans. For example, NASA personnel are less involved in the testing, launching, and operation of the crew transportation system. The program has developed productive working relationships with both contractors, but the level of visibility that the program has required thus far has also taken more time than the program or contractors anticipated. Ultimately, the program has the responsibility for ensuring the safety of U.S. astronauts and its contracts give it deference to determine the level of visibility required to do so. Moving forward though, the program office could face difficult choices about how to maintain the level of visibility it feels it needs without adding to the program's schedule pressures. Why GAO Did This Study Since the Space Shuttle was retired in 2011, the United States has been relying on Russia to transport astronauts to and from the ISS. The purpose of NASA's Commercial Crew Program is to facilitate the development of a domestic transport capability. In 2014, NASA awarded two firm-fixed-price contracts to Boeing and SpaceX with a combined total value up to $6.8 billion for the development of crew transportation systems that meet NASA requirements and initial missions to the ISS. The contractors were originally required to provide NASA all the evidence it needed to certify that their systems met its requirements by 2017. A house report accompanying H.R. 2578 included a provision for GAO to review the progress of NASA's human exploration programs. This report examines the Commercial Crew Program including (1) the extent to which the contractors have made progress towards certification, (2) the risks facing the program, and (3) the extent to which the program has visibility into the contractors' efforts. To do this work, GAO analyzed contracts, schedules, and other documentation; and spoke with officials from NASA, the Commercial Crew Program, Boeing, SpaceX, and independent review bodies. What GAO Recommends Given the delays in the Commercial Crew Program, GAO recommends that NASA develop and report to Congress on its contingency plans for maint[...]



GAO-17-215, Federal Courthouses: Actions Needed to Enhance Capital Security Program and Improve Collaboration, February 16, 2017

Thu, 16 Feb 2017 12:00:00 -0500

What GAO Found Three federal agencies—the Administrative Office of the U.S. Courts (AOUSC), the U.S. Marshals Service (Marshals Service), and the Federal Protective Service (FPS)—collect information about security concerns at federal courthouses related to the agencies' respective missions. However, only AOUSC develops information that can be used to understand security concerns across the courthouse portfolio. In contrast, the Marshals Service and FPS collect information on security concerns on a building-by-building basis in varied ways, but the manner in which the information is collected prevents it from being used to understand portfolio-wide security concerns. This is inconsistent with GAO's risk management framework. Both agencies are taking steps to improve their information, but it is not clear whether these improvements will provide the portfolio-wide information stakeholders need to make risk-informed decisions. The General Services Administration (GSA) has initiated 11 projects at 10 courthouse locations nationwide, as part of its Judiciary Capital Security Program (CSP); two projects have been completed. Local officials said that these projects have already improved or will improve security at the selected courthouses once completed. CSP improvements have been aimed at separating the paths of judges, prisoners, and the public, so that trial participants only meet in the courtroom. Transparency and collaboration issues have emerged among federal stakeholders as the program has been implemented. For example, not all key stakeholders GAO spoke to were clear on the eligibility of specific locations for CSP projects and varied in their views about how collaborative the process to select CSP projects has been. Although stakeholders have taken some steps to improve CSP transparency and collaboration as the program has evolved, some issues remain. Taking additional steps to improve documentation of decision-making and sharing this document with stakeholders could further enhance transparency and collaboration and better assure that all of the agencies and policy makers have the same understanding of how the program is supposed to work, that it is addressing the most urgent courthouse security needs, and that the expertise of all stakeholders is being used to ensure program efficiency. GAO found that agencies could take additional actions to enhance security at federal courthouses by addressing a related GAO open recommendation, and establishing a formal mechanism such as a working group or forum to enhance coordination and information sharing. Specifically, in 2011, GAO recommended that the agencies update a 1997 memorandum of agreement to clarify their roles and responsibilities. This action has not been done although FPS has taken some steps to start the process. In addition, GAO found that GSA, AOUSC, the Marshals Service, and FPS had not routinely met to address courthouse security issues at a national level where decision-making authority exists. This lack of a formal meeting mechanism inhibits their ability to communicate regularly about their roles and responsibilities and share information about security concerns. This is a public version of a law enforcement sensitive/limited official use report issued in October 2016. Why GAO Did This Study The variety of civil and criminal cases tried in 400-plus federal courthouses can pose security risks. The CSP was started in 2012 and was designed to be a less costly alternative to building new federal courthouses by adding key security features to existing courthouses. Congress has provided $20 million in obligational authority for the program in each of the fiscal years that it has been funded. GAO was asked to review physical security at federal courthouses. This report discusses (1) the extent to which federal stakeholders have identified security concerns; (2) how the CSP addresses courthouse security concern[...]



GAO-17-409T, Department of Homeland Security: Important Progress Made, but More Work Remains to Strengthen Management Functions, February 16, 2017

Thu, 16 Feb 2017 12:00:00 -0500

What GAO Found As GAO reported in its 2017 high-risk update, the Department of Homeland Security's (DHS) efforts to strengthen and integrate its management functions have resulted in the department meeting three and partially meeting two of GAO's criteria for removal from the High-Risk List (see table). For example, senior DHS officials demonstrated exemplary leadership commitment by frequently meeting with GAO to discuss the department's progress in addressing the high-risk area. Additionally, DHS established an action plan for addressing the high-risk area, of which it has issued 10 updated versions since 2011. Since GAO's 2015 high-risk update, DHS also strengthened its monitoring efforts for financial systems modernization programs by entering into a contract for independent verification and validation services, and met the monitoring criterion for the first time. However, DHS needs to make additional progress in strengthening capacity by identifying and allocating resources in certain areas, such as staffing for acquisition and information technology positions. Department of Homeland Security (DHS) Progress in Addressing the Strengthening DHS Management Functions High-Risk Area, as of February 2017 Criterion for removal from High-Risk List Meta Partially metb Not metc Leadership commitment X     Capacity   X   Action plan X     Framework to monitor progress X     Demonstrated, sustained progress   X   Total 3 2 0 Source: GAO analysis of DHS documents, interviews, and prior GAO reports. | GAO 17-409T a“Met”: There are no significant actions that need to be taken to further address this criterion. b“Partially met”: Some but not all actions necessary to generally meet the criterion have been taken. c“Not met”: Few, if any, actions toward meeting the criterion have been taken. Key to addressing the department's management challenges is DHS demonstrating the ability to achieve sustained progress across 30 outcomes that GAO identified and DHS agreed were needed to address the high-risk area. GAO found in its 2017 high-risk update that DHS fully addressed 13 of these outcomes, while work remains to fully address the remaining 17. For example, DHS fully met 1 outcome for the first time by linking workforce planning efforts to strategic and program planning efforts. DHS has mostly addressed an additional 8 outcomes, meaning that a small amount of work remains to fully address them. However, DHS has partially addressed 6 and initiated 3 of the remaining outcomes. For example, DHS does not have modernized financial management systems, which affects its ability to have ready access to reliable information for informed decision making. In addition, DHS has considerable work ahead to improve employee morale. Addressing these and some other outcomes are significant undertakings that will likely require multiyear efforts. In the 2017 high-risk update, GAO concluded that in coming years, DHS needs to continue implementing its plan for addressing the high-risk area, ensure that it has the people and resources necessary to resolve risk, and fully address the remaining 17 outcomes. Why GAO Did This Study GAO has regularly reported on government operations identified as high-risk because of their increased vulnerability to fraud, waste, abuse, and m[...]



GAO-17-152, Border Security: Additional Actions Needed to Strengthen Collection of Unmanned Aerial Systems and Aerostats Data, February 16, 2017

Thu, 16 Feb 2017 12:00:00 -0500

What GAO Found U.S. Customs and Border Protection (CBP) uses Predator B unmanned aerial systems (UAS) for a variety of border security activities but could benefit from documented coordination procedures in all operating locations. CBP uses its Predator B UAS to support a variety of efforts, such as missions to support investigations in collaboration with other government agencies (e.g., U.S. Immigration and Customs Enforcement) and to locate individuals illegally crossing the border. GAO found that CBP established various mechanisms to coordinate with other agencies for Predator B missions but did not develop and document coordination procedures in two of its three operational centers. Without documented coordination procedures in all operating locations consistent with internal control standards, CBP does not have reasonable assurance that practices in all operating locations align with existing policies and procedures for joint operations with other federal and non-federal government agencies. CBP uses aerostats—unmanned buoyant craft tethered to the ground and equipped with video surveillance cameras and radar technology—to support its border security activities along the southern U.S. border. In south Texas, the U.S. Border Patrol (Border Patrol) uses relocatable tactical aerostats equipped with video surveillance technology to locate and support the interdiction of cross-border illegal activity. At eight fixed sites across the southern U.S. border and in Puerto Rico, CBP uses the Tethered Aerostat Radar System (TARS) program to support its efforts to detect occurrences of illegal aircraft and maritime vessel border incursions. CBP has taken actions to assess the effectiveness of its UAS and aerostats for border security, but could improve its data collection. CBP collects a variety of data on its use of Predator B UAS, tactical aerostats, and TARS including data on their support for the apprehension of individuals, seizure of drugs, and other events (asset assists). For Predator B UAS, GAO found mission data—such as the names of supported agencies and asset assists for seizures of narcotics—was not recorded consistently across all operational centers, limiting CBP's ability to assess the effectiveness of the program. CBP has not updated its guidance for collecting and recording mission information in its data collection system to include new data elements added since 2014, and it does not have instructions for recording mission information such as asset assists. In addition, not all users of CBP's system have received training for recording mission information. Updating guidance and fully training users, consistent with internal control standards, would help CBP better ensure the quality of data it uses to assess effectiveness. For tactical aerostats, GAO found that Border Patrol collection of asset assist information for seizures and apprehensions does not distinguish between its tactical aerostats and TARS. Consistent with internal control standards, data that distinguishes between support provided by tactical aerostats and support provided by TARS would help CBP collect better and more complete information and guide resource allocation decisions, such as the re-deployment of tactical aerostat sites based on changes in cross-border illegal activity. Why GAO Did This Study As the lead federal agency charged with securing U.S. borders, the Department of Homeland Security's (DHS) CBP has employed a variety of technologies and assets to assist with its border security efforts. In support of its mission, CBP operates a fleet of remotely piloted Predator B UAS and uses aerostats, including tactical aerostats and TARS. GAO was asked to review CBP's use of UAS and aerostats for border security. This report addresses the following questions: (1) How does CBP use UAS and aerostats for border security activities, [...]



GAO-17-147, Army Corps of Engineers: Factors Contributing to Cost Increases and Schedule Delays in the Olmsted Locks and Dam Project, February 16, 2017

Thu, 16 Feb 2017 12:00:00 -0500

What GAO Found Reports by the U.S. Army Corps of Engineers (Corps) and consultants it hired identified the construction method, contract type, and other factors as primary contributors to cost increases and schedule delays in the Olmsted Locks and Dam project. Specifically, the 2012 Corps' post-authorization change report (PACR) and a 2012 consultant report identified the Corps' 1997 selection of an innovative in-the-wet method to construct the dam as a contributing factor. With this method, concrete sections of the dam, or shells, are built on shore, carried out into the river, and set in place in the riverbed. The Corps decided to use this method based on projections that it would cost less and allow the project to be completed sooner than the traditional in-the-dry method using temporary, watertight structures, or cofferdams, to drain the riverbed to allow work. However, the Corps' initial cost estimate was low and did not adequately consider such things as river conditions that slowed construction. A 2012 Corps study compared the in-the-wet and in-the-dry methods and found that continuing to use the in-the-wet method would cost more but would allow the project to be completed sooner. Based on this study, the Corps continued to use the in-the-wet method. In addition, the PACR and a 2008 consultant report found that the Corps' decision to use a cost-reimbursement contract for the dam construction after receiving no offers for a firm fixed -price contract contributed to increased administrative and overhead costs. The reports noted that managing a cost-reimbursement contract was more cost- and time-intensive than managing a firm fixed-price contract, which the Corps typically uses. The Corps and consultant reports also identified other contributing factors, including limited funding; market condition changes, such as unexpected and significant increases in the price of construction materials; and design changes during the dam construction in response to soil conditions and other issues. The benefits foregone because of delays at Olmsted are uncertain, primarily because the Corps' estimates for the project are no longer relevant or are of limited use for estimating the benefits that might have been generated had the project opened as planned in 2006. The Corps estimated the benefits associated with the project several times, including in a 1990 study. Corps officials said, however, that the benefit estimates from this study are no longer relevant for estimating benefits foregone because of past project delays. In particular, the 1990 study did not anticipate the regulatory and market factors that reduced the demand for coal shipments on the Ohio River, beginning in the 1990s. In the 2012 PACR, the Corps updated its benefit estimates based on a revised opening date of 2020, but they are of limited use for estimating benefits foregone for several reasons. For example, the analysis was based on assumptions about barge forecasts that may not represent the actual traffic that transited the locks and dams during past delays. According to Corps economists, the additional interest incurred during construction because of project delays is another type of benefit foregone because it represents the hypothetical return or “benefit” that could have been earned by investing the money in some other use. GAO found that the difference in interest estimated in 1990 and in the PACR to be about $400 million, which represents an estimate of the additional interest associated with such factors as changes in the project design that led to the construction delays and increased construction costs. Why GAO Did This Study The Corps is responsible for planning and constructing the Olmsted Locks and Dam project on the Ohio River, 17 miles upstream from the Mississippi River. The project will replace two locks and dams, w[...]



GAO-17-242, VA Health Care: Actions Needed to Ensure Medical Facility Controlled Substance Inspection Programs Meet Agency Requirements, February 15, 2017

Wed, 15 Feb 2017 12:00:00 -0500

What GAO Found GAO found weaknesses in the way four selected Department of Veterans Affairs (VA) medical facilities were implementing their controlled substance inspection programs. Two of the four did not conduct monthly inspections of controlled substances as required by the Veterans Health Administration (VHA). For example, one facility missed 43 percent of monthly inspections in critical patient care areas and the pharmacy for the period GAO reviewed—January 2015 to February 2016. Further, inspections that three of the four facilities performed did not include or follow three or more of the nine VHA requirements GAO reviewed. At two of the three facilities, for example, inspectors did not properly verify that controlled substances had been transferred from VA pharmacies to patient care areas; nor did inspectors ensure that all controlled substances on hold for destruction were properly documented. The VA Office of the Inspector General identified similar inspection program weaknesses at other VA facilities in 2009 and again in 2014. GAO found that several factors contributed to nonadherence to VHA policy at selected facilities. First, the two facilities that missed inspections lacked an additional control procedure—such as the use of an alternate controlled substance coordinator—to help prevent missed inspections when inspectors could not conduct them due to professional or other personal responsibilities. Second, while facilities develop their own set of inspection procedures that must follow VHA's policy requirements, three of the four facilities did not ensure their written procedures included the nine VHA program requirements GAO reviewed. Third, VHA relies on coordinators at the facilities to ensure that the inspections are completed appropriately, but GAO found that VHA's training course for the coordinators does not focus on its required inspection procedures. As a result of these weaknesses, VHA cannot ensure that its inspection programs are following all of its requirements. GAO found inconsistent oversight at the selected facilities of their controlled substance inspection programs by facility directors and the Veterans Integrated Service Networks (network) to which the facilities report. VHA assigns oversight responsibilities to each facility director and network. GAO found that directors at two of the four selected VA medical facilities had not implemented corrective actions to address missed inspections identified in the monthly inspection reports. In addition, two of the four selected networks did not review their facilities' quarterly trend reports, as required by VHA. Such reports identify inspection program trends such as missed inspections and areas for improvement. GAO found that one network that had reviewed the trend reports failed to follow up with a facility to ensure it had submitted missed trend reports. Inconsistent oversight by the directors and networks is contrary to federal internal control standards that state oversight should be ongoing to assess performance and promptly remediate deficiencies in order to achieve objectives, including holding individuals accountable for their responsibilities. Without effective oversight of the inspection programs by directors and networks, VHA lacks reasonable assurance that its programs are being implemented as required to prevent and identify diversion of controlled substances. Why GAO Did This Study Diversion of opioid pain relievers and other controlled substances by health care providers has occurred at several VA medical facilities. Such diversions for personal use can pose a threat to patients by depriving them of needed medications. Absent effective practices to mitigate its risk and quickly identify it, diversion can occur undetected. VHA requires each of its facilities to implement [...]



GAO-16-724, Private Health Insurance: In Most States and New Exchanges, Enrollees Continued to be Concentrated among Few Issuers in 2014 [Reissued on February 14, 2017], September 06, 2016

Wed, 15 Feb 2017 12:00:00 -0500

What GAO Found GAO found that enrollment in private health insurance plans remained concentrated among a small number of issuers in most states in 2014, including in the newly established exchanges. On average in each state and the District of Columbia, 11 or more issuers participated in each of three types of markets—individual, small group, and large group—from 2011 through 2014. However, in most states, the 3 largest issuers in each market had at least an 80 percent share of the market during the period. Beginning in 2014, issuers in the individual and small group markets could sell coverage through exchanges established by the Patient Protection and Affordable Care Act (PPACA). Not all issuers in these overall markets participated in the exchanges, and several had fewer than 3 issuers participating. Enrollment through these exchanges was generally more concentrated among a few issuers than was true for the overall markets. GAO did not assess the effect of the law on concentration and participation as 2014 was the first year of implementation for certain PPACA insurance reforms. The Number of States Where Enrollment in the Three Largest Issuers Was at Least 80 Percent of the Market, by Market, 2011-2014 In nearly all states, the number of issuers participating in individual markets decreased from 2013 to 2014, while fewer states' small group and large group markets had decreased participation. However, across the three markets, those issuers exiting each state market before 2014 generally had less than 1 percent of the market in the prior year. There were also issuers that newly entered state markets in 2014. Their market shares in 2014 varied across the three types of markets, with some entering issuers in the individual market capturing a market share of over 10 percent. Newly entering issuers generally captured a larger share of the enrollment sold through the exchanges than through the overall markets, and some captured a majority of their exchange market. GAO received technical comments on a draft of this report from the Department of Health and Human Services and incorporated them as appropriate. Why GAO Did This Study GAO previously reported that, from 2010 through 2013, enrollment in most states was concentrated among the largest issuers in each of the three types of health insurance markets: the individual, small group, and large group markets. A highly concentrated market may indicate a less competitive market and could affect consumers' choice of health plans and their premiums. In 2014, PPACA required the establishment of health insurance exchanges—a new type of market where individuals and small groups can compare and select among insurance plans—and the introduction of other reforms that could affect market concentration and competition among issuers. PPACA included a provision for GAO to study market concentration and competition, including an analysis of newly entering issuers. In this report, GAO describes: (1) concentration in these markets in each state from 2011 through 2014 and (2) changes in issuer participation in these markets in each state from 2013 to 2014. GAO determined market share using enrollment data from the 2011 through 2014 Medical Loss Ratio datasets that issuers are required to report annually to the Centers for Medicare & Medicaid Services (CMS). To obtain 2014 enrollment data for the issuers in the individual and small group exchanges, GAO analyzed Unified Rate Review data that certain issuers are required to report to CMS. For both datasets, enrollment for each issuer is available only at the state level and 2014 data are the most recent available. For more information, contact John Dicken at (202) 512-7114 or dickenj@gao.gov.



GAO-17-317, High-Risk Series: Progress on Many High-Risk Areas, While Substantial Efforts Needed on Others, February 15, 2017

Wed, 15 Feb 2017 12:00:00 -0500

What GAO Found Since GAO's last high-risk update, many of the 32 high-risk areas on the 2015 list have shown solid progress. Twenty-three high-risk areas, or two-thirds of all the areas, have met or partially met all five criteria for removal from the High-Risk List; 15 of these areas fully met at least one criterion. Progress has been possible through the concerted efforts of Congress and leadership and staff in agencies. For example, Congress enacted over a dozen laws since GAO's last report in February 2015 to help address high-risk issues. GAO removed 1 high-risk area on managing terrorism-related information, because significant progress had been made to strengthen how intelligence on terrorism, homeland security, and law enforcement is shared among federal, state, local, tribal, international, and private sector partners. Sufficient progress was made to remove segments of 2 areas related to supply chain management at the Department of Defense (DOD) and gaps in geostationary weather satellite data. Two high-risk areas expanded—DOD's polar-orbiting weather satellites and the Department of the Interior's restructuring of offshore oil and gas oversight. Several other areas need substantive attention including VA health care, DOD financial management, ensuring the security of federal information systems and cyber critical infrastructure, resolving the federal role in housing finance, and improving the management of IT acquisitions and operations. GAO is adding 3 areas to the High-Risk List, bringing the total to 34: Management of Federal Programs That Serve Tribes and Their Members. GAO has reported that federal agencies, including the Department of the Interior's Bureaus of Indian Education and Indian Affairs and the Department of Health and Human Services' Indian Health Service, have ineffectively administered Indian education and health care programs and inefficiently developed Indian energy resources. Thirty-nine of 41 GAO recommendations on this issue remain unimplemented. U.S. Government's Environmental Liabilities. In fiscal year 2016 this liability was estimated at $447 billion (up from $212 billion in 1997). The Department of Energy is responsible for 83 percent of these liabilities and DOD for 14 percent. Agencies spend billions each year on environmental cleanup efforts but the estimated environmental liability continues to rise. Since 1994, GAO has made at least 28 recommendations related to this area; 13 are unimplemented. The 2020 Decennial Census. The cost of the census has been escalating over the last several decennials; the 2010 Census was the costliest U.S. Census in history at about $12.3 billion, about 31 percent more than the 2000 Census (in 2020 dollars). The U.S. Census Bureau (Bureau) plans to implement several innovations—including IT systems—for the 2020 Census. Successfully implementing these innovations, along with other challenges, risk the Bureau's ability to conduct a cost-effective census. Since 2014, GAO has made 30 recommendations related to this area; however, only 6 have been fully implemented. GAO's 2017 High-Risk List   Strengthening the Foundation for Efficiency and Effectiveness Strategic Human Capital Managementa Managing Federal Real Property Funding the Nation's Surface Transportation Systema Modernizing the U.S. Financial Regulatory System and the Federal Role in Housing Financea Restructuring the U.S. Postal Service to Achieve Sustainable Financial Viabilitya Management of Federal Oil and Gas Resources Limiting the Federal Government's Fiscal Exposure by Better Managing Climate Change Risks Improving [...]



GAO-17-407T, High-Risk Series: Progress on Many High-Risk Areas, While Substantial Efforts Needed on Others, February 15, 2017

Wed, 15 Feb 2017 12:00:00 -0500

What GAO Found Since GAO's last high-risk update, many of the 32 high-risk areas on the 2015 list have shown solid progress. Twenty-three high-risk areas, or two-thirds of all the areas, have met or partially met all five criteria for removal from the High-Risk List; 15 of these areas fully met at least one criterion. Progress has been possible through the concerted efforts of Congress and leadership and staff in agencies. For example, Congress enacted over a dozen laws since GAO's last report in February 2015 to help address high-risk issues. GAO removed 1 high-risk area on managing terrorism-related information, because significant progress had been made to strengthen how intelligence on terrorism, homeland security, and law enforcement is shared among federal, state, local, tribal, international, and private sector partners. Sufficient progress was made to remove segments of 2 areas related to supply chain management at the Department of Defense (DOD) and gaps in geostationary weather satellite data. Two high-risk areas expanded—DOD's polar-orbiting weather satellites and the Department of the Interior's restructuring of offshore oil and gas oversight. Several other areas need substantive attention including VA health care, DOD financial management, ensuring the security of federal information systems and cyber critical infrastructure, resolving the federal role in housing finance, and improving the management of IT acquisitions and operations. GAO is adding 3 areas to the High-Risk List, bringing the total to 34: Management of Federal Programs That Serve Tribes and Their Members. GAO has reported that federal agencies, including the Department of the Interior's Bureaus of Indian Education and Indian Affairs and the Department of Health and Human Services' Indian Health Service, have ineffectively administered Indian education and health care programs and inefficiently developed Indian energy resources. Thirty-nine of 41 GAO recommendations on this issue remain unimplemented. U.S. Government's Environmental Liabilities. In fiscal year 2016 this liability was estimated at $447 billion (up from $212 billion in 1997). The Department of Energy is responsible for 83 percent of these liabilities and DOD for 14 percent. Agencies spend billions each year on environmental cleanup efforts but the estimated environmental liability continues to rise. Since 1994, GAO has made at least 28 recommendations related to this area; 13 are unimplemented. The 2020 Decennial Census. The cost of the census has been escalating over the last several decennials; the 2010 Census was the costliest U.S. Census in history at about $12.3 billion, about 31 percent more than the 2000 Census (in 2020 dollars). The U.S. Census Bureau (Bureau) plans to implement several innovations—including IT systems—for the 2020 Census. Successfully implementing these innovations, along with other challenges, risk the Bureau's ability to conduct a cost-effective census. Since 2014, GAO has made 30 recommendations related to this area; however, only 6 have been fully implemented. GAO's 2017 High-Risk List   Strengthening the Foundation for Efficiency and Effectiveness Strategic Human Capital Managementa Managing Federal Real Property Funding the Nation's Surface Transportation Systema Modernizing the U.S. Financial Regulatory System and the Federal Role in Housing Financea Restructuring the U.S. Postal Service to Achieve Sustainable Financial Viabilitya Management of Federal Oil and Gas Resources Limiting the Federal Governme[...]



GAO-17-375T, High-Risk Series: Progress on Many High-Risk Areas, While Substantial Efforts Needed on Others, February 15, 2017

Wed, 15 Feb 2017 12:00:00 -0500

What GAO Found Since GAO's last high-risk update, many of the 32 high-risk areas on the 2015 list have shown solid progress. Twenty-three high-risk areas, or two-thirds of all the areas, have met or partially met all five criteria for removal from the High-Risk List; 15 of these areas fully met at least one criterion. Progress has been possible through the concerted efforts of Congress and leadership and staff in agencies. For example, Congress enacted over a dozen laws since GAO's last report in February 2015 to help address high-risk issues. GAO removed 1 high-risk area on managing terrorism-related information, because significant progress had been made to strengthen how intelligence on terrorism, homeland security, and law enforcement is shared among federal, state, local, tribal, international, and private sector partners. Sufficient progress was made to remove segments of 2 areas related to supply chain management at the Department of Defense (DOD) and gaps in geostationary weather satellite data. Two high-risk areas expanded—DOD's polar-orbiting weather satellites and the Department of the Interior's restructuring of offshore oil and gas oversight. Several other areas need substantive attention including VA health care, DOD financial management, ensuring the security of federal information systems and cyber critical infrastructure, resolving the federal role in housing finance, and improving the management of IT acquisitions and operations. GAO is adding 3 areas to the High-Risk List, bringing the total to 34: Management of Federal Programs That Serve Tribes and Their Members. GAO has reported that federal agencies, including the Department of the Interior's Bureaus of Indian Education and Indian Affairs and the Department of Health and Human Services' Indian Health Service, have ineffectively administered Indian education and health care programs and inefficiently developed Indian energy resources. Thirty-nine of 41 GAO recommendations on this issue remain unimplemented. U.S. Government's Environmental Liabilities. In fiscal year 2016 this liability was estimated at $447 billion (up from $212 billion in 1997). The Department of Energy is responsible for 83 percent of these liabilities and DOD for 14 percent. Agencies spend billions each year on environmental cleanup efforts but the estimated environmental liability continues to rise. Since 1994, GAO has made at least 28 recommendations related to this area; 13 are unimplemented. The 2020 Decennial Census. The cost of the census has been escalating over the last several decennials; the 2010 Census was the costliest U.S. Census in history at about $12.3 billion, about 31 percent more than the 2000 Census (in 2020 dollars). The U.S. Census Bureau (Bureau) plans to implement several innovations—including IT systems—for the 2020 Census. Successfully implementing these innovations, along with other challenges, risk the Bureau's ability to conduct a cost-effective census. Since 2014, GAO has made 30 recommendations related to this area; however, only 6 have been fully implemented. GAO's 2017 High-Risk List   Strengthening the Foundation for Efficiency and Effectiveness Strategic Human Capital Managementa Managing Federal Real Property Funding the Nation's Surface Transportation Systema Modernizing the U.S. Financial Regulatory System and the Federal Role in Housing Financea Restructuring the U.S. Postal Service to Achieve Sustainable Financial Viabilitya Management of Federal Oil and Gas Resources Li[...]



GAO-17-434T, High Risk: Federal Management Challenges Related to Indian Energy Resources, February 15, 2017

Wed, 15 Feb 2017 12:00:00 -0500

What GAO Found In three prior reports on Indian energy development, GAO found that the Department of the Interior's (Interior) Bureau of Indian Affairs (BIA) has inefficiently managed Indian energy resources and the development process and thereby limited opportunities for tribes and their members to use those resources to create economic benefits and improve the well-being of their communities. GAO has also reported numerous challenges facing Interior's Bureau of Indian Education and BIA and the Department of Health and Human Services' Indian Health Services in administering education and health care services, which put the health and safety of American Indians served by these programs at risk. For the purposes of this testimony, GAO is focusing on the concerns related to Indian energy. GAO categorized concerns associated with BIA management of energy resources and the development process into several broad areas, including oversight of BIA activities, collaboration, and BIA workforce planning. Oversight of BIA activities. In a June 2015 report, GAO found that BIA review and approval is required throughout the development process. However, BIA does not have a documented process or the data needed to track its review and response times—such as data on the date documents are received, the date the review process is considered complete, and the date documents are approved or denied. GAO recommended that BIA develop a documented process to track its review and response times. Interior generally agreed and stated it would try to implement a tracking and monitoring mechanism by the end of fiscal year 2017 for oil and gas leases. Interior did not indicate whether it intends to track and monitor its review of other energy-related documents that must be approved before tribes can develop resources. Collaboration. In a November 2016 report, GAO found that BIA has taken steps to form an Indian Energy Service Center that is intended to, among other things, help expedite the permitting process associated with Indian energy development. However, BIA did not coordinate with key regulatory agencies, including Interior's Fish and Wildlife Service, the Environmental Protection Agency and the U.S. Army Corps of Engineers. GAO recommended that BIA include other regulatory agencies in the Service Center so that it can act as a single point of contact or lead agency to coordinate and navigate the regulatory process. Interior agreed with our related recommendation and described plans to address it. BIA workforce planning. In June 2015 and in November 2016, GAO reported concerns associated with BIA's long-standing workforce challenges, such as inadequate staff resources and staff at some offices without the skills needed to effectively review energy-related documents. GAO recommended that BIA assess critical skills and competencies needed to fulfill its responsibilities related to energy development, and that it establish a documented process for assessing BIA's workforce composition at agency offices. Interior agreed with our recommendations and stated it is taking steps to implement them. Why GAO Did This Study Indian tribes and their members hold considerable energy resources and may decide to use these resources to provide economic benefits and improve the well-being of their communities. However, according to a 2014 Interior document, these resources are underdeveloped relative to surrounding non-Indian resources. Development of Indian energy resources is a complex process that may involve federal, tribal, and state agencies. Interior's BIA has primary authority for managing Indian energy development and generally holds final decisio[...]



GAO-17-299R, Financial Audit: Federal Deposit Insurance Corporation Funds' 2016 and 2015 Financial Statements, February 15, 2017

Wed, 15 Feb 2017 12:00:00 -0500

What GAO Found GAO found (1) the financial statements of the Deposit Insurance Fund (DIF) and of the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF) as of and for the years ended December 31, 2016, and 2015, are fairly presented, in all material respects, in accordance with U.S. generally accepted accounting principles; (2) although internal controls could be improved, the Federal Deposit Insurance Corporation (FDIC) maintained, in all material respects, effective internal control over financial reporting relevant to the DIF and to the FRF as of December 31, 2016; and; (3) with respect to the DIF and to the FRF, no reportable instances of noncompliance for 2016 with provisions of applicable laws, regulations, contracts, and grant agreements GAO tested. GAO's 2016 audit identified deficiencies in FDIC's information systems controls. These deficiencies, along with unresolved control deficiencies from prior audits, collectively represent a significant deficiency in FDIC's internal control over financial reporting that merits attention by those charged with governance of FDIC. In commenting on a draft of this report, FDIC stated that it was pleased to receive unmodified opinions on the DIF's and the FRF's financial statements, and noted that GAO reported that FDIC had effective internal control over financial reporting and that there was no reportable noncompliance with tested provisions of applicable laws, regulations, contracts, and grant agreements. FDIC also noted that GAO reported deficiencies in FDIC's information systems controls that collectively represent a significant deficiency. FDIC stated that it will work to improve its internal control environment and will focus additional management attention to address and remediate the identified information system control deficiencies, recognizing the essential role a strong internal control program plays in achieving an agency's mission. Further, FDIC stated that dedication to sound financial management has been and will remain a top priority. Why GAO Did This Study Section 17 of the Federal Deposit Insurance Act, as amended, requires GAO to annually audit the financial statements of the DIF and of the FRF. In addition, the Government Corporation Control Act requires that FDIC annually prepare and submit audited financial statements to Congress, and provides GAO authority to perform the audit. This report responds to these requirements. For more information, contact James R. Dalkin at (202) 512-3133 or dalkinj@gao.gov.



GAO-17-276, Government Purchase Cards: Little Evidence of Potential Fraud Found in Small Purchases, but Documentation Issues Exist, February 14, 2017

Tue, 14 Feb 2017 12:00:00 -0500

What GAO Found Since 2008, the General Services Administration (GSA) and the Office of Management and Budget (OMB) have taken several steps, in part to address prior GAO recommendations, to enhance purchase card program controls over micropurchases, which are currently capped at $3,500 for most purchases. These steps include developing training, monitoring tools, and guidance. For example, according to OMB guidance, a cardholder should maintain documentation to minimize risk of erroneous and improper purchases, including documentation of the purchase request and preapproval for self-generated purchases. GAO's government-wide review found some weaknesses in the approval process for micropurchases due to inadequate documentation. Specifically, in its sample, GAO found that 22 percent of transactions government-wide did not have complete documentation to substantiate the transactions' approval process. Additionally, GAO estimated that 23 percent of Department of Defense (DOD) transactions and 13 percent of Department of Veterans Affairs (VA) transactions had incomplete documentation. Together, DOD and VA accounted for about two-thirds of all micropurchase spending in fiscal year 2014. Estimated Completeness of Documentation for the Purchase Card Approval Process under the Micropurchase Limit in Fiscal Year 2014 Percent       Approval process documentation Government-wide Department of Defense (DOD) Department of Veterans Affairs (VA) Incomplete documentation 22 23 13 Complete documentation 78 77 87 Source: GAO analysis of executive agency data. | GAO-17-276 Note: The government-wide results are a weighted total of the three strata of GAO's sample: (1) DOD, (2) VA, and (3) all other executive agencies within GAO's scope. The results include the DOD and VA strata because they each accounted for about one-third of micropurchase spending in fiscal year 2014. The results of the third strata (other executive agencies) are not included separately in the table. The Department of the Interior was excluded from the government-wide results due to a difference in the agency's purchase card policies. Estimates for the government-wide, DOD, and VA results have a margin of error of +/-5, 8, and 7 percentage points or less, respectively, at the 95 percent confidence interval. GAO's government-wide review and targeted data mining of selected categories for potentially improper purchases found little evidence of improper or potentially fraudulent purchases among micropurchase transactions. However, incomplete documentation increases the risk that fraud, charge card misuse, and other abusive activity could occur without detection. One agency, the Department of the Interior (DOI), granted blanket purchase authority for cardholders for most transactions under the micropurchase limit, and therefore did not require any documentation of the purchase request or preapproval. This blanket authority may increase the risk that fraudulent, improper, and other abusive activity could occur. Following OMB guidance for documentation can help reduce such risks. Why GAO Did This Study For fiscal year 2014, the most recently available data at the time of GAO's review, the federal government spent $8.7 billion in micropurchases using purchase cards. In its last government-wide review of[...]



GAO-17-440T, Cybersecurity: Actions Needed to Strengthen U.S. Capabilities, February 14, 2017

Tue, 14 Feb 2017 12:00:00 -0500

What GAO Found GAO has consistently identified shortcomings in the federal government's approach to ensuring the security of federal information systems and cyber critical infrastructure as well as its approach to protecting the privacy of personally identifiable information (PII). While previous administrations and agencies have acted to improve the protections over federal and critical infrastructure information and information systems, the federal government needs to take the following actions to strengthen U.S. cybersecurity: Effectively implement risk-based entity-wide information security programs consistently over time. Among other things, agencies need to (1) implement sustainable processes for securely configuring operating systems, applications, workstations, servers, and network devices; (2) patch vulnerable systems and replace unsupported software; (3) develop comprehensive security test and evaluation procedures and conduct examinations on a regular and recurring basis; and (4) strengthen oversight of contractors providing IT services. Improve its cyber incident detection, response, and mitigation capabilities. The Department of Homeland Security needs to expand the capabilities and support wider adoption of its government-wide intrusion detection and prevention system. In addition, the federal government needs to improve cyber incident response practices, update guidance on reporting data breaches, and develop consistent responses to breaches of PII. Expand its cyber workforce planning and training efforts. The federal government needs to (1) enhance efforts for recruiting and retaining a qualified cybersecurity workforce and (2) improve cybersecurity workforce planning activities. Expand efforts to strengthen cybersecurity of the nation's critical infrastructures. The federal government needs to develop metrics to (1) assess the effectiveness of efforts promoting the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity and (2) measure and report on effectiveness of cyber risk mitigation activities and the cybersecurity posture of critical infrastructure sectors. Better oversee protection of personally identifiable information. The federal government needs to (1) protect the security and privacy of electronic health information, (2) ensure privacy when face recognition systems are used, and (3) protect the privacy of users' data on state-based health insurance marketplaces. Several recommendations made by the Commission on Enhancing National Cybersecurity (Cybersecurity Commission) and the Center for Strategic & International Studies (CSIS) are generally consistent with or similar to GAO's recommendations in several areas including: establishing an international cybersecurity strategy, protecting cyber critical infrastructure, promoting use of the NIST cybersecurity framework, prioritizing cybersecurity research, and expanding cybersecurity workforces. Why GAO Did This Study Cyber-based intrusions and attacks on federal systems and systems supporting our nation's critical infrastructure, such as communications and financial services, are evolving and becoming more sophisticated. GAO first designated information security as a government-wide high-risk area in 1997. This was expanded to include the protection of cyber critical infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015. This statement (1) provides an overview of GAO's work related to cybersecurity of the federal government and the nation's critical infrastruc[...]



GAO-17-169, Medicaid: CMS Needs Better Data to Monitor the Provision of and Spending on Personal Care Services, January 12, 2017

Mon, 13 Feb 2017 12:00:00 -0500

What GAO Found Two data systems managed by the Centers for Medicare & Medicaid Services (CMS)—the federal agency that oversees Medicaid—collect information from states on the provision of and spending on personal care services: The Medicaid Statistical Information System (MSIS) collects detailed information from provider claims on services rendered to individual Medicaid beneficiaries and state payments for these services. The Medicaid Budget and Expenditure System (MBES) collects states' total aggregate Medicaid expenditures across 80 broad service categories. Information from these two CMS data systems can be used in the aggregate to describe broadly the provision of and spending on Medicaid personal care services. For example, MBES data show that total fee-for-service spending on these services was at least $15 billion in 2015—up $2.3 billion from 2012. However, the usefulness of the data collected from these two systems for CMS oversight is limited because of data gaps and errors. To provide effective oversight, including decision making, external reporting, and monitoring program operations, CMS needs timely, relevant and reliable data on personal care services rendered and the amount paid. GAO found that the data collected did not always meet these standards. For example: MSIS data were not timely, complete, or consistent. The most recent data available at the time of GAO's audit were for 2012 and only included data for 35 states. Further, 15 percent of claims lacked provider identification numbers, over 400 different procedure codes were used to identify the services, and the quantity and time periods varied widely. Without good data, CMS is unable to effectively monitor who is providing personal care services or the type, amount, and dates of services. CMS may also face challenges determining whether beneficiaries were eligible for services and assessing the reasonableness of the amount of services claimed. MBES data were not always accurate or complete. From 2012 through 2015, GAO found that 17 percent of expenditure lines were not reported correctly. Nearly two-thirds of these errors were due to states not separately identifying personal care services expenditures, as required by CMS. Inaccurate and incomplete reporting limits CMS's ability to ensure federal matching funds are provided consistent with states' approved programs. CMS is developing a new Medicaid claims system to replace MSIS and recently established a new office to support CMS's use of Medicaid data for program management and monitoring. However, CMS has not issued guidance related to reporting of personal care services that addresses the gaps GAO identified, or developed plans to use the data for oversight purposes. Without improved data and plans for how it can be used for oversight, CMS could continue to lack critical information on personal care service expenditures. HHS agreed with two of GAO's recommendations to ensure state compliance with reporting requirements and develop plans to use the data. HHS neither agreed nor disagreed with two others. Why GAO Did This Study A growing share of long-term care spending under Medicaid, a joint federal-state health care program, is for services provided in home and community settings. Medicaid spending on these services—about $80 billion in 2014—now exceeds spending on institutional long term care. Personal care services are key components of long-term, in-home care, providing assistance with basic activities, such as bathing, dressing, and toileting, to millions o[...]



GAO-17-74, Food Safety: A National Strategy Is Needed to Address Fragmentation in Federal Oversight, January 13, 2017

Mon, 13 Feb 2017 12:00:00 -0500

What GAO Found Since 2014, the Department of Health and Human Services' (HHS) Food and Drug Administration (FDA) and the U.S. Department of Agriculture's (USDA) Food Safety and Inspection Service (FSIS), the federal agencies with primary responsibility for food safety oversight, have taken some actions to address fragmentation in the federal food safety oversight system, and HHS has updated its strategic plan to address interagency coordination on food safety. However, USDA has not yet fully implemented GAO's December 2014 recommendation that it describe interagency collaboration on food safety in its strategic and performance planning documents. In addition, the Office of Management and Budget (OMB) has not addressed GAO's March 2011 recommendation to develop a government-wide plan for the federal food safety oversight system. At a 2-day meeting GAO hosted in June 2016, 19 food safety and other experts agreed that there is a compelling need to develop a national strategy to address ongoing fragmentation and improve the federal food safety oversight system. This is consistent with a prior GAO finding that complex interagency and intergovernmental efforts can benefit from developing a national strategy. The experts identified the following key elements of such a strategy: Purpose: The starting point for a national strategy includes defining the problem, developing a mission statement, and identifying goals. Leadership: The national strategy should establish sustained leadership at the highest level of the administration with authority to implement the strategy and be accountable for its progress. The strategy also needs to identify roles and responsibilities and involve all stakeholders. Resources: The national strategy should identify staffing and funding requirements and the sources of funding for its implementation. Monitoring: The national strategy should establish milestones that specify time frames, baselines, and metrics to monitor progress. The strategy should be sufficiently flexible to incorporate changes identified through monitoring and evaluation of progress. Actions: In addition to long-term actions, the national strategy should include short-term actions to gain traction in improving the food safety system. Actions should focus on preventing, rather than reacting to, outbreaks of foodborne illnesses. These elements are consistent with characteristics GAO has previously identified as desirable in national strategies. Past efforts to develop high-level strategic planning for food safety have depended on leadership from the Executive Office of the President (EOP). By developing a national strategy to guide the federal food safety oversight system and address ongoing fragmentation, the EOP, in consultation with relevant federal agencies and other stakeholders, could provide a framework for making organizational and resource decisions. Among other things, such a strategy also could provide a framework for addressing GAO's recommendation for a government-wide plan and for removing food safety oversight from GAO's High-Risk List. Why GAO Did This Study Although the U.S. food supply is generally considered safe, foodborne illness remains a common, costly, yet largely preventable public health problem. The safety and quality of food involves 16 federal agencies. For more than 4 decades, GAO has reported on the fragmented federal food safety oversight system. Because of potential risks to the economy and to public health and safety, food safety has remained on G[...]



GAO-17-150, Defense Civil Support: DOD, HHS, and DHS Should Use Existing Coordination Mechanisms to Improve Their Pandemic Preparedness, February 10, 2017

Fri, 10 Feb 2017 12:00:00 -0500

What GAO Found The Department of Defense (DOD) has developed guidance and plans to direct its efforts to provide assistance in support of civil authorities—in particular the Departments of Health and Human Services (HHS) and Homeland Security (DHS)—in the event of a domestic outbreak of a pandemic disease. For example, the Department of Defense Global Campaign Plan for Pandemic Influenza and Infectious Diseases 3551-13 provides guidance to DOD and the military services on planning and preparing for a pandemic outbreak. DOD's Strategy for Homeland Defense and Support to Civil Authorities states that DOD often is expected to play a prominent supporting role to primary federal agencies. DOD also assists those agencies in the preparedness, detection, and response to other non-pandemic viruses, such as the recent outbreak of the Zika virus. Figure 1: Photograph of the Aedes aegypti Mosquito Responsible for Spreading the Zika Virus Source: Department of Defense | GAO-17-150 HHS and DHS have plans to guide their response to a pandemic, but their plans do not explain how they would respond in a resource-constrained environment in which capabilities like those provided by DOD are limited. DOD coordinates with the agencies, but existing coordination mechanisms among HHS, DHS, and DOD could be used to improve preparedness. HHS's Pandemic Influenza Plan is the departmental blueprint for its preparedness and response to an influenza pandemic. DHS's National Response Framework is a national guide on how federal, state, and local governments are to respond to such incidents. DOD, HHS, and DHS have mechanisms—such as interagency working groups, liaison officers, and training exercises—to coordinate their response to a pandemic. For example, training exercises are critical in preparing these agencies to respond to an incident by providing opportunities to test plans, improve proficiency, and assess capabilities and readiness. These existing mechanisms provide the agencies opportunities to improve their preparedness and response to a pandemic. HHS and DHS plans do not specifically identify what resources would be needed to support a response to a pandemic in which demands exceeded federal resources. These officials stated that there would be no way of knowing in advance what resources would be required. HHS and DHS are in the process of updating their plans and thus have an opportunity to coordinate with each other and with DOD to determine the appropriate actions to take should DOD's support be limited. Why GAO Did This Study The U.S. Army estimates that if a severe infectious disease pandemic were to occur today, the number of U.S. fatalities could be almost twice the total number of battlefield fatalities in all of America's wars since the American Revolution in 1776. A pandemic occurs when an infectious agent emerges that can be efficiently transmitted between humans and has crossed international borders. DOD's day-to-day functioning and the military's readiness and operations abroad could be impaired if a large percentage of its personnel are sick or absent, and DOD's assistance to civil authorities might be limited. House Report 114-102 included a provision for GAO to assess DOD's planning and coordination to support civil authorities during a pandemic. This report assesses the extent to which (1) DOD has guidance and plans for supporting civil authorities in the event of a domestic outbreak of a pandemic disease and (2) HHS and DHS have plans to respond to a [...]



GAO-17-177, Bioforensics: DHS Needs to Conduct a Formal Capability Gap Analysis to Better Identify and Address Gaps, January 11, 2017

Fri, 10 Feb 2017 12:00:00 -0500

What GAO Found The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified some gaps in their bioforensics capabilities, but DHS has not performed a formal bioforensics capability gap analysis. It is therefore not clear whether DHS and the FBI have identified all of their capability gaps. A capability gap analysis can help identify deficiencies in capabilities and can help support the validation and prioritization of how to address the gaps. DHS and the FBI have identified capability gaps using an informal undocumented process. For example, DHS held informal meetings to seek FBI input on capability gaps associated with recent casework. Gaps identified through this informal process include the inability to (1) characterize unique, novel, and engineered agents and “unknowns” (emerging or synthetic organisms) and (2) understand and communicate uncertainty associated with analyzing complex biological samples, among other things. In the absence of a well-documented bioforensics capability gap analysis, the rationale for DHS's resource allocations, or its plans for future enhancements to existing capabilities are not clear and thus cannot ensure that resources are being targeted to the highest priority gaps. In addition to DHS and the FBI, other organizations, such as the National Research Council (NRC) of the National Academy of Sciences (NAS), and the National Science and Technology Council (NSTC) of the Office of Science and Technology Policy (OSTP), have identified potential bioforensics capability needs. These needs can generally be grouped into three areas: science, technology and methods, and bioinformatics and data. GAO also convened a meeting of experts, with the help of NAS, and these experts updated a list of potential bioforensics capability needs that NAS and OSTP had previously identified within each of these areas. Some of the needs these experts confirmed as still relevant were similar to those DHS and FBI officials have identified, while others were different. For example, like DHS and the FBI, the experts agreed that an ability to characterize genetically engineered agents was needed, but they also suggested that evaluating existing protocols, such as those for DNA sequencing, to determine whether they were validated, was needed. GAO believes that this information may be helpful to DHS and the FBI as part of any future bioforensics capability gap analysis they undertake. Since 2010, DHS has enhanced some of its bioforensics capabilities, with FBI input, by focusing on developing methods-based capabilities while maintaining agent-based capabilities. DHS has funded research and development projects addressing areas such as genome sequencing approaches, which underpin many methods-based bioforensics capabilities. DHS is also developing an in-house reference collection for use in investigations. In addition, DHS is developing the ability to characterize unique, novel agents as well as “unknowns,” such as synthetic organisms. DHS projects that some enhanced capabilities will be complete in about 2025. However, in pursuing enhancements, DHS faces several challenges, including establishing a statistical framework for interpreting bioforensics analyses and associated inferences and communicating them in a court setting, as well as obtaining suitable biological agents and DNA sequences to ensure quality references for use in investigations. Why GAO Did This Study The ability to attribute the [...]



GAO-17-85, DOD Financial Management: Significant Efforts Still Needed for Remediating Audit Readiness Deficiencies, February 09, 2017

Thu, 09 Feb 2017 12:00:00 -0500

What GAO Found The Schedules of Budgetary Activity (Budgetary Schedules) for the Army, Navy, and Air Force for fiscal year 2015 reflected current year budget activity as an interim step toward producing an auditable Statement of Budgetary Resources that will reflect multiyear budget activity. All three of the independent public accountants (IPA) contracted to audit these fiscal year 2015 Budgetary Schedules issued disclaimers, meaning that the IPAs were unable to express an opinion because of a lack of sufficient evidence to support the amounts presented. The IPAs for all three military services also identified material weaknesses in internal control and collectively issued a total of over 700 findings and recommendations. These weaknesses included, among other things, the military services' inability to reasonably assure that the Budgetary Schedules reflected all of the relevant financial transactions that occurred and that documentation was available to support such transactions. Army, Navy, and Air Force management generally concurred with these findings and stated that they would develop and implement corrective actions to address the IPAs' recommendations. Office of Management and Budget (OMB) guidance and the Department of Defense's (DOD) Financial Improvement and Audit Readiness (FIAR) Guidance include the following steps for addressing these and other financial management-related findings and recommendations reported by external auditors: (1) identify and track them, (2) prioritize them, (3) develop corrective action plans (CAP) to remediate them, and (4) monitor the implementation status of the CAPs. GAO found that the remediation processes designed by each military service had deficiencies in one or more of these areas. For example, each military service's policies and procedures lacked sufficient controls to reasonably assure that they identified and tracked the complete universe of open findings and recommendations related to financial management. Without identifying and tracking the complete universe of unresolved deficiencies, the military services cannot provide reasonable assurance that the deficiencies will be addressed in a timely manner, which can ultimately affect the reliability of financial information and the auditability of their financial statements. The DOD Comptroller has established several elements of a department-wide audit readiness remediation process, but it does not have comprehensive information on the status of CAPs throughout the department needed to fully monitor and report on the progress being made to resolve financial management-related deficiencies. Specifically, (1) the DOD Comptroller does not obtain complete, detailed information on all CAPs from the military services related to the department's critical capabilities to be able to fully assess progress and (2) reports to external stakeholders such as the Congress on the status of audit readiness do not provide comprehensive information. A lack of comprehensive information on the CAPs limits the ability of DOD and Congress to evaluate DOD's progress toward achieving audit readiness, especially given the short amount of time remaining before the statutory deadline to submit to Congress the results of an audit of the department-wide financial statements for fiscal year 2018. Why GAO Did This Study DOD remains on GAO's High-Risk List because of its long-standing financial management deficiencies. These deficiencies negatively aff[...]



GAO-17-165, District of Columbia Charter Schools: Multi-Agency Plan Needed to Continue Progress Addressing High and Disproportionate Discipline Rates, February 09, 2017

Thu, 09 Feb 2017 12:00:00 -0500

What GAO Found Discipline rates (out-of-school suspension and expulsion rates) at District of Columbia (D.C.) charter schools dropped from school years 2011-12 through 2013-14 (the most recent years of national Department of Education data available). However, these rates remained about double the rates of charter schools nationally and slightly higher than D.C. traditional public schools and were also disproportionately high for some student groups and schools. Specifically, during this period, suspension rates in D.C. charter schools dropped from about 16 percent of all students to about 13 percent, and expulsions, which were relatively rare, went down by about a half percent, according to GAO's analysis. However, D.C. Black students and students with disabilities were disproportionately suspended and expelled. For example, Black students represented 80 percent of students in D.C. charter schools, but 93 percent of those suspended and 92 percent of those expelled. Further, 16 of D.C.'s 105 charter schools suspended over a fifth of their students over the course of school year 2015-16, according to D.C. data. Suspensions and Expulsions of Black Students and Students with Disabilities in District of Columbia Charter Schools Were Disproportionate Relative to Enrollment, School Year 2013-14 Note: Numbers may not add to 100 due to rounding. The Public Charter School Board (PCSB) regularly uses several mechanisms to oversee charter schools' use of suspensions and expulsions. For example, PCSB reviews school-level data and schools' discipline policies to encourage schools to reduce reliance on suspensions and expulsions to manage student behavior. Several D.C. agencies have roles in overseeing charter schools and reported collaborating on other issues, but we observed a lack of consensus around roles and responsibilities regarding charter school discipline. Further, a plan to issue regulations addressing discipline disparities among D.C. public schools was unsuccessful because the D.C. agency that planned to issue the regulations was unsure of its authority to do so. Absent a coordinated plan to continue progress in reducing discipline rates in charter schools, as well as clarified roles, responsibilities, and authorities of D.C. agencies with respect to oversight of discipline in charter schools, continued progress may be slowed. Why GAO Did This Study D.C. charter schools served about 45 percent of D.C.'s public school students in the 2015-16 school year. The District of Columbia School Reform Act of 1995 established PCSB to authorize and oversee charter schools. PCSB also oversees charter schools' use of suspensions and expulsions. The District of Columbia Appropriations Act, 2005, as amended, included a provision for GAO to conduct a periodic management evaluation of PCSB. This report examines (1) what is known about suspensions and expulsions in D.C. charter schools, and (2) to what extent PCSB oversees charter schools' use of suspensions and expulsions. GAO analyzed the most recent national federal data (school years 2011-12 and 2013-14) and D.C. data (school year 2015-16) on suspensions and expulsions; reviewed relevant laws, regulations, and agency policies and documentation; and interviewed officials at PCSB and other D.C. agencies, as well as other stakeholders selected to provide a range of perspectives. GAO also visited three charter schools that had high discipline rates. Wh[...]



GAO-17-84, Supply Chain Security: Providing Guidance and Resolving Data Problems Could Improve Management of the Customs-Trade Partnership Against Terrorism Program, February 08, 2017

Wed, 08 Feb 2017 12:00:00 -0500

What GAO Found Staff from U.S. Customs and Border Protection's (CBP) Customs-Trade Partnership Against Terrorism (C-TPAT) program have faced challenges in meeting C-TPAT security validation responsibilities because of problems with the functionality of the program's data management system (Portal 2.0). In particular, since the system was updated in August 2015, C-TPAT staff have identified instances in which the Portal 2.0 system incorrectly altered C-TPAT members' certification or security profile dates, requiring manual verification of member data and impairing the ability of C-TPAT security specialists to identify and complete required security validations in a timely and efficient manner. While the focus of CBP's staff was initially on documenting and addressing Portal 2.0 problems as they arose, the staff have begun to identify root causes that led to the Portal 2.0 problems. For example, CBP staff cited unclear requirements for the system and its users' needs, coupled with inadequate testing, as factors that likely contributed to problems. In response, CBP staff have outlined recommended actions, along with timeframes for completing the actions. The staff stated that they will continue to work on identifying and addressing potential root causes of the Portal problems through 2017. C-TPAT officials told us that despite the Portal 2.0 problems, they have assurance that required security validations are being tracked and completed as a result of record reviews taking place at field offices. However, these field office reviews were developed in the absence of standardized guidance from C-TPAT headquarters. While the current validation tracking processes used by field offices do account for security validations conducted over the year, standardizing the process used by field offices for tracking required security validations could strengthen C-TPAT management's assurance that its field offices are identifying and completing the required security validations in a consistent and reliable manner. CBP cannot determine the extent to which C-TPAT members are receiving benefits because of data problems. Specifically, since 2012, CBP has compiled data on certain events or actions it has taken regarding arriving shipments—such as examination and hold rates and processing times—for both C-TPAT and non-C-TPAT members through its Dashboard data reporting tool. However, on the basis of GAO's preliminary analyses and subsequent data accuracy concerns cited by C-TPAT program officials, GAO determined that data contained in the Dashboard could not be relied on for accurately measuring C-TPAT member benefits. Also, CBP has likely relied on such questionable data since it developed the Dashboard in 2012, and, thus, cannot be assured that C-TPAT members have consistently received the benefits that CBP has publicized. C-TPAT officials stated that they are analyzing the Dashboard to finalize an action plan to correct the data concerns. It is too soon to tell, though, whether this process will fully address the accuracy and reliability issues. Despite these issues, C-TPAT officials are exploring new member benefits, and industry officials we met with generally spoke positively of the C-TPAT program. Why GAO Did This Study The economic well-being of the United States depends on the movement of millions of cargo shipments throughout the global supply chain—the flow of goods from manuf[...]