United States General Accounting Office GAO Information for House Majority Leader Richard Armey and Representative Pete Sessions May 1997 HIGH-RISK PROGRAM Information on Selected High-Risk Areas GAO/HR-97-30 United States GAO General Accounting Office Washington, D.C. 20548 Accounting and Information Management Division B-xxxxxx May 16, 1997 The Honorable Richard Armey Majority Leader House of Representatives The Honorable Pete Sessions House of Representatives As requested in your April 18, 1997, letter, enclosed is additional information on 12 areas included in GAO’s latest update on its High-Risk Program.1 It includes descriptions of key open GAO recommendations relevant to each area, the implementation status of those recommendations and why they have not been fully implemented, and remaining challenges to addressing high-risk problems. With regard to costs, where possible, we have identified the federal dollars involved with each program or area, and discuss federal dollars at risk from abusive or wasteful practices. In some cases, we have also indicated the estimated savings that might be attained or the costs that could be avoided if specific changes were made in these areas. As agreed with your offices, unless you publicly release this information earlier, we will not distribute it until 30 days from the date of this letter. To facilitate further GAO assistance, the GAO teams responsible for each of these high-risk areas are identified within the enclosed material. If you have any questions or need additional information on any of the enclosed material, please contact me on (202) 512-2600, or George Stalcup, Associate Director, on (202) 512-9490. Gene L. Dodaro Assistant Comptroller General Enclosures 1 High-Risk Series (GAO/HR-97-20SET, Feb. 1997). Defense Inventory Management In 1990, we identified the Department of Defense’s (DOD) secondary Overview inventory management as a high-risk area because levels of unneeded inventory were too high and systems for determining inventory requirements were inadequate. Inventory management problems have plagued DOD for decades. Despite numerous efforts on DOD’s part to correct these problems, we continue to consider inventory management a high-risk area because it is vulnerable to fraud, waste, abuse, and mismanagement. We recently reported that, as of September 30, 1995, about $34 billion, or about half of DOD’s $69.6 billion secondary inventory, was not needed to support war reserve or current operating requirements. Most of the problems that contributed to the accumulation of this unneeded inventory still exist, such as outdated and inefficient inventory management practices that frequently do not meet customer demands, inadequate inventory oversight, weak financial accountability, and overstated requirements. Because of these problems, we believe that a portion of DOD’s annual expenditure of approximately $15 billion for additional inventory is likely to be spent for unneeded inventory. DOD recognizes that it needs to make substantial improvements to its logistics system. While we continue to see pockets of improvement, as evidenced by each service’s and the Defense Logistics Agency’s (DLA) reengineering efforts, DOD has made little overall progress in correcting systemic problems that have traditionally resulted in large unneeded inventories. DOD top management needs to continue its commitment to changing its inventory management culture so that it provides its forces with necessary supplies in a timely manner while avoiding the accumulation of unnecessary materials. To effectively address its inventory management problems, DOD must adopt a strategy that includes both short- and long-term actions. • In the short term, DOD must continue to emphasize the efficient operation of its existing logistics systems. This includes reducing and disposing of unneeded inventory, implementing efficient and effective inventory management practices, training personnel in these practices and rewarding the right behavior, improving requirements data accuracy, and enforcing existing policies and procedures to minimize the acquisition and accumulation of unnecessary inventory. • In the long term, DOD must establish goals, objectives, and milestones for changing its culture and adopting new management tools and practices. A key part to changing DOD’s management culture will be an aggressive approach to using best practices from the private sector. From our Page 2 GAO/HR-97-30 High-Risk Program Defense Inventory Management discussions with more than 50 private sector companies, we identified best practices which, if applied in an integrated manner, could help streamline DOD’s logistics operations, potentially save billions of dollars, and improve support to the military customer. In our opinion, DOD has not been aggressive enough in pursing these practices. Recent DOD reengineering efforts have not incorporated some of the most advanced practices found in the private sector for reparable parts, and they have been slow to adopt best practices for hardware items. Our work identified opportunities for reducing the cost of operations and Potential Savings improving the overall effectiveness and efficiency of DOD support operations. We believe that there are about $2.3 billion in fiscal year 1996 expenditures for secondary items that could be avoided. For example, DOD spends about $14 billion a year to purchase secondary inventory items—spare and repair parts, clothing, medical supplies, and other support items—to support its operating forces. At September 30, 1996, DOD had $8.6 billion under contract or on purchase request to buy additional inventory. Of this amount, we estimate that about $1.6 billion of the $8.6 billion exceeded current operating and war reserve requirements. Even using DOD’s definition of needed inventory, which includes an additional 2-years worth of requirements, there would still be about $664 million of the $8.6 billion that would be classified as excess to current operations and war reserves. In a recent report (Defense Logistics: Much of the Inventory Exceeds Current Needs, GAO/NSIAD-97-71, Feb. 28, 1997) GAO noted that 145 inventory items had inventory valued at $28.4 million that represented 20 or more years of supply on hand and that had an additional $11.3 million on order. These items included circuit card assemblies, hydraulic pump linear valves, combining glasses, oscillators, and identification markers. In addition, in a September 1996 report (1997 DOD Budget: Potential Reductions to Operation and Maintenance Program, GAO/NSIAD-96-220, Sep. 18, 1996), GAO reported that DOD’s fiscal year 1997 operation and maintenance budget request could be reduced by $723 million because of potential unnecessary inventory purchases. Specifically, GAO noted that (1) a $188 million reduction could be taken because Army budget requests for spare parts were not based on accurate requirements data, (2) a $87 million reduction could be taken because the Navy and the Air Force used inaccurate data to determine requirements, (3) a $60 million reduction could be taken because the Navy counted depot level maintenance requirements for aviation spare parts twice, and (4) a Page 3 GAO/HR-97-30 High-Risk Program Defense Inventory Management $388 million reduction could be taken because the Air Force did not consider spare parts that were available for reclamation from aircraft and engines with no identified future use. In many cases, potential savings cannot be precisely quantified until DOD has taken specific action on our recommendations. For example, in the best practices area, in response to our recommendations, DOD has adopted best practices to improve the management of personnel items (medical, food, and clothing supplies), but these initiatives cover less than 3 percent of DOD’s secondary items. Between 1991 and 1995, we issued a series of reports that identified and recommended ways DOD could apply best management practices to personnel items. These reports focused on improved partnerships between suppliers and DOD facilities, principally through the use of prime vendors. A prime vendor provides timely and direct delivery between customers and suppliers, and orders additional stock from manufacturers on short notice, with quick turnaround, to minimize inventory holding costs. This approach reduces the need to stock and distribute inventory from DOS’s warehouse system. Since 1993, DLA has taken steps to use prime vendors for personnel items. One of DLA’s most successful initiative has been the implementation of a prime vendor program for medical supplies and pharmaceutical products. We reported in 1995 that approximately 150 DOD hospitals and medical treatment facilities were using prime vendors in 21 different geographic regions across the United States. The use of this program has allowed DOD to reduce stock levels at both wholesale and retail locations. Reducing inventory levels has also enabled DOD to reduce the warehouse space needed to store these items. At one storage depot alone, DLA reduced the storage space used for medical and pharmaceutical items by about 40 percent over a 3-year period. We estimate that between September 1991 and September 1996, DOD reduced its pharmaceutical, medical, and surgical inventories and associated management costs by about $714 million through the use of best practices, such as prime vendors. The majority of savings has resulted from the issuance of medical supplies to military customers without having to replace inventories through the purchase of additional stocks. Similar prime vendor programs are being implemented for food and clothing items. The prime vendor program also enables DOD hospitals to reduce inventory costs. For example, we reported in August 1995 that the Walter Page 4 GAO/HR-97-30 High-Risk Program Defense Inventory Management Reed Army Medical Center, in addition to a $3.8 million reduction in pharmaceutical inventories, saves over $6 million a year in related inventory management expenses by using a prime vendor. In addition, as a result of the elimination of inventories after the prime vendor program was established, Walter Reed was able to convert a former warehouse holding medical supplies into a medical training facility. The key area that we principally focused on in the inventory management Key Open area in 1995 and 1996 centered on the implementation of best management Recommendations practices adopted in the private sector to solve longstanding inventory and Implementation management problems. We have made several key recommendations designed at rectifying these longstanding problems. Status While DOD has taken steps to improve its logistics practices and reduce inventories, such as through long-term contracting, direct vendor delivery, and electronic commerce, DOD has not made enough progress with its $5.7 billion inventory of hardware items. It still has large amounts of items, such as bolts, valves, and fuses, that cost millions of dollars to manage and store. We estimate that this inventory could satisfy DOD’s requirements for the next 2 years, assuming demands remain constant. In contrast, some private sector companies we visited maintain inventory levels that last only 90 days. These companies have achieved these lean inventory levels and saved millions in operating costs by developing innovative supplier partnerships that give established commercial distribution networks the responsibility to manage, store, and distribute inventory on a frequent, regular basis. Although we recommended in 1993 that DOD pursue innovative partnerships with its suppliers to reduce logistics costs, DOD is only now in the initial stages of testing this type of partnership through its “Virtual Prime Vendor” program for hardware supplies. If successfully implemented, this concept could enable DOD to improve service to its customers and reduce overall logistics costs. In our opinion, this program is close to those efforts we have observed in the private sector and provides DOD with an excellent opportunity to achieve greater inventory reductions by minimizing the need to store inventory at wholesale and retail locations. If DOD were able to achieve similar performance from this effort as those in the private sector, hardware inventories and related management costs could be reduced by billions of dollars and parts needed to complete repairs would be more readily available to the end user. Page 5 GAO/HR-97-30 High-Risk Program Defense Inventory Management In addition to the opportunities to improve the management of hardware items, there are even greater opportunities to improve DOD’s management of reparable parts. As of September 30, 1995, DOD held more than $50 billion worth of these parts, but its efforts to streamline its logistics system for them have not included key best practices we have identified. Over the past 15 months, we have reported on the various problems with the DOD’s pipeline for reparable parts and on the substantial improvement opportunities available to DOD. For example: • In April 1997, we reported that we examined 24 different types of Army aviation parts, and calculated that the Army’s logistics system took an average of 525 days to ship broken parts from field units to the depot, repair them, and ship the repaired parts to using units. We estimated that all but 18 days (97 percent) was the result of unplanned repair delays, depot storage, or transportation time. We also calculated the Army uses its inventory six times slower than a major airline, British Airways. That airline had developed a process to move parts through its repair pipeline much faster. For example, one part we examined had an Army repair pipeline time of 429 days; in contrast, British Airways was able to complete this process in 116 days. • In July 1996, we reported that the Navy’s repair process can create as many as 16 time-consuming steps as parts move through the depot repair pipeline. Component parts can accumulate at each step in the process, which increases the total number of parts that are needed to meet customer demands and to ensure a continuous flow of parts. By tracking parts through each of the 16 steps and using the Navy’s flow time data, we estimated that it could take, on average, about 4 months from the time a broken part is removed from an aircraft to the time it is ready for reissue. Our analysis did not include the amount of time parts were stored in warehouses awaiting repair or issue to the customer. • In February 1996, we reported that using its current logistics pipeline process, the Air Force can spend several months to repair the parts and then distribute them to the end user. One part we examined had an estimated repair cycle time of 117 days; it took British Airways only 12 days to repair a similar part. The complexity of the Air Force’s repair and distribution process creates as many as 12 different stopping points and several layers of inventory as parts move through the process. Parts can accumulate at each step in the process, which increases the total number of parts in the pipeline. In our reports, we stated that DOD’s improvement efforts were not as extensive as they could be because they have not incorporated the best Page 6 GAO/HR-97-30 High-Risk Program Defense Inventory Management practices we have seen in the private sector. These practices are the prompt repair of items, the reorganization of the repair process, the establishment of partnerships with key suppliers, and the use of third-party logistics services. When used in an integrated manner, these best practices have successfully reduced costs and improved logistics operations. We have recommended that DOD test these concepts and expand them to other locations, where feasible. Each service is developing initiatives to improve the management of its logistics pipeline for reparable aircraft parts to make their logistics processes faster, better, and cheaper. Because these programs have only recently begun, they have had limited impact in improving DOD’s overall logistics operations. Most of the problems that contributed to the accumulation of unneeded Why inventory still exist, such as outdated and inefficient inventory Recommendations management practices that frequently do not meet customer demands, Have Not Been inadequate inventory oversight, weak financial accountability, and overstated requirements. Correcting these problems, as a result of Implemented and implementing our recommendations to adopt best practices, generally What Remains to Be involves development of long-term strategies. However, the “corporate culture” within DOD has been traditionally resistant to change. Done Organizations often find changes in operations threatening and are unwilling to change current behavior until proposed ideas have been proven. This kind of resistance must be overcome if the services are to expand their concept of operations. DOD’s top management needs to continue its commitment to changing its inventory management culture so that it provides its forces with necessary supplies in a timely manner while avoiding the accumulation of unneeded materials. We believe that the adoption of best practices is key to changing DOD’s inventory management culture. There are several House and Senate committees and subcommittees that Other Information have particular interest or ongoing initiatives related to this high-risk area. For example, Senator Carl Levin, both in his current capacity as Ranking Minority Member of the Senate Armed Services Committee and as the former Chairman of the Subcommittee on Oversight of Government Management and the District of Columbia, Senate Governmental Affairs Committee, has requested GAO’s reviews of DOD’s inventory management practices to identify areas where costs can be reduced and problems can Page 7 GAO/HR-97-30 High-Risk Program Defense Inventory Management be avoided if DOD adopted leading-edge practices that have been applied successfully by the private sector. The House Budget Committee has also expressed concern over and requested information on issues surrounding inventory management. In addition, we have testified several times this year before congressional committees on high-risk inventory management issues, including the Senate Committee on Governmental Affairs and the Subcommittee on National Security, International Affairs, and Criminal Justice, House Committee on Government Reform and Oversight. Congressional Contacts With Interest in Defense Inventory Management Committee Key Staff Issues Senate Armed Services Cord Sterling, Professional Staff Member (majority) (202) 224-9346 Peter Levine, Counsel for Senator Levin (202)224-3871 David Lyles, Minority Staff Director (202) 224-3871 Governmental Affairs William Greenwalt, Chief Investigator (202) 224-4751 Linda Gustitus, Subcommittee Minority Staff Director and Chief Counsel (202) 224-4551 House National Security Jeff Schwartz, Professional Staff Member (202) 226-1036 Craig Hall, Staff Member (202) 225-0892 Budget Wayne Struble, Director, Budget Priorities (majority) (202) 226-7270 Michael Lofgren, Budget Analyst (202) 226-7270 Government Reform and Robert Charles, Subcommittee Staff Director/Chief Oversight Counsel (202) 225-2577 Jim Wilon, Subcommittee Counsel (202) 225-2577 Mark Stephenson, Professional Staff Member (minority) (202) 225-5051 Page 8 GAO/HR-97-30 High-Risk Program Defense Inventory Management Executive Branch Contacts With Interest in Defense Inventory Agency Contact Management Issues Department of Defense John Phillips Deputy Under Secretary of Defense, Logistics (703) 697-1368 Robert Mason Assistant Deputy Under Secretary of Defense, Logistics (Maintenance) (703) 697-7980 James Emahiser Assistant Deputy Under Secretary of Defense, Logistics (Materiel and Distribution Management) (703) 697-9238 General Johnnie Wilson Commander, U.S. Army Materiel Command (703) 617-9626 Private Sector Contacts With Interest in Defense Inventory Management Issues General Vincent Russo (U.S. Army, Ret.) Defense Logistician (770) 997-4870 Dr. John Coyle Professor of Transportation and Logistics Penn State University (814) 865-0585 Logistics Management Institute (202) 651-8070 Council of Logistics Management (630) 574-0985 • DOD Suspended Stocks Ongoing Audit Work • ICP Consolidation under the Defense Logistics Agency • DOD’s Property Disposal Process • Best Management Practices for Hardware Supplies • DOD Parts Destruction • Navy’s Inventory Requirements David R. Warren Key GAO Contact Director, Defense Management Issues (202) 512-8412 Page 9 GAO/HR-97-30 High-Risk Program Defense Inventory Management Inventory Management: The Army Could Reduce Logistics Costs for Related GAO Products Aviation Parts by Adopting Best Practices (GAO/NSIAD-97-82, Apr. 15, 1997). Addressing the Deficit: Budgetary Implications of Selected GAO Work for Fiscal Year 1998 (GAO/OCG-97-2, Mar. 14, 1997). High-Risk Series: Defense Inventory Management (GAO/HR-97-5, Feb. 1997). Defense Logistics: Much of the Inventory Exceeds Current Needs (GAO/NSIAD-97-71, Feb. 28, 1997). Defense Inventory: Spare and Repair Parts Inventory Costs Can Be Reduced (GAO/NSIAD-97-47, Jan. 17, 1997). Logistics Planning: Opportunities for Enhancing DOD’s Logistics Strategic Plan (GAO/NSIAD-97-28, Dec. 18, 1996). 1997 DOD Budget: Potential Reductions to Operation and Maintenance Program (GAO/NSIAD-96-220, Sept. 18, 1996). Defense IRM: Critical Risks Facing New Materiel Management Strategy (GAO/AIMD-96-109, Sept. 6, 1996). Navy Financial Management: Improved Management of Operating Materials and Supplies Could Yield Significant Savings (GAO/AIMD-96-94, Aug. 16, 1996). Inventory Management: Adopting Best Practices Could Enhance Navy Efforts to Achieve Efficiencies and Savings (GAO/NSIAD-96-156, July 12, 1996). Defense Logistics: Requirement Determinations for Aviation Spare Parts Need to Be Improved (GAO/NSIAD-96-70, Mar. 19, 1996). Best Management Practices: Reengineering the Air Force’s Logistics System Can Yield Substantial Savings (GAO/NSIAD-96-5, Feb. 21, 1996). Inventory Management: DOD Can Build on Progress in Using Best Practices to Achieve Substantial Savings (GAO/NSIAD-95-142, Aug. 4, 1995). Defense Inventory: Opportunities to Reduce Warehouse Space (GAO/NSIAD-95-64, May 24, 1995). Page 10 GAO/HR-97-30 High-Risk Program Defense Inventory Management Best Practices Methodology: A New Approach for Improving Government Operations (GAO/NSIAD-95-154, May 1995). Defense Business Operations Fund: Management Issues Challenge Fund Implementation (GAO/NSIAD-95-79, Mar. 1, 1995). Defense Supply: Inventories Contain Nonessential and Excessive Insurance Stocks (GAO/NSIAD-95-1, Jan. 20, 1995). Defense Supply: Acquisition Leadtime Requirements Can Be Significantly Reduced (GAO/NSIAD-95-2, Dec. 20, 1994). Reengineering Organizations: Results of a GAO Symposium (GAO/NSIAD-95-34, Dec. 13, 1994). Commercial Practices: Opportunities Exist to Enhance DOD’s Sales of Surplus Aircraft Parts (GAO/NSIAD-94-189, Sept. 23, 1994). Organizational Culture: Use of Training to Help Change DOD Inventory Management Culture (GAO/NSIAD-94-193, Aug. 30, 1994). Partnerships: Customer-Supplier Relationships Can Be Improved Through Partnering (GAO/NSIAD-94-173, July 19, 1994). Commercial Practices: DOD Could Reduce Electronics Inventories by Using Private Sector Techniques (GAO/NSIAD-94-110, June 29, 1994). Commercial Practices: Leading-Edge Practices Can Help DOD Better Manage Clothing and Textile Stocks (GAO/NSIAD-94-64, Apr. 13, 1994). Defense Transportation: Commercial Practices Offer Improvement Opportunities (GAO/NSIAD-94-26, Nov. 26, 1993). Defense Inventory: Applying Commercial Purchasing Practices Should Help Reduce Supply Costs (GAO/NSIAD-93-112, Aug. 6, 1993). Commercial Practices: DOD Could Save Millions by Reducing Maintenance and Repair Inventories (GAO/NSIAD-93-155, June 7, 1993). DOD Food Inventory: Using Private Sector Practices Can Reduce Costs and Eliminate Problems (GAO/NSIAD-93-110, June 4, 1993). Page 11 GAO/HR-97-30 High-Risk Program Defense Inventory Management Organizational Culture: Techniques Companies Use to Perpetuate or Change Beliefs and Values (GAO/NSIAD-92-105, Feb. 27, 1992). DOD Medical Inventory: Reductions Can Be Made Through the Use of Commercial Practices (GAO/NSIAD-92-58, Dec. 5, 1991). Commercial Practices: Opportunities Exist To Reduce Aircraft Engine Support Costs (GAO/NSIAD-91-240, June 28, 1991). Page 12 GAO/HR-97-30 High-Risk Program Medicare Medicare provides health insurance for nearly all elderly Americans age 65 Overview and older and many of the nation’s disabled. One of the largest entitlement programs in the federal budget, Medicare spent nearly $200 billion in fiscal year 1996, and its costs are expected to increase more than 8 percent annually for the next 5 years. Before the end of that period, however, the trust fund that finances hospital, nursing home, and home health care is expected to be insolvent. While the Congress and the President have introduced changes to control Medicare costs, they are concerned that significant amounts of these costs are lost to fraudulent and wasteful claims. In addition to being costly, Medicare is complex. Providing health care coverage to about 38 million people, Medicare pays nearly a million providers who submit about 800 million individual claims each year. Most Medicare services are provided through the fee-for-service sector, where any qualified provider can bill the program for each covered service rendered. In recent years, increasing numbers of Medicare beneficiaries have enrolled in health maintenance organizations (HMO), a type of managed care, to receive covered services. Nearly 90 percent of Medicare beneficiaries, however, remain under fee-for-service care. Each of these delivery systems has its unique set of problems. In 1992 and again in 1995, GAO reported that the Medicare program was highly vulnerable to waste, fraud, abuse, and mismanagement. Since 1992, the Health Care Financing Administration (HCFA), the Department of Health and Human Services’ (HHS) agency responsible for running the Medicare program, has made some regulatory and administrative changes aimed at curbing fraudulent and unnecessary payments. However, in recent years, sizable cuts in the budget for program safeguards, where most of the funding for the fight against abusive billing is centered, have diminished efforts to thwart improper billing practices. Problems in funding program safeguards and HCFA’s limited oversight of its contractors continue to contribute to fee-for-service program losses. While HCFA expects a major computer system acquisition project to reduce certain weaknesses, the project itself has several risks that may keep HCFA from attaining its goals. On the managed care side, Medicare payment rates to HMOs are excessive and HCFA oversight is weak. These flaws leave beneficiaries without information essential to guide their HMO selection and without assurance that HMOs are screened adequately and disciplined for unacceptable care. Page 13 GAO/HR-97-30 High-Risk Program Medicare Since GAO issued its 1995 high-risk report, the government has made important strides in efforts to protect Medicare from exploitation. Recent legislation—the Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191), popularly known as the Kassebaum-Kennedy Act—provides assured funding for program safeguards, although per-claim expenditures will remain below the level of 1989 after adjusting for inflation. Nevertheless, we expect that the funding, if properly applied, can significantly improve anti-fraud and anti-abuse efforts. In addition, HCFA anticipates that it will gain enhanced oversight capacity and reduced administrative costs when the new claims processing system—the Medicare Transaction System (MTS), now progressing through its design phase—is fully implemented, which HCFA expects to occur after the year 2000. Further, the HHS Inspector General and other federal and state agencies banded together to fight fraud in five states in an effort called Operation Restore Trust. After the first year of operation, the effort yielded more than $40 million in payment recoveries for claims that were not allowed under Medicare rules, as well as convictions for fraud, impositions of civil monetary penalties, and the exclusion of providers from the program. Methods used in this program will be applied to detect fraud and abuse in other locations in the future. Progress is also being made in addressing program management issues. For example, the Health Insurance Portability and Accountability Act gives additional flexibility to HCFA to contract with firms specializing in utilization review and makes the penalties for Medicare fraud more severe. In addition, HCFA is improving its credentialing process for Medicare providers and is currently evaluating commercially available software for its potential to screen out some types of inappropriate claims. Finally, the new Health Insurance Portability legislation and several planned consumer information efforts offer the potential for improved HCFA oversight of HMOs. Many of Medicare’s vulnerabilities are inherent in its size and mission, making the government’s second largest social program a perpetually attractive target for exploitation. That wrongdoers continue to find ways to dodge safeguards illustrates the dynamic nature of fraud and abuse and the need for constant vigilance and increasingly sophisticated ways to protect the system. Judicious changes in Medicare’s day-to-day operations entailing HCFA’s improved oversight and leadership, its appropriate application of new anti-fraud-and-abuse funds, and the mitigation of MTS acquisition risks, are necessary ingredients to reduce substantial future losses. Moreover, as Medicare’s managed care enrollment grows, HCFA Page 14 GAO/HR-97-30 High-Risk Program Medicare must ensure that payments to HMOs better reflect the cost of beneficiaries’ care, that beneficiaries receive information about HMOs sufficient to make informed choices, and that the agency’s expanded authority to enforce HMO compliance with federal standards is used. To adequately safeguard the Medicare program, HCFA needs to meet these important challenges promptly. No one can claim with precision how much Medicare loses each year, but Potential Savings our work suggests that by reducing unnecessary or inappropriate payments, the federal government can realize large savings and help dampen the growth in Medicare costs. The hidden nature of improper billing and health care crimes precludes a rigorously quantified estimate of expenditures attributable to fraud and abuse. Estimates of the costs of fraud and abuse ranging from 3 to 10 percent have been cited for health expenditures nationwide, so applying this range to Medicare suggests that such losses in fiscal year 1996 could have been from $6 billion to as much as $20 billion. Special Payments to Teaching Hospitals (GAO/HRD-89-33)1 Key Open Recommendations Because Medicare’s extra payments to teaching hospitals are too high, our and Implementation work has shown that the Congress can save about $1 billion annually by reducing the percentage of add-on payments that teaching hospitals Status receive. Since the GAO report was issued, the Congressional Budget Office and the Prospective Payment Review Commission also found that the percentage was too high. Their analyses of recent data continue to show a reduction is warranted. Decreasing the indirect medical education adjuster has been under consideration in the Medicare savings debate. Excessive Payments for Provider costs and Medicare reimbursements for medical procedures Costly Technologies involving new technologies, such as magnetic resonance imaging (MRI) (GAO/HRD-92-59) are often high in order to offset initial expenditures for equipment and low rates of usage. We reported, however, that HCFA does not make timely adjustments to the Medicare reimbursement rates as new medical technologies mature and unit costs decline. Therefore, we recommended that HCFA (1) survey facility costs and revise the Medicare fee schedule to more accurately reflect the costs that are incurred and (2) periodically 1 This issue was also discussed in GAO’s report Addressing the Deficit: Budgetary Implications of Selected GAO Work for Fiscal Year 1998 (GAO/OCG-97-2, Mar. 14, 1997). Page 15 GAO/HR-97-30 High-Risk Program Medicare review and adjust the Medicare reimbursements for procedures using high-cost technologies. To help bring Medicare payment rates more in line with actual costs, the Congress has enacted several mandates to reduce rates for specific procedures and services—including payments for MRI scans. In addition, HCFA has several rate-reduction projects planned or underway. None of these projects, however, targets new and expensive technologies. We continue to believe that significant program savings would result from an ongoing, systematic process for evaluating the reasonableness of Medicare payment rates for maturing medical technologies. Rapid Spending Growth in Since 1990, Medicare outlays for home health care services—provided to Home Health Care beneficiaries who are home-bound and need skilled care—have grown at (GAO/HEHS-96-16) an average rate of over 30 percent a year. We reported that the increase in home health outlays is largely due to increased usage that has accompanied deterioration in program controls. Funding for review of claims had declined by over one- third. In addition, a court struck down HCFA’s interpretation of benefit coverage requirements; this court ruling in effect widened Medicare coverage of home health. Consequently, we suggested that the Congress may wish to consider clarifying the scope of the benefit and providing extra resources to strengthen controls against abuse of the home health benefit. At issue is whether the benefit should continue to be more of a long-term care benefit or whether it should be limited primarily to post-acute care. The HCFA Administrator and the Congress have made a number of proposals designed to gain better control of the Medicare home health benefit. These proposals are under active Congressional consideration. The Health Insurance Portability and Accountability Act of 1996 provides assured funding for Medicare program integrity activities beginning in fiscal year 1997. If appropriate funding is allocated to home health care oversight from newly available funds, the intent of the recommendation will be met. Further, the administration has proposed moving to a Prospective Payment System (PPS) to help control cost growth in home health benefits. While the proposal has appeal, what remains unclear about PPS is whether an appropriate unit of service can be defined for calculating prospective payments and whether HCFA’s databases are adequate for establishing reasonable rates. Page 16 GAO/HR-97-30 High-Risk Program Medicare Referrals to Imaging In 1993, we reported that physicians with a financial interest in imaging Facilities (GAO/HEHS-95-2) facilities referred their Medicare patients for more imaging services than physicians without such investments. As part of the Omnibus Budget Reconciliation Act of 1993 (OBRA), the Congress included provisions to restrict physicians from referring their patients to facilities in which the physician has a financial stake. In 1995, we recommended that HCFA develop the procedures needed for Medicare claims processing contractors to monitor these referrals. Although OBRA restrictions were effective as of January 1, 1995, HCFA has not issued final regulations and guidance needed to assure compliance with OBRA. Medicare Reimbursement Nursing home residents receive therapy services (e.g., physical therapy) for Therapy in Nursing from various providers. We reported that Medicare is vulnerable to Homes (GAO/HEHS-95-23) overcharges from unscrupulous providers, due in part to its flawed reimbursement methods, and in part to its inadequate screening of providers. Consequently, we recommended that HCFA set explicit limits to ensure that Medicare pays no more for therapy services than would any prudent purchaser. Furthermore, we recommended that Medicare certification requirements be strengthened so that those entities billing Medicare would be more accountable for the services they provide to beneficiaries. HCFA has proposed revised salary equivalency guidelines for contracted physical therapy and respiratory services, speech language pathology, and occupational therapy services. However, even with these guidelines, the Medicare-established limits will not apply if a therapy company bills Medicare directly. HCFA is also exploring ways to strengthen controls over these types of services in skilled nursing facilities (SNF). The Administrator has proposed and we have supported requiring that virtually all services furnished to SNF residents be billed by the SNF itself. This would facilitate a SNF prospective payment system, limit the possibility of double billing, and help to control overutilization of part B services billed by outside suppliers. Excessive Payments for Medicare reimburses providers of certain medical items and supplies Medical Supplies according to fee schedules that do not reflect substantially lower market (GAO-HEHS-95-171) prices. For example, Medicare pays $2.32 for a pad of gauze that is available at the wholesale level for 19 cents. Excessive fees invite submission of abusive claims by unscrupulous providers. Coupled with inadequate review of such claims, these above-market fees and payment Page 17 GAO/HR-97-30 High-Risk Program Medicare rates lead to Medicare and taxpayers losing hundreds of millions of dollars. Current law imposes cumbersome administrative requirements that HCFA must follow when adjusting payment rates. In one situation where HCFA made such an adjustment, it took 3 years. In addition, for some items, HCFA lacks the authority to adjust payment rates. We recommended that the Congress give HHS the authority to adjust fee schedules promptly when overpriced services and supplies are identified. HHS has submitted legislative proposals to the Congress on several occasions since 1987 that would provide HCFA and the carriers the authority to adjust or limit fee-schedule amounts. Screening Medicare Claims Medicare is only supposed to reimburse providers for services that are (GAO-HEHS-96-49) medically necessary. We reported that the several dozen Medicare claims processors often use different automated screens to distinguish necessary from unnecessary services, based on criteria developed locally. We also reported that these screens do not target medical procedures that are overused nationwide. (Up to several hundred million dollars per year are at stake.) Consequently, we recommended that HCFA act as a clearinghouse—gathering information on both local medical policies and screens for procedures that are widely overused, and disseminating the information to all the claims processors. We also recommended that HCFA hold the claims processors accountable for implementing local medical policies and screens for procedures that are overused nationwide. As of May 22, 1996, HCFA reported that it had completed work on some model medical policies and was working on others. However, concerning the collection, analysis, and dissemination of information on effective prepayment screens, HCFA stated that the implementation of the planned Medicare Transaction System is needed to develop a fully comprehensive database of screens that can be analyzed and shared with all carriers. Full implementation of the system is not scheduled until after the year 2000. HCFA is exploring ways to identify widespread overutilization by analyzing trends and national patterns. Until HCFA systematically identifies widespread overutilization, it cannot hold its contractors accountable for correcting overutilization that is national in scope. Page 18 GAO/HR-97-30 High-Risk Program Medicare Medicare Payment Rates to Most Medicare beneficiaries who join a HMO belong to a “risk contract” Risk Contract HMOs HMO, which provides them with all covered services in exchange for a flat (GAO/HEHS-96-21, fee, paid by Medicare. We have reported that Medicare generally overpays these risk HMOs because its payment methods do not correct enough for GAO/T-HEHS-97-78, risk HMOs enrollees’ tendency to be healthier and less costly than the GAO/HEHS-97-16) average beneficiary. With risk HMO enrollment at more than 11 percent of beneficiaries and growing rapidly, these excess payments become substantial. Given the problem’s heightened urgency, we suggested that the Congress might wish to give HHS the authority to reduce Medicare HMO payment rates in areas where market data indicate that these rates are too high. In addition, we recently recommended that the Secretary of HHS should direct HCFA to correct the inflated cost average underlying Medicare’s HMO payment rates. We estimate this change would save several hundred million dollars annually. Medicare HMO Oversight Beneficiaries’ confidence in Medicare managed care depends significantly (GAO/HEHS-95-155, on the effectiveness of HCFA oversight. Although HCFA has instituted GAO/HEHS-97-23, several promising improvements, its monitoring and enforcement of performance standards for Medicare HMOs still falls short; quality GAO/T-HEHS-97-109) assurance reviews are not comprehensive, enforcement actions are too often weak, and the appeals process for beneficiaries is slow. We recommended that HHS develop more consumer-oriented oversight of the Medicare HMO program, including (a) routinely publishing comparative data on HMOs’ performance and on known deficiencies and (b) assigning sufficient, trained staff to monitor and verify the effectiveness of HMOs’ quality assurance practices. Payments to Rural Health The Rural Health Clinics (RHC) program was established in 1977 to Clinics (GAO/HEHS-97-24, provide reimbursement to health clinics in underserved rural GAO/OCG-97-2) communities. Today, the federal government continues to reimburse RHC providers through the Medicare and Medicaid programs on the basis of their actual costs of providing care, while most other providers receive lower payments limited by set fee schedules. RHCs continue to receive cost-based reimbursement out of recognition that a fee schedule approach does not help ensure financial viability of low volume rural health care providers. Since 1989, the number of RHCs has grown by over 30 percent a year to nearly 3,000, with total payments to them expected to be over $1 billion annually by the year 2000. Page 19 GAO/HR-97-30 High-Risk Program Medicare We found that contrary to its purpose, the RHC program is generally not focused on serving populations that have difficultly obtaining primary care in isolated rural areas. Rather, our work suggests that the additional funding provided to RHCs each year increasingly benefits well-staffed, financially viable clinics in populated areas that already have extensive health care delivery systems in place. We recommended that the Congress eliminate cost-based reimbursement to RHCs unless they are located in areas with no other Medicare and Medicaid providers or can demonstrate that existing providers will not accept new Medicare and Medicaid patients and that the funding would be used to expand access to them. Assuming such improvements in the targeting of payments, the Congressional Budget Office estimated that the Medicare savings would be $200 million between 1998 and 2002 (the Medicaid savings would be $140 million). Medicare Incentive The Medicare Incentive Payment (MIP) program was established in 1987 Payments in Health Care amid concerns that low Medicare reimbursement rates for primary care Shortage Areas services caused access problems for Medicare beneficiaries in underserved areas. To encourage physicians to locate and serve Medicare (GAO/HEHS-95-200, beneficiaries in such areas, physicians receive an additional 10-percent GAO/OCG-97-2) payment from Medicare for the services they deliver in urban and rural Health Professional Shortage Areas designated by HHS. In 1995, a representative of HCFA stated that this program provided about $107 million in bonuses to physicians, an amount 16 percent higher than the previous year. Our work leads us to question the appropriateness of the program. Recent surveys of the Medicare population show that neither provider shortages nor low reimbursement rates were causing wide spread access problems. Also, we found that at least one-third of these designations are outdated or erroneous and that evidence suggests that the MIP program did not play a significant role in physician decisions to practice in underserved areas because the payment is too low. The Congressional Budget Office estimated that elimination of the program would save $380 million between 1998 and 2002. Page 20 GAO/HR-97-30 High-Risk Program Medicare As can be seen from the discussion of the individual key Why recommendations, the government has made some progress in protecting Recommendations the Medicare program from exploitation. One of the long-standing Have Not Been problems facing HCFA has been its lack of resources needed to implement many of our recommendations. The recent passage of the Health Implemented and Insurance Portability and Accountability Act, however, should help HCFA What Remains to Be in this regard by providing HCFA an opportunity both to stabilize its scrutiny of Medicare claims and more effectively regulate risk contract Done HMOs. Adequate funding of the anti-fraud and anti-abuse activities coupled with strong HCFA oversight of its fee-for-service and managed care contracts constitute the foundation for managing a program that is always likely to be a target for exploitation. Another recurring difficulty has been the length of time it takes to implement regulatory changes in those situations where HCFA has agreed with our recommendations. The process is complicated and takes several years to complete. Additionally, the Congress has not acted on our recommendations in some cases. A successful implementation of the Medicare Transaction System could help address various Medicare problems, including providing better controls over fraud and abuse. However, HCFA needs to mitigate the risks associated with the acquisition of this system. Today, we are releasing our report, Medicare Transaction System: Success Depends Upon Correcting Critical Management and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997), which includes numerous recommendations to address these risks. Both OMB and HHS have agreed with these recommendations and said that they will take action to address them. As HCFA faces this challenge as well as those presented by the growing and complex Medicare program, it needs to make additional technological improvements, such as greater use of commercial software to identify areas vulnerable to billing abuses. Further, it must apply continued vigilance over day-to-day operations and exhibit strong leadership to effectively manage the program, thereby controlling the risks to both the taxpayers and beneficiaries. Page 21 GAO/HR-97-30 High-Risk Program Medicare Congressional Contacts With Interest in Medicare Issues Committee/ Subcommittee Key Staff Area of Interest Senate Governmental Affairs Majority: Farnham -Medicare fraud and abuse (202) 224-4751 Minority: McFarland -HCFA efforts on Government Performance and Results Act Finance Majority Staff Director: Paull -Medicaid programs’ (202) 224-4515 impact on Medicare Majority Staff: James, expenditures Bonmartini, Smith, Vachon -Medicare pricing issues Minority Staff: Podoff -Medicare fraud and abuse -Payment policies for Medicare HMOs Appropriations Majority Staff: Sourwine -Medicare fraud and abuse (202) 224-3471 costs Minority Staff: Reinecke -Medicare Transaction Labor, Health, and Human System Services and Education (202) 224-7230 Labor and Human Majority Staff: Harrington, -Implementation of Health Resources Guice Insurance Portability and (202) 224-5375 Accountability Act Minority Staff: Ewers Aging Majority Staff: Spaulding -Medicare HMO payment (202) 224-0136 issues Special Committee Majority Staff Director: -Medicare fraud and abuse on Aging Totman (202) 224-5364 -Medicare home health Majority Staff: Jones -Consumer information on Minority Staff Director: Medicare HMOs Lesley -Medicare and Medicaid Minority Staff: Cohen dual eligibles -Disenrollments from Medicare HMOs -Geographic differences in Medicare HMO premiums and benefits (continued) Page 22 GAO/HR-97-30 High-Risk Program Medicare Committee/ Subcommittee Key Staff Area of Interest House Budget Majority Staff: -Medicare financing and (202) 226-7270 Cantwell savings Commerce Majority Staff: Cohen, Berger -Medicare managed care (202) 225-2927 Staff: Nelson payment issues issues Minority Staff Director: Stuntz -Medicare fraud and abuse Minority -Medicare management -Medicare pricing Education and the Majority Staff: Mueller -Effects of Health Insurance Workforce Portability and (202) 225-4527 Minority Staff: Bruns Accountability Act Employer-Employee Relations (202)225-4527 Government Reform and Oversight (202) 225-5074 Human Resources Majority Staff: Halloran, -Medicare fraud and abuse (202) 225-2548 Sayer -Medicare management Minority Staff: Stroman -Medicare Transaction System -HCFA efforts on Government Performance and Results Act (continued) Page 23 GAO/HR-97-30 High-Risk Program Medicare Committee/ Subcommittee Key Staff Area of Interest Ways and Means (202) 225-3625 Health Majority Staff Director: Kahn •Medicare managed care (202) 225-3943 payment issues Majority Staff: Lynch, Rosen •Home health and skilled Minority Staff Director: nursing facility cost growth Vaughn •Medicare pricing •Solvency of Medicare part A trust fund •End-stage renal disease claims and payments •Prospective payment systems for post acute care •Age threshold for Medicare eligibility The following ongoing jobs are related to the Medicare High-Risk issue: Ongoing Audit Work • Medicare HMO Post-Acute Care • Medicare Certification of Home Health Agencies • Review of Durable Medical Equipment Medical Policies • Medicare HMOs: Patterns of Beneficiary Disenrollment and Indicators of Problem Plans • Review of Modern Management Practices That Can be Implemented in Medicare to Achieve Savings and Improve Operations • Review of the Health Insurance Portability and Accountability Act’s Medicare Fraud Reduction Measures • Cost-Effectiveness of Medicare Prepayment Screens • Review of Home Health Benefits Under the Medicare Program • Medicare Payments for Durable Medical Equipment • Review of Medicare Payments to HMOs for Institutionalized Beneficiaries • Implications of Including For-Profit Home Health Utilization Rates in Developing a Prospective Payment System • Review of Lab Service Utilization Rates for Medicare End-Stage Renal Disease Patients • Review of Medicare Payments for Oxygen Equipment and Supplies • Variation in Medicare Direct Graduate Medical Education Payments • Information on HCFA’s Reorganization Page 24 GAO/HR-97-30 High-Risk Program Medicare GAO is also working closely with the HHS Inspector General on the annual audit of the Department’s financial statements pursuant to the Chief Financial Officers Act of 1990, as amended, and will continue to monitor efforts by HCFA to implement the Medicare Transaction System. William J. Scanlon Key GAO Contacts Director, Health Financing and Systems Issues (202) 512-7114 Bernice Steinhardt Director, Health Services, Quality and Public Health Issues (202) 512-7119 Joel Willemssen Director, Information Resources Management Issues (202) 512-6253 Bob Dacey Director, Consolidated Audits and Computer Security Issues (202) 512-3317 Gloria Jarmon Director, Civil Audits - Health, Education, and Human Services Issues (202) 512-4476 Medicare Transaction System: Success Depends Upon Correcting Critical Related GAO Products Management and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997). Nursing Homes: Too Early to Assess New Efforts to Control Fraud and Abuse (GAO/ T-HEHS-97-114, Apr. 16, 1997). Medicare Managed Care: HCFA Missing Opportunities to Provide Consumer Information (GAO/T-HEHS-97-109, Apr. 10, 1997). Medicare Post-Acute Care: Cost Growth and Proposals to Manage It Through Prospective Payment and Other Controls (GAO/T-HEHS-97-106, Apr. 9, 1997). Page 25 GAO/HR-97-30 High-Risk Program Medicare Addressing the Deficit: Budgetary Implications of Selected GAO Work for Fiscal Year 1998 (GAO/OCG-97-2, Mar. 14, 1997). Medicare Post-Acute Care: Home Health and Skilled Nursing Facility Cost Growth and Proposals for Prospective Payment (GAO/T-HEHS-97-90, Mar. 4, 1997). Medicare: Inherent Program Risks and Management Challenges Require Continued Federal Attention (GAO/T-HEHS-97-89, Mar. 4, 1997). Medicare HMOs: HCFA Could Promptly Reduce Excess Payments by Improving Accuracy of County Payment Rates (GAO/T-HEHS-97-78, Feb. 25, 1997). Medicare: HCFA Should Release Data to Aid Consumers, Prompt Better HMO Performance (GAO/HEHS-97-23, Oct. 22, 1996). Medicare: Early Resolution of Overcharges for Therapy in Nursing Homes is Unlikely (GAO/HEHS-96-145, Aug. 16, 1996). Medicare: Private Payer Strategies Suggest Options to Reduce Rapid Spending Growth (GAO/T-HEHS-96-138, Apr. 30, 1996). Medicare: Home Health Utilization Expands While Program Controls Deteriorate (GAO/ HEHS-96-16, Mar. 27, 1996). Medicare: Millions Can Be Saved by Screening Claims for Overused Services (GAO/ HEHS-96-49, Jan. 30, 1996). Fraud and Abuse: Providers Target Medicare Patients in Nursing Facilities (GAO/HEHS-96-18, Jan. 24, 1996). Medicare Managed Care: Growing Enrollment Adds Urgency to Fixing HMO Payment Problem (GAO/HEHS-96-21, Nov. 8, 1995). Fraud and Abuse: Medicare Continues to Be Vulnerable to Exploitation by Unscrupulous Providers (GAO/T-HEHS-96-7, Nov. 2, 1995). Page 26 GAO/HR-97-30 High-Risk Program Supplemental Security Income Since its inception in 1974, the Supplemental Security Income (SSI) Overview program has grown significantly. About 6.6 million recipients now receive roughly $22 billion in federal benefits. To date, our work has shown that several longstanding problems have affected Social Security Administration’s (SSA) ability to protect taxpayer dollars from being overpaid to recipients and to manage the SSI program. These problems generally involve SSA’s failure to adequately (1) verify recipient’s initial and continuing financial eligibility, (2) minimize and collect SSI overpayment, (3) address program fraud and abuse, (4) determine whether SSI recipients remain disabled, and (5) help SSI recipients enter the workforce and ultimately leave the program. These deficiencies have affected program size and integrity and contributed to significant annual increases in overpayment to recipients. During 1996, SSA had more than $2.3 billion in overpayments that were owed to the agency, including $895 million in newly detected overpayment during the year. Rapid program growth, combined with the program’s demonstrated vulnerability to fraud, abuse, and overpayments were primary factors in our decision to add the SSI program to our list of high-risk areas in 1997. In the following section, we have identified prior GAO work in which recommendations for addressing SSI program problems have not yet been fully addressed by SSA. We have arranged the reports in line with the five problem areas listed above (some reports apply to more than one area). For each recommendation, we discuss potential savings and provide the current status of actions taken by SSA. Report Findings and Recommendations Problem Area 1: GAO Report: Supplemental Security Income: SSA Efforts Fall Short in Inadequate Attention to Correcting Erroneous Payments to Prisoners (GAO/HEHS-96-152, Aug. 30, Verifying Recipient’s Initial 1996). and Continuing Financial SSI provides cash payments to indigent aged, blind, or disabled individuals Eligibility to meet basic needs—food, clothing, shelter. Prisoners are ineligible for SSI because prisons and jails meet those basic needs. Despite procedures to identify SSI recipients in county and local jails, SSA has paid millions of benefit dollars to incarcerated individuals. During our review, SSA initiated a program to better identify current prisoners receiving SSI Page 27 GAO/HR-97-30 High-Risk Program Supplemental Security Income benefits. However, it has not taken action to identify former prisoners who have received benefits or to recover the overpayment. Key Open Recommendations: In order to identify SSI recipients who have been erroneously paid in prior years, we recommend that the Commissioner of SSA direct SSA field offices to obtain information from county and local jails on former prisoners. SSA should then process this information to (1) determine if it made erroneous payments to any of these prisoners, (2) establish overpayment for the ones it paid, and (3) attempt to recover all erroneous payments. Potential Cost Savings: During our review, we found that in 1995, SSA erroneously paid $5 million in SSI payments to about 3,000 current and former prisoners in several county and local jails. About $1 million of the erroneous overpayment were made to 615 former prisoners. We also found that SSA was unaware that it had erroneously paid 454 (74 percent) of the former prisoners, was still making payments to these individuals, and was by withholding a portion of their current payments to recover the overpaid funds. To develop information on former prisoners, we obtained automated lists from two county systems of all prisoners released in the first 6 months of 1995. We then matched their SSNs against SSI records to identify those who received SSI payments while incarcerated. Because of limitations in our sample, we could not use the findings of our review to project how many former prisoners nationally were likely to have received erroneous SSI payments. We were also unable to project the total program savings associated with recovering the overpaid funds. However, our sample review leads us to believe that SSA could recover additional overpaid SSI funds if it complied with our recommendation. Implementation Status and While SSA has begun to obtain better information on SSI recipients What Remains to Be Done: currently in local and county jails, it has not yet developed information on the universe of former prisoners who may have received SSI payments, nor has it taken action to recover any overpaid SSI funds from this population. SSA has acknowledged that the productivity of securing information on former prisoners appears desirable and worthy of further investigation. However, they have expressed concerns about the availability of data, the potential hardship placed on county and local jail officials who will have to provide this additional data, the cost-effectiveness of processing data on current prisoners who may no longer be receiving SSI payments, and other matters. In response to SSA’s comments, we demonstrated that obtaining necessary data on former prisoners should not pose a significant problem to SSA. We also noted that any additional hardship this “onetime” effort Page 28 GAO/HR-97-30 High-Risk Program Supplemental Security Income may pose to local and county jails may be offset by the potential to recover erroneously paid SSI state supplements. Therefore, we continue to believe that decisive agency action is necessary to identify and recover more erroneous SSI payments made to former prisoners. SSA told us that they plan to conduct a cost/benefit analysis to determine how effective it would be to obtain data on former prisoners. However, as of May 1997, they had not yet begun such an effort. Problem Area 2: GAOReport: Debt Management: More Aggressive Actions Needed to Inadequate Attention to Reduce Billions in Overpayments (GAO/HRD-91-46, July 9, 1991). Reducing and Collecting SSA has experienced longstanding problems in controlling and collecting SSI Overpayment overpayment made to beneficiaries in both its title II and title XVI programs. Although these problems have been reported by GAO since 1989, SSA still has made little progress in preventing and collecting overpaid benefits. Key Open Recommendations: That the Commissioner of SSA • accelerate completing the management information system needed to support effective debt management, and • establish specific dollar collection goals for recovering debts owed by former beneficiaries. Potential Cost Savings: Our review included both title II and title XVI overpayments experienced by SSA, rather than strictly focusing on SSI overpayment. However, we concluded that compliance with our recommendations and use of such innovative tools as the tax refund offset would result in increased overpayment recoveries and significant savings in both programs. In our 1997 high-risk testimony, we noted that more than $2.3 billion in SSI overpayments were still owed to SSA. About $895 million in newly detected overpayment was detected by SSA during this year. We believe that substantially more SSI overpayments could be recovered if SSA placed a greater organizational focus on deterring and collecting overpayments and implemented such tools as the tax refund offset (TRO) for delinquent SSI debt. However, to date, we have not projected what the total program cost savings would be. Implementation Status and The agency has implemented a number of our recommendations resulting What Remains to Be Done: from our report. The two remaining open recommendations are in process and SSA is currently developing a new system to track recovery of Page 29 GAO/HR-97-30 High-Risk Program Supplemental Security Income overpayment. Full implementation is dependent on the release and effectiveness of SSA’s new management information system. Specific dollar collection goals are planned to be established following SSA’s evaluation of the data it is currently tracking regarding the recovery of overpayment. SSA is making progress toward completing the remaining recommendations in this area. Despite SSA’s actions, one area of continued concern is the low priority SSA has historically placed on controlling and collecting title XVI overpayments. This is evidenced by SSA’s failure to utilize debt collection tools that it has had the authority to use for many years. For example, SSA has had the authority to use TROs to pursue SSI overpayments since 1984. The TRO is used by SSA for its title II program and has proven effective in another welfare program—Food Stamps—for collecting delinquent debt from recipients who no longer receive benefits. SSA has claimed that implementation of the SSI tax refund offset was imminent. However, current agency plans call for implementing this tool sometime beyond fiscal year 1997, or more than 13 years after obtaining authority to do so. Moreover, SSA still lacks overpayment collection tools for the SSI program commonly available in other means tested programs. These include such things as credit bureau reporting and private collection agencies. SSA has legislative authority to use credit bureaus and private collection agencies to collect delinquent title II debt, but is excluded from using such tools to pursue SSI overpayments. GAO Report: Supplemental Security Income: Administrative and Program Savings Possible by Directly Accessing State Data (GAO/HEHS-96-163, Aug. 29, 1996). SSA is responsible for ensuring that SSI payment amounts are correct and that only those eligible for SSI benefits receive them. To fulfill these responsibilities, SSA needs accurate and timely information on recipients’ income, assets, and living arrangements. An effective way to obtain information is through on-line access to state maintained recipient data. However, SSA has not made sufficient progress toward effectively using on-line data from the states. Key Open Recommendations: To prevent overpayments or detect them sooner, we recommend that the Commissioner of SSA • require claims representatives to use on-line access to states’ information to routinely check for unreported sources of income when initial and Page 30 GAO/HR-97-30 High-Risk Program Supplemental Security Income subsequent assessments of eligibility are done, provided that it is cost-effective to do so. • develop automatic interfaces with state databases that comply with laws and standards governing computer matching, privacy, and security that can (1) more fully automate the earnings and UI computer matches and (2) identify additional income sources that do not currently have computer matches. Potential Cost Savings: We estimated that, if available and effectively used, direct on-line access to state databases could have prevented or more quickly detected more than $131 million in SSI overpayment caused by unreported or underreported income nationwide in one 12-month period. Implementation Status and As of March 1997, more than 21 states had offered to provide SSA with What Remains to Be Done: varying access to state records to facilitate case processing, and 15 states were already providing some limited on-line access. The agency expects additional states will be phased in starting in October of 1997. However, SSA still has not committed to specifically implementing our recommendation, which calls for using on-line access for overpayment prevention, rather than using it simply as a tool to assist claims representatives with case processing. SSA agreed that on-line access could be a useful tool for reducing overpayment and agreed with our recommendations. However, SSA noted that although on-line access is easy and inexpensive in many states, this may not be true for all states. For example, they commented that some state agencies may not have automated data or the systems within agencies or between agencies in the same state may be incompatible. SSA also noted that because on-line access presumably will be more costly and difficult in some states than in others, a more thorough analysis of its costs and benefits is necessary before on-line access is used for overpayment prevention. In responding to SSA’s comments, we noted that there are states where on-line connections now access data inexpensively and easily. Thus, there is no reason why SSA cannot use the state data in those states for overpayment prevention while it examines the cost-effectiveness of on-line access in other states. Problem Area 3: Failure to GAO Report: Supplemental Security Income: Disability Program Vulnerable Adequately Address to Applicant Fraud When Middlemen Are Used (GAO/HEHS-95-116, Aug. 31, Program Vulnerability to 1995). Fraud and Abuse The number of immigrants receiving SSI disability benefits rose from 45,000 in 1983 to 267,000 in 1993. An undetermined number of these individuals Page 31 GAO/HR-97-30 High-Risk Program Supplemental Security Income obtained SSI benefits through fraudulent activity involving middlemen. SSA’s own data shows that middlemen have been involved in coaching claimants to appear mentally ill, providing dishonest translation services, and submitting false medical information provided by third party providers. For example, a Washington state middleman arrested for fraud had helped at least 240 immigrants obtain $7 million in SSI benefits by providing false information. Key Open Recommendations: We recommend that the Commissioner of Social Security develop a more aggressive, programwide strategy for improving the quality of information obtained from applicants, maintaining and sharing data collected on interpreters and middlemen among field offices, and using information that results from the work of other government agencies—local, state, and federal—to pursue cases in which fraud is suspected. Such a strategy should include developing improved ways to more effectively manage SSA’s resources to further facilitate communications with non-English speaking applicants, possibly by requiring that SSA bilingual staff or SSA contracted staff conduct the interviews and by exploring video conferencing technology (to better utilize bilingual staff in other offices). Potential Cost Savings: Our report noted that the actual number of ineligible non-English speaking applicants receiving SSI benefits was unknown and we did not quantify the extent of fraudulent activity in this area. However, we documented a significant increase in the number of immigrants receiving benefits and thousands of cases involving middlemen fraud which cost millions of program dollars. Based on a lifetime benefit calculation, we also estimated that a single ineligible recipient could receive about $51,000 in disability benefits from the SSI program and an additional $62,000 from the Medicaid and Food Stamps programs by the age of 65. Implementation Status and SSA agreed with the intent of our recommendations and stated that it is What Remains to Be Done: exploring these recommendations as it continues its efforts to minimize fraud involving middlemen. In 1996, the agency established a National and Regional Fraud Committee, whose goal is to achieve a comprehensive programwide focus on all types of fraud and develop a fraud tactical plan. SSA also established regional fraud committees that are responsible for coordinating the sharing of middlemen information maintained by local SSA offices. SSA also noted that half of its field office new hires were bilingual, a step that SSA believes will reduce fraudulent middlemen involvement. However, we have done no independent analysis of staffing allocations, local office language needs, and other issues related to SSA’s claims. SSA has also begun to implement a Civil and Monetary Penalty Page 32 GAO/HR-97-30 High-Risk Program Supplemental Security Income program, whereby penalties can be levied against applicants, middlemen and other third-party providers (eg. medical providers) involved in fraudulent activities. However, this initiative is in the very early stages and no cases have been processed under the new Civil and Monetary Penalty authority to date. GAO Report: Supplemental Security Income: Some Recipients Transfer Valuable Resources to Qualify for Benefits (GAO/HEHS-96-79, Apr. 30, 1996). The SSI program is designed to support individuals with limited resources to meet basic needs. However, current laws do not prohibit the transfer of valuable resources to qualify for SSI benefits. Restrictions against such transfers have been in place for years in the medicaid program because of the Congress’ concern that elderly individuals were transferring resources to qualify for federal medical coverage. Matter for Congressional In light of the potential for reduced program expenditures and increased Consideration: program integrity, we suggested that the Congress consider reinstating an SSI transfer-of-resources restriction. The restriction could be calculated in a way that takes into account the value of the resource transferred, so that individuals transferring more valuable resources would be ineligible for SSI benefits for longer periods of time than those who transfer less valuable resources. Potential Cost Savings: Since 1989, the number of SSI recipients reporting asset transfers has increased almost 2,000 percent. Between 1988 and 1994, about 9,300 SSI recipients reported transferring resources. We reviewed automated data maintained by SSA for 3,505 recipients reporting such transfers and determined that these recipients transferred cars, homes, land, cash, and other resources worth over $74 million. We calculated that the average cash value of transferred resources was about $21,000 per recipient. Our calculations did not include almost 6,000 transfers documented in SSA’s nonautomated case files, nor did it include recipients who failed to report resource transfers. Consequently, the total amount of resources transferred was larger than our estimates. Based on our analysis, we estimated that eliminating asset transfers could have saved the SSI program about $14.6 million between 1990 and 1995. CBO has estimated that implementing a transfer of asset restriction similar to that used in the Medicaid program would result in savings to the SSI program of more than $20 million between fiscal years 1998 and 2002. Page 33 GAO/HR-97-30 High-Risk Program Supplemental Security Income Implementation Status and SSA agreed with our findings and conclusions that reinstating a transfer of What Remains to Be Done: resource restriction would increase SSI program integrity. SSA noted that it was continuing to work with the Congress to include a provision restoring an SSI transfer-of-resource restriction in welfare reform legislation. In May of 1996, the agency proposed a draft bill to the Administration and the Congress, seeking to amend the Social Security Act and reinstitute a transfer of resource penalty for individuals who transfer resources at less than fair market value. At present, no legislative action has yet occurred on this issue. Problem Area 4: GAO Report: Social Security Disability: Alternatives Would Boost Inadequate Reviews of SSI Cost-Effectiveness of Continuing Disability Reviews (GAO/HEHS-97-2, Oct. 16, Recipients’ Disability 1996). SSA is required by law to conduct periodic examinations, called continuing disability reviews (CDR), to determine whether a recipient has medically improved to the extent that the person is no longer considered disabled, and thereby is ineligible for payments. Key Open Recommendations: We recommend that, to the extent SSA is authorized to act, the Commissioner of SSA replace the current system for scheduling of CDRs for DI and SSI recipients with a more cost-effective process that would (1) select for review beneficiaries with the greatest potential for medical improvement and subsequent benefit termination, (2) correct a weakness in SSA’s CDR process by conducting CDRs on a random sample from all other beneficiaries, and (3) help ensure program integrity by instituting contact with beneficiaries about their medical condition who are not selected for CDRs. As part of this effort, the Commissioner should develop a legislative package to obtain the authority the agency needs to enact the new process for those portions of the DI and SSI populations subject to required CDRs. Potential Cost Savings: SSA estimates that CDRs will remove 95,000 (or 5 percent) of the 1.9 million SSI recipients who are currently due or overdue for CDRs because they are no longer medically eligible for benefits. On the basis of this number, we estimate that in fiscal year 1996 alone, these recipients would have received $481 million in federal SSI benefits and about $418 million in federal and state Medicaid benefits. In addition, SSA estimates that conducting CDRs on adult SSI recipients for whom medical improvement is expected or possible results in about $3 in federal program savings for every $1 spent conducting CDRs. The Page 34 GAO/HR-97-30 High-Risk Program Supplemental Security Income cost-effectiveness of performing CDRs may be improved further by implementing GAO’s recommendations. Implementation Status and Although SSA has agreed to consider changing the required scheduling of What Remains to Be Done: CDRs and has expanded the title II profiling system used to conduct CDRs to the SSI program to improve the cost-effectiveness of SSI CDRs, it has not agreed to take any action on parts two and three of our recommendation. The agency has not complied with these parts because it believes that its ongoing strategy to improve the effectiveness of CDRs is, in general, more efficient than the steps suggested by GAO. GAO believes that while targeting CDRs is the most cost-beneficial, it is also important for ensuring program integrity that all beneficiaries have a chance to be selected for a CDR. This is particularly important given the fact that SSA has been unable to conduct all required CDRs for almost a decade and SSA estimates that the backlog will not be eliminated for another 7 years. Moreover, increased beneficiary contact is valuable to remind beneficiaries that their disability status is being monitored and that they are responsible for reporting medical improvement. Problem Area 5: GAO Reports: Insufficient Agency Emphasis on Helping SSI SSA Disability: Program Redesign Necessary to Encourage Return to Work (GAO/HEHS-96-62, Apr. 24, 1996). Recipients Enter the Workforce SSA Disability: Return-to-Work Strategies From Other Systems May Improve Federal Programs (GAO/HEHS-96-133, July 11, 1996). Social Security: Disability Programs Lag in Promoting Return to Work (GAO/HEHS-97-46, Mar. 17, 1997). SSA is responsible for encouraging SSI beneficiaries to return to work whenever possible. In fiscal year 1996 SSA reimbursed state VR agencies about $65 million for successful rehabilitations (e.g. recipients were involved in substantial gainful activity for at least 9 months following rehabilitation). However, few SSI recipients have left the rolls to return to work, partly because SSI does little to enhance recipients’ work capacities and promote economic independence. Key Open Recommendations: The commissioner of SSA should place greater priority on return to work, including a comprehensive return-to-work strategy that integrates, as Page 35 GAO/HR-97-30 High-Risk Program Supplemental Security Income appropriate, earlier intervention, earlier identification and provision of necessary return-to-work assistance for applicants and beneficiaries, and changes in the structure of cash and medical benefits (e.g., changes in the amount of earnings a recipient may have while still retaining medical benefits) to encourage more recipients to return to work. The Commissioner should also identify legislative changes needed to implement such a strategy. Potential Cost Savings: In 1996 GAO estimated that if an additional 1 percent of the 6.3 million Disability Insurance (DI) and SSI working-age beneficiaries were to leave the rolls by returning to work, lifetime cash benefits would be reduced by an estimated $2.9 billion.1 However, it is unclear the extent to which any savings would be offset by program costs. Implementation Status and SSA has taken various steps to help more DI and SSI beneficiaries return to What Remains to Be Done: work. However, these steps do not fully address GAO’s recommendation that SSA undertake a comprehensive strategy to redirect the goals and practices of the SSI and DI program so that greater emphasis is placed on return to work. SSA has not indicated whether it intends to fully implement GAO’s recommendations. It has argued that implementation would be difficult because there is a lack of rigorous studies on the cost-effectiveness of return-to-work efforts in the private sector and in other countries. Moreover, the agency contends that because it is only one player among many in the complex VR process, it does not have the ability to develop a comprehensive strategy on it own. Finally, SSA argued that under current law, disability programs do not provide for, or even allow, many of the strategies suggested in the reports. GAO’s recommendations do not specify which practices SSA should develop in its comprehensive return-to-work strategy. Rather, we have suggested that an appropriate plan should be developed by the agency, and assumed it would incorporate an assessment of the costs and benefits of the various VR practices. Moreover, GAO believes that while all pertinent players should be involved in formulating a comprehensive VR strategy, SSA is the appropriate agency to take the lead in forging a partnership on redesigning the disability programs to place a greater emphasis on return-to-work. Finally, GAO agrees that current law must be changed and 1 This body of work analyzes DI and SSI recipients together. Therefore, no separate figures for the SSI program are available. Page 36 GAO/HR-97-30 High-Risk Program Supplemental Security Income recommends that the Commissioner develop a legislative strategy describing suggested changes. GAOReport: PASS Program: SSA Work Incentive for Disabled Beneficiaries Poorly Managed (GAO/HEHS-96-51, Feb. 28, 1996). The Plan to Achieve Self Support (PASS) work incentive program was established as part of the SSI program to help disabled recipients return to employment. PASS provisions allow SSI recipients to exclude income and resources from benefit calculations that otherwise would reduce their benefits, as long as the assets are used to pay for expenses associated with reaching employment goals. However, very few recipients leave the SSI disability rolls by returning to work. Key Open Recommendations: The Commissioner of Social Security should, after seeking legislation if necessary, (1) clarify the goals of the PASS program; (2) improve field staff’s ability to determine feasibility of proposed PASSes, (3) strengthen internal controls, and (4) obtain more information on program participation and impact. Potential Cost Savings: The most substantial savings to the SSI program can be realized by recipients leaving the rolls to work. However, GAO has reported that only about 1 in every 500 DI and few SSI recipients is terminated from the rolls because he/she returns to work. While savings could be realized from increasing the effectiveness of the PASS program, it is difficult to estimate the amount of the savings because SSA does not maintain the needed data. However, in the short term, program dollars may also be saved by improving internal controls and by making it more difficult for recipients to obtain a PASS. In 1995, at the time of GAO’s study, the PASS program cost SSA about $30 million in increased benefits. Due to recent policy and procedural changes enacted by SSA, the number of PASSes granted has decreased by about one half. One SSA official stated that this could reduce the cost of the program by about $15 million. Implementation Status and SSA has begun to address the first three recommendations by developing What Remains to Be Done: and implementing a standardized PASS application, revising operating procedures, and requiring that centralized decision-makers make all decisions about PASS applications and changes to PASS plans. However, it is too early to determine whether the revised operating instructions have been properly implemented, which is critical in order to address recommendation number 3. Also, SSA is reviewing all of the application decisions the centralized decision-makers made in March 1997 for Page 37 GAO/HR-97-30 High-Risk Program Supplemental Security Income consistency and accuracy. However, SSA is not willing to share information pertaining to its findings until a finalized report is issued. SSA is in the process of addressing recommendation 4 by developing a data base that tracks: 1) decisions on initial PASS applications, 2) periodic compliance reviews of PASS plans, 3) extensions or other changes to PASS plans, and 4) suspensions and terminations of PASS plans. However, SSA does not track and, has no plans to track, what happens to recipients once their PASS has been completed or terminated. Thus, SSA cannot evaluate the impact of the PASS program on employment and benefits. SSA contends that it has not fully implemented GAO’s recommendations because it believes it does not have the legislative authority necessary to enact some of them—particularly recommendations 1 and 3—and did not share with us whether it is currently seeking such authority. In regard to areas where SSA does have legislative authority to make changes, an official stated that it does not want to make any more changes until it has gathered information on how well the program is functioning under the new operating instructions and centralized decision-makers. However, SSA has been aware of the issues raised by GAO and could have sought legislative remedies at any time, but did not begin evaluating such proposals until the report was issued. Moreover, GAO continues to believe that it is important for SSA to collect and analyze data on PASS participants that will allow them to assess the impact of this 20-year old program on employment and welfare benefits. Matter for Congressional The Congress may wish to consider whether individuals otherwise Consideration and financially ineligible for SSI because their DI benefits or other income Implementation Status: exceed the eligibility threshold should continue to gain eligibility for SSI through the PASS program. The Congress has not yet acted on this matter for consideration. Our prior work in the SSI program suggests that several longstanding Ongoing GAO Work problem areas have placed the program at considerable risk of fraud, and Issues of waste, abuse, and mismanagement. While attempts have been made by Continuing Concern SSA in the past to make the SSI program more efficient, significant issues remain unaddressed. As a result, our concerns continue about underlying SSI program vulnerabilities and the level of SSA management attention devoted to these vulnerabilities. To more precisely identify the “root causes” of longstanding SSI problems and the actions necessary to address Page 38 GAO/HR-97-30 High-Risk Program Supplemental Security Income them, we are presently conducting a broad-based review of the SSI program. This work is designed to explore program design issues, operational policy, management philosophy and agency culture, and programmatic and legislative options for achieving substantive change. It is also intended to serve as the basis for future high-risk work in the area and to highlight particular program areas where more in-depth analysis is necessary. We anticipate completing our audit work in the fall of 1997, and issuing our report findings in January 1998. In addition to the broad-based SSI study discussed above, we also have ongoing work targeted to specific aspects of the SSI program. This work includes (1) a review of how SSA can improve data sharing with, and on-line access to, other federal agencies’ data to identify and prevent overpayment, (2) a review of SSA’s processes for matching SSI/Medicaid computer data to identify SSI overpayment to nursing home residents, and (3) a review of SSA’s experience obtaining child support payment data from states to detect SSI program overpayment. Congressional Contacts With Interest in Supplemental Security Income Congressional Committees Issues GAO Report Committee/Subcommittee Supplemental Security Income: SSA Efforts -Subcommittee on Oversight, House Fall Short in Correcting Erroneous Payments Committee on Ways and Means to Prisoners (GAO/HEHS-96-152, Aug. 30, (202) 225-7601 1996). -Subcommittee on Human Resources, House Committee on Ways and Means (202) 225-1025 Debt Management: More Aggressive - Subcommittee on Oversight, House Actions Needed to Reduce Billions in Committee on Ways and Means Overpayment (GAO/HRD-91-46, July (202) 225-7601 9,1991). Supplemental Security Income: -Subcommittee on Oversight, House Administrative and Program Savings Committee on Ways and Means Possible by Directly Accessing State Data (202) 225-7601 (GAO/HEHS-96-163, Aug. 29, 1996). - Subcommittee on Human Resources, House Committee on Ways and Means (202) 225-1025 Supplemental Security Income: Disability -Senate Special Committee on Aging Program Vulnerable to Applicant Fraud (202) 224-5364 When Middlemen Are Used (GAO/ HEHS-95-116, Aug. 31, 1995). (continued) Page 39 GAO/HR-97-30 High-Risk Program Supplemental Security Income Congressional Committees GAO Report Committee/Subcommittee Supplemental Security Income: Some -Subcommittee on Oversight, House Recipients Transfer Valuable Resources to Committee on Ways and Means Qualify for Benefits (GAO/HEHS-96-79, (202) 225-7601 Apr. 30, 1996). -Subcommittee on Human Resources, House Committee on Ways and Means (202) 225-1025 Social Security Disability: Alternatives Would -Subcommittee on Social Security, House Boost Cost-Effectiveness of Continuing Committee on Ways and Means Disability Reviews (GAO/ (202) 225-9263 HEHS-97-2, Oct. 16, 1996). SSA Disability: Program Redesign -Senate Special Committee on Aging Necessary to Encourage Return to Work (202) 224-5364 (GAO/HEHS-96-62, Apr. 24, 1996). SSA Disability: Return-to-Work Strategies -Senate Special Committee on Aging From Other Systems May Improve Federal (202) 224-5364 Programs (GAO/HEHS-96-133, July 11, 1996). Social Security: Disability Programs Lag in -Senate Committee on Finance Promoting Return to Work, (202) 224-4515 (GAO/T-HEHS-97-46, Mar. 17, 1997). -House Committee on Ways and Means (202) 225-3625 PASS Program: SSA Work Incentive for -Senate Committee on Finance Disabled Beneficiaries Poorly Managed (202) 224-4515 (GAO/HEHS-96-51, Feb. 28, 1996). -House Committee on Ways and Means (202) 225-3625 Page 40 GAO/HR-97-30 High-Risk Program Supplemental Security Income Executive Agencies With Interest in Supplemental Security Income Issues Agency Contact Social Security Administration (SSA) John Callahan Acting Commissioner (410) 965-3120 John Dyer Acting Principal Deputy Commissioner (410) 965-9000 David Williams Inspector General (410) 966-8337 Office of Management and Budget (OMB) Richard Green Program Examiner (202) 395-3000 Jane Ross GAO Contact Director, Income Security Issues (202) 512-7215 Addressing the Deficit: Budgetary Implications of Selected GAO Work for Related GAO Products Fiscal Year 1998 (GAO/OCG-97-2, Mar. 14, 1997). Supplemental Security Income: SSA is Taking Steps to Review Recipients’ Disability Status (GAO/HEHS-97-17, Oct. 30, 1996). Social Security Disability: Improvements Needed to Continuing Disability Review Process (GAO/HEHS-97-1, Oct. 16, 1996). Social Security: Disability Programs Lag in Promoting Return to Work (GAO/T-HEHS-96-147, June 5, 1996). Social Security: New Functional Assessments for Children Raise Eligibility Questions (GAO/HEHS-95-66, Mar. 10, 1995). Page 41 GAO/HR-97-30 High-Risk Program Information Security In 1997, we identified information security as a new high-risk area that Overview touches virtually every major aspect of government operations. Malicious attacks on computer systems are an increasing threat to our national welfare. We rely heavily on interconnected systems to control critical functions, such as communications, financial services, transportation, and utilities. Though greater use of interconnected systems promises significant benefits in improved business and government operations, such systems are much more vulnerable to anonymous intruders, who may manipulate data to commit fraud, obtain sensitive information, or severely disrupt operations. Despite the sensitivity and criticality of federal information systems, they are not being adequately protected from unauthorized access. System interconnectivity, combined with poor security management, is resulting in serious pervasive risks for the federal government, such as potential disclosure of sensitive data and loss of assets worth billions of dollars due to fraud. In addition, increasing reliance on networked systems and electronic records has elevated concerns that critical federal operations are vulnerable to serious disruption. This is because automated systems and electronic records are fast replacing manual procedures and paper documents, which in many cases are no longer available as “backup” if automated systems fail. Further, although such disruption could be precipitated by natural disasters or accidents, there is evidence that some organizations are developing strategies and tools for conducting premeditated attacks on information systems. Many federal operations that rely on computer networks are attractive targets for individuals or organizations with malicious intentions. Examples include law enforcement, import entry processing, various financial transactions, payroll, defense operational plans, electronic benefit payments, and electronically submitted medicare claims. Since June 1993, we have issued over 30 reports describing serious information security weaknesses at major federal agencies. For example, in May 1996, we reported that tests at the Department of Defense showed that Defense systems may have experienced as many as 250,000 attacks during 1995, that about 64 percent of attacks were successful at gaining access, and that only a small percentage of these attacks were detected.1 In September 1996, we reported that, during the previous 2 years, serious 1 Information Security: Computer Attacks at Department of Defense Pose Increasing Risks (GAO/AIMD-96-84, May 22, 1996); Information Security: Computer Attacks at Department of Defense Pose Increasing Risks (GAO/T-AIMD-96-92, May 22, 1996); and Information Security: Computer Hacker Information Available on the Internet (GAO/T-AIMD-96-108, June 5, 1996). Page 42 GAO/HR-97-30 High-Risk Program Information Security information security control weaknesses had been reported for 10 of the 15 largest federal agencies.2 For half of these agencies, the weaknesses had been reported repeatedly for 5 years or longer. Several of our most disturbing reports on information security are for limited official use and, therefore, cannot be discussed here because of the risk that unscrupulous individuals may attempt to exploit reported weaknesses. Many of the federal information security weaknesses and causal factors reported over the last few years were identified as a direct result of the annual financial statement audits initiated under the Chief Financial Officers Act of 1990. Although these audits pertain primarily to financial management systems, they generally include a review of computer-based controls that affect a significant portion of an agency’s broader operations. Because virtually every aspect of federal operations relies on automated Level of Resources at systems, the risks, as described above, are enormous. There is no Risk summary information available on actual federal dollars lost, and damage due to unauthorized disclosure of sensitive information, such as browsing of taxpayer records, cannot be readily quantified. However, an attack on Rome Laboratory, the Air Force’s premier command and control research facility, illustrates the risks. In the Rome incident, two hackers took control of laboratory support systems for several days, established links to foreign Internet sites, and stole tactical and artificial intelligence research data. By masquerading as a trusted user at Rome Laboratory, they were also able to successfully attack systems at other government facilities, including the National Aeronautics and Space Administration’s Goddard Space Flight Center, Wright-Patterson Air Force Base, some defense contractors, and other private sector organizations. Because the Air Force did not know it was attacked for at least 3 days, vast damage to Rome Laboratory systems and the information in those system could have occurred. To its credit, the Air Force working with international authorities eventually caught the hackers, but was never able to conclusively determine what was done with the copied data. The Air Force Information Warfare Center estimated that the attacks cost the government over $500,000 at the Rome Laboratory alone. Their 2 Information Security: Opportunities for Improved OMB Oversight of Agency Practices (GAO/AIMD-96-110, Sept. 24, 1996). Page 43 GAO/HR-97-30 High-Risk Program Information Security estimate included the time spent taking systems off the networks, verifying systems integrity, installing security patches, and restoring service, and costs incurred by the Air Force’s Office of Special Investigations and Information Warfare Center. It also included estimates for time and money lost due to the Laboratory’s research staff not being able to use their computer systems. Our reports contain dozens of recommendations to individual agencies for Key Open GAO improvement. Agencies have acted on many of these recommendations. Recommendations However, several underlying factors need to be addressed to help ensure and Implementation that federal agencies adequately protect their systems and data on a continuing basis. These factors include: Status • insufficient awareness and understanding of information security risks among senior agency officials, • poorly designed and implemented security programs that do not adequately monitor controls or proactively address risk, • a shortage of personnel with the technical expertise needed to manage controls in today’s sophisticated information technology environment, and • limited oversight of agency practices at a governmentwide level. In light of the increasing importance of information security and the pattern of widespread problems that has emerged, stronger central leadership is needed. Our previously cited September 1996 report3 concluded that the Office of Management and Budget (OMB) needs to play a more proactive role in promoting awareness and in monitoring agency practices—a role that was recently reemphasized in the Paperwork Reduction Act and Clinger-Cohen Act. In particular, we recommended that OMB engage assistance from private contractors and others with appropriate expertise to assist in monitoring agency information security programs. Also, as chair of the Chief Information Officers Council, OMB should encourage council members to adopt information security as one of their top priorities and develop a strategic plan for addressing the root causes of agency security problems. Such a plan could include • developing information on existing and emerging information security risks, • establishing a program for reviewing the adequacy of individual agency security programs using interagency teams of reviewers, and 3 GAO/AIMD-96-110, Sept. 24, 1996. Page 44 GAO/HR-97-30 High-Risk Program Information Security • developing or identifying training and certification programs that could be shared among agencies. As of May 1997, OMB had taken some steps to raise the awareness of its program examiners regarding information security, primarily by holding a training session in September 1996 that is planned to be repeated annually. However, little had been done by the CIO Council. The Council has included information security in its plans as one of the issues it will address. Specifically, the Council was briefed on the Government Information Technology Services (GITS) Board’s security and privacy initiatives at the Council’s March 17, 1997, meeting. Further, the Council’s Education and Training Working Group has recommended in its action plan that IT security be included as a continuing element of IT training. In the Council’s first 6-month progress report for September 1996 through February 1997, information security received only minor mention as part of other efforts and as a long-term effort to better understand security threats. At this time, it is unclear as to what specific actions will actually be implemented over the next year. Specific recommendations and actions taken to date are listed in the following table. (Due to its sensitive nature, additional information is being provided separately for limited official use only.) Page 45 GAO/HR-97-30 High-Risk Program Information Security Key Recommendations by GAO Regarding Information Security GAO Report Key Recommendation IRS Systems Security: Tax Processing The Commissioner should prepare a plan for (1) correcting all the weaknesses identified Operations and Data Still at Risk Due to at the 5 visited, as detailed in this report, and (2) identifying and correcting security Serious Weaknesses (GAO/AIMD-97-49, weaknesses at the other IRS facilities. The Commissioner should (1) provide this plan to Apr. 8, 1997). congressional appropriation, authorization, and oversight committees and subcommittees, (2) report IRS’ progress on the plan in its fiscal year 1999 budget submission, and (3) identify the weaknesses discussed in this report as being material in IRS’ 1996 FMFIA report and subsequent reports until they are corrected. Also, the Commissioner should strengthen computer security management by directing the Deputy Commissioner to (1) reevaluate IRS’ current approach to computer security and (2) report the results to the above cited congressional committees and subcommittees by June 1997. Last, the Commissioner should ensure that IRS completely and consistently monitors, records, and reports the full extent of electronic browsing for all systems that can be used to access taxpayer data. We recommend that the Commissioner report disciplinary actions taken and that these statistics along with an assessment of its progress in eliminating browsing, be included in IRS’ annual budget submission. Information Security: Opportunities for As chair of the CIO Council, OMB should encourage council members to adopt as one of Improved OMB Oversight of Agency their top priorities and develop a strategic plan for addressing the root causes of agency Practices (GAO/AIMD-96-110, Sept. 24, security problems. 1996). OMB should encourage the development of improved sources of information with which to monitor compliance with OMB guidance and the effectiveness of agency information security programs. OMB should (1) supplement reviews of audit reports to include reviewing audits conducted under the Chief Financial Officers Act to identify findings related to information security; and (2) use this information, in conjunction with reports on agency self assessments, to assist in proactively monitoring the scope of such reviews and the effectiveness of agency information security practices. OMB should implement a program for increasing program examiners’ understanding of information security management issues so that they can readily identify and understand the implications of information security weaknesses related to agency programs. Information Security: Computer Attacks at The Secretary of Defense should strengthen the Department’s information security Department of Defense Pose Increasing related policies, training, network monitoring techniques, incident response capabilities. Risks (GAO/AIMD-96-84, May 22, 1996). Page 46 GAO/HR-97-30 High-Risk Program Information Security Status Agency Response GAO’s Position Some action In commenting on a draft of our report, IRS agreed with We are in the process of following up with IRS to taken facilities our conclusions and recommendations and working to determine the extent of corrective action taken. stated we implement them. For example, IRS stated that it created that it is Consequently, it is too early to comment on an Office of Systems Standards and Evaluation to whether IRS is complying with our recommendations. establish and enforce standards and policies for all major security programs, including physical security, data security, and systems security. However, IRS did not commit to implement all recommendations by the time frames specified. In addition, IRS’ response did not clearly indicate that security weaknesses would be corrected systematically and consistently across all facilities. Some action The CIO Council has included information security in its At this time, it is unclear as to what specific actions will taken plans as one of the address. Further, the Council’s actually be issues it will implemented by the CIO Council information Education and Training Working Group has over the next year. security recommended in its action plan that IT security be included as a continuing element of IT training. In the Council’s first 6-month progress report for 9/96 through OMB has taken some steps to improve its oversight of 2/97, information security received only minor mention as individual agency practices, but it remains to be seen part of other efforts and as a long-term effort to better how well this will be implemented in agency program understand threats. examinations. In a December 1996 letter to congressional oversight committees, OMB said that it is implementing GAO’s recommendations. In September 1996, OMB held what it said was its first annual training session on information security for OMB program examiners. At that session, OMB alerted program examiners to the security-related information that may be found in CFO reports. Also, OMB said it will again point out this information when it distributes CFO Act reports to program examiners. Some action DOD says that it is moving aggressively to address its DOD has taken important first steps, including taken program security weaknesses, but that it will establishing an information security take time. goal in its by improving IRM Strategic Plan. Also, top civilian and military management have acknowledged a departmentwide risk management approach to address vulnerabilities. However, DOD has not fully responded to any of the recommendations. Page 47 GAO/HR-97-30 High-Risk Program Information Security Inadequate information security is primarily a management problem. Why Ensuring adequate security requires ongoing attention to monitor risks Recommendations and the effectiveness of mitigating controls. We have found that many Have Not Been federal managers either are not fully aware of these risks or have not given information security the level of attention needed to ensure its Implemented and effectiveness. What Remains to Be Also, as with any type of control activity, information security costs money Done and, in some cases, may seem to diminish efficiency. As a result, in an environment of severe resource constraints, it is especially important for managers to ensure that information security receives sufficient attention and resources. The challenge for the Congress and for federal managers is to view the management of information security risks as an integral element of program management. This means (1) considering the security implications whenever computer and telecommunications technology is being used to support program operations, (2) weighing the potential costs and benefits, (3) determining what level of risk is acceptable in light of the expected benefits, and (4) providing adequate resources to monitor controls and keep risks at an acceptable level. Congressional and Administration Contacts With Interest in Information Committee or Office Key Staff Security Issues Senate Committee on Governmental Affairs Ellen Brown, Majority (202) 224-4751 David Plocher, Minority (202) 224-9682 Brian Dettelbach, Minority (202) 224-7948 House Committee on Science, Richard Russell, Majority Subcommittee on Technology (202) 225-8844 Donna Farmer, Majority (202) 225-8844 Office of Management and Budget, Office of Bruce McConnell, Chief, Information Policy Information and Regulatory Affairs and Technology Branch (202) 395-3785 Ed Springer, Policy Analyst (202) 395-3562 The following assignments are underway: Ongoing Audit Work Page 48 GAO/HR-97-30 High-Risk Program Information Security • GAO is reviewing successful information security management practices at leading private sector and state organizations in order to identify practices that could be used by federal agencies. This assignment was requested by Chairman Thompson and Senator Glenn, RMM, of the Senate Committee on Governmental Affairs. The assignment is expected to be completed in early 1998. • GAO is reviewing the Federal Aviation Administration’s (FAA) air traffic control (ATC) computer security practices to determine whether FAA is effectively managing computer security for its operational systems and for future ATC modernization systems. Staff members from the Senate Committee on Governmental Affairs and the House Committee on Science, Subcommittee on Technology have expressed interest in this assignment which is expected to be completed in early 1998. • GAO is reviewing the State Department’s computer security program, with emphasis on the department’s vulnerability to unauthorized access to its information resources. The assignment is expected to be completed in late 1997. • GAO is reviewing the Social Security Administration’s use of the Internet to disseminate information on personal earnings and benefits to individuals. This assignment was requested by Chairman Bunning and Representative Kennelly, RMM, of the House Ways and Means Subcommittee on Social Security. • GAO will shortly begin a follow up review of IRS’ progress in correcting previously reported information security weaknesses. • GAO and agency IGs are both reviewing information security controls in conjunction with federal financial statement audits, which are being performed pursuant to the Chief Financial Officers Act of 1990. To prepare for the first governmentwide audit, GAO is reviewing the IGs’ assessments of controls at the 24 CFO agencies. At selected Department of Treasury agencies, GAO is actually performing the review of computer-based controls. At a few other agencies, GAO is working jointly with the IG staff on this segment of the audit. To support these efforts, GAO has developed a methodology for evaluating computer-based controls and is providing technical advice and training to the IG community. Jack Brock Key GAO Contacts Director, Information Resources Management (202) 512-6240 Page 49 GAO/HR-97-30 High-Risk Program Information Security Bob Dacey Director, Consolidated Audit and Computer Security Issues, (202) 512-3317 Dr. Rona Stillman Chief Scientist for Computers and Telecommunications (202) 512-6412 Keith Rhodes Technical Director, Office of the Chief Scientist for Computers and Telecommunications (202) 512-6288 Jean Boltz Assistant Director, Information Resources Management (202) 512-5247 Social Security Administration: Internet Access to Personal Earnings and Related GAO Products Benefits Information (GAO/T-AIMD/HEHS-97-123, May 6, 1997). IRS Systems Security: Tax Processing Operations and Data Still at Risk Due to Serious Weaknesses (GAO/AIMD-97-49, Apr. 8, 1997). Information Security: Opportunities for Improved OMB Oversight of Agency Practices (GAO/AIMD-96-110, Sept. 24, 1996). Financial Audit: Examination of IRS’ Fiscal Year 1995 Financial Statements (GAO/ AIMD-96-101, July 11, 1996). Information Security: Computer Attacks at Department of Defense Pose Increasing Risks (GAO/AIMD-96-84, May 22, 1996). Information Security: Computer Attacks at Department of Defense Pose Increasing Risks (GAO/T-AIMD-96-92, May 22, 1996). Financial Audit: Federal Family Education Loan Program’s Financial Statements for Fiscal Years 1994 and 1993 (GAO/AIMD-96-22, Feb. 26, 1996). Department of Energy: Procedures Lacking To Protect Computerized Data (GAO/AIMD-95-118, June 5, 1995). Page 50 GAO/HR-97-30 High-Risk Program Information Security Information Superhighway: An Overview of Technology Challenges (GAO/AIMD-95-23, Jan. 23, 1995). Financial Audit: Examination of Customs’ Fiscal Year 1993 Financial Statements (GAO/AIMD-94-119, June 15, 1994). HUD Information Resources: Strategic Focus and Improved Management Controls Needed (GAO/AIMD-94-34, Apr. 14, 1994). IRS Information Systems: Weaknesses Increase Risk of Fraud and Impair Reliability of Management Information (GAO/AIMD-93-34, Sept. 22, 1993). Page 51 GAO/HR-97-30 High-Risk Program Department of Energy’s Contract Management The Department of Energy’s (DOE) contracting practices and problems Overview stem from the time of the Manhattan Project’s development of the atomic bomb during World War II. This undertaking involved special contracting arrangements, such as least interference in the contractor’s work and indemnification of a contractor’s liability. Decades later, DOE continued to enter into contracts in which competition was the exception, reimbursement of virtually any cost to the contractor was the practice, and lax oversight of contractors was the norm. In 1990, we designated DOE contracting as a high-risk area vulnerable to waste, fraud, abuse, and mismanagement. This designation was precipitated by DOE’s history of weak oversight of contractors coupled with heavy reliance on contractors to fulfill DOE’s missions. We subsequently issued a series of reports and testimonies, identifying some of the costly effects of DOE’s practices. These products have contributed to the Congress’s budget deliberations and provided an impetus for DOE to reform its contracting. Although the past Secretaries of Energy have instituted various remedies and have moved in the direction of improved contracting, changing the way DOE does business has not come easily or quickly. DOE generally fulfills its multiple missions with contractors who manage Level of Resources at and operate its federally owned facilities. In fiscal year 1996, DOE Risk contracted out about 92 percent of its $17.8 billion in obligations (or about $16.4 billion) to, among other things, maintain its weapons complex, fund its national laboratories, and clean up its legacy of environmental contamination. At risk are not only these funds but more importantly, the DOE missions being financed by them. For example, from 1980 through 1996, DOE conducted 80 projects (costing or projected to cost about $64 billion) that it designated as major systems acquisitions—projects that are critical to DOE’s mission and cost over $100 million. Thirty-one of these were terminated prior to completion after spending over $10 billion, 15 were completed and most were finished behind schedule and with cost overruns, and 34 are ongoing and also suffer from cost overruns and schedule delays. Page 52 GAO/HR-97-30 High-Risk Program Department of Energy’s Contract Management Reforming contracts has been an elusive and longstanding DOE goal. In Key Open GAO April 1992, we reported that the Secretary’s recognition of contract Recommendations management weaknesses, commitment to strengthening contract controls, and Implementation and actions to address some contracting weaknesses were important first steps for reform.1 However, we concluded that the weaknesses would not Status be corrected in the near future because the corrective actions would take several years to implement. After reviewing the agency’s contracting practices, the Secretary’s Contract Reform Team issued, in February 1994, its report entitled Making Contracting Work Better and Cost Less. The Team focused its efforts on management and operating contracts and identified numerous problems that needed correcting. The 48 recommendations (47 in the report and one directed by the Secretary) for specific actions sought to make sweeping changes in DOE’s policies and practices, often completely contrary to the way DOE has done business. DOE’s reforms are, in part, the result of GAO’s previous criticisms, observations, and recommendations regarding DOE’s contracting practices. More recently we have provided critiques to DOE during the development of its reforms. While current reforms are unprecedented in scope and provide a comprehensive plan, the real test of DOE’s success will occur as DOE implements, monitors, corrects where needed, and standardizes best practices for a totally new way of doing business. This effort will require time as the current contracts are either competitively awarded or noncompetitively renewed with reform provisions incorporated into the contracts. DOE is making headway in developing policies, procedures, and guidelines Implementation Has in response to the Contract Reform Team’s recommendations. Along with Begun but More the recommendations, the Contract Reform Team assigned to a specific Remains to Be Done DOE office the responsibility for completing each action and established deadlines for them. As of August 1996, DOE reported completing 47 of the 48 recommended actions; the last one is nearing completion. Specifically, DOE has • published a policy adopting a standard of full and open competition, • developed guidance for contract performance criteria and measures, • created incentive mechanisms for contractors, and 1 Energy Management: Vulnerability of DOE’s Contracting to Waste, Fraud, Abuse, and Mismanagement (GAO/RCED-92-101, Apr. 10, 1992). Page 53 GAO/HR-97-30 High-Risk Program Department of Energy’s Contract Management • developed training in performance-based contracting for DOE personnel. Possibly DOE’s most important reform initiative—to open its management and operating contracts to competition—has become policy. DOE’s new policy adopts a standard of full and open competition and directs that DOE competitively award its contracts to the fullest extent possible. Also, the Contract Reform Team’s report recommended that the terms of the contract be negotiated before extending existing contracts. The recommendation is intended to improve DOE’s bargaining position with respect to contract costs and deliverables and encourage new contractors to bid on DOE’s contracts. However, DOE has awarded most of its recent contracts noncompetitively. Of the 24 decisions made from July 5, 1994, to the end of August 1996, DOE decided to extend 16 contracts on a noncompetitive basis and to competitively award the other eight.2 DOE had long-term relationships with many of the contractors whose contracts it decided not to compete. The average age of the 16 contracts was about 35 years, and 12 of them had never been competitively awarded. Also, although contrary to a recommendation by the Contract Reform Team, DOE may have weakened its bargaining position when it conditionally decided to extend the contracts for three of its laboratories prior to their negotiation with the contractor. As a result, DOE placed itself in the same weak negotiating position it has maintained for years. DOE officials maintain that they are improving existing contracts without the benefit of competition. However, DOE is still negotiating in a noncompetitive environment and will not gain the full benefits of competition. In December 1996 we reported on the status of DOE contract reform Other Information efforts to the Subcommittee on Energy and Power, House Committee on Commerce.3 While many committees have been following DOE’s contract reform efforts, we have had continued contact with other House committees, include the Subcommittee on Energy and Water 2 According to DOE’s Procurement and Assistance Data System, DOE had 42 active management and operating contracts as of July 1, 1996. 3 Department of Energy: Contract Reform Is Progressing, But Full Implementation Will Take Years (GAO/RCED-97-18, Dec. 10, 1996). Page 54 GAO/HR-97-30 High-Risk Program Department of Energy’s Contract Management Development, Committee on Appropriations; and the Energy and Environment Subcommittee, Committee on Science. The Department’s Inspector General is also evaluating DOE’s contract reform efforts. Their recent report entitled, Inspection of the Performance Based Incentive Program at the Richland Operations Office (DOE/IG-0401, Mar. 10, 1997), is very critical of the incentives that DOE paid under this contract. We are currently reviewing one of DOE’s efforts under contract reform. Ongoing Audit Work Under this effort, DOE has signed a fixed-price contract for environmental cleanup at its Idaho facility. DOE’s goal is to reduce cleanup costs and shift the risk of nonperformance from DOE to the contractor. The House Commerce Committee has requested that we provide information on the history and current status of the project. While this is our only ongoing work, the House Science Committee and National Security Committee have express interest in our doing additional work on DOE contract reform efforts. Vic Rezendes Key GAO Contact Director, Energy, Resources, and Sciences Issues (202) 512-3841 Department of Energy: Management and Oversight of Cleanup Activities at Related GAO Products Fernald (GAO/RCED-97-63, Mar. 14, 1997). Department of Energy: Contract Reform Is Progressing, But Full Implementation Will Take Years (GAO/RCED-97-18, Dec. 10, 1996). Department of Energy: DOE Has Had Limited Success With Major System Acquisitions (GAO/RCED-97-17, Nov. 26, 1996). Hanford Waste Privatization (GAO/RCED-96-213R, Aug. 2, 1996). Environmental Protection: Issues Facing the Energy and Defense Environmental Management Programs (GAO/T-RCED/NSIAD-96-127, Mar. 21, 1996). Page 55 GAO/HR-97-30 High-Risk Program Department of Energy’s Contract Management Federal Research: Information on Fees for Selected Federally Funded Research and Development Centers (GAO/RCED-96-31FS, Dec. 8, 1995). Nuclear Facility Cleanup: Centralized Contracting of Laboratory Analysis Would Produce Budgetary Savings (GAO/RCED-95-118, May 8, 1995). DOE Management: Contract Provisions Do Not Protect DOE From Unnecessary Pension Costs (GAO/RCED-94-201, Aug. 26, 1994). Energy Management: Modest Reforms Made in University of California Contracts, but Fees Are Substantially Higher (GAO/RCED-94-202, Aug. 25, 1994). High-Risk Series: Department of Energy Contract Management (GAO/HR-93-9, Dec. 1992). Energy Management: Vulnerability of DOE’s Contracting to Waste, Fraud, Abuse, and Mismanagement (GAO/RCED-92-244, Apr. 14, 1992). Page 56 GAO/HR-97-30 High-Risk Program Student Financial Aid The former Guaranteed Student Loan Program (now called the Federal Overview Family Education Loan Program or FFELP) was included in GAO’s original list of high-risk programs in 1990. At that time, student loan defaults were rising rapidly posing significant losses to the government—in 1991 the Department of Education paid out $3.6 billion to make good its guarantee on defaulted student loans. In 1995, we revised this designation to include all federal student financial aid distributed under title IV of the Higher Education Act of 1965, as amended. GAO did so because of abuses and instances of fraud we identified in the Pell grant program and because all of the Title IV programs share the same vulnerabilities to losses due to fraud, waste, abuse, and mismanagement. At the core of the Department’s financial accountability difficulties are persistent problems with the individual student aid programs’ processes, structure, and management. These problems include (1) overly complex processes, (2) inadequate financial risk to lenders or state guaranty agencies for defaulted loans, and (3) management shortcomings. Although the Department can mitigate some of these circumstances through more effective oversight and management, many of the initiatives it took and which we discussed in our reports have not been fully implemented. Progress towards their full implementation has been mixed. Our work has shown that student aid programs have many participants and involve complicated, cumbersome processes. Three principal participants—students, schools, and the Department of Education—are involved in all the financial aid programs; two additional participants—lenders and guaranty agencies—also have roles in FFELP. In general, each student aid program has its own processes, which include procedures for student applications, school verifications of eligibility, and lenders or other servicing organizations that collect payments. Further, the introduction of the Ford Direct Loan Program (FDLP)—in which students borrow directly from the Department through their school—has added a new dimension of complexity. Rather than replacing FFELP as initially planned, FDLP now operates along side it. Essentially, this means that the Department has two programs to manage that are similar in purpose but that operate differently. The structure of the student aid programs makes protecting the financial interests of the government difficult for the Department for two reasons. First, because HEA placed nearly all the financial risk for defaults on the federal government, it continues to bear a major portion of the risk for loan losses. And, although the 1992 and 1993 amendments to HEA Page 57 GAO/HR-97-30 High-Risk Program Student Financial Aid established slightly more risk sharing, the current structure still makes protecting the taxpayers’ financial interests difficult. Protecting the financial interests of the government is also difficult because the loan programs now serve more students from low-income families and those attending proprietary schools than in the past. As the number of these higher-risk borrowers has increased, so has the number of defaults. Both of these conditions enhance access for low-income students, yet a tension exists because they jeopardize financial accountability. Management shortcomings also continue as a major problem and contribute to the Department’s financial accountability difficulties. In the past, congressional hearings and investigations, the Department’s Office of Inspector General (OIG) reports, our reports, and other studies and evaluations have shown that the Department (1) did not adequately oversee schools that participated in the programs, (2) managed each title IV program through a separate administrative structure, with poor or little communication among programs, (3) used inadequate management information systems that contained unreliable data, and (4) did not have sufficient and reliable student loan data to determine the Department’s liability for outstanding loan guarantees. In some areas, such as gatekeeping,1 the Department has improved some of its practices. In others, many of the shortcomings we identified in the past remain. For example, Department initiatives to improve information resources management have not been fully successful in producing needed improvements in data quality and systems integration. This situation also effects the programs’ internal controls. For example: • Poor quality and unreliable FFELP student loan data remain in the Department’s systems. As a result, the Department is unable to obtain from its systems complete, accurate and reliable FFELP data necessary to report on its financial position. • Inaccurate loan data are being loaded in the National Student Loan Data System. This system is the Department’s principal student financial aid database intended to help resolve data quality problems. About $38 billion of federal student financial aid was available to Level of Resources at postsecondary students in fiscal year 1996. This is a major part of all aid Risk that students received. Generally, in awarding such aid, the government relies on third parties (schools, lenders, and state guaranty agencies) to 1 Gatekeeping generally refers to the Department’s procedures for determining which schools may participate—and whether they should continue participating—in federal student aid programs. Page 58 GAO/HR-97-30 High-Risk Program Student Financial Aid determine student eligibility and aid levels, and make payments. In addition, the government is exposed to billions in potential losses on its approximately $122 billion in outstanding government backed student loans, if they are not properly managed. These include outstanding contingent liabilities the government assumed by guaranteeing federally-sponsored student (FFELP) loans that totalled about $92 billion at the end of fiscal year 1996. The government paid out about $2.8 billion in claims for defaulted student loans in fiscal year 1996. Also, the Department had about $30 billion in outstanding direct (FDLP) loans and defaulted guaranteed student loans at the end of fiscal year 1996. The Department has generally been responsive to addressing problems in Progress in its student aid programs. In July 1996, we reported the Department had Addressing Problems completed actions or had actions in progress or planned to address 186 (91 percent) of 205 recommendations made over a 4-year period—most by OIG and us—to improve its management of federal student financial aid.2 These actions have the potential to further remedy many of the underlying problems with the program. The Department has also begun planning a major reengineering effort to resolve these types of problems over the next several years. This effort, known as Easy Access for Students and Institutions, or “Project EASI,” is envisioned as a student-based, integrated data system through which all management and control functions will be conducted. We have made numerous recommendations related to these four areas as Key Open GAO a result of our reviews of the operations of the student aid programs. Recommendations Several of the more significant recommendations have yet to be fully and Implementation addressed by the Department. The table below lists these recommendations, the current status of the Department’s actions to Status address them, and our position on whether or not the Department’s response is addressing the problem that led to our recommendation. 2 Department of Education: Status of Actions to Improve the Management of Student Financial Aid (GAO/HEHS-96-143, July 12, 1996). Page 59 GAO/HR-97-30 High-Risk Program Student Financial Aid GAO Report Key Recommendation Student Financial Aid: Data Not Fully Utilized to Identify The Secretary of Education should take actions to improve the accuracy Inappropriately Awarded Loans and Grants and completeness of student financial continuing to screen data entered (GAO/HEHS-95-89, July 11, 1995). into the National Student Loan Data System (NSLDS) to ensure that they are in a consistent format, and testing the accuracy and validity of data in NSLDS. Further, the Secretary should analyze student aid data more closely to identify patterns of noncompliance with federal requirements, such as following up on students identified as ineligible in the data matches, and take appropriate corrective actions. Financial Audit: Guaranteed Student Loan Program’s The Secretary of Education should direct the Assistant Secretary for Internal Controls and Structure Need Improvement Postsecondary Education to require agencies and lenders annually (GAO/AFMD-93-20, Mar. 16, 1993). provide Education an independent public accountant’s positive attestation on the claims for payment submitted to the federal government, and the basis for such attestation, including an opinion on the adequacy of internal controls over such claims. The Secretary of Education should direct the Assistant Secretary for Postsecondary Education to establish and maintain subsidiary ledgers for GSLP. Financial Management: Education’s Student Loan Program The Secretary of Education should direct the Assistant Secretary of Controls Over Lenders Need Improvement Postsecondary Education and the Officer to coordinate efforts to develop (GAO/AIMD-93-33, Sept. 9, 1993). a comprehensive strategy for determining the accuracy of information reported on lenders’ quarterly billings which would include developing objective criteria for selecting and reviewing lenders participating in FFELP. Page 60 GAO/HR-97-30 High-Risk Program Student Financial Aid Education’s Response GAO’s Position The Department of Education formed an NSLDS project team tasked with While the Department’s actions so far may be able to reviewing alleged defaulters receiving subsequent aid data, such as screen out obvious errors and inconsistencies, we loans. summer of 1996, for the 1995-96 school year, the team identified 100,376 As of the believe that the Department needs to continue student aid applicants who should not have received federal student loans. working towards permanently resolving the need for The system showed that these applicants had previously defaulted on a accurate and valid data in the NSLDS. loan. The Department is working with a contractor to identify and verify critical data items in NSLDS. It has established a NSLDS Data Quality Action Team which has developed plans to resolve data quality issues discussed in GAO’s report. Edit checks established in NSLDS have led to reduced data errors. In December 1996, the Department’s OIG issued its revised Audit Guide for We believe that the Department is taking appropriate lenders and lender servicers requiring that guaranty accountant to perform action to address this recommendation. The progress and an examination-level attestation relative to lenders’ and lender servicers’ an independent public effectiveness of these actions will management assertions regarding interest billing statements to the be monitored during our reviews of the Department’s Department. Reports and opinions regarding interest billing testing are to fiscal years 1996 and 1997 financial statement audits. be in compliance with reporting requirements under the Single Audit Act. In July 1996, the OIG issued updated guidance in the form of a revised interim Compliance Supplement for use by auditors of guaranty agencies in fiscal year 1996 single audits. Reporting requirements are those covered under the Single Audit Act. OMB sent out the Compliance Supplement for comment in March 1997. The Department issued a task order to the FFELP contractor to develop We believe that the Department is taking appropriate auditable subsidiary ledgers. However, the technical and business action to address this recommendation. The progress and proposals were unacceptable to the Department. Instead, it will be effectiveness of these actions will be monitored during adapting a commercial off-the-shelf software package to implement our reviews of the Department’s fiscal years 1996 and permanent FFELP subledgers. OPE is awaiting official acceptance of the 1997 financial statement audits. system by the Office of the Chief Financial Officer before proceeding further. Education anticipates completing this effort in December 1997. In December 1996, the Department’s OIG issued its revised Audit Guide for We believe that the Department is taking appropriate lenders and lender servicers requiring Chief Financial accountant to action to address this recommendation. We will be perform an examination-level attestation relative to lenders’ and lender monitoring an independent public the progress during our servicers’ management assertions regarding interest billing statements to reviews of the Department’s fiscal years 1996 and 1997 the Department. Reports and opinions regarding interest billing testing are financial statement audits. to be in compliance with reporting requirements under the Single Audit Act. The Department developed reasonability edits in the FFELP subsystems to compare billing data reported on Form 799, Lender’s Interest and Special Allowance Request and Report and data submitted to the NSLDS. Once the edits and level of reasonableness are finalized, the Department will analyze the variances and forward the results to the Guarantee Agency and Lender Oversight Service (GLOS) for follow up. The Department will also analyze the variances for about two years and possibly redesign Form 799. It anticipates completion in December 1998. (continued) Page 61 GAO/HR-97-30 High-Risk Program Student Financial Aid GAO Report Key Recommendation The Secretary of Education should direct the Assistant Secretary of Postsecondary Education and the Chief Financial Officer to coordinate efforts to develop a comprehensive strategy for determining the accuracy of information reported on lenders’ quarterly billings which would include annually performing mandatory review procedures at selected lenders which, at a minimum, would include reviewing results of annual compliance audits—required by the Higher Education Amendments of 1992—and other audits of lenders and following up on identified weaknesses to determine if appropriate corrective actions have been taken. The Secretary of Education should direct the Assistant Secretary of Postsecondary Education and the Chief Financial Officer to coordinate efforts to monitor and follow up with lenders whose quarterly billings fail to meet Education’s internal automated edit checks and reasonability tests. Page 62 GAO/HR-97-30 High-Risk Program Student Financial Aid Education’s Response GAO’s Position In December 1996, the Department’s OIG issued its revised Audit Guide for We believe that the Department is taking appropriate lenders and lender servicers that requires that the lender’s auditors action to address this recommendation. We will be specifically audit and report on the integrity of billings to the Department. In monitoring the effectiveness of the tracking system during addition, a tracking system was developed to monitor receipt of lender our reviews of the Department’s fiscal years 1996 and audit reports and provide a database of findings cited in the report. Those 1997 financial statement audits. entities with identified weaknesses are flagged and receive appropriate follow-up action. The Department developed reasonability edits in the FFELP subsystems to We believe that the Department is taking appropriate compare billing data reported on Form 799, Lender’s Interest and Special action to address this recommendation. We will be Allowance Request and Report and data submitted to NSLDS. Once the monitoring the progress of these actions during our edits and level of reasonableness are finalized, the Department will analyze reviews of the Department’s fiscal years 1996 and 1997 the variances and forward the results to GLOS for follow up. The financial statement audits. Department will also analyze the variances for about two years and possibly redesign Form 799. It anticipates completion in December 1998. In addition to addressing our specific recommendations, the Department What Remains to Be must also continue to take comprehensive action to address the four Done management issues we described above. These actions include: • Continuing its ongoing efforts to improve gatekeeping. Among the more significant actions underway that the Department needs to sustain is full implementation of the Institutional Participation and Oversight Service (IPOS) Challenge. Under this initiative, the Department plans to (1) use a computer model to identify schools for review based on their risk of noncompliance, and (2) have review teams decide on the basis of a school’s overall compliance record how to structure school reviews and which compliance and penalty actions to recommend in cases of violations. • Ensuring that both FFELP and FDLP are managed with the resources needed to minimize program abuse and that regulatory and other corrective actions are followed to address potential program administration problems we identified. These include ensuring that schools allowed to participate in FDLP have resolved problems that place them at risk of losing eligibility to participate in other title IV programs, and that defaults on income contingent loans are correctly included in calculating cohort default rates for these schools. • Integrating its information systems and ensuring the accuracy and validity of National Student Loan Data System (NSLDS) data and data in other systems to better identify possible program misuse by students, schools, and other program participants. The Department currently does not have, and needs to develop, an integrated, fully functional, title IV-wide recipient Page 63 GAO/HR-97-30 High-Risk Program Student Financial Aid database. Such a system would show the total amount of aid students have received through the Department. This is necessary to improve program monitoring, data quality and accuracy, ensuring that students are not receiving more aid than they are eligible for, and improving data systems’ efficiency and cost. Accurate and valid data are required to effectively manage and oversee compliance with program requirements. For example, the current system cannot always identify where a student is enrolled, even after an award is made and thousands of dollars in student aid are disbursed. • Continuing its efforts to improve financial management, including improving the accuracy, quality, and reliability of the Department’s student loan data. Such steps are essential to producing auditable financial statements for the Department of Education pursuant to the Chief Financial Officers Act of 1990, as amended. The Department’s auditors expressed a disclaimer of opinion on its fiscal year 1995 financial statements due primarily to scope limitations resulting from unreliable student loan data. The lack of complete and reliable FFELP student loan data prevented the auditors from assessing whether the Department’s liability estimate for guaranteed loan defaults about $13 billion was accurate, or was materially over or under stated. The fiscal year 1996 financial audit is ongoing, and the auditor expects to issue its opinion this summer. The Chief Financial Officer and the 10 largest guaranty agencies are compiling data elements from the guaranty agencies’ databases, such as default and collection rates, to be input into the Department’s liability model. In addition, the guaranty agencies’ auditors are to perform agreed-upon procedures to ensure that data from which data elements were developed is reliable. However, it is too early to tell whether this data will provide a reliable basis for estimating the liability. Page 64 GAO/HR-97-30 High-Risk Program Student Financial Aid Congressional Contacts With Interest in Student Financial Aid Issues Committee Subcommittee Key staff House Committee on Education and the Majority Workforcea Sally Stroup (202) 225-6558 -Subcommittee on Postsecondary Education and Life Long Learninga Mark Brenner (202) 225-7101 -Subcommittee on Oversight and Investigations George Conant (202) 225-6558 Minority Marshall Grigsby (202) 225-7116 David Evans (202) 225-7116 Senate Committee on Labor and Human Majority Resourcesa Pam Devitt (202) 224-6770 Minority Marianna Pierce (202) 224-5501 House Committee on Government Reform Majority and Oversight Larry Halloran (202) 225-2548 -Subcommittee on Human Resources Chris Allred (202) 225-2548 a Committee or Subcommittee with jurisdiction over the reauthorization of the Higher Education Act of 1965, as amended. Executive Branch Officials and Private Sector Individuals/ Organizations With Agency Key staff Interest in Student Financial Aid Advisory Committee on Student Financial Dr. Robert Alexander, Chairperson Issues Assistance (202) 708-7439 Dr. Brian Fitzgerald, Staff Director ( 202) 708-7439 Department of Education Mr. Tom Bloom, Inspector General ( 202) 205-5439 Office of Management and Budget Ms. Pat Smith, Education Branch (202) 395-5882 Institute for Higher Education Policy Mr. Jamie Merisotis, President (202) 588-8383 Page 65 GAO/HR-97-30 High-Risk Program Student Financial Aid We presently have eleven reviews underway that relate to the operation of Ongoing Audit Work and risk associated with the student aid programs. • Identifying the relationship between reliance on financial aid revenues and school performance in the proprietary school sector. • Extent of the mismatch between occupational education supported by the student aid programs and employment opportunities. • Eligibility of illegal aliens for federal student financial aid. • Review of the income contingent repayment plan in FDLP. • Review of trends in the cumulative amounts borrowed for postsecondary education. • Review of a proposal for an increase in the loan volume threshold for auditing lenders under FFELP. • Efforts to reduce defaults at Historically Black Colleges and Universities. • Assessment of the Department’s compliance with NSLDS requirements. • Survey of school’s use of NSLDS. • Preparation for the fiscal year 1997 Audit of Loans Receivable. • Preparation for the fiscal year 1997 Audit of Liability for Loan Guarantees. Carlotta Joyner GAO Contacts Director, Education and Employment Issues (202) 512-7014 Joel Willemssen Director, Information Resources Management (202) 512-6408 Bob Dacey Director, Consolidated Audits and Computer Security Issues (202) 512-3317 For fiscal year 1997 audit preparation: Ms. Gloria Jarmon Director, Civil Audits/HEHS (202) 512-4476 Addressing the Deficit: Budgetary Implications of Selected GAO Work for Related GAO Products Fiscal Year 1998 (GAO/OCG-97-2, Mar. 14, 1997). High-Risk Series: Student Financial Aid (GAO/HR-97-11, Feb. 1997). Page 66 GAO/HR-97-30 High-Risk Program Student Financial Aid Reporting of Student Loan Enrollment Status (GAO/HEHS-97-44R, Feb. 6, 1997). Department of Education: Status of Actions to Improve the Management of Student Financial Aid (GAO/HEHS-96-143, July 12, 1996). Financial Audit: Federal Family Education Loan Program’s Financial Statements for Fiscal Years 1994 and 1993 (GAO/AIMD-96-22, Feb. 26, 1996). Student Financial Aid: Data Not Fully Utilized to Identify Inappropriately Awarded Loans and Grants (GAO/HEHS-95-89, July 11, 1995). High-Risk Series: Student Financial Aid Programs (GAO/HR-95-10, Feb. 1995). Financial Audit: Federal Family Education Loan Program’s Financial Statements for Fiscal Years 1993 and 1992 (GAO/AIMD-94-131, June 30, 1994). Financial Management: Education’s Student Loan Program Controls Over Lenders Need Improvement (GAO/AIMD-93-33, Sept. 9, 1993). Direct Student Loans: The Department of Education’s Implementation of Direct Lending (GAO/HRD-93-26, June 10, 1994). Financial Audit: Guaranteed Student Loan Program’s Internal Controls and Structure Need Improvement (GAO/AFMD-93-20, Mar. 16, 1993). Page 67 GAO/HR-97-30 High-Risk Program FAA’s Air Traffic Control Modernization GAO first designated the Federal Aviation Administration’s (FAA) air traffic Overview control (ATC) modernization as a high-risk area in 1995.1 We did so because of the modernization’s enormous cost and complexity, its criticality to FAA’s vital mission of ensuring safe and efficient air travel, and its problem-plagued past. In our 1997 high-risk report,2 we again included the modernization, not only for the same reasons we included it in 1995, but also because our recent work on the modernization showed pervasive and fundamental problems in FAA’s approach to managing the modernization. To address the problems that we have thus far identified, we recently made a series of very detailed recommendations aimed at correcting key modernization management problems, to which FAA has been slow in responding and initiating corrective action. We have also initiated and planned work to evaluate other key aspects of the modernization’s management. Our goals are to pinpoint root causes of the modernization’s problems, to recommend fundamental management change to correct the problems, and to vigilantly monitor implementation of these recommendations. When the underlying management weaknesses have been corrected, the ATC modernization will no longer be categorized as a high-risk area. FAA’s primary mission is to ensure safe, orderly, and efficient air travel ATC Modernization: A throughout the United States. FAA’s ability to fulfill this mission depends Brief History and on the adequacy and reliability of the nation’s ATC system, a vast network Description of computer hardware, software, and communications equipment. Within the ATC system, air traffic controllers use automated information processing and display, communication, navigation, surveillance, and weather resources to view key information, such as aircraft location, aircraft flight plans, and prevailing weather conditions, and to communicate with pilots. The ATC system of the late 1970s was a blend of several generations of automated and manual equipment, much of it labor-intensive and obsolete. FAA recognized that it could increase ATC operating efficiency by increasing automation. Additionally, FAA forecasted increased future demand for air travel, brought on by airline deregulation of the late 1970s. It also anticipated that meeting the demand safely and efficiently would require improved and expanded services, additional facilities and equipment, improved workforce productivity, and the orderly replacement of aging 1 High-Risk Series: An Overview (GAO/HR-95-1, Feb. 1995). 2 High-Risk Series: Information Management and Technology (GAO/HR-97-9, Feb. 1997). Page 68 GAO/HR-97-30 High-Risk Program FAA’s Air Traffic Control Modernization equipment. Accordingly, in December 1981, FAA initiated its plan to modernize, automate, and consolidate the existing ATC system by the year 2000. This ambitious modernization program includes the acquisition of new radars and automated data processing, navigation, and communication equipment in addition to new facilities and support equipment. FAA estimates that the modernization will cost over $34 billion through the year 2003 and total over 200 projects. The Congress has already appropriated about $23 billion of this $34 billion investment. Over the past 15 years, the modernization program has experienced cost overruns, schedule delays, and performance shortfalls that have affected FAA’s ability to deliver systems as promised. For example, the acquisition of the Advanced Automation System, which was estimated to cost $7.6 billion and was the centerpiece of the modernization before FAA restructured the effort in 1994, failed because FAA did not recognize the technical complexity of the effort, did not realistically estimate the resources required, did not adequately oversee its contractors’ activities, and did not effectively control systems requirements. Because the ATC modernization is at high risk, both billions of dollars in Cost and Service federal funds and critical federal function are jeopardized. The federal Delivery Implications funding profile between fiscal years 1998 and 2003 alone is about $6 billion for new system investments, not to mention the billions of dollars to be spent maintaining these systems and investing in even more systems beyond 2003. With respect to federal function, the cost implications to public and private sector operations of just an isolated ATC interruption for even short time periods can be significant. Since FAA is responsible for providing safe and efficient air travel both now and in the future, when traffic volumes are expected to increase, FAA must modernize its ATC systems, but it must do so effectively and efficiently. To do less not only risks the funds being spent on modernized systems, but also the delivery of vital government services. Effectively managing a modernization as large and technically complex as What Needs to Be the ATC modernization requires, among other things, an effective Done organizational structure, disciplined investment management processes, mature system and software development and acquisition processes, reliable data upon which to base important decisions, a well-defined Page 69 GAO/HR-97-30 High-Risk Program FAA’s Air Traffic Control Modernization architecture, or blueprint, to guide and constrain system development and evolution, and a healthy organizational culture. Our work evaluating the modernization has been and continues to be directed at determining how well FAA is meeting these and other important requirements. Our recent work shows that FAA is not meeting many of the above cited Recent GAO Work and requirements. For example, we reported that (1) FAA’s processes for Key Open acquiring the software for its new ATC systems are immature, and at times Recommendations chaotic, (2) FAA’s cost estimating processes and cost accounting practices are not adequate to effectively manage its billion dollar information technology investments, (3) FAA’s failure to define and enforce an overall ATC systems architecture has resulted in unnecessarily higher spending to buy, integrate, and maintain hardware and software, (4) FAA’s organizational culture does not reflect a strong commitment to mission focus, accountability, coordination, and adaptability, and (5) FAA lacks a comprehensive plan for augmenting, and transitioning to, the Global Positioning System for civil air navigation. To address these deficiencies, we have made over a dozen detailed recommendations to FAA. FAA is delinquent in responding to and initiating action to correct most of these recommendations. The following table summarizes these recommendations.) Page 70 GAO/HR-97-30 High-Risk Program FAA’s Air Traffic Control Modernization Page 71 GAO/HR-97-30 High-Risk Program FAA’s Air Traffic Control Modernization GAO Report Key Recommendation Air Traffic Control: Immature Software FAA should improve its software acquisition process capability by: Acquisition Processes Increase FAA System • assigning responsibility for software acquisition process improvement to FAA’s CIO, Acquisition Risks (GAO/AIMD-97-47, Mar. • providing FAA’s CIO with the authority to implement and enforce ATC modernization 21, 1997). software acquisition process improvements, • requiring the CIO to develop and implement a formal plan for ATC software acquisition process improvement based on GAO’s evaluation results, • allocating adequate resources to ensure that planned initiatives are implemented and enforced, and • requiring that, before being approved, every ATC modernization acquisition project have software acquisition processes that satisfy at least SA-CMM level 2 requirements. Air Traffic Control: Complete and Enforced FAA should ensure that a complete ATC systems architecture is develop enforced before Architecture Needed for FAA Systems deciding on the architectural characteristics for replacing the Host Computer System. Modernization (GAO/AIMD-97-30, Feb. 3, 1997). FAA should establish an effective management structure for developing, maintaining, and enforcing the complete ATC systems architecture. This management structure should be similar to the department-level Chief Information Officers as prescribed in the Clinger-Cohen Act of 1996. Air Traffic Control: Improved Cost FAA should institutionalize defined processes for estimat projects’ costs. These Information Needed to Make Billion Dollar processes should include: Modernization Investment Decisions • a corporate memory (GAO/AIMD-97-20, Jan. 22, 1997). • structured approaches for estimating software size and complexity • cost models calibrated to past experiences • audit trails that record cost model inputs • processes for dealing with cost for schedule constraints, and • data collection and feedback processes. FAA should disclose the inherent uncertainty in all ATC projects’ official cost estimates presented to the Congress and executive oversight agencies. FAA should acquire or develop and implement a managerial cost accounting capability. The Secretary of Transportation should report FAA’s lack of a cost accounting capability as a material internal control weakness in the Department’s FMFIA reports until the problem is corrected. Aviation Acquisition: FAA should develop a comprehensive strategy for cultural change that includes specific A Comprehensive Strategy Is Needed for responsibilities and performance measures for all stakeholders throughout FAA and Cultural Change at FAA provide the incentives needed to promote the desired behaviors and to achieve (GAO/RCED-96-159, Aug. 22, 1996). agency-wide cultural change. National Airspace System: Comprehensive FAA should prepare a comprehensive plan for augmenting the Global Positioning System FAA Plan for Global Positioning System is (GPS) and transitioning to it and update this plan regularly. The plan should include, Needed (GAO/RCED-95-26, May 10, 1995). among other things, schedule and cost estimates for developing and implementing the wide and local area augmentation systems as well as information on the probability that FAA will meet these estimates. Page 72 GAO/HR-97-30 High-Risk Program FAA’s Air Traffic Control Modernization Status FAA’s Response GAO’s Position Open FAA’s official response is due on May 20, 1997. FAA’s response is not yet due. Open ed and FAA has not yet officially responded to this This response was FAA is delinquent in responding to the due on recommendations. recommendation. April 4, 1997. Open FAA has not yet officially responded to this recommendation. FAA is delinquent in responding to the This response was due on April 4, 1997. recommendations. Open ing ATC FAA has not yet officially responded to this This response was FAA is delinquent in responding to the due on March 24, 1997. recommendations. recommendation. Open FAA has not yet officially responded to this recommendation. FAA is delinquent in responding to the This response was due on March 24, 1997. recommendations. Open FAA has not yet officially responded to this recommendation. FAA is delinquent in responding to the This response was due on March 24, 1997. recommendations. Open FAA has not yet officially responded to this recommendation. FAA is delinquent in responding to the This response was due on March 24, 1997. recommendations. FAA’s lack of a cost accounting capability was not identified as a material internal control weakness in the Department’s 1996 FMFIA report. Open In November 1996, the FAA Administrator directed the FAA did not meet the deadline. Associate Administrators for Research and Acquisitions and Air Traffic Services to develop the comprehensive strategy recommended by GAO. The Administrator directed that the strategy be defined by April 30, 1997 and updated at 6-month intervals. Partially imple- FAA published a satellite navigation program master plan and a FAA has not yet developed a comprehensive mented plan for transitioning to GPS. Additionally, FAA has developed plan for augmenting GPS that includes firm cost preliminary cost and schedule estimates for acquiring the wide and schedule estimates for developing and area augmentation system. implementing the wide and local area augmentation systems.. Page 73 GAO/HR-97-30 High-Risk Program FAA’s Air Traffic Control Modernization Key Congressional Contacts With Interest in FAA’s Air Traffic Control Committee Key staff Modernization Issues House Committee on Appropriations/ Rich Efford (Majority) Subcommittee on Transportation & Related (202) 225-2141 Agencies Cheryl Smith (Minority) (202) 225-3481 House Committee on Science, Richard Russell (Majority) Subcommittee on Technology (202) 225-8844 Jeff Groves (Majority) (202) 225-8844 Mike Quear (Minority) (202) 225-6917 House Committee on Transportation & David Schaffer (Majority) Infrastructure/Subcommittee on Aviation (202) 226-3220 Mary Walsh (Minority) (202) 225-9161 Senate Committee on Wally Burnett (Majority) Appropriations/Subcommittee on (202) 224-7281 Transportation & Related Agencies Peter Rogoff (Minority) (202) 224-7245 Senate Committee on Governmental Affairs Bill Greenwalt (Majority) (202) 224-4751 Ellen Brown (Majority) (202) 224-4751 Brian Dettelbach (Minority) (202) 224-2627 David Plocher (Minority) (202) 224-2627 Senate Committee on Commerce, Science & Ann Hodges (Majority) Transportation/Subcommittee on Aviation (202) 224-4852 Sam Whitehorn (Minority) (202) 224-0411 We have four ongoing assignments focusing on key aspects of FAA’s Ongoing GAO Work modernization: • FAA’s effectiveness in managing its year 2000 conversion effort. • FAA’s effectiveness in managing ATC computer security. Page 74 GAO/HR-97-30 High-Risk Program FAA’s Air Traffic Control Modernization • FAA’s satisfaction of the Clinger-Cohen Act investment management requirements. • FAA’s progress in augmenting the Global Positioning System. Key Agency Contacts Agency Contact Federal Aviation Administration Monte Belger Acting Deputy Administrator (202) 267-7111 Dr. George Donahue Associate Administrator for Research and Acquisitions (202) 267-7222 Dr. Rona Stillman Key GAO Contacts Chief Scientist for Computers and Telecommunications (202) 512-6412 John Anderson Director, Transportation Issues (202) 512-2834 Linda Calbom Director, Civil Audits - Resources, Community, and Economic Development (202) 512-9508 Air Traffic Control: Status of FAA’s Standard Terminal Automation Related GAO Products Replacement System Project (GAO/RCED-97-51, Mar. 5, 1997). DOT’s Budget: Safety, Management, and Other Issues Facing the Department in Fiscal Year 1998 and Beyond (GAO/T-RCED/AIMD-97-86, Mar. 6, 1997). Air Traffic Control: Good Progress on Interim Replacement for Outage-Plagued System, Bt Risks Can Be Further Reduced (GAO/AIMD-97-2, Oct. 17, 1996). Air Traffic Control: Status of FAA’s Modernization Program (GAO/RCED-95-175FS, May 26, 1995). Page 75 GAO/HR-97-30 High-Risk Program FAA’s Air Traffic Control Modernization Advanced Automation System: Implications of Problems and Recent Changes (GAO/T-RCED-94-188, Apr. 13, 1994). Page 76 GAO/HR-97-30 High-Risk Program NASA Contract Management In 1990, we identified NASA contract management as an area at high risk for Overview fraud, waste, abuse, and mismanagement. Our decision to place NASA contract management on our high-risk list was primarily based on work by the NASA Inspector General and NASA management’s growing concern about its ability to adequately oversee contractors’ performance. Early in our high-risk work, we identified three major causes of NASA’s contract management problems: • Unrealistic expectations for future budgets. • Ineffective oversight of contractors. • Noncompliance with contract management requirements. Since the early 1990s, NASA has greatly tempered its future budget expectations. Also, the agency has made considerable progress in addressing its contract management problems since it began to focus special attention on them, beginning in the late 1980s. However, NASA still needs to ensure that it has relevant and reliable methods for timely and accurate monitoring of its contract management activities. Such methods are key to the long-term effectiveness of NASA’s contract management. NASA’s 5-year budget expectations in the early 1990s were between $13 billion and $21 billion higher than the budgets it was likely to receive. Such unrealistic expectations adversely impact NASA’s contract management activities because,when actual budgets are significantly lower than expected, contract adjustments, such as slowing the pace of work in order to spend less, can result. Such adjustments cause work to take longer and cost more. Over the course of several years, NASA eliminated most of the original gap we reported between its program plans and likely budgets. Currently, NASA is planning for a slightly declining budget for the next 5 years—a total of $66.5 billion—well below the $92 billion 5-year budget NASA was planning in the early 1990s. A major initiative that NASA hopes will help improve its oversight of contractors is the development and implementation of a fully integrated financial management system. The new agencywide system, which is currently scheduled to begin implementation by October 1998, will replace a patchwork of existing systems that are incapable of comprehensively producing timely and reliable accounting information and reports.1 1 The NASA Inspector General has expressed concern about NASA’s ability to overcome numerous management, functional and technical challenges of implementing reengineered business processes (budget, asset management, personnel/payroll,etc.) needed for the integrated financial management system. Page 77 GAO/HR-97-30 High-Risk Program NASA Contract Management NASA has completed a variety of efforts to influence contractors’ performance, including changing how it shares risk under research and development contracts and the restructuring of contract award fees so that space system performance is emphasized. To help improve agencywide compliance with contract management requirements, NASA has instituted a variety of changes that are intended to ensure more consistent interpretation and implementation of such requirements across the agency. For example, NASA has published improved guidance or made other changes intended to reduce the amount of government equipment provided to contractors and to improve the use of audits in helping oversee contractors’ activities. In actively working to identify and correct its contract management problems, NASA has been responsive to our specific recommendations for improving its contract management and related activities. Also, NASA has independently evaluated other contract management problems and designed, implemented, and measured the effectiveness of its corrective actions. However, NASA still needs to ensure that it has established relevant and reliable ways to help assess the effectiveness of its contract management activities. We will continue to evaluate NASA’s contract management and related activities. When looked at functionally, NASA can be seen principally as a Resources at Risk procurement organization. In a typical year, NASA uses between 85 percent and 90 percent of its budget for purchasing goods and services—about $12 billion or more each year. Establishing and maintaining adequate management control over NASA’s procurement activities is imperative, given the amount of money in the system and potentially at risk. Over the past 6 years, we have issued over 40 reports and testimonies Key Open GAO dealing partly or wholly with NASA’s contract management and related Recommendations activities. Over 30 of these products provided information or analyses on and Implementation key parts of the procurement cycle—from choosing the type of procurement instrument, through contract award and oversight of Status contractor performance, to contract closing—or addressed major contract management-related activities, including project cost estimating, planning, budgeting, and accounting. Fifteen of the reports contained 82 recommendations for correcting or improving NASA’s contract management and related activities. NASA has been responsive to all our major recommendations for improving NASA contract management and related Page 78 GAO/HR-97-30 High-Risk Program NASA Contract Management activities and has implemented or is implementing them.2 The one key outstanding matter relates to NASA fulfilling its commitment to improve its ability to oversee contract management activities. Even though NASA is acting to implement key recommendations related to Why contract management or contract management-related activities, there are Recommendations actions it still needs to take. Have Not Been In our most recent high-risk report to NASA,3 we noted that NASA has Implemented and effectively addressed many problems throughout the procurement cycle What Remains to Be but that a procurement operation as large as NASA’s inevitably experiences periodic problems. The key was to identify such problems early so that Done they could be evaluated, monitored, and corrected before they became systemic. In this regard, we noted that continuous effective oversight required NASA to have relevant and reliable performance measurements and to do periodic performance reviews. We told NASA that resolving remaining high-risk issues is largely based on improvements to the processes and systems it uses to assess and oversee its procurement activities and their capability to consistently produce accurate and reliable information. NASA acknowledged that it needed to improve the procurement self-assessment process. It said it would issue additional guidance to its field centers on performing assessments and that its procurement management survey teams would review the centers’ processes for conducting these assessments. We told NASA that we are planning to evaluate its procurement self-assessment process and procurement performance measurements. Currently, the majority and minority staffs on the House Science Other Information Committee and its Space and Aeronautics Subcommittee are aware and generally interested in our NASA contract management high-risk work. However, we are presently working on only one congressionally requested assignment in the high-risk area—cost control in the Space Station program. The requesters are Senator Bumpers and Representative Dingell. 2 Some of our recommendations became obsolete before they could be acted on because of other changes at NASA. In other cases, NASA took alternative actions that were intended to produce the same results as our recommended actions. 3 NASA Procurement: Contract Management Oversight (GAO/NSIAD-97-114R, Mar. 18, 1997). Page 79 GAO/HR-97-30 High-Risk Program NASA Contract Management The NASA Inspector General has a continuous body of work in the procurement area. Ongoing and planned work on contract management and related activities, GAO Audit Work include: • International Space Station cost control (ongoing). • NASA’s mid-level procurement pilot program (planned). • NASA’s procurement evaluation processes (planned). Robert J. Wesolowski NASA Contact Acting Assistant Inspector General for Auditing (202) 358-1232 Louis J. Rodrigues, Director Key GAO Contacts Defense Acquisition Issues (202) 512-4841 Thomas J. Schulz, Associate Director Defense Acquisition Issues (202) 512-4841 NASA Contract Management: Performance Measurement (GAO/NSIAD-97-114R, Related GAO Products Mar. 18, 1997). Potential Improvements in NASA’s Assessments of Its Procurement Function (GAO/NSIAD-97-80R, Feb. 4, 1997). NASA Infrastructure: Challenges to Achieving Reductions and Efficiencies (GAO/NSIAD-96-187, Sept. 9, 1996, and GAO/T-NSIAD-96-38, Sept. 11, 1996). Space Station: Cost Control Difficulties Continue (GAO/NSIAD-96-135, July 17, 1996, and GAO/T-NSIAD-96-210, July 24, 1996). NASA Contract Management (GAO/NSIAD-96-95R, Feb. 16, 1996). NASA Budgets: Gap Between Funding Requirements and Projected Budgets (GAO/NSIAD-95-155BR, May 12, 1995). Page 80 GAO/HR-97-30 High-Risk Program Customs Service Financial Management The U.S. Customs Service (Customs) has a challenging and diverse Overview mission which includes collecting duties, taxes, and fees on imports and enforcing trade laws. In 1991, GAO added Customs as a high-risk area because it had major weaknesses in its management and organizational structure that diminished its ability to detect trade violations on imported cargo; collect applicable duties, taxes, fees, and penalties; control financial resources; and report on financial operations. In February 1995, we reported that Customs had taken several actions in an effort to reduce risks in the general management arena. Such actions included aggressively pursuing delinquent receivables which resulted in collections of over $37 million and embarking on an agency-wide reorganization plan. Additional efforts, however, were still needed in the financial management area. Since then, the scope of our high-risk work at Customs has focused on its financial management problems. A number of our key open recommendations related to financial management resulted from our efforts to audit Customs’ fiscal year 1992 and 1993 principal financial statements, under the Chief Financial Officers (CFO) Act. We identified critical control weaknesses in areas related to trade compliance, computer security, and administrative operations, which includes financial reporting. At that time, Customs did not have a means to reliably measure overall compliance with trade laws, which hindered its ability to ensure that all imported goods were identified and related duties collected; disposition of goods moving to other ports, warehouses, or foreign trade zones (FTZs) were adequately monitored; and the appropriateness of duty refunds, referred to as drawbacks,1 were verified. Also, Customs’ controls to prevent or detect unauthorized access and intentional or inadvertent unauthorized modifications to critical and sensitive data and computer programs were ineffective, thereby jeopardizing the security and reliability of the operations central to Customs’ mission. Further, fundamental problems, including financial management systems that were poorly designed or not designed to report financial results and performance information, impaired its ability to produce reliable financial information. As recently reported in our February 1997 high-risk series, Customs has and continues to take actions to address significant weaknesses in its financial management and internal control systems. These actions include, for example, statistically sampling compliance of commercial importations through ports of entry to better focus enforcement efforts and to project 1 Drawback payments are refunds of duties and taxes paid on imported goods that are subsequently exported or destroyed. Page 81 GAO/HR-97-30 High-Risk Program Customs Service Financial Management and report lost duties, taxes and fees due to noncompliance. Customs also developed a methodology to estimate and disclose the liability for future claims for drawback payments and other refunds. In addition, meaningful steps toward correcting its computer access problems were also taken. Further, Customs reorganized its Office of Finance and established financial advisor positions in key organizational units to more effectively meet financial management responsibilities. Although these actions have resulted in substantial progress, Customs still has not fully corrected problems in these areas, which continue to be identified during audits of Customs’ financial statements under the CFO Act. These problems continue to hinder Customs’ ability to reasonably ensure that • duties, taxes, and fees on imports are properly assessed and collected and refunds of such amounts are valid; • sensitive data maintained in its automated systems, such as critical information used to monitor Customs’ law enforcement operations, are adequately protected from unauthorized access and modification; and • core financial systems capture all activities that occurred during the year and provide reliable information for management to use in controlling operations. In fiscal year 1996, Customs processed over 27 million import transactions Resources at Risk with a value of over $775 billion. This represents a 100 percent growth over 10 years, while resources remained static. The increase in the volume of imports makes it impractical for Customs to observe and inspect all shipments to ensure compliance of trade laws by the trade community. Also, federal laws allow importers to transfer goods from their original ports of entry to other locations within the United States prior to the assessment of duties, referred to as in-bond transfers. Such transfers increase the risk of trade violations because it is not practical for Customs to closely monitor the movement of goods within the United States to ensure that they are not unloaded, substituted, or augmented in transit. In early 1994, Customs began a compliance measurement (CM) program, in response to GAO’s recommendations, to statistically sample trade compliance of commercial importations through ports of entry to better focus enforcement efforts and to project and report lost duties, taxes and fees due to noncompliance. Compliance measurement was developed as a series of building blocks expanding and improving the precision of the Page 82 GAO/HR-97-30 High-Risk Program Customs Service Financial Management measure of trade compliance from one year to the next. As such, other important processes such as in-bond transactions and foreign trade zone entries are not covered by this port of entry compliance measurement program. As a result of this compliance measurement program, Customs reported an overall port of entry compliance rate of approximately 80 percent and 82 percent for fiscal year 1995 and 1996, respectively. Because these are statistically-based examinations, Customs can project the level of noncompliance and associated loss of revenue. Accordingly, Customs reported revenue undercollections of $218 million and $274 million and overcollections of $83 million and $101 million for fiscal year 1995 and fiscal year 1996, respectively. Although this reflects progress, these programs do not identify the specific importers who are in violation of trade laws. The compliance measurement results only allow Customs to assess performance by major key industry areas, providing a basis for Customs to work with these groups in improving compliance. However, the inability to specifically identify import violators hinders Customs ability to actually identify and collect associated revenue. As such, until Customs can identify and focus on the non-complying entities or such entities voluntarily become more compliant, lost duties, taxes, and fees will continue to occur. Customs is attempting to address this situation through the development of innovations such as the Primary Focus Industries (PFIs) and tariff areas, which focus on special areas of non-compliance. In the meantime, however, the potential for revenue to go uncollected at ports of entry, and for goods moving in-bond,2 or through bonded warehouses3 and FTZs, exists. Customs officials stated that first-ever nation-wide compliance measurement programs are scheduled to occur in 1997 for in-bond shipments of goods and those entered into bonded warehouses, however, until these are implemented fully, not only will Customs be unable to project the loss of revenue, but any such revenue will remain uncollected. The Office of the Inspector General (OIG) estimated total revenue associated with goods moving in-bond to be between $9 to $11 billion during fiscal year 1996, comprising almost half of the total revenue 2 In-bond shipment refers to goods authorized, by law, to move within the United States prior to release or export, without appraisement or classification. 3 Foreign goods held in bonded warehouses and foreign trade zones are not assessed duty, tax, and fees until the goods are released into the commerce of the United States. Page 83 GAO/HR-97-30 High-Risk Program Customs Service Financial Management collected during the fiscal year. OIG also reported a total value of about $5.2 billion for merchandise entered into bonded warehouses for fiscal year 1996. Finally, a similar strategy to measure compliance of goods entering FTZs, as well as issues related to revenue collection will need to be addressed. According to Customs officials, about $144 billion of merchandise entered FTZs during fiscal year 1995. GAO has made several recommendations to Customs in an effort to Key Open GAO promote better financial management and strengthen its controls. Recommendations Although actions have been initiated on all key open GAO and Implementation recommendations (See following table for summary information on these recommendations.) and improvements continue, recommendations Status deemed critical to improving the assessment and collection of revenue, strengthening automated systems security, and integrating core financial systems remain open. GAO made these recommendations realizing that most of these problems would require long-term efforts to effectively plan and implement solutions to address the long-standing root causes. Although recent discussions with Customs officials revealed their continued commitment towards improvement efforts, we reiterate the importance that Customs’ top and mid-level management provide the support needed to ensure that these important actions are properly implemented and that related problems do not recur. Page 84 GAO/HR-97-30 High-Risk Program Customs Service Financial Management High Risk Series Analysis and Update Schedule of Key Open GAO Recommendations Department of the Treasury: United States Customs Service (Financial Management) Recommendations related to ensuring duties, taxes GAO report and fees on imports are properly assessed and Status of implementation and what remains to be number collected and refunds of such amounts are valid done AIMD-94-119, The Commissioner of Customs should direct the In July 1994, Customs’ Acting Assistant Commissioner June 15, 1994 Assistant Commissioner for Inspection and Control to for Inspection and Control directed all jurisdictions to require personnel at ports of entry to maintain accurate reconcile discrepant AMS bills of lading, or supply an and up-to-date data in the Automated Manifest System alternative method for completing the task. (AMS) and to routinely investigate all shipments that have not been released by the end of a prescribed However, in its March 1997 report, the Office of period. Inspector General (OIG) reports that Customs’ controls over bills of lading and in-bond shipments still do not ensure that transactions appearing as “open” items on Automated Commercial System (ACS) exception reports are true exceptions. Further, during fiscal year 1996, Customs had approximately one million bills of lading and in-bond shipment transactions “open” in ACS. According to Customs, both it and the OIG’s testing of a sample of these open bills of lading transactions did not indicate any significant loss of revenue. The OIG attributes the large number of “open” exceptions to a variety of systemic control weaknesses, such as a high rate of input errors that ACS edit controls were not designed to prevent, and because the ACS In-Bond Module used to record manually filed in-bond shipment transactions did not require the input of merchandise quantity, and the module did not interface with and update other ACS modules. (continued) Page 85 GAO/HR-97-30 High-Risk Program Customs Service Financial Management Recommendations related to ensuring duties, taxes GAO report and fees on imports are properly assessed and Status of implementation and what remains to be number collected and refunds of such amounts are valid done AIMD-94-38, The Commissioner of Customs should direct the In early 1994, Customs implemented a compliance March 7, 1994 Assistant Commissioner for Inspection and Control to measurement program to statistically sample trade develop and implement, in conjunction with Customs’ compliance of commercial importations through ports Chief Financial Officer, a strategy for inspecting cargo of entry to better focus enforcement efforts and to from both high- and low-risk carriers to help provide project and report lost duties, taxes and fees due to reasonable assurance that all cargo delivered is noncompliance. accurately and completely identified on manifest and entry documents. Carriers undergoing such inspections For fiscal year 1996, Customs continued its statistically should be randomly selected to ensure that they are based examination programs, referred to as representative of all carriers. compliance measurement programs (CMP), for commodity imports by the 4-digit Harmonized Tariff Schedule and by carrier manifests. The commodity import CMP is designed to quantify the lost duties, taxes and fees due to noncompliance (“revenue gap”) and assess trade law compliance. Based on the results of this CMP, Customs projected revenue undercollections of $218 million and $274 million; and overcollections of $83 and $101 million for fiscal year 1995 and fiscal year 1996, respectively. The carrier manifest CMP measures the accuracy of reporting by carriers of cargo arriving in the United States. Customs uses the results of its CMPs to identify low compliance areas, track improvement in key sectors, identify revenue gap commodities, and measure improvements resulting from interventions. AIMD-94-38 Continued. Customs strategy for implementing GAO’s recommendations related to trade compliance has primarily been based on an assessment of (1) level of risk and (2) Customs’ ability to achieve results. As such, Customs began its CMP project at ports of entry since they deemed this area to be at high risk for lost revenue. Customs has made significant strides in defining the “revenue gap,” via its CMP program for ports of entry, however, these CMPs only provide a measurement of compliance with Customs laws and regulations. These programs cannot yet identify individual importers who are not complying, and subsequently quantify and collect, the related duties, taxes and fees associated with these imports. Customs has efforts underway, such as the Private Focus Industries (PFIs), which focus on special areas of noncompliance, however, future efforts should encompass methods for collecting lost revenue. (continued) Page 86 GAO/HR-97-30 High-Risk Program Customs Service Financial Management Recommendations related to ensuring duties, taxes GAO report and fees on imports are properly assessed and Status of implementation and what remains to be number collected and refunds of such amounts are valid done AIMD-94-38 Continued. Customs established an In-bond Task Force to address the problems associated with the in-bond program. The Commissioner of Customs should monitor This task force, comprised of Customs personnel, trade implementation of the new procedures for accounting representatives, and oversight agencies, developed for in-bond transfers to ensure that they address the proposals and changes to the in-bond system. weaknesses that have been identified. In conjunction with this effort, the Commissioner should provide According to Customs, the new in-bond proposal personnel involved in maintaining data on in-bond incorporates the rules of compliance measurement and transfers with clear and detailed guidance and post-audit techniques to close the potential revenue adequate training on complying with the new gap. The new proposal also provides Customs with an procedures. electronic risk assessment by processing in-bond information through electronic selectivity filters prior to cargo arrival at the first port in the United States. This process lets Customs decide whether or not to authorize the in-bond movement. Under the new program, beginning in December 1997, items shipped in-bond will be subject to selectivity for examination. Customs expects 95% of cargo to move without exam or post-audit; but the remaining 5% will be examined, at the port of unlading (origin) and/or the port of destination. In addition, Customs plans to implement, in fiscal year 1997, a post-audit compliance program. AIMD-94-38 Continued. As part of Customs’ proposed changes to its in-bond program, in-bond documentation will be entered into ACS only once, at the port of departure. This will eliminate entry of documentation at the port of destination. The in-bond entry will be closed upon reaching its destination. Also, during fiscal year 1996, Customs reported that it initially implemented the electronic link for input of in-bond data by importers/brokers in its Automated Broker Interface, which allows automated brokers and importers to initiate in-bond movements electronically. However, there were initial problems with the interface and the link is now projected to be fully operational in July 1997. The OIG reported in its audit report that Customs eventually expects manually filed in-bonds to be tracked in the same module used for electronically filed in-bond shipments which they believe should allow Customs better control over all in-bond shipments. (continued) Page 87 GAO/HR-97-30 High-Risk Program Customs Service Financial Management Recommendations related to ensuring duties, taxes GAO report and fees on imports are properly assessed and Status of implementation and what remains to be number collected and refunds of such amounts are valid done AIMD-94-38 The Commissioner of Customs should direct the Customs plans to perform a compliance measurement Assistant Commissioner for Inspection and Control, in test to determine the necessity for perpetual inventory conjunction with the Chief Financial Officer, to require records of goods held in bonded warehouses. A district offices to maintain perpetual inventory records pre-pilot test at five bonded warehouses was of goods held in bonded warehouses and foreign trade conducted in 1994 and pilots continued in 1995. The zones (FTZs) that they are responsible for overseeing. OIG reported in its March 1997 report that Customs also developed a CMP schedule to begin in fiscal year 1997 for bonded warehouses, but Customs still needs to formulate CMPs for foreign trade zones. As part of the program, Customs will statistically select a sample of open and closed bonded warehouse entries to compare against the bonded warehouse operator’s records. Customs officials stated that such a program for FTZs is more complex due to the difficulty of tracing the goods entered into and withdrawn from FTZs since most are manufacturing operations that incorporate imported components into larger items that are eventually withdrawn and either entered into U.S. commerce or exported. In addition, since Customs does not maintain centralized accountability for entries relating to dutiable goods entered into commerce through FTZs, Customs officials stated that it will be difficult to establish a complete universe of such entries to enable a statistical sample to be selected and examined. AIMD-94-38 The Commissioner of Customs should direct the Customs has deferred action of this recommendation Assistant Commissioner for Inspection and Control, in pending the results of the CMP for bonded warehouses. conjunction with the Chief Financial Officer, to enhance ACS so that the district offices could use this system to maintain perpetual records of merchandise quantities at each warehouse and FTZ. (continued) Page 88 GAO/HR-97-30 High-Risk Program Customs Service Financial Management Recommendations related to ensuring duties, taxes GAO report and fees on imports are properly assessed and Status of implementation and what remains to be number collected and refunds of such amounts are valid done AIMD-94-38 The Commissioner of Customs should direct the In March 1997, the OIG reaffirmed that material Assistant Commissioner for Commercial Operations, in weaknesses exist in this area but reported varying conjunction with the Chief Financial Officer, to develop degrees of progress in correcting the weaknesses. For a means of automatically entering information needed instance, the OIG reports that, beginning in fiscal year to verify drawback claims into ACS so that liquidators 1995, Customs programmed its revenue accounting can use the system to automatically verify drawback system (ACS) to detect drawback claims that exceeded claims. the related amount of duty and taxes paid, in total, on import entries filed in fiscal year 1995 and after. However, since claimants can file drawback claims up to eight years after an entry is filed, the risk, while reduced, of paying duplicate or excessive duties stemming from entries submitted prior to fiscal year 1995, still exists. Customs officials estimate that most drawback claims are filed within three to five years of the date an entry was submitted. Further, the OIG reports that Customs continues to lack standard procedures to ensure that drawback claims are liquidated in a consistent manner with documentation supporting the basis for approval. In the interim, Customs drawback offices were instructed to annotate applicable documentation reviewed as part of the drawback liquidation process. AIMD-94-38 The Commissioner of Customs should direct the Customs officials state that the Automated Commercial Assistant Commissioner for Commercial Operations, in Environment (ACE) will include a profile on each conjunction with the Chief Financial Officer, to enhance claimant, including information, such as whether the ACS so that historical information on drawback claimant is approved to receive accelerated claimants such as accelerated claim privileges, drawbacks, that will be accessible online by Customs excessive claims previously filed, overdue receivables, drawback specialists. In addition, ACE is expected to and regulatory audit results are available to liquidators electronically reference the claimant profile for in a national database. approved privileges or adverse information. AIMD-94-38 The Commissioner of Customs should direct the See previous response. Assistant Commissioner for Commercial Operations, in conjunction with the Chief Financial Officer, to require that liquidators review this database to ensure that special privileges such as accelerated drawback payments are granted only to claimants who have consistently complied with Customs claim filing requirements. AFMD-92-30, Congress may wish to consider enacting legislation to To date, legislation has not been enacted to authorize Aug. 25, 1992 allow Customs to use administrative offsets. Customs to use administrative offsets for collection of duties, taxes and fees. Page 89 GAO/HR-97-30 High-Risk Program Customs Service Financial Management Recommendations related to ensuring that GAO report core financial systems provide reliable number information for managing operations Status of implementation and what remains to be done AIMD-94-5 To help strengthen the accuracy of the In November 1996, Customs began phasing in a Nov. 8, 1993 accounts receivable balance reported in comprehensive financial management and seized property Customs’ financial statements, the tracking system, SEACATS, for its fines, penalties, forfeitures Commissioner of Customs should direct the and property seizure activities. Customs reported that the Chief Financial Officer to require Customs procedural changes to ensure timely and accurate updates personnel to review fines and penalties were being implemented. assessments recorded in ACS and correct any inaccuracies before transfer to the redesigned system. AIMD-94-5 Customs should develop and maintain an Beginning in October 1998, Customs plans to implement in integrated accounting system that can capture stages a new comprehensive system (ACE) to replace the accurate and reliable information on all types of current ACS. Customs plans for ACE to be based on account assessments (including duties, taxes, fines, transactions and not individual import transactions. Customs and penalties) from assessment through also intends for ACE to include an automated, centralized collection of any related amounts. Also the accounts receivable subsidiary ledger, which Customs expects integration of the property and accounting will meet all financial reporting requirements. GAO previously systems should be completed as planned. reported that Customs was ill-prepared to develop ACE because the agency was not effectively applying critical management practices that help organizations mitigate the risks associated with modernizing automated systems and better position themselves to achieve success. Customs has efforts underway to address this issue. The OIG reported in March 1997 that, in addition to short term changes in procedures, Customs has developed a long-term Information Strategy Plan to serve as a guide for integrating financial systems. Customs plans to perform a series of business area analyses to identify specific integration projects and time frames for implementation. (Due to its sensitive nature, additional information is being provided separately for limited official use only.) As authorized by the CFO Act, GAO performed pilot audits of Customs’ Ongoing Audit Work fiscal years 1992 and 1993 financial statements. In an effort to gain financial statement audit experience and position themselves to perform the financial statement audits required by the act, OIG auditors participated in the fiscal year 1993 financial audit of Customs. Since 1994, the Treasury Office of Inspector General has audited Customs’ financial statements. As part of the financial statement audit, the OIG assesses Customs’ internal control structure, reports on internal control weaknesses, and makes recommendations to correct such weaknesses. As part of this process, the OIG investigates and reports on the progress made on outstanding recommendations that it has made. The OIG will update Page 90 GAO/HR-97-30 High-Risk Program Customs Service Financial Management the status of its recommendations in future OIG reports on Customs’ financial statements. GAO will review OIG’s work as part of its efforts to provide an opinion on the government’s consolidated financial condition. Key Agency Contacts Department of the Treasury Contact United States Customs Service Vincette L. Goerl Chief Financial Officer (202) 927-0600 Bob Biancucci Acting Director (202) 927-0281 Tom Banner Director of Cargo and Entry Operations (202) 927-0300 Kevin Fox Director of Analytical Development (202) 927-1880 Louis E. Samenfink Director, Seizures and Penalties Division (202) 927-3119 William Riley Director, Office of Planning (202) 927-7700 Tom Bavosso Supervisory ACS Specialist (703) 440-6479 Office of Inspector General Bill Pugh Deputy Assistant Director for Audit (202) 927-5768 Marla Freedman Director, Financial Statement Audits (202) 927-6516 Gary Engel GAO Contact Associate Director, Governmentwide Audits (202) 512-8815 Financial Audits: CFO Implementation at IRS and Customs Related GAO Products (GAO/T-AIMD-94-164, July 28, 1994). Page 91 GAO/HR-97-30 High-Risk Program Customs Service Financial Management Financial Audit: Examination of Customs’ Fiscal Year 1993 Financial Statements (GAO/AIMD-94-119, June 15, 1994). Financial Management: Control Weaknesses Limited Customs’ Ability to Ensure That Duties Were Properly Assessed (GAO/AIMD-94-38, Mar. 7, 1994). Financial Management: Customs Did Not Adequately Account for or Control Its Accounts Receivable (GAO/AIMD-94-5, Nov. 8, 1993). Financial Audit: Examination of Customs’ Fiscal Year 1992 Financial Statements (GAO/AIMD-93-3, June 30, 1993). Page 92 GAO/HR-97-30 High-Risk Program Farm Loan Programs The U.S. Department of Agriculture’s (USDA) farm loan programs provide Overview financial assistance to farmers and ranchers who are unable to obtain commercial credit at reasonable rates and terms.1 In operating the farm loan programs, USDA faces conflicting objectives: providing temporary credit to high-risk farm borrowers until they are able to secure commercial credit, while at the same time ensuring that the taxpayers’ investment is protected. USDA’s farm loan programs have been on GAO’s high-risk list since its inception in 1990. In December 1992, we highlighted the poor financial condition of USDA’s farm loan portfolio. We pointed out that even after forgiving or writing off billions of dollars of unpaid debt, much of the portfolio continued to be held by delinquent borrowers. Furthermore, we reported that USDA had become a permanent, rather than a temporary, source of credit for many borrowers. We identified three factors contributing to these problems: (1) field office lending officials were not always implementing lending and servicing standards designed to safeguard federal financial interests, (2) some of the loan-making, loan-servicing, and property management policies were fundamentally weak and increased the government’s vulnerability to loss, and (3) the Congress had not provided clear direction on the basic purposes of the farm loan programs. In our February 1995 high-risk series, we noted that some progress had been made in addressing two causes of the loan programs’ problems. First, USDA had improved compliance with certain lending and servicing standards by increasing the training of its field officials. Second, the Congress had clarified certain aspects of the Department’s basic lending mission by requiring it to focus on assisting beginning farmers. However, we also reported that no actions had been taken to strengthen weak loan and property management policies and that the Congress needed to further clarify the agency’s role. Since our February 1995 report, the Congress has enacted legislation that, if properly implemented, should significantly reduce the financial risks associated with the farm lending programs. Specifically, title VI of the Federal Agriculture Improvement and Reform (FAIR) Act of 1996 (P.L. 104-127, Apr. 4, 1996) made fundamental changes to the programs’ loan-making, loan-servicing, and property management policies. The changes included 1 Within USDA, farm loans are administered by the Farm Service Agency (FSA); prior to the Department’s October 1994 reorganization, the loans were administered by the Farmers Home Administration. Page 93 GAO/HR-97-30 High-Risk Program Farm Loan Programs • prohibiting delinquent borrowers from obtaining additional direct farm operating loans, • generally prohibiting borrowers who cause USDA to incur loan losses from obtaining additional direct or guaranteed farm loans, except annual operating loans, • limiting the number of times delinquent borrowers can receive debt forgiveness, and • requiring certain delinquent borrowers to pay a portion of the interest due to USDA as a condition for having the terms of their loans rewritten. In addition to substantially strengthening lending and property management policies, the FAIR Act provided direction for many other aspects of USDA’s basic lending mission. For example, it emphasized that farm loan assistance is temporary and, consistent with that policy, promoted borrowers’ graduation from direct loans to commercial loans guaranteed by the federal government. The act further reinforced the importance that the Congress placed on using the lending programs to assist beginning farmers and ranchers over other groups of potential beneficiaries. Overall, the extensive reforms mandated by the FAIR Act, combined with USDA’s actions to improve compliance with program standards, should reduce the farm lending programs’ vulnerability to loss. The impact of the FAIR Act’s reforms on the financial condition of USDA’s Financial Condition of farm loan portfolio may not be seen for several years. As of September 30, the Farm Loan 1996, the direct farm loan portfolio continued to contain large amounts of Portfolio at the End of financially risky debt. However, the amount of debt at risk has decreased from prior years. In addition, there was less risk of losses associated with Fiscal Year 1996 guaranteed loans than there was with direct loans. Specifically: • As of September 30, 1996, $3.6 billion, or about 34 percent of the total outstanding principal on direct loans ($10.5 billion), was owed by delinquent borrowers. This level of delinquency is an improvement from the $4.6 billion owed by delinquent borrowers, or about 41 percent of the total outstanding principal ($11.4 billion), at the end of fiscal year 1995. • Much of the decrease in direct loan delinquencies, however, is attributable to debt relief provided to delinquent borrowers. Specifically, USDA forgave $1.1 billion through various mechanisms for servicing delinquent direct loans during fiscal year 1996. Page 94 GAO/HR-97-30 High-Risk Program Farm Loan Programs • As of September 30, 1996, $280 million, or 4.4 percent of the total outstanding principal on guaranteed loans ($6.4 billion), was owed by delinquent borrowers. This compares with $218 million owed by delinquent borrowers, or 3.7 percent of the total outstanding principal ($5.9 billion), at the end of fiscal year 1995. • Much of the increase in guaranteed loan delinquencies is concentrated in a few states. We have no major open recommendations to the Congress because the Open GAO changes in title VI of the FAIR Act substantially addressed the problems Recommendations that we have reported on in the past. While it is too early to gauge the impact of these legislative changes on the financial condition of the portfolio, we believe that, if properly implemented, they will go a long way to reducing the risk associated with the farm loan programs and to improving their operations. The Senate Committee on Agriculture, Nutrition, and Forestry and the Other Information House Committee on Agriculture, which have authorizing jurisdiction over USDA’s farm loan programs, have been the primary congressional committees interested in our farm loan work. In addition, the Subcommittee on Agriculture, Rural Development, and Related Agencies of the Senate Committee on Appropriations, and the Subcommittee on Agriculture, Rural Development, Food and Drug Administration, and Related Agencies of the House Committee on Appropriations have also expressed interest in farm loans. GAO has no ongoing work focusing on USDA’s farm loan programs. Ongoing Audit Work However, USDA is still in the process of implementing the FAIR Act’s mandated reforms, and their impact on the loan portfolio’s financial condition will not be known for some time. We plan to continue monitoring USDA’s implementation of these reforms, as well as the status of financial audits being performed under the Chief Financial Officers Act. Robert A. Robinson Director, Food and Agriculture Issues (202) 512-5138 Key GAO Contact Farm Service Agency: Update on the Farm Loan Portfolio (GAO/RCED-97-35, Related GAO Products Jan. 3, 1997). Page 95 GAO/HR-97-30 High-Risk Program Farm Loan Programs Emergency Disaster Farm Loans: Government’s Financial Risk Could Be Reduced (GAO/RCED-96-80, Mar. 29, 1996). Consolidated Farm Service Agency: Update on the Farm Loan Portfolio (GAO/RCED-95-223FS, July 14, 1995). High-Risk Series: Farm Loan Programs (GAO/HR-95-9, Feb. 1995). Farmers Home Administration: The Guaranteed Farm Loan Program Could Be Managed More Effectively (GAO/RCED-95-9, Nov. 16, 1994). Debt Settlements: FmHA Can Do More to Collect on Loans and Avoid Losses (GAO/RCED-95-11, Oct. 18, 1994). Farmers Home Administration: Billions of Dollars in Farm Loans Are at Risk (GAO/RCED-92-86, Apr. 3, 1992). Page 96 GAO/HR-97-30 High-Risk Program National Weather Service’s Modernization GAO first designated the National Weather Service’s (NWS) program to Overview modernize its weather observing, information processing, and communications systems as a high-risk area in 1995.1 We did this because of its estimated $4.5 billion cost, its complexity, its criticality to NWS’ mission of helping to protect life and property through early forecasting and warnings of potentially dangerous weather, and its past problems. As reported in our February 1997 high-risk report series, while the modernization has greatly improved forecasts and warnings, it has also experienced cost increases and schedule delays.2 We have recently testified on the continuing problems facing the modernization, and suggested actions that NWS needs to take to address outstanding risks.3 We will continue to identify the root causes of the modernization’s problems, recommend actions to correct the problems, and monitor implementation of these recommendations. When the underlying management weaknesses have been corrected, the NWS modernization will no longer be categorized as a high-risk area. NWS uses a variety of systems and manual processes to collect, process, NWS Modernization: and disseminate weather data to and among its network of field offices A Brief History and and regional and national centers. Prior to the modernization, these Description systems and processes were largely outdated. Radar equipment dated back to the 1950s, and much of the current information processing, display, and data communications system has been in use since the 1970s. To enhance its ability to deliver weather services, NWS determined some 15 years ago to use the power of technology to “do more with less.” To reach the goal of better forecasting and earlier warnings with a smaller, downsized operation, the Weather Service has been acquiring new observing systems—including radars, satellites, and ground-based sensors—as well as powerful forecaster workstations. The goals of the modernization are to (1) achieve more uniform weather services nationwide, (2) improve forecasting, (3) provide more reliable detection and prediction of severe weather and flooding, (4) permit more cost-effective operations, and (5) achieve higher productivity. 1 High-Risk Series: An Overview (GAO/HR-95-1, Feb. 1995). 2 High-Risk Series: Information Management and Technology (GAO/HR-97-9, Feb. 1997). 3 Weather Service Modernization: Risks Remain That Full Systems Potential Will Not Be Achieved (GAO/T-AIMD-97-85 April 24, 1997). Page 97 GAO/HR-97-30 High-Risk Program National Weather Service’s Modernization Modernization—particularly with the new radars and satellites—has enabled the Weather Service to generate better data and has greatly improved forecasts and warnings. These can be related directly to saving lives and reducing the effects of natural disasters. For example, lead times of warnings for severe storms and tornadoes improved by about 5 minutes between 1986 and 1996, which is significant. Notwithstanding such successes, however, each of the four major programs that make up the modernization has experienced cost increases and schedule delays. Some of these increases and delays can be attributed to changes in requirements; others were caused by program management and development problems. Also, in terms of staffing, the sizable reductions promised as a result of the modernization will not be realized. While NWS originally planned to reduce staff by 21 percent, the goal had been scaled back to 8 percent. NWS attributes the reduced goal primarily to the need for more staff than originally envisioned to operate new systems, and to other unanticipated requirements. NWS estimates that the total cost of the modernization will be about Cost and Service $4.5 billion, when completed in 2002. At that time, the last of five satellites Delivery Implications for identifying and tracking severe weather events, such as hurricanes, would have been launched. Additional funds will be necessary to maintain these systems and invest in even more systems beyond 2002. The cost implications to public and private sector operations of just an isolated NWS interruption can be significant. In light of NWS’ mission of forecasting and providing early warnings of dangerous weather, it must not only modernize its systems, but it must do so effectively and efficiently. To do less not only risks the funds being spent on modernized systems, but also the delivery of vital government services. Our work shows that NWS has addressed some of our recommendations. Key Open However, other key ones remain open. (See following table for summary Recommendations information on these recommendations.) For example, we recommended in March 1994 that NWS develop a systems architecture to guide its current and future systems development. NWS agreed that such a technical blueprint is necessary, and is currently working on one. However, more than 3 years after our recommendation, NWS still has not developed an overall architecture. Until such an architecture is developed and enforced, the modernization will likely continue to be subject to higher costs and reduced performance. Page 98 GAO/HR-97-30 High-Risk Program National Weather Service’s Modernization We have also made several recommendations that we feel will strengthen the Weather Service’s ability to acquire the Advanced Weather Interactive Processing System (AWIPS), the linchpin of the NWS modernization. Operating under a $550-million funding cap, the system is expected to be fully deployed in 1999. In 1996, we recommended that NWS ensure that each software version is fully tested and all material defects are corrected before beginning software development associated with the next version. In addition, we recommended that NWS establish a software quality assurance program to increase the probability of delivering promised AWIPS capability on time and within budget. We also recommended that NWS obtain an independent assessment of the cost to develop and deploy AWIPS. Progress to date in these areas has, however, been uneven, and we remain concerned about AWIPS development risks—risks that threaten the system’s ability to be completed on time, within budget, and with the functional capability that AWIPS must be able to provide. Until AWIPS is deployed and functioning properly, NWS will not be able to take full advantage of the nearly $4 billion investment it has made in the other components of the modernization. While we see clear benefits in the National Weather Service modernization—improved forecasts and warnings—we also see risks. These risks can only be reduced through development and enforcement of a systems modernization architecture, careful implementation of planned mitigation techniques in the case of AWIPS, and management commitment to early planning of the modernization program. Page 99 GAO/HR-97-30 High-Risk Program National Weather Service’s Modernization GAO Report Key Recommendation Weather Satellites: Planning for the NOAA should ensure that the National Environmental Satellite, Data, and Information Geostationary Satellite Program Needs More Service (NESDIS) (1) clarifies for activating replacement spacecraft in the event of a Attention, (GAO/AIMD-97-37, March 13, failure of an operational GOES satellite or any of its instruments or subsystems, and (2) 1997). reexamines the agency’s strategy for anticipating possible launch failures and considers scheduling backups for all future failures. NOAA should prepare a formal analysis of the costs and benefits of several alternatives for the timing, funding, and scope of the follow-on GOES program, including the possibility of starting the program as early as fiscal 1998 and the potential need to fund some types of technology development apart from the operational satellite program. This analysis should be provided to the Congress for its use in considering options for the future of the GOES program. Weather Forecasting: Systems Architecture NOAA should direct NWS to develop a systems architecture and this architecture should Needed for National Weather Service include all weather forecasting and warning subsystems and be used as a guide in Modernization, GAO/ current and future subsystems development. AIMD-94-28, March 11, 1994). Page 100 GAO/HR-97-30 High-Risk Program National Weather Service’s Modernization Status NWS Response GAO’s Position Open offici NOAA has not yet officially responded to this recommendation.al criteria Open NOAA has not yet officially responded to this recommendation. Open The NWS modernization systems manager has been GAO will follow-up on NWS efforts to develop a system directed to develop a systems architecture, and a system architecture to guide it in future systems development. architecture document is reportedly in draft. This systems architecture is scheduled to be finalized in 1997. Effectively managing a large modernization program such as the NWS What Needs to Be modernization program requires disciplined investment management Done processes, mature system and software development and acquisition processes, reliable data upon which to base important decisions, and a well-defined architecture, or blueprint, to guide and constrain system development and evolution. Our work in evaluating the modernization has been and continues to be directed at determining how well NWS is meeting these and other important requirements. Page 101 GAO/HR-97-30 High-Risk Program National Weather Service’s Modernization Key Congressional Contacts With Interest in National Weather Service’s Committee Key staff Modernization Issues House Committee on Science, Steve Eule (Majority) Subcommittee on Energy and Environment (202) 225-7504 Dr. William Smith (Minority) (202) 225-7504 Senate Committee on Governmental Affairs, Michael Rubin (Majority) Subcommittee on Oversight of Government (202) 224-3682 Management, Restructuring and the District of Columbia Individual Requestors: Sen. Kay Bailey Hutchison Amy Henderson (202) 224-1443 Sen. Bob Graham Melissa White (202) 224-3041 Sen. Connie Mack C.K. Lee (202) 224-5274 Sen. Thad Cochran Betsy Harkins (202) 224-6408 Rep. E. Clay Shaw George Cox (202) 225-3026 Rep. Phil English Bob Holste (202) 225-5406 We have two ongoing assignments focusing on aspects of NWS Ongoing GAO Work modernization, one on NWS system capabilities and a second on NWS staff reductions. Key Agency Contacts Agency Contact National Oceanic and Atmospheric Dr. James Baker Administration Under Secretary for Oceans and Atmosphere (202) 482-3436 National Weather Service Elbert W. Friday Assistant Administrator (301) 713-0689 Dr. Susan Zevin Deputy Assistant Administrator (301) 713-0711 Page 102 GAO/HR-97-30 High-Risk Program National Weather Service’s Modernization Joel C. Willemssen Key GAO Contacts Director, Information Resources Management (202) 512-6408 L. Nye Stevens Director for Federal Management Issues (202) 512-8676 Weather Service Modernization: Risks Remain that Full Systems Potential Related GAO Products Will Not Be Achieved (GAO/T-AIMD-97-85, Apr. 24, 1997). National Oceanic and Atmospheric Administration: Weather Service Modernization and NOAA Corps Issues (GAO/T-AIMD/GGD-97-63, Mar. 13, 1997). Weather Satellites: Planning for the Geostationary Operational Environmental Satellite Program Needs More Attention (GAO/AIMD-97-37, Mar. 13, 1997). High-Risk Series: Information Management and Technology (GAO/HR-97-9, Feb. 1997). NOAA Satellites (GAO/AIMD-96-141R, Sept. 13, 1996). Weather Forecasting: Recommendations to Address New Weather Processing Development Risks (GAO/AIMD-96-74, May 13, 1996). Weather Forecasting: NWS Has Not Demonstrated that New Processing System Will Improve Mission Effectiveness (GAO/AIMD-96-29, Feb. 29, 1996). Weather Forecasting: New Processing System Faces Uncertainties and Risks (GAO/T-AIMD-96-47, Feb. 29, 1996). Weather Forecasting: Radars Far Superior to Predecessors but Location and Availability Questions Remain (GAO/T-AIMD-96-2, Oct. 17, 1995). Weather Service Modernization Staffing (GAO/AIMD-95-239R, Sept. 26, 1995). Weather Forecasting: Radar Availability Requirements Not Being Met (GAO/AIMD-95-132, May 31, 1995). Page 103 GAO/HR-97-30 High-Risk Program National Weather Service’s Modernization Weather Forecasting: Unmet Needs and Unknown Costs Warrant Reassessment of Observing System Plans (GAO/AIMD-95-81, Apr. 21, 1995). Weather Service Modernization Questions (GAO/AIMD-95-106R, Mar. 10, 1995). Weather Service Modernization: Despite Progress Significant Problems and Risks Remain (GAO/T-AIMD-95-87, Feb. 21, 1995). Meteorological Satellites (GAO/NSIAD-95-87R, Feb. 6, 1995). High-Risk Series: An Overview (GAO/HR-95-1, Feb. 1995). Weather Forecasting: Improvements Needed in Laboratory Software Development Processes (GAO/AIMD-95-24, Dec. 14, 1994). Weather Forecasting: Systems Architecture Needed for National Weather Service Modernization (GAO/AIMD-94-28, Mar. 11, 1994). Weather Forecasting: Important Issues on Automated Weather Processing System Need Resolution (GAO/IMTEC-93-12BR, Jan. 6, 1993). Weather Satellites: Action Needed To Resolve Status of the U.S. Geostationary Satellite Program (GAO/NSIAD-91-252, July 24, 1991). Weather Satellites: Cost Growth and Development Delays Jeopardize U.S. Forecasting Ability (GAO/NSIAD-89-169, June 30, 1989). Page 104 GAO/HR-97-30 High-Risk Program Asset Forfeiture Programs Federal asset forfeiture programs at the U.S. Treasury Department (U.S. Overview Customs Service)1 and Justice Department were part of our original high-risk list in 1990 because the programs—with inventories valued at about $2 billion in 1995—did not adequately focus on managing the items seized. We reported in December 1992 that the existence of major operational problems, related to the management and disposition of seized and forfeited property, had been identified and that corrective actions were being initiated. In our February 1995 high-risk report, we reported that, although much had been accomplished and some management and systems changes had improved program operations, some significant problems with seized property management remained. For example, as identified in our fiscal years 1992 and 1993 financial audits, there were serious weaknesses in Customs’ key internal controls systems that affected Customs’ ability to control, manage, and report results of its seizure efforts. Since our 1995 report, Customs has initiated several actions to address these problems, including continuing to upgrade existing security storage facilities and developing a new seized property inventory system, which Customs anticipates will be implemented in phases. Significant progress is anticipated in fiscal year 1997. In addition, the Treasury Forfeiture Fund’s auditors rendered unqualified opinions on the Fund’s fiscal year 1996 and 1995 financial statements. Our February 1997 high-risk series also addressed the issue of the consolidation of postseizure management and disposition of seized properties. Legislation enacted in 1988 required Justice and Customs to develop a plan to consolidate postseizure administration of certain properties.2 In June 1991, we recommended that Justice and Customs consolidate the postseizure management and disposition of all noncash seized properties. In our February 1995 high-risk report, we reported that, although a small pilot project for consolidation was in effect from October 1992 through September 1993, Justice and Treasury had not made significant progress towards consolidation of property management functions. We have identified millions of dollars in assets, and large amounts of Resources at Risk and illegal drugs, vulnerable to theft and misappropriation and have estimated Potential Savings potential cost savings in the asset forfeiture program. 1 Congress established the Department of the Treasury Forfeiture Fund in October 1992 to supersede the Customs Fund. Customs is responsible for managing property seized by Treasury law enforcement agencies. 2 The Anti-Drug Abuse Act of 1988, P.L. 100-690, 21 U.S.C. 887 (1988). Page 105 GAO/HR-97-30 High-Risk Program Asset Forfeiture Programs Despite significant improvement efforts, weaknesses in key internal controls and systems have affected Customs’ ability to maintain adequate accountability and stewardship over seized property. Specifically, poor physical security at some of Customs’ storage locations, problems with the implementation of Customs’ new seized property tracking system, and system security weaknesses relating to the systems Customs uses to account for seized property and law enforcement operations, have placed millions of dollars in assets and large amounts of illegal drugs at risk. However, the Treasury OIG’s audit of Customs’ fiscal year 1996 financial statements did not indicate any significant loss of seized property. With respect to the consolidation of Justice and Treasury postseizure management and disposition of all noncash seized property, our June 1991 report on the asset forfeiture program estimated that program administration costs could be reduced 11 percent annually if Justice and the U.S. Customs Service consolidated the postseizure management and disposition of such items. We estimated the savings on the basis of fewer positions being needed if both programs were combined into one. We also reported that consolidation would likely result in lower contractor costs due to economies of scale. Independently operating in the same areas may result in higher prices paid for services than under a consolidated program, which may be able to obtain lower vendor prices because of a higher volume of activity. We found this to be true in six locations.3 In November 1994, the Marshals Service4 reported the costs and proceeds associated with the assets in the pilot project conducted during fiscal year 1993. However, the report did not contain a comparison of what costs would have been had the assets not been consolidated. Hence, there was no way to determine the effectiveness of the pilot project. We have made several recommendations relating to improving Customs’ Key Open GAO accountability and stewardship over property seized. Specifically, we have Recommendations recommended that Customs improve the (1) physical security at its and Implementation locations used to store seized property, (2) reliability of the information maintained in its seized property tracking system, and (3) controls over Status access to critical and sensitive data and computer programs maintained in its systems that account for seized property and law enforcement 3 San Diego and Calexico/El Centro, California; Yuma, Arizona; and McAllen, Laredo, and El Paso, Texas. 4 The Marshals Service is responsible for holding and maintaining real and tangible personal property seized by participating agencies within Justice’s asset forfeiture program. Page 106 GAO/HR-97-30 High-Risk Program Asset Forfeiture Programs operations. In addition, we recommended that Justice and Treasury consolidate the management and disposition of all noncash seized properties. In response to our recommendation relating to physical security, in 1994, Customs formed a task force to address security at its seized asset storage facilities. The task force sent out questionnaires to over 260 locations with storage facilities for seized property and physically inspected about 34 locations. It identified numerous locations that needed improved security. Customs stated that, to date, it has built 6 new storage facilities, one as recently as February 1997, in locations that were determined to be the most vulnerable. In addition, funding has been received for the construction of 2 additional storage facilities, one of which is in the process of being constructed. Customs also improved security at 28 other locations by installing various security devices, such as dual access entry into its vaults, motion sensors, door contact alarms, and surveillance cameras. Further, Customs headquarters has issued 5 policy statements designed to direct the improvement of the physical security of seized property during the processing of seizure activities. According to Customs officials, Customs used funds obtained from the Treasury Forfeiture Fund in fiscal year 1995 to procure sufficient security devices to upgrade up to 200 locations. However, this equipment has not yet been placed in operation because no funding for installation has been received since 1995. In addition, a Customs official told us that four storage facilities, which are to be located in remote areas where significant amounts of illegal drugs are routinely seized, are in the pre-construction phase, but funding for construction has not been provided. Regarding the reliability of the information maintained in its seized property tracking system, Customs has undertaken several improvement efforts, including conducting annual nationwide physical inventories of its seized property and implementing additional policies and procedures. According to Treasury Office of Inspector General (Treasury OIG)5 officials, these efforts have resulted in significant improvements in the reliability of the quantities and values recorded in Customs’ seized property records. 5 The Treasury OIG has performed the financial statement audit of Customs, under the Chief Financial Officers Act, for fiscal years 1994, 1995, and 1996. The Customs seizure activities and related controls continue to be reviewed as a part of that audit. Page 107 GAO/HR-97-30 High-Risk Program Asset Forfeiture Programs In addition, according to Customs, it has developed, and is implementing in phases, a new Seized Assets and Case Tracking System (SEACATS). This system, whose initial functions were implemented in November 1996, is intended to be a comprehensive financial management and seized property tracking system for Customs’ fines, penalty, and property seizure activities. SEACATS is expected to provide interfaces to Customs’ Automated Commercial System, the general ledger, the contractor systems, and the law enforcement system, and to include appropriate audit trails for changes to seized property data. However, Customs has experienced significant problems with SEACATS since its initial implementation. In particular, problems with converting data from the old systems to SEACATS have posed great difficulties. Customs anticipates that the implementation problems will be fully corrected no later than the end of fiscal year 1997. In response to our recommendation for improved controls over access to critical and sensitive data and computer programs maintained in Customs’ systems that account for seized property and law enforcement operations, Customs has designed additional security features in SEACATS. Specifically, according to Customs officials, seven systems’ databases were merged to form the SEACATS database, and no changes could be made to the old systems’ databases after SEACATS was implemented. Since November 12, 1996, all “new” seized property has been entered into SEACATS. In addition, Customs officials told us that security profiles have been developed for SEACATS users, and access is given only to those functions needed according to the job responsibility. Further, a user identification and password along with a discretionary access control capability have been established to protect data from unauthorized and inappropriate access. Moreover, with every update to SEACATS, an audit record is created showing who accessed the file, the time, and the terminal used. Despite these significant improvement efforts, weaknesses in computer security controls still exist. Specifically, the Treasury OIG’s fiscal year 1996 review of electronic data processing controls for the computer application system for law enforcement activities showed that this system continued to be vulnerable to unauthorized access. Since the law enforcement system is a source of key data relating to seizure activity recorded in SEACATS, this vulnerability could affect the reliability of information in SEACATS. In addition, a review of electronic data processing controls for SEACATS has not yet been performed by the Treasury OIG. Page 108 GAO/HR-97-30 High-Risk Program Asset Forfeiture Programs Regarding our recommendation that Justice and Treasury consolidate the management and disposition of all noncash seized properties, as of May 7, 1997, representatives of both Justice and Treasury indicated there were no plans for such consolidation. Customs officials have stated that, due to a lack of funding for its Why proposals to improve security at its existing facilities and to construct new Recommendations facilities, they have not been able to complete all of the planned actions to Have Not Been their storage locations. The task force formed to address physical security of seized property submitted budget requests to the Treasury Forfeiture Implemented and Fund in both fiscal years 1996 and 1997; however, its requests were What Remains to Be denied. Customs also requested funding from its Office of Finance. However, no funding was provided for these planned actions. Customs is Done currently in the process of developing a budget request for fiscal year 1998 that it plans to submit to the Treasury Forfeiture Fund. The Treasury Forfeiture Fund allocates money to the various Treasury law enforcement agencies involved in seizure activities on the basis of an assessment of their need and projected receipts of the current year. According to Treasury Forfeiture Fund officials, Customs’ request for funding was denied primarily for two reasons. First, in fiscal year 1996, forfeiture fund receipts were significantly lower than projected, which resulted in decreasing funds for all the Treasury law enforcement agencies. Second, building construction and improvement requests cannot be evaluated without a reasonable plan for all projects, and the amount of information submitted by Customs with its building request was deemed insufficient by the Treasury Forfeiture Fund. Customs officials told us that in November 1996, Customs had provided a seizure vault briefing to Treasury Forfeiture Fund officials citing cost estimates, construction blueprints, detailed vault sizes, and a video of existing vaults. Within the next few months, a conference between Treasury Forfeiture Fund and Customs officials will be held to address the issue involving submission of detailed plans for construction and improvement projects. As previously stated, Customs’ significant problems in the implementation of SEACATS were primarily due to invalid conversion criteria, which created incorrect data in the system. The amount of time it has taken to address these problems is a product of both the significant volume of records involved and ensuring that corrections being made would not cause problems in other areas. Page 109 GAO/HR-97-30 High-Risk Program Asset Forfeiture Programs Because of the critical and sensitive data maintained in Customs’ commercial trade systems and the problems faced with the implementation of SEACATS, Customs placed a priority on first correcting the computer security weaknesses relating to its commercial systems. Customs plans to fully address the computer security issues pertaining to computer programs for the law enforcement system when the problems with SEACATS are more fully corrected, and the remaining issues will be addressed in fiscal year 1998 as part of the TECS6 year 2000 project. Regarding Justice’s and Treasury’s reasons for not implementing our consolidation recommendation, Justice and Treasury explained that property management and disposition have not been consolidated because (1) doing so appears contrary to current policy as established by the Congress, and (2) the savings estimates we used to support our recommendation in 1991 are not valid today. Specifically, officials said that, in 1988, the Congress enacted section 887 of title 21, United States Code, that provided for development and maintenance of a joint plan for postseizure administration of property seized under title 21. From 1988 to 1992, a series of reports and hearings, as well as our field work in 1990, documented serious problems with asset management and disposal by the Customs Service. They noted that by June 1991, when we recommended that postseizure administration of all noncash assets be consolidated under the Marshals Service, the federal asset forfeiture program was more consolidated.7 Justice and Treasury officials stated that, in October 1992, the Congress appeared to reject our recommendation. The officials said that through creation of a separate Treasury Forfeiture Fund, the Congress directed that the Justice and Treasury programs were to be managed and administered separately.8 Officials said that with separate financial, management, and contract structures, consolidation will be more difficult and costly in today’s environment than in 1991. Further, Treasury and Justice officials said that major changes in the program since 1991 include (1) revisions to Treasury’s national seized property contract, (2) lessons learned on how to avoid problems that increase property management and disposal costs for both funds, and 6 TECS is the Treasury Enforcement Communication System. 7 At the time of this recommendation, three Treasury bureaus already participated in the Justice fund. The Marshals Service administered property seized by these bureaus for forfeiture in judicial cases. Pursuant to 19 U.S.C. 1613b, the Customs Service managed the Customs Forfeiture Fund for itself and the Coast Guard. 8 See 31 U.S.C. 9703. As a result, all properties seized by the three Treasury bureaus previously participating in the Justice fund were transferred to and consolidated with the Customs Service’s property management and disposal program. Page 110 GAO/HR-97-30 High-Risk Program Asset Forfeiture Programs (3) increased cooperation between Justice and Treasury. They added that changes mean that further consolidation will not produce significant savings. We continue to believe that consolidation of the asset management and disposition functions is still required despite the passage of the 1992 act. The 1988 statute clearly requires the Attorney General and the Secretary of the Treasury to develop and maintain a joint plan. The statute permits the parties to determine what action should be taken to carry out the statutory mandate. More recently, the House Appropriations Committee stated in its July 19, 1995, report that “the consolidation of asset management and disposition functions of Justice and Treasury could address duplication and provide cost savings to the management and disposal process.” The report added that the Committee expects Justice to review the feasibility of consolidating contract vendors for both the Marshals Service and Treasury agencies.9 We still see areas of possible duplication between the two funds and programs and accordingly believe consolidation has the potential to produce savings. Both agencies seize similar types of property that are generally located in the same geographic areas. However, under the current operating structure, each agency maintains a separate and distinct program for managing and disposing of its property. Justice, through the Marshals Service, contracts directly with multiple vendors for management services. Treasury, through the Customs Service, has a single nationwide contractor that provides custodial services either directly or through subcontracts with other vendors. While we recognize that our estimates of savings resulting from consolidation were based on our 1991 report and that some circumstances may have changed, Justice and Treasury officials have not provided data to support their assertion that consolidation in the current environment would not produce the savings that we estimated in 1991. Accordingly, we continue to believe that Justice and Treasury should aggressively pursue consolidation of their asset management and disposition functions until an analysis shows that consolidation would not be cost effective. 9 Departments of Commerce, Justice, and State, The Judiciary, and Related Agencies Appropriations Bill, Fiscal Year 1996, H.R. Rep. No. 104-196, 104th Cong., 1st Session 20 (1995). Page 111 GAO/HR-97-30 High-Risk Program Asset Forfeiture Programs Congressman Michael Forbes (R-NY) has requested information from the Congressional Department of Justice regarding the consolidation issue. Contacts With Interest in Asset Forfeiture Issues Annual financial statement audits of the U.S. Customs Service’s and Ongoing Audit Work Department of Justice’s financial statements are to be performed by the Treasury OIG and Justice OIG, respectively, pursuant to the Chief Financial Officers Act of 1990, as amended. GAO will be reviewing this work. Key Agency Contacts Agency Contact Department of Justice Janis A. Sposato Deputy Assistant Attorney General Law and Policy (202) 514-3101 Michael Perez Director, Asset Forfeiture Management (202) 616-8000 Department of the Treasury Kenneth Massey Assistant Director, Policy and Operations (202) 622-2573 Jan Blanton Director, Executive Office for Asset Forfeiture (202) 622-9600 Office of the Inspector Michael VanDuesen General Contracting Officer’s Technical Representative for audit of the Treasury Forfeiture Fund Financial Statements (202) 927-5096 Marla Freedman Director, Financial Statement Audits (202) 927-6516 Joseph Lawson Director Office of Information Technology (202) 927-6345 U.S. Customs Service Louis E. Samenfink Director, Seizures and Penalties Division (202) 927-3119 Ellen Mulvenna SEACATS Project Manager (703) 913-4950 Extension 6060 Page 112 GAO/HR-97-30 High-Risk Program Asset Forfeiture Programs Norman J. Rabkin Key GAO Contact Director, Administration of Justice Issues (202) 512-3610 High-Risk Series: Quick Reference Guide (GAO/HR-97-2, Feb. 1997). Related GAO Products Pre-seizure Planning (GAO/GGD-97-19R, Nov. 20, 1996). Asset Forfeiture: Historical Perspective on Asset Forfeiture Issues (GAO/T-GGD-96-40, Mar. 19, 1996). High-Risk Series: Asset Forfeiture Programs (GAO/HR-95-7, Feb. 1995). High-Risk Series: Asset Forfeiture Programs (GAO/HR-93-17, Dec. 6, 1992). Asset Forfeiture: Noncash Property Should Be Consolidated Under the Marshals Service (GAO/GGD-91-97, June 28, 1991). (918906) Page 113 GAO/HR-97-30 High-Risk Program Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and MasterCard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Orders by mail: U.S. General Accounting Office P.O. Box 6015 Gaithersburg, MD 20884-6015 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (301) 258-4066, or TDD (301) 413-0006. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touchtone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send an e-mail message with "info" in the body to: email@example.com or visit GAO’s World Wide Web Home Page at: http://www.gao.gov PRINTED ON RECYCLED PAPER United States Bulk Rate General Accounting Office Postage & Fees Paid Washington, D.C. 20548-0001 GAO Permit No. G100 Official Business Penalty for Private Use $300 Address Correction Requested
High-Risk Program: Information on Selected High-Risk Areas
Published by the Government Accountability Office on 1997-05-16.
Below is a raw (and likely hideous) rendition of the original report. (PDF)