United States General Accounting Office GAO Testimony Before the Committee on Governmental Affairs, U.S. Senate For Release on Delivery Expected at 10 a.m. HIGH-RISK AREAS Wednesday March 5, 1997 Actions Needed to Solve Pressing Management Problems Statement of Gene L. Dodaro Assistant Comptroller General Accounting and Information Management Division GAO/T-AIMD/GGD-97-60 Mr. Chairman and Members of the Committee: We are pleased to be here to discuss solutions to serious management problems that needlessly cost billions of dollars in taxpayers funds and result in huge missed opportunities to improve service to the American public and ensure adequate accountability for federal operations. This Committee continues to be a vitally important driving force in efforts to effectively implement much needed management reforms. Important recent legislative initiatives initiated in this Committee and enacted by the Congress provide the framework for the actions needed to bring about lasting solutions to serious and long-standing federal government management problems. Determined follow-through by agency managers and sustained attention by the Congress, however, are essential ingredients to translating these critical reforms into the reality of reformed day-to-day management practices across the spectrum of the federal government’s operations. GAO’s mission is helping the Congress in its efforts to improve management of our national government. One approach has entailed identifying critical management problems before they become uncontrollable crises. Since 1990, we have produced a list for the Congress of areas that were identified, based on GAO work, as highly vulnerable to waste, fraud, abuse, and mismanagement. To help solve high-risk problems, we have made hundreds of recommendations to get at the heart of these problems, which have at their core a fundamental lack of accountability. This list helps focus attention of the administration and the Congress on critical management problems. The high-risk designation has prompted agencies to take action in many areas, and progress in addressing management problems has ensued. The need to address fundamental management problems also was a factor in prompting the Congress to enact important reforms such as (1) the 1995 Paperwork Reduction Act and the 1996 Clinger-Cohen Act to better manage investments in information technology, (2) the Government Management Reform Act of 1994, which expanded the 1990 Chief Financial Officers (CFO) Act’s requirement for financial statements and controls that can pass the test of an independent audit, and (3) the 1993 Government Performance and Results Act (GPRA) to better measure performance and focus on results. This legislation forms an integrated framework that will help agencies identify and monitor high-risk areas and operate programs more efficiently Page 1 GAO/T-AIMD/GGD-97-60 and will assist the Congress in overseeing agencies’ efforts to achieve these results. At the beginning of each new Congress, we update our high-risk list. Areas are removed from the list as improvements develop and progress is made, and new areas are added to highlight burgeoning problems. Our latest update of high-risk areas was issued last month. The 25 areas that are the current focus of our high-risk initiative are listed in attachment I and the reports included in our 1997 set of high-risk reports are listed in attachment II. In brief, we reported that agencies are taking high-risk problems seriously, trying to correct them, and making progress in many areas. The Congress also has acted to address several problems affecting these high-risk areas through oversight hearings and specific legislative initiatives. Full and effective implementation of legislative mandates, our suggestions, and corrective measures by agencies, however, has not yet been achieved because the high-risk areas involve long-standing problems that are difficult to correct. Through the set of reforms embodied in the CFO Act, GPRA, and the information technology initiatives, the Congress has laid the groundwork for the federal government to use proven best management practices that have been successfully applied in the private sector and state and local governments. These reforms will not produce lasting improvements, however, without successful implementation by agencies and relentless congressional involvement. The next few years are critical; agencies are in the formative years of implementing the expanded, governmentwide mandates of the CFO Act and GPRA and in the first full year of carrying out the new information technology mandates. Congressional attention, such as that shown by this hearing, is pivotal to achieving meaningful improvements. The following sections outline actions needed to solve high-risk management problems. Fixing these problems can result in the government (1) saving billions of dollars, (2) making better investments in information technology, (3) managing the cost of government more effectively, and (4) improving performance and service to the public. Page 2 GAO/T-AIMD/GGD-97-60 One of the six major categories in our high risk series is obtaining an Reaping the Benefits adequate return on multibillion dollar investments in information of Technology Is technology.1 We added this category in 1995 because we continued to find Central to Controlling major system development projects that greatly exceed estimated costs, fall years behind schedule, and fail to achieve operational goals. These Costs and Providing failures have left the Congress and executive branch severely handicapped Better Services by the lack of reliable data. Moveover, huge opportunities have been lost to use technology to reduce federal operating costs and improve program performance. The effective use of information technology is integral in some way to solving problems in all the high-risk areas mentioned in our 1997 series. The seriousness of these information management problems is underscored by the fact that nearly every aspect of over $1.5 trillion in annual federal government operations depends on information systems. Additionally, the American public, enjoying the everyday benefits of technology-driven service improvements in the private sector, are becoming increasingly frustrated with poor performance from federal agencies. In our 1997 high risk report on information management and technology,2 we focus on four major modernization efforts that provide a vivid study in technology management problems that, unfortunately, are all too typical across the federal government. • The Internal Revenue Service (IRS) has spent or obligated over $3 billion since 1986 on its Tax Systems Modernization (TSM), which is designed to overhaul the paper-intensive approach to tax return processing. We reported in 1995 that the modernization lacked basic elements needed to bring it to a successful conclusion, such as a comprehensive business strategy for reducing paper filings and the requisite management, software development, and technical infrastructure. We made over a dozen recommendations to address these weaknesses, including implementing (1) a sound process to manage technology investments, (2) disciplined procedures for software requirements management, and (3) an integrated systems architecture. 1 Over the last 6 years, federal agencies have obligated about $145 billion to activities related to information technology. This figure does not include many additional billions of dollars that go to software embedded in Defense weapons systems. 2 Information Management and Technology (GAO/HR-97-9). Page 3 GAO/T-AIMD/GGD-97-60 We reported in June and September 1996 that IRS had initiated many activities to improve its modernization efforts but had not fully implemented any of our recommendations. The Congress subsequently directed IRS to establish a schedule for implementing GAO’s recommendations. It also required regular status reports on corrective actions and TSM spending. IRS and the Department of the Treasury have taken steps to address our recommendations and respond to congressional direction, but further concerted, sustained improvement efforts are needed.3 • For over 15 years, the Federal Aviation Administration’s (FAA) $34-billion air traffic control (ATC) modernization has experienced cost overruns, schedule delays, and performance shortfalls. Though FAA has recently made important progress on aspects of the modernization, some serious problems remain. Most notably, this large effort has long proceeded without the benefit of a complete systems architecture to guide the modernization’s development and evolution. Among other things, this lack of a technical blueprint has led to unnecessarily higher spending to buy, integrate, and maintain hardware and software. We have recommended that FAA develop and enforce a complete systems architecture. Exacerbating the modernization’s problems is unreliable information on costs—both future estimates of costs and accumulations of actual costs. We have recommended that FAA institutionalize a defined cost process and develop and implement a managerial cost accounting capability.4 • The Department of Defense’s (DOD) Corporate Information Management (CIM) effort was supposed to save billions of dollars by streamlining operations and implementing standard information systems in areas such as materiel management, personnel, finance, and transportation. But after 8 years and $20 billion in spending on CIM, DOD has yet to meet its savings goals, largely because of its failure to implement sound management practices for CIM. We have recommended that DOD (1) better link system modernization projects to business process improvement efforts, 3 Tax Systems Modernization: Management and Technical Weaknesses Must Be Corrected If Modernization Is to Succeed (GAO/AIMD-95-156, July 26, 1995); Tax Systems Modernization: Actions Underway But IRS Has Not Yet Corrected Management and Technical Weaknesses (GAO/AIMD-96-106, June 7, 1996); and Tax Systems Modernization: Actions Underway But Management and Technical Weaknesses Not Yet Corrected (GAO/T-AIMD-96-165, September 10, 1996). 4 Advanced Automation System: Implications of Problems and Recent Changes (GAO/T-RCED-94-188, April 13, 1994); Air Traffic Control: Good Progress on Interim Replacement for Outage-Plagued System, but Risks Can Be Further Reduced (GAO/AIMD-97-2, October 17, 1996); Air Traffic Control: Complete and Enforced Architecture Needed for FAA Systems Modernization (GAO/AIMD-97-30, February 3, 1997); and Air Traffic Control: Improved Cost Information Needed to Make Billion Dollar Modernization Investment Decisions (GAO/AIMD-97-20, January 22, 1997). Page 4 GAO/T-AIMD/GGD-97-60 (2) establish plans and performance measures and clearly defined roles and responsibilities for implementing CIM, (3) improve controls over information technology investments, and (4) not initiate system improvement projects without sound economic and technical analyses.5 DOD has yet to successfully implement these recommendations and continues to spend billions of dollars on system migration projects with little sound analytical justification. Recently, however, DOD has begun an initiative to better manage its technology investments using its planning, programming, and budgeting system. • Similarly, the National Weather Service (NWS) has yet to resolve serious problems with its $4.5-billion modernization effort. New radars are not always up and running when severe weather is threatening and ground-based sensors fall short of performance and user expectations. We have recommended several actions for correcting these problems and have also recommended that NWS improve its technical capabilities to design and manage the modernization. NWS has addressed some of our concerns in these areas, but others remain. We also recommended that NWS establish a sound decision-making process for managing the modernization’s massive investment and getting promised returns from technology. Finally, the modernization effort has long gone without a systems architecture to guide it. In response to our recommendations, NWS has begun to develop a technical blueprint for the modernization. However, until a systems architecture is developed and enforced, the modernization will continue to incur higher system development and maintenance costs.6 Correcting problems in these four major modernization efforts is important. But we also recognize the need to address and overcome the root causes of the government’s chronic information management problems. To do this, GAO has worked closely with the Congress and the administration to fundamentally revamp and modernize federal 5 Defense Management: Stronger Support Needed for Corporate Information Management Initiative to Succeed (GAO/AIMD/NSIAD-94-101, April 12, 1994); Defense Management: Selection of Depot Maintenance Standard System Not Based on Sufficient Analyses (GAO/AIMD-95-110, July 13, 1995); Defense Transportation: Migration Systems Selected Without Adequate Analysis (GAO/AIMD-96-81, August 29, 1996); and Defense IRM: Critical Risks Facing New Material Management Strategy (GAO/AIMD-96-109, September 6, 1996). 6 Weather Forecasting: Radars Far Superior to Predecessors, but Location and Availability Questions Remain (GAO/T-AIMD-96-2, October 17, 1995); Weather Forecasting: Unmet Needs and Unknown Costs Warrant Reassessment of Observing System Plans (GAO/AIMD-95-81, April 21, 1995); Weather Forecasting: Improvements Needed in Laboratory Software Development Processes (GAO/AIMD-95-24, December 14, 1994); Weather Forecasting: Recommendations to Address New Weather Processing Systems Development Risks (GAO/AIMD-96-74, May 13, 1996); Information Technology Investment: Agencies Can Improve Performance, Reduce Costs, and Minimize Risks (GAO/AIMD-96-64, September 30, 1996); and Weather Forecasting: Systems Architecture Needed for National Weather Service Modernization (GAO/AIMD-94-28, March 11, 1994). Page 5 GAO/T-AIMD/GGD-97-60 information management practices. We studied information management practices at leading public-sector and private-sector organizations—ones that have dramatically improved their performance and met mission goals through the use of technology. In our executive guide to improving information management, we identified proven techniques used by these successful organizations and developed an integrated set of information management practices for federal agencies.7 The 104th Congress used these best practices to craft the first major information management reform legislation in over a decade: the Paperwork Reduction Act of 1995 (PRA) and the Clinger-Cohen Act of 1996. These laws emphasize involving senior executives in information management decisions, establishing senior-level Chief Information Officers, tightening controls over technology spending, redesigning inefficient work processes, and using performance measures to assess technology’s contribution to achieving mission results. These management practices provide agencies—such as IRS for tax systems—a practical means of addressing their information problems, maximizing benefits from technology spending, and controlling the risks of system development efforts. Past experience has shown that the early days following the passage of reform legislation are telling. Let me quickly highlight areas where this Committee can ensure that these reforms get off to a strong start. Executive Leadership Is In the successful organizations we studied, senior executives were Crucial personally committed to improving the management of technology. They recognized that information management needed to be incorporated into an executive-level management framework that included mission planning, goal setting, budgeting, and performance improvement. Both the PRA and the Clinger-Cohen Act incorporate this practice by making agency heads directly responsible for • establishing goals for using information technology to improve the effectiveness of agency operations and service to the public, • measuring the actual performance and contribution of technology in supporting agency programs, and 7 Executive Guide: Improving Mission Performance Through Strategic Information Management and Technology—Learning from Leading Organizations (GAO/AIMD-94-115, May 1994). Page 6 GAO/T-AIMD/GGD-97-60 • including with their agencies’ budget submissions to the Office of Management and Budget (OMB) a report on their progress in meeting operational improvement goals through the use of technology. Qualified Chief The PRA requires major agencies to appoint well-qualified Chief Information Officers Are Information Officers (CIO) who report directly to agency heads. The CIO is Needed Throughout responsible for working with the agency head and other senior managers to (1) promote improvements to work processes used to carry out Government programs, (2) implement an adequate information technology architecture, and (3) strengthen the agency’s capabilities to deal with emerging technology issues and develop effective information systems. Getting the right people in place will make a real difference in implementing lasting management reforms. CIOs should have knowledge of and practical experience in using technology to produce major improvements in performance. This year, the Congress should expect to see well-qualified CIOs making clear progress in implementing the reforms. CIOs should also be active in identifying the technical capabilities that their agencies need to acquire and manage information resources in a disciplined manner to better control risks and achieve desired outcomes. Improved Investment Leading organizations manage information technology projects as Controls Are Vital important investments. Top executives periodically assess all major projects, prioritize them, and make funding decisions based on factors such as cost, risk, return on investment, and support of mission-related outcomes. Once projects are selected for funding, executives monitor them continually, taking quick action to resolve development problems and mitigate risks. After a project is implemented, executives evaluate actual versus expected results and revise their investment management process based on lessons learned. The PRA and the Clinger-Cohen Act incorporate these investment practices. Agency heads and CIOs should be designing and implementing a structure for maximizing the value and managing the risk of technology investments by • selecting, controlling, and evaluating investments using sound criteria and good data; • modernizing work processes before making significant technology investments; and Page 7 GAO/T-AIMD/GGD-97-60 • building large, complex systems in a modular fashion. Last month, GAO issued a comprehensive guide for agencies to use in assessing how well they are selecting and managing their information technology resources. The guide, which is based on best practices, will be instrumental in helping agencies identify specific areas for improving their investment process to maximize the returns on technology spending and better control system development risks.8 As part of its review of fiscal year 1998 budget proposals, the Congress should look for clear evidence that agencies have established sound investment processes and explore agencies’ track records in achieving performance improvements from technology. Congressional committees should expect agencies to provide hard data on how technology spending is planned to be used to improve mission performance and reduce operating costs. OMB’s Role Is Critical Under the reform legislation, OMB has significant leadership responsibilities to help agencies to improve their information management practices. This is especially important in • establishing guidance and policies for agencies to follow in implementing the investment reforms and • evaluating the results of agency technology investments and enforcing accountability for results through the executive branch budget process. OMB has been proactive in developing policies and procedures to help agencies institute effective investment decision-making processes. For example, OMB and GAO worked together to produce a guide in 1995 for both OMB budget examiners and agency executives on how to evaluate information technology investments using the concepts from our best practices work.9 OMB needs to continue to define expectations for agencies and for itself in this key area. Also, in 1996, we recommended that OMB • develop recommendations for the President’s budget on funding levels for technology projects that take account of an agency’s track record in delivering performance improvements from technology investments and 8 Assessing Risks and Returns: A Guide for Evaluating Federal Agencies’ IT Investment Decision-making, Version 1 (GAO/AIMD-10.1.13, February 1997). 9 Evaluating Information Technology Investments: A Practical Guide, version 1.0 (S/N 041-001-00460-2, November 1, 1995). Page 8 GAO/T-AIMD/GGD-97-60 • develop an approach for determining whether OMB itself is having an impact on reducing the risk or increasing the returns on agency information technology investments.10 To its credit, at the beginning of this fiscal year, OMB issued a memorandum to heads of executive departments and agencies laying out decision criteria that OMB will use in evaluating and funding major information system investments proposed for funding under the President’s fiscal year 1998 budget. The criteria strongly reinforce the provisions of the reform legislation. OMB also has a crucial role helping to resolve two governmentwide information management issues added new to our 1997 high-risk list. The first is information security. Malicious attacks on computer systems are an increasing threat to our national welfare. Despite their sensitivity and criticality, federal systems and data across government are not being adequately protected, thereby putting billions of dollars worth of assets a risk of loss and vast amounts of sensitive data at risk of unauthorized disclosure. Since June 1993, we have issued over 30 reports describing serious information security weaknesses at major federal agencies. For example, in May 1996, we reported that tests at DOD showed that DOD systems may have experienced as many as 250,000 attacks during 1995, that over 60 percent of the attacks were successful at gaining access, and that only a small percentage of these attacks were detected.11 And in September 1996, we reported that during the previous 2 years, serious information security control weaknesses had been reported for 10 of the 15 largest federal agencies.12 We have made dozens of recommendations to individual agencies for improvement and they have acted on many of them. Also, in 1996, we recommended that OMB play a more proactive role in promoting awareness in monitoring agency practices. In particular, we recommended that OMB work with the interagency CIO Council to develop a strategic plan for (1) identifying information security risks, (2) reviewing 10 Information Technology Investment: Agencies Can Improve Performance, Reduce Costs, and Minimize Risks (GAO/AIMD-96-64, September 30, 1996). 11 Information Security: Computer Attacks at Department of Defense Pose Increasing Risks (GAO/AIMD-96-84, May 22, 1996). 12 Information Security: Opportunities for Improved OMB Oversight of Agency Practices (GAO/AIMD-96-110, September 24, 1996). Page 9 GAO/T-AIMD/GGD-97-60 individual agency security programs, and (3) developing or identifying security training programs. The second governmentwide high-risk issue concerns the need to modify information systems to correctly process dates past the year 1999 (the “Year 2000 Problem”). As chair of the CIO Council, OMB has a key role to play in solving this problem, which threatens widespread disruption of federal computer systems. It is important for OMB to get agencies to rapidly review their information technology systems, assess the scope of their Year 2000 problem, renovate the systems that need to be changed, and test and implement them. For our part, GAO has developed a step-by-step framework to guide agencies in planning and managing their Year 2000 programs. Our guide incorporates best practices identified by leading agencies for dealing with this issue, and is coordinated with the work of the Best Practices Subcommittee of the Interagency Year 2000 Committee.13 Better financial management is central to providing much needed Managing the Cost of accountability and addressing high-risk problems. The government’s Government financial systems are all too often unable to effectively perform the most Programs More rudimentary bookkeeping for organizations, many of which are oftentimes much larger than many of the nation’s largest private corporations. Effectively Federal financial management suffers from decades of neglect, inattention to good controls, and failed attempts to improve financial management and modernize outdated financial systems. This situation is illustrated in a number of high-risk areas, including • the weaknesses that undermine DOD’s ability to obtain a positive audit opinion showing that it can accurately account for a $250 billion annual budget and over $1 trillion in government assets, • the substantial improvements that are needed in IRS’ accounting and financial reporting for federal tax revenue, and • the fundamental control weaknesses that resulted in the Department of Housing and Urban Development’s Inspector General being unable to give an opinion on the department’s fiscal year 1995 financial statements. 13 Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14, February 1997, exposure draft). Page 10 GAO/T-AIMD/GGD-97-60 The landmark CFO Act, as expanded in 1994 by the Government Management Reform Act, provides a long overdue and ambitious agenda to help resolve these types of financial management deficiencies. The act established a CFO structure in 24 major agencies to provide the necessary leadership. Moreover, the CFO Act set expectations for (1) the deployment of modern systems to replace existing antiquated, often manual, processes, (2) the development of better performance and cost measures, and (3) the design of results-oriented reports on the government’s financial condition and operating performance. In the next few months, we will witness a monumental achievement: 24 CFO act agencies—covering virtually the entire federal budget—will have prepared and have audited financial statements for their entire operations for fiscal year 1996. This major milestone represents the first time that all major government agencies will have exercised the type of financial reporting and control discipline that has been required in the private sector for over 60 years and in state and local governments since the early 1980s. As we have testified several times, important and steady progress is being made under the act to bring about sweeping reforms and rectify the devastating legacy from inattention to financial management.14 For example, CFO Act financial audits have resulted in IRS top management having a better understanding than ever before of the agency’s financial management problems. Also, the act provided impetus for IRS’ progress in improving payroll processing and accounting for administrative operations and is prompting the agency to work on solutions to revenue and accounts receivable accounting problems. These efforts are in response to the nearly 60 improvement recommendations we have made as a result of our audits of IRS’ financial statements under the CFO Act during the past several years. Also, implementing the CFO Act’s blueprint for financial management improvements is at the heart of resolving many of DOD’s high-risk problems. Since 1990, auditors have made over 400 recommendations aimed at helping to correct DOD’s financial management problems. While no military service or other DOD component has been able to withstand the 14 Financial Management: Continued Momentum Essential to Achieve CFO Act Goals (GAO/T-AIMD-96-10, December 14, 1995); Financial Management: Momentum Must Be Sustained to Achieve the Reform Goals of the Chief Financial Officers Act (GAO/T-AIMD-95-204, July 25, 1995); and Financial Management: CFO Act Is Achieving Meaningful Progress (GAO/T-AIMD-94-149, June 21, 1994). Page 11 GAO/T-AIMD/GGD-97-60 scrutiny of an independent financial statement audit and the department’s financial management processes are among the worst in government, DOD’s financial management leaders have recognized the importance of tackling these problems. They have expressed a commitment to financial management reform and have many initiatives underway to address long-standing financial management weaknesses. Much remains to be done at both IRS and DOD to realize necessary improvements, and our reports have outlined the actions necessary to improve their financial management. An intensive effort by IRS and DOD and support by the Congress will be required as well. Also, financial statements for many government programs and operations involving billions of dollars, such as Medicare, are being prepared and audited for the first time ever. We have worked with agency CFOs and Inspectors General, OMB, and the Department of the Treasury over several years to be a catalyst for the preparation and audit of agencywide financial statements across government. We also have worked with OMB and Treasury to create the Federal Accounting Standards Advisory Board, which recently completed a complete set of new accounting standards for the federal government. When financial statement audits under the CFO Act are completed, it will be important for the Congress to ensure that agencies promptly and thoroughly correct problems that these audits identify. To assist the Congress in this area, we plan to explore the concept of agency audit committees, which are commonplace and effective for private-sector corporations, as a means of maintaining high-level vigilance and support for fixing problems. Other challenges include • continuing to build stronger financial management organizations by upgrading skill levels, enhancing training, and ensuring that CFOs possess all the necessary authorities within their agencies to achieve change; • devising and applying more effective solutions to address difficult problems plaguing agencies’ underlying financial systems; • designing comprehensive accountability reports to permit more thorough and objective assessments of agencies’ performance and financial conditions, as well as to enhance the budget preparation and deliberation process; and • implementing complementary legislative requirements, including (1) the Debt Collection Improvement Act of 1996 enacted to expand and Page 12 GAO/T-AIMD/GGD-97-60 strengthen federal agency debt collection practices and authorities and (2) the Federal Financial Management Improvement Act of 1996 requiring agencies to comply with new federal accounting standards, federal financial systems requirements, and the U.S. government’s standard general ledger. The Government Performance and Results Act seeks to shift the focus of Improving federal management and decision-making from a preoccupation with the Performance and number of tasks completed or services provided to a more direct Providing Better consideration of the results of programs—that is, the real differences the tasks or services make to the nation or individual taxpayer. GPRA Service originated in part from the Congress’s frustration that congressional policymaking, spending decisions, and oversight and agencies’ decision-making all had been seriously handicapped by the lack of clear goals and sound performance information. The Congress viewed GPRA as a critical tool to address serious shortfalls in the effectiveness of federal programs—many of which had been extensively documented in our work. In crafting GPRA, the Congress built on the experiences of leading states and local governments and other countries that were successfully implementing management reform efforts and becoming more results-oriented. As a starting point, GPRA requires executive agencies to complete—no later than September 30 of this year—strategic plans in which they define their missions, establish results-oriented goals, and identify the strategies they will use to achieve those goals. GPRA requires agencies to consult with the Congress and solicit the input of other stakeholders as they develop these plans. Next, beginning with fiscal year 1999, executive agencies are to use their strategic plans to prepare annual performance plans. These performance plans are to include annual goals linked to the activities displayed in budget presentations as well as the indicators the agency will use to measure performance against the results-oriented goals. Agencies are subsequently to report each year on the extent to which goals were met, provide an explanation if these goals were not met, and present the actions needed to meet any unmet goals. When it passed GPRA, the Congress clearly understood that most agencies would need to make fundamental management changes to properly implement this law and that these changes would not come quickly or easily. As a result, GPRA included a pilot phase where about 70 federal Page 13 GAO/T-AIMD/GGD-97-60 organizations gained experience in implementing key parts of GPRA and provided valuable lessons for the rest of the government. Our Executive Guide: Effectively Implementing the Government Performance and Results Act (GAO/GGD-96-118, June 1996) was intended to help agencies implement GPRA by drawing on the experiences of leading public-sector organizations here and abroad to suggest a proven and practical path that agencies can take to implement GPRA. Our work has found numerous examples of management-related problems stemming from unclear agency missions; the lack of results-oriented performance goals; the absence of well-conceived agency strategies to meet those goals; and the failure to gather and use accurate, reliable, and timely program performance and cost information to measure progress in achieving results. Addressing these problems is both a challenge and an opportunity for effectively implementing GPRA. The congressional consultations on agencies’ strategic plans—which in many cases are beginning now—provide an important opportunity for the Congress and the executive branch to work together to ensure that missions are focused, goals are results-oriented and clearly established, and strategies and funding expectations are appropriate and reasonable. The experiences of leading organizations suggest that planning efforts that have such characteristics can become driving forces in improving the effectiveness and efficiency of program operations. The GPRA strategic planning process thus provides the Congress with a potentially powerful vehicle for clarifying its expectations for agencies and expanding the focus on results expected from funding decisions. Moreover, as part of the Congress’s integrated statutory framework, the successful implementation of the CFO Act, the PRA, and the Clinger-Cohen Act are absolutely critical if GPRA is to be successful in improving program performance. For example, with successful implementation, the audited financial statements required by the CFO Act will provide congressional and executive branch decisionmakers with the reliable financial and program cost information that they have not previously had. This information is to be provided to decisionmakers in results-oriented reports on the government’s program results and financial condition that, for the first time, integrate budget, financial, and program information. These reports are also to include cost information that enables users to relate costs to outputs and outcomes. Page 14 GAO/T-AIMD/GGD-97-60 Equally important, the sound application and management of information technology to support strategic program goals must be an important part of any serious attempt to improve agency mission performance, cut costs, and enhance responsiveness to the public. The successful implementation of information technology reform legislation—which, among other things, requires that agencies have a strategy that links technology investments to achieving programmatic results—is critical to ensuring the wise use of the billions of dollars the government is investing in information systems. Thus, in concert with the CFO Act and information technology legislation, improved goal-setting and performance measures developed under GPRA are critical to addressing high-risk areas. Clear goals and sound performance data are key to strengthening decision-making in agencies and in the Congress and pinpointing specific opportunities for improved performance. For example, performance measures can be useful in • guiding management of defense inventory levels to prevent the procurement of billions of dollars of centrally managed inventory items that may not be needed. For example, as of 1995 about half of the $69.6 billion defense inventory is beyond what is needed to support war reserve or current operating requirements. • reaching agreement with the Congress on and monitoring acceptable levels of errors in benefit programs, which may never be totally eliminated but can be much better controlled. For instance, no one can determine with precision how much Medicare loses each year to fraudulent and abusive claims, but losses could be from $6 billion to as much as $20 billion based on 1996 outlays. • monitoring loan loss levels and delinquency rates for the government’s direct loan and loan guarantee programs—multibillion dollar operations in which losses for a variety of programs involving farmers, students, and home buyers are expected but can be minimized with greater oversight. For example, in fiscal year 1995, the federal government paid out over $2.5 billion to make good its guarantee on defaulted student loans. • assessing the results of tax enforcement initiatives, delinquent tax collection activities, and filing fraud reduction efforts. For instance, in fiscal year 1996, IRS reported it had collected almost $30 billion in delinquent taxes—more than in any previous year. However, fundamental problems continue to hamper IRS’ efforts to efficiently and effectively manage and collect its reported $216 billion inventory of tax debts. While the experiences of leading organizations and federal efforts under GPRA thus far show that full GPRA implementation will take time and much Page 15 GAO/T-AIMD/GGD-97-60 effort, our executive guide shows that improvements in performance—sometimes substantial ones—are possible even in the short term when an organization adopts a disciplined approach to defining its mission and desired results, measuring its performance, and using information to make decisions. For example, our executive guide provides examples from the Federal Emergency Management Agency, the Veterans’ Health Administration, the Coast Guard, and other agencies that are well on the way to improving performance by better focusing on results. Management commitment is key to solving high-risk problems and getting No Substitute for off the high-risk list. There is no substitute for the basic management Diligent Management practices of goal-setting and follow-through. Agencies have successfully Commitment and used these common mechanics to make significant progress and get at the root causes of high-risk problems. In 1995, progress in addressing five Follow-Through high-risk areas was sufficient to warrant the high-risk designation being removed, including the following. The Pension Benefit Guaranty Corporation’s (PGBC) high-risk designation was removed due to substantially improved internal controls and systems. For example, PBGC’s liability for future benefits (amounts owed to employees of terminated pension plans insured by PBGC) represents about 95 percent of PBGC’s total liability. In fiscal year 1992, PBGC sufficiently addressed long-standing deficiencies in (1) documentation and support for various techniques and assumptions used for estimating PBGC’s liability for future benefits, (2) the ability to assure the completeness and accuracy of data used in the estimating techniques, and (3) estimating software. These improvements enabled us to certify PBGC’s balance sheet for the first time. In fiscal year 1993, PBGC resolved serious system limitations that had restricted its ability to fully process all premium information, assess the accuracy of premium amounts, and collect amounts due. These improvements, coupled with the improved controls over the process for estimating PBGC’s liability for future benefits, enabled us to certify PBGC’s complete set of financial statements in fiscal years 1993 and 1994. PBGC has maintained its auditability since the Corporation’s Inspector General took over responsibility for auditing its annual financial statements in fiscal year 1995. Also, the Congress enacted legislation in 1994 to strengthen minimum funding standards for pension plans and to phase out the cap on variable rate premiums paid by underfunded plans. These provisions were Page 16 GAO/T-AIMD/GGD-97-60 designed to lower the underfunding in pension plans, thus reducing PBGC’s exposure, and to reduce the Corporation’s deficit overtime. The Resolution Trust Corporation (RTC) was moved off the high-risk list because the Congress enacted specific management reforms with required progress reporting to achieve the needed improvements in RTC’s contracting, asset disposition, and supporting management information systems. Also, RTC • improved its internal controls over receivership operations and methodology for estimating cash recoveries from the assets of failed thrifts; • strengthened its financial systems and controls, which enabled us to fully certify RTC’s financial statements for the fiscal year ended December 31, 1992, and subsequent fiscal years until RTC was terminated on December 31, 1995; and • created an audit committee that included the Director of the Office of Thrift Supervision, a Federal Reserve Board member, and a representative from the private sector. In contrast, our experience is that programs are designated high risk when agencies fail to quickly recognize growing problems, underestimate what it will take to correct them, and do not take prompt corrective measures. This has occurred for the 16 new areas that have been designated high risk since our high-risk initiative began 7 years ago. Of these, 5 were designated just last month. Overall, of the 25 areas that are the current focus of our high-risk program, 12 areas, or about half, have been on the list for 2 years or less. We have also long advocated sustained oversight and attention by the Sustained Congress to agencies’ efforts to fix high-risk problem areas and implement Congressional broad management reforms. The Congress must continue to play a central Oversight and role in ensuring that management problems in agencies’ operations are identified and weaknesses addressed. Focused Attention Are Essential Providing Accountability We have advocated that congressional committees of jurisdiction hold Reports annual or at least biennial comprehensive oversight on each department and major independent agency. The plans and reports that agencies are to develop under GPRA and the audited financial statements that are to be Page 17 GAO/T-AIMD/GGD-97-60 prepared under the expanded CFO Act should serve as the basis for those hearings. Congressional oversight can be shaped by thorough accountability reports that provide a comprehensive picture of agencies’ performance pursuant to its stated goals and objectives. Under the Government Management Reform Act, several agencies are preparing accountability reports on a pilot basis. These new reports will combine the separate reports required under various laws, such as GPRA and the CFO Act. The accountability reports are intended to show the degree to which an agency met its goals, at what cost, and whether the agency was well run. The Congress must have a central role in defining the content and format of these reports to ensure that the reports eventually provide the Congress with comprehensive “report cards” on the degree to which agencies are making wise and effective use of tax dollars and to provide a better basis for identifying issues to focus on during the oversight process. This will also provide a full picture of an agency’s program performance and resource usage to accomplish its mission. Meeting the Human Another matter for congressional attention is improving the management Resource Management and effectiveness of federal programs by modernizing human resource Challenge management systems. Hiring the right people and managing them effectively will be indispensable to improving the performance of federal agencies. In an era that demands improved performance at reduced costs, agencies’ success increasingly will depend upon their abilities to assemble a staff with the right blend of talents and skills. However, as our work on financial and information technology issues has suggested, many agencies’ staffs are not well prepared to meet this challenge. GPRA also recognizes the importance of human resource management by requiring that agencies’ strategic plans include a description of how they intend to use their people to achieve their strategic goals. The question is: does the existing civil service system allow agencies the flexibility to respond to these new demands? On the one hand, the competitive service is undoubtedly more flexible than it was 2 Page 18 GAO/T-AIMD/GGD-97-60 decades ago.15 Efforts to make it so go back at least as far as the Civil Service Reform Act of 1978 (CSRA). Yet, despite CSRA and other measures taken since then, the competitive service as a whole is still widely viewed as burdensome to managers, unappealing to ambitious recruits, hidebound and outdated, overregulated, and inflexible. In short, there is general recognition that in one way or another, the civil service must be made more flexible in response to a changing environment. Leading private-sector employers—as well as some government entities both here and abroad—are creating personnel systems that diverge sharply from the federal government’s traditional approach. The new model is more decentralized, focused more directly on mission accomplishment, and set up more to establish guiding principles than to prescribe detailed rules and procedures. In our contacts with experts from private-sector organizations and from other governments both here and abroad and with labor representatives, academicians, and experienced federal officials, we have identified several newly emerging principles for managing people in high-performing organizations. Our Transforming the Civil Service: Building the Workforce of the Future—Results of A GAO-Sponsored Symposium (GAO/GGD-96-35, December 20, 1995) distilled the key principles we learned. Among these key principles were: First, in today’s high-performing organizations, people are valued as assets rather than as costs. They are recognized as crucial to organizational success—as partners rather than as mere hired help—and organizations that recognize them as partners invest in their professional development and empower them to contribute ideas and make decisions. Second, organizational mission, vision, and culture are emphasized over rules and regulations. In place of highly detailed rules to manage their employees, leading organizations are relying increasingly on a well-defined mission, a clearly articulated vision, and a coherent organizational structure to form the foundation for the key business systems and processes they use to achieve desired results. Third, managers are given the authority to manage their people flexibly and creatively so they can 15 A note on the term “competitive service”: What is commonly thought of as the “civil service”—the federal civilian workforce subject to all the provisions of title 5 of the U.S. Code—comprises only about 54 percent of all federal civil servants. This segment is technically known as the “competitive service,” and operates under the federal merit system. The other 46 percent of federal workers are employed in agencies or other federal entities—such as government corporations (like TVA) and quasi-governmental organizations (like the U.S. Postal Service)—that operate outside title 5 or are statutorily exempted from parts of it. These workers, while all members of the civil service, are in the “excepted service” and are covered by a variety of alternative merit systems. Page 19 GAO/T-AIMD/GGD-97-60 focus on achieving results rather than on doing things “by the book.”16 They are held accountable for outcomes—for furthering the mission and vision of the organization—rather than for adhering to a set of minutely defined procedures. This, once again, is an approach that we have observed largely in the private sector. But the integration of human resource management into the business of the organization coincides with a practice we have identified as critical to the implementation of GPRA—the alignment of activities, core processes, and resources to support mission-related goals. As the federal government fully implements GPRA, agencies and the Congress will be able to gain further experience with how best to provide flexibility in managing federal employees to better achieve mission results while observing merit systems principles. Linking Resource Another future challenge is to better link resource allocation decisions to Allocation Decisions to results. Ultimately, to improve the effectiveness and efficiency of Results government, the statutory framework described above—GPRA, the CFO Act, and information technology reforms—must be better integrated with the federal government’s resource estimation and allocation processes. Although vitally important as an agency management improvement tool, this framework also will provide new information and perspectives that can be particularly useful to the process of allocating scarce resources among competing national priorities. Comparably, the budget process will need to continue to adapt to take full use of the benefits flowing from these initiatives and to support their further development. The statutory framework established by the Congress can significantly improve the information presented to decisionmakers during the annual budget process. Financial systems improvements and audited financial statements brought about by the CFO Act will enhance the accuracy and reliability of financial information undergirding budgetary estimates and provide a clearer appreciation of long-term unfunded commitments and of the full costs of current government programs. The information technology reforms and the Federal Acquisition Streamlining Act of 1994 are part of a broader agenda that recognizes the need for better risk management and integrated life-cycle costing of capital investments, which should ensure appropriate consideration and full-funding of such proposals within annual budget deliberations. 16 In 1995, the Office of Personnel Management developed more flexible rules for managing performance in the competitive service. We are currently examining performance management initiatives taken by a number of GPRA pilots. Page 20 GAO/T-AIMD/GGD-97-60 Similarly, GPRA holds promise of restoring public confidence in government at a time when we must make increasingly more painful budgetary choices. GPRA aims to provide systematic information on the performance of government programs and to directly link such information with the annual budget process. Although many factors appropriately influence budget decisions, effective implementation of GPRA will add critical information about what citizens and the nation are receiving for each dollar spent. Ultimately, debate about funding levels should begin to focus on the performance of individual programs, the overall effectiveness of agency operations, and the need for efforts to better coordinate and harmonize federal agency missions and activities. History indicates, however, that careful attention will be needed to ensure that the separate objectives and processes of these reform initiatives are effectively melded with the budget process. Integrating strategic planning, financial accounting, and budget formulation and execution processes will pose profound challenges; attempts to connect performance goals and results to traditional budget decision structures will inevitably encounter issues that the Congress and the executive branch will need to jointly address. The challenges of solving pressing management problems are great, but the rewards are high. While the legislative framework is in place, much work remains to be done to fully and effectively achieve its goals. Continued dialogue between legislative and executive branch officials is key to strengthen management of the federal government’s enormous investment in information technology, improve data to help make spending decisions, and enable better assessments of the performance and cost of federal activities and operations. Mr. Chairman, this concludes my statement. I would be happy to now respond to any questions. Page 21 GAO/T-AIMD/GGD-97-60 Attachment I Areas Designated High Risk Financial management (1995) Providing for Contract management (1992) Accountability and Inventory management (1990) Cost-Effective Weapon systems acquisition (1990) Defense infrastructure (1997) Management of Defense Programs IRS financial management (1995) Ensuring All IRS receivables (1990) Revenues Are Filing fraud (1995) Collected and Tax Systems Modernization (1995) Customs Service financial management (1991) Accounted for Asset forfeiture programs (1990) Tax Systems Modernization (1995) Obtaining an Air traffic control modernization (1995) Adequate Return on Defense’s Corporate Information Management initiative (1995) Multibillion Dollar National Weather Service modernization (1995) Information security (1997) Investments in The Year 2000 Problem (1997) Information Technology Medicare (1990) Controlling Fraud, Supplemental Security Income (1997) Waste, and Abuse in Benefit Programs HUD (1994) Minimizing Loan Farm loan programs (1990) Program Losses Student financial aid programs (1990) Department of Energy (1990) Improving NASA (1990) Management of Superfund (1990) Federal Contracts at Also, planning for the 2000 Decennial Census was designated high risk in Civilian Agencies 1997. Page 22 GAO/T-AIMD/GGD-97-60 Attachment II 1997 High-Risk Series An Overview (GAO/HR-97-1) Quick Reference Guide (GAO/HR-97-2) Defense Financial Management (GAO/HR-97-3) Defense Contract Management (GAO/HR-97-4) Defense Inventory Management (GAO/HR-97-5) Defense Weapon Systems Acquisition (GAO/HR-97-6) Defense Infrastructure (GAO/HR-97-7) IRS Management (GAO/HR-97-8) Information Management and Technology (GAO/HR-97-9) Medicare (GAO/HR-97-10) Student Financial Aid (GAO/HR-97-11) Department of Housing and Urban Development (GAO/HR-97-12) Department of Energy Contract Management (GAO/HR-97-13) Superfund Program Management (GAO/HR-97-14) The entire series of 14 high-risk reports is numbered GAO/HR-97-20SET. (918900) Page 23 GAO/T-AIMD/GGD-97-60 Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and MasterCard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Orders by mail: U.S. General Accounting Office P.O. Box 6015 Gaithersburg, MD 20884-6015 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (301) 258-4066, or TDD (301) 413-0006. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touchtone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send an e-mail message with "info" in the body to: firstname.lastname@example.org or visit GAO’s World Wide Web Home Page at: http://www.gao.gov PRINTED ON RECYCLED PAPER United States Bulk Rate General Accounting Office Postage & Fees Paid Washington, D.C. 20548-0001 GAO Permit No. G100 Official Business Penalty for Private Use $300 Address Correction Requested
High-Risk Areas: Actions Needed to Solve Pressing Management Problems
Published by the Government Accountability Office on 1997-03-05.
Below is a raw (and likely hideous) rendition of the original report. (PDF)