oversight

IRS' Year 2000 Efforts: Actions Are Underway to Help Ensure That Contingency Plans Are Complete and Consistent

Published by the Government Accountability Office on 1999-09-14.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                 United States General Accounting Office

GAO              Report to the Commissioner of Internal
                 Revenue



September 1999
                 IRS’ YEAR 2000
                 EFFORTS
                 Actions Are Under
                 Way to Help Ensure
                 That Contingency
                 Plans Are Complete
                 and Consistent




GAO/GGD-99-176
United States General Accounting Office                                                           General Government Division
Washington, D.C. 20548




                                    B-283400
                                    September 14, 1999

                                    The Honorable Charles O. Rossotti
                                    Commissioner of Internal Revenue

                                    Dear Mr. Rossotti:

                                    The Internal Revenue Service (IRS) agreed with recommendations we
                                    made in June 1998 to broaden its Year 2000-related contingency planning
                                    approach by developing a comprehensive, business-based set of business
                                                                       1
                                    continuity and contingency plans. Because adequate plans are necessary
                                    for mitigating the impact of any Year 2000-related system failure, we
                                    followed up on our June 1998 report by reviewing two plans that address
                                    critical IRS business processes. We recognize that these plans are being
                                    revised to incorporate the results of testing that was done in July 1999. At
                                    the time we prepared this report, however, the testing reports were not
                                    completed. Because of the time-critical nature of Year 2000 business
                                    continuity and contingency planning, we are reporting the results of our
                                    work at this time, rather than waiting to review testing reports and any
                                    revisions that may be made to the plans as a result of that testing.

                                    Our objective was to evaluate two IRS business continuity and
                                    contingency plans for their consistency and completeness on the basis of
                                    IRS’ guidance for such plans. We focused on 2 of the 18 plans that IRS
                                    developed for its submission processing core business process. These two
                                    plans address processing paper tax returns that result in a refund and
                                                                                                2
                                    receiving paper submissions (which include tax returns). We reviewed
                                    these plans because they are designed to address failure scenarios that, if
                                    they occur and are prolonged, could require IRS to revert to manual
                                    operations for issuing refunds—something that could potentially affect the
                                    majority of taxpayers that file individual tax returns. For example, in
                                    calendar year 1998, IRS processed about 91 million paper individual tax




                                    1
                                     IRS’ Year 2000 Efforts: Business Continuity Planning Needed for Potential Year 2000 System Failures
                                    (GAO/GGD-98-138, June 15, 1998).
                                    2
                                     As discussed later in this report, IRS identified five submission processing subprocesses: (1) receive
                                    paper submissions; (2) receive electronic submissions; (3) control and track tax and submissions; (4)
                                    process, correct, and forward payment data; and (5) process, correct, and forward tax information
                                    return data. Refund issuance includes aspects of several of these subprocesses.




                                    Page 1                             GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
                   B-283400




                                3
                   returns and issued more than 82 million refunds totaling about $112
                   billion.

                   Two IRS business continuity and contingency plans—one for processing
Results in Brief   paper tax returns that result in a refund (hereafter referred to as the refund
                   plan) and the other for receiving paper submissions (hereafter referred to
                   as the paper submissions plan)—were inconsistent and incomplete in two
                                                                             4
                   key areas included in IRS’ guidance: performance goals and mitigating
                   actions. These weaknesses raise questions about whether these two plans
                   provide sufficient assurance that IRS has taken all the necessary steps to
                   reduce the impact of a potential Year 2000 failure.

                   IRS’ guidance requires that plans specify a desirable performance goal. The
                   performance goal for the refund plan was inconsistent with the plan’s
                   contingency actions. This inconsistency raises questions about the goal
                   that IRS is trying to achieve with the refund plan. The paper submissions
                   plan did not include a performance goal. Without appropriate performance
                   goals, IRS has little assurance that the contingency actions specified in the
                   plan are appropriate for reducing the impact of a potential Year 2000
                   failure.

                   In addition, neither plan specified the completion dates for the mitigating
                   actions, which IRS’ guidance defines as the steps that are to be completed
                   in advance of a potential Year 2000-related failure, to help reduce its
                   impact. Moreover, neither plan specified which individuals were to be
                   responsible for completing the mitigating actions. IRS’ guidance requires
                   that the plans include mitigating actions and completion dates, but does
                   not require that responsible individuals be identified for completing
                   mitigating actions. However, without assigning actions to specific
                   individuals and identifying completion dates, IRS has little assurance that
                   these actions will be completed before a potential Year 2000 failure.

                   As part of our effort to provide IRS with timely feedback on our
                   observations regarding its Year 2000 efforts, in June 1999, we informed IRS
                   officials of our concerns regarding these two plans. We also told them that
                   our concerns raise questions about the extent to which other plans may
                   have similar weaknesses. In response to our concerns, IRS officials agreed
                   to make changes to improve the completeness and consistency of these

                   3
                    In 1998, IRS received more than 24 million tax returns by means other than paper, either electronically
                   or via the telephone. IRS prepared separate business continuity and contingency plans for Year 2000
                   system failures that would affect receiving electronic returns.
                   4
                       IRS’ guidance refers to a performance goal as the “event /achievement indicating success.”




                   Page 2                                GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
             B-283400




             two plans. They also said they have designated an individual that is to
             determine the extent to which other plans may have similar weaknesses
             and revise the plans as needed. In addition, IRS assigned one of its Year
             2000 contractors to set up a mechanism by which IRS could track the
             implementation of business continuity and contingency plan actions. If
             properly implemented in a timely fashion, these actions will give IRS a
             higher level of assurance that its plans will help reduce the impact of a
             potential Year 2000-related system failure. In light of IRS’ actions, we are
             not making any recommendations at this time.

             Business continuity and contingency plans should describe the steps an
Background   organization would take to ensure the continuity of its core business
             processes in the event of a system failure. In a June 1998 report, we made a
                                         5
             series of recommendations aimed at broadening IRS’ Year 2000
             contingency planning approach to encompass a core business system
                                                                                        6
             focus as called for in our business continuity and contingency plan guide.
             IRS agreed with our recommendations and in July 1998 began to take
             action to develop a more comprehensive, business-based approach to
             contingency planning.
                                                                    7
             IRS’ Century Date Change Project Office hired a contractor to provide
             business continuity and contingency planning expertise and training and
             assist the business areas in developing and testing their plans. IRS
             established a working group comprised of representatives from IRS’
             business areas to identify IRS’ core processes and associated
             subprocesses. For each core business process, IRS established a working
             group to (1) identify possible failure scenarios for subprocesses; (2)
             determine the business impact of these failures; (3) determine which
             failure scenarios should be addressed by business contingency plans,
             based on a scoring system that included business impact and risk; and (4)
             develop plans for those scenarios. IRS determined that business continuity

             5
              Specifically, we recommended that IRS (1) solicit the input of business functional area officials to
             identify IRS’ core business processes and prioritize those processes that must continue in the event of
             Year 2000-induced failures, (2) map IRS’ mission-critical systems to those core business processes, (3)
             determine the impact of information system failures on each core business process, (4) assess any
             existing business continuity and contingency plans that may have been developed for non-Year 2000
             reasons to determine whether they are applicable to Year 2000-induced failures, and (5) develop and
             test contingency plans for core business processes if existing plans are not appropriate. See IRS’ Year
             2000 Efforts: Business Continuity Planning Needed for Potential Year 2000 Failures (GAO/GGD-98-138,
             June 15, 1998).
             6
              Year 2000 Computing Crisis: Business Continuity and Contingency Planning (GAO/AIMD-10.1.19, Aug.
             1998).
             7
              The Century Date Change Project Office within IRS’ Information Systems organization is responsible
             for coordinating IRS’ Year 2000-related activities.




             Page 3                             GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
                   B-283400




                   and contingency plans should be prepared for all of the failure scenarios
                   for its five submission processing subprocesses (receive paper
                   submissions; receive electronic submissions; control and track tax and
                   submissions; process, correct, and forward payment data; and process,
                   correct, and forward tax information return data), several of which involve
                   issuing refunds.

                   In November 1998, IRS’ Century Date Change Project Office issued its
                                                                       8
                   business continuity and contingency plan guidance that describes the (1)
                   methodology to be used to develop business contingency plans (the term
                   IRS uses for plans prepared in accordance with this guidance) and (2)
                   types of information that should be included in the plans. IRS’ guidance
                   states that IRS used our guide to help develop its methodology for
                   preparing business contingency plans.

                   IRS’ Chief Operations Officer designated a Year 2000 business executive to
                   help coordinate the efforts of the working groups and oversee the
                   development of the plans. According to IRS officials, the groups used IRS’
                   guidance to develop the plans. These groups also received technical
                   guidance from the contractor. Each business contingency plan was
                   assigned to an executive-level official who was responsible for approving
                   the plan. In the event of a Year 2000 system-related failure, this executive
                   is also to decide if and when the trigger conditions have been met for
                   implementing the business contingency plan. The plans were to be tested
                   to identify any needed changes. The two plans that we reviewed were
                                                               9
                   tested on July 8 and 9, 1999, respectively.

                   The refund plan and the paper submissions plan were inconsistent and
Plans Were         incomplete in two key areas of IRS’ guidance. These areas were
Inconsistent and   performance goals and mitigating actions. These weaknesses raise
Incomplete         questions about whether these two plans provide sufficient assurance that
                   IRS has taken all the necessary steps to reduce the impact of a potential
                   Year 2000 failure. IRS officials agreed to make changes to these two plans
                   to improve their consistency and completeness in these areas. In addition,
                   IRS officials said they have taken steps to help ensure the consistency and
                   completeness of other business contingency plans and make changes to
                   those plans if necessary.



                   8
                    Internal Revenue Service Century Date Change Business Continuity and Contingency Plan, Nov. 24,
                   1998.
                   9
                       At the time we were finalizing this letter, the reports showing the testing results were not completed.




                   Page 4                                 GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
              B-283400




Refund Plan   IRS does not have viable, alternative backup systems for the various
                                                                      10
              information systems used for processing tax returns. Further, IRS’ refund
              plan acknowledges that in the event that one or more of these systems fail,
              IRS may experience “a major work stoppage,” depending on how long the
              failure continues. Given the lack of automated alternatives, the refund plan
              calls for (1) notifying the public and (2) reverting to manual issuance of
              refunds—a process that IRS currently uses for certain types of taxpayers
              (e.g., those receiving a refund of more than $1 million or those with a
              specific hardship).

              Although this business contingency plan includes a specific performance
              goal as required by IRS’ guidance, that goal is inconsistent with the
              recommended contingency actions. Specifically, the plan’s performance
              goal calls for issuing 20 percent of the normal refund volume, using a
              $5,000 minimum as the threshold for manual issuance. However, the plan’s
              contingency procedures call for instituting a manual operation that would
              give priority to processing refunds for 1040EZ returns. These returns are
              filed by taxpayers with taxable incomes of less than $50,000. Consequently,
              these returns may not generate a significant number of $5,000 refunds.

              The inconsistency between the performance goal and the business
              contingency plan procedures raises questions about the goal that IRS is
              trying to achieve with its contingency plan. For example, if IRS is trying to
              reduce the potential for incurring increased interest costs on late refunds,
                                                                                       11
              high-dollar refunds should be targeted regardless of the type of return.
              However, if IRS is trying to expedite tax refunds for those taxpayers who
              may have the greatest financial need, a performance goal that focuses on
              issuing refunds of $5,000 or more may not be appropriate.

              In our June 1999 meeting with IRS officials, we pointed out this
              inconsistency, and they agreed that they needed to change the plan’s
              performance goal. In our meeting, the executive that was responsible for
              this plan said the plan’s performance goal should focus on issuing refunds
              to certain “hardship” taxpayers. According to IRS, hardship taxpayers
              10
                 This plan addresses the business processes that would be implemented if one or more of the
              following systems fail: (1) Generalized Unpostable Framework, (2) Service Center Control File, (3)
              Generalized Mainline Framework, (4) Error Resolution System, and (5) Multiple Virtual Storage
              Enterprise System Architecture (MVSEA). This plan does not address business processes that fall
              under the purview of the Department of the Treasury’s Financial Management Service, which is
              responsible for, among other things, receiving and processing requests for issuance of IRS refund
              checks.
              11
                 As stated in section 6611(e) of the Internal Revenue Code, IRS has until 45 days from the receipt of
              the tax return or the due date of the return, whichever is later, to issue a refund. If IRS fails to meet
              that time frame, the taxpayer is entitled to interest on his or her refund amount.




              Page 5                              GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
                         B-283400




                         would be those that filed a return with (1) a Form 911, Application for
                         Taxpayer Assistance Order; (2) an earned income tax credit, which is a
                         refundable tax credit available to low-income, working taxpayers; or (3) an
                         adjusted gross income within a certain dollar range that is to be
                         determined if a Year 2000 failure actually occurs.

                         With respect to mitigating actions, this plan did not include dates for
                         completing them before a potential Year 2000 failure. Examples of the
                         plan’s mitigating actions include (1) preparing a letter to the Department of
                         the Treasury’s Financial Management Service outlining the process for
                         transferring refund documents and files, (2) planning for one additional
                         week of training on the manual refund issuance process, (3) identifying
                         additional secure storage space in each service center, and (4)
                         coordinating press release information with IRS’ Office of Public Affairs.
                         Moreover, the plan did not specify which individuals were to be
                         responsible for completing the mitigating actions. Although IRS’ guidance
                         does not require that the plan identify specific individuals, without
                         identifying responsible individuals and dates for completing the mitigating
                         actions, IRS has little assurance that these actions will be completed
                         before a potential Year 2000 failure. In our June 1999 meeting, the
                         executive responsible for this plan acknowledged this omission and agreed
                         that the mitigating actions should identify responsible individuals and
                         completion dates.

Paper Submissions Plan   IRS receives paper submissions, including tax returns, at each service
                         center loading dock. From the loading dock, the returns are taken to the
                         mailroom for sorting. IRS’ Service Center Automated Mail Processing
                         System (SCAMPS) is a new automated system that IRS uses to sort the
                         mail. SCAMPS is to (1) open the envelopes to expedite the extraction
                         process, in which employees remove the tax return information from the
                         envelopes; (2) identify those tax returns with checks; (3) read the bar-
                         coded tax return envelopes and sort them into one of 40 different
                         categories; and (4) sort outgoing mail. The paper submissions plan focuses
                         on the contingency actions to be implemented in the event that SCAMPS
                         experiences a Year 2000 system failure.

                         Although IRS’ guidance calls for plans to contain a performance goal, the
                         paper submissions plan did not include one. According to the plan,
                         “specific performance measures for manual mail handling operations are
                         not yet available.” However, without a performance goal, it is unclear how
                         IRS determined that it would be sufficient to “use available service center
                         personnel to handle incoming mail” as specified in the plan.




                         Page 6                    GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
                           B-283400




                           While we recognize that IRS is developing new performance measures that
                           may not yet be available for this business function, in our June 1999
                           meeting with IRS officials, we identified information that could be used to
                           develop a performance goal for the plan. For example, the SCAMPS
                           processing rate could be used as a guide for developing an acceptable
                           (albeit reduced) level of service for a manual mail sorting process. IRS
                           could also use its productivity data on employees that manually extract tax
                           return information from envelopes as a basis for developing a performance
                           goal. The IRS executive that was responsible for this plan agreed that a
                           goal should be included and that these two data sources could be used to
                           develop that goal.

                           The plan’s mitigating actions were also incomplete. Like the refund plan,
                           this plan did not include the dates and the responsible individuals for
                           completing the plan’s two mitigating actions. Also, we told IRS officials
                           that we had questions about the viability of one of the plan’s mitigating
                           actions. That action calls for reverting back to a mail sorting system that is
                           currently not Year 2000 compliant. Even if IRS could develop a
                           workaround solution to make the older mail sorting system Year 2000
                           compliant, IRS officials said that they had planned to remove the
                           equipment for the older system by the 2000 filing season. IRS officials told
                           us that as a result of testing this plan, this mitigating action would be
                           deleted in the revised plan. The executive responsible for this plan also
                           agreed to add responsible individuals and the dates for completing the
                           other mitigating action, which pertains to sorting outgoing mail.

Actions Are Under Way to   In addition to agreeing to make changes to the two plans, IRS officials said
                           that actions are under way to help ensure that other business contingency
Help Ensure Consistency    plans are consistent and complete. According to officials in IRS’ Business
and Completeness of All                                             12
                           Systems Requirements Office (BSRO), a staff member has been
Plans                      designated to review all of the business contingency plans for consistency
                           and completeness and for crosscutting issues among the plans. Heretofore,
                           BSRO did not view this as its function, in part because according to BSRO
                           officials, it had a limited number of staff. IRS also has issued a work
                           request for one of its Year 2000 contractors to develop a database that
                           BSRO staff could use to track the implementation of key elements of the
                           business contingency plan (e.g., triggers, mitigating actions, contingency
                           team actions). According to IRS, information from the business
                           contingency plans is to be added to the database by late September 1999,
                           and reports are to be generated shortly thereafter.

                           12
                            BSRO, among other things, provides support to business functions for contingency planning and helps
                           ensure Year 2000 compliance for the Chief Operations Officer organizations.




                           Page 7                            GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
                B-283400




                If properly implemented in a timely fashion, these actions should provide
                IRS with a higher level of assurance that its business contingency plans
                will help reduce the impact in the event of a Year 2000–related system
                failure. Accordingly, we are not making any recommendations at this time.

                To achieve our objective of evaluating the consistency and completeness
Scope and       of two of IRS’ Year 2000 business contingency plans according to IRS’
Methodology     guidance, we

              • reviewed the following business continuity and contingency plan guidance:
                (1) Year 2000 Computing Crisis: Business Continuity and Contingency
                Planning (GAO/AIMD-10.1.19, Aug. 1998); (2) Internal Revenue Service
                Century Date Change Contingency Management Plan, (Version 5.0, Mar. 1,
                1999); and (3) Internal Revenue Service Century Date Change Business
                Continuity and Contingency Plan, (Version 1.0, Nov. 24, 1998);
              • interviewed officials from the Century Date Change Project Office;
              • interviewed members of the submission processing contingency plan
                working group, the executive that was responsible for the two plans we
                reviewed, the Business Year 2000 Executive, and other BSRO staff;
              • toured the Atlanta Service Center to learn more about how tax returns are
                processed through IRS’ information systems; and
              • reviewed 6 of the 10 sections of the two business contingency plans to
                determine whether they were consistent with IRS’ guidance.

                We did not analyze four sections of the plans (training and testing, post-
                event wrap-up, contingency actions log sheet, and information recovery)
                for several reasons. In lieu of including the testing procedures in the plan,
                IRS developed separate test plans for each contingency plan. To provide
                timely feedback to IRS so that they could begin corrective actions
                promptly, we focused our efforts on the business contingency plans
                themselves rather than the test plans. We did not analyze the post-event
                wrap-up information or the contingency actions log sheet because these
                sections are to be completed after the business contingency plan has been
                implemented. Both plans included little information about information
                recovery (i.e., regaining or retrieving data that may be lost or damaged as a
                                            13
                result of a system failure).



                13
                 The refund plan stated that (1) lost data could be recovered from original documents given that
                returns are stored up to 6 months at the service centers, and (2) recovery of damaged data was under
                the purview of IRS’ Information Systems contingency plans. We did not review these plans. The paper
                submissions plan indicated that developing manual procedures for recovering the types of
                management information data generated by SCAMPS was not possible.




                Page 8                            GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
                      B-283400




                      We also did not review any existing business resumption plans that IRS
                      developed for other than Year 2000-induced failures, and we did not
                      examine the relationship between individual Year 2000 business
                                                                       14
                      contingency plans and IRS’ “End Game” activities, which IRS is currently
                      developing.

                      We conducted our review from May 1999 to July 1999 in accordance with
                      generally accepted government auditing standards.

                      On August 27, 1999, we obtained written comments on a draft of this
Agency Comments and   report from the Commissioner of Internal Revenue. (See app. I for a copy
Our Evaluation        of IRS’ letter.) IRS said that it generally agreed with the issues raised in our
                      report and is taking the necessary steps to correct them. IRS also amplified
                      on its business contingency plan testing process and clarified some facts
                      and provided updated information, which we included in the report where
                      appropriate.

                      IRS said that it had envisioned that the business contingency plans were
                      “living documents” that would be revised over time to reflect changes in
                      technology, business processes, and legislation. Furthermore, IRS said that
                      the plans were to be tested by subject matter experts, including field staff,
                      to ensure their viability, which would result in modifications to the plans.
                      We agree that the plans were to be living documents and designed our
                      methodology accordingly. Recognizing that the plans were subject to
                      change based on the results of business contingency plan testing (as stated
                      on p. 1 of our draft report), we met with IRS in June 1999 to discuss our
                      initial findings. We scheduled this meeting, in part, so that IRS would have
                      the benefit of our feedback while the plans were still subject to change,
                      and possibly before they were to be tested. IRS said that as a result of our
                      findings on the weaknesses in the plans and the results of testing two
                      plans, it has begun work to address our concerns.

                      We are sending copies of this letter to Representative Amo Houghton,
                      Chairman, and Representative William J. Coyne, Ranking Minority
                      Member, Subcommittee on Oversight, House Committee on Ways and
                      Means; Senator Robert F. Bennett, Chairman, and Senator Christopher J.
                      Dodd, Vice-Chairman, Senate Special Committee on the Year 2000
                      Technology Problem; and Representative Stephen Horn, Chairman, and

                      14
                       IRS has a three-part “End Game” strategy that involves (1) preparing back-up data during the New
                      Year’s weekend; (2) conducting validation checks of its systems, telecommunications, and facilities
                      during the New Year’s weekend to identify any issues before the first day of business in 2000; and (3)
                      proactively monitoring key events to mitigate Year 2000-related problems that may interrupt national
                      tax processing. IRS’ monitoring efforts are scheduled to continue through March 2000.




                      Page 9                             GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
B-283400




Representative Jim Turner, Ranking Minority Member, Subcommittee on
Government Management, Information and Technology, House Committee
on Government Reform. We are also sending copies to the Honorable
Lawrence H. Summers, Secretary of the Treasury, and the Honorable
Jacob J. Lew, Director of the Office of Management and Budget. Copies
will be made available to others on request.

If you have any questions about the information contained in this report,
please contact me or Sherrie Russ at (202) 512-9110. Key contributors to
this assignment were Jackie Nowicki, Joanna Stamatiades, and Linda
Standau.

Sincerely yours,




James R. White
Director, Tax Policy
  and Administration Issues




Page 10                  GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
Page 11   GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
Appendix I

Comments From the Internal Revenue Service




              Page 12   GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
Appendix I
Comments From the Internal Revenue Service




Page 13                     GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
Appendix I
Comments From the Internal Revenue Service




Page 14                     GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
Page 15   GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
Page 16   GAO/GGD-99-176 IRS’ Year 2000 Business Contingency Plans
Ordering Information

The first copy of each GAO report and testimony is free. Additional
copies are $2 each. Orders should be sent to the following address,
accompanied by a check or money order made out to the
Superintendent of Documents, when necessary. VISA and
MasterCard credit cards are accepted, also. Orders for 100 or more
copies to be mailed to a single address are discounted 25 percent.

Order by mail:

U.S. General Accounting Office
P.O. Box 37050
Washington, DC 20013

or visit:

Room 1100
     th                  th
700 4 St. NW (corner of 4 and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000 or by using fax
number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and testimony.
To receive facsimile copies of the daily list or any list from the past
30 days, please call (202) 512-6000 using a touch-tone phone. A
recorded menu will provide information on how to obtain these
lists.

For information on how to access GAO reports on the INTERNET,
send e-mail message with “info” in the body to:

info@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

http://www.gao.gov
United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                Permit No. G100
Official Business
Penalty for Private Use $300

Address Correction Requested




(268897)