oversight

High-Risk Areas: Actions Needed to Solve Pressing Management Problems

Published by the Government Accountability Office on 1997-03-05.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                          United States General Accounting Office

GAO                       Testimony
                          Before the Committee on Governmental Affairs,
                          U.S. Senate




For Release on Delivery
Expected at
10 a.m.
                          HIGH-RISK AREAS
Wednesday
March 5, 1997

                          Actions Needed to Solve
                          Pressing Management
                          Problems
                          Statement of Gene L. Dodaro
                          Assistant Comptroller General
                          Accounting and Information Management Division




GAO/T-AIMD/GGD-97-60
Mr. Chairman and Members of the Committee:

We are pleased to be here to discuss solutions to serious management
problems that needlessly cost billions of dollars in taxpayers funds and
result in huge missed opportunities to improve service to the American
public and ensure adequate accountability for federal operations.

This Committee continues to be a vitally important driving force in efforts
to effectively implement much needed management reforms. Important
recent legislative initiatives initiated in this Committee and enacted by the
Congress provide the framework for the actions needed to bring about
lasting solutions to serious and long-standing federal government
management problems. Determined follow-through by agency managers
and sustained attention by the Congress, however, are essential
ingredients to translating these critical reforms into the reality of reformed
day-to-day management practices across the spectrum of the federal
government’s operations.

GAO’s mission is helping the Congress in its efforts to improve management
of our national government. One approach has entailed identifying critical
management problems before they become uncontrollable crises. Since
1990, we have produced a list for the Congress of areas that were
identified, based on GAO work, as highly vulnerable to waste, fraud, abuse,
and mismanagement. To help solve high-risk problems, we have made
hundreds of recommendations to get at the heart of these problems, which
have at their core a fundamental lack of accountability.

This list helps focus attention of the administration and the Congress on
critical management problems. The high-risk designation has prompted
agencies to take action in many areas, and progress in addressing
management problems has ensued. The need to address fundamental
management problems also was a factor in prompting the Congress to
enact important reforms such as (1) the 1995 Paperwork Reduction Act
and the 1996 Clinger-Cohen Act to better manage investments in
information technology, (2) the Government Management Reform Act of
1994, which expanded the 1990 Chief Financial Officers (CFO) Act’s
requirement for financial statements and controls that can pass the test of
an independent audit, and (3) the 1993 Government Performance and
Results Act (GPRA) to better measure performance and focus on results.
This legislation forms an integrated framework that will help agencies
identify and monitor high-risk areas and operate programs more efficiently




Page 1                                                   GAO/T-AIMD/GGD-97-60
and will assist the Congress in overseeing agencies’ efforts to achieve
these results.

At the beginning of each new Congress, we update our high-risk list. Areas
are removed from the list as improvements develop and progress is made,
and new areas are added to highlight burgeoning problems. Our latest
update of high-risk areas was issued last month. The 25 areas that are the
current focus of our high-risk initiative are listed in attachment I and the
reports included in our 1997 set of high-risk reports are listed in
attachment II.

In brief, we reported that agencies are taking high-risk problems seriously,
trying to correct them, and making progress in many areas. The Congress
also has acted to address several problems affecting these high-risk areas
through oversight hearings and specific legislative initiatives. Full and
effective implementation of legislative mandates, our suggestions, and
corrective measures by agencies, however, has not yet been achieved
because the high-risk areas involve long-standing problems that are
difficult to correct.

Through the set of reforms embodied in the CFO Act, GPRA, and the
information technology initiatives, the Congress has laid the groundwork
for the federal government to use proven best management practices that
have been successfully applied in the private sector and state and local
governments. These reforms will not produce lasting improvements,
however, without successful implementation by agencies and relentless
congressional involvement. The next few years are critical; agencies are in
the formative years of implementing the expanded, governmentwide
mandates of the CFO Act and GPRA and in the first full year of carrying out
the new information technology mandates. Congressional attention, such
as that shown by this hearing, is pivotal to achieving meaningful
improvements.

The following sections outline actions needed to solve high-risk
management problems. Fixing these problems can result in the
government (1) saving billions of dollars, (2) making better investments in
information technology, (3) managing the cost of government more
effectively, and (4) improving performance and service to the public.




Page 2                                                  GAO/T-AIMD/GGD-97-60
                             One of the six major categories in our high risk series is obtaining an
Reaping the Benefits         adequate return on multibillion dollar investments in information
of Technology Is             technology.1 We added this category in 1995 because we continued to find
Central to Controlling       major system development projects that greatly exceed estimated costs,
                             fall years behind schedule, and fail to achieve operational goals. These
Costs and Providing          failures have left the Congress and executive branch severely handicapped
Better Services              by the lack of reliable data. Moveover, huge opportunities have been lost
                             to use technology to reduce federal operating costs and improve program
                             performance.

                             The effective use of information technology is integral in some way to
                             solving problems in all the high-risk areas mentioned in our 1997 series.
                             The seriousness of these information management problems is
                             underscored by the fact that nearly every aspect of over $1.5 trillion in
                             annual federal government operations depends on information systems.
                             Additionally, the American public, enjoying the everyday benefits of
                             technology-driven service improvements in the private sector, are
                             becoming increasingly frustrated with poor performance from federal
                             agencies.

                             In our 1997 high risk report on information management and technology,2
                             we focus on four major modernization efforts that provide a vivid study in
                             technology management problems that, unfortunately, are all too typical
                             across the federal government.

                         •   The Internal Revenue Service (IRS) has spent or obligated over $3 billion
                             since 1986 on its Tax Systems Modernization (TSM), which is designed to
                             overhaul the paper-intensive approach to tax return processing. We
                             reported in 1995 that the modernization lacked basic elements needed to
                             bring it to a successful conclusion, such as a comprehensive business
                             strategy for reducing paper filings and the requisite management, software
                             development, and technical infrastructure. We made over a dozen
                             recommendations to address these weaknesses, including implementing
                             (1) a sound process to manage technology investments, (2) disciplined
                             procedures for software requirements management, and (3) an integrated
                             systems architecture.




                             1
                              Over the last 6 years, federal agencies have obligated about $145 billion to activities related to
                             information technology. This figure does not include many additional billions of dollars that go to
                             software embedded in Defense weapons systems.
                             2
                              Information Management and Technology (GAO/HR-97-9).



                             Page 3                                                                      GAO/T-AIMD/GGD-97-60
    We reported in June and September 1996 that IRS had initiated many
    activities to improve its modernization efforts but had not fully
    implemented any of our recommendations. The Congress subsequently
    directed IRS to establish a schedule for implementing GAO’s
    recommendations. It also required regular status reports on corrective
    actions and TSM spending. IRS and the Department of the Treasury have
    taken steps to address our recommendations and respond to
    congressional direction, but further concerted, sustained improvement
    efforts are needed.3

•   For over 15 years, the Federal Aviation Administration’s (FAA) $34-billion
    air traffic control (ATC) modernization has experienced cost overruns,
    schedule delays, and performance shortfalls. Though FAA has recently
    made important progress on aspects of the modernization, some serious
    problems remain. Most notably, this large effort has long proceeded
    without the benefit of a complete systems architecture to guide the
    modernization’s development and evolution. Among other things, this lack
    of a technical blueprint has led to unnecessarily higher spending to buy,
    integrate, and maintain hardware and software. We have recommended
    that FAA develop and enforce a complete systems architecture.
    Exacerbating the modernization’s problems is unreliable information on
    costs—both future estimates of costs and accumulations of actual costs.
    We have recommended that FAA institutionalize a defined cost process and
    develop and implement a managerial cost accounting capability.4
•   The Department of Defense’s (DOD) Corporate Information Management
    (CIM) effort was supposed to save billions of dollars by streamlining
    operations and implementing standard information systems in areas such
    as materiel management, personnel, finance, and transportation. But after
    8 years and $20 billion in spending on CIM, DOD has yet to meet its savings
    goals, largely because of its failure to implement sound management
    practices for CIM. We have recommended that DOD (1) better link system
    modernization projects to business process improvement efforts,



    3
     Tax Systems Modernization: Management and Technical Weaknesses Must Be Corrected If
    Modernization Is to Succeed (GAO/AIMD-95-156, July 26, 1995); Tax Systems Modernization: Actions
    Underway But IRS Has Not Yet Corrected Management and Technical Weaknesses (GAO/AIMD-96-106,
    June 7, 1996); and Tax Systems Modernization: Actions Underway But Management and Technical
    Weaknesses Not Yet Corrected (GAO/T-AIMD-96-165, September 10, 1996).
    4
     Advanced Automation System: Implications of Problems and Recent Changes (GAO/T-RCED-94-188,
    April 13, 1994); Air Traffic Control: Good Progress on Interim Replacement for Outage-Plagued
    System, but Risks Can Be Further Reduced (GAO/AIMD-97-2, October 17, 1996); Air Traffic Control:
    Complete and Enforced Architecture Needed for FAA Systems Modernization (GAO/AIMD-97-30,
    February 3, 1997); and Air Traffic Control: Improved Cost Information Needed to Make Billion Dollar
    Modernization Investment Decisions (GAO/AIMD-97-20, January 22, 1997).



    Page 4                                                                    GAO/T-AIMD/GGD-97-60
    (2) establish plans and performance measures and clearly defined roles
    and responsibilities for implementing CIM, (3) improve controls over
    information technology investments, and (4) not initiate system
    improvement projects without sound economic and technical analyses.5
    DOD has yet to successfully implement these recommendations and
    continues to spend billions of dollars on system migration projects with
    little sound analytical justification. Recently, however, DOD has begun an
    initiative to better manage its technology investments using its planning,
    programming, and budgeting system.
•   Similarly, the National Weather Service (NWS) has yet to resolve serious
    problems with its $4.5-billion modernization effort. New radars are not
    always up and running when severe weather is threatening and
    ground-based sensors fall short of performance and user expectations. We
    have recommended several actions for correcting these problems and
    have also recommended that NWS improve its technical capabilities to
    design and manage the modernization. NWS has addressed some of our
    concerns in these areas, but others remain. We also recommended that
    NWS establish a sound decision-making process for managing the
    modernization’s massive investment and getting promised returns from
    technology. Finally, the modernization effort has long gone without a
    systems architecture to guide it. In response to our recommendations, NWS
    has begun to develop a technical blueprint for the modernization.
    However, until a systems architecture is developed and enforced, the
    modernization will continue to incur higher system development and
    maintenance costs.6

    Correcting problems in these four major modernization efforts is
    important. But we also recognize the need to address and overcome the
    root causes of the government’s chronic information management
    problems. To do this, GAO has worked closely with the Congress and the
    administration to fundamentally revamp and modernize federal

    5
     Defense Management: Stronger Support Needed for Corporate Information Management Initiative to
    Succeed (GAO/AIMD/NSIAD-94-101, April 12, 1994); Defense Management: Selection of Depot
    Maintenance Standard System Not Based on Sufficient Analyses (GAO/AIMD-95-110, July 13, 1995);
    Defense Transportation: Migration Systems Selected Without Adequate Analysis (GAO/AIMD-96-81,
    August 29, 1996); and Defense IRM: Critical Risks Facing New Material Management Strategy
    (GAO/AIMD-96-109, September 6, 1996).
    6
     Weather Forecasting: Radars Far Superior to Predecessors, but Location and Availability Questions
    Remain (GAO/T-AIMD-96-2, October 17, 1995); Weather Forecasting: Unmet Needs and Unknown
    Costs Warrant Reassessment of Observing System Plans (GAO/AIMD-95-81, April 21, 1995); Weather
    Forecasting: Improvements Needed in Laboratory Software Development Processes
    (GAO/AIMD-95-24, December 14, 1994); Weather Forecasting: Recommendations to Address New
    Weather Processing Systems Development Risks (GAO/AIMD-96-74, May 13, 1996); Information
    Technology Investment: Agencies Can Improve Performance, Reduce Costs, and Minimize Risks
    (GAO/AIMD-96-64, September 30, 1996); and Weather Forecasting: Systems Architecture Needed for
    National Weather Service Modernization (GAO/AIMD-94-28, March 11, 1994).



    Page 5                                                                    GAO/T-AIMD/GGD-97-60
                              information management practices. We studied information management
                              practices at leading public-sector and private-sector organizations—ones
                              that have dramatically improved their performance and met mission goals
                              through the use of technology. In our executive guide to improving
                              information management, we identified proven techniques used by these
                              successful organizations and developed an integrated set of information
                              management practices for federal agencies.7

                              The 104th Congress used these best practices to craft the first major
                              information management reform legislation in over a decade: the
                              Paperwork Reduction Act of 1995 (PRA) and the Clinger-Cohen Act of 1996.
                              These laws emphasize involving senior executives in information
                              management decisions, establishing senior-level Chief Information
                              Officers, tightening controls over technology spending, redesigning
                              inefficient work processes, and using performance measures to assess
                              technology’s contribution to achieving mission results. These management
                              practices provide agencies—such as IRS for tax systems—a practical
                              means of addressing their information problems, maximizing benefits from
                              technology spending, and controlling the risks of system development
                              efforts.

                              Past experience has shown that the early days following the passage of
                              reform legislation are telling. Let me quickly highlight areas where this
                              Committee can ensure that these reforms get off to a strong start.


Executive Leadership Is       In the successful organizations we studied, senior executives were
Crucial                       personally committed to improving the management of technology. They
                              recognized that information management needed to be incorporated into
                              an executive-level management framework that included mission
                              planning, goal setting, budgeting, and performance improvement. Both the
                              PRA and the Clinger-Cohen Act incorporate this practice by making agency
                              heads directly responsible for

                          •   establishing goals for using information technology to improve the
                              effectiveness of agency operations and service to the public,
                          •   measuring the actual performance and contribution of technology in
                              supporting agency programs, and




                              7
                               Executive Guide: Improving Mission Performance Through Strategic Information Management and
                              Technology—Learning from Leading Organizations (GAO/AIMD-94-115, May 1994).



                              Page 6                                                               GAO/T-AIMD/GGD-97-60
                           •   including with their agencies’ budget submissions to the Office of
                               Management and Budget (OMB) a report on their progress in meeting
                               operational improvement goals through the use of technology.


Qualified Chief                The PRA requires major agencies to appoint well-qualified Chief
Information Officers Are       Information Officers (CIO) who report directly to agency heads. The CIO is
Needed Throughout              responsible for working with the agency head and other senior managers
                               to (1) promote improvements to work processes used to carry out
Government                     programs, (2) implement an adequate information technology architecture,
                               and (3) strengthen the agency’s capabilities to deal with emerging
                               technology issues and develop effective information systems.

                               Getting the right people in place will make a real difference in
                               implementing lasting management reforms. CIOs should have knowledge of
                               and practical experience in using technology to produce major
                               improvements in performance. This year, the Congress should expect to
                               see well-qualified CIOs making clear progress in implementing the reforms.
                               CIOs should also be active in identifying the technical capabilities that their
                               agencies need to acquire and manage information resources in a
                               disciplined manner to better control risks and achieve desired outcomes.


Improved Investment            Leading organizations manage information technology projects as
Controls Are Vital             important investments. Top executives periodically assess all major
                               projects, prioritize them, and make funding decisions based on factors
                               such as cost, risk, return on investment, and support of mission-related
                               outcomes. Once projects are selected for funding, executives monitor
                               them continually, taking quick action to resolve development problems
                               and mitigate risks. After a project is implemented, executives evaluate
                               actual versus expected results and revise their investment management
                               process based on lessons learned.

                               The PRA and the Clinger-Cohen Act incorporate these investment practices.
                               Agency heads and CIOs should be designing and implementing a structure
                               for maximizing the value and managing the risk of technology investments
                               by

                           •   selecting, controlling, and evaluating investments using sound criteria and
                               good data;
                           •   modernizing work processes before making significant technology
                               investments; and



                               Page 7                                                    GAO/T-AIMD/GGD-97-60
                         •   building large, complex systems in a modular fashion.

                             Last month, GAO issued a comprehensive guide for agencies to use in
                             assessing how well they are selecting and managing their information
                             technology resources. The guide, which is based on best practices, will be
                             instrumental in helping agencies identify specific areas for improving their
                             investment process to maximize the returns on technology spending and
                             better control system development risks.8

                             As part of its review of fiscal year 1998 budget proposals, the Congress
                             should look for clear evidence that agencies have established sound
                             investment processes and explore agencies’ track records in achieving
                             performance improvements from technology. Congressional committees
                             should expect agencies to provide hard data on how technology spending
                             is planned to be used to improve mission performance and reduce
                             operating costs.


OMB’s Role Is Critical       Under the reform legislation, OMB has significant leadership
                             responsibilities to help agencies to improve their information management
                             practices. This is especially important in

                         •   establishing guidance and policies for agencies to follow in implementing
                             the investment reforms and
                         •   evaluating the results of agency technology investments and enforcing
                             accountability for results through the executive branch budget process.

                             OMB has been proactive in developing policies and procedures to help
                             agencies institute effective investment decision-making processes. For
                             example, OMB and GAO worked together to produce a guide in 1995 for both
                             OMB budget examiners and agency executives on how to evaluate
                             information technology investments using the concepts from our best
                             practices work.9 OMB needs to continue to define expectations for agencies
                             and for itself in this key area. Also, in 1996, we recommended that OMB

                         •   develop recommendations for the President’s budget on funding levels for
                             technology projects that take account of an agency’s track record in
                             delivering performance improvements from technology investments and

                             8
                             Assessing Risks and Returns: A Guide for Evaluating Federal Agencies’ IT Investment
                             Decision-making, Version 1 (GAO/AIMD-10.1.13, February 1997).
                             9
                               Evaluating Information Technology Investments: A Practical Guide, version 1.0 (S/N 041-001-00460-2,
                             November 1, 1995).



                             Page 8                                                                     GAO/T-AIMD/GGD-97-60
•   develop an approach for determining whether OMB itself is having an
    impact on reducing the risk or increasing the returns on agency
    information technology investments.10

    To its credit, at the beginning of this fiscal year, OMB issued a
    memorandum to heads of executive departments and agencies laying out
    decision criteria that OMB will use in evaluating and funding major
    information system investments proposed for funding under the
    President’s fiscal year 1998 budget. The criteria strongly reinforce the
    provisions of the reform legislation.

    OMB also has a crucial role helping to resolve two governmentwide
    information management issues added new to our 1997 high-risk list. The
    first is information security. Malicious attacks on computer systems are an
    increasing threat to our national welfare. Despite their sensitivity and
    criticality, federal systems and data across government are not being
    adequately protected, thereby putting billions of dollars worth of assets a
    risk of loss and vast amounts of sensitive data at risk of unauthorized
    disclosure.

    Since June 1993, we have issued over 30 reports describing serious
    information security weaknesses at major federal agencies. For example,
    in May 1996, we reported that tests at DOD showed that DOD systems may
    have experienced as many as 250,000 attacks during 1995, that over
    60 percent of the attacks were successful at gaining access, and that only a
    small percentage of these attacks were detected.11 And in September 1996,
    we reported that during the previous 2 years, serious information security
    control weaknesses had been reported for 10 of the 15 largest federal
    agencies.12 We have made dozens of recommendations to individual
    agencies for improvement and they have acted on many of them.

    Also, in 1996, we recommended that OMB play a more proactive role in
    promoting awareness in monitoring agency practices. In particular, we
    recommended that OMB work with the interagency CIO Council to develop a
    strategic plan for (1) identifying information security risks, (2) reviewing


    10
     Information Technology Investment: Agencies Can Improve Performance, Reduce Costs, and
    Minimize Risks (GAO/AIMD-96-64, September 30, 1996).
    11
     Information Security: Computer Attacks at Department of Defense Pose Increasing Risks
    (GAO/AIMD-96-84, May 22, 1996).
    12
     Information Security: Opportunities for Improved OMB Oversight of Agency Practices
    (GAO/AIMD-96-110, September 24, 1996).



    Page 9                                                                 GAO/T-AIMD/GGD-97-60
                           individual agency security programs, and (3) developing or identifying
                           security training programs.

                           The second governmentwide high-risk issue concerns the need to modify
                           information systems to correctly process dates past the year 1999 (the
                           “Year 2000 Problem”). As chair of the CIO Council, OMB has a key role to
                           play in solving this problem, which threatens widespread disruption of
                           federal computer systems. It is important for OMB to get agencies to rapidly
                           review their information technology systems, assess the scope of their
                           Year 2000 problem, renovate the systems that need to be changed, and test
                           and implement them.

                           For our part, GAO has developed a step-by-step framework to guide
                           agencies in planning and managing their Year 2000 programs. Our guide
                           incorporates best practices identified by leading agencies for dealing with
                           this issue, and is coordinated with the work of the Best Practices
                           Subcommittee of the Interagency Year 2000 Committee.13


                           Better financial management is central to providing much needed
Managing the Cost of       accountability and addressing high-risk problems. The government’s
Government                 financial systems are all too often unable to effectively perform the most
Programs More              rudimentary bookkeeping for organizations, many of which are oftentimes
                           much larger than many of the nation’s largest private corporations.
Effectively                Federal financial management suffers from decades of neglect, inattention
                           to good controls, and failed attempts to improve financial management
                           and modernize outdated financial systems.

                           This situation is illustrated in a number of high-risk areas, including

                       •   the weaknesses that undermine DOD’s ability to obtain a positive audit
                           opinion showing that it can accurately account for a $250 billion annual
                           budget and over $1 trillion in government assets,
                       •   the substantial improvements that are needed in IRS’ accounting and
                           financial reporting for federal tax revenue, and
                       •   the fundamental control weaknesses that resulted in the Department of
                           Housing and Urban Development’s Inspector General being unable to give
                           an opinion on the department’s fiscal year 1995 financial statements.




                           13
                            Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14, February 1997, exposure
                           draft).



                           Page 10                                                               GAO/T-AIMD/GGD-97-60
The landmark CFO Act, as expanded in 1994 by the Government
Management Reform Act, provides a long overdue and ambitious agenda
to help resolve these types of financial management deficiencies. The act
established a CFO structure in 24 major agencies to provide the necessary
leadership. Moreover, the CFO Act set expectations for (1) the deployment
of modern systems to replace existing antiquated, often manual,
processes, (2) the development of better performance and cost measures,
and (3) the design of results-oriented reports on the government’s
financial condition and operating performance.

In the next few months, we will witness a monumental achievement: 24
CFO act agencies—covering virtually the entire federal budget—will have
prepared and have audited financial statements for their entire operations
for fiscal year 1996. This major milestone represents the first time that all
major government agencies will have exercised the type of financial
reporting and control discipline that has been required in the private
sector for over 60 years and in state and local governments since the early
1980s.

As we have testified several times, important and steady progress is being
made under the act to bring about sweeping reforms and rectify the
devastating legacy from inattention to financial management.14 For
example, CFO Act financial audits have resulted in IRS top management
having a better understanding than ever before of the agency’s financial
management problems. Also, the act provided impetus for IRS’ progress in
improving payroll processing and accounting for administrative operations
and is prompting the agency to work on solutions to revenue and accounts
receivable accounting problems. These efforts are in response to the
nearly 60 improvement recommendations we have made as a result of our
audits of IRS’ financial statements under the CFO Act during the past several
years.

Also, implementing the CFO Act’s blueprint for financial management
improvements is at the heart of resolving many of DOD’s high-risk
problems. Since 1990, auditors have made over 400 recommendations
aimed at helping to correct DOD’s financial management problems. While
no military service or other DOD component has been able to withstand the



14
 Financial Management: Continued Momentum Essential to Achieve CFO Act Goals
(GAO/T-AIMD-96-10, December 14, 1995); Financial Management: Momentum Must Be Sustained to
Achieve the Reform Goals of the Chief Financial Officers Act (GAO/T-AIMD-95-204, July 25, 1995); and
Financial Management: CFO Act Is Achieving Meaningful Progress (GAO/T-AIMD-94-149, June 21,
1994).



Page 11                                                                  GAO/T-AIMD/GGD-97-60
    scrutiny of an independent financial statement audit and the department’s
    financial management processes are among the worst in government,
    DOD’s financial management leaders have recognized the importance of
    tackling these problems. They have expressed a commitment to financial
    management reform and have many initiatives underway to address
    long-standing financial management weaknesses.

    Much remains to be done at both IRS and DOD to realize necessary
    improvements, and our reports have outlined the actions necessary to
    improve their financial management. An intensive effort by IRS and DOD
    and support by the Congress will be required as well. Also, financial
    statements for many government programs and operations involving
    billions of dollars, such as Medicare, are being prepared and audited for
    the first time ever. We have worked with agency CFOs and Inspectors
    General, OMB, and the Department of the Treasury over several years to be
    a catalyst for the preparation and audit of agencywide financial statements
    across government. We also have worked with OMB and Treasury to create
    the Federal Accounting Standards Advisory Board, which recently
    completed a complete set of new accounting standards for the federal
    government.

    When financial statement audits under the CFO Act are completed, it will
    be important for the Congress to ensure that agencies promptly and
    thoroughly correct problems that these audits identify. To assist the
    Congress in this area, we plan to explore the concept of agency audit
    committees, which are commonplace and effective for private-sector
    corporations, as a means of maintaining high-level vigilance and support
    for fixing problems.

    Other challenges include

•   continuing to build stronger financial management organizations by
    upgrading skill levels, enhancing training, and ensuring that CFOs possess
    all the necessary authorities within their agencies to achieve change;
•   devising and applying more effective solutions to address difficult
    problems plaguing agencies’ underlying financial systems;
•   designing comprehensive accountability reports to permit more thorough
    and objective assessments of agencies’ performance and financial
    conditions, as well as to enhance the budget preparation and deliberation
    process; and
•   implementing complementary legislative requirements, including (1) the
    Debt Collection Improvement Act of 1996 enacted to expand and



    Page 12                                                GAO/T-AIMD/GGD-97-60
                   strengthen federal agency debt collection practices and authorities and
                   (2) the Federal Financial Management Improvement Act of 1996 requiring
                   agencies to comply with new federal accounting standards, federal
                   financial systems requirements, and the U.S. government’s standard
                   general ledger.


                   The Government Performance and Results Act seeks to shift the focus of
Improving          federal management and decision-making from a preoccupation with the
Performance and    number of tasks completed or services provided to a more direct
Providing Better   consideration of the results of programs—that is, the real differences the
                   tasks or services make to the nation or individual taxpayer. GPRA
Service            originated in part from the Congress’s frustration that congressional
                   policymaking, spending decisions, and oversight and agencies’
                   decision-making all had been seriously handicapped by the lack of clear
                   goals and sound performance information. The Congress viewed GPRA as a
                   critical tool to address serious shortfalls in the effectiveness of federal
                   programs—many of which had been extensively documented in our work.

                   In crafting GPRA, the Congress built on the experiences of leading states
                   and local governments and other countries that were successfully
                   implementing management reform efforts and becoming more
                   results-oriented. As a starting point, GPRA requires executive agencies to
                   complete—no later than September 30 of this year—strategic plans in
                   which they define their missions, establish results-oriented goals, and
                   identify the strategies they will use to achieve those goals. GPRA requires
                   agencies to consult with the Congress and solicit the input of other
                   stakeholders as they develop these plans.

                   Next, beginning with fiscal year 1999, executive agencies are to use their
                   strategic plans to prepare annual performance plans. These performance
                   plans are to include annual goals linked to the activities displayed in
                   budget presentations as well as the indicators the agency will use to
                   measure performance against the results-oriented goals. Agencies are
                   subsequently to report each year on the extent to which goals were met,
                   provide an explanation if these goals were not met, and present the
                   actions needed to meet any unmet goals.

                   When it passed GPRA, the Congress clearly understood that most agencies
                   would need to make fundamental management changes to properly
                   implement this law and that these changes would not come quickly or
                   easily. As a result, GPRA included a pilot phase where about 70 federal



                   Page 13                                                  GAO/T-AIMD/GGD-97-60
organizations gained experience in implementing key parts of GPRA and
provided valuable lessons for the rest of the government. Our Executive
Guide: Effectively Implementing the Government Performance and Results
Act (GAO/GGD-96-118, June 1996) was intended to help agencies implement
GPRA by drawing on the experiences of leading public-sector organizations
here and abroad to suggest a proven and practical path that agencies can
take to implement GPRA.

Our work has found numerous examples of management-related problems
stemming from unclear agency missions; the lack of results-oriented
performance goals; the absence of well-conceived agency strategies to
meet those goals; and the failure to gather and use accurate, reliable, and
timely program performance and cost information to measure progress in
achieving results. Addressing these problems is both a challenge and an
opportunity for effectively implementing GPRA.

The congressional consultations on agencies’ strategic plans—which in
many cases are beginning now—provide an important opportunity for the
Congress and the executive branch to work together to ensure that
missions are focused, goals are results-oriented and clearly established,
and strategies and funding expectations are appropriate and reasonable.
The experiences of leading organizations suggest that planning efforts that
have such characteristics can become driving forces in improving the
effectiveness and efficiency of program operations. The GPRA strategic
planning process thus provides the Congress with a potentially powerful
vehicle for clarifying its expectations for agencies and expanding the focus
on results expected from funding decisions.

Moreover, as part of the Congress’s integrated statutory framework, the
successful implementation of the CFO Act, the PRA, and the Clinger-Cohen
Act are absolutely critical if GPRA is to be successful in improving program
performance. For example, with successful implementation, the audited
financial statements required by the CFO Act will provide congressional
and executive branch decisionmakers with the reliable financial and
program cost information that they have not previously had. This
information is to be provided to decisionmakers in results-oriented reports
on the government’s program results and financial condition that, for the
first time, integrate budget, financial, and program information. These
reports are also to include cost information that enables users to relate
costs to outputs and outcomes.




Page 14                                                GAO/T-AIMD/GGD-97-60
    Equally important, the sound application and management of information
    technology to support strategic program goals must be an important part
    of any serious attempt to improve agency mission performance, cut costs,
    and enhance responsiveness to the public. The successful implementation
    of information technology reform legislation—which, among other things,
    requires that agencies have a strategy that links technology investments to
    achieving programmatic results—is critical to ensuring the wise use of the
    billions of dollars the government is investing in information systems.

    Thus, in concert with the CFO Act and information technology legislation,
    improved goal-setting and performance measures developed under GPRA
    are critical to addressing high-risk areas. Clear goals and sound
    performance data are key to strengthening decision-making in agencies
    and in the Congress and pinpointing specific opportunities for improved
    performance. For example, performance measures can be useful in

•   guiding management of defense inventory levels to prevent the
    procurement of billions of dollars of centrally managed inventory items
    that may not be needed. For example, as of 1995 about half of the
    $69.6 billion defense inventory is beyond what is needed to support war
    reserve or current operating requirements.
•   reaching agreement with the Congress on and monitoring acceptable
    levels of errors in benefit programs, which may never be totally eliminated
    but can be much better controlled. For instance, no one can determine
    with precision how much Medicare loses each year to fraudulent and
    abusive claims, but losses could be from $6 billion to as much as
    $20 billion based on 1996 outlays.
•   monitoring loan loss levels and delinquency rates for the government’s
    direct loan and loan guarantee programs—multibillion dollar operations in
    which losses for a variety of programs involving farmers, students, and
    home buyers are expected but can be minimized with greater oversight.
    For example, in fiscal year 1995, the federal government paid out over
    $2.5 billion to make good its guarantee on defaulted student loans.
•   assessing the results of tax enforcement initiatives, delinquent tax
    collection activities, and filing fraud reduction efforts. For instance, in
    fiscal year 1996, IRS reported it had collected almost $30 billion in
    delinquent taxes—more than in any previous year. However, fundamental
    problems continue to hamper IRS’ efforts to efficiently and effectively
    manage and collect its reported $216 billion inventory of tax debts.

    While the experiences of leading organizations and federal efforts under
    GPRA thus far show that full GPRA implementation will take time and much




    Page 15                                                GAO/T-AIMD/GGD-97-60
                      effort, our executive guide shows that improvements in
                      performance—sometimes substantial ones—are possible even in the short
                      term when an organization adopts a disciplined approach to defining its
                      mission and desired results, measuring its performance, and using
                      information to make decisions. For example, our executive guide provides
                      examples from the Federal Emergency Management Agency, the Veterans’
                      Health Administration, the Coast Guard, and other agencies that are well
                      on the way to improving performance by better focusing on results.


                      Management commitment is key to solving high-risk problems and getting
No Substitute for     off the high-risk list. There is no substitute for the basic management
Diligent Management   practices of goal-setting and follow-through. Agencies have successfully
Commitment and        used these common mechanics to make significant progress and get at the
                      root causes of high-risk problems. In 1995, progress in addressing five
Follow-Through        high-risk areas was sufficient to warrant the high-risk designation being
                      removed, including the following.

                      The Pension Benefit Guaranty Corporation’s (PGBC) high-risk designation
                      was removed due to substantially improved internal controls and systems.
                      For example, PBGC’s liability for future benefits (amounts owed to
                      employees of terminated pension plans insured by PBGC) represents about
                      95 percent of PBGC’s total liability. In fiscal year 1992, PBGC sufficiently
                      addressed long-standing deficiencies in (1) documentation and support for
                      various techniques and assumptions used for estimating PBGC’s liability for
                      future benefits, (2) the ability to assure the completeness and accuracy of
                      data used in the estimating techniques, and (3) estimating software. These
                      improvements enabled us to certify PBGC’s balance sheet for the first time.

                      In fiscal year 1993, PBGC resolved serious system limitations that had
                      restricted its ability to fully process all premium information, assess the
                      accuracy of premium amounts, and collect amounts due. These
                      improvements, coupled with the improved controls over the process for
                      estimating PBGC’s liability for future benefits, enabled us to certify PBGC’s
                      complete set of financial statements in fiscal years 1993 and 1994. PBGC has
                      maintained its auditability since the Corporation’s Inspector General took
                      over responsibility for auditing its annual financial statements in fiscal
                      year 1995.

                      Also, the Congress enacted legislation in 1994 to strengthen minimum
                      funding standards for pension plans and to phase out the cap on variable
                      rate premiums paid by underfunded plans. These provisions were



                      Page 16                                                 GAO/T-AIMD/GGD-97-60
                               designed to lower the underfunding in pension plans, thus reducing PBGC’s
                               exposure, and to reduce the Corporation’s deficit overtime.

                               The Resolution Trust Corporation (RTC) was moved off the high-risk list
                               because the Congress enacted specific management reforms with required
                               progress reporting to achieve the needed improvements in RTC’s
                               contracting, asset disposition, and supporting management information
                               systems. Also, RTC

                           •   improved its internal controls over receivership operations and
                               methodology for estimating cash recoveries from the assets of failed
                               thrifts;
                           •   strengthened its financial systems and controls, which enabled us to fully
                               certify RTC’s financial statements for the fiscal year ended December 31,
                               1992, and subsequent fiscal years until RTC was terminated on
                               December 31, 1995; and
                           •   created an audit committee that included the Director of the Office of
                               Thrift Supervision, a Federal Reserve Board member, and a representative
                               from the private sector.

                               In contrast, our experience is that programs are designated high risk when
                               agencies fail to quickly recognize growing problems, underestimate what it
                               will take to correct them, and do not take prompt corrective measures.
                               This has occurred for the 16 new areas that have been designated high risk
                               since our high-risk initiative began 7 years ago. Of these, 5 were designated
                               just last month. Overall, of the 25 areas that are the current focus of our
                               high-risk program, 12 areas, or about half, have been on the list for 2 years
                               or less.


                               We have also long advocated sustained oversight and attention by the
Sustained                      Congress to agencies’ efforts to fix high-risk problem areas and implement
Congressional                  broad management reforms. The Congress must continue to play a central
Oversight and                  role in ensuring that management problems in agencies’ operations are
                               identified and weaknesses addressed.
Focused Attention
Are Essential
Providing Accountability       We have advocated that congressional committees of jurisdiction hold
Reports                        annual or at least biennial comprehensive oversight on each department
                               and major independent agency. The plans and reports that agencies are to
                               develop under GPRA and the audited financial statements that are to be



                               Page 17                                                 GAO/T-AIMD/GGD-97-60
                      prepared under the expanded CFO Act should serve as the basis for those
                      hearings.

                      Congressional oversight can be shaped by thorough accountability reports
                      that provide a comprehensive picture of agencies’ performance pursuant
                      to its stated goals and objectives. Under the Government Management
                      Reform Act, several agencies are preparing accountability reports on a
                      pilot basis. These new reports will combine the separate reports required
                      under various laws, such as GPRA and the CFO Act. The accountability
                      reports are intended to show the degree to which an agency met its goals,
                      at what cost, and whether the agency was well run.

                      The Congress must have a central role in defining the content and format
                      of these reports to ensure that the reports eventually provide the Congress
                      with comprehensive “report cards” on the degree to which agencies are
                      making wise and effective use of tax dollars and to provide a better basis
                      for identifying issues to focus on during the oversight process. This will
                      also provide a full picture of an agency’s program performance and
                      resource usage to accomplish its mission.


Meeting the Human     Another matter for congressional attention is improving the management
Resource Management   and effectiveness of federal programs by modernizing human resource
Challenge             management systems. Hiring the right people and managing them
                      effectively will be indispensable to improving the performance of federal
                      agencies. In an era that demands improved performance at reduced costs,
                      agencies’ success increasingly will depend upon their abilities to assemble
                      a staff with the right blend of talents and skills.

                      However, as our work on financial and information technology issues has
                      suggested, many agencies’ staffs are not well prepared to meet this
                      challenge. GPRA also recognizes the importance of human resource
                      management by requiring that agencies’ strategic plans include a
                      description of how they intend to use their people to achieve their
                      strategic goals. The question is: does the existing civil service system allow
                      agencies the flexibility to respond to these new demands? On the one
                      hand, the competitive service is undoubtedly more flexible than it was 2




                      Page 18                                                  GAO/T-AIMD/GGD-97-60
decades ago.15 Efforts to make it so go back at least as far as the Civil
Service Reform Act of 1978 (CSRA). Yet, despite CSRA and other measures
taken since then, the competitive service as a whole is still widely viewed
as burdensome to managers, unappealing to ambitious recruits, hidebound
and outdated, overregulated, and inflexible. In short, there is general
recognition that in one way or another, the civil service must be made
more flexible in response to a changing environment.

Leading private-sector employers—as well as some government entities
both here and abroad—are creating personnel systems that diverge
sharply from the federal government’s traditional approach. The new
model is more decentralized, focused more directly on mission
accomplishment, and set up more to establish guiding principles than to
prescribe detailed rules and procedures. In our contacts with experts from
private-sector organizations and from other governments both here and
abroad and with labor representatives, academicians, and experienced
federal officials, we have identified several newly emerging principles for
managing people in high-performing organizations.

Our Transforming the Civil Service: Building the Workforce of the
Future—Results of A GAO-Sponsored Symposium (GAO/GGD-96-35,
December 20, 1995) distilled the key principles we learned. Among these
key principles were: First, in today’s high-performing organizations, people
are valued as assets rather than as costs. They are recognized as crucial to
organizational success—as partners rather than as mere hired help—and
organizations that recognize them as partners invest in their professional
development and empower them to contribute ideas and make decisions.
Second, organizational mission, vision, and culture are emphasized over
rules and regulations. In place of highly detailed rules to manage their
employees, leading organizations are relying increasingly on a well-defined
mission, a clearly articulated vision, and a coherent organizational
structure to form the foundation for the key business systems and
processes they use to achieve desired results. Third, managers are given
the authority to manage their people flexibly and creatively so they can




15
  A note on the term “competitive service”: What is commonly thought of as the “civil service”—the
federal civilian workforce subject to all the provisions of title 5 of the U.S. Code—comprises only
about 54 percent of all federal civil servants. This segment is technically known as the “competitive
service,” and operates under the federal merit system. The other 46 percent of federal workers are
employed in agencies or other federal entities—such as government corporations (like TVA) and
quasi-governmental organizations (like the U.S. Postal Service)—that operate outside title 5 or are
statutorily exempted from parts of it. These workers, while all members of the civil service, are in the
“excepted service” and are covered by a variety of alternative merit systems.



Page 19                                                                      GAO/T-AIMD/GGD-97-60
                          focus on achieving results rather than on doing things “by the book.”16
                          They are held accountable for outcomes—for furthering the mission and
                          vision of the organization—rather than for adhering to a set of minutely
                          defined procedures.

                          This, once again, is an approach that we have observed largely in the
                          private sector. But the integration of human resource management into the
                          business of the organization coincides with a practice we have identified
                          as critical to the implementation of GPRA—the alignment of activities, core
                          processes, and resources to support mission-related goals. As the federal
                          government fully implements GPRA, agencies and the Congress will be able
                          to gain further experience with how best to provide flexibility in managing
                          federal employees to better achieve mission results while observing merit
                          systems principles.


Linking Resource          Another future challenge is to better link resource allocation decisions to
Allocation Decisions to   results. Ultimately, to improve the effectiveness and efficiency of
Results                   government, the statutory framework described above—GPRA, the CFO Act,
                          and information technology reforms—must be better integrated with the
                          federal government’s resource estimation and allocation processes.
                          Although vitally important as an agency management improvement tool,
                          this framework also will provide new information and perspectives that
                          can be particularly useful to the process of allocating scarce resources
                          among competing national priorities. Comparably, the budget process will
                          need to continue to adapt to take full use of the benefits flowing from
                          these initiatives and to support their further development.

                          The statutory framework established by the Congress can significantly
                          improve the information presented to decisionmakers during the annual
                          budget process. Financial systems improvements and audited financial
                          statements brought about by the CFO Act will enhance the accuracy and
                          reliability of financial information undergirding budgetary estimates and
                          provide a clearer appreciation of long-term unfunded commitments and of
                          the full costs of current government programs. The information
                          technology reforms and the Federal Acquisition Streamlining Act of 1994
                          are part of a broader agenda that recognizes the need for better risk
                          management and integrated life-cycle costing of capital investments,
                          which should ensure appropriate consideration and full-funding of such
                          proposals within annual budget deliberations.

                          16
                            In 1995, the Office of Personnel Management developed more flexible rules for managing
                          performance in the competitive service. We are currently examining performance management
                          initiatives taken by a number of GPRA pilots.



                          Page 20                                                               GAO/T-AIMD/GGD-97-60
Similarly, GPRA holds promise of restoring public confidence in
government at a time when we must make increasingly more painful
budgetary choices. GPRA aims to provide systematic information on the
performance of government programs and to directly link such
information with the annual budget process. Although many factors
appropriately influence budget decisions, effective implementation of GPRA
will add critical information about what citizens and the nation are
receiving for each dollar spent. Ultimately, debate about funding levels
should begin to focus on the performance of individual programs, the
overall effectiveness of agency operations, and the need for efforts to
better coordinate and harmonize federal agency missions and activities.

History indicates, however, that careful attention will be needed to ensure
that the separate objectives and processes of these reform initiatives are
effectively melded with the budget process. Integrating strategic planning,
financial accounting, and budget formulation and execution processes will
pose profound challenges; attempts to connect performance goals and
results to traditional budget decision structures will inevitably encounter
issues that the Congress and the executive branch will need to jointly
address.


The challenges of solving pressing management problems are great, but
the rewards are high. While the legislative framework is in place, much
work remains to be done to fully and effectively achieve its goals.
Continued dialogue between legislative and executive branch officials is
key to strengthen management of the federal government’s enormous
investment in information technology, improve data to help make
spending decisions, and enable better assessments of the performance and
cost of federal activities and operations.

Mr. Chairman, this concludes my statement. I would be happy to now
respond to any questions.




Page 21                                                GAO/T-AIMD/GGD-97-60
Attachment I

Areas Designated High Risk


                       Financial management (1995)
Providing for          Contract management (1992)
Accountability and     Inventory management (1990)
Cost-Effective         Weapon systems acquisition (1990)
                       Defense infrastructure (1997)
Management of
Defense Programs
                       IRS financial management (1995)
Ensuring All           IRS receivables (1990)
Revenues Are           Filing fraud (1995)
Collected and          Tax Systems Modernization (1995)
                       Customs Service financial management (1991)
Accounted for          Asset forfeiture programs (1990)


                       Tax Systems Modernization (1995)
Obtaining an           Air traffic control modernization (1995)
Adequate Return on     Defense’s Corporate Information Management initiative (1995)
Multibillion Dollar    National Weather Service modernization (1995)
                       Information security (1997)
Investments in         The Year 2000 Problem (1997)
Information
Technology
                       Medicare (1990)
Controlling Fraud,     Supplemental Security Income (1997)
Waste, and Abuse in
Benefit Programs
                       HUD (1994)
Minimizing Loan        Farm loan programs (1990)
Program Losses         Student financial aid programs (1990)


                       Department of Energy (1990)
Improving              NASA (1990)
Management of          Superfund (1990)
Federal Contracts at
                       Also, planning for the 2000 Decennial Census was designated high risk in
Civilian Agencies      1997.




                       Page 22                                               GAO/T-AIMD/GGD-97-60
Attachment II

1997 High-Risk Series


                An Overview (GAO/HR-97-1)

                Quick Reference Guide (GAO/HR-97-2)

                Defense Financial Management (GAO/HR-97-3)

                Defense Contract Management (GAO/HR-97-4)

                Defense Inventory Management (GAO/HR-97-5)

                Defense Weapon Systems Acquisition (GAO/HR-97-6)

                Defense Infrastructure (GAO/HR-97-7)

                IRS   Management (GAO/HR-97-8)

                Information Management and Technology (GAO/HR-97-9)

                Medicare (GAO/HR-97-10)

                Student Financial Aid (GAO/HR-97-11)

                Department of Housing and Urban Development (GAO/HR-97-12)

                Department of Energy Contract Management (GAO/HR-97-13)

                Superfund Program Management (GAO/HR-97-14)

                The entire series of 14 high-risk reports is numbered GAO/HR-97-20SET.




(918900)        Page 23                                                  GAO/T-AIMD/GGD-97-60
Ordering Information

The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order
made out to the Superintendent of Documents, when
necessary. VISA and MasterCard credit cards are accepted, also.
Orders for 100 or more copies to be mailed to a single address
are discounted 25 percent.

Orders by mail:

U.S. General Accounting Office
P.O. Box 6015
Gaithersburg, MD 20884-6015

or visit:

Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (301) 258-4066, or TDD (301) 413-0006.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information on
how to obtain these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with "info" in the body to:

info@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

http://www.gao.gov




PRINTED ON    RECYCLED PAPER
United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. G100
Official Business
Penalty for Private Use $300

Address Correction Requested