oversight

Information Resources Management: Active Assignments

Published by the Government Accountability Office on 1997-04-15.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

             United States General Accoimting Office   I ' J "S ^ I ^^
r ^ AjT)     Accounting and Information
^-^^^        Management Division



April 1997
             Information Resources
             Management
             Active Assignments
Foreword


           This report was prepared primarily to inform Congressional members and
           key st<^ of ongoing assignments in the General Accounting Office's
           Information Resources Management. This report contains assignments
           that were ongoing as of April 15,1997, and presents a brief background
           statement and a list of key questions to be aiiswered on each assignment.
           The report wiU be issued quarterly.

           This report was compiled from information available in GAG'S internal
           management information systems. Because the information was
           downloaded from computerized data bases intended for internal use, some
           information may appear in abbreviated form.

           If you have questions or would like additional information about
           assignments listed, please contact Jack Brock, Director, on (202) 512-6406;
           or Linda Koontz, Associate Director, on (202) 512-7487.
Contents

CRITICAL DEVELOPMENT EFFORTS
    N«w    .REVIEW OF FAA'S EFFORTS TO ACHIEVE YEAR-2000COMnjANCE                                    1
IMPROVING INFORMATION MANAGEMENT
    N*»    , BEST PRACnCES IN IMPIfMENTINGrr PERFORMANCE MEASUR£MENT.                                1
EMERGING TECHNOLOGY ISSUES
           •BUSINESS PROCESS REENCHNEERING (BPR) ASSESSMENT GUIDE                                    1
DEFENSE INFORMATION INFRASTRUCTURE
           , HRA 24: TOD'S MIGRATION SYSTEMS STRATEGY.                                               2
           , REVIEW OF DEFENSE INFORMATION INFRASntUCnjRE COMMON OreRATING ENVIRONMENT
            EXISTING AND PLANNED CAPABIUnES.                                                         2
DEFENSE WEAPON SYSTEMS
           .REVIEW OF NAVrSF/A-18E/F PROGRAM AND STATUS OF JOINT STRIKE HGHIER PROGRAM.                  2
           .REVIEW OF SEA-BASED THEATER BALLASTICMISSD£ DEFENSE PROGRAMS.                                3
HIGH RISK SYSTEMS
           , ADEQUACY OF THE DEFENSE FINANCE AND ACCOUNTING SERVICES FOR PLANNING AND
             IMPLEMENTATIONS OF ITS TELECOMMUNICATIONS.                                                  3
           . INFORMATION SECirWTY AT THE DEPARTMENT OF STATE                                             3
    Ntw    , REVIEW OF DOD'S Y2i: STRATEGY AND IMPLEMENTATION.
CRITICAL DEVELOPMENT EFFORTS
    Ntw , SOFTWARE CAPABttJTY EVALUATION OF DEFENSE FINANCE AND ACCOUNTING SERVICES-ARMY.                    4
IMPROVING INFORIMATION MANAGEMENT
           , REVIEW OF THE PROLIFERATION OF DEFENSE NETWORKS.                                                4
OTHER ISSUE AREA WORK - DIFM
    Ntw    . HRA 19: NAVY EFFORTS TO REDUCE COSTS TO STREAMLINE OPERATIONS AND REDUCE COSTS IN THE
            ORDANCE BUSINESS AREA.                                                                           5
           , HRA 19: DBOF PRICING OF GOODS AND SERVICES FOR FMS CUSTOMERS.                                   5
    Ntw    , HRA 24: REVIEW OF THE FISCAL YEAR 1998 DEFENSE INFORMATION TECHNOLOGY BUDGET REQUEST.           5
    Ntw    , HRA 19: DOD WORKING CAPITAL FUND PRICING FOR FISCAL YEAR 1998.                                  6

CRITICAL DEVELOPMENT EFFORTS
    Ntw .REVIEW OF CUSTOMS'AUTOMATED COMMERCIAL ENVIRONMENT.                                                 7
IMPROVING INFORMATION MANAGEMENT
     Ntw   , INFORMATION SECURFTY PRACTICES AT LEADING ORGANIZATIONS.                                        7

WELFARE SYSTEMS
       .REVIEWOFHHS'SMANAGEMENTOFFEDERALFUNDSSPENTFORSTATECHILDSUPPORTSYSTEMS.                               8

HIGH RISK SYSTEMS
           .HRA 5: REVIEW OF HCFA'SMTS MANAGEMENT PRACTICES.                                                  8
                                                                                                              8
     Ntw   . PILOT TEST AIMD"S YEAR 2000 READINESS GUIDANCE ON SSA^S YEAR 2000 PROGRAM.
CRITICAL DEVELOPMENT EFFORTS
           . VETERANS BENEFITS ADMINISTRATION SYSTEMS MODERNIZATION FOLLQW-UP.                                ^
IMPROVING INFORMATION MANAGEMENT
            . HRA 6: NSLDS COMPLIANCE ASSESSMENT.                                                            9
     New    .SOCIAL SECURITY ADMINISTRATION'S MA.N'AGEMENT OF ITS SYSTEMS MODERNIZATION                      9
             INVESTMENTS

TRA's'SPORTATION/TELECOMMUNICATIONS ISSUES
           . REVIEW DEFARTMTiNT OF THE INTERIOR (DOi) EITORTS TO REDUCE COSTS BY    CONSOI.IOATING
            AN!) nci-lMIZINC; TELKCOMMUN!Cr\'nONS SERVICES.                                                  10
Contents

                                                                                      Page
HIGH RISK SYSTEMS
   Ntw   ,HRA 25: REVIEW OFNWS SYSTEM CAPABILITIES TO SUPPORTWEATHERFCHIECAST    -^     10
   N€W   , HRA 22: REVIEW OF FAA^S ATC INVESTMENT MANAGEMENT PRACTICES.                 10
   Ntw   , HRA 22JIEVIEW OF FAA^S AIR TRAFFIC CONTROT- (ATC) COMPUTER SECURnY.          11
IMPROVING INFORMATION MANAGEMENT
   Ntw   .SBA SYSTEM DEVELOPMENT.                                                       11
Information Resources Management




CRITICAL DEVELOPMENT EFFORTS
    1TILE: REVIEW OF FAA'S EFFORTS TO ACHIEVE YEAR-ZMO COMPLIANCE (511533)

           BACKGROUND: This is one ctf a series of GAO jobs oo goveniment-wide efforts to address year 20(X) (Y2K)
           date coDveisioo piobiems. AIMD iias developed a draft guide on assessing agencies'readinessto achieve Y2K
           ccmidiaDce. We will test diis guidance at FAA where a Y2K failure could unpect aviation safety.
           KEY QUESTIONS: (1) Are diere opponunities for FAA to improve its Y2K efforts? (2) What lessons leaned
           and best piactioes identified at FAA can be applied to other federal agencies' Y2K efforts? (3) How can AIMD
           enhance the usefnhiess and qiplication <tf its Y2K readiness guide?


IMPROVING INFORMATION MANAGEMENT
    TTIUE: lESTPRACnCESINIMnEMENTiNG IT PERFORMANCE MEASUREMENT (511Q3S)

           BACKGROUND: To Taetx die lequircments of the Government Performance Results Act (GPRA) and the
           Clinger-Coben Act (CCA), federal agencies need guidance to develop IT/IRM measures and data systems.
           KEY QUESTIONS: (1) Based on GAOs research at public and jnivate sector nganizatioas, what approaches
           can be used by federal agencies to measure the effectiveness of H/IRM resources applied in support of federal
           agency piograms? (2) What are some key measurement areas that can be used by IT programsAnanagers to
           assess IT performance?


EMERGING TECHNOLOGY ISSUES
    TTILE: BUSINESS PROCESS SEENGINEEBING (BFK) ASSESSMENT GUIIM: (SllOK)
           BACKGROUND: Many federal agencies, including the Internal Revenue Service and die Social Security
           Administration, have initiated large-scale reengineering initiatives. Because reengineering can be complex,
           lisky. and expensive, GAO needs standard guidance lot assessing these initiatives.
           KEY (QUESTIONS: What are the imp(Htant issues that should be addressed in assessing federal agencies'
           leengineetiog initiatives?
Information Resources Management



DEFENSE INFORMA'nON l^^jr'RASTRUC^JRE
    TTILE: HRA 24: D(M>'SMIGRA'nON SYSTEMS STRATEGY (5II355)

           BACKGROUND: One of the uaiot near-term goals of DOD's OM initiative, which we have repotted as a high
           risk, is to support and reduce the cost of its business processes widi "migration" systems. DOD is spending
           billions to implement the migration systems strategy over several years and expects to achieve savings by
           terminating redundant legacy systems.
           KEY QUESTIONS : 1) What are die expenditures for migration systems and iegacy systenos DOD expects to
           tenoinate? 2) How many and what ^pe dt migratioo systems did IXH> designate, how many legacy systems did
           DOD terminate, and bow many are scheduled fax future termination? 3) What economic studies did DOD
           prqrare and use to justify migration actions?




    TTILE: REVIEW Cff DEFENSE INFORMATION INFRASTRUCIVRS COMMON OPFJtATING ENVIRONMENT
           EXISTING AND PLANNED CAPABILITIES (5113C2)

           BACKGROUND: Defense is modernizing its information infrastructure through the development of a cooomon
           operating environment (C(£). The COE is the foundation for building systems which meet departmental goals
           for integration and interoperability. Tbese systems support every facet of die Defense noission bam the
           commander-in-chief to the foxbde.
           KEY QUESTIONS: (1) What is COE intended to achieve and what goals and cSjectives have been established?
           (2) What is DOD's approach for implementing COE and what management structures are being used to assess
           dtt progress and effectiveness (rf tbe COE?


DEFENSE WEAPON SYSrEMS
    TTTLE: REVIEW OF NAVY^ F/A-tSE/F PROGRAM AND STATUS OF JOINT STRIKE nOHTER PRO«tAM (707194)
           BACKGROUND: The dedsiaa to procure die F/A- 18E/F, based on C/D deficiencies, should be reconsidered
           due to its high cost and limited increase in operational capability over die current OD nKxlel. We previously
           recommended that the Navy could meet requirements by continuing to procure C/Ds until the more citable, less
           expensive Joint Strike Rghter is available.
           KEY QUESTIONS : (1) Are F/A-18E/F development costs being accuratelyreported?(2) How cosdy will
           F/A-18E/F procurement be, given realistic total buy and aimual production rates? (3) Based on developmental
           and (^lerational testing, how capable will the F/A-18E/F be and what problems has testing identified? (4) Are
           JSF cost and operational capability (»ojections valid?
Information Resources Management



DEFENSE WEAPON SYSTEMS
    TTILE: REVIEW OF SEA-BASED THEATER BALLASnC MISSILEraiFENSEPROGRAMS (707197)

           BACKGROUND: Sea-basing of tactical ballistic missile defenses (TBMD) allows Ibe U.S. to take advantage
           of the strength and presence of its naval forces. Two sea-based systems-the Navy Area Defense program and
           the Tlieater-wide Defense program-are included in the U.S. core theater ballistic missile defense program. This
           review will focus on the Area program.
           KEY QUESTIONS: (1) What is dwstatasofdie Area dieater ballistic missile defense program? (2)Aretests
           being conducted or plaimed to adequately demonstrate die Area System's capabilities before productira wd
           deployment oi both prototype missiles and the objective system?


HIGH RISK SYSTEMS
    TTILE: AIWQUACY OF THE IKFENSE FINANCE AND ACCCHJNTING SERVICES FOR PLANNING AND
           IMPLEMENTATIONS Of ITS TELECCAfMUNICATIONS (51135S)

           BACKGROUND: DFAS is consolidating over 300 accounting offices into 5 large existing finance centers and
           IS new sites called operating locations. This efforts is aimed at (1) reducing the number of accounting and
           finance personnel fmn 46,000 to 23,000; (2) streamlining DOD's financial operatiims. A key factor to the
           success (rf the effmt is a cost effective telecommunication networic
           KEY QUESTIONS : (1) Are DOD's tekcommunication and IRM resources supporting DFAS' OPLCXT
           operations beine used in a cost effective maimer? (2) Can sitmificant savings be achieved duough a more
           efficient use ci telecommunications and IRM resources dedicated to OPLOC operations?




    TTILE: INFORMATION SECURITY AT THE MPARTMENTOT STATE (511361)

           BACKGROUND: The security of infomation stored in government cooqwter systems is of increasing concern
           to the Congress and the general public. The Subcommittee is bedding a series of hearings and has requested
           GAO to perform a series ol reviews of federal agencies information security practices, begirming with the
           Department of State.
           KEY QUESTIONS : 1. How susceptible are State's information systems to unauthorized access over the
           Internet? 2. What is State doing to address this potential problem?
Information Resources Management



HIGH RISK SYSTEMS
     TTILE: REVIEW OF D(M>'SY2K STRATEGY AND IMH^EMENTATION (511614)

            BACKGROUND: The millennium problem is one of the most critical issues fadng DOD. Most computer
            piograms written since the 60's have two^iigit year fields which will cause catastropfaic system &ilures when 00
            digits are processed for the year 2000. Defense readiness, C3, and inteligence systems will be vulnerable and
            estimates for fixing die problems are in die billions.
            KEY QUESTIONS: (1) How appropriate are DOD strategies and acti(»s iat ensuring that Y2K problems will
            be successfully addressed? (2) To what extent has DOD assessed die impact and cost of the year 2000 problems?


CRITICAL DEVELOPMENT EFFORTS
     TTILE: SOFTWARE CAPABILITyEVALUATKm(»'INEnENSE FINANCE AND ACCOUNTING SERVICES. ARMY
            (5115t2)




    ^•iaBBBa^B^s^=^=SBS3^^BHaEaaa^^
IMPROVING INFORMATION MANAGEMENT
    TTIUE: REVIEW OF THE PROLIFERATION OF DEFENSE NETWORKS (511368)
Information Resources Management



OTHER ISSUE AREA WORK • DIFM
    TTILE: HRA 19: NAVY EFFORTS TO REDUCE COSTS TO STREAMLINE OPERATIONS AND REDUCE COSTS IN THE
           (HUDANCE BUSINESS AREA (511612)

           BACKGROUND: Our work in Navy ordnance business area is a two part effort involving NSIAD and AIMD.
           The fint job lodced at the reasons for price increases and continued operating losses. The second job will look
           at operati(Hial issuesregarding(I) streamlining operations and reducing costs, including overtiead costs and (2)
           inyroving customer support
           KEY (QUESTIONS: (1) What actions can be taken to streamline the business area's operations and reduce its
           costs? (2) What actions can be taken to improve die timeliness and effectiveness erf die siqipott dat the business
           area presides to its customers?




    TTILE: HRA 19: IMK>F PRICING OF GOC»S AND SERVICES FOR FMS CUSTOMERS (511613)

           BACKGROUND: The Amis Export CoatnA Act (PJL 90-629) provides diat defense items will be sold to FMS
           customers at full cost DOD policy requires DBOF activities to use one set of standard/stabilized rates f a all
           custtMDers, induding FMS. This pcdicy may result in undereharges for FMS customers and violate the Act
           DBOF sells about $2 billion to FMS custcmers each year.
           KEY QUESTIONS: (1) Is IXH>'s current pricing practice of billing FMS customers at stabilized prices
           consistent widi die Arms Export Control Act (?1^ 90-629)? (2) Is Ihere. a dc^ar difference m pricing FMS goods
           aid services at fiill costs and at stabilized rates?




    TITLE: HRA 24: REVIEW (»* THE FISCAL YEAR 1998 DEFENSE INFORMATION TECHNOLOGY BUDGET REQUEST
           (511C15)

           BACKGROUND: D(K> requests over $20 billim each year to support its IT investment In die past GAO's
           budget snppot cSasts have assisted the authorization, appropriaticns, and oversight committees. GAO's support
           has became an expectation of Congress.
           KEY QUESTIONS : 1. Does Congress have total asset visibility cS die DOD IT invesOnent? 2. Is DOD in
           compliance with laws and Cmgressional direction? 3. Does DOD have proper controls over its IT mvestments?
           4. Are these investments adequately justified?
Information Resources Management



OTHER ISSUE AREA WORK • DIFM
    TTTLE: HRA 19: DOD WORKING CAPITAL FUND PRICING FOR FISCAL YEAR 1998 (511616)

           BACKGROUND: The Nail Defense Authorization Act for FY97 directed GAO review Army, Navy, and Air
           Force Working Capital Fund Prices to be charged to the Funds' customers in FY98 and submit die results d our
           review not later dian 30 days after DOD submits the annual repeat and budget for die Fvaos to the Congress.
           Tliis job is bemg run in conjunc- don widi NSIAD's 709242 (DBOF Pricing)
           KEY QUESTIONS: Are die prices to be charged Working Coital Fund customers during FY 1998 reasonable?
Information Resources Management



C R m C A L DEVELOPMENT EFFORTS
    TTILE: REVIEW OF CUSTOMS' AUTOMATED COMMERCIAL ENVIRONMENT (511104)

           BACKGROUND: The Autranated Commercial Environment (ACE) is a $150 millioo system devele^ment
           prcject diat is planned to su];^)ort modernization of the CusbHns Service. A previous GAO report
           (GAO/AIMD-96-S7) and recent follow-up correspondence (GAO/AIMD-97-43R) discussed several general
           concerns about Customs' automation modemizaticn efforts, including ACX.
           KEY QUESTIONS : (1) How has Customs defined ACE and what will ACE do? (2) How well is Customs
           managing its investment in ACE, in the context of the Clinger-Cediea Act?


IMPROVING INFORMATHM MANAGEMENT
    TTTLE: INFORMATION SECURITY PRACTICES AT LEADING ORGANIZATIONS (511105)

           BAC!KGROUND: Generally accepted good security practices are documented in a number of publications,
           including OMB and NIST guidance. However, recent audits show that agencies are not effectively imfdementing
           diese practices. This assignment's objective is to identify security inqilementation practices of leading
           organizations that could be adopted by federal agencies.
           KEY QUESTIONS: (1) What organizations are recognized as having well designed and implemented security
           programs? (2) How have these organizations implemented their programs and what do they ccnsider critical
           success factos? (3) How do die organizations' practices generally cooqiare to federal agency practices and could
           they be successfully adopted by feder?1 ajencies?
Information Resources Management



WELFARE SYSTEMS
    TTTLJE: REVIEW OF BBS'S MANAGEMENT OF FEDERAL FUNDS SPENT FOR STATE CHILiii SUPPORT SYSTEMS
            (511206)

           BACKGROUND: Since die Family Support Act of 1988, die federal government has spent over $12 billion for
           automated systems to assist states in collecting child support States were required to develcqi automated
           systems by October 1995, but only a few have fully met federal standards. The Cluiiman is concerned that HHS
           may not have adequately addressed GAO's recommendations in our 1992 report
           KEY QUESTIONS: (I) What is die status of state systems, including cost? (2) Has HHS implemented GAO's
           1992 recommendations and is HHS providing effective oversight of state systems to ensure diat the government
           is getting a return on its investment?


HIGH RISK SYSTEMS
    TITLE: BRA 5: REVIEW OF HCFA'SMTS MANAGEMENT PRACTICES (ni2I2)

           BACKGROUND: In January 1994, HCFA awarded a contract f<H^ a new cmnputer system-tbe Medicare
           Transaction System (MTS)-to process Medicare claims. In our November 16,1995 testimony, we cited
           problems with the MTS project's schedule, cost/benefit estimates, and software requirements. As a result, GAO
           was asked to continue to evaluate HCFA's management of MTS.
           KE^ QUESTIONS: To «4iat extent is HCFA (1) mznaging die MTS project as an investment, and (2) i^^lying
           effective system develoinaent processes toreducerisks.




    TTTLE: PILOT TEST AIMD'S YEAR 2000 READINESS GUIDANCE ON SSA'S YEAR 2300 PROGRAM (511215)

           BACKGROUND: This is me of a series of GAO jobs oa government-wide efforts to address year 2000 (Y2K)
           date conversion problems. AIMD has developed a draft guide cm assessing agencies' readiness to achieve. Y2K
           compliance. We will test this guidance at SSA-considered to be a leader in addressing Y2K problems but also
           an agency where die impact of a Y2K fail^jre could be dramatic.
           KEY QUESTIONS: (1) Are diere opportunities for SSA to improve its Y2K efforts? (2) What lessons learned
           and best ptactices identified at SSA can be applied to other federal agencies' Y2K effots? (3) How can AIMD
           enhance the usefulness and application of our YzK readiness guide?
Information Resources Management




CRITICAL DEVELOPMENT EFFORTS
    TITLE: VETERANS BENEFITS AMHNISlR'kTION SYSTFVS MOI»»NIZATION FOLLOW-UP (51U06)

           BACKGROUND: In June 1996 testimony, ws identified technical and management weaknesses in VBA's
           systems-modernization effort As a result, the subcommittee has requested a follow-up review to determine
           VB A actions taken to address the weaknesses we raised.
           KEY QUESTIONS: What actions has VBA taken^ to address die management and technical weaknesses relating
           to (1) creating credible business and information resources maniigement plans, (2) developing a much inqxoved
           investment strategy for selecting and managing information technology projects, and (3) strengthening VBA's
           technical capability to develop software applications?


IMPROVING INFORMATION MANAGEMENT
    TTTLE: BRA 6: NSLDS COMPLIANCE ASSESSMENT (511211)

           BACKGROUND: The Dept of Education (ED) provides billions of dollars in postseccndary student loans and
           grants. Although the 1992 Higher Education Act amendments required ED to integntte the Nati(»al Student
           Lean D^ta System (NSLDS)-a nationwide grant^ecipient datarepository—widi other Tide IV program
           participation databases by January 1,1994, ED has apparendy not yet done this.
           KEY QUESTTONS: What actions does ED need to take to integrate NSLDS widi odier Tide IV program
           participation databases?




    TITLE: SOCIAL SECURITY ADMINISTRATION'S MANAGEMENT OF ITS SYSTEMS MODERNIZATION
           INVESTMENTS (511216)

           BACKGROUND: In September i996, we repmted aa major challenges diat SSA faced in managing its
           multibillion dollar systems modernization effort including developing software. As a result the subconunittee
           bas requested an update on 3SA's management of infonnation technology, focusing on SSA's Intelligent
           Workstation/Local Area Netwrak and effrats to inqirove its software development process.
           KEY QUESTIONS: (1) What is die status of SSA's implementation elf die Intelligent Workstation/Local Area
           NetWv'A (IWS/LAN)? (2) How is SSA's transition to die IWS/LA>T infrastructure impacting its field operations?
           (3) What iJ the status of efforts to iminove SSA's software develc^nnent process? (4) How is SSA managing its
           ^<<terti mc Jernization investments?
Information Resources Management



TRANSPORTATION/TELECOMMUNICA'nONS ISSUES
    TTTLE: REVIEW INEPARTMENT OF THE INTERKHt (DOD EFFORTS TO REDUCE COSTS BY                            CONSOLIDATING
           AND OPTIMIZING TELEOMMMUNICATIONS SERVICES (511414)

           BACKGR(XJND: DOI spends over $60 millim annually fortelecommunicationsservices-voice and data-diat
           are individually acquired and managed by its component bureaus and service organizations in hundreds of field
           offices across die U.S. Consolidating these services at high-traffic locations |Besents opportunities to reduce
           costs by eliminating umiecessaty services.
           KEY QUESTTONS: (1) Has DOI consolidatBd and optimized itstelecommunicationsservices to eliminate
           inrnrccvsary services and nwximize savings?


HIGH RISK Sl^TEMS
    TTILE: BRA 25: REVIEW OF NWS SYSTEM CAPABELITIES TO SUPPORT WEATHER FORECASTING (511422)

           BACKGROUND: The National Weather Service has been modeniizii:% its inf onnation systems and work
           processes to enable inqxoved forecasts while at die same time reducing the number of forecast offices and staff.
           NWS is required by law to certify that any closed office will notresultin a degradation of forecasting service to
           the area involved.
           KEY QUESTIONS: 1) How has NWS implemented its modernization and restructuring process to reduce staff
           and ofiBces byrelyingon new antmiated systems, using Erie, Pennsylvania, as a case exacqile?




    TTILE: BRA 22: REVIEW OF FAA'S ATC INVk^TMENT MANAGEMENT PRACTICES (511534)

           BACKGROUND: FAA's high-risk air baffic contrd (ATC) modenuzatirai program is a multi-billion dollar
           portfolio of infonoation techndogy ( ^ investments. Effectively managing die program requires disciplined
           selectioo, cooirol, and evaluatitm of these investments. FAA's new Acquisitioa Management System is
           intended, in part, to inqxove its investment manageoient processes.
           KEY QUESTIONS: (1) What is FAA's approach to managing its ATC modernization investments? (2) Does
           FAA have an effective iq^Hoach for managing tbese investments? (3) What effcits does FAA have planned fx
           underway to inqxove its ATC modernization investment management approach?
Iitformation Resources Management



HIGH RISK SYSTEMS
    TITLE: HRA 22:R£VIEW OF FAA'S AIR TRAFHC CONTROL (ATC) COMPUTER SECURITY (511536)

           BACKGROUND: As FAA modernizes its ATC systems it foces an increasing challenge to protect die integrity,
           confidentiality, and availability of ATC informaticm. Computer security violations could result in eiqiensive
           nationwide delays aid even loss of life. Therefore, effective controls are essential to minimi^y. die risks
           associated with potential vulnerabilities.
           KEY QUESTTONS: (1) What is FAA's approach to cooqmter security? (2) Is FAA effectively managing
           computer security for its (^lerational ATC systems? What security measures could be strengdiened? (3) Is FAA
           effectively managing computer security for future ATC modernization systems? What security measures could
           be strengthened?


IMPROVING INFORMATION MANAGEMENT
    TTILE: SBA SYSTEM I«VELOPMENT (511421)

           BACKGRCUND: Tbe Small Business Improvement Act of 1996 required die Small Business Administntion
           (SBA) to establish a management infonnaticm system to help identify loan underwriting, recovery, and
           liquidation problems. The requester asked GAO toreviewdiis system development effort and odier SBA IRM
           planning and management activities.
           KEY QUESTTONS: 1) Is SBA taking adequate steps to develop a management information system that will
           • ~ f t ** "Tpwisions of the Small Business Improvement Act o^ 1996? 2) What is die status of SBA's majo- IRM--
           planning and management effofts, including the dc'velopment of strategic business and IRM {dans and the
           resolution (rf year-2000 {aoblems?