Government Accountability Office | Government Accountability Office | Information Resources Management: Active Assignments

Information Resources Management: Active Assignments

Published by the Government Accountability Office on 1997-04-15.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

United States General Accoimting Office I ' J "S ^ I ^^
r ^ AjT) Accounting and Information
^-^^^ Management Division

April 1997
Information Resources
Management
Active Assignments
Foreword

This report was prepared primarily to inform Congressional members and
key st<^ of ongoing assignments in the General Accounting Office's
Information Resources Management. This report contains assignments
that were ongoing as of April 15,1997, and presents a brief background
statement and a list of key questions to be aiiswered on each assignment.
The report wiU be issued quarterly.

This report was compiled from information available in GAG'S internal
management information systems. Because the information was
downloaded from computerized data bases intended for internal use, some
information may appear in abbreviated form.

If you have questions or would like additional information about
assignments listed, please contact Jack Brock, Director, on (202) 512-6406;
or Linda Koontz, Associate Director, on (202) 512-7487.
Contents

CRITICAL DEVELOPMENT EFFORTS
N«w .REVIEW OF FAA'S EFFORTS TO ACHIEVE YEAR-2000COMnjANCE 1
IMPROVING INFORMATION MANAGEMENT
N*» , BEST PRACnCES IN IMPIfMENTINGrr PERFORMANCE MEASUR£MENT. 1
EMERGING TECHNOLOGY ISSUES
•BUSINESS PROCESS REENCHNEERING (BPR) ASSESSMENT GUIDE 1
DEFENSE INFORMATION INFRASTRUCTURE
, HRA 24: TOD'S MIGRATION SYSTEMS STRATEGY. 2
, REVIEW OF DEFENSE INFORMATION INFRASntUCnjRE COMMON OreRATING ENVIRONMENT
EXISTING AND PLANNED CAPABIUnES. 2
DEFENSE WEAPON SYSTEMS
.REVIEW OF NAVrSF/A-18E/F PROGRAM AND STATUS OF JOINT STRIKE HGHIER PROGRAM. 2
.REVIEW OF SEA-BASED THEATER BALLASTICMISSD£ DEFENSE PROGRAMS. 3
HIGH RISK SYSTEMS
, ADEQUACY OF THE DEFENSE FINANCE AND ACCOUNTING SERVICES FOR PLANNING AND
IMPLEMENTATIONS OF ITS TELECOMMUNICATIONS. 3
. INFORMATION SECirWTY AT THE DEPARTMENT OF STATE 3
Ntw , REVIEW OF DOD'S Y2i: STRATEGY AND IMPLEMENTATION.
CRITICAL DEVELOPMENT EFFORTS
Ntw , SOFTWARE CAPABttJTY EVALUATION OF DEFENSE FINANCE AND ACCOUNTING SERVICES-ARMY. 4
IMPROVING INFORIMATION MANAGEMENT
, REVIEW OF THE PROLIFERATION OF DEFENSE NETWORKS. 4
OTHER ISSUE AREA WORK - DIFM
Ntw . HRA 19: NAVY EFFORTS TO REDUCE COSTS TO STREAMLINE OPERATIONS AND REDUCE COSTS IN THE
ORDANCE BUSINESS AREA. 5
, HRA 19: DBOF PRICING OF GOODS AND SERVICES FOR FMS CUSTOMERS. 5
Ntw , HRA 24: REVIEW OF THE FISCAL YEAR 1998 DEFENSE INFORMATION TECHNOLOGY BUDGET REQUEST. 5
Ntw , HRA 19: DOD WORKING CAPITAL FUND PRICING FOR FISCAL YEAR 1998. 6

CRITICAL DEVELOPMENT EFFORTS
Ntw .REVIEW OF CUSTOMS'AUTOMATED COMMERCIAL ENVIRONMENT. 7
IMPROVING INFORMATION MANAGEMENT
Ntw , INFORMATION SECURFTY PRACTICES AT LEADING ORGANIZATIONS. 7

WELFARE SYSTEMS
.REVIEWOFHHS'SMANAGEMENTOFFEDERALFUNDSSPENTFORSTATECHILDSUPPORTSYSTEMS. 8

HIGH RISK SYSTEMS
.HRA 5: REVIEW OF HCFA'SMTS MANAGEMENT PRACTICES. 8
8
Ntw . PILOT TEST AIMD"S YEAR 2000 READINESS GUIDANCE ON SSA^S YEAR 2000 PROGRAM.
CRITICAL DEVELOPMENT EFFORTS
. VETERANS BENEFITS ADMINISTRATION SYSTEMS MODERNIZATION FOLLQW-UP. ^
IMPROVING INFORMATION MANAGEMENT
. HRA 6: NSLDS COMPLIANCE ASSESSMENT. 9
New .SOCIAL SECURITY ADMINISTRATION'S MA.N'AGEMENT OF ITS SYSTEMS MODERNIZATION 9
INVESTMENTS

TRA's'SPORTATION/TELECOMMUNICATIONS ISSUES
. REVIEW DEFARTMTiNT OF THE INTERIOR (DOi) EITORTS TO REDUCE COSTS BY CONSOI.IOATING
AN!) nci-lMIZINC; TELKCOMMUN!Cr\'nONS SERVICES. 10
Contents

Page
HIGH RISK SYSTEMS
Ntw ,HRA 25: REVIEW OFNWS SYSTEM CAPABILITIES TO SUPPORTWEATHERFCHIECAST -^ 10
N€W , HRA 22: REVIEW OF FAA^S ATC INVESTMENT MANAGEMENT PRACTICES. 10
Ntw , HRA 22JIEVIEW OF FAA^S AIR TRAFFIC CONTROT- (ATC) COMPUTER SECURnY. 11
IMPROVING INFORMATION MANAGEMENT
Ntw .SBA SYSTEM DEVELOPMENT. 11
Information Resources Management

CRITICAL DEVELOPMENT EFFORTS
1TILE: REVIEW OF FAA'S EFFORTS TO ACHIEVE YEAR-ZMO COMPLIANCE (511533)

BACKGROUND: This is one ctf a series of GAO jobs oo goveniment-wide efforts to address year 20(X) (Y2K)
date coDveisioo piobiems. AIMD iias developed a draft guide on assessing agencies'readinessto achieve Y2K
ccmidiaDce. We will test diis guidance at FAA where a Y2K failure could unpect aviation safety.
KEY QUESTIONS: (1) Are diere opponunities for FAA to improve its Y2K efforts? (2) What lessons leaned
and best piactioes identified at FAA can be applied to other federal agencies' Y2K efforts? (3) How can AIMD
enhance the usefnhiess and qiplication <tf its Y2K readiness guide?

IMPROVING INFORMATION MANAGEMENT
TTIUE: lESTPRACnCESINIMnEMENTiNG IT PERFORMANCE MEASUREMENT (511Q3S)

BACKGROUND: To Taetx die lequircments of the Government Performance Results Act (GPRA) and the
Clinger-Coben Act (CCA), federal agencies need guidance to develop IT/IRM measures and data systems.
KEY QUESTIONS: (1) Based on GAOs research at public and jnivate sector nganizatioas, what approaches
can be used by federal agencies to measure the effectiveness of H/IRM resources applied in support of federal
agency piograms? (2) What are some key measurement areas that can be used by IT programsAnanagers to
assess IT performance?

EMERGING TECHNOLOGY ISSUES
TTILE: BUSINESS PROCESS SEENGINEEBING (BFK) ASSESSMENT GUIIM: (SllOK)
BACKGROUND: Many federal agencies, including the Internal Revenue Service and die Social Security
Administration, have initiated large-scale reengineering initiatives. Because reengineering can be complex,
lisky. and expensive, GAO needs standard guidance lot assessing these initiatives.
KEY (QUESTIONS: What are the imp(Htant issues that should be addressed in assessing federal agencies'
leengineetiog initiatives?
Information Resources Management

DEFENSE INFORMA'nON l^^jr'RASTRUC^JRE
TTILE: HRA 24: D(M>'SMIGRA'nON SYSTEMS STRATEGY (5II355)

BACKGROUND: One of the uaiot near-term goals of DOD's OM initiative, which we have repotted as a high
risk, is to support and reduce the cost of its business processes widi "migration" systems. DOD is spending
billions to implement the migration systems strategy over several years and expects to achieve savings by
terminating redundant legacy systems.
KEY QUESTIONS : 1) What are die expenditures for migration systems and iegacy systenos DOD expects to
tenoinate? 2) How many and what ^pe dt migratioo systems did IXH> designate, how many legacy systems did
DOD terminate, and bow many are scheduled fax future termination? 3) What economic studies did DOD
prqrare and use to justify migration actions?

TTILE: REVIEW Cff DEFENSE INFORMATION INFRASTRUCIVRS COMMON OPFJtATING ENVIRONMENT
EXISTING AND PLANNED CAPABILITIES (5113C2)

BACKGROUND: Defense is modernizing its information infrastructure through the development of a cooomon
operating environment (C(£). The COE is the foundation for building systems which meet departmental goals
for integration and interoperability. Tbese systems support every facet of die Defense noission bam the
commander-in-chief to the foxbde.
KEY QUESTIONS: (1) What is COE intended to achieve and what goals and cSjectives have been established?
(2) What is DOD's approach for implementing COE and what management structures are being used to assess
dtt progress and effectiveness (rf tbe COE?

DEFENSE WEAPON SYSrEMS
TTTLE: REVIEW OF NAVY^ F/A-tSE/F PROGRAM AND STATUS OF JOINT STRIKE nOHTER PRO«tAM (707194)
BACKGROUND: The dedsiaa to procure die F/A- 18E/F, based on C/D deficiencies, should be reconsidered
due to its high cost and limited increase in operational capability over die current OD nKxlel. We previously
recommended that the Navy could meet requirements by continuing to procure C/Ds until the more citable, less
expensive Joint Strike Rghter is available.
KEY QUESTIONS : (1) Are F/A-18E/F development costs being accuratelyreported?(2) How cosdy will
F/A-18E/F procurement be, given realistic total buy and aimual production rates? (3) Based on developmental
and (^lerational testing, how capable will the F/A-18E/F be and what problems has testing identified? (4) Are
JSF cost and operational capability (»ojections valid?
Information Resources Management

DEFENSE WEAPON SYSTEMS
TTILE: REVIEW OF SEA-BASED THEATER BALLASnC MISSILEraiFENSEPROGRAMS (707197)

BACKGROUND: Sea-basing of tactical ballistic missile defenses (TBMD) allows Ibe U.S. to take advantage
of the strength and presence of its naval forces. Two sea-based systems-the Navy Area Defense program and
the Tlieater-wide Defense program-are included in the U.S. core theater ballistic missile defense program. This
review will focus on the Area program.
KEY QUESTIONS: (1) What is dwstatasofdie Area dieater ballistic missile defense program? (2)Aretests
being conducted or plaimed to adequately demonstrate die Area System's capabilities before productira wd
deployment oi both prototype missiles and the objective system?

HIGH RISK SYSTEMS
TTILE: AIWQUACY OF THE IKFENSE FINANCE AND ACCCHJNTING SERVICES FOR PLANNING AND
IMPLEMENTATIONS Of ITS TELECCAfMUNICATIONS (51135S)

BACKGROUND: DFAS is consolidating over 300 accounting offices into 5 large existing finance centers and
IS new sites called operating locations. This efforts is aimed at (1) reducing the number of accounting and
finance personnel fmn 46,000 to 23,000; (2) streamlining DOD's financial operatiims. A key factor to the
success (rf the effmt is a cost effective telecommunication networic
KEY QUESTIONS : (1) Are DOD's tekcommunication and IRM resources supporting DFAS' OPLCXT
operations beine used in a cost effective maimer? (2) Can sitmificant savings be achieved duough a more
efficient use ci telecommunications and IRM resources dedicated to OPLOC operations?

TTILE: INFORMATION SECURITY AT THE MPARTMENTOT STATE (511361)

BACKGROUND: The security of infomation stored in government cooqwter systems is of increasing concern
to the Congress and the general public. The Subcommittee is bedding a series of hearings and has requested
GAO to perform a series ol reviews of federal agencies information security practices, begirming with the
Department of State.
KEY QUESTIONS : 1. How susceptible are State's information systems to unauthorized access over the
Internet? 2. What is State doing to address this potential problem?
Information Resources Management

HIGH RISK SYSTEMS
TTILE: REVIEW OF D(M>'SY2K STRATEGY AND IMH^EMENTATION (511614)

BACKGROUND: The millennium problem is one of the most critical issues fadng DOD. Most computer
piograms written since the 60's have two^iigit year fields which will cause catastropfaic system &ilures when 00
digits are processed for the year 2000. Defense readiness, C3, and inteligence systems will be vulnerable and
estimates for fixing die problems are in die billions.
KEY QUESTIONS: (1) How appropriate are DOD strategies and acti(»s iat ensuring that Y2K problems will
be successfully addressed? (2) To what extent has DOD assessed die impact and cost of the year 2000 problems?

CRITICAL DEVELOPMENT EFFORTS
TTILE: SOFTWARE CAPABILITyEVALUATKm(»'INEnENSE FINANCE AND ACCOUNTING SERVICES. ARMY
(5115t2)

^•iaBBBa^B^s^=^=SBS3^^BHaEaaa^^
IMPROVING INFORMATION MANAGEMENT
TTIUE: REVIEW OF THE PROLIFERATION OF DEFENSE NETWORKS (511368)
Information Resources Management

OTHER ISSUE AREA WORK • DIFM
TTILE: HRA 19: NAVY EFFORTS TO REDUCE COSTS TO STREAMLINE OPERATIONS AND REDUCE COSTS IN THE
(HUDANCE BUSINESS AREA (511612)

BACKGROUND: Our work in Navy ordnance business area is a two part effort involving NSIAD and AIMD.
The fint job lodced at the reasons for price increases and continued operating losses. The second job will look
at operati(Hial issuesregarding(I) streamlining operations and reducing costs, including overtiead costs and (2)
inyroving customer support
KEY (QUESTIONS: (1) What actions can be taken to streamline the business area's operations and reduce its
costs? (2) What actions can be taken to improve die timeliness and effectiveness erf die siqipott dat the business
area presides to its customers?

TTILE: HRA 19: IMK>F PRICING OF GOC»S AND SERVICES FOR FMS CUSTOMERS (511613)

BACKGROUND: The Amis Export CoatnA Act (PJL 90-629) provides diat defense items will be sold to FMS
customers at full cost DOD policy requires DBOF activities to use one set of standard/stabilized rates f a all
custtMDers, induding FMS. This pcdicy may result in undereharges for FMS customers and violate the Act
DBOF sells about $2 billion to FMS custcmers each year.
KEY QUESTIONS: (1) Is IXH>'s current pricing practice of billing FMS customers at stabilized prices
consistent widi die Arms Export Control Act (?1^ 90-629)? (2) Is Ihere. a dc^ar difference m pricing FMS goods
aid services at fiill costs and at stabilized rates?

TITLE: HRA 24: REVIEW (»* THE FISCAL YEAR 1998 DEFENSE INFORMATION TECHNOLOGY BUDGET REQUEST
(511C15)

BACKGROUND: D(K> requests over $20 billim each year to support its IT investment In die past GAO's
budget snppot cSasts have assisted the authorization, appropriaticns, and oversight committees. GAO's support
has became an expectation of Congress.
KEY QUESTIONS : 1. Does Congress have total asset visibility cS die DOD IT invesOnent? 2. Is DOD in
compliance with laws and Cmgressional direction? 3. Does DOD have proper controls over its IT mvestments?
4. Are these investments adequately justified?
Information Resources Management

OTHER ISSUE AREA WORK • DIFM
TTTLE: HRA 19: DOD WORKING CAPITAL FUND PRICING FOR FISCAL YEAR 1998 (511616)

BACKGROUND: The Nail Defense Authorization Act for FY97 directed GAO review Army, Navy, and Air
Force Working Capital Fund Prices to be charged to the Funds' customers in FY98 and submit die results d our
review not later dian 30 days after DOD submits the annual repeat and budget for die Fvaos to the Congress.
Tliis job is bemg run in conjunc- don widi NSIAD's 709242 (DBOF Pricing)
KEY QUESTIONS: Are die prices to be charged Working Coital Fund customers during FY 1998 reasonable?
Information Resources Management

C R m C A L DEVELOPMENT EFFORTS
TTILE: REVIEW OF CUSTOMS' AUTOMATED COMMERCIAL ENVIRONMENT (511104)

BACKGROUND: The Autranated Commercial Environment (ACE) is a $150 millioo system devele^ment
prcject diat is planned to su];^)ort modernization of the CusbHns Service. A previous GAO report
(GAO/AIMD-96-S7) and recent follow-up correspondence (GAO/AIMD-97-43R) discussed several general
concerns about Customs' automation modemizaticn efforts, including ACX.
KEY QUESTIONS : (1) How has Customs defined ACE and what will ACE do? (2) How well is Customs
managing its investment in ACE, in the context of the Clinger-Cediea Act?

IMPROVING INFORMATHM MANAGEMENT
TTTLE: INFORMATION SECURITY PRACTICES AT LEADING ORGANIZATIONS (511105)

BAC!KGROUND: Generally accepted good security practices are documented in a number of publications,
including OMB and NIST guidance. However, recent audits show that agencies are not effectively imfdementing
diese practices. This assignment's objective is to identify security inqilementation practices of leading
organizations that could be adopted by federal agencies.
KEY QUESTIONS: (1) What organizations are recognized as having well designed and implemented security
programs? (2) How have these organizations implemented their programs and what do they ccnsider critical
success factos? (3) How do die organizations' practices generally cooqiare to federal agency practices and could
they be successfully adopted by feder?1 ajencies?
Information Resources Management

WELFARE SYSTEMS
TTTLJE: REVIEW OF BBS'S MANAGEMENT OF FEDERAL FUNDS SPENT FOR STATE CHILiii SUPPORT SYSTEMS
(511206)

BACKGROUND: Since die Family Support Act of 1988, die federal government has spent over $12 billion for
automated systems to assist states in collecting child support States were required to develcqi automated
systems by October 1995, but only a few have fully met federal standards. The Cluiiman is concerned that HHS
may not have adequately addressed GAO's recommendations in our 1992 report
KEY QUESTIONS: (I) What is die status of state systems, including cost? (2) Has HHS implemented GAO's
1992 recommendations and is HHS providing effective oversight of state systems to ensure diat the government
is getting a return on its investment?

HIGH RISK SYSTEMS
TITLE: BRA 5: REVIEW OF HCFA'SMTS MANAGEMENT PRACTICES (ni2I2)

BACKGROUND: In January 1994, HCFA awarded a contract f<H^ a new cmnputer system-tbe Medicare
Transaction System (MTS)-to process Medicare claims. In our November 16,1995 testimony, we cited
problems with the MTS project's schedule, cost/benefit estimates, and software requirements. As a result, GAO
was asked to continue to evaluate HCFA's management of MTS.
KE^ QUESTIONS: To «4iat extent is HCFA (1) mznaging die MTS project as an investment, and (2) i^^lying
effective system develoinaent processes toreducerisks.

TTTLE: PILOT TEST AIMD'S YEAR 2000 READINESS GUIDANCE ON SSA'S YEAR 2300 PROGRAM (511215)

BACKGROUND: This is me of a series of GAO jobs oa government-wide efforts to address year 2000 (Y2K)
date conversion problems. AIMD has developed a draft guide cm assessing agencies' readiness to achieve. Y2K
compliance. We will test this guidance at SSA-considered to be a leader in addressing Y2K problems but also
an agency where die impact of a Y2K fail^jre could be dramatic.
KEY QUESTIONS: (1) Are diere opportunities for SSA to improve its Y2K efforts? (2) What lessons learned
and best ptactices identified at SSA can be applied to other federal agencies' Y2K effots? (3) How can AIMD
enhance the usefulness and application of our YzK readiness guide?
Information Resources Management

CRITICAL DEVELOPMENT EFFORTS
TITLE: VETERANS BENEFITS AMHNISlR'kTION SYSTFVS MOI»»NIZATION FOLLOW-UP (51U06)

BACKGROUND: In June 1996 testimony, ws identified technical and management weaknesses in VBA's
systems-modernization effort As a result, the subcommittee has requested a follow-up review to determine
VB A actions taken to address the weaknesses we raised.
KEY QUESTIONS: What actions has VBA taken^ to address die management and technical weaknesses relating
to (1) creating credible business and information resources maniigement plans, (2) developing a much inqxoved
investment strategy for selecting and managing information technology projects, and (3) strengthening VBA's
technical capability to develop software applications?

IMPROVING INFORMATION MANAGEMENT
TTTLE: BRA 6: NSLDS COMPLIANCE ASSESSMENT (511211)

BACKGROUND: The Dept of Education (ED) provides billions of dollars in postseccndary student loans and
grants. Although the 1992 Higher Education Act amendments required ED to integntte the Nati(»al Student
Lean D^ta System (NSLDS)-a nationwide grant^ecipient datarepository—widi other Tide IV program
participation databases by January 1,1994, ED has apparendy not yet done this.
KEY QUESTTONS: What actions does ED need to take to integrate NSLDS widi odier Tide IV program
participation databases?

TITLE: SOCIAL SECURITY ADMINISTRATION'S MANAGEMENT OF ITS SYSTEMS MODERNIZATION
INVESTMENTS (511216)

BACKGROUND: In September i996, we repmted aa major challenges diat SSA faced in managing its
multibillion dollar systems modernization effort including developing software. As a result the subconunittee
bas requested an update on 3SA's management of infonnation technology, focusing on SSA's Intelligent
Workstation/Local Area Netwrak and effrats to inqirove its software development process.
KEY QUESTIONS: (1) What is die status of SSA's implementation elf die Intelligent Workstation/Local Area
NetWv'A (IWS/LAN)? (2) How is SSA's transition to die IWS/LA>T infrastructure impacting its field operations?
(3) What iJ the status of efforts to iminove SSA's software develc^nnent process? (4) How is SSA managing its
^<<terti mc Jernization investments?
Information Resources Management

TRANSPORTATION/TELECOMMUNICA'nONS ISSUES
TTTLE: REVIEW INEPARTMENT OF THE INTERKHt (DOD EFFORTS TO REDUCE COSTS BY CONSOLIDATING
AND OPTIMIZING TELEOMMMUNICATIONS SERVICES (511414)

BACKGR(XJND: DOI spends over $60 millim annually fortelecommunicationsservices-voice and data-diat
are individually acquired and managed by its component bureaus and service organizations in hundreds of field
offices across die U.S. Consolidating these services at high-traffic locations |Besents opportunities to reduce
costs by eliminating umiecessaty services.
KEY QUESTTONS: (1) Has DOI consolidatBd and optimized itstelecommunicationsservices to eliminate
inrnrccvsary services and nwximize savings?

HIGH RISK Sl^TEMS
TTILE: BRA 25: REVIEW OF NWS SYSTEM CAPABELITIES TO SUPPORT WEATHER FORECASTING (511422)

BACKGROUND: The National Weather Service has been modeniizii:% its inf onnation systems and work
processes to enable inqxoved forecasts while at die same time reducing the number of forecast offices and staff.
NWS is required by law to certify that any closed office will notresultin a degradation of forecasting service to
the area involved.
KEY QUESTIONS: 1) How has NWS implemented its modernization and restructuring process to reduce staff
and ofiBces byrelyingon new antmiated systems, using Erie, Pennsylvania, as a case exacqile?

TTILE: BRA 22: REVIEW OF FAA'S ATC INVk^TMENT MANAGEMENT PRACTICES (511534)

BACKGROUND: FAA's high-risk air baffic contrd (ATC) modenuzatirai program is a multi-billion dollar
portfolio of infonoation techndogy ( ^ investments. Effectively managing die program requires disciplined
selectioo, cooirol, and evaluatitm of these investments. FAA's new Acquisitioa Management System is
intended, in part, to inqxove its investment manageoient processes.
KEY QUESTIONS: (1) What is FAA's approach to managing its ATC modernization investments? (2) Does
FAA have an effective iq^Hoach for managing tbese investments? (3) What effcits does FAA have planned fx
underway to inqxove its ATC modernization investment management approach?
Iitformation Resources Management

HIGH RISK SYSTEMS
TITLE: HRA 22:R£VIEW OF FAA'S AIR TRAFHC CONTROL (ATC) COMPUTER SECURITY (511536)

BACKGROUND: As FAA modernizes its ATC systems it foces an increasing challenge to protect die integrity,
confidentiality, and availability of ATC informaticm. Computer security violations could result in eiqiensive
nationwide delays aid even loss of life. Therefore, effective controls are essential to minimi^y. die risks
associated with potential vulnerabilities.
KEY QUESTTONS: (1) What is FAA's approach to cooqmter security? (2) Is FAA effectively managing
computer security for its (^lerational ATC systems? What security measures could be strengdiened? (3) Is FAA
effectively managing computer security for future ATC modernization systems? What security measures could
be strengthened?

IMPROVING INFORMATION MANAGEMENT
TTILE: SBA SYSTEM I«VELOPMENT (511421)

BACKGRCUND: Tbe Small Business Improvement Act of 1996 required die Small Business Administntion
(SBA) to establish a management infonnaticm system to help identify loan underwriting, recovery, and
liquidation problems. The requester asked GAO toreviewdiis system development effort and odier SBA IRM
planning and management activities.
KEY QUESTTONS: 1) Is SBA taking adequate steps to develop a management information system that will
• ~ f t ** "Tpwisions of the Small Business Improvement Act o^ 1996? 2) What is die status of SBA's majo- IRM--
planning and management effofts, including the dc'velopment of strategic business and IRM {dans and the
resolution (rf year-2000 {aoblems?