oversight

High-Risk Program: Information on Selected High-Risk Areas

Published by the Government Accountability Office on 1997-05-16.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

               United States General Accounting Office

GAO            Information for House Majority
               Leader Richard Armey and
               Representative Pete Sessions


May 1997
               HIGH-RISK PROGRAM
               Information on
               Selected High-Risk
               Areas




GAO/HR-97-30
      United States
GAO   General Accounting Office
      Washington, D.C. 20548

      Accounting and Information
      Management Division

      B-xxxxxx

      May 16, 1997

      The Honorable Richard Armey
      Majority Leader
      House of Representatives

      The Honorable Pete Sessions
      House of Representatives

      As requested in your April 18, 1997, letter, enclosed is additional information on 12 areas
      included in GAO’s latest update on its High-Risk Program.1 It includes descriptions of key open
      GAO recommendations relevant to each area, the implementation status of those
      recommendations and why they have not been fully implemented, and remaining challenges to
      addressing high-risk problems. With regard to costs, where possible, we have identified the
      federal dollars involved with each program or area, and discuss federal dollars at risk from
      abusive or wasteful practices. In some cases, we have also indicated the estimated savings that
      might be attained or the costs that could be avoided if specific changes were made in these
      areas.

      As agreed with your offices, unless you publicly release this information earlier, we will not
      distribute it until 30 days from the date of this letter.

      To facilitate further GAO assistance, the GAO teams responsible for each of these high-risk areas
      are identified within the enclosed material. If you have any questions or need additional
      information on any of the enclosed material, please contact me on (202) 512-2600, or George
      Stalcup, Associate Director, on (202) 512-9490.




      Gene L. Dodaro
      Assistant Comptroller General
      Enclosures




      1
       High-Risk Series (GAO/HR-97-20SET, Feb. 1997).
Defense Inventory Management


                In 1990, we identified the Department of Defense’s (DOD) secondary
Overview        inventory management as a high-risk area because levels of unneeded
                inventory were too high and systems for determining inventory
                requirements were inadequate. Inventory management problems have
                plagued DOD for decades. Despite numerous efforts on DOD’s part to
                correct these problems, we continue to consider inventory management a
                high-risk area because it is vulnerable to fraud, waste, abuse, and
                mismanagement. We recently reported that, as of September 30, 1995,
                about $34 billion, or about half of DOD’s $69.6 billion secondary inventory,
                was not needed to support war reserve or current operating requirements.
                Most of the problems that contributed to the accumulation of this
                unneeded inventory still exist, such as outdated and inefficient inventory
                management practices that frequently do not meet customer demands,
                inadequate inventory oversight, weak financial accountability, and
                overstated requirements. Because of these problems, we believe that a
                portion of DOD’s annual expenditure of approximately $15 billion for
                additional inventory is likely to be spent for unneeded inventory.

                DOD recognizes that it needs to make substantial improvements to its
                logistics system. While we continue to see pockets of improvement, as
                evidenced by each service’s and the Defense Logistics Agency’s (DLA)
                reengineering efforts, DOD has made little overall progress in correcting
                systemic problems that have traditionally resulted in large unneeded
                inventories. DOD top management needs to continue its commitment to
                changing its inventory management culture so that it provides its forces
                with necessary supplies in a timely manner while avoiding the
                accumulation of unnecessary materials.

                To effectively address its inventory management problems, DOD must
                adopt a strategy that includes both short- and long-term actions.

            •   In the short term, DOD must continue to emphasize the efficient operation
                of its existing logistics systems. This includes reducing and disposing of
                unneeded inventory, implementing efficient and effective inventory
                management practices, training personnel in these practices and
                rewarding the right behavior, improving requirements data accuracy, and
                enforcing existing policies and procedures to minimize the acquisition and
                accumulation of unnecessary inventory.
            •   In the long term, DOD must establish goals, objectives, and milestones for
                changing its culture and adopting new management tools and practices. A
                key part to changing DOD’s management culture will be an aggressive
                approach to using best practices from the private sector. From our



                Page 2                                          GAO/HR-97-30 High-Risk Program
                    Defense Inventory Management




                    discussions with more than 50 private sector companies, we identified
                    best practices which, if applied in an integrated manner, could help
                    streamline DOD’s logistics operations, potentially save billions of dollars,
                    and improve support to the military customer. In our opinion, DOD has
                    not been aggressive enough in pursing these practices. Recent DOD
                    reengineering efforts have not incorporated some of the most advanced
                    practices found in the private sector for reparable parts, and they have
                    been slow to adopt best practices for hardware items.


                    Our work identified opportunities for reducing the cost of operations and
Potential Savings   improving the overall effectiveness and efficiency of DOD support
                    operations. We believe that there are about $2.3 billion in fiscal year 1996
                    expenditures for secondary items that could be avoided. For example,
                    DOD spends about $14 billion a year to purchase secondary inventory
                    items—spare and repair parts, clothing, medical supplies, and other
                    support items—to support its operating forces. At September 30, 1996,
                    DOD had $8.6 billion under contract or on purchase request to buy
                    additional inventory. Of this amount, we estimate that about $1.6 billion of
                    the $8.6 billion exceeded current operating and war reserve requirements.
                    Even using DOD’s definition of needed inventory, which includes an
                    additional 2-years worth of requirements, there would still be about
                    $664 million of the $8.6 billion that would be classified as excess to
                    current operations and war reserves. In a recent report (Defense Logistics:
                    Much of the Inventory Exceeds Current Needs, GAO/NSIAD-97-71, Feb. 28,
                    1997) GAO noted that 145 inventory items had inventory valued at
                    $28.4 million that represented 20 or more years of supply on hand and that
                    had an additional $11.3 million on order. These items included circuit card
                    assemblies, hydraulic pump linear valves, combining glasses, oscillators,
                    and identification markers.

                    In addition, in a September 1996 report (1997 DOD Budget: Potential
                    Reductions to Operation and Maintenance Program, GAO/NSIAD-96-220,
                    Sep. 18, 1996), GAO reported that DOD’s fiscal year 1997 operation and
                    maintenance budget request could be reduced by $723 million because of
                    potential unnecessary inventory purchases. Specifically, GAO noted that
                    (1) a $188 million reduction could be taken because Army budget requests
                    for spare parts were not based on accurate requirements data, (2) a
                    $87 million reduction could be taken because the Navy and the Air Force
                    used inaccurate data to determine requirements, (3) a $60 million
                    reduction could be taken because the Navy counted depot level
                    maintenance requirements for aviation spare parts twice, and (4) a



                    Page 3                                           GAO/HR-97-30 High-Risk Program
Defense Inventory Management




$388 million reduction could be taken because the Air Force did not
consider spare parts that were available for reclamation from aircraft and
engines with no identified future use.

In many cases, potential savings cannot be precisely quantified until DOD
has taken specific action on our recommendations. For example, in the
best practices area, in response to our recommendations, DOD has
adopted best practices to improve the management of personnel items
(medical, food, and clothing supplies), but these initiatives cover less than
3 percent of DOD’s secondary items. Between 1991 and 1995, we issued a
series of reports that identified and recommended ways DOD could apply
best management practices to personnel items. These reports focused on
improved partnerships between suppliers and DOD facilities, principally
through the use of prime vendors. A prime vendor provides timely and
direct delivery between customers and suppliers, and orders additional
stock from manufacturers on short notice, with quick turnaround, to
minimize inventory holding costs. This approach reduces the need to stock
and distribute inventory from DOS’s warehouse system.

Since 1993, DLA has taken steps to use prime vendors for personnel items.
One of DLA’s most successful initiative has been the implementation of a
prime vendor program for medical supplies and pharmaceutical products.
We reported in 1995 that approximately 150 DOD hospitals and medical
treatment facilities were using prime vendors in 21 different geographic
regions across the United States. The use of this program has allowed
DOD to reduce stock levels at both wholesale and retail locations.
Reducing inventory levels has also enabled DOD to reduce the warehouse
space needed to store these items. At one storage depot alone, DLA
reduced the storage space used for medical and pharmaceutical items by
about 40 percent over a 3-year period.

We estimate that between September 1991 and September 1996, DOD
reduced its pharmaceutical, medical, and surgical inventories and
associated management costs by about $714 million through the use of
best practices, such as prime vendors. The majority of savings has resulted
from the issuance of medical supplies to military customers without
having to replace inventories through the purchase of additional stocks.
Similar prime vendor programs are being implemented for food and
clothing items.

The prime vendor program also enables DOD hospitals to reduce
inventory costs. For example, we reported in August 1995 that the Walter



Page 4                                           GAO/HR-97-30 High-Risk Program
                     Defense Inventory Management




                     Reed Army Medical Center, in addition to a $3.8 million reduction in
                     pharmaceutical inventories, saves over $6 million a year in related
                     inventory management expenses by using a prime vendor. In addition, as a
                     result of the elimination of inventories after the prime vendor program
                     was established, Walter Reed was able to convert a former warehouse
                     holding medical supplies into a medical training facility.


                     The key area that we principally focused on in the inventory management
Key Open             area in 1995 and 1996 centered on the implementation of best management
Recommendations      practices adopted in the private sector to solve longstanding inventory
and Implementation   management problems. We have made several key recommendations
                     designed at rectifying these longstanding problems.
Status
                     While DOD has taken steps to improve its logistics practices and reduce
                     inventories, such as through long-term contracting, direct vendor delivery,
                     and electronic commerce, DOD has not made enough progress with its
                     $5.7 billion inventory of hardware items. It still has large amounts of items,
                     such as bolts, valves, and fuses, that cost millions of dollars to manage and
                     store. We estimate that this inventory could satisfy DOD’s requirements
                     for the next 2 years, assuming demands remain constant. In contrast, some
                     private sector companies we visited maintain inventory levels that last
                     only 90 days. These companies have achieved these lean inventory levels
                     and saved millions in operating costs by developing innovative supplier
                     partnerships that give established commercial distribution networks the
                     responsibility to manage, store, and distribute inventory on a frequent,
                     regular basis.

                     Although we recommended in 1993 that DOD pursue innovative
                     partnerships with its suppliers to reduce logistics costs, DOD is only now
                     in the initial stages of testing this type of partnership through its “Virtual
                     Prime Vendor” program for hardware supplies. If successfully
                     implemented, this concept could enable DOD to improve service to its
                     customers and reduce overall logistics costs. In our opinion, this program
                     is close to those efforts we have observed in the private sector and
                     provides DOD with an excellent opportunity to achieve greater inventory
                     reductions by minimizing the need to store inventory at wholesale and
                     retail locations. If DOD were able to achieve similar performance from this
                     effort as those in the private sector, hardware inventories and related
                     management costs could be reduced by billions of dollars and parts
                     needed to complete repairs would be more readily available to the end
                     user.



                     Page 5                                           GAO/HR-97-30 High-Risk Program
    Defense Inventory Management




    In addition to the opportunities to improve the management of hardware
    items, there are even greater opportunities to improve DOD’s management
    of reparable parts. As of September 30, 1995, DOD held more than
    $50 billion worth of these parts, but its efforts to streamline its logistics
    system for them have not included key best practices we have identified.
    Over the past 15 months, we have reported on the various problems with
    the DOD’s pipeline for reparable parts and on the substantial improvement
    opportunities available to DOD. For example:

•   In April 1997, we reported that we examined 24 different types of Army
    aviation parts, and calculated that the Army’s logistics system took an
    average of 525 days to ship broken parts from field units to the depot,
    repair them, and ship the repaired parts to using units. We estimated that
    all but 18 days (97 percent) was the result of unplanned repair delays,
    depot storage, or transportation time. We also calculated the Army uses its
    inventory six times slower than a major airline, British Airways. That
    airline had developed a process to move parts through its repair pipeline
    much faster. For example, one part we examined had an Army repair
    pipeline time of 429 days; in contrast, British Airways was able to
    complete this process in 116 days.
•   In July 1996, we reported that the Navy’s repair process can create as
    many as 16 time-consuming steps as parts move through the depot repair
    pipeline. Component parts can accumulate at each step in the process,
    which increases the total number of parts that are needed to meet
    customer demands and to ensure a continuous flow of parts. By tracking
    parts through each of the 16 steps and using the Navy’s flow time data, we
    estimated that it could take, on average, about 4 months from the time a
    broken part is removed from an aircraft to the time it is ready for reissue.
    Our analysis did not include the amount of time parts were stored in
    warehouses awaiting repair or issue to the customer.
•   In February 1996, we reported that using its current logistics pipeline
    process, the Air Force can spend several months to repair the parts and
    then distribute them to the end user. One part we examined had an
    estimated repair cycle time of 117 days; it took British Airways only 12
    days to repair a similar part. The complexity of the Air Force’s repair and
    distribution process creates as many as 12 different stopping points and
    several layers of inventory as parts move through the process. Parts can
    accumulate at each step in the process, which increases the total number
    of parts in the pipeline.

    In our reports, we stated that DOD’s improvement efforts were not as
    extensive as they could be because they have not incorporated the best



    Page 6                                           GAO/HR-97-30 High-Risk Program
                     Defense Inventory Management




                     practices we have seen in the private sector. These practices are the
                     prompt repair of items, the reorganization of the repair process, the
                     establishment of partnerships with key suppliers, and the use of
                     third-party logistics services. When used in an integrated manner, these
                     best practices have successfully reduced costs and improved logistics
                     operations. We have recommended that DOD test these concepts and
                     expand them to other locations, where feasible.

                     Each service is developing initiatives to improve the management of its
                     logistics pipeline for reparable aircraft parts to make their logistics
                     processes faster, better, and cheaper. Because these programs have only
                     recently begun, they have had limited impact in improving DOD’s overall
                     logistics operations.


                     Most of the problems that contributed to the accumulation of unneeded
Why                  inventory still exist, such as outdated and inefficient inventory
Recommendations      management practices that frequently do not meet customer demands,
Have Not Been        inadequate inventory oversight, weak financial accountability, and
                     overstated requirements. Correcting these problems, as a result of
Implemented and      implementing our recommendations to adopt best practices, generally
What Remains to Be   involves development of long-term strategies. However, the “corporate
                     culture” within DOD has been traditionally resistant to change.
Done                 Organizations often find changes in operations threatening and are
                     unwilling to change current behavior until proposed ideas have been
                     proven. This kind of resistance must be overcome if the services are to
                     expand their concept of operations. DOD’s top management needs to
                     continue its commitment to changing its inventory management culture so
                     that it provides its forces with necessary supplies in a timely manner while
                     avoiding the accumulation of unneeded materials. We believe that the
                     adoption of best practices is key to changing DOD’s inventory
                     management culture.


                     There are several House and Senate committees and subcommittees that
Other Information    have particular interest or ongoing initiatives related to this high-risk area.
                     For example, Senator Carl Levin, both in his current capacity as Ranking
                     Minority Member of the Senate Armed Services Committee and as the
                     former Chairman of the Subcommittee on Oversight of Government
                     Management and the District of Columbia, Senate Governmental Affairs
                     Committee, has requested GAO’s reviews of DOD’s inventory management
                     practices to identify areas where costs can be reduced and problems can



                     Page 7                                            GAO/HR-97-30 High-Risk Program
                                       Defense Inventory Management




                                       be avoided if DOD adopted leading-edge practices that have been applied
                                       successfully by the private sector. The House Budget Committee has also
                                       expressed concern over and requested information on issues surrounding
                                       inventory management.

                                       In addition, we have testified several times this year before congressional
                                       committees on high-risk inventory management issues, including the
                                       Senate Committee on Governmental Affairs and the Subcommittee on
                                       National Security, International Affairs, and Criminal Justice, House
                                       Committee on Government Reform and Oversight.

Congressional Contacts With Interest
in Defense Inventory Management        Committee                      Key Staff
Issues                                 Senate
                                         Armed Services               Cord Sterling, Professional Staff Member (majority)
                                                                      (202) 224-9346

                                                                      Peter Levine, Counsel for Senator Levin
                                                                      (202)224-3871

                                                                      David Lyles, Minority Staff Director
                                                                      (202) 224-3871
                                         Governmental Affairs         William Greenwalt, Chief Investigator
                                                                      (202) 224-4751

                                                                      Linda Gustitus, Subcommittee Minority Staff Director and
                                                                      Chief Counsel
                                                                      (202) 224-4551
                                       House
                                         National Security            Jeff Schwartz, Professional Staff Member
                                                                      (202) 226-1036

                                                                      Craig Hall, Staff Member
                                                                      (202) 225-0892
                                         Budget                       Wayne Struble, Director, Budget Priorities (majority)
                                                                      (202) 226-7270

                                                                      Michael Lofgren, Budget Analyst
                                                                      (202) 226-7270
                                         Government Reform and        Robert Charles, Subcommittee Staff Director/Chief
                                         Oversight                    Counsel
                                                                      (202) 225-2577

                                                                      Jim Wilon, Subcommittee Counsel
                                                                      (202) 225-2577

                                                                      Mark Stephenson, Professional Staff Member (minority)
                                                                      (202) 225-5051




                                       Page 8                                                    GAO/HR-97-30 High-Risk Program
                                            Defense Inventory Management




Executive Branch Contacts With
Interest in Defense Inventory               Agency                           Contact
Management Issues                           Department of Defense            John Phillips
                                                                             Deputy Under Secretary of Defense, Logistics
                                                                             (703) 697-1368

                                                                             Robert Mason
                                                                             Assistant Deputy Under Secretary of Defense, Logistics
                                                                             (Maintenance)
                                                                             (703) 697-7980

                                                                             James Emahiser
                                                                             Assistant Deputy Under Secretary of Defense, Logistics
                                                                             (Materiel and Distribution Management)
                                                                             (703) 697-9238

                                                                             General Johnnie Wilson
                                                                             Commander, U.S. Army Materiel Command
                                                                             (703) 617-9626


Private Sector Contacts With Interest
in Defense Inventory Management
Issues                                      General Vincent Russo (U.S. Army, Ret.)
                                            Defense Logistician
                                            (770) 997-4870
                                            Dr. John Coyle
                                            Professor of Transportation and Logistics
                                            Penn State University
                                            (814) 865-0585
                                            Logistics Management Institute
                                            (202) 651-8070
                                            Council of Logistics Management
                                            (630) 574-0985



                                        •   DOD Suspended Stocks
Ongoing Audit Work                      •   ICP Consolidation under the Defense Logistics Agency
                                        •   DOD’s Property Disposal Process
                                        •   Best Management Practices for Hardware Supplies
                                        •   DOD Parts Destruction
                                        •   Navy’s Inventory Requirements


                                            David R. Warren
Key GAO Contact                             Director, Defense Management Issues
                                            (202) 512-8412




                                            Page 9                                                    GAO/HR-97-30 High-Risk Program
                       Defense Inventory Management




                       Inventory Management: The Army Could Reduce Logistics Costs for
Related GAO Products   Aviation Parts by Adopting Best Practices (GAO/NSIAD-97-82, Apr. 15, 1997).

                       Addressing the Deficit: Budgetary Implications of Selected GAO Work for
                       Fiscal Year 1998 (GAO/OCG-97-2, Mar. 14, 1997).

                       High-Risk Series: Defense Inventory Management (GAO/HR-97-5, Feb. 1997).

                       Defense Logistics: Much of the Inventory Exceeds Current Needs
                       (GAO/NSIAD-97-71, Feb. 28, 1997).

                       Defense Inventory: Spare and Repair Parts Inventory Costs Can Be
                       Reduced (GAO/NSIAD-97-47, Jan. 17, 1997).

                       Logistics Planning: Opportunities for Enhancing DOD’s Logistics Strategic
                       Plan (GAO/NSIAD-97-28, Dec. 18, 1996).

                       1997 DOD Budget: Potential Reductions to Operation and Maintenance
                       Program (GAO/NSIAD-96-220, Sept. 18, 1996).

                       Defense IRM: Critical Risks Facing New Materiel Management Strategy
                       (GAO/AIMD-96-109, Sept. 6, 1996).

                       Navy Financial Management: Improved Management of Operating
                       Materials and Supplies Could Yield Significant Savings (GAO/AIMD-96-94,
                       Aug. 16, 1996).

                       Inventory Management: Adopting Best Practices Could Enhance Navy
                       Efforts to Achieve Efficiencies and Savings (GAO/NSIAD-96-156, July 12, 1996).

                       Defense Logistics: Requirement Determinations for Aviation Spare Parts
                       Need to Be Improved (GAO/NSIAD-96-70, Mar. 19, 1996).

                       Best Management Practices: Reengineering the Air Force’s Logistics
                       System Can Yield Substantial Savings (GAO/NSIAD-96-5, Feb. 21, 1996).

                       Inventory Management: DOD Can Build on Progress in Using Best
                       Practices to Achieve Substantial Savings (GAO/NSIAD-95-142, Aug. 4, 1995).

                       Defense Inventory: Opportunities to Reduce Warehouse Space
                       (GAO/NSIAD-95-64, May 24, 1995).




                       Page 10                                           GAO/HR-97-30 High-Risk Program
Defense Inventory Management




Best Practices Methodology: A New Approach for Improving Government
Operations (GAO/NSIAD-95-154, May 1995).

Defense Business Operations Fund: Management Issues Challenge Fund
Implementation (GAO/NSIAD-95-79, Mar. 1, 1995).

Defense Supply: Inventories Contain Nonessential and Excessive
Insurance Stocks (GAO/NSIAD-95-1, Jan. 20, 1995).

Defense Supply: Acquisition Leadtime Requirements Can Be Significantly
Reduced (GAO/NSIAD-95-2, Dec. 20, 1994).

Reengineering Organizations: Results of a GAO Symposium (GAO/NSIAD-95-34,
Dec. 13, 1994).

Commercial Practices: Opportunities Exist to Enhance DOD’s Sales of
Surplus Aircraft Parts (GAO/NSIAD-94-189, Sept. 23, 1994).

Organizational Culture: Use of Training to Help Change DOD Inventory
Management Culture (GAO/NSIAD-94-193, Aug. 30, 1994).

Partnerships: Customer-Supplier Relationships Can Be Improved Through
Partnering (GAO/NSIAD-94-173, July 19, 1994).

Commercial Practices: DOD Could Reduce Electronics Inventories by
Using Private Sector Techniques (GAO/NSIAD-94-110, June 29, 1994).

Commercial Practices: Leading-Edge Practices Can Help DOD Better
Manage Clothing and Textile Stocks (GAO/NSIAD-94-64, Apr. 13, 1994).

Defense Transportation: Commercial Practices Offer Improvement
Opportunities (GAO/NSIAD-94-26, Nov. 26, 1993).

Defense Inventory: Applying Commercial Purchasing Practices Should
Help Reduce Supply Costs (GAO/NSIAD-93-112, Aug. 6, 1993).

Commercial Practices: DOD Could Save Millions by Reducing
Maintenance and Repair Inventories (GAO/NSIAD-93-155, June 7, 1993).

DOD Food Inventory: Using Private Sector Practices Can Reduce Costs
and Eliminate Problems (GAO/NSIAD-93-110, June 4, 1993).




Page 11                                         GAO/HR-97-30 High-Risk Program
Defense Inventory Management




Organizational Culture: Techniques Companies Use to Perpetuate or
Change Beliefs and Values (GAO/NSIAD-92-105, Feb. 27, 1992).

DOD Medical Inventory: Reductions Can Be Made Through the Use of
Commercial Practices (GAO/NSIAD-92-58, Dec. 5, 1991).

Commercial Practices: Opportunities Exist To Reduce Aircraft Engine
Support Costs (GAO/NSIAD-91-240, June 28, 1991).




Page 12                                      GAO/HR-97-30 High-Risk Program
Medicare


           Medicare provides health insurance for nearly all elderly Americans age 65
Overview   and older and many of the nation’s disabled. One of the largest entitlement
           programs in the federal budget, Medicare spent nearly $200 billion in fiscal
           year 1996, and its costs are expected to increase more than 8 percent
           annually for the next 5 years. Before the end of that period, however, the
           trust fund that finances hospital, nursing home, and home health care is
           expected to be insolvent. While the Congress and the President have
           introduced changes to control Medicare costs, they are concerned that
           significant amounts of these costs are lost to fraudulent and wasteful
           claims.

           In addition to being costly, Medicare is complex. Providing health care
           coverage to about 38 million people, Medicare pays nearly a million
           providers who submit about 800 million individual claims each year. Most
           Medicare services are provided through the fee-for-service sector, where
           any qualified provider can bill the program for each covered service
           rendered. In recent years, increasing numbers of Medicare beneficiaries
           have enrolled in health maintenance organizations (HMO), a type of
           managed care, to receive covered services. Nearly 90 percent of Medicare
           beneficiaries, however, remain under fee-for-service care. Each of these
           delivery systems has its unique set of problems.

           In 1992 and again in 1995, GAO reported that the Medicare program was
           highly vulnerable to waste, fraud, abuse, and mismanagement. Since 1992,
           the Health Care Financing Administration (HCFA), the Department of
           Health and Human Services’ (HHS) agency responsible for running the
           Medicare program, has made some regulatory and administrative changes
           aimed at curbing fraudulent and unnecessary payments. However, in
           recent years, sizable cuts in the budget for program safeguards, where
           most of the funding for the fight against abusive billing is centered, have
           diminished efforts to thwart improper billing practices.

           Problems in funding program safeguards and HCFA’s limited oversight of
           its contractors continue to contribute to fee-for-service program losses.
           While HCFA expects a major computer system acquisition project to
           reduce certain weaknesses, the project itself has several risks that may
           keep HCFA from attaining its goals. On the managed care side, Medicare
           payment rates to HMOs are excessive and HCFA oversight is weak. These
           flaws leave beneficiaries without information essential to guide their HMO
           selection and without assurance that HMOs are screened adequately and
           disciplined for unacceptable care.




           Page 13                                         GAO/HR-97-30 High-Risk Program
Medicare




Since GAO issued its 1995 high-risk report, the government has made
important strides in efforts to protect Medicare from exploitation. Recent
legislation—the Health Insurance Portability and Accountability Act of
1996 (P.L. 104-191), popularly known as the Kassebaum-Kennedy
Act—provides assured funding for program safeguards, although per-claim
expenditures will remain below the level of 1989 after adjusting for
inflation. Nevertheless, we expect that the funding, if properly applied, can
significantly improve anti-fraud and anti-abuse efforts. In addition, HCFA
anticipates that it will gain enhanced oversight capacity and reduced
administrative costs when the new claims processing system—the
Medicare Transaction System (MTS), now progressing through its design
phase—is fully implemented, which HCFA expects to occur after the year
2000. Further, the HHS Inspector General and other federal and state
agencies banded together to fight fraud in five states in an effort called
Operation Restore Trust. After the first year of operation, the effort
yielded more than $40 million in payment recoveries for claims that were
not allowed under Medicare rules, as well as convictions for fraud,
impositions of civil monetary penalties, and the exclusion of providers
from the program. Methods used in this program will be applied to detect
fraud and abuse in other locations in the future.

Progress is also being made in addressing program management issues.
For example, the Health Insurance Portability and Accountability Act
gives additional flexibility to HCFA to contract with firms specializing in
utilization review and makes the penalties for Medicare fraud more severe.
In addition, HCFA is improving its credentialing process for Medicare
providers and is currently evaluating commercially available software for
its potential to screen out some types of inappropriate claims. Finally, the
new Health Insurance Portability legislation and several planned
consumer information efforts offer the potential for improved HCFA
oversight of HMOs.

Many of Medicare’s vulnerabilities are inherent in its size and mission,
making the government’s second largest social program a perpetually
attractive target for exploitation. That wrongdoers continue to find ways
to dodge safeguards illustrates the dynamic nature of fraud and abuse and
the need for constant vigilance and increasingly sophisticated ways to
protect the system. Judicious changes in Medicare’s day-to-day operations
entailing HCFA’s improved oversight and leadership, its appropriate
application of new anti-fraud-and-abuse funds, and the mitigation of MTS
acquisition risks, are necessary ingredients to reduce substantial future
losses. Moreover, as Medicare’s managed care enrollment grows, HCFA



Page 14                                          GAO/HR-97-30 High-Risk Program
                         Medicare




                         must ensure that payments to HMOs better reflect the cost of beneficiaries’
                         care, that beneficiaries receive information about HMOs sufficient to make
                         informed choices, and that the agency’s expanded authority to enforce
                         HMO compliance with federal standards is used. To adequately safeguard
                         the Medicare program, HCFA needs to meet these important challenges
                         promptly.


                         No one can claim with precision how much Medicare loses each year, but
Potential Savings        our work suggests that by reducing unnecessary or inappropriate
                         payments, the federal government can realize large savings and help
                         dampen the growth in Medicare costs. The hidden nature of improper
                         billing and health care crimes precludes a rigorously quantified estimate of
                         expenditures attributable to fraud and abuse. Estimates of the costs of
                         fraud and abuse ranging from 3 to 10 percent have been cited for health
                         expenditures nationwide, so applying this range to Medicare suggests that
                         such losses in fiscal year 1996 could have been from $6 billion to as much
                         as $20 billion.


                         Special Payments to Teaching Hospitals (GAO/HRD-89-33)1
Key Open
Recommendations          Because Medicare’s extra payments to teaching hospitals are too high, our
and Implementation       work has shown that the Congress can save about $1 billion annually by
                         reducing the percentage of add-on payments that teaching hospitals
Status                   receive. Since the GAO report was issued, the Congressional Budget Office
                         and the Prospective Payment Review Commission also found that the
                         percentage was too high. Their analyses of recent data continue to show a
                         reduction is warranted. Decreasing the indirect medical education adjuster
                         has been under consideration in the Medicare savings debate.


Excessive Payments for   Provider costs and Medicare reimbursements for medical procedures
Costly Technologies      involving new technologies, such as magnetic resonance imaging (MRI)
(GAO/HRD-92-59)          are often high in order to offset initial expenditures for equipment and low
                         rates of usage. We reported, however, that HCFA does not make timely
                         adjustments to the Medicare reimbursement rates as new medical
                         technologies mature and unit costs decline. Therefore, we recommended
                         that HCFA (1) survey facility costs and revise the Medicare fee schedule to
                         more accurately reflect the costs that are incurred and (2) periodically

                         1
                          This issue was also discussed in GAO’s report Addressing the Deficit: Budgetary Implications of
                         Selected GAO Work for Fiscal Year 1998 (GAO/OCG-97-2, Mar. 14, 1997).



                         Page 15                                                           GAO/HR-97-30 High-Risk Program
                           Medicare




                           review and adjust the Medicare reimbursements for procedures using
                           high-cost technologies.

                           To help bring Medicare payment rates more in line with actual costs, the
                           Congress has enacted several mandates to reduce rates for specific
                           procedures and services—including payments for MRI scans. In addition,
                           HCFA has several rate-reduction projects planned or underway. None of
                           these projects, however, targets new and expensive technologies. We
                           continue to believe that significant program savings would result from an
                           ongoing, systematic process for evaluating the reasonableness of Medicare
                           payment rates for maturing medical technologies.


Rapid Spending Growth in   Since 1990, Medicare outlays for home health care services—provided to
Home Health Care           beneficiaries who are home-bound and need skilled care—have grown at
(GAO/HEHS-96-16)           an average rate of over 30 percent a year. We reported that the increase in
                           home health outlays is largely due to increased usage that has
                           accompanied deterioration in program controls. Funding for review of
                           claims had declined by over one- third. In addition, a court struck down
                           HCFA’s interpretation of benefit coverage requirements; this court ruling
                           in effect widened Medicare coverage of home health. Consequently, we
                           suggested that the Congress may wish to consider clarifying the scope of
                           the benefit and providing extra resources to strengthen controls against
                           abuse of the home health benefit. At issue is whether the benefit should
                           continue to be more of a long-term care benefit or whether it should be
                           limited primarily to post-acute care.

                           The HCFA Administrator and the Congress have made a number of
                           proposals designed to gain better control of the Medicare home health
                           benefit. These proposals are under active Congressional consideration.
                           The Health Insurance Portability and Accountability Act of 1996 provides
                           assured funding for Medicare program integrity activities beginning in
                           fiscal year 1997. If appropriate funding is allocated to home health care
                           oversight from newly available funds, the intent of the recommendation
                           will be met.

                           Further, the administration has proposed moving to a Prospective
                           Payment System (PPS) to help control cost growth in home health
                           benefits. While the proposal has appeal, what remains unclear about PPS
                           is whether an appropriate unit of service can be defined for calculating
                           prospective payments and whether HCFA’s databases are adequate for
                           establishing reasonable rates.



                           Page 16                                         GAO/HR-97-30 High-Risk Program
                             Medicare




Referrals to Imaging         In 1993, we reported that physicians with a financial interest in imaging
Facilities (GAO/HEHS-95-2)   facilities referred their Medicare patients for more imaging services than
                             physicians without such investments. As part of the Omnibus Budget
                             Reconciliation Act of 1993 (OBRA), the Congress included provisions to
                             restrict physicians from referring their patients to facilities in which the
                             physician has a financial stake. In 1995, we recommended that HCFA
                             develop the procedures needed for Medicare claims processing
                             contractors to monitor these referrals. Although OBRA restrictions were
                             effective as of January 1, 1995, HCFA has not issued final regulations and
                             guidance needed to assure compliance with OBRA.


Medicare Reimbursement       Nursing home residents receive therapy services (e.g., physical therapy)
for Therapy in Nursing       from various providers. We reported that Medicare is vulnerable to
Homes (GAO/HEHS-95-23)       overcharges from unscrupulous providers, due in part to its flawed
                             reimbursement methods, and in part to its inadequate screening of
                             providers. Consequently, we recommended that HCFA set explicit limits to
                             ensure that Medicare pays no more for therapy services than would any
                             prudent purchaser. Furthermore, we recommended that Medicare
                             certification requirements be strengthened so that those entities billing
                             Medicare would be more accountable for the services they provide to
                             beneficiaries.

                             HCFA has proposed revised salary equivalency guidelines for contracted
                             physical therapy and respiratory services, speech language pathology, and
                             occupational therapy services. However, even with these guidelines, the
                             Medicare-established limits will not apply if a therapy company bills
                             Medicare directly. HCFA is also exploring ways to strengthen controls
                             over these types of services in skilled nursing facilities (SNF). The
                             Administrator has proposed and we have supported requiring that virtually
                             all services furnished to SNF residents be billed by the SNF itself. This
                             would facilitate a SNF prospective payment system, limit the possibility of
                             double billing, and help to control overutilization of part B services billed
                             by outside suppliers.


Excessive Payments for       Medicare reimburses providers of certain medical items and supplies
Medical Supplies             according to fee schedules that do not reflect substantially lower market
(GAO-HEHS-95-171)            prices. For example, Medicare pays $2.32 for a pad of gauze that is
                             available at the wholesale level for 19 cents. Excessive fees invite
                             submission of abusive claims by unscrupulous providers. Coupled with
                             inadequate review of such claims, these above-market fees and payment



                             Page 17                                          GAO/HR-97-30 High-Risk Program
                            Medicare




                            rates lead to Medicare and taxpayers losing hundreds of millions of
                            dollars.

                            Current law imposes cumbersome administrative requirements that HCFA
                            must follow when adjusting payment rates. In one situation where HCFA
                            made such an adjustment, it took 3 years. In addition, for some items,
                            HCFA lacks the authority to adjust payment rates. We recommended that
                            the Congress give HHS the authority to adjust fee schedules promptly
                            when overpriced services and supplies are identified. HHS has submitted
                            legislative proposals to the Congress on several occasions since 1987 that
                            would provide HCFA and the carriers the authority to adjust or limit
                            fee-schedule amounts.


Screening Medicare Claims   Medicare is only supposed to reimburse providers for services that are
(GAO-HEHS-96-49)            medically necessary. We reported that the several dozen Medicare claims
                            processors often use different automated screens to distinguish necessary
                            from unnecessary services, based on criteria developed locally. We also
                            reported that these screens do not target medical procedures that are
                            overused nationwide. (Up to several hundred million dollars per year are
                            at stake.) Consequently, we recommended that HCFA act as a
                            clearinghouse—gathering information on both local medical policies and
                            screens for procedures that are widely overused, and disseminating the
                            information to all the claims processors. We also recommended that HCFA
                            hold the claims processors accountable for implementing local medical
                            policies and screens for procedures that are overused nationwide.

                            As of May 22, 1996, HCFA reported that it had completed work on some
                            model medical policies and was working on others. However, concerning
                            the collection, analysis, and dissemination of information on effective
                            prepayment screens, HCFA stated that the implementation of the planned
                            Medicare Transaction System is needed to develop a fully comprehensive
                            database of screens that can be analyzed and shared with all carriers. Full
                            implementation of the system is not scheduled until after the year 2000.

                            HCFA is exploring ways to identify widespread overutilization by
                            analyzing trends and national patterns. Until HCFA systematically
                            identifies widespread overutilization, it cannot hold its contractors
                            accountable for correcting overutilization that is national in scope.




                            Page 18                                          GAO/HR-97-30 High-Risk Program
                            Medicare




Medicare Payment Rates to   Most Medicare beneficiaries who join a HMO belong to a “risk contract”
Risk Contract HMOs          HMO, which provides them with all covered services in exchange for a flat

(GAO/HEHS-96-21,            fee, paid by Medicare. We have reported that Medicare generally overpays
                            these risk HMOs because its payment methods do not correct enough for
GAO/T-HEHS-97-78,           risk HMOs enrollees’ tendency to be healthier and less costly than the
GAO/HEHS-97-16)             average beneficiary. With risk HMO enrollment at more than 11 percent of
                            beneficiaries and growing rapidly, these excess payments become
                            substantial. Given the problem’s heightened urgency, we suggested that
                            the Congress might wish to give HHS the authority to reduce Medicare HMO
                            payment rates in areas where market data indicate that these rates are too
                            high.

                            In addition, we recently recommended that the Secretary of HHS should
                            direct HCFA to correct the inflated cost average underlying Medicare’s
                            HMO payment rates. We estimate this change would save several hundred
                            million dollars annually.


Medicare HMO Oversight      Beneficiaries’ confidence in Medicare managed care depends significantly
(GAO/HEHS-95-155,           on the effectiveness of HCFA oversight. Although HCFA has instituted
GAO/HEHS-97-23,             several promising improvements, its monitoring and enforcement of
                            performance standards for Medicare HMOs still falls short; quality
GAO/T-HEHS-97-109)          assurance reviews are not comprehensive, enforcement actions are too
                            often weak, and the appeals process for beneficiaries is slow. We
                            recommended that HHS develop more consumer-oriented oversight of the
                            Medicare HMO program, including (a) routinely publishing comparative
                            data on HMOs’ performance and on known deficiencies and (b) assigning
                            sufficient, trained staff to monitor and verify the effectiveness of HMOs’
                            quality assurance practices.


Payments to Rural Health    The Rural Health Clinics (RHC) program was established in 1977 to
Clinics (GAO/HEHS-97-24,    provide reimbursement to health clinics in underserved rural
GAO/OCG-97-2)               communities. Today, the federal government continues to reimburse RHC
                            providers through the Medicare and Medicaid programs on the basis of
                            their actual costs of providing care, while most other providers receive
                            lower payments limited by set fee schedules. RHCs continue to receive
                            cost-based reimbursement out of recognition that a fee schedule approach
                            does not help ensure financial viability of low volume rural health care
                            providers. Since 1989, the number of RHCs has grown by over 30 percent a
                            year to nearly 3,000, with total payments to them expected to be over
                            $1 billion annually by the year 2000.



                            Page 19                                        GAO/HR-97-30 High-Risk Program
                          Medicare




                          We found that contrary to its purpose, the RHC program is generally not
                          focused on serving populations that have difficultly obtaining primary care
                          in isolated rural areas. Rather, our work suggests that the additional
                          funding provided to RHCs each year increasingly benefits well-staffed,
                          financially viable clinics in populated areas that already have extensive
                          health care delivery systems in place. We recommended that the Congress
                          eliminate cost-based reimbursement to RHCs unless they are located in
                          areas with no other Medicare and Medicaid providers or can demonstrate
                          that existing providers will not accept new Medicare and Medicaid
                          patients and that the funding would be used to expand access to them.
                          Assuming such improvements in the targeting of payments, the
                          Congressional Budget Office estimated that the Medicare savings would be
                          $200 million between 1998 and 2002 (the Medicaid savings would be
                          $140 million).


Medicare Incentive        The Medicare Incentive Payment (MIP) program was established in 1987
Payments in Health Care   amid concerns that low Medicare reimbursement rates for primary care
Shortage Areas            services caused access problems for Medicare beneficiaries in
                          underserved areas. To encourage physicians to locate and serve Medicare
(GAO/HEHS-95-200,         beneficiaries in such areas, physicians receive an additional 10-percent
GAO/OCG-97-2)             payment from Medicare for the services they deliver in urban and rural
                          Health Professional Shortage Areas designated by HHS. In 1995, a
                          representative of HCFA stated that this program provided about
                          $107 million in bonuses to physicians, an amount 16 percent higher than
                          the previous year.

                          Our work leads us to question the appropriateness of the program. Recent
                          surveys of the Medicare population show that neither provider shortages
                          nor low reimbursement rates were causing wide spread access problems.
                          Also, we found that at least one-third of these designations are outdated or
                          erroneous and that evidence suggests that the MIP program did not play a
                          significant role in physician decisions to practice in underserved areas
                          because the payment is too low. The Congressional Budget Office
                          estimated that elimination of the program would save $380 million
                          between 1998 and 2002.




                          Page 20                                         GAO/HR-97-30 High-Risk Program
                     Medicare




                     As can be seen from the discussion of the individual key
Why                  recommendations, the government has made some progress in protecting
Recommendations      the Medicare program from exploitation. One of the long-standing
Have Not Been        problems facing HCFA has been its lack of resources needed to implement
                     many of our recommendations. The recent passage of the Health
Implemented and      Insurance Portability and Accountability Act, however, should help HCFA
What Remains to Be   in this regard by providing HCFA an opportunity both to stabilize its
                     scrutiny of Medicare claims and more effectively regulate risk contract
Done                 HMOs. Adequate funding of the anti-fraud and anti-abuse activities coupled
                     with strong HCFA oversight of its fee-for-service and managed care
                     contracts constitute the foundation for managing a program that is always
                     likely to be a target for exploitation.

                     Another recurring difficulty has been the length of time it takes to
                     implement regulatory changes in those situations where HCFA has agreed
                     with our recommendations. The process is complicated and takes several
                     years to complete. Additionally, the Congress has not acted on our
                     recommendations in some cases.

                     A successful implementation of the Medicare Transaction System could
                     help address various Medicare problems, including providing better
                     controls over fraud and abuse. However, HCFA needs to mitigate the risks
                     associated with the acquisition of this system. Today, we are releasing our
                     report, Medicare Transaction System: Success Depends Upon Correcting
                     Critical Management and Technical Weaknesses (GAO/AIMD-97-78, May 16,
                     1997), which includes numerous recommendations to address these risks.
                     Both OMB and HHS have agreed with these recommendations and said
                     that they will take action to address them. As HCFA faces this challenge as
                     well as those presented by the growing and complex Medicare program, it
                     needs to make additional technological improvements, such as greater use
                     of commercial software to identify areas vulnerable to billing abuses.
                     Further, it must apply continued vigilance over day-to-day operations and
                     exhibit strong leadership to effectively manage the program, thereby
                     controlling the risks to both the taxpayers and beneficiaries.




                     Page 21                                         GAO/HR-97-30 High-Risk Program
                                       Medicare




Congressional Contacts With Interest
in Medicare Issues                     Committee/
                                       Subcommittee               Key Staff                        Area of Interest
                                       Senate

                                       Governmental Affairs       Majority: Farnham                -Medicare fraud and abuse
                                       (202) 224-4751
                                                                  Minority: McFarland              -HCFA efforts on
                                                                                                   Government Performance
                                                                                                   and Results Act

                                       Finance                    Majority Staff Director: Paull -Medicaid programs’
                                       (202) 224-4515                                            impact on Medicare
                                                                  Majority Staff: James,         expenditures
                                                                  Bonmartini, Smith, Vachon
                                                                                                 -Medicare pricing issues
                                                                  Minority Staff: Podoff
                                                                                                 -Medicare fraud and abuse

                                                                                                   -Payment policies for
                                                                                                   Medicare HMOs

                                       Appropriations             Majority Staff: Sourwine         -Medicare fraud and abuse
                                       (202) 224-3471                                              costs
                                                                  Minority Staff: Reinecke         -Medicare Transaction
                                       Labor, Health, and Human                                    System
                                       Services and Education
                                       (202) 224-7230

                                       Labor and Human            Majority Staff: Harrington,      -Implementation of Health
                                       Resources                  Guice                            Insurance Portability and
                                       (202) 224-5375                                              Accountability Act
                                                                  Minority Staff: Ewers

                                         Aging                    Majority Staff: Spaulding        -Medicare HMO payment
                                         (202) 224-0136                                            issues
                                       Special Committee          Majority Staff Director:         -Medicare fraud and abuse
                                       on Aging                   Totman
                                       (202) 224-5364                                              -Medicare home health
                                                                  Majority Staff: Jones
                                                                                                   -Consumer information on
                                                                  Minority Staff Director:         Medicare HMOs
                                                                  Lesley
                                                                                                   -Medicare and Medicaid
                                                                  Minority Staff: Cohen            dual eligibles

                                                                                                   -Disenrollments from
                                                                                                   Medicare HMOs

                                                                                                   -Geographic differences in
                                                                                                   Medicare HMO premiums
                                                                                                   and benefits
                                                                                                                      (continued)


                                       Page 22                                                  GAO/HR-97-30 High-Risk Program
Medicare




Committee/
Subcommittee                   Key Staff                      Area of Interest
House
Budget                         Majority Staff:                -Medicare financing and
(202) 226-7270 Cantwell
savings
Commerce                       Majority Staff: Cohen, Berger -Medicare managed care
(202) 225-2927 Staff: Nelson                                 payment issues
issues                         Minority Staff Director:
                               Stuntz                        -Medicare fraud and abuse

                               Minority                       -Medicare management

                                                              -Medicare pricing
Education and the              Majority Staff: Mueller        -Effects of Health Insurance
Workforce                                                     Portability and
(202) 225-4527                 Minority Staff: Bruns          Accountability Act

Employer-Employee Relations
(202)225-4527
Government Reform and
Oversight
(202) 225-5074

  Human Resources              Majority Staff: Halloran,      -Medicare fraud and abuse
  (202) 225-2548               Sayer
                                                              -Medicare management
                               Minority Staff: Stroman
                                                              -Medicare Transaction
                                                              System

                                                              -HCFA efforts on
                                                              Government Performance
                                                              and Results Act
                                                                                 (continued)




Page 23                                                    GAO/HR-97-30 High-Risk Program
                         Medicare




                         Committee/
                         Subcommittee              Key Staff                     Area of Interest
                         Ways and Means
                         (202) 225-3625
                           Health                  Majority Staff Director: Kahn •Medicare managed care
                           (202) 225-3943                                        payment issues
                                                   Majority Staff: Lynch, Rosen
                                                                                 •Home health and skilled
                                                   Minority Staff Director:      nursing facility cost growth
                                                   Vaughn
                                                                                 •Medicare pricing

                                                                                 •Solvency of Medicare part
                                                                                 A trust fund

                                                                                 •End-stage renal disease
                                                                                 claims and payments

                                                                                 •Prospective payment
                                                                                 systems for post acute care

                                                                                 •Age threshold for
                                                                                 Medicare eligibility


                         The following ongoing jobs are related to the Medicare High-Risk issue:
Ongoing Audit Work
                     •   Medicare HMO Post-Acute Care
                     •   Medicare Certification of Home Health Agencies
                     •   Review of Durable Medical Equipment Medical Policies
                     •   Medicare HMOs: Patterns of Beneficiary Disenrollment and Indicators of
                         Problem Plans
                     •   Review of Modern Management Practices That Can be Implemented in
                         Medicare to Achieve Savings and Improve Operations
                     •   Review of the Health Insurance Portability and Accountability Act’s
                         Medicare Fraud Reduction Measures
                     •   Cost-Effectiveness of Medicare Prepayment Screens
                     •   Review of Home Health Benefits Under the Medicare Program
                     •   Medicare Payments for Durable Medical Equipment
                     •   Review of Medicare Payments to HMOs for Institutionalized Beneficiaries
                     •   Implications of Including For-Profit Home Health Utilization Rates in
                         Developing a Prospective Payment System
                     •   Review of Lab Service Utilization Rates for Medicare End-Stage Renal
                         Disease Patients
                     •   Review of Medicare Payments for Oxygen Equipment and Supplies
                     •   Variation in Medicare Direct Graduate Medical Education Payments
                     •   Information on HCFA’s Reorganization



                         Page 24                                             GAO/HR-97-30 High-Risk Program
                       Medicare




                       GAO is also working closely with the HHS Inspector General on the annual
                       audit of the Department’s financial statements pursuant to the Chief
                       Financial Officers Act of 1990, as amended, and will continue to monitor
                       efforts by HCFA to implement the Medicare Transaction System.



                       William J. Scanlon
Key GAO Contacts       Director, Health Financing and Systems Issues
                       (202) 512-7114

                       Bernice Steinhardt
                       Director, Health Services, Quality and Public Health Issues
                       (202) 512-7119

                       Joel Willemssen
                       Director, Information Resources Management Issues
                       (202) 512-6253

                       Bob Dacey
                       Director, Consolidated Audits and Computer Security Issues
                       (202) 512-3317

                       Gloria Jarmon
                       Director, Civil Audits - Health, Education, and Human Services Issues
                       (202) 512-4476


                       Medicare Transaction System: Success Depends Upon Correcting Critical
Related GAO Products   Management and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997).

                       Nursing Homes: Too Early to Assess New Efforts to Control Fraud and
                       Abuse (GAO/ T-HEHS-97-114, Apr. 16, 1997).

                       Medicare Managed Care: HCFA Missing Opportunities to Provide
                       Consumer Information (GAO/T-HEHS-97-109, Apr. 10, 1997).

                       Medicare Post-Acute Care: Cost Growth and Proposals to Manage It
                       Through Prospective Payment and Other Controls (GAO/T-HEHS-97-106, Apr. 9,
                       1997).




                       Page 25                                         GAO/HR-97-30 High-Risk Program
Medicare




Addressing the Deficit: Budgetary Implications of Selected GAO Work for
Fiscal Year 1998 (GAO/OCG-97-2, Mar. 14, 1997).

Medicare Post-Acute Care: Home Health and Skilled Nursing Facility Cost
Growth and Proposals for Prospective Payment (GAO/T-HEHS-97-90, Mar. 4,
1997).

Medicare: Inherent Program Risks and Management Challenges Require
Continued Federal Attention (GAO/T-HEHS-97-89, Mar. 4, 1997).

Medicare HMOs: HCFA Could Promptly Reduce Excess Payments by
Improving Accuracy of County Payment Rates (GAO/T-HEHS-97-78, Feb. 25,
1997).

Medicare: HCFA Should Release Data to Aid Consumers, Prompt Better
HMO Performance (GAO/HEHS-97-23, Oct. 22, 1996).


Medicare: Early Resolution of Overcharges for Therapy in Nursing Homes
is Unlikely (GAO/HEHS-96-145, Aug. 16, 1996).

Medicare: Private Payer Strategies Suggest Options to Reduce Rapid
Spending Growth (GAO/T-HEHS-96-138, Apr. 30, 1996).

Medicare: Home Health Utilization Expands While Program Controls
Deteriorate (GAO/ HEHS-96-16, Mar. 27, 1996).

Medicare: Millions Can Be Saved by Screening Claims for Overused
Services (GAO/ HEHS-96-49, Jan. 30, 1996).

Fraud and Abuse: Providers Target Medicare Patients in Nursing Facilities
(GAO/HEHS-96-18, Jan. 24, 1996).

Medicare Managed Care: Growing Enrollment Adds Urgency to Fixing HMO
Payment Problem (GAO/HEHS-96-21, Nov. 8, 1995).

Fraud and Abuse: Medicare Continues to Be Vulnerable to Exploitation by
Unscrupulous Providers (GAO/T-HEHS-96-7, Nov. 2, 1995).




Page 26                                        GAO/HR-97-30 High-Risk Program
Supplemental Security Income


                                Since its inception in 1974, the Supplemental Security Income (SSI)
Overview                        program has grown significantly. About 6.6 million recipients now receive
                                roughly $22 billion in federal benefits. To date, our work has shown that
                                several longstanding problems have affected Social Security
                                Administration’s (SSA) ability to protect taxpayer dollars from being
                                overpaid to recipients and to manage the SSI program. These problems
                                generally involve SSA’s failure to adequately (1) verify recipient’s initial
                                and continuing financial eligibility, (2) minimize and collect SSI
                                overpayment, (3) address program fraud and abuse, (4) determine whether
                                SSI recipients remain disabled, and (5) help SSI recipients enter the
                                workforce and ultimately leave the program. These deficiencies have
                                affected program size and integrity and contributed to significant annual
                                increases in overpayment to recipients. During 1996, SSA had more than
                                $2.3 billion in overpayments that were owed to the agency, including
                                $895 million in newly detected overpayment during the year. Rapid
                                program growth, combined with the program’s demonstrated vulnerability
                                to fraud, abuse, and overpayments were primary factors in our decision to
                                add the SSI program to our list of high-risk areas in 1997.

                                In the following section, we have identified prior GAO work in which
                                recommendations for addressing SSI program problems have not yet been
                                fully addressed by SSA. We have arranged the reports in line with the five
                                problem areas listed above (some reports apply to more than one area).
                                For each recommendation, we discuss potential savings and provide the
                                current status of actions taken by SSA.



Report Findings and
Recommendations

Problem Area 1:                 GAO Report: Supplemental Security Income: SSA Efforts Fall Short in
Inadequate Attention to         Correcting Erroneous Payments to Prisoners (GAO/HEHS-96-152, Aug. 30,
Verifying Recipient’s Initial   1996).
and Continuing Financial        SSI provides cash payments to indigent aged, blind, or disabled individuals
Eligibility                     to meet basic needs—food, clothing, shelter. Prisoners are ineligible for SSI
                                because prisons and jails meet those basic needs. Despite procedures to
                                identify SSI recipients in county and local jails, SSA has paid millions of
                                benefit dollars to incarcerated individuals. During our review, SSA
                                initiated a program to better identify current prisoners receiving SSI



                                Page 27                                          GAO/HR-97-30 High-Risk Program
                            Supplemental Security Income




                            benefits. However, it has not taken action to identify former prisoners who
                            have received benefits or to recover the overpayment.

Key Open Recommendations:   In order to identify SSI recipients who have been erroneously paid in prior
                            years, we recommend that the Commissioner of SSA direct SSA field
                            offices to obtain information from county and local jails on former
                            prisoners. SSA should then process this information to (1) determine if it
                            made erroneous payments to any of these prisoners, (2) establish
                            overpayment for the ones it paid, and (3) attempt to recover all erroneous
                            payments.

Potential Cost Savings:     During our review, we found that in 1995, SSA erroneously paid $5 million
                            in SSI payments to about 3,000 current and former prisoners in several
                            county and local jails. About $1 million of the erroneous overpayment
                            were made to 615 former prisoners. We also found that SSA was unaware
                            that it had erroneously paid 454 (74 percent) of the former prisoners, was
                            still making payments to these individuals, and was by withholding a
                            portion of their current payments to recover the overpaid funds. To
                            develop information on former prisoners, we obtained automated lists
                            from two county systems of all prisoners released in the first 6 months of
                            1995. We then matched their SSNs against SSI records to identify those who
                            received SSI payments while incarcerated. Because of limitations in our
                            sample, we could not use the findings of our review to project how many
                            former prisoners nationally were likely to have received erroneous SSI
                            payments. We were also unable to project the total program savings
                            associated with recovering the overpaid funds. However, our sample
                            review leads us to believe that SSA could recover additional overpaid SSI
                            funds if it complied with our recommendation.

Implementation Status and   While SSA has begun to obtain better information on SSI recipients
What Remains to Be Done:    currently in local and county jails, it has not yet developed information on
                            the universe of former prisoners who may have received SSI payments, nor
                            has it taken action to recover any overpaid SSI funds from this population.
                            SSA has acknowledged that the productivity of securing information on
                            former prisoners appears desirable and worthy of further investigation.
                            However, they have expressed concerns about the availability of data, the
                            potential hardship placed on county and local jail officials who will have
                            to provide this additional data, the cost-effectiveness of processing data on
                            current prisoners who may no longer be receiving SSI payments, and other
                            matters. In response to SSA’s comments, we demonstrated that obtaining
                            necessary data on former prisoners should not pose a significant problem
                            to SSA. We also noted that any additional hardship this “onetime” effort



                            Page 28                                          GAO/HR-97-30 High-Risk Program
                                Supplemental Security Income




                                may pose to local and county jails may be offset by the potential to recover
                                erroneously paid SSI state supplements. Therefore, we continue to believe
                                that decisive agency action is necessary to identify and recover more
                                erroneous SSI payments made to former prisoners. SSA told us that they
                                plan to conduct a cost/benefit analysis to determine how effective it would
                                be to obtain data on former prisoners. However, as of May 1997, they had
                                not yet begun such an effort.


Problem Area 2:                 GAOReport: Debt Management: More Aggressive Actions Needed to
Inadequate Attention to         Reduce Billions in Overpayments (GAO/HRD-91-46, July 9, 1991).
Reducing and Collecting
                                SSA has experienced longstanding problems in controlling and collecting
SSI Overpayment                 overpayment made to beneficiaries in both its title II and title XVI
                                programs. Although these problems have been reported by GAO since 1989,
                                SSA still has made little progress in preventing and collecting overpaid
                                benefits.

Key Open Recommendations:       That the Commissioner of SSA

                            •   accelerate completing the management information system needed to
                                support effective debt management, and
                            •   establish specific dollar collection goals for recovering debts owed by
                                former beneficiaries.

Potential Cost Savings:         Our review included both title II and title XVI overpayments experienced
                                by SSA, rather than strictly focusing on SSI overpayment. However, we
                                concluded that compliance with our recommendations and use of such
                                innovative tools as the tax refund offset would result in increased
                                overpayment recoveries and significant savings in both programs. In our
                                1997 high-risk testimony, we noted that more than $2.3 billion in SSI
                                overpayments were still owed to SSA. About $895 million in newly
                                detected overpayment was detected by SSA during this year. We believe
                                that substantially more SSI overpayments could be recovered if SSA placed
                                a greater organizational focus on deterring and collecting overpayments
                                and implemented such tools as the tax refund offset (TRO) for delinquent
                                SSI debt. However, to date, we have not projected what the total program
                                cost savings would be.

Implementation Status and       The agency has implemented a number of our recommendations resulting
What Remains to Be Done:        from our report. The two remaining open recommendations are in process
                                and SSA is currently developing a new system to track recovery of



                                Page 29                                         GAO/HR-97-30 High-Risk Program
                                Supplemental Security Income




                                overpayment. Full implementation is dependent on the release and
                                effectiveness of SSA’s new management information system. Specific
                                dollar collection goals are planned to be established following SSA’s
                                evaluation of the data it is currently tracking regarding the recovery of
                                overpayment. SSA is making progress toward completing the remaining
                                recommendations in this area.

                                Despite SSA’s actions, one area of continued concern is the low priority
                                SSA has historically placed on controlling and collecting title XVI
                                overpayments. This is evidenced by SSA’s failure to utilize debt collection
                                tools that it has had the authority to use for many years. For example, SSA
                                has had the authority to use TROs to pursue SSI overpayments since 1984.
                                The TRO is used by SSA for its title II program and has proven effective in
                                another welfare program—Food Stamps—for collecting delinquent debt
                                from recipients who no longer receive benefits. SSA has claimed that
                                implementation of the SSI tax refund offset was imminent. However,
                                current agency plans call for implementing this tool sometime beyond
                                fiscal year 1997, or more than 13 years after obtaining authority to do so.
                                Moreover, SSA still lacks overpayment collection tools for the SSI program
                                commonly available in other means tested programs. These include such
                                things as credit bureau reporting and private collection agencies. SSA has
                                legislative authority to use credit bureaus and private collection agencies
                                to collect delinquent title II debt, but is excluded from using such tools to
                                pursue SSI overpayments.

                                GAO Report: Supplemental Security Income: Administrative and Program
                                Savings Possible by Directly Accessing State Data (GAO/HEHS-96-163, Aug. 29,
                                1996).

                                SSA is responsible for ensuring that SSI payment amounts are correct and
                                that only those eligible for SSI benefits receive them. To fulfill these
                                responsibilities, SSA needs accurate and timely information on recipients’
                                income, assets, and living arrangements. An effective way to obtain
                                information is through on-line access to state maintained recipient data.
                                However, SSA has not made sufficient progress toward effectively using
                                on-line data from the states.

Key Open Recommendations:       To prevent overpayments or detect them sooner, we recommend that the
                                Commissioner of SSA

                            •   require claims representatives to use on-line access to states’ information
                                to routinely check for unreported sources of income when initial and



                                Page 30                                          GAO/HR-97-30 High-Risk Program
                                 Supplemental Security Income




                                 subsequent assessments of eligibility are done, provided that it is
                                 cost-effective to do so.
                             •   develop automatic interfaces with state databases that comply with laws
                                 and standards governing computer matching, privacy, and security that
                                 can (1) more fully automate the earnings and UI computer matches and
                                 (2) identify additional income sources that do not currently have computer
                                 matches.

Potential Cost Savings:          We estimated that, if available and effectively used, direct on-line access to
                                 state databases could have prevented or more quickly detected more than
                                 $131 million in SSI overpayment caused by unreported or underreported
                                 income nationwide in one 12-month period.

Implementation Status and        As of March 1997, more than 21 states had offered to provide SSA with
What Remains to Be Done:         varying access to state records to facilitate case processing, and 15 states
                                 were already providing some limited on-line access. The agency expects
                                 additional states will be phased in starting in October of 1997. However,
                                 SSA still has not committed to specifically implementing our
                                 recommendation, which calls for using on-line access for overpayment
                                 prevention, rather than using it simply as a tool to assist claims
                                 representatives with case processing. SSA agreed that on-line access could
                                 be a useful tool for reducing overpayment and agreed with our
                                 recommendations. However, SSA noted that although on-line access is
                                 easy and inexpensive in many states, this may not be true for all states. For
                                 example, they commented that some state agencies may not have
                                 automated data or the systems within agencies or between agencies in the
                                 same state may be incompatible. SSA also noted that because on-line
                                 access presumably will be more costly and difficult in some states than in
                                 others, a more thorough analysis of its costs and benefits is necessary
                                 before on-line access is used for overpayment prevention. In responding to
                                 SSA’s comments, we noted that there are states where on-line connections
                                 now access data inexpensively and easily. Thus, there is no reason why
                                 SSA cannot use the state data in those states for overpayment prevention
                                 while it examines the cost-effectiveness of on-line access in other states.


Problem Area 3: Failure to       GAO Report: Supplemental Security Income: Disability Program Vulnerable
Adequately Address               to Applicant Fraud When Middlemen Are Used (GAO/HEHS-95-116, Aug. 31,
Program Vulnerability to         1995).
Fraud and Abuse                  The number of immigrants receiving SSI disability benefits rose from 45,000
                                 in 1983 to 267,000 in 1993. An undetermined number of these individuals



                                 Page 31                                          GAO/HR-97-30 High-Risk Program
                            Supplemental Security Income




                            obtained SSI benefits through fraudulent activity involving middlemen.
                            SSA’s own data shows that middlemen have been involved in coaching
                            claimants to appear mentally ill, providing dishonest translation services,
                            and submitting false medical information provided by third party
                            providers. For example, a Washington state middleman arrested for fraud
                            had helped at least 240 immigrants obtain $7 million in SSI benefits by
                            providing false information.

Key Open Recommendations:   We recommend that the Commissioner of Social Security develop a more
                            aggressive, programwide strategy for improving the quality of information
                            obtained from applicants, maintaining and sharing data collected on
                            interpreters and middlemen among field offices, and using information
                            that results from the work of other government agencies—local, state, and
                            federal—to pursue cases in which fraud is suspected. Such a strategy
                            should include developing improved ways to more effectively manage
                            SSA’s resources to further facilitate communications with non-English
                            speaking applicants, possibly by requiring that SSA bilingual staff or SSA
                            contracted staff conduct the interviews and by exploring video
                            conferencing technology (to better utilize bilingual staff in other offices).

Potential Cost Savings:     Our report noted that the actual number of ineligible non-English speaking
                            applicants receiving SSI benefits was unknown and we did not quantify the
                            extent of fraudulent activity in this area. However, we documented a
                            significant increase in the number of immigrants receiving benefits and
                            thousands of cases involving middlemen fraud which cost millions of
                            program dollars. Based on a lifetime benefit calculation, we also estimated
                            that a single ineligible recipient could receive about $51,000 in disability
                            benefits from the SSI program and an additional $62,000 from the Medicaid
                            and Food Stamps programs by the age of 65.

Implementation Status and   SSA agreed with the intent of our recommendations and stated that it is
What Remains to Be Done:    exploring these recommendations as it continues its efforts to minimize
                            fraud involving middlemen. In 1996, the agency established a National and
                            Regional Fraud Committee, whose goal is to achieve a comprehensive
                            programwide focus on all types of fraud and develop a fraud tactical plan.
                            SSA also established regional fraud committees that are responsible for
                            coordinating the sharing of middlemen information maintained by local
                            SSA offices. SSA also noted that half of its field office new hires were
                            bilingual, a step that SSA believes will reduce fraudulent middlemen
                            involvement. However, we have done no independent analysis of staffing
                            allocations, local office language needs, and other issues related to SSA’s
                            claims. SSA has also begun to implement a Civil and Monetary Penalty



                            Page 32                                          GAO/HR-97-30 High-Risk Program
                           Supplemental Security Income




                           program, whereby penalties can be levied against applicants, middlemen
                           and other third-party providers (eg. medical providers) involved in
                           fraudulent activities. However, this initiative is in the very early stages and
                           no cases have been processed under the new Civil and Monetary Penalty
                           authority to date.

                           GAO Report: Supplemental Security Income: Some Recipients Transfer
                           Valuable Resources to Qualify for Benefits (GAO/HEHS-96-79, Apr. 30, 1996).

                           The SSI program is designed to support individuals with limited resources
                           to meet basic needs. However, current laws do not prohibit the transfer of
                           valuable resources to qualify for SSI benefits. Restrictions against such
                           transfers have been in place for years in the medicaid program because of
                           the Congress’ concern that elderly individuals were transferring resources
                           to qualify for federal medical coverage.

Matter for Congressional   In light of the potential for reduced program expenditures and increased
Consideration:             program integrity, we suggested that the Congress consider reinstating an
                           SSI transfer-of-resources restriction. The restriction could be calculated in
                           a way that takes into account the value of the resource transferred, so that
                           individuals transferring more valuable resources would be ineligible for SSI
                           benefits for longer periods of time than those who transfer less valuable
                           resources.

Potential Cost Savings:    Since 1989, the number of SSI recipients reporting asset transfers has
                           increased almost 2,000 percent. Between 1988 and 1994, about 9,300 SSI
                           recipients reported transferring resources. We reviewed automated data
                           maintained by SSA for 3,505 recipients reporting such transfers and
                           determined that these recipients transferred cars, homes, land, cash, and
                           other resources worth over $74 million. We calculated that the average
                           cash value of transferred resources was about $21,000 per recipient. Our
                           calculations did not include almost 6,000 transfers documented in SSA’s
                           nonautomated case files, nor did it include recipients who failed to report
                           resource transfers. Consequently, the total amount of resources
                           transferred was larger than our estimates.

                           Based on our analysis, we estimated that eliminating asset transfers could
                           have saved the SSI program about $14.6 million between 1990 and 1995.
                           CBO has estimated that implementing a transfer of asset restriction similar
                           to that used in the Medicaid program would result in savings to the SSI
                           program of more than $20 million between fiscal years 1998 and 2002.




                           Page 33                                           GAO/HR-97-30 High-Risk Program
                            Supplemental Security Income




Implementation Status and   SSA agreed with our findings and conclusions that reinstating a transfer of
What Remains to Be Done:    resource restriction would increase SSI program integrity. SSA noted that it
                            was continuing to work with the Congress to include a provision restoring
                            an SSI transfer-of-resource restriction in welfare reform legislation. In May
                            of 1996, the agency proposed a draft bill to the Administration and the
                            Congress, seeking to amend the Social Security Act and reinstitute a
                            transfer of resource penalty for individuals who transfer resources at less
                            than fair market value. At present, no legislative action has yet occurred
                            on this issue.


Problem Area 4:             GAO Report: Social Security Disability: Alternatives Would Boost
Inadequate Reviews of SSI   Cost-Effectiveness of Continuing Disability Reviews (GAO/HEHS-97-2, Oct. 16,
Recipients’ Disability      1996).

                            SSA is required by law to conduct periodic examinations, called
                            continuing disability reviews (CDR), to determine whether a recipient has
                            medically improved to the extent that the person is no longer considered
                            disabled, and thereby is ineligible for payments.

Key Open Recommendations:   We recommend that, to the extent SSA is authorized to act, the
                            Commissioner of SSA replace the current system for scheduling of CDRs
                            for DI and SSI recipients with a more cost-effective process that would
                            (1) select for review beneficiaries with the greatest potential for medical
                            improvement and subsequent benefit termination, (2) correct a weakness
                            in SSA’s CDR process by conducting CDRs on a random sample from all
                            other beneficiaries, and (3) help ensure program integrity by instituting
                            contact with beneficiaries about their medical condition who are not
                            selected for CDRs. As part of this effort, the Commissioner should develop
                            a legislative package to obtain the authority the agency needs to enact the
                            new process for those portions of the DI and SSI populations subject to
                            required CDRs.

Potential Cost Savings:     SSA estimates that CDRs will remove 95,000 (or 5 percent) of the
                            1.9 million SSI recipients who are currently due or overdue for CDRs
                            because they are no longer medically eligible for benefits. On the basis of
                            this number, we estimate that in fiscal year 1996 alone, these recipients
                            would have received $481 million in federal SSI benefits and about
                            $418 million in federal and state Medicaid benefits. In addition, SSA
                            estimates that conducting CDRs on adult SSI recipients for whom medical
                            improvement is expected or possible results in about $3 in federal
                            program savings for every $1 spent conducting CDRs. The



                            Page 34                                          GAO/HR-97-30 High-Risk Program
                            Supplemental Security Income




                            cost-effectiveness of performing CDRs may be improved further by
                            implementing GAO’s recommendations.

Implementation Status and   Although SSA has agreed to consider changing the required scheduling of
What Remains to Be Done:    CDRs and has expanded the title II profiling system used to conduct CDRs
                            to the SSI program to improve the cost-effectiveness of SSI CDRs, it has not
                            agreed to take any action on parts two and three of our recommendation.
                            The agency has not complied with these parts because it believes that its
                            ongoing strategy to improve the effectiveness of CDRs is, in general, more
                            efficient than the steps suggested by GAO.

                            GAO  believes that while targeting CDRs is the most cost-beneficial, it is also
                            important for ensuring program integrity that all beneficiaries have a
                            chance to be selected for a CDR. This is particularly important given the
                            fact that SSA has been unable to conduct all required CDRs for almost a
                            decade and SSA estimates that the backlog will not be eliminated for
                            another 7 years. Moreover, increased beneficiary contact is valuable to
                            remind beneficiaries that their disability status is being monitored and that
                            they are responsible for reporting medical improvement.


Problem Area 5:             GAO   Reports:
Insufficient Agency
Emphasis on Helping SSI     SSA Disability: Program Redesign Necessary to Encourage Return to Work
                            (GAO/HEHS-96-62, Apr. 24, 1996).
Recipients Enter the
Workforce                   SSA Disability: Return-to-Work Strategies From Other Systems May
                            Improve Federal Programs (GAO/HEHS-96-133, July 11, 1996).

                            Social Security: Disability Programs Lag in Promoting Return to Work
                            (GAO/HEHS-97-46, Mar. 17, 1997).

                            SSA is responsible for encouraging SSI beneficiaries to return to work
                            whenever possible. In fiscal year 1996 SSA reimbursed state VR agencies
                            about $65 million for successful rehabilitations (e.g. recipients were
                            involved in substantial gainful activity for at least 9 months following
                            rehabilitation). However, few SSI recipients have left the rolls to return to
                            work, partly because SSI does little to enhance recipients’ work capacities
                            and promote economic independence.

Key Open Recommendations:   The commissioner of SSA should place greater priority on return to work,
                            including a comprehensive return-to-work strategy that integrates, as



                            Page 35                                           GAO/HR-97-30 High-Risk Program
                            Supplemental Security Income




                            appropriate, earlier intervention, earlier identification and provision of
                            necessary return-to-work assistance for applicants and beneficiaries, and
                            changes in the structure of cash and medical benefits (e.g., changes in the
                            amount of earnings a recipient may have while still retaining medical
                            benefits) to encourage more recipients to return to work. The
                            Commissioner should also identify legislative changes needed to
                            implement such a strategy.

Potential Cost Savings:     In 1996 GAO estimated that if an additional 1 percent of the 6.3 million
                            Disability Insurance (DI) and SSI working-age beneficiaries were to leave
                            the rolls by returning to work, lifetime cash benefits would be reduced by
                            an estimated $2.9 billion.1 However, it is unclear the extent to which any
                            savings would be offset by program costs.

Implementation Status and   SSA has taken various steps to help more DI and SSI beneficiaries return to
What Remains to Be Done:    work. However, these steps do not fully address GAO’s recommendation
                            that SSA undertake a comprehensive strategy to redirect the goals and
                            practices of the SSI and DI program so that greater emphasis is placed on
                            return to work.

                            SSA has not indicated whether it intends to fully implement GAO’s
                            recommendations. It has argued that implementation would be difficult
                            because there is a lack of rigorous studies on the cost-effectiveness of
                            return-to-work efforts in the private sector and in other countries.
                            Moreover, the agency contends that because it is only one player among
                            many in the complex VR process, it does not have the ability to develop a
                            comprehensive strategy on it own. Finally, SSA argued that under current
                            law, disability programs do not provide for, or even allow, many of the
                            strategies suggested in the reports.

                            GAO’s recommendations do not specify which practices SSA should
                            develop in its comprehensive return-to-work strategy. Rather, we have
                            suggested that an appropriate plan should be developed by the agency,
                            and assumed it would incorporate an assessment of the costs and benefits
                            of the various VR practices. Moreover, GAO believes that while all pertinent
                            players should be involved in formulating a comprehensive VR strategy,
                            SSA is the appropriate agency to take the lead in forging a partnership on
                            redesigning the disability programs to place a greater emphasis on
                            return-to-work. Finally, GAO agrees that current law must be changed and



                            1
                             This body of work analyzes DI and SSI recipients together. Therefore, no separate figures for the SSI
                            program are available.



                            Page 36                                                           GAO/HR-97-30 High-Risk Program
                            Supplemental Security Income




                            recommends that the Commissioner develop a legislative strategy
                            describing suggested changes.

                            GAOReport: PASS Program: SSA Work Incentive for Disabled Beneficiaries
                            Poorly Managed (GAO/HEHS-96-51, Feb. 28, 1996).

                            The Plan to Achieve Self Support (PASS) work incentive program was
                            established as part of the SSI program to help disabled recipients return to
                            employment. PASS provisions allow SSI recipients to exclude income and
                            resources from benefit calculations that otherwise would reduce their
                            benefits, as long as the assets are used to pay for expenses associated with
                            reaching employment goals. However, very few recipients leave the SSI
                            disability rolls by returning to work.

Key Open Recommendations:   The Commissioner of Social Security should, after seeking legislation if
                            necessary, (1) clarify the goals of the PASS program; (2) improve field
                            staff’s ability to determine feasibility of proposed PASSes, (3) strengthen
                            internal controls, and (4) obtain more information on program
                            participation and impact.

Potential Cost Savings:     The most substantial savings to the SSI program can be realized by
                            recipients leaving the rolls to work. However, GAO has reported that only
                            about 1 in every 500 DI and few SSI recipients is terminated from the rolls
                            because he/she returns to work. While savings could be realized from
                            increasing the effectiveness of the PASS program, it is difficult to estimate
                            the amount of the savings because SSA does not maintain the needed data.
                            However, in the short term, program dollars may also be saved by
                            improving internal controls and by making it more difficult for recipients
                            to obtain a PASS. In 1995, at the time of GAO’s study, the PASS program
                            cost SSA about $30 million in increased benefits. Due to recent policy and
                            procedural changes enacted by SSA, the number of PASSes granted has
                            decreased by about one half. One SSA official stated that this could reduce
                            the cost of the program by about $15 million.

Implementation Status and   SSA has begun to address the first three recommendations by developing
What Remains to Be Done:    and implementing a standardized PASS application, revising operating
                            procedures, and requiring that centralized decision-makers make all
                            decisions about PASS applications and changes to PASS plans. However, it
                            is too early to determine whether the revised operating instructions have
                            been properly implemented, which is critical in order to address
                            recommendation number 3. Also, SSA is reviewing all of the application
                            decisions the centralized decision-makers made in March 1997 for



                            Page 37                                          GAO/HR-97-30 High-Risk Program
                           Supplemental Security Income




                           consistency and accuracy. However, SSA is not willing to share
                           information pertaining to its findings until a finalized report is issued.

                           SSA is in the process of addressing recommendation 4 by developing a
                           data base that tracks: 1) decisions on initial PASS applications, 2) periodic
                           compliance reviews of PASS plans, 3) extensions or other changes to
                           PASS plans, and 4) suspensions and terminations of PASS plans. However,
                           SSA does not track and, has no plans to track, what happens to recipients
                           once their PASS has been completed or terminated. Thus, SSA cannot
                           evaluate the impact of the PASS program on employment and benefits.

                           SSA contends that it has not fully implemented GAO’s recommendations
                           because it believes it does not have the legislative authority necessary to
                           enact some of them—particularly recommendations 1 and 3—and did not
                           share with us whether it is currently seeking such authority. In regard to
                           areas where SSA does have legislative authority to make changes, an
                           official stated that it does not want to make any more changes until it has
                           gathered information on how well the program is functioning under the
                           new operating instructions and centralized decision-makers. However,
                           SSA has been aware of the issues raised by GAO and could have sought
                           legislative remedies at any time, but did not begin evaluating such
                           proposals until the report was issued. Moreover, GAO continues to believe
                           that it is important for SSA to collect and analyze data on PASS
                           participants that will allow them to assess the impact of this 20-year old
                           program on employment and welfare benefits.

Matter for Congressional   The Congress may wish to consider whether individuals otherwise
Consideration and          financially ineligible for SSI because their DI benefits or other income
Implementation Status:     exceed the eligibility threshold should continue to gain eligibility for SSI
                           through the PASS program.

                           The Congress has not yet acted on this matter for consideration.


                           Our prior work in the SSI program suggests that several longstanding
Ongoing GAO Work           problem areas have placed the program at considerable risk of fraud,
and Issues of              waste, abuse, and mismanagement. While attempts have been made by
Continuing Concern         SSA in the past to make the SSI program more efficient, significant issues
                           remain unaddressed. As a result, our concerns continue about underlying
                           SSI program vulnerabilities and the level of SSA management attention
                           devoted to these vulnerabilities. To more precisely identify the “root
                           causes” of longstanding SSI problems and the actions necessary to address



                           Page 38                                            GAO/HR-97-30 High-Risk Program
                                       Supplemental Security Income




                                       them, we are presently conducting a broad-based review of the SSI
                                       program. This work is designed to explore program design issues,
                                       operational policy, management philosophy and agency culture, and
                                       programmatic and legislative options for achieving substantive change. It
                                       is also intended to serve as the basis for future high-risk work in the area
                                       and to highlight particular program areas where more in-depth analysis is
                                       necessary. We anticipate completing our audit work in the fall of 1997, and
                                       issuing our report findings in January 1998.

                                       In addition to the broad-based SSI study discussed above, we also have
                                       ongoing work targeted to specific aspects of the SSI program. This work
                                       includes (1) a review of how SSA can improve data sharing with, and
                                       on-line access to, other federal agencies’ data to identify and prevent
                                       overpayment, (2) a review of SSA’s processes for matching SSI/Medicaid
                                       computer data to identify SSI overpayment to nursing home residents, and
                                       (3) a review of SSA’s experience obtaining child support payment data
                                       from states to detect SSI program overpayment.

Congressional Contacts With Interest
in Supplemental Security Income                                       Congressional Committees
Issues                                 GAO Report                                  Committee/Subcommittee
                                       Supplemental Security Income: SSA Efforts -Subcommittee on Oversight, House
                                       Fall Short in Correcting Erroneous Payments Committee on Ways and Means
                                       to Prisoners (GAO/HEHS-96-152, Aug. 30,     (202) 225-7601
                                       1996).
                                                                                   -Subcommittee on Human Resources,
                                                                                   House Committee on Ways and Means
                                                                                   (202) 225-1025

                                       Debt Management: More Aggressive            - Subcommittee on Oversight, House
                                       Actions Needed to Reduce Billions in        Committee on Ways and Means
                                       Overpayment (GAO/HRD-91-46, July            (202) 225-7601
                                       9,1991).

                                       Supplemental Security Income:               -Subcommittee on Oversight, House
                                       Administrative and Program Savings          Committee on Ways and Means
                                       Possible by Directly Accessing State Data   (202) 225-7601
                                       (GAO/HEHS-96-163, Aug. 29, 1996).
                                                                                   - Subcommittee on Human Resources,
                                                                                   House Committee on Ways and Means
                                                                                   (202) 225-1025

                                       Supplemental Security Income: Disability    -Senate Special Committee on Aging
                                       Program Vulnerable to Applicant Fraud       (202) 224-5364
                                       When Middlemen Are Used (GAO/
                                       HEHS-95-116, Aug. 31, 1995).
                                                                                                                (continued)




                                       Page 39                                               GAO/HR-97-30 High-Risk Program
Supplemental Security Income




                               Congressional Committees
GAO Report                                    Committee/Subcommittee
Supplemental Security Income: Some            -Subcommittee on Oversight, House
Recipients Transfer Valuable Resources to     Committee on Ways and Means
Qualify for Benefits (GAO/HEHS-96-79,         (202) 225-7601
Apr. 30, 1996).
                                              -Subcommittee on Human Resources,
                                              House Committee on Ways and Means
                                              (202) 225-1025
Social Security Disability: Alternatives Would -Subcommittee on Social Security, House
Boost Cost-Effectiveness of Continuing         Committee on Ways and Means
Disability Reviews (GAO/                       (202) 225-9263
HEHS-97-2, Oct. 16, 1996).
SSA Disability: Program Redesign              -Senate Special Committee on Aging
Necessary to Encourage Return to Work         (202) 224-5364
(GAO/HEHS-96-62, Apr. 24, 1996).
SSA Disability: Return-to-Work Strategies     -Senate Special Committee on Aging
From Other Systems May Improve Federal        (202) 224-5364
Programs (GAO/HEHS-96-133, July 11,
1996).
Social Security: Disability Programs Lag in   -Senate Committee on Finance
Promoting Return to Work,                     (202) 224-4515
(GAO/T-HEHS-97-46, Mar. 17, 1997).
                                              -House Committee on Ways and Means
                                              (202) 225-3625
PASS Program: SSA Work Incentive for          -Senate Committee on Finance
Disabled Beneficiaries Poorly Managed         (202) 224-4515
(GAO/HEHS-96-51, Feb. 28, 1996).
                                              -House Committee on Ways and Means
                                              (202) 225-3625




Page 40                                                 GAO/HR-97-30 High-Risk Program
                                      Supplemental Security Income




Executive Agencies With Interest in
Supplemental Security Income Issues   Agency                                  Contact
                                      Social Security Administration (SSA)    John Callahan
                                                                              Acting Commissioner
                                                                              (410) 965-3120

                                                                              John Dyer
                                                                              Acting Principal Deputy Commissioner
                                                                              (410) 965-9000

                                                                              David Williams
                                                                              Inspector General
                                                                              (410) 966-8337

                                      Office of Management and Budget (OMB)   Richard Green
                                                                              Program Examiner
                                                                              (202) 395-3000



                                      Jane Ross
GAO Contact                           Director, Income Security Issues
                                      (202) 512-7215


                                      Addressing the Deficit: Budgetary Implications of Selected GAO Work for
Related GAO Products                  Fiscal Year 1998 (GAO/OCG-97-2, Mar. 14, 1997).

                                      Supplemental Security Income: SSA is Taking Steps to Review Recipients’
                                      Disability Status (GAO/HEHS-97-17, Oct. 30, 1996).

                                      Social Security Disability: Improvements Needed to Continuing Disability
                                      Review Process (GAO/HEHS-97-1, Oct. 16, 1996).

                                      Social Security: Disability Programs Lag in Promoting Return to Work
                                      (GAO/T-HEHS-96-147, June 5, 1996).

                                      Social Security: New Functional Assessments for Children Raise Eligibility
                                      Questions (GAO/HEHS-95-66, Mar. 10, 1995).




                                      Page 41                                           GAO/HR-97-30 High-Risk Program
Information Security


               In 1997, we identified information security as a new high-risk area that
Overview       touches virtually every major aspect of government operations. Malicious
               attacks on computer systems are an increasing threat to our national
               welfare. We rely heavily on interconnected systems to control critical
               functions, such as communications, financial services, transportation, and
               utilities. Though greater use of interconnected systems promises
               significant benefits in improved business and government operations, such
               systems are much more vulnerable to anonymous intruders, who may
               manipulate data to commit fraud, obtain sensitive information, or severely
               disrupt operations.

               Despite the sensitivity and criticality of federal information systems, they
               are not being adequately protected from unauthorized access. System
               interconnectivity, combined with poor security management, is resulting
               in serious pervasive risks for the federal government, such as potential
               disclosure of sensitive data and loss of assets worth billions of dollars due
               to fraud. In addition, increasing reliance on networked systems and
               electronic records has elevated concerns that critical federal operations
               are vulnerable to serious disruption. This is because automated systems
               and electronic records are fast replacing manual procedures and paper
               documents, which in many cases are no longer available as “backup” if
               automated systems fail. Further, although such disruption could be
               precipitated by natural disasters or accidents, there is evidence that some
               organizations are developing strategies and tools for conducting
               premeditated attacks on information systems.

               Many federal operations that rely on computer networks are attractive
               targets for individuals or organizations with malicious intentions.
               Examples include law enforcement, import entry processing, various
               financial transactions, payroll, defense operational plans, electronic
               benefit payments, and electronically submitted medicare claims.

               Since June 1993, we have issued over 30 reports describing serious
               information security weaknesses at major federal agencies. For example,
               in May 1996, we reported that tests at the Department of Defense showed
               that Defense systems may have experienced as many as 250,000 attacks
               during 1995, that about 64 percent of attacks were successful at gaining
               access, and that only a small percentage of these attacks were detected.1
               In September 1996, we reported that, during the previous 2 years, serious

               1
                Information Security: Computer Attacks at Department of Defense Pose Increasing Risks
               (GAO/AIMD-96-84, May 22, 1996); Information Security: Computer Attacks at Department of Defense
               Pose Increasing Risks (GAO/T-AIMD-96-92, May 22, 1996); and Information Security: Computer Hacker
               Information Available on the Internet (GAO/T-AIMD-96-108, June 5, 1996).



               Page 42                                                       GAO/HR-97-30 High-Risk Program
                        Information Security




                        information security control weaknesses had been reported for 10 of the
                        15 largest federal agencies.2 For half of these agencies, the weaknesses
                        had been reported repeatedly for 5 years or longer. Several of our most
                        disturbing reports on information security are for limited official use and,
                        therefore, cannot be discussed here because of the risk that unscrupulous
                        individuals may attempt to exploit reported weaknesses.

                        Many of the federal information security weaknesses and causal factors
                        reported over the last few years were identified as a direct result of the
                        annual financial statement audits initiated under the Chief Financial
                        Officers Act of 1990. Although these audits pertain primarily to financial
                        management systems, they generally include a review of computer-based
                        controls that affect a significant portion of an agency’s broader operations.


                        Because virtually every aspect of federal operations relies on automated
Level of Resources at   systems, the risks, as described above, are enormous. There is no
Risk                    summary information available on actual federal dollars lost, and damage
                        due to unauthorized disclosure of sensitive information, such as browsing
                        of taxpayer records, cannot be readily quantified. However, an attack on
                        Rome Laboratory, the Air Force’s premier command and control research
                        facility, illustrates the risks.

                        In the Rome incident, two hackers took control of laboratory support
                        systems for several days, established links to foreign Internet sites, and
                        stole tactical and artificial intelligence research data. By masquerading as
                        a trusted user at Rome Laboratory, they were also able to successfully
                        attack systems at other government facilities, including the National
                        Aeronautics and Space Administration’s Goddard Space Flight Center,
                        Wright-Patterson Air Force Base, some defense contractors, and other
                        private sector organizations.

                        Because the Air Force did not know it was attacked for at least 3 days,
                        vast damage to Rome Laboratory systems and the information in those
                        system could have occurred. To its credit, the Air Force working with
                        international authorities eventually caught the hackers, but was never able
                        to conclusively determine what was done with the copied data.

                        The Air Force Information Warfare Center estimated that the attacks cost
                        the government over $500,000 at the Rome Laboratory alone. Their


                        2
                         Information Security: Opportunities for Improved OMB Oversight of Agency Practices
                        (GAO/AIMD-96-110, Sept. 24, 1996).



                        Page 43                                                        GAO/HR-97-30 High-Risk Program
                         Information Security




                         estimate included the time spent taking systems off the networks,
                         verifying systems integrity, installing security patches, and restoring
                         service, and costs incurred by the Air Force’s Office of Special
                         Investigations and Information Warfare Center. It also included estimates
                         for time and money lost due to the Laboratory’s research staff not being
                         able to use their computer systems.


                         Our reports contain dozens of recommendations to individual agencies for
Key Open GAO             improvement. Agencies have acted on many of these recommendations.
Recommendations          However, several underlying factors need to be addressed to help ensure
and Implementation       that federal agencies adequately protect their systems and data on a
                         continuing basis. These factors include:
Status
                     •   insufficient awareness and understanding of information security risks
                         among senior agency officials,
                     •   poorly designed and implemented security programs that do not
                         adequately monitor controls or proactively address risk,
                     •   a shortage of personnel with the technical expertise needed to manage
                         controls in today’s sophisticated information technology environment, and
                     •   limited oversight of agency practices at a governmentwide level.

                         In light of the increasing importance of information security and the
                         pattern of widespread problems that has emerged, stronger central
                         leadership is needed. Our previously cited September 1996 report3
                         concluded that the Office of Management and Budget (OMB) needs to play
                         a more proactive role in promoting awareness and in monitoring agency
                         practices—a role that was recently reemphasized in the Paperwork
                         Reduction Act and Clinger-Cohen Act. In particular, we recommended that
                         OMB engage assistance from private contractors and others with
                         appropriate expertise to assist in monitoring agency information security
                         programs. Also, as chair of the Chief Information Officers Council, OMB
                         should encourage council members to adopt information security as one
                         of their top priorities and develop a strategic plan for addressing the root
                         causes of agency security problems. Such a plan could include

                     •   developing information on existing and emerging information security
                         risks,
                     •   establishing a program for reviewing the adequacy of individual agency
                         security programs using interagency teams of reviewers, and


                         3
                          GAO/AIMD-96-110, Sept. 24, 1996.



                         Page 44                                         GAO/HR-97-30 High-Risk Program
    Information Security




•   developing or identifying training and certification programs that could be
    shared among agencies.

    As of May 1997, OMB had taken some steps to raise the awareness of its
    program examiners regarding information security, primarily by holding a
    training session in September 1996 that is planned to be repeated annually.
    However, little had been done by the CIO Council. The Council has
    included information security in its plans as one of the issues it will
    address. Specifically, the Council was briefed on the Government
    Information Technology Services (GITS) Board’s security and privacy
    initiatives at the Council’s March 17, 1997, meeting. Further, the Council’s
    Education and Training Working Group has recommended in its action
    plan that IT security be included as a continuing element of IT training. In
    the Council’s first 6-month progress report for September 1996 through
    February 1997, information security received only minor mention as part
    of other efforts and as a long-term effort to better understand security
    threats. At this time, it is unclear as to what specific actions will actually
    be implemented over the next year.

    Specific recommendations and actions taken to date are listed in the
    following table.

    (Due to its sensitive nature, additional information is being provided
    separately for limited official use only.)




    Page 45                                          GAO/HR-97-30 High-Risk Program
                                            Information Security




Key Recommendations by GAO Regarding Information Security
GAO Report                           Key Recommendation
IRS Systems Security: Tax Processing        The Commissioner should prepare a plan for (1) correcting all the weaknesses identified
Operations and Data Still at Risk Due to    at the 5 visited, as detailed in this report, and (2) identifying and correcting security
Serious Weaknesses (GAO/AIMD-97-49,         weaknesses at the other IRS facilities. The Commissioner should (1) provide this plan to
Apr. 8, 1997).                              congressional appropriation, authorization, and oversight committees and
                                            subcommittees, (2) report IRS’ progress on the plan in its fiscal year 1999 budget
                                            submission, and (3) identify the weaknesses discussed in this report as being material in
                                            IRS’ 1996 FMFIA report and subsequent reports until they are corrected.

                                            Also, the Commissioner should strengthen computer security management by directing
                                            the Deputy Commissioner to (1) reevaluate IRS’ current approach to computer security
                                            and (2) report the results to the above cited congressional committees and
                                            subcommittees by June 1997.
                                            Last, the Commissioner should ensure that IRS completely and consistently monitors,
                                            records, and reports the full extent of electronic browsing for all systems that can be
                                            used to access taxpayer data. We recommend that the Commissioner report disciplinary
                                            actions taken and that these statistics along with an assessment of its progress in
                                            eliminating browsing, be included in IRS’ annual budget submission.
Information Security: Opportunities for     As chair of the CIO Council, OMB should encourage council members to adopt as one of
Improved OMB Oversight of Agency            their top priorities and develop a strategic plan for addressing the root causes of agency
Practices (GAO/AIMD-96-110, Sept. 24,       security problems.
1996).
                                            OMB should encourage the development of improved sources of information with which
                                            to monitor compliance with OMB guidance and the effectiveness of agency information
                                            security programs.

                                            OMB should (1) supplement reviews of audit reports to include reviewing audits
                                            conducted under the Chief Financial Officers Act to identify findings related to
                                            information security; and (2) use this information, in conjunction with reports on agency
                                            self assessments, to assist in proactively monitoring the scope of such reviews and the
                                            effectiveness of agency information security practices.

                                            OMB should implement a program for increasing program examiners’ understanding of
                                            information security management issues so that they can readily identify and understand
                                            the implications of information security weaknesses related to agency programs.



Information Security: Computer Attacks at   The Secretary of Defense should strengthen the Department’s information security
Department of Defense Pose Increasing       related policies, training, network monitoring techniques, incident response capabilities.
Risks (GAO/AIMD-96-84, May 22, 1996).




                                            Page 46                                                   GAO/HR-97-30 High-Risk Program
                                               Information Security




Status             Agency Response                                              GAO’s Position
Some action        In commenting on a draft of our report, IRS agreed with      We are in the process of following up with IRS to
taken facilities   our conclusions and recommendations and working to           determine the extent of corrective action taken. stated
we                 implement them. For example, IRS stated that it created      that it is Consequently, it is too early to comment on
                   an Office of Systems Standards and Evaluation to             whether IRS is complying with our recommendations.
                   establish and enforce standards and policies for all major
                   security programs, including physical security, data
                   security, and systems security.

                   However, IRS did not commit to implement all
                   recommendations by the time frames specified. In
                   addition, IRS’ response did not clearly indicate that
                   security weaknesses would be corrected systematically
                   and consistently across all facilities.




Some action        The CIO Council has included information security in its     At this time, it is unclear as to what specific actions will
taken              plans as one of the address. Further, the Council’s          actually be issues it will implemented by the CIO Council
information        Education and Training Working Group has                     over the next year.
security           recommended in its action plan that IT security be
                   included as a continuing element of IT training. In the
                   Council’s first 6-month progress report for 9/96 through     OMB has taken some steps to improve its oversight of
                   2/97, information security received only minor mention as    individual agency practices, but it remains to be seen
                   part of other efforts and as a long-term effort to better    how well this will be implemented in agency program
                   understand threats.                                          examinations.

                   In a December 1996 letter to congressional oversight
                   committees, OMB said that it is implementing GAO’s
                   recommendations. In September 1996, OMB held what it
                   said was its first annual training session on information
                   security for OMB program examiners. At that session,
                   OMB alerted program examiners to the security-related
                   information that may be found in CFO reports. Also, OMB
                   said it will again point out this information when it
                   distributes CFO Act reports to program examiners.

Some action        DOD says that it is moving aggressively to address its       DOD has taken important first steps, including
taken program      security weaknesses, but that it will                        establishing an information security take time. goal in its
by improving                                                                    IRM Strategic Plan. Also, top civilian and military
                                                                                management have acknowledged a departmentwide risk
                                                                                management approach to address vulnerabilities.
                                                                                However, DOD has not fully responded to any of the
                                                                                recommendations.




                                               Page 47                                                     GAO/HR-97-30 High-Risk Program
                                        Information Security




                                        Inadequate information security is primarily a management problem.
Why                                     Ensuring adequate security requires ongoing attention to monitor risks
Recommendations                         and the effectiveness of mitigating controls. We have found that many
Have Not Been                           federal managers either are not fully aware of these risks or have not given
                                        information security the level of attention needed to ensure its
Implemented and                         effectiveness.
What Remains to Be
                                        Also, as with any type of control activity, information security costs money
Done                                    and, in some cases, may seem to diminish efficiency. As a result, in an
                                        environment of severe resource constraints, it is especially important for
                                        managers to ensure that information security receives sufficient attention
                                        and resources.

                                        The challenge for the Congress and for federal managers is to view the
                                        management of information security risks as an integral element of
                                        program management. This means (1) considering the security
                                        implications whenever computer and telecommunications technology is
                                        being used to support program operations, (2) weighing the potential costs
                                        and benefits, (3) determining what level of risk is acceptable in light of the
                                        expected benefits, and (4) providing adequate resources to monitor
                                        controls and keep risks at an acceptable level.

Congressional and Administration
Contacts With Interest in Information   Committee or Office                         Key Staff
Security Issues                         Senate Committee on Governmental Affairs    Ellen Brown, Majority
                                                                                    (202) 224-4751

                                                                                    David Plocher, Minority
                                                                                    (202) 224-9682

                                                                                    Brian Dettelbach, Minority
                                                                                    (202) 224-7948
                                        House Committee on Science,                 Richard Russell, Majority
                                        Subcommittee on Technology                  (202) 225-8844

                                                                                    Donna Farmer, Majority
                                                                                    (202) 225-8844
                                        Office of Management and Budget, Office of Bruce McConnell, Chief, Information Policy
                                        Information and Regulatory Affairs         and Technology Branch
                                                                                   (202) 395-3785

                                                                                    Ed Springer, Policy Analyst
                                                                                    (202) 395-3562



                                        The following assignments are underway:
Ongoing Audit Work

                                        Page 48                                                 GAO/HR-97-30 High-Risk Program
                       Information Security




                   •   GAO  is reviewing successful information security management practices at
                       leading private sector and state organizations in order to identify practices
                       that could be used by federal agencies. This assignment was requested by
                       Chairman Thompson and Senator Glenn, RMM, of the Senate Committee
                       on Governmental Affairs. The assignment is expected to be completed in
                       early 1998.
                   •   GAO is reviewing the Federal Aviation Administration’s (FAA) air traffic
                       control (ATC) computer security practices to determine whether FAA is
                       effectively managing computer security for its operational systems and for
                       future ATC modernization systems. Staff members from the Senate
                       Committee on Governmental Affairs and the House Committee on Science,
                       Subcommittee on Technology have expressed interest in this assignment
                       which is expected to be completed in early 1998.
                   •   GAO is reviewing the State Department’s computer security program, with
                       emphasis on the department’s vulnerability to unauthorized access to its
                       information resources. The assignment is expected to be completed in late
                       1997.
                   •   GAO is reviewing the Social Security Administration’s use of the Internet to
                       disseminate information on personal earnings and benefits to individuals.
                       This assignment was requested by Chairman Bunning and Representative
                       Kennelly, RMM, of the House Ways and Means Subcommittee on Social
                       Security.
                   •   GAO will shortly begin a follow up review of IRS’ progress in correcting
                       previously reported information security weaknesses.
                   •   GAO and agency IGs are both reviewing information security controls in
                       conjunction with federal financial statement audits, which are being
                       performed pursuant to the Chief Financial Officers Act of 1990. To prepare
                       for the first governmentwide audit, GAO is reviewing the IGs’ assessments
                       of controls at the 24 CFO agencies. At selected Department of Treasury
                       agencies, GAO is actually performing the review of computer-based
                       controls. At a few other agencies, GAO is working jointly with the IG staff
                       on this segment of the audit. To support these efforts, GAO has developed a
                       methodology for evaluating computer-based controls and is providing
                       technical advice and training to the IG community.


                       Jack Brock
Key GAO Contacts       Director, Information Resources Management
                       (202) 512-6240




                       Page 49                                          GAO/HR-97-30 High-Risk Program
                       Information Security




                       Bob Dacey
                       Director, Consolidated Audit and Computer Security Issues,
                       (202) 512-3317

                       Dr. Rona Stillman
                       Chief Scientist for Computers and Telecommunications
                       (202) 512-6412

                       Keith Rhodes
                       Technical Director, Office of the Chief Scientist for Computers and
                       Telecommunications
                       (202) 512-6288

                       Jean Boltz
                       Assistant Director, Information Resources Management
                       (202) 512-5247


                       Social Security Administration: Internet Access to Personal Earnings and
Related GAO Products   Benefits Information (GAO/T-AIMD/HEHS-97-123, May 6, 1997).

                       IRS Systems Security: Tax Processing Operations and Data Still at Risk
                       Due to Serious Weaknesses (GAO/AIMD-97-49, Apr. 8, 1997).

                       Information Security: Opportunities for Improved OMB Oversight of
                       Agency Practices (GAO/AIMD-96-110, Sept. 24, 1996).

                       Financial Audit: Examination of IRS’ Fiscal Year 1995 Financial
                       Statements (GAO/ AIMD-96-101, July 11, 1996).

                       Information Security: Computer Attacks at Department of Defense Pose
                       Increasing Risks (GAO/AIMD-96-84, May 22, 1996).

                       Information Security: Computer Attacks at Department of Defense Pose
                       Increasing Risks (GAO/T-AIMD-96-92, May 22, 1996).

                       Financial Audit: Federal Family Education Loan Program’s Financial
                       Statements for Fiscal Years 1994 and 1993 (GAO/AIMD-96-22, Feb. 26, 1996).

                       Department of Energy: Procedures Lacking To Protect Computerized Data
                       (GAO/AIMD-95-118, June 5, 1995).




                       Page 50                                          GAO/HR-97-30 High-Risk Program
Information Security




Information Superhighway: An Overview of Technology Challenges
(GAO/AIMD-95-23, Jan. 23, 1995).

Financial Audit: Examination of Customs’ Fiscal Year 1993 Financial
Statements (GAO/AIMD-94-119, June 15, 1994).

HUD Information Resources: Strategic Focus and Improved Management
Controls Needed (GAO/AIMD-94-34, Apr. 14, 1994).

IRS Information Systems: Weaknesses Increase Risk of Fraud and Impair
Reliability of Management Information (GAO/AIMD-93-34, Sept. 22, 1993).




Page 51                                       GAO/HR-97-30 High-Risk Program
Department of Energy’s Contract
Management

                        The Department of Energy’s (DOE) contracting practices and problems
Overview                stem from the time of the Manhattan Project’s development of the atomic
                        bomb during World War II. This undertaking involved special contracting
                        arrangements, such as least interference in the contractor’s work and
                        indemnification of a contractor’s liability. Decades later, DOE continued to
                        enter into contracts in which competition was the exception,
                        reimbursement of virtually any cost to the contractor was the practice, and
                        lax oversight of contractors was the norm.

                        In 1990, we designated DOE contracting as a high-risk area vulnerable to
                        waste, fraud, abuse, and mismanagement. This designation was
                        precipitated by DOE’s history of weak oversight of contractors coupled
                        with heavy reliance on contractors to fulfill DOE’s missions. We
                        subsequently issued a series of reports and testimonies, identifying some
                        of the costly effects of DOE’s practices. These products have contributed
                        to the Congress’s budget deliberations and provided an impetus for DOE
                        to reform its contracting.

                        Although the past Secretaries of Energy have instituted various remedies
                        and have moved in the direction of improved contracting, changing the
                        way DOE does business has not come easily or quickly.


                        DOE generally fulfills its multiple missions with contractors who manage
Level of Resources at   and operate its federally owned facilities. In fiscal year 1996, DOE
Risk                    contracted out about 92 percent of its $17.8 billion in obligations (or about
                        $16.4 billion) to, among other things, maintain its weapons complex, fund
                        its national laboratories, and clean up its legacy of environmental
                        contamination. At risk are not only these funds but more importantly, the
                        DOE missions being financed by them. For example, from 1980 through
                        1996, DOE conducted 80 projects (costing or projected to cost about $64
                        billion) that it designated as major systems acquisitions—projects that are
                        critical to DOE’s mission and cost over $100 million. Thirty-one of these
                        were terminated prior to completion after spending over $10 billion, 15
                        were completed and most were finished behind schedule and with cost
                        overruns, and 34 are ongoing and also suffer from cost overruns and
                        schedule delays.




                        Page 52                                          GAO/HR-97-30 High-Risk Program
                         Department of Energy’s Contract
                         Management




                         Reforming contracts has been an elusive and longstanding DOE goal. In
Key Open GAO             April 1992, we reported that the Secretary’s recognition of contract
Recommendations          management weaknesses, commitment to strengthening contract controls,
and Implementation       and actions to address some contracting weaknesses were important first
                         steps for reform.1 However, we concluded that the weaknesses would not
Status                   be corrected in the near future because the corrective actions would take
                         several years to implement.

                         After reviewing the agency’s contracting practices, the Secretary’s
                         Contract Reform Team issued, in February 1994, its report entitled Making
                         Contracting Work Better and Cost Less. The Team focused its efforts on
                         management and operating contracts and identified numerous problems
                         that needed correcting. The 48 recommendations (47 in the report and one
                         directed by the Secretary) for specific actions sought to make sweeping
                         changes in DOE’s policies and practices, often completely contrary to the
                         way DOE has done business.

                         DOE’s reforms are, in part, the result of GAO’s previous criticisms,
                         observations, and recommendations regarding DOE’s contracting
                         practices. More recently we have provided critiques to DOE during the
                         development of its reforms. While current reforms are unprecedented in
                         scope and provide a comprehensive plan, the real test of DOE’s success
                         will occur as DOE implements, monitors, corrects where needed, and
                         standardizes best practices for a totally new way of doing business. This
                         effort will require time as the current contracts are either competitively
                         awarded or noncompetitively renewed with reform provisions
                         incorporated into the contracts.


                         DOE is making headway in developing policies, procedures, and guidelines
Implementation Has       in response to the Contract Reform Team’s recommendations. Along with
Begun but More           the recommendations, the Contract Reform Team assigned to a specific
Remains to Be Done       DOE office the responsibility for completing each action and established
                         deadlines for them. As of August 1996, DOE reported completing 47 of the
                         48 recommended actions; the last one is nearing completion. Specifically,
                         DOE has

                     •   published a policy adopting a standard of full and open competition,
                     •   developed guidance for contract performance criteria and measures,
                     •   created incentive mechanisms for contractors, and

                         1
                          Energy Management: Vulnerability of DOE’s Contracting to Waste, Fraud, Abuse, and Mismanagement
                         (GAO/RCED-92-101, Apr. 10, 1992).



                         Page 53                                                      GAO/HR-97-30 High-Risk Program
                        Department of Energy’s Contract
                        Management




                    •   developed training in performance-based contracting for DOE personnel.

                        Possibly DOE’s most important reform initiative—to open its management
                        and operating contracts to competition—has become policy. DOE’s new
                        policy adopts a standard of full and open competition and directs that
                        DOE competitively award its contracts to the fullest extent possible. Also,
                        the Contract Reform Team’s report recommended that the terms of the
                        contract be negotiated before extending existing contracts. The
                        recommendation is intended to improve DOE’s bargaining position with
                        respect to contract costs and deliverables and encourage new contractors
                        to bid on DOE’s contracts.

                        However, DOE has awarded most of its recent contracts noncompetitively.
                        Of the 24 decisions made from July 5, 1994, to the end of August 1996,
                        DOE decided to extend 16 contracts on a noncompetitive basis and to
                        competitively award the other eight.2 DOE had long-term relationships
                        with many of the contractors whose contracts it decided not to compete.
                        The average age of the 16 contracts was about 35 years, and 12 of them
                        had never been competitively awarded.

                        Also, although contrary to a recommendation by the Contract Reform
                        Team, DOE may have weakened its bargaining position when it
                        conditionally decided to extend the contracts for three of its laboratories
                        prior to their negotiation with the contractor. As a result, DOE placed
                        itself in the same weak negotiating position it has maintained for years.

                        DOE officials maintain that they are improving existing contracts without
                        the benefit of competition. However, DOE is still negotiating in a
                        noncompetitive environment and will not gain the full benefits of
                        competition.


                        In December 1996 we reported on the status of DOE contract reform
Other Information       efforts to the Subcommittee on Energy and Power, House Committee on
                        Commerce.3 While many committees have been following DOE’s contract
                        reform efforts, we have had continued contact with other House
                        committees, include the Subcommittee on Energy and Water



                        2
                         According to DOE’s Procurement and Assistance Data System, DOE had 42 active management and
                        operating contracts as of July 1, 1996.
                        3
                         Department of Energy: Contract Reform Is Progressing, But Full Implementation Will Take Years
                        (GAO/RCED-97-18, Dec. 10, 1996).



                        Page 54                                                        GAO/HR-97-30 High-Risk Program
                       Department of Energy’s Contract
                       Management




                       Development, Committee on Appropriations; and the Energy and
                       Environment Subcommittee, Committee on Science.

                       The Department’s Inspector General is also evaluating DOE’s contract
                       reform efforts. Their recent report entitled, Inspection of the Performance
                       Based Incentive Program at the Richland Operations Office (DOE/IG-0401,
                       Mar. 10, 1997), is very critical of the incentives that DOE paid under this
                       contract.


                       We are currently reviewing one of DOE’s efforts under contract reform.
Ongoing Audit Work     Under this effort, DOE has signed a fixed-price contract for environmental
                       cleanup at its Idaho facility. DOE’s goal is to reduce cleanup costs and
                       shift the risk of nonperformance from DOE to the contractor. The House
                       Commerce Committee has requested that we provide information on the
                       history and current status of the project. While this is our only ongoing
                       work, the House Science Committee and National Security Committee
                       have express interest in our doing additional work on DOE contract
                       reform efforts.


                       Vic Rezendes
Key GAO Contact        Director, Energy, Resources, and Sciences Issues
                       (202) 512-3841


                       Department of Energy: Management and Oversight of Cleanup Activities at
Related GAO Products   Fernald (GAO/RCED-97-63, Mar. 14, 1997).

                       Department of Energy: Contract Reform Is Progressing, But Full
                       Implementation Will Take Years (GAO/RCED-97-18, Dec. 10, 1996).

                       Department of Energy: DOE Has Had Limited Success With Major System
                       Acquisitions (GAO/RCED-97-17, Nov. 26, 1996).

                       Hanford Waste Privatization (GAO/RCED-96-213R, Aug. 2, 1996).

                       Environmental Protection: Issues Facing the Energy and Defense
                       Environmental Management Programs (GAO/T-RCED/NSIAD-96-127, Mar. 21,
                       1996).




                       Page 55                                          GAO/HR-97-30 High-Risk Program
Department of Energy’s Contract
Management




Federal Research: Information on Fees for Selected Federally Funded
Research and Development Centers (GAO/RCED-96-31FS, Dec. 8, 1995).

Nuclear Facility Cleanup: Centralized Contracting of Laboratory Analysis
Would Produce Budgetary Savings (GAO/RCED-95-118, May 8, 1995).

DOE Management: Contract Provisions Do Not Protect DOE From
Unnecessary Pension Costs (GAO/RCED-94-201, Aug. 26, 1994).

Energy Management: Modest Reforms Made in University of California
Contracts, but Fees Are Substantially Higher (GAO/RCED-94-202, Aug. 25,
1994).

High-Risk Series: Department of Energy Contract Management (GAO/HR-93-9,
Dec. 1992).

Energy Management: Vulnerability of DOE’s Contracting to Waste, Fraud,
Abuse, and Mismanagement (GAO/RCED-92-244, Apr. 14, 1992).




Page 56                                         GAO/HR-97-30 High-Risk Program
Student Financial Aid


               The former Guaranteed Student Loan Program (now called the Federal
Overview       Family Education Loan Program or FFELP) was included in GAO’s original
               list of high-risk programs in 1990. At that time, student loan defaults were
               rising rapidly posing significant losses to the government—in 1991 the
               Department of Education paid out $3.6 billion to make good its guarantee
               on defaulted student loans. In 1995, we revised this designation to include
               all federal student financial aid distributed under title IV of the Higher
               Education Act of 1965, as amended. GAO did so because of abuses and
               instances of fraud we identified in the Pell grant program and because all
               of the Title IV programs share the same vulnerabilities to losses due to
               fraud, waste, abuse, and mismanagement.

               At the core of the Department’s financial accountability difficulties are
               persistent problems with the individual student aid programs’ processes,
               structure, and management. These problems include (1) overly complex
               processes, (2) inadequate financial risk to lenders or state guaranty
               agencies for defaulted loans, and (3) management shortcomings. Although
               the Department can mitigate some of these circumstances through more
               effective oversight and management, many of the initiatives it took and
               which we discussed in our reports have not been fully implemented.
               Progress towards their full implementation has been mixed.

               Our work has shown that student aid programs have many participants
               and involve complicated, cumbersome processes. Three principal
               participants—students, schools, and the Department of Education—are
               involved in all the financial aid programs; two additional
               participants—lenders and guaranty agencies—also have roles in FFELP. In
               general, each student aid program has its own processes, which include
               procedures for student applications, school verifications of eligibility, and
               lenders or other servicing organizations that collect payments. Further, the
               introduction of the Ford Direct Loan Program (FDLP)—in which students
               borrow directly from the Department through their school—has added a
               new dimension of complexity. Rather than replacing FFELP as initially
               planned, FDLP now operates along side it. Essentially, this means that the
               Department has two programs to manage that are similar in purpose but
               that operate differently.

               The structure of the student aid programs makes protecting the financial
               interests of the government difficult for the Department for two reasons.
               First, because HEA placed nearly all the financial risk for defaults on the
               federal government, it continues to bear a major portion of the risk for
               loan losses. And, although the 1992 and 1993 amendments to HEA



               Page 57                                          GAO/HR-97-30 High-Risk Program
                            Student Financial Aid




                            established slightly more risk sharing, the current structure still makes
                            protecting the taxpayers’ financial interests difficult. Protecting the
                            financial interests of the government is also difficult because the loan
                            programs now serve more students from low-income families and those
                            attending proprietary schools than in the past. As the number of these
                            higher-risk borrowers has increased, so has the number of defaults. Both
                            of these conditions enhance access for low-income students, yet a tension
                            exists because they jeopardize financial accountability.

                            Management shortcomings also continue as a major problem and
                            contribute to the Department’s financial accountability difficulties. In the
                            past, congressional hearings and investigations, the Department’s Office of
                            Inspector General (OIG) reports, our reports, and other studies and
                            evaluations have shown that the Department (1) did not adequately
                            oversee schools that participated in the programs, (2) managed each title
                            IV program through a separate administrative structure, with poor or little
                            communication among programs, (3) used inadequate management
                            information systems that contained unreliable data, and (4) did not have
                            sufficient and reliable student loan data to determine the Department’s
                            liability for outstanding loan guarantees. In some areas, such as
                            gatekeeping,1 the Department has improved some of its practices. In
                            others, many of the shortcomings we identified in the past remain. For
                            example, Department initiatives to improve information resources
                            management have not been fully successful in producing needed
                            improvements in data quality and systems integration. This situation also
                            effects the programs’ internal controls. For example:

                        •   Poor quality and unreliable FFELP student loan data remain in the
                            Department’s systems. As a result, the Department is unable to obtain
                            from its systems complete, accurate and reliable FFELP data necessary to
                            report on its financial position.
                        •   Inaccurate loan data are being loaded in the National Student Loan Data
                            System. This system is the Department’s principal student financial aid
                            database intended to help resolve data quality problems.


                            About $38 billion of federal student financial aid was available to
Level of Resources at       postsecondary students in fiscal year 1996. This is a major part of all aid
Risk                        that students received. Generally, in awarding such aid, the government
                            relies on third parties (schools, lenders, and state guaranty agencies) to

                            1
                             Gatekeeping generally refers to the Department’s procedures for determining which schools may
                            participate—and whether they should continue participating—in federal student aid programs.



                            Page 58                                                        GAO/HR-97-30 High-Risk Program
                      Student Financial Aid




                      determine student eligibility and aid levels, and make payments. In
                      addition, the government is exposed to billions in potential losses on its
                      approximately $122 billion in outstanding government backed student
                      loans, if they are not properly managed. These include outstanding
                      contingent liabilities the government assumed by guaranteeing
                      federally-sponsored student (FFELP) loans that totalled about $92 billion
                      at the end of fiscal year 1996. The government paid out about $2.8 billion
                      in claims for defaulted student loans in fiscal year 1996. Also, the
                      Department had about $30 billion in outstanding direct (FDLP) loans and
                      defaulted guaranteed student loans at the end of fiscal year 1996.


                      The Department has generally been responsive to addressing problems in
Progress in           its student aid programs. In July 1996, we reported the Department had
Addressing Problems   completed actions or had actions in progress or planned to address 186
                      (91 percent) of 205 recommendations made over a 4-year period—most by
                      OIG and us—to improve its management of federal student financial aid.2
                      These actions have the potential to further remedy many of the underlying
                      problems with the program.

                      The Department has also begun planning a major reengineering effort to
                      resolve these types of problems over the next several years. This effort,
                      known as Easy Access for Students and Institutions, or “Project EASI,” is
                      envisioned as a student-based, integrated data system through which all
                      management and control functions will be conducted.


                      We have made numerous recommendations related to these four areas as
Key Open GAO          a result of our reviews of the operations of the student aid programs.
Recommendations       Several of the more significant recommendations have yet to be fully
and Implementation    addressed by the Department. The table below lists these
                      recommendations, the current status of the Department’s actions to
Status                address them, and our position on whether or not the Department’s
                      response is addressing the problem that led to our recommendation.




                      2
                       Department of Education: Status of Actions to Improve the Management of Student Financial Aid
                      (GAO/HEHS-96-143, July 12, 1996).



                      Page 59                                                        GAO/HR-97-30 High-Risk Program
                                                Student Financial Aid




GAO Report                                                    Key Recommendation
Student Financial Aid: Data Not Fully Utilized to Identify    The Secretary of Education should take actions to improve the accuracy
Inappropriately Awarded Loans and Grants                      and completeness of student financial continuing to screen data entered
(GAO/HEHS-95-89, July 11, 1995).                              into the National Student Loan Data System (NSLDS) to ensure that they
                                                              are in a consistent format, and testing the accuracy and validity of data in
                                                              NSLDS. Further, the Secretary should analyze student aid data more
                                                              closely to identify patterns of noncompliance with federal requirements,
                                                              such as following up on students identified as ineligible in the data
                                                              matches, and take appropriate corrective actions.


Financial Audit: Guaranteed Student Loan Program’s            The Secretary of Education should direct the Assistant Secretary for
Internal Controls and Structure Need Improvement              Postsecondary Education to require agencies and lenders annually
(GAO/AFMD-93-20, Mar. 16, 1993).                              provide Education an independent public accountant’s positive attestation
                                                              on the claims for payment submitted to the federal government, and the
                                                              basis for such attestation, including an opinion on the adequacy of internal
                                                              controls over such claims.




                                                              The Secretary of Education should direct the Assistant Secretary for
                                                              Postsecondary Education to establish and maintain subsidiary ledgers for
                                                              GSLP.




Financial Management: Education’s Student Loan Program        The Secretary of Education should direct the Assistant Secretary of
Controls Over Lenders Need Improvement                        Postsecondary Education and the Officer to coordinate efforts to develop
(GAO/AIMD-93-33, Sept. 9, 1993).                              a comprehensive strategy for determining the accuracy of information
                                                              reported on lenders’ quarterly billings which would include developing
                                                              objective criteria for selecting and reviewing lenders participating in
                                                              FFELP.




                                                Page 60                                                  GAO/HR-97-30 High-Risk Program
                                              Student Financial Aid




Education’s Response                                                           GAO’s Position
The Department of Education formed an NSLDS project team tasked with           While the Department’s actions so far may be able to
reviewing alleged defaulters receiving subsequent aid data, such as            screen out obvious errors and inconsistencies, we loans.
summer of 1996, for the 1995-96 school year, the team identified 100,376       As of the believe that the Department needs to continue
student aid applicants who should not have received federal student loans.     working towards permanently resolving the need for
The system showed that these applicants had previously defaulted on a          accurate and valid data in the NSLDS.
loan. The Department is working with a contractor to identify and verify
critical data items in NSLDS. It has established a NSLDS Data Quality
Action Team which has developed plans to resolve data quality issues
discussed in GAO’s report. Edit checks established in NSLDS have led to
reduced data errors.
In December 1996, the Department’s OIG issued its revised Audit Guide for      We believe that the Department is taking appropriate
lenders and lender servicers requiring that guaranty accountant to perform     action to address this recommendation. The progress and
an examination-level attestation relative to lenders’ and lender servicers’    an independent public effectiveness of these actions will
management assertions regarding interest billing statements to the             be monitored during our reviews of the Department’s
Department. Reports and opinions regarding interest billing testing are to     fiscal years 1996 and 1997 financial statement audits.
be in compliance with reporting requirements under the Single Audit Act. In
July 1996, the OIG issued updated guidance in the form of a revised interim
Compliance Supplement for use by auditors of guaranty agencies in fiscal
year 1996 single audits. Reporting requirements are those covered under
the Single Audit Act. OMB sent out the Compliance Supplement for
comment in March 1997.
The Department issued a task order to the FFELP contractor to develop          We believe that the Department is taking appropriate
auditable subsidiary ledgers. However, the technical and business              action to address this recommendation. The progress and
proposals were unacceptable to the Department. Instead, it will be             effectiveness of these actions will be monitored during
adapting a commercial off-the-shelf software package to implement              our reviews of the Department’s fiscal years 1996 and
permanent FFELP subledgers. OPE is awaiting official acceptance of the         1997 financial statement audits.
system by the Office of the Chief Financial Officer before proceeding
further. Education anticipates completing this effort in December 1997.
In December 1996, the Department’s OIG issued its revised Audit Guide for      We believe that the Department is taking appropriate
lenders and lender servicers requiring Chief Financial accountant to           action to address this recommendation. We will be
perform an examination-level attestation relative to lenders’ and lender       monitoring an independent public the progress during our
servicers’ management assertions regarding interest billing statements to      reviews of the Department’s fiscal years 1996 and 1997
the Department. Reports and opinions regarding interest billing testing are    financial statement audits.
to be in compliance with reporting requirements under the Single Audit Act.
The Department developed reasonability edits in the FFELP subsystems to
compare billing data reported on Form 799, Lender’s Interest and Special
Allowance Request and Report and data submitted to the NSLDS. Once the
edits and level of reasonableness are finalized, the Department will analyze
the variances and forward the results to the Guarantee Agency and Lender
Oversight Service (GLOS) for follow up. The Department will also analyze
the variances for about two years and possibly redesign Form 799. It
anticipates completion in December 1998.
                                                                                                                             (continued)




                                              Page 61                                                   GAO/HR-97-30 High-Risk Program
             Student Financial Aid




GAO Report                 Key Recommendation
                           The Secretary of Education should direct the Assistant Secretary of
                           Postsecondary Education and the Chief Financial Officer to coordinate
                           efforts to develop a comprehensive strategy for determining the accuracy
                           of information reported on lenders’ quarterly billings which would include
                           annually performing mandatory review procedures at selected lenders
                           which, at a minimum, would include reviewing results of annual
                           compliance audits—required by the Higher Education Amendments of
                           1992—and other audits of lenders and following up on identified
                           weaknesses to determine if appropriate corrective actions have been
                           taken.
                           The Secretary of Education should direct the Assistant Secretary of
                           Postsecondary Education and the Chief Financial Officer to coordinate
                           efforts to monitor and follow up with lenders whose quarterly billings fail to
                           meet Education’s internal automated edit checks and reasonability tests.




             Page 62                                                   GAO/HR-97-30 High-Risk Program
                                                 Student Financial Aid




Education’s Response                                                               GAO’s Position
In December 1996, the Department’s OIG issued its revised Audit Guide for          We believe that the Department is taking appropriate
lenders and lender servicers that requires that the lender’s auditors              action to address this recommendation. We will be
specifically audit and report on the integrity of billings to the Department. In   monitoring the effectiveness of the tracking system during
addition, a tracking system was developed to monitor receipt of lender             our reviews of the Department’s fiscal years 1996 and
audit reports and provide a database of findings cited in the report. Those        1997 financial statement audits.
entities with identified weaknesses are flagged and receive appropriate
follow-up action.



The Department developed reasonability edits in the FFELP subsystems to            We believe that the Department is taking appropriate
compare billing data reported on Form 799, Lender’s Interest and Special           action to address this recommendation. We will be
Allowance Request and Report and data submitted to NSLDS. Once the                 monitoring the progress of these actions during our
edits and level of reasonableness are finalized, the Department will analyze       reviews of the Department’s fiscal years 1996 and 1997
the variances and forward the results to GLOS for follow up. The                   financial statement audits.
Department will also analyze the variances for about two years and possibly
redesign Form 799. It anticipates completion in December 1998.

                                                 In addition to addressing our specific recommendations, the Department
What Remains to Be                               must also continue to take comprehensive action to address the four
Done                                             management issues we described above. These actions include:

                                             •   Continuing its ongoing efforts to improve gatekeeping. Among the more
                                                 significant actions underway that the Department needs to sustain is full
                                                 implementation of the Institutional Participation and Oversight Service
                                                 (IPOS) Challenge. Under this initiative, the Department plans to (1) use a
                                                 computer model to identify schools for review based on their risk of
                                                 noncompliance, and (2) have review teams decide on the basis of a
                                                 school’s overall compliance record how to structure school reviews and
                                                 which compliance and penalty actions to recommend in cases of
                                                 violations.
                                             •   Ensuring that both FFELP and FDLP are managed with the resources
                                                 needed to minimize program abuse and that regulatory and other
                                                 corrective actions are followed to address potential program
                                                 administration problems we identified. These include ensuring that
                                                 schools allowed to participate in FDLP have resolved problems that place
                                                 them at risk of losing eligibility to participate in other title IV programs,
                                                 and that defaults on income contingent loans are correctly included in
                                                 calculating cohort default rates for these schools.
                                             •   Integrating its information systems and ensuring the accuracy and validity
                                                 of National Student Loan Data System (NSLDS) data and data in other
                                                 systems to better identify possible program misuse by students, schools,
                                                 and other program participants. The Department currently does not have,
                                                 and needs to develop, an integrated, fully functional, title IV-wide recipient




                                                 Page 63                                                    GAO/HR-97-30 High-Risk Program
    Student Financial Aid




    database. Such a system would show the total amount of aid students have
    received through the Department. This is necessary to improve program
    monitoring, data quality and accuracy, ensuring that students are not
    receiving more aid than they are eligible for, and improving data systems’
    efficiency and cost. Accurate and valid data are required to effectively
    manage and oversee compliance with program requirements. For example,
    the current system cannot always identify where a student is enrolled,
    even after an award is made and thousands of dollars in student aid are
    disbursed.
•   Continuing its efforts to improve financial management, including
    improving the accuracy, quality, and reliability of the Department’s student
    loan data. Such steps are essential to producing auditable financial
    statements for the Department of Education pursuant to the Chief
    Financial Officers Act of 1990, as amended. The Department’s auditors
    expressed a disclaimer of opinion on its fiscal year 1995 financial
    statements due primarily to scope limitations resulting from unreliable
    student loan data. The lack of complete and reliable FFELP student loan
    data prevented the auditors from assessing whether the Department’s
    liability estimate for guaranteed loan defaults about $13 billion was
    accurate, or was materially over or under stated.

    The fiscal year 1996 financial audit is ongoing, and the auditor expects to
    issue its opinion this summer. The Chief Financial Officer and the 10
    largest guaranty agencies are compiling data elements from the guaranty
    agencies’ databases, such as default and collection rates, to be input into
    the Department’s liability model. In addition, the guaranty agencies’
    auditors are to perform agreed-upon procedures to ensure that data from
    which data elements were developed is reliable. However, it is too early to
    tell whether this data will provide a reliable basis for estimating the
    liability.




    Page 64                                         GAO/HR-97-30 High-Risk Program
                                         Student Financial Aid




Congressional Contacts With Interest
in Student Financial Aid Issues          Committee Subcommittee                             Key staff
                                         House Committee on Education and the               Majority
                                         Workforcea                                         Sally Stroup
                                                                                            (202) 225-6558
                                         -Subcommittee on Postsecondary Education
                                         and Life Long Learninga                  Mark Brenner
                                                                                  (202) 225-7101
                                         -Subcommittee on Oversight and
                                         Investigations                           George Conant
                                                                                  (202) 225-6558

                                                                                            Minority
                                                                                            Marshall Grigsby
                                                                                            (202) 225-7116

                                                                                            David Evans
                                                                                            (202) 225-7116
                                         Senate Committee on Labor and Human                Majority
                                         Resourcesa                                         Pam Devitt
                                                                                            (202) 224-6770

                                                                                            Minority
                                                                                            Marianna Pierce
                                                                                            (202) 224-5501
                                         House Committee on Government Reform               Majority
                                         and Oversight                                      Larry Halloran
                                                                                            (202) 225-2548
                                         -Subcommittee on Human Resources
                                                                                            Chris Allred
                                                                                            (202) 225-2548
                                         a
                                          Committee or Subcommittee with jurisdiction over the reauthorization of the Higher Education Act
                                         of 1965, as amended.



Executive Branch Officials and Private
Sector Individuals/ Organizations With   Agency                                             Key staff
Interest in Student Financial Aid        Advisory Committee on Student Financial            Dr. Robert Alexander, Chairperson
Issues                                   Assistance                                         (202) 708-7439

                                                                                            Dr. Brian Fitzgerald, Staff Director
                                                                                            ( 202) 708-7439
                                         Department of Education                            Mr. Tom Bloom, Inspector General
                                                                                            ( 202) 205-5439
                                         Office of Management and Budget                    Ms. Pat Smith, Education Branch
                                                                                            (202) 395-5882
                                         Institute for Higher Education Policy              Mr. Jamie Merisotis, President
                                                                                            (202) 588-8383




                                         Page 65                                                        GAO/HR-97-30 High-Risk Program
                           Student Financial Aid




                           We presently have eleven reviews underway that relate to the operation of
Ongoing Audit Work         and risk associated with the student aid programs.

                       •   Identifying the relationship between reliance on financial aid revenues and
                           school performance in the proprietary school sector.
                       •   Extent of the mismatch between occupational education supported by the
                           student aid programs and employment opportunities.
                       •   Eligibility of illegal aliens for federal student financial aid.
                       •   Review of the income contingent repayment plan in FDLP.
                       •   Review of trends in the cumulative amounts borrowed for postsecondary
                           education.
                       •   Review of a proposal for an increase in the loan volume threshold for
                           auditing lenders under FFELP.
                       •   Efforts to reduce defaults at Historically Black Colleges and Universities.
                       •   Assessment of the Department’s compliance with NSLDS requirements.
                       •   Survey of school’s use of NSLDS.
                       •   Preparation for the fiscal year 1997 Audit of Loans Receivable.
                       •   Preparation for the fiscal year 1997 Audit of Liability for Loan Guarantees.


                           Carlotta Joyner
GAO Contacts               Director, Education and Employment Issues
                           (202) 512-7014

                           Joel Willemssen
                           Director, Information Resources Management
                           (202) 512-6408

                           Bob Dacey
                           Director, Consolidated Audits and Computer Security Issues
                           (202) 512-3317

                           For fiscal year 1997 audit preparation:
                           Ms. Gloria Jarmon
                           Director, Civil Audits/HEHS
                           (202) 512-4476


                           Addressing the Deficit: Budgetary Implications of Selected GAO Work for
Related GAO Products       Fiscal Year 1998 (GAO/OCG-97-2, Mar. 14, 1997).

                           High-Risk Series: Student Financial Aid (GAO/HR-97-11, Feb. 1997).



                           Page 66                                          GAO/HR-97-30 High-Risk Program
Student Financial Aid




Reporting of Student Loan Enrollment Status (GAO/HEHS-97-44R, Feb. 6,
1997).

Department of Education: Status of Actions to Improve the Management
of Student Financial Aid (GAO/HEHS-96-143, July 12, 1996).

Financial Audit: Federal Family Education Loan Program’s Financial
Statements for Fiscal Years 1994 and 1993 (GAO/AIMD-96-22, Feb. 26, 1996).

Student Financial Aid: Data Not Fully Utilized to Identify Inappropriately
Awarded Loans and Grants (GAO/HEHS-95-89, July 11, 1995).

High-Risk Series: Student Financial Aid Programs (GAO/HR-95-10, Feb. 1995).

Financial Audit: Federal Family Education Loan Program’s Financial
Statements for Fiscal Years 1993 and 1992 (GAO/AIMD-94-131, June 30, 1994).

Financial Management: Education’s Student Loan Program Controls Over
Lenders Need Improvement (GAO/AIMD-93-33, Sept. 9, 1993).

Direct Student Loans: The Department of Education’s Implementation of
Direct Lending (GAO/HRD-93-26, June 10, 1994).

Financial Audit: Guaranteed Student Loan Program’s Internal Controls and
Structure Need Improvement (GAO/AFMD-93-20, Mar. 16, 1993).




Page 67                                          GAO/HR-97-30 High-Risk Program
FAA’s Air Traffic Control Modernization


                       GAO  first designated the Federal Aviation Administration’s (FAA) air traffic
Overview               control (ATC) modernization as a high-risk area in 1995.1 We did so because
                       of the modernization’s enormous cost and complexity, its criticality to
                       FAA’s vital mission of ensuring safe and efficient air travel, and its
                       problem-plagued past. In our 1997 high-risk report,2 we again included the
                       modernization, not only for the same reasons we included it in 1995, but
                       also because our recent work on the modernization showed pervasive and
                       fundamental problems in FAA’s approach to managing the modernization.

                       To address the problems that we have thus far identified, we recently
                       made a series of very detailed recommendations aimed at correcting key
                       modernization management problems, to which FAA has been slow in
                       responding and initiating corrective action. We have also initiated and
                       planned work to evaluate other key aspects of the modernization’s
                       management. Our goals are to pinpoint root causes of the modernization’s
                       problems, to recommend fundamental management change to correct the
                       problems, and to vigilantly monitor implementation of these
                       recommendations. When the underlying management weaknesses have
                       been corrected, the ATC modernization will no longer be categorized as a
                       high-risk area.


                       FAA’s primary mission is to ensure safe, orderly, and efficient air travel
ATC Modernization: A   throughout the United States. FAA’s ability to fulfill this mission depends
Brief History and      on the adequacy and reliability of the nation’s ATC system, a vast network
Description            of computer hardware, software, and communications equipment. Within
                       the ATC system, air traffic controllers use automated information
                       processing and display, communication, navigation, surveillance, and
                       weather resources to view key information, such as aircraft location,
                       aircraft flight plans, and prevailing weather conditions, and to
                       communicate with pilots.

                       The ATC system of the late 1970s was a blend of several generations of
                       automated and manual equipment, much of it labor-intensive and obsolete.
                       FAA recognized that it could increase ATC operating efficiency by increasing
                       automation. Additionally, FAA forecasted increased future demand for air
                       travel, brought on by airline deregulation of the late 1970s. It also
                       anticipated that meeting the demand safely and efficiently would require
                       improved and expanded services, additional facilities and equipment,
                       improved workforce productivity, and the orderly replacement of aging

                       1
                        High-Risk Series: An Overview (GAO/HR-95-1, Feb. 1995).
                       2
                        High-Risk Series: Information Management and Technology (GAO/HR-97-9, Feb. 1997).



                       Page 68                                                      GAO/HR-97-30 High-Risk Program
                        FAA’s Air Traffic Control Modernization




                        equipment. Accordingly, in December 1981, FAA initiated its plan to
                        modernize, automate, and consolidate the existing ATC system by the year
                        2000.

                        This ambitious modernization program includes the acquisition of new
                        radars and automated data processing, navigation, and communication
                        equipment in addition to new facilities and support equipment. FAA
                        estimates that the modernization will cost over $34 billion through the
                        year 2003 and total over 200 projects. The Congress has already
                        appropriated about $23 billion of this $34 billion investment.

                        Over the past 15 years, the modernization program has experienced cost
                        overruns, schedule delays, and performance shortfalls that have affected
                        FAA’s ability to deliver systems as promised. For example, the acquisition
                        of the Advanced Automation System, which was estimated to cost
                        $7.6 billion and was the centerpiece of the modernization before FAA
                        restructured the effort in 1994, failed because FAA did not recognize the
                        technical complexity of the effort, did not realistically estimate the
                        resources required, did not adequately oversee its contractors’ activities,
                        and did not effectively control systems requirements.


                        Because the ATC modernization is at high risk, both billions of dollars in
Cost and Service        federal funds and critical federal function are jeopardized. The federal
Delivery Implications   funding profile between fiscal years 1998 and 2003 alone is about $6 billion
                        for new system investments, not to mention the billions of dollars to be
                        spent maintaining these systems and investing in even more systems
                        beyond 2003. With respect to federal function, the cost implications to
                        public and private sector operations of just an isolated ATC interruption for
                        even short time periods can be significant. Since FAA is responsible for
                        providing safe and efficient air travel both now and in the future, when
                        traffic volumes are expected to increase, FAA must modernize its ATC
                        systems, but it must do so effectively and efficiently. To do less not only
                        risks the funds being spent on modernized systems, but also the delivery
                        of vital government services.


                        Effectively managing a modernization as large and technically complex as
What Needs to Be        the ATC modernization requires, among other things, an effective
Done                    organizational structure, disciplined investment management processes,
                        mature system and software development and acquisition processes,
                        reliable data upon which to base important decisions, a well-defined



                        Page 69                                          GAO/HR-97-30 High-Risk Program
                      FAA’s Air Traffic Control Modernization




                      architecture, or blueprint, to guide and constrain system development and
                      evolution, and a healthy organizational culture. Our work evaluating the
                      modernization has been and continues to be directed at determining how
                      well FAA is meeting these and other important requirements.


                      Our recent work shows that FAA is not meeting many of the above cited
Recent GAO Work and   requirements. For example, we reported that (1) FAA’s processes for
Key Open              acquiring the software for its new ATC systems are immature, and at times
Recommendations       chaotic, (2) FAA’s cost estimating processes and cost accounting practices
                      are not adequate to effectively manage its billion dollar information
                      technology investments, (3) FAA’s failure to define and enforce an overall
                      ATC systems architecture has resulted in unnecessarily higher spending to
                      buy, integrate, and maintain hardware and software, (4) FAA’s
                      organizational culture does not reflect a strong commitment to mission
                      focus, accountability, coordination, and adaptability, and (5) FAA lacks a
                      comprehensive plan for augmenting, and transitioning to, the Global
                      Positioning System for civil air navigation.

                      To address these deficiencies, we have made over a dozen detailed
                      recommendations to FAA. FAA is delinquent in responding to and initiating
                      action to correct most of these recommendations. The following table
                      summarizes these recommendations.)




                      Page 70                                         GAO/HR-97-30 High-Risk Program
FAA’s Air Traffic Control Modernization




Page 71                                   GAO/HR-97-30 High-Risk Program
                                             FAA’s Air Traffic Control Modernization




GAO Report                                   Key Recommendation
Air Traffic Control: Immature Software       FAA should improve its software acquisition process capability by:
Acquisition Processes Increase FAA System    • assigning responsibility for software acquisition process improvement to FAA’s CIO,
Acquisition Risks (GAO/AIMD-97-47, Mar.      • providing FAA’s CIO with the authority to implement and enforce ATC modernization
21, 1997).                                   software acquisition process improvements,
                                             • requiring the CIO to develop and implement a formal plan for ATC software acquisition
                                             process improvement based on GAO’s evaluation results,
                                             • allocating adequate resources to ensure that planned initiatives are implemented and
                                             enforced, and
                                             • requiring that, before being approved, every ATC modernization acquisition project
                                             have software acquisition processes that satisfy at least SA-CMM level 2 requirements.

Air Traffic Control: Complete and Enforced   FAA should ensure that a complete ATC systems architecture is develop enforced before
Architecture Needed for FAA Systems          deciding on the architectural characteristics for replacing the Host Computer System.
Modernization (GAO/AIMD-97-30, Feb. 3,
1997).
                                             FAA should establish an effective management structure for developing, maintaining,
                                             and enforcing the complete ATC systems architecture. This management structure
                                             should be similar to the department-level Chief Information Officers as prescribed in the
                                             Clinger-Cohen Act of 1996.
Air Traffic Control: Improved Cost           FAA should institutionalize defined processes for estimat projects’ costs. These
Information Needed to Make Billion Dollar    processes should include:
Modernization Investment Decisions           • a corporate memory
(GAO/AIMD-97-20, Jan. 22, 1997).             • structured approaches for estimating software size and complexity
                                             • cost models calibrated to past experiences
                                             • audit trails that record cost model inputs
                                             • processes for dealing with cost for schedule constraints, and
                                             • data collection and feedback processes.
                                             FAA should disclose the inherent uncertainty in all ATC projects’ official cost estimates
                                             presented to the Congress and executive oversight agencies.
                                             FAA should acquire or develop and implement a managerial cost accounting capability.

                                             The Secretary of Transportation should report FAA’s lack of a cost accounting capability
                                             as a material internal control weakness in the Department’s FMFIA reports until the
                                             problem is corrected.



Aviation Acquisition:                        FAA should develop a comprehensive strategy for cultural change that includes specific
A Comprehensive Strategy Is Needed for       responsibilities and performance measures for all stakeholders throughout FAA and
Cultural Change at FAA                       provide the incentives needed to promote the desired behaviors and to achieve
(GAO/RCED-96-159, Aug. 22, 1996).            agency-wide cultural change.



National Airspace System: Comprehensive      FAA should prepare a comprehensive plan for augmenting the Global Positioning System
FAA Plan for Global Positioning System is    (GPS) and transitioning to it and update this plan regularly. The plan should include,
Needed (GAO/RCED-95-26, May 10, 1995).       among other things, schedule and cost estimates for developing and implementing the
                                             wide and local area augmentation systems as well as information on the probability that
                                             FAA will meet these estimates.




                                             Page 72                                                    GAO/HR-97-30 High-Risk Program
                                            FAA’s Air Traffic Control Modernization




Status             FAA’s Response                                                     GAO’s Position
Open               FAA’s official response is due on May 20, 1997.                    FAA’s response is not yet due.




Open ed and        FAA has not yet officially responded to this This response was     FAA is delinquent in responding to the
                   due on                                                             recommendations. recommendation.
                   April 4, 1997.

Open               FAA has not yet officially responded to this recommendation.       FAA is delinquent in responding to the
                   This response was due on April 4, 1997.                            recommendations.


Open ing ATC       FAA has not yet officially responded to this This response was     FAA is delinquent in responding to the
                   due on March 24, 1997.                                             recommendations. recommendation.




Open               FAA has not yet officially responded to this recommendation.       FAA is delinquent in responding to the
                   This response was due on March 24, 1997.                           recommendations.
Open               FAA has not yet officially responded to this recommendation.       FAA is delinquent in responding to the
                   This response was due on March 24, 1997.                           recommendations.
Open               FAA has not yet officially responded to this recommendation.       FAA is delinquent in responding to the
                   This response was due on March 24, 1997.                           recommendations.

                   FAA’s lack of a cost accounting capability was not identified as
                   a material internal control weakness in the Department’s 1996
                   FMFIA report.
Open               In November 1996, the FAA Administrator directed the           FAA did not meet the deadline.
                   Associate Administrators for Research and Acquisitions and Air
                   Traffic Services to develop the comprehensive strategy
                   recommended by GAO. The Administrator directed that the
                   strategy be defined by April 30, 1997 and updated at 6-month
                   intervals.

Partially imple-   FAA published a satellite navigation program master plan and a     FAA has not yet developed a comprehensive
mented             plan for transitioning to GPS. Additionally, FAA has developed     plan for augmenting GPS that includes firm cost
                   preliminary cost and schedule estimates for acquiring the wide     and schedule estimates for developing and
                   area augmentation system.                                          implementing the wide and local area
                                                                                      augmentation systems..




                                            Page 73                                                    GAO/HR-97-30 High-Risk Program
                                            FAA’s Air Traffic Control Modernization




Key Congressional Contacts With
Interest in FAA’s Air Traffic Control       Committee                                  Key staff
Modernization Issues                        House Committee on Appropriations/         Rich Efford (Majority)
                                            Subcommittee on Transportation & Related   (202) 225-2141
                                            Agencies
                                                                                       Cheryl Smith (Minority)
                                                                                       (202) 225-3481
                                            House Committee on Science,                Richard Russell (Majority)
                                            Subcommittee on Technology                 (202) 225-8844

                                                                                       Jeff Groves (Majority)
                                                                                       (202) 225-8844

                                                                                       Mike Quear (Minority)
                                                                                       (202) 225-6917
                                            House Committee on Transportation &        David Schaffer (Majority)
                                            Infrastructure/Subcommittee on Aviation    (202) 226-3220

                                                                                       Mary Walsh (Minority)
                                                                                       (202) 225-9161
                                            Senate Committee on                        Wally Burnett (Majority)
                                            Appropriations/Subcommittee on             (202) 224-7281
                                            Transportation & Related Agencies
                                                                                       Peter Rogoff (Minority)
                                                                                       (202) 224-7245
                                            Senate Committee on Governmental Affairs   Bill Greenwalt (Majority)
                                                                                       (202) 224-4751

                                                                                       Ellen Brown (Majority)
                                                                                       (202) 224-4751

                                                                                       Brian Dettelbach (Minority)
                                                                                       (202) 224-2627

                                                                                       David Plocher (Minority)
                                                                                       (202) 224-2627
                                            Senate Committee on Commerce, Science & Ann Hodges (Majority)
                                            Transportation/Subcommittee on Aviation (202) 224-4852

                                                                                       Sam Whitehorn (Minority)
                                                                                       (202) 224-0411



                                            We have four ongoing assignments focusing on key aspects of FAA’s
Ongoing GAO Work                            modernization:

                                        •   FAA’s effectiveness in managing its year 2000 conversion effort.
                                        •   FAA’s effectiveness in managing ATC computer security.




                                            Page 74                                                GAO/HR-97-30 High-Risk Program
                           FAA’s Air Traffic Control Modernization




                       •   FAA’s satisfaction of the Clinger-Cohen Act investment management
                           requirements.
                       •   FAA’s progress in augmenting the Global Positioning System.


Key Agency Contacts
                           Agency                                    Contact
                           Federal Aviation Administration           Monte Belger
                                                                     Acting Deputy Administrator
                                                                     (202) 267-7111

                                                                     Dr. George Donahue
                                                                     Associate Administrator for Research and
                                                                     Acquisitions
                                                                     (202) 267-7222



                           Dr. Rona Stillman
Key GAO Contacts           Chief Scientist for Computers and Telecommunications
                           (202) 512-6412

                           John Anderson
                           Director, Transportation Issues
                           (202) 512-2834

                           Linda Calbom
                           Director, Civil Audits - Resources, Community, and Economic
                           Development
                           (202) 512-9508


                           Air Traffic Control: Status of FAA’s Standard Terminal Automation
Related GAO Products       Replacement System Project (GAO/RCED-97-51, Mar. 5, 1997).

                           DOT’s Budget: Safety, Management, and Other Issues Facing the
                           Department in Fiscal Year 1998 and Beyond (GAO/T-RCED/AIMD-97-86, Mar. 6,
                           1997).

                           Air Traffic Control: Good Progress on Interim Replacement for
                           Outage-Plagued System, Bt Risks Can Be Further Reduced (GAO/AIMD-97-2,
                           Oct. 17, 1996).

                           Air Traffic Control: Status of FAA’s Modernization Program
                           (GAO/RCED-95-175FS, May 26, 1995).




                           Page 75                                             GAO/HR-97-30 High-Risk Program
FAA’s Air Traffic Control Modernization




Advanced Automation System: Implications of Problems and Recent
Changes (GAO/T-RCED-94-188, Apr. 13, 1994).




Page 76                                     GAO/HR-97-30 High-Risk Program
NASA Contract Management


                In 1990, we identified NASA contract management as an area at high risk for
Overview        fraud, waste, abuse, and mismanagement. Our decision to place NASA
                contract management on our high-risk list was primarily based on work by
                the NASA Inspector General and NASA management’s growing concern about
                its ability to adequately oversee contractors’ performance.

                Early in our high-risk work, we identified three major causes of NASA’s
                contract management problems:

            •   Unrealistic expectations for future budgets.
            •   Ineffective oversight of contractors.
            •   Noncompliance with contract management requirements.

                Since the early 1990s, NASA has greatly tempered its future budget
                expectations. Also, the agency has made considerable progress in
                addressing its contract management problems since it began to focus
                special attention on them, beginning in the late 1980s. However, NASA still
                needs to ensure that it has relevant and reliable methods for timely and
                accurate monitoring of its contract management activities. Such methods
                are key to the long-term effectiveness of NASA’s contract management.

                NASA’s 5-year budget expectations in the early 1990s were between
                $13 billion and $21 billion higher than the budgets it was likely to receive.
                Such unrealistic expectations adversely impact NASA’s contract
                management activities because,when actual budgets are significantly
                lower than expected, contract adjustments, such as slowing the pace of
                work in order to spend less, can result. Such adjustments cause work to
                take longer and cost more. Over the course of several years, NASA
                eliminated most of the original gap we reported between its program plans
                and likely budgets. Currently, NASA is planning for a slightly declining
                budget for the next 5 years—a total of $66.5 billion—well below the
                $92 billion 5-year budget NASA was planning in the early 1990s.

                A major initiative that NASA hopes will help improve its oversight of
                contractors is the development and implementation of a fully integrated
                financial management system. The new agencywide system, which is
                currently scheduled to begin implementation by October 1998, will replace
                a patchwork of existing systems that are incapable of comprehensively
                producing timely and reliable accounting information and reports.1

                1
                 The NASA Inspector General has expressed concern about NASA’s ability to overcome numerous
                management, functional and technical challenges of implementing reengineered business processes
                (budget, asset management, personnel/payroll,etc.) needed for the integrated financial management
                system.



                Page 77                                                         GAO/HR-97-30 High-Risk Program
                     NASA Contract Management




                     NASA  has completed a variety of efforts to influence contractors’
                     performance, including changing how it shares risk under research and
                     development contracts and the restructuring of contract award fees so
                     that space system performance is emphasized. To help improve
                     agencywide compliance with contract management requirements, NASA has
                     instituted a variety of changes that are intended to ensure more consistent
                     interpretation and implementation of such requirements across the
                     agency. For example, NASA has published improved guidance or made
                     other changes intended to reduce the amount of government equipment
                     provided to contractors and to improve the use of audits in helping
                     oversee contractors’ activities.

                     In actively working to identify and correct its contract management
                     problems, NASA has been responsive to our specific recommendations for
                     improving its contract management and related activities. Also, NASA has
                     independently evaluated other contract management problems and
                     designed, implemented, and measured the effectiveness of its corrective
                     actions. However, NASA still needs to ensure that it has established relevant
                     and reliable ways to help assess the effectiveness of its contract
                     management activities. We will continue to evaluate NASA’s contract
                     management and related activities.


                     When looked at functionally, NASA can be seen principally as a
Resources at Risk    procurement organization. In a typical year, NASA uses between 85 percent
                     and 90 percent of its budget for purchasing goods and services—about
                     $12 billion or more each year. Establishing and maintaining adequate
                     management control over NASA’s procurement activities is imperative,
                     given the amount of money in the system and potentially at risk.


                     Over the past 6 years, we have issued over 40 reports and testimonies
Key Open GAO         dealing partly or wholly with NASA’s contract management and related
Recommendations      activities. Over 30 of these products provided information or analyses on
and Implementation   key parts of the procurement cycle—from choosing the type of
                     procurement instrument, through contract award and oversight of
Status               contractor performance, to contract closing—or addressed major contract
                     management-related activities, including project cost estimating, planning,
                     budgeting, and accounting. Fifteen of the reports contained 82
                     recommendations for correcting or improving NASA’s contract management
                     and related activities. NASA has been responsive to all our major
                     recommendations for improving NASA contract management and related



                     Page 78                                          GAO/HR-97-30 High-Risk Program
                     NASA Contract Management




                     activities and has implemented or is implementing them.2 The one key
                     outstanding matter relates to NASA fulfilling its commitment to improve its
                     ability to oversee contract management activities.


                     Even though NASA is acting to implement key recommendations related to
Why                  contract management or contract management-related activities, there are
Recommendations      actions it still needs to take.
Have Not Been
                     In our most recent high-risk report to NASA,3 we noted that NASA has
Implemented and      effectively addressed many problems throughout the procurement cycle
What Remains to Be   but that a procurement operation as large as NASA’s inevitably experiences
                     periodic problems. The key was to identify such problems early so that
Done                 they could be evaluated, monitored, and corrected before they became
                     systemic. In this regard, we noted that continuous effective oversight
                     required NASA to have relevant and reliable performance measurements
                     and to do periodic performance reviews. We told NASA that resolving
                     remaining high-risk issues is largely based on improvements to the
                     processes and systems it uses to assess and oversee its procurement
                     activities and their capability to consistently produce accurate and reliable
                     information.

                     NASA  acknowledged that it needed to improve the procurement
                     self-assessment process. It said it would issue additional guidance to its
                     field centers on performing assessments and that its procurement
                     management survey teams would review the centers’ processes for
                     conducting these assessments. We told NASA that we are planning to
                     evaluate its procurement self-assessment process and procurement
                     performance measurements.


                     Currently, the majority and minority staffs on the House Science
Other Information    Committee and its Space and Aeronautics Subcommittee are aware and
                     generally interested in our NASA contract management high-risk work.
                     However, we are presently working on only one congressionally requested
                     assignment in the high-risk area—cost control in the Space Station
                     program. The requesters are Senator Bumpers and Representative Dingell.



                     2
                      Some of our recommendations became obsolete before they could be acted on because of other
                     changes at NASA. In other cases, NASA took alternative actions that were intended to produce the
                     same results as our recommended actions.
                     3
                      NASA Procurement: Contract Management Oversight (GAO/NSIAD-97-114R, Mar. 18, 1997).



                     Page 79                                                         GAO/HR-97-30 High-Risk Program
                           NASA Contract Management




                           The NASA Inspector General has a continuous body of work in the
                           procurement area.


                           Ongoing and planned work on contract management and related activities,
GAO Audit Work             include:

                       •   International Space Station cost control (ongoing).
                       •   NASA’s mid-level procurement pilot program (planned).
                       •   NASA’s procurement evaluation processes (planned).



                           Robert J. Wesolowski
NASA Contact               Acting Assistant Inspector General for Auditing
                           (202) 358-1232


                           Louis J. Rodrigues, Director
Key GAO Contacts           Defense Acquisition Issues
                           (202) 512-4841

                           Thomas J. Schulz, Associate Director
                           Defense Acquisition Issues
                           (202) 512-4841


                           NASA Contract Management: Performance Measurement (GAO/NSIAD-97-114R,
Related GAO Products       Mar. 18, 1997).

                           Potential Improvements in NASA’s Assessments of Its Procurement
                           Function (GAO/NSIAD-97-80R, Feb. 4, 1997).

                           NASA Infrastructure: Challenges to Achieving Reductions and Efficiencies
                           (GAO/NSIAD-96-187, Sept. 9, 1996, and GAO/T-NSIAD-96-38, Sept. 11, 1996).

                           Space Station: Cost Control Difficulties Continue (GAO/NSIAD-96-135, July 17,
                           1996, and GAO/T-NSIAD-96-210, July 24, 1996).

                           NASA   Contract Management (GAO/NSIAD-96-95R, Feb. 16, 1996).

                           NASA Budgets: Gap Between Funding Requirements and Projected Budgets
                           (GAO/NSIAD-95-155BR, May 12, 1995).



                           Page 80                                           GAO/HR-97-30 High-Risk Program
Customs Service Financial Management


              The U.S. Customs Service (Customs) has a challenging and diverse
Overview      mission which includes collecting duties, taxes, and fees on imports and
              enforcing trade laws. In 1991, GAO added Customs as a high-risk area
              because it had major weaknesses in its management and organizational
              structure that diminished its ability to detect trade violations on imported
              cargo; collect applicable duties, taxes, fees, and penalties; control financial
              resources; and report on financial operations. In February 1995, we
              reported that Customs had taken several actions in an effort to reduce
              risks in the general management arena. Such actions included aggressively
              pursuing delinquent receivables which resulted in collections of over
              $37 million and embarking on an agency-wide reorganization plan.
              Additional efforts, however, were still needed in the financial management
              area. Since then, the scope of our high-risk work at Customs has focused
              on its financial management problems.

              A number of our key open recommendations related to financial
              management resulted from our efforts to audit Customs’ fiscal year 1992
              and 1993 principal financial statements, under the Chief Financial Officers
              (CFO) Act. We identified critical control weaknesses in areas related to
              trade compliance, computer security, and administrative operations,
              which includes financial reporting. At that time, Customs did not have a
              means to reliably measure overall compliance with trade laws, which
              hindered its ability to ensure that all imported goods were identified and
              related duties collected; disposition of goods moving to other ports,
              warehouses, or foreign trade zones (FTZs) were adequately monitored;
              and the appropriateness of duty refunds, referred to as drawbacks,1 were
              verified. Also, Customs’ controls to prevent or detect unauthorized access
              and intentional or inadvertent unauthorized modifications to critical and
              sensitive data and computer programs were ineffective, thereby
              jeopardizing the security and reliability of the operations central to
              Customs’ mission. Further, fundamental problems, including financial
              management systems that were poorly designed or not designed to report
              financial results and performance information, impaired its ability to
              produce reliable financial information.

              As recently reported in our February 1997 high-risk series, Customs has
              and continues to take actions to address significant weaknesses in its
              financial management and internal control systems. These actions include,
              for example, statistically sampling compliance of commercial importations
              through ports of entry to better focus enforcement efforts and to project

              1
               Drawback payments are refunds of duties and taxes paid on imported goods that are subsequently
              exported or destroyed.



              Page 81                                                        GAO/HR-97-30 High-Risk Program
                        Customs Service Financial Management




                        and report lost duties, taxes and fees due to noncompliance. Customs also
                        developed a methodology to estimate and disclose the liability for future
                        claims for drawback payments and other refunds. In addition, meaningful
                        steps toward correcting its computer access problems were also taken.
                        Further, Customs reorganized its Office of Finance and established
                        financial advisor positions in key organizational units to more effectively
                        meet financial management responsibilities.

                        Although these actions have resulted in substantial progress, Customs still
                        has not fully corrected problems in these areas, which continue to be
                        identified during audits of Customs’ financial statements under the CFO
                        Act. These problems continue to hinder Customs’ ability to reasonably
                        ensure that

                    •   duties, taxes, and fees on imports are properly assessed and collected and
                        refunds of such amounts are valid;
                    •   sensitive data maintained in its automated systems, such as critical
                        information used to monitor Customs’ law enforcement operations, are
                        adequately protected from unauthorized access and modification; and
                    •   core financial systems capture all activities that occurred during the year
                        and provide reliable information for management to use in controlling
                        operations.


                        In fiscal year 1996, Customs processed over 27 million import transactions
Resources at Risk       with a value of over $775 billion. This represents a 100 percent growth
                        over 10 years, while resources remained static. The increase in the volume
                        of imports makes it impractical for Customs to observe and inspect all
                        shipments to ensure compliance of trade laws by the trade community.
                        Also, federal laws allow importers to transfer goods from their original
                        ports of entry to other locations within the United States prior to the
                        assessment of duties, referred to as in-bond transfers. Such transfers
                        increase the risk of trade violations because it is not practical for Customs
                        to closely monitor the movement of goods within the United States to
                        ensure that they are not unloaded, substituted, or augmented in transit.

                        In early 1994, Customs began a compliance measurement (CM) program,
                        in response to GAO’s recommendations, to statistically sample trade
                        compliance of commercial importations through ports of entry to better
                        focus enforcement efforts and to project and report lost duties, taxes and
                        fees due to noncompliance. Compliance measurement was developed as a
                        series of building blocks expanding and improving the precision of the



                        Page 82                                          GAO/HR-97-30 High-Risk Program
Customs Service Financial Management




measure of trade compliance from one year to the next. As such, other
important processes such as in-bond transactions and foreign trade zone
entries are not covered by this port of entry compliance measurement
program.

As a result of this compliance measurement program, Customs reported
an overall port of entry compliance rate of approximately 80 percent and
82 percent for fiscal year 1995 and 1996, respectively. Because these are
statistically-based examinations, Customs can project the level of
noncompliance and associated loss of revenue. Accordingly, Customs
reported revenue undercollections of $218 million and $274 million and
overcollections of $83 million and $101 million for fiscal year 1995 and
fiscal year 1996, respectively.

Although this reflects progress, these programs do not identify the specific
importers who are in violation of trade laws. The compliance
measurement results only allow Customs to assess performance by major
key industry areas, providing a basis for Customs to work with these
groups in improving compliance. However, the inability to specifically
identify import violators hinders Customs ability to actually identify and
collect associated revenue. As such, until Customs can identify and focus
on the non-complying entities or such entities voluntarily become more
compliant, lost duties, taxes, and fees will continue to occur. Customs is
attempting to address this situation through the development of
innovations such as the Primary Focus Industries (PFIs) and tariff areas,
which focus on special areas of non-compliance. In the meantime,
however, the potential for revenue to go uncollected at ports of entry, and
for goods moving in-bond,2 or through bonded warehouses3 and FTZs,
exists.

Customs officials stated that first-ever nation-wide compliance
measurement programs are scheduled to occur in 1997 for in-bond
shipments of goods and those entered into bonded warehouses, however,
until these are implemented fully, not only will Customs be unable to
project the loss of revenue, but any such revenue will remain uncollected.
The Office of the Inspector General (OIG) estimated total revenue
associated with goods moving in-bond to be between $9 to $11 billion
during fiscal year 1996, comprising almost half of the total revenue

2
 In-bond shipment refers to goods authorized, by law, to move within the United States prior to release
or export, without appraisement or classification.
3
 Foreign goods held in bonded warehouses and foreign trade zones are not assessed duty, tax, and fees
until the goods are released into the commerce of the United States.



Page 83                                                           GAO/HR-97-30 High-Risk Program
                     Customs Service Financial Management




                     collected during the fiscal year. OIG also reported a total value of about
                     $5.2 billion for merchandise entered into bonded warehouses for fiscal
                     year 1996.

                     Finally, a similar strategy to measure compliance of goods entering FTZs,
                     as well as issues related to revenue collection will need to be addressed.
                     According to Customs officials, about $144 billion of merchandise entered
                     FTZs during fiscal year 1995.


                     GAO has made several recommendations to Customs in an effort to
Key Open GAO         promote better financial management and strengthen its controls.
Recommendations      Although actions have been initiated on all key open GAO
and Implementation   recommendations (See following table for summary information on these
                     recommendations.) and improvements continue, recommendations
Status               deemed critical to improving the assessment and collection of revenue,
                     strengthening automated systems security, and integrating core financial
                     systems remain open. GAO made these recommendations realizing that
                     most of these problems would require long-term efforts to effectively plan
                     and implement solutions to address the long-standing root causes.
                     Although recent discussions with Customs officials revealed their
                     continued commitment towards improvement efforts, we reiterate the
                     importance that Customs’ top and mid-level management provide the
                     support needed to ensure that these important actions are properly
                     implemented and that related problems do not recur.




                     Page 84                                          GAO/HR-97-30 High-Risk Program
                                           Customs Service Financial Management




High Risk Series Analysis and Update Schedule of Key Open GAO Recommendations Department of the Treasury: United
States Customs Service (Financial Management)
                    Recommendations related to ensuring duties, taxes
GAO report          and fees on imports are properly assessed and     Status of implementation and what remains to be
number              collected and refunds of such amounts are valid   done
AIMD-94-119,       The Commissioner of Customs should direct the              In July 1994, Customs’ Acting Assistant Commissioner
June 15, 1994      Assistant Commissioner for Inspection and Control to       for Inspection and Control directed all jurisdictions to
                   require personnel at ports of entry to maintain accurate   reconcile discrepant AMS bills of lading, or supply an
                   and up-to-date data in the Automated Manifest System       alternative method for completing the task.
                   (AMS) and to routinely investigate all shipments that
                   have not been released by the end of a prescribed          However, in its March 1997 report, the Office of
                   period.                                                    Inspector General (OIG) reports that Customs’ controls
                                                                              over bills of lading and in-bond shipments still do not
                                                                              ensure that transactions appearing as “open” items on
                                                                              Automated Commercial System (ACS) exception
                                                                              reports are true exceptions. Further, during fiscal year
                                                                              1996, Customs had approximately one million bills of
                                                                              lading and in-bond shipment transactions “open” in
                                                                              ACS. According to Customs, both it and the OIG’s
                                                                              testing of a sample of these open bills of lading
                                                                              transactions did not indicate any significant loss of
                                                                              revenue. The OIG attributes the large number of “open”
                                                                              exceptions to a variety of systemic control weaknesses,
                                                                              such as a high rate of input errors that ACS edit
                                                                              controls were not designed to prevent, and because
                                                                              the ACS In-Bond Module used to record manually filed
                                                                              in-bond shipment transactions did not require the input
                                                                              of merchandise quantity, and the module did not
                                                                              interface with and update other ACS modules.
                                                                                                                           (continued)




                                           Page 85                                                    GAO/HR-97-30 High-Risk Program
                                       Customs Service Financial Management




                Recommendations related to ensuring duties, taxes
GAO report      and fees on imports are properly assessed and              Status of implementation and what remains to be
number          collected and refunds of such amounts are valid            done
AIMD-94-38,     The Commissioner of Customs should direct the              In early 1994, Customs implemented a compliance
March 7, 1994   Assistant Commissioner for Inspection and Control to       measurement program to statistically sample trade
                develop and implement, in conjunction with Customs’        compliance of commercial importations through ports
                Chief Financial Officer, a strategy for inspecting cargo   of entry to better focus enforcement efforts and to
                from both high- and low-risk carriers to help provide      project and report lost duties, taxes and fees due to
                reasonable assurance that all cargo delivered is           noncompliance.
                accurately and completely identified on manifest and
                entry documents. Carriers undergoing such inspections      For fiscal year 1996, Customs continued its statistically
                should be randomly selected to ensure that they are        based examination programs, referred to as
                representative of all carriers.                            compliance measurement programs (CMP), for
                                                                           commodity imports by the 4-digit Harmonized Tariff
                                                                           Schedule and by carrier manifests. The commodity
                                                                           import CMP is designed to quantify the lost duties,
                                                                           taxes and fees due to noncompliance (“revenue gap”)
                                                                           and assess trade law compliance. Based on the results
                                                                           of this CMP, Customs projected revenue
                                                                           undercollections of $218 million and $274 million; and
                                                                           overcollections of $83 and $101 million for fiscal year
                                                                           1995 and fiscal year 1996, respectively. The carrier
                                                                           manifest CMP measures the accuracy of reporting by
                                                                           carriers of cargo arriving in the United States.

                                                                           Customs uses the results of its CMPs to identify low
                                                                           compliance areas, track improvement in key sectors,
                                                                           identify revenue gap commodities, and measure
                                                                           improvements resulting from interventions.
AIMD-94-38      Continued.                                                 Customs strategy for implementing GAO’s
                                                                           recommendations related to trade compliance has
                                                                           primarily been based on an assessment of (1) level of
                                                                           risk and (2) Customs’ ability to achieve results. As such,
                                                                           Customs began its CMP project at ports of entry since
                                                                           they deemed this area to be at high risk for lost
                                                                           revenue. Customs has made significant strides in
                                                                           defining the “revenue gap,” via its CMP program for
                                                                           ports of entry, however, these CMPs only provide a
                                                                           measurement of compliance with Customs laws and
                                                                           regulations. These programs cannot yet identify
                                                                           individual importers who are not complying, and
                                                                           subsequently quantify and collect, the related duties,
                                                                           taxes and fees associated with these imports. Customs
                                                                           has efforts underway, such as the Private Focus
                                                                           Industries (PFIs), which focus on special areas of
                                                                           noncompliance, however, future efforts should
                                                                           encompass methods for collecting lost revenue.
                                                                                                                         (continued)




                                       Page 86                                                     GAO/HR-97-30 High-Risk Program
                                    Customs Service Financial Management




             Recommendations related to ensuring duties, taxes
GAO report   and fees on imports are properly assessed and           Status of implementation and what remains to be
number       collected and refunds of such amounts are valid         done
AIMD-94-38   Continued.                                              Customs established an In-bond Task Force to address
                                                                     the problems associated with the in-bond program.
             The Commissioner of Customs should monitor              This task force, comprised of Customs personnel, trade
             implementation of the new procedures for accounting     representatives, and oversight agencies, developed
             for in-bond transfers to ensure that they address the   proposals and changes to the in-bond system.
             weaknesses that have been identified. In conjunction
             with this effort, the Commissioner should provide       According to Customs, the new in-bond proposal
             personnel involved in maintaining data on in-bond       incorporates the rules of compliance measurement and
             transfers with clear and detailed guidance and          post-audit techniques to close the potential revenue
             adequate training on complying with the new             gap. The new proposal also provides Customs with an
             procedures.                                             electronic risk assessment by processing in-bond
                                                                     information through electronic selectivity filters prior to
                                                                     cargo arrival at the first port in the United States. This
                                                                     process lets Customs decide whether or not to
                                                                     authorize the in-bond movement.

                                                                     Under the new program, beginning in December 1997,
                                                                     items shipped in-bond will be subject to selectivity for
                                                                     examination. Customs expects 95% of cargo to move
                                                                     without exam or post-audit; but the remaining 5% will
                                                                     be examined, at the port of unlading (origin) and/or the
                                                                     port of destination. In addition, Customs plans to
                                                                     implement, in fiscal year 1997, a post-audit compliance
                                                                     program.
AIMD-94-38   Continued.                                              As part of Customs’ proposed changes to its in-bond
                                                                     program, in-bond documentation will be entered into
                                                                     ACS only once, at the port of departure. This will
                                                                     eliminate entry of documentation at the port of
                                                                     destination. The in-bond entry will be closed upon
                                                                     reaching its destination.

                                                                     Also, during fiscal year 1996, Customs reported that it
                                                                     initially implemented the electronic link for input of
                                                                     in-bond data by importers/brokers in its Automated
                                                                     Broker Interface, which allows automated brokers and
                                                                     importers to initiate in-bond movements electronically.
                                                                     However, there were initial problems with the interface
                                                                     and the link is now projected to be fully operational in
                                                                     July 1997. The OIG reported in its audit report that
                                                                     Customs eventually expects manually filed in-bonds to
                                                                     be tracked in the same module used for electronically
                                                                     filed in-bond shipments which they believe should allow
                                                                     Customs better control over all in-bond shipments.
                                                                                                                    (continued)




                                    Page 87                                                   GAO/HR-97-30 High-Risk Program
                                     Customs Service Financial Management




             Recommendations related to ensuring duties, taxes
GAO report   and fees on imports are properly assessed and               Status of implementation and what remains to be
number       collected and refunds of such amounts are valid             done
AIMD-94-38   The Commissioner of Customs should direct the               Customs plans to perform a compliance measurement
             Assistant Commissioner for Inspection and Control, in       test to determine the necessity for perpetual inventory
             conjunction with the Chief Financial Officer, to require    records of goods held in bonded warehouses. A
             district offices to maintain perpetual inventory records    pre-pilot test at five bonded warehouses was
             of goods held in bonded warehouses and foreign trade        conducted in 1994 and pilots continued in 1995. The
             zones (FTZs) that they are responsible for overseeing.      OIG reported in its March 1997 report that Customs
                                                                         also developed a CMP schedule to begin in fiscal year
                                                                         1997 for bonded warehouses, but Customs still needs
                                                                         to formulate CMPs for foreign trade zones. As part of
                                                                         the program, Customs will statistically select a sample
                                                                         of open and closed bonded warehouse entries to
                                                                         compare against the bonded warehouse operator’s
                                                                         records. Customs officials stated that such a program
                                                                         for FTZs is more complex due to the difficulty of tracing
                                                                         the goods entered into and withdrawn from FTZs since
                                                                         most are manufacturing operations that incorporate
                                                                         imported components into larger items that are
                                                                         eventually withdrawn and either entered into U.S.
                                                                         commerce or exported. In addition, since Customs
                                                                         does not maintain centralized accountability for entries
                                                                         relating to dutiable goods entered into commerce
                                                                         through FTZs, Customs officials stated that it will be
                                                                         difficult to establish a complete universe of such entries
                                                                         to enable a statistical sample to be selected and
                                                                         examined.
AIMD-94-38   The Commissioner of Customs should direct the               Customs has deferred action of this recommendation
             Assistant Commissioner for Inspection and Control, in       pending the results of the CMP for bonded warehouses.
             conjunction with the Chief Financial Officer, to enhance
             ACS so that the district offices could use this system to
             maintain perpetual records of merchandise quantities
             at each warehouse and FTZ.
                                                                                                                       (continued)




                                     Page 88                                                     GAO/HR-97-30 High-Risk Program
                                        Customs Service Financial Management




                Recommendations related to ensuring duties, taxes
GAO report      and fees on imports are properly assessed and               Status of implementation and what remains to be
number          collected and refunds of such amounts are valid             done
AIMD-94-38      The Commissioner of Customs should direct the               In March 1997, the OIG reaffirmed that material
                Assistant Commissioner for Commercial Operations, in        weaknesses exist in this area but reported varying
                conjunction with the Chief Financial Officer, to develop    degrees of progress in correcting the weaknesses. For
                a means of automatically entering information needed        instance, the OIG reports that, beginning in fiscal year
                to verify drawback claims into ACS so that liquidators      1995, Customs programmed its revenue accounting
                can use the system to automatically verify drawback         system (ACS) to detect drawback claims that exceeded
                claims.                                                     the related amount of duty and taxes paid, in total, on
                                                                            import entries filed in fiscal year 1995 and after.
                                                                            However, since claimants can file drawback claims up
                                                                            to eight years after an entry is filed, the risk, while
                                                                            reduced, of paying duplicate or excessive duties
                                                                            stemming from entries submitted prior to fiscal year
                                                                            1995, still exists. Customs officials estimate that most
                                                                            drawback claims are filed within three to five years of
                                                                            the date an entry was submitted. Further, the OIG
                                                                            reports that Customs continues to lack standard
                                                                            procedures to ensure that drawback claims are
                                                                            liquidated in a consistent manner with documentation
                                                                            supporting the basis for approval. In the interim,
                                                                            Customs drawback offices were instructed to annotate
                                                                            applicable documentation reviewed as part of the
                                                                            drawback liquidation process.
AIMD-94-38      The Commissioner of Customs should direct the               Customs officials state that the Automated Commercial
                Assistant Commissioner for Commercial Operations, in        Environment (ACE) will include a profile on each
                conjunction with the Chief Financial Officer, to enhance    claimant, including information, such as whether the
                ACS so that historical information on drawback              claimant is approved to receive accelerated
                claimants such as accelerated claim privileges,             drawbacks, that will be accessible online by Customs
                excessive claims previously filed, overdue receivables,     drawback specialists. In addition, ACE is expected to
                and regulatory audit results are available to liquidators   electronically reference the claimant profile for
                in a national database.                                     approved privileges or adverse information.
AIMD-94-38      The Commissioner of Customs should direct the               See previous response.
                Assistant Commissioner for Commercial Operations, in
                conjunction with the Chief Financial Officer, to require
                that liquidators review this database to ensure that
                special privileges such as accelerated drawback
                payments are granted only to claimants who have
                consistently complied with Customs claim filing
                requirements.
AFMD-92-30,     Congress may wish to consider enacting legislation to       To date, legislation has not been enacted to authorize
Aug. 25, 1992   allow Customs to use administrative offsets.                Customs to use administrative offsets for collection of
                                                                            duties, taxes and fees.




                                        Page 89                                                     GAO/HR-97-30 High-Risk Program
                                       Customs Service Financial Management




               Recommendations related to ensuring that
GAO report     core financial systems provide reliable
number         information for managing operations                 Status of implementation and what remains to be done
AIMD-94-5      To help strengthen the accuracy of the              In November 1996, Customs began phasing in a
Nov. 8, 1993   accounts receivable balance reported in             comprehensive financial management and seized property
               Customs’ financial statements, the                  tracking system, SEACATS, for its fines, penalties, forfeitures
               Commissioner of Customs should direct the           and property seizure activities. Customs reported that the
               Chief Financial Officer to require Customs          procedural changes to ensure timely and accurate updates
               personnel to review fines and penalties             were being implemented.
               assessments recorded in ACS and correct any
               inaccuracies before transfer to the redesigned
               system.
AIMD-94-5      Customs should develop and maintain an              Beginning in October 1998, Customs plans to implement in
               integrated accounting system that can capture       stages a new comprehensive system (ACE) to replace the
               accurate and reliable information on all types of   current ACS. Customs plans for ACE to be based on account
               assessments (including duties, taxes, fines,        transactions and not individual import transactions. Customs
               and penalties) from assessment through              also intends for ACE to include an automated, centralized
               collection of any related amounts. Also the         accounts receivable subsidiary ledger, which Customs expects
               integration of the property and accounting          will meet all financial reporting requirements. GAO previously
               systems should be completed as planned.             reported that Customs was ill-prepared to develop ACE
                                                                   because the agency was not effectively applying critical
                                                                   management practices that help organizations mitigate the risks
                                                                   associated with modernizing automated systems and better
                                                                   position themselves to achieve success. Customs has efforts
                                                                   underway to address this issue.

                                                                   The OIG reported in March 1997 that, in addition to short term
                                                                   changes in procedures, Customs has developed a long-term
                                                                   Information Strategy Plan to serve as a guide for integrating
                                                                   financial systems. Customs plans to perform a series of
                                                                   business area analyses to identify specific integration projects
                                                                   and time frames for implementation.

                                       (Due to its sensitive nature, additional information is being provided
                                       separately for limited official use only.)


                                       As authorized by the CFO Act, GAO performed pilot audits of Customs’
Ongoing Audit Work                     fiscal years 1992 and 1993 financial statements. In an effort to gain
                                       financial statement audit experience and position themselves to perform
                                       the financial statement audits required by the act, OIG auditors
                                       participated in the fiscal year 1993 financial audit of Customs. Since 1994,
                                       the Treasury Office of Inspector General has audited Customs’ financial
                                       statements. As part of the financial statement audit, the OIG assesses
                                       Customs’ internal control structure, reports on internal control
                                       weaknesses, and makes recommendations to correct such weaknesses. As
                                       part of this process, the OIG investigates and reports on the progress made
                                       on outstanding recommendations that it has made. The OIG will update



                                       Page 90                                                      GAO/HR-97-30 High-Risk Program
                       Customs Service Financial Management




                       the status of its recommendations in future OIG reports on Customs’
                       financial statements. GAO will review OIG’s work as part of its efforts to
                       provide an opinion on the government’s consolidated financial condition.

Key Agency Contacts
                       Department of the Treasury             Contact
                       United States Customs Service          Vincette L. Goerl
                                                              Chief Financial Officer
                                                              (202) 927-0600

                                                              Bob Biancucci
                                                              Acting Director
                                                              (202) 927-0281

                                                              Tom Banner
                                                              Director of Cargo and Entry Operations
                                                              (202) 927-0300

                                                              Kevin Fox
                                                              Director of Analytical Development
                                                              (202) 927-1880

                                                              Louis E. Samenfink
                                                              Director, Seizures and Penalties Division
                                                              (202) 927-3119

                                                              William Riley
                                                              Director, Office of Planning
                                                              (202) 927-7700

                                                              Tom Bavosso
                                                              Supervisory ACS Specialist
                                                              (703) 440-6479
                       Office of Inspector General            Bill Pugh
                                                              Deputy Assistant Director for Audit
                                                              (202) 927-5768

                                                              Marla Freedman
                                                              Director, Financial Statement Audits
                                                              (202) 927-6516



                       Gary Engel
GAO Contact            Associate Director, Governmentwide Audits
                       (202) 512-8815


                       Financial Audits: CFO Implementation at IRS and Customs
Related GAO Products   (GAO/T-AIMD-94-164, July 28, 1994).




                       Page 91                                           GAO/HR-97-30 High-Risk Program
Customs Service Financial Management




Financial Audit: Examination of Customs’ Fiscal Year 1993 Financial
Statements (GAO/AIMD-94-119, June 15, 1994).

Financial Management: Control Weaknesses Limited Customs’ Ability to
Ensure That Duties Were Properly Assessed (GAO/AIMD-94-38, Mar. 7, 1994).

Financial Management: Customs Did Not Adequately Account for or
Control Its Accounts Receivable (GAO/AIMD-94-5, Nov. 8, 1993).

Financial Audit: Examination of Customs’ Fiscal Year 1992 Financial
Statements (GAO/AIMD-93-3, June 30, 1993).




Page 92                                        GAO/HR-97-30 High-Risk Program
Farm Loan Programs


             The U.S. Department of Agriculture’s (USDA) farm loan programs provide
Overview     financial assistance to farmers and ranchers who are unable to obtain
             commercial credit at reasonable rates and terms.1 In operating the farm
             loan programs, USDA faces conflicting objectives: providing temporary
             credit to high-risk farm borrowers until they are able to secure commercial
             credit, while at the same time ensuring that the taxpayers’ investment is
             protected.

             USDA’s farm loan programs have been on GAO’s high-risk list since its
             inception in 1990. In December 1992, we highlighted the poor financial
             condition of USDA’s farm loan portfolio. We pointed out that even after
             forgiving or writing off billions of dollars of unpaid debt, much of the
             portfolio continued to be held by delinquent borrowers. Furthermore, we
             reported that USDA had become a permanent, rather than a temporary,
             source of credit for many borrowers. We identified three factors
             contributing to these problems: (1) field office lending officials were not
             always implementing lending and servicing standards designed to
             safeguard federal financial interests, (2) some of the loan-making,
             loan-servicing, and property management policies were fundamentally
             weak and increased the government’s vulnerability to loss, and (3) the
             Congress had not provided clear direction on the basic purposes of the
             farm loan programs.

             In our February 1995 high-risk series, we noted that some progress had
             been made in addressing two causes of the loan programs’ problems. First,
             USDA had improved compliance with certain lending and servicing
             standards by increasing the training of its field officials. Second, the
             Congress had clarified certain aspects of the Department’s basic lending
             mission by requiring it to focus on assisting beginning farmers. However,
             we also reported that no actions had been taken to strengthen weak loan
             and property management policies and that the Congress needed to
             further clarify the agency’s role.

             Since our February 1995 report, the Congress has enacted legislation that,
             if properly implemented, should significantly reduce the financial risks
             associated with the farm lending programs. Specifically, title VI of the
             Federal Agriculture Improvement and Reform (FAIR) Act of 1996 (P.L.
             104-127, Apr. 4, 1996) made fundamental changes to the programs’
             loan-making, loan-servicing, and property management policies. The
             changes included

             1
             Within USDA, farm loans are administered by the Farm Service Agency (FSA); prior to the
             Department’s October 1994 reorganization, the loans were administered by the Farmers Home
             Administration.



             Page 93                                                       GAO/HR-97-30 High-Risk Program
                              Farm Loan Programs




                          •   prohibiting delinquent borrowers from obtaining additional direct farm
                              operating loans,
                          •   generally prohibiting borrowers who cause USDA to incur loan losses
                              from obtaining additional direct or guaranteed farm loans, except annual
                              operating loans,
                          •   limiting the number of times delinquent borrowers can receive debt
                              forgiveness, and
                          •   requiring certain delinquent borrowers to pay a portion of the interest due
                              to USDA as a condition for having the terms of their loans rewritten.

                              In addition to substantially strengthening lending and property
                              management policies, the FAIR Act provided direction for many other
                              aspects of USDA’s basic lending mission. For example, it emphasized that
                              farm loan assistance is temporary and, consistent with that policy,
                              promoted borrowers’ graduation from direct loans to commercial loans
                              guaranteed by the federal government. The act further reinforced the
                              importance that the Congress placed on using the lending programs to
                              assist beginning farmers and ranchers over other groups of potential
                              beneficiaries.

                              Overall, the extensive reforms mandated by the FAIR Act, combined with
                              USDA’s actions to improve compliance with program standards, should
                              reduce the farm lending programs’ vulnerability to loss.


                              The impact of the FAIR Act’s reforms on the financial condition of USDA’s
Financial Condition of        farm loan portfolio may not be seen for several years. As of September 30,
the Farm Loan                 1996, the direct farm loan portfolio continued to contain large amounts of
Portfolio at the End of       financially risky debt. However, the amount of debt at risk has decreased
                              from prior years. In addition, there was less risk of losses associated with
Fiscal Year 1996              guaranteed loans than there was with direct loans. Specifically:

                          •   As of September 30, 1996, $3.6 billion, or about 34 percent of the total
                              outstanding principal on direct loans ($10.5 billion), was owed by
                              delinquent borrowers. This level of delinquency is an improvement from
                              the $4.6 billion owed by delinquent borrowers, or about 41 percent of the
                              total outstanding principal ($11.4 billion), at the end of fiscal year 1995.
                          •   Much of the decrease in direct loan delinquencies, however, is attributable
                              to debt relief provided to delinquent borrowers. Specifically, USDA
                              forgave $1.1 billion through various mechanisms for servicing delinquent
                              direct loans during fiscal year 1996.




                              Page 94                                         GAO/HR-97-30 High-Risk Program
                           Farm Loan Programs




                       •   As of September 30, 1996, $280 million, or 4.4 percent of the total
                           outstanding principal on guaranteed loans ($6.4 billion), was owed by
                           delinquent borrowers. This compares with $218 million owed by
                           delinquent borrowers, or 3.7 percent of the total outstanding principal
                           ($5.9 billion), at the end of fiscal year 1995.
                       •   Much of the increase in guaranteed loan delinquencies is concentrated in a
                           few states.


                           We have no major open recommendations to the Congress because the
Open GAO                   changes in title VI of the FAIR Act substantially addressed the problems
Recommendations            that we have reported on in the past. While it is too early to gauge the
                           impact of these legislative changes on the financial condition of the
                           portfolio, we believe that, if properly implemented, they will go a long way
                           to reducing the risk associated with the farm loan programs and to
                           improving their operations.


                           The Senate Committee on Agriculture, Nutrition, and Forestry and the
Other Information          House Committee on Agriculture, which have authorizing jurisdiction over
                           USDA’s farm loan programs, have been the primary congressional
                           committees interested in our farm loan work. In addition, the
                           Subcommittee on Agriculture, Rural Development, and Related Agencies
                           of the Senate Committee on Appropriations, and the Subcommittee on
                           Agriculture, Rural Development, Food and Drug Administration, and
                           Related Agencies of the House Committee on Appropriations have also
                           expressed interest in farm loans.


                           GAO  has no ongoing work focusing on USDA’s farm loan programs.
Ongoing Audit Work         However, USDA is still in the process of implementing the FAIR Act’s
                           mandated reforms, and their impact on the loan portfolio’s financial
                           condition will not be known for some time. We plan to continue
                           monitoring USDA’s implementation of these reforms, as well as the status
                           of financial audits being performed under the Chief Financial Officers Act.


                           Robert A. Robinson Director, Food and Agriculture Issues (202) 512-5138
Key GAO Contact
                           Farm Service Agency: Update on the Farm Loan Portfolio (GAO/RCED-97-35,
Related GAO Products       Jan. 3, 1997).




                           Page 95                                         GAO/HR-97-30 High-Risk Program
Farm Loan Programs




Emergency Disaster Farm Loans: Government’s Financial Risk Could Be
Reduced (GAO/RCED-96-80, Mar. 29, 1996).

Consolidated Farm Service Agency: Update on the Farm Loan Portfolio
(GAO/RCED-95-223FS, July 14, 1995).

High-Risk Series: Farm Loan Programs (GAO/HR-95-9, Feb. 1995).

Farmers Home Administration: The Guaranteed Farm Loan Program
Could Be Managed More Effectively (GAO/RCED-95-9, Nov. 16, 1994).

Debt Settlements: FmHA Can Do More to Collect on Loans and Avoid
Losses (GAO/RCED-95-11, Oct. 18, 1994).

Farmers Home Administration: Billions of Dollars in Farm Loans Are at
Risk (GAO/RCED-92-86, Apr. 3, 1992).




Page 96                                        GAO/HR-97-30 High-Risk Program
National Weather Service’s Modernization


                      GAO  first designated the National Weather Service’s (NWS) program to
Overview              modernize its weather observing, information processing, and
                      communications systems as a high-risk area in 1995.1 We did this because
                      of its estimated $4.5 billion cost, its complexity, its criticality to NWS’
                      mission of helping to protect life and property through early forecasting
                      and warnings of potentially dangerous weather, and its past problems. As
                      reported in our February 1997 high-risk report series, while the
                      modernization has greatly improved forecasts and warnings, it has also
                      experienced cost increases and schedule delays.2

                      We have recently testified on the continuing problems facing the
                      modernization, and suggested actions that NWS needs to take to address
                      outstanding risks.3 We will continue to identify the root causes of the
                      modernization’s problems, recommend actions to correct the problems,
                      and monitor implementation of these recommendations. When the
                      underlying management weaknesses have been corrected, the NWS
                      modernization will no longer be categorized as a high-risk area.


                      NWS  uses a variety of systems and manual processes to collect, process,
NWS Modernization:    and disseminate weather data to and among its network of field offices
A Brief History and   and regional and national centers. Prior to the modernization, these
Description           systems and processes were largely outdated. Radar equipment dated back
                      to the 1950s, and much of the current information processing, display, and
                      data communications system has been in use since the 1970s.

                      To enhance its ability to deliver weather services, NWS determined some 15
                      years ago to use the power of technology to “do more with less.” To reach
                      the goal of better forecasting and earlier warnings with a smaller,
                      downsized operation, the Weather Service has been acquiring new
                      observing systems—including radars, satellites, and ground-based
                      sensors—as well as powerful forecaster workstations. The goals of the
                      modernization are to (1) achieve more uniform weather services
                      nationwide, (2) improve forecasting, (3) provide more reliable detection
                      and prediction of severe weather and flooding, (4) permit more
                      cost-effective operations, and (5) achieve higher productivity.



                      1
                       High-Risk Series: An Overview (GAO/HR-95-1, Feb. 1995).
                      2
                       High-Risk Series: Information Management and Technology (GAO/HR-97-9, Feb. 1997).
                      3
                       Weather Service Modernization: Risks Remain That Full Systems Potential Will Not Be Achieved
                      (GAO/T-AIMD-97-85 April 24, 1997).



                      Page 97                                                        GAO/HR-97-30 High-Risk Program
                        National Weather Service’s Modernization




                        Modernization—particularly with the new radars and satellites—has
                        enabled the Weather Service to generate better data and has greatly
                        improved forecasts and warnings. These can be related directly to saving
                        lives and reducing the effects of natural disasters. For example, lead times
                        of warnings for severe storms and tornadoes improved by about 5 minutes
                        between 1986 and 1996, which is significant.

                        Notwithstanding such successes, however, each of the four major
                        programs that make up the modernization has experienced cost increases
                        and schedule delays. Some of these increases and delays can be attributed
                        to changes in requirements; others were caused by program management
                        and development problems. Also, in terms of staffing, the sizable
                        reductions promised as a result of the modernization will not be realized.
                        While NWS originally planned to reduce staff by 21 percent, the goal had
                        been scaled back to 8 percent. NWS attributes the reduced goal primarily to
                        the need for more staff than originally envisioned to operate new systems,
                        and to other unanticipated requirements.


                        NWS  estimates that the total cost of the modernization will be about
Cost and Service        $4.5 billion, when completed in 2002. At that time, the last of five satellites
Delivery Implications   for identifying and tracking severe weather events, such as hurricanes,
                        would have been launched. Additional funds will be necessary to maintain
                        these systems and invest in even more systems beyond 2002. The cost
                        implications to public and private sector operations of just an isolated NWS
                        interruption can be significant. In light of NWS’ mission of forecasting and
                        providing early warnings of dangerous weather, it must not only
                        modernize its systems, but it must do so effectively and efficiently. To do
                        less not only risks the funds being spent on modernized systems, but also
                        the delivery of vital government services.


                        Our work shows that NWS has addressed some of our recommendations.
Key Open                However, other key ones remain open. (See following table for summary
Recommendations         information on these recommendations.) For example, we recommended
                        in March 1994 that NWS develop a systems architecture to guide its current
                        and future systems development. NWS agreed that such a technical
                        blueprint is necessary, and is currently working on one. However, more
                        than 3 years after our recommendation, NWS still has not developed an
                        overall architecture. Until such an architecture is developed and enforced,
                        the modernization will likely continue to be subject to higher costs and
                        reduced performance.



                        Page 98                                           GAO/HR-97-30 High-Risk Program
National Weather Service’s Modernization




We have also made several recommendations that we feel will strengthen
the Weather Service’s ability to acquire the Advanced Weather Interactive
Processing System (AWIPS), the linchpin of the NWS modernization.
Operating under a $550-million funding cap, the system is expected to be
fully deployed in 1999. In 1996, we recommended that NWS ensure that
each software version is fully tested and all material defects are corrected
before beginning software development associated with the next version.
In addition, we recommended that NWS establish a software quality
assurance program to increase the probability of delivering promised
AWIPS capability on time and within budget. We also recommended that
NWS obtain an independent assessment of the cost to develop and deploy
AWIPS. Progress to date in these areas has, however, been uneven, and we
remain concerned about AWIPS development risks—risks that threaten
the system’s ability to be completed on time, within budget, and with the
functional capability that AWIPS must be able to provide. Until AWIPS is
deployed and functioning properly, NWS will not be able to take full
advantage of the nearly $4 billion investment it has made in the other
components of the modernization.

While we see clear benefits in the National Weather Service
modernization—improved forecasts and warnings—we also see risks.
These risks can only be reduced through development and enforcement of
a systems modernization architecture, careful implementation of planned
mitigation techniques in the case of AWIPS, and management commitment
to early planning of the modernization program.




Page 99                                         GAO/HR-97-30 High-Risk Program
                                             National Weather Service’s Modernization




GAO Report                                   Key Recommendation
Weather Satellites: Planning for the         NOAA should ensure that the National Environmental Satellite, Data, and Information
Geostationary Satellite Program Needs More   Service (NESDIS) (1) clarifies for activating replacement spacecraft in the event of a
Attention, (GAO/AIMD-97-37, March 13,        failure of an operational GOES satellite or any of its instruments or subsystems, and (2)
1997).                                       reexamines the agency’s strategy for anticipating possible launch failures and considers
                                             scheduling backups for all future failures.
                                             NOAA should prepare a formal analysis of the costs and benefits of several alternatives
                                             for the timing, funding, and scope of the follow-on GOES program, including the
                                             possibility of starting the program as early as fiscal 1998 and the potential need to fund
                                             some types of technology development apart from the operational satellite program. This
                                             analysis should be provided to the Congress for its use in considering options for the
                                             future of the GOES program.
Weather Forecasting: Systems Architecture    NOAA should direct NWS to develop a systems architecture and this architecture should
Needed for National Weather Service          include all weather forecasting and warning subsystems and be used as a guide in
Modernization, GAO/                          current and future subsystems development.
AIMD-94-28, March 11, 1994).




                                             Page 100                                                  GAO/HR-97-30 High-Risk Program
                                          National Weather Service’s Modernization




Status        NWS Response                                              GAO’s Position
Open offici   NOAA has not yet officially responded to this
              recommendation.al criteria



Open          NOAA has not yet officially responded to this
              recommendation.




Open          The NWS modernization systems manager has been             GAO will follow-up on NWS efforts to develop a system
              directed to develop a systems architecture, and a system architecture to guide it in future systems development.
              architecture document is reportedly in draft. This systems
              architecture is scheduled to be finalized in 1997.



                                          Effectively managing a large modernization program such as the NWS
What Needs to Be                          modernization program requires disciplined investment management
Done                                      processes, mature system and software development and acquisition
                                          processes, reliable data upon which to base important decisions, and a
                                          well-defined architecture, or blueprint, to guide and constrain system
                                          development and evolution. Our work in evaluating the modernization has
                                          been and continues to be directed at determining how well NWS is meeting
                                          these and other important requirements.




                                          Page 101                                               GAO/HR-97-30 High-Risk Program
                                         National Weather Service’s Modernization




Key Congressional Contacts With
Interest in National Weather Service’s   Committee                                    Key staff
Modernization Issues                     House Committee on Science,                  Steve Eule (Majority)
                                         Subcommittee on Energy and Environment       (202) 225-7504

                                                                                      Dr. William Smith (Minority)
                                                                                      (202) 225-7504
                                         Senate Committee on Governmental Affairs,    Michael Rubin (Majority)
                                         Subcommittee on Oversight of Government      (202) 224-3682
                                         Management, Restructuring and the District
                                         of Columbia
                                         Individual Requestors:
                                         Sen. Kay Bailey Hutchison                    Amy Henderson
                                                                                      (202) 224-1443
                                         Sen. Bob Graham                              Melissa White
                                                                                      (202) 224-3041
                                         Sen. Connie Mack                             C.K. Lee
                                                                                      (202) 224-5274
                                         Sen. Thad Cochran                            Betsy Harkins
                                                                                      (202) 224-6408
                                         Rep. E. Clay Shaw                            George Cox
                                                                                      (202) 225-3026
                                         Rep. Phil English                            Bob Holste
                                                                                      (202) 225-5406



                                         We have two ongoing assignments focusing on aspects of NWS
Ongoing GAO Work                         modernization, one on NWS system capabilities and a second on NWS staff
                                         reductions.

Key Agency Contacts
                                         Agency                                       Contact
                                         National Oceanic and Atmospheric             Dr. James Baker
                                         Administration                               Under Secretary for Oceans and
                                                                                      Atmosphere
                                                                                      (202) 482-3436
                                         National Weather Service                     Elbert W. Friday
                                                                                      Assistant Administrator
                                                                                      (301) 713-0689

                                                                                      Dr. Susan Zevin
                                                                                      Deputy Assistant Administrator
                                                                                      (301) 713-0711




                                         Page 102                                                 GAO/HR-97-30 High-Risk Program
                       National Weather Service’s Modernization




                       Joel C. Willemssen
Key GAO Contacts       Director, Information Resources Management
                       (202) 512-6408

                       L. Nye Stevens
                       Director for Federal Management Issues
                       (202) 512-8676


                       Weather Service Modernization: Risks Remain that Full Systems Potential
Related GAO Products   Will Not Be Achieved (GAO/T-AIMD-97-85, Apr. 24, 1997).

                       National Oceanic and Atmospheric Administration: Weather Service
                       Modernization and NOAA Corps Issues (GAO/T-AIMD/GGD-97-63, Mar. 13, 1997).

                       Weather Satellites: Planning for the Geostationary Operational
                       Environmental Satellite Program Needs More Attention (GAO/AIMD-97-37,
                       Mar. 13, 1997).

                       High-Risk Series: Information Management and Technology (GAO/HR-97-9,
                       Feb. 1997).

                       NOAA Satellites (GAO/AIMD-96-141R, Sept. 13, 1996).

                       Weather Forecasting: Recommendations to Address New Weather
                       Processing Development Risks (GAO/AIMD-96-74, May 13, 1996).

                       Weather Forecasting: NWS Has Not Demonstrated that New Processing
                       System Will Improve Mission Effectiveness (GAO/AIMD-96-29, Feb. 29, 1996).

                       Weather Forecasting: New Processing System Faces Uncertainties and
                       Risks (GAO/T-AIMD-96-47, Feb. 29, 1996).

                       Weather Forecasting: Radars Far Superior to Predecessors but Location
                       and Availability Questions Remain (GAO/T-AIMD-96-2, Oct. 17, 1995).

                       Weather Service Modernization Staffing (GAO/AIMD-95-239R, Sept. 26, 1995).

                       Weather Forecasting: Radar Availability Requirements Not Being Met
                       (GAO/AIMD-95-132, May 31, 1995).




                       Page 103                                          GAO/HR-97-30 High-Risk Program
National Weather Service’s Modernization




Weather Forecasting: Unmet Needs and Unknown Costs Warrant
Reassessment of Observing System Plans (GAO/AIMD-95-81, Apr. 21, 1995).

Weather Service Modernization Questions (GAO/AIMD-95-106R, Mar. 10, 1995).

Weather Service Modernization: Despite Progress Significant Problems
and Risks Remain (GAO/T-AIMD-95-87, Feb. 21, 1995).

Meteorological Satellites (GAO/NSIAD-95-87R, Feb. 6, 1995).

High-Risk Series: An Overview (GAO/HR-95-1, Feb. 1995).

Weather Forecasting: Improvements Needed in Laboratory Software
Development Processes (GAO/AIMD-95-24, Dec. 14, 1994).

Weather Forecasting: Systems Architecture Needed for National Weather
Service Modernization (GAO/AIMD-94-28, Mar. 11, 1994).

Weather Forecasting: Important Issues on Automated Weather Processing
System Need Resolution (GAO/IMTEC-93-12BR, Jan. 6, 1993).

Weather Satellites: Action Needed To Resolve Status of the U.S.
Geostationary Satellite Program (GAO/NSIAD-91-252, July 24, 1991).

Weather Satellites: Cost Growth and Development Delays Jeopardize U.S.
Forecasting Ability (GAO/NSIAD-89-169, June 30, 1989).




Page 104                                          GAO/HR-97-30 High-Risk Program
Asset Forfeiture Programs


                        Federal asset forfeiture programs at the U.S. Treasury Department (U.S.
Overview                Customs Service)1 and Justice Department were part of our original
                        high-risk list in 1990 because the programs—with inventories valued at
                        about $2 billion in 1995—did not adequately focus on managing the items
                        seized. We reported in December 1992 that the existence of major
                        operational problems, related to the management and disposition of seized
                        and forfeited property, had been identified and that corrective actions
                        were being initiated. In our February 1995 high-risk report, we reported
                        that, although much had been accomplished and some management and
                        systems changes had improved program operations, some significant
                        problems with seized property management remained. For example, as
                        identified in our fiscal years 1992 and 1993 financial audits, there were
                        serious weaknesses in Customs’ key internal controls systems that
                        affected Customs’ ability to control, manage, and report results of its
                        seizure efforts. Since our 1995 report, Customs has initiated several
                        actions to address these problems, including continuing to upgrade
                        existing security storage facilities and developing a new seized property
                        inventory system, which Customs anticipates will be implemented in
                        phases. Significant progress is anticipated in fiscal year 1997. In addition,
                        the Treasury Forfeiture Fund’s auditors rendered unqualified opinions on
                        the Fund’s fiscal year 1996 and 1995 financial statements.

                        Our February 1997 high-risk series also addressed the issue of the
                        consolidation of postseizure management and disposition of seized
                        properties. Legislation enacted in 1988 required Justice and Customs to
                        develop a plan to consolidate postseizure administration of certain
                        properties.2 In June 1991, we recommended that Justice and Customs
                        consolidate the postseizure management and disposition of all noncash
                        seized properties. In our February 1995 high-risk report, we reported that,
                        although a small pilot project for consolidation was in effect from October
                        1992 through September 1993, Justice and Treasury had not made
                        significant progress towards consolidation of property management
                        functions.


                        We have identified millions of dollars in assets, and large amounts of
Resources at Risk and   illegal drugs, vulnerable to theft and misappropriation and have estimated
Potential Savings       potential cost savings in the asset forfeiture program.

                        1
                         Congress established the Department of the Treasury Forfeiture Fund in October 1992 to supersede
                        the Customs Fund. Customs is responsible for managing property seized by Treasury law enforcement
                        agencies.
                        2
                         The Anti-Drug Abuse Act of 1988, P.L. 100-690, 21 U.S.C. 887 (1988).



                        Page 105                                                          GAO/HR-97-30 High-Risk Program
                     Asset Forfeiture Programs




                     Despite significant improvement efforts, weaknesses in key internal
                     controls and systems have affected Customs’ ability to maintain adequate
                     accountability and stewardship over seized property. Specifically, poor
                     physical security at some of Customs’ storage locations, problems with the
                     implementation of Customs’ new seized property tracking system, and
                     system security weaknesses relating to the systems Customs uses to
                     account for seized property and law enforcement operations, have placed
                     millions of dollars in assets and large amounts of illegal drugs at risk.
                     However, the Treasury OIG’s audit of Customs’ fiscal year 1996 financial
                     statements did not indicate any significant loss of seized property.

                     With respect to the consolidation of Justice and Treasury postseizure
                     management and disposition of all noncash seized property, our June 1991
                     report on the asset forfeiture program estimated that program
                     administration costs could be reduced 11 percent annually if Justice and
                     the U.S. Customs Service consolidated the postseizure management and
                     disposition of such items. We estimated the savings on the basis of fewer
                     positions being needed if both programs were combined into one. We also
                     reported that consolidation would likely result in lower contractor costs
                     due to economies of scale. Independently operating in the same areas may
                     result in higher prices paid for services than under a consolidated
                     program, which may be able to obtain lower vendor prices because of a
                     higher volume of activity. We found this to be true in six locations.3

                     In November 1994, the Marshals Service4 reported the costs and proceeds
                     associated with the assets in the pilot project conducted during fiscal year
                     1993. However, the report did not contain a comparison of what costs
                     would have been had the assets not been consolidated. Hence, there was
                     no way to determine the effectiveness of the pilot project.


                     We have made several recommendations relating to improving Customs’
Key Open GAO         accountability and stewardship over property seized. Specifically, we have
Recommendations      recommended that Customs improve the (1) physical security at its
and Implementation   locations used to store seized property, (2) reliability of the information
                     maintained in its seized property tracking system, and (3) controls over
Status               access to critical and sensitive data and computer programs maintained in
                     its systems that account for seized property and law enforcement

                     3
                      San Diego and Calexico/El Centro, California; Yuma, Arizona; and McAllen, Laredo, and El Paso,
                     Texas.
                     4
                      The Marshals Service is responsible for holding and maintaining real and tangible personal property
                     seized by participating agencies within Justice’s asset forfeiture program.



                     Page 106                                                         GAO/HR-97-30 High-Risk Program
Asset Forfeiture Programs




operations. In addition, we recommended that Justice and Treasury
consolidate the management and disposition of all noncash seized
properties.

In response to our recommendation relating to physical security, in 1994,
Customs formed a task force to address security at its seized asset storage
facilities. The task force sent out questionnaires to over 260 locations with
storage facilities for seized property and physically inspected about 34
locations. It identified numerous locations that needed improved security.

Customs stated that, to date, it has built 6 new storage facilities, one as
recently as February 1997, in locations that were determined to be the
most vulnerable. In addition, funding has been received for the
construction of 2 additional storage facilities, one of which is in the
process of being constructed. Customs also improved security at 28 other
locations by installing various security devices, such as dual access entry
into its vaults, motion sensors, door contact alarms, and surveillance
cameras. Further, Customs headquarters has issued 5 policy statements
designed to direct the improvement of the physical security of seized
property during the processing of seizure activities.

According to Customs officials, Customs used funds obtained from the
Treasury Forfeiture Fund in fiscal year 1995 to procure sufficient security
devices to upgrade up to 200 locations. However, this equipment has not
yet been placed in operation because no funding for installation has been
received since 1995. In addition, a Customs official told us that four
storage facilities, which are to be located in remote areas where significant
amounts of illegal drugs are routinely seized, are in the pre-construction
phase, but funding for construction has not been provided.

Regarding the reliability of the information maintained in its seized
property tracking system, Customs has undertaken several improvement
efforts, including conducting annual nationwide physical inventories of its
seized property and implementing additional policies and procedures.
According to Treasury Office of Inspector General (Treasury OIG)5
officials, these efforts have resulted in significant improvements in the
reliability of the quantities and values recorded in Customs’ seized
property records.



5
 The Treasury OIG has performed the financial statement audit of Customs, under the Chief Financial
Officers Act, for fiscal years 1994, 1995, and 1996. The Customs seizure activities and related controls
continue to be reviewed as a part of that audit.



Page 107                                                           GAO/HR-97-30 High-Risk Program
Asset Forfeiture Programs




In addition, according to Customs, it has developed, and is implementing
in phases, a new Seized Assets and Case Tracking System (SEACATS).
This system, whose initial functions were implemented in November 1996,
is intended to be a comprehensive financial management and seized
property tracking system for Customs’ fines, penalty, and property seizure
activities. SEACATS is expected to provide interfaces to Customs’
Automated Commercial System, the general ledger, the contractor
systems, and the law enforcement system, and to include appropriate audit
trails for changes to seized property data. However, Customs has
experienced significant problems with SEACATS since its initial
implementation. In particular, problems with converting data from the old
systems to SEACATS have posed great difficulties. Customs anticipates
that the implementation problems will be fully corrected no later than the
end of fiscal year 1997.

In response to our recommendation for improved controls over access to
critical and sensitive data and computer programs maintained in Customs’
systems that account for seized property and law enforcement operations,
Customs has designed additional security features in SEACATS.
Specifically, according to Customs officials, seven systems’ databases
were merged to form the SEACATS database, and no changes could be
made to the old systems’ databases after SEACATS was implemented.
Since November 12, 1996, all “new” seized property has been entered into
SEACATS. In addition, Customs officials told us that security profiles have
been developed for SEACATS users, and access is given only to those
functions needed according to the job responsibility. Further, a user
identification and password along with a discretionary access control
capability have been established to protect data from unauthorized and
inappropriate access. Moreover, with every update to SEACATS, an audit
record is created showing who accessed the file, the time, and the terminal
used.

Despite these significant improvement efforts, weaknesses in computer
security controls still exist. Specifically, the Treasury OIG’s fiscal year
1996 review of electronic data processing controls for the computer
application system for law enforcement activities showed that this system
continued to be vulnerable to unauthorized access. Since the law
enforcement system is a source of key data relating to seizure activity
recorded in SEACATS, this vulnerability could affect the reliability of
information in SEACATS. In addition, a review of electronic data
processing controls for SEACATS has not yet been performed by the
Treasury OIG.



Page 108                                        GAO/HR-97-30 High-Risk Program
                     Asset Forfeiture Programs




                     Regarding our recommendation that Justice and Treasury consolidate the
                     management and disposition of all noncash seized properties, as of May 7,
                     1997, representatives of both Justice and Treasury indicated there were no
                     plans for such consolidation.


                     Customs officials have stated that, due to a lack of funding for its
Why                  proposals to improve security at its existing facilities and to construct new
Recommendations      facilities, they have not been able to complete all of the planned actions to
Have Not Been        their storage locations. The task force formed to address physical security
                     of seized property submitted budget requests to the Treasury Forfeiture
Implemented and      Fund in both fiscal years 1996 and 1997; however, its requests were
What Remains to Be   denied. Customs also requested funding from its Office of Finance.
                     However, no funding was provided for these planned actions. Customs is
Done                 currently in the process of developing a budget request for fiscal year 1998
                     that it plans to submit to the Treasury Forfeiture Fund.

                     The Treasury Forfeiture Fund allocates money to the various Treasury law
                     enforcement agencies involved in seizure activities on the basis of an
                     assessment of their need and projected receipts of the current year.
                     According to Treasury Forfeiture Fund officials, Customs’ request for
                     funding was denied primarily for two reasons. First, in fiscal year 1996,
                     forfeiture fund receipts were significantly lower than projected, which
                     resulted in decreasing funds for all the Treasury law enforcement
                     agencies. Second, building construction and improvement requests cannot
                     be evaluated without a reasonable plan for all projects, and the amount of
                     information submitted by Customs with its building request was deemed
                     insufficient by the Treasury Forfeiture Fund. Customs officials told us that
                     in November 1996, Customs had provided a seizure vault briefing to
                     Treasury Forfeiture Fund officials citing cost estimates, construction
                     blueprints, detailed vault sizes, and a video of existing vaults. Within the
                     next few months, a conference between Treasury Forfeiture Fund and
                     Customs officials will be held to address the issue involving submission of
                     detailed plans for construction and improvement projects.

                     As previously stated, Customs’ significant problems in the implementation
                     of SEACATS were primarily due to invalid conversion criteria, which
                     created incorrect data in the system. The amount of time it has taken to
                     address these problems is a product of both the significant volume of
                     records involved and ensuring that corrections being made would not
                     cause problems in other areas.




                     Page 109                                         GAO/HR-97-30 High-Risk Program
Asset Forfeiture Programs




Because of the critical and sensitive data maintained in Customs’
commercial trade systems and the problems faced with the
implementation of SEACATS, Customs placed a priority on first correcting
the computer security weaknesses relating to its commercial systems.
Customs plans to fully address the computer security issues pertaining to
computer programs for the law enforcement system when the problems
with SEACATS are more fully corrected, and the remaining issues will be
addressed in fiscal year 1998 as part of the TECS6 year 2000 project.

Regarding Justice’s and Treasury’s reasons for not implementing our
consolidation recommendation, Justice and Treasury explained that
property management and disposition have not been consolidated because
(1) doing so appears contrary to current policy as established by the
Congress, and (2) the savings estimates we used to support our
recommendation in 1991 are not valid today. Specifically, officials said
that, in 1988, the Congress enacted section 887 of title 21, United States
Code, that provided for development and maintenance of a joint plan for
postseizure administration of property seized under title 21. From 1988 to
1992, a series of reports and hearings, as well as our field work in 1990,
documented serious problems with asset management and disposal by the
Customs Service. They noted that by June 1991, when we recommended
that postseizure administration of all noncash assets be consolidated
under the Marshals Service, the federal asset forfeiture program was more
consolidated.7 Justice and Treasury officials stated that, in October 1992,
the Congress appeared to reject our recommendation. The officials said
that through creation of a separate Treasury Forfeiture Fund, the Congress
directed that the Justice and Treasury programs were to be managed and
administered separately.8 Officials said that with separate financial,
management, and contract structures, consolidation will be more difficult
and costly in today’s environment than in 1991.

Further, Treasury and Justice officials said that major changes in the
program since 1991 include (1) revisions to Treasury’s national seized
property contract, (2) lessons learned on how to avoid problems that
increase property management and disposal costs for both funds, and

6
 TECS is the Treasury Enforcement Communication System.
7
 At the time of this recommendation, three Treasury bureaus already participated in the Justice fund.
The Marshals Service administered property seized by these bureaus for forfeiture in judicial cases.
Pursuant to 19 U.S.C. 1613b, the Customs Service managed the Customs Forfeiture Fund for itself and
the Coast Guard.
8
 See 31 U.S.C. 9703. As a result, all properties seized by the three Treasury bureaus previously
participating in the Justice fund were transferred to and consolidated with the Customs Service’s
property management and disposal program.



Page 110                                                         GAO/HR-97-30 High-Risk Program
Asset Forfeiture Programs




(3) increased cooperation between Justice and Treasury. They added that
changes mean that further consolidation will not produce significant
savings.

We continue to believe that consolidation of the asset management and
disposition functions is still required despite the passage of the 1992 act.
The 1988 statute clearly requires the Attorney General and the Secretary of
the Treasury to develop and maintain a joint plan. The statute permits the
parties to determine what action should be taken to carry out the statutory
mandate. More recently, the House Appropriations Committee stated in its
July 19, 1995, report that “the consolidation of asset management and
disposition functions of Justice and Treasury could address duplication
and provide cost savings to the management and disposal process.” The
report added that the Committee expects Justice to review the feasibility
of consolidating contract vendors for both the Marshals Service and
Treasury agencies.9

We still see areas of possible duplication between the two funds and
programs and accordingly believe consolidation has the potential to
produce savings. Both agencies seize similar types of property that are
generally located in the same geographic areas. However, under the
current operating structure, each agency maintains a separate and distinct
program for managing and disposing of its property. Justice, through the
Marshals Service, contracts directly with multiple vendors for
management services. Treasury, through the Customs Service, has a single
nationwide contractor that provides custodial services either directly or
through subcontracts with other vendors. While we recognize that our
estimates of savings resulting from consolidation were based on our 1991
report and that some circumstances may have changed, Justice and
Treasury officials have not provided data to support their assertion that
consolidation in the current environment would not produce the savings
that we estimated in 1991. Accordingly, we continue to believe that Justice
and Treasury should aggressively pursue consolidation of their asset
management and disposition functions until an analysis shows that
consolidation would not be cost effective.




9
Departments of Commerce, Justice, and State, The Judiciary, and Related Agencies Appropriations
Bill, Fiscal Year 1996, H.R. Rep. No. 104-196, 104th Cong., 1st Session 20 (1995).



Page 111                                                      GAO/HR-97-30 High-Risk Program
                         Asset Forfeiture Programs




                         Congressman Michael Forbes (R-NY) has requested information from the
Congressional            Department of Justice regarding the consolidation issue.
Contacts With Interest
in Asset Forfeiture
Issues
                         Annual financial statement audits of the U.S. Customs Service’s and
Ongoing Audit Work       Department of Justice’s financial statements are to be performed by the
                         Treasury OIG and Justice OIG, respectively, pursuant to the Chief
                         Financial Officers Act of 1990, as amended. GAO will be reviewing this
                         work.

Key Agency Contacts
                         Agency                       Contact
                         Department of Justice        Janis A. Sposato
                                                      Deputy Assistant Attorney General
                                                      Law and Policy
                                                      (202) 514-3101

                                                      Michael Perez
                                                      Director, Asset Forfeiture Management
                                                      (202) 616-8000
                         Department of the Treasury   Kenneth Massey
                                                      Assistant Director, Policy and Operations
                                                      (202) 622-2573

                                                      Jan Blanton
                                                      Director, Executive Office for Asset Forfeiture
                                                      (202) 622-9600
                           Office of the Inspector    Michael VanDuesen
                           General                    Contracting Officer’s Technical Representative for audit of
                                                      the Treasury Forfeiture Fund Financial Statements
                                                      (202) 927-5096

                                                      Marla Freedman
                                                      Director, Financial Statement Audits
                                                      (202) 927-6516

                                                      Joseph Lawson
                                                      Director Office of Information Technology
                                                      (202) 927-6345
                         U.S. Customs Service         Louis E. Samenfink
                                                      Director, Seizures and Penalties Division
                                                      (202) 927-3119

                                                      Ellen Mulvenna
                                                      SEACATS Project Manager
                                                      (703) 913-4950 Extension 6060




                         Page 112                                               GAO/HR-97-30 High-Risk Program
                       Asset Forfeiture Programs




                       Norman J. Rabkin
Key GAO Contact        Director, Administration of Justice Issues
                       (202) 512-3610


                       High-Risk Series: Quick Reference Guide (GAO/HR-97-2, Feb. 1997).
Related GAO Products
                       Pre-seizure Planning (GAO/GGD-97-19R, Nov. 20, 1996).

                       Asset Forfeiture: Historical Perspective on Asset Forfeiture Issues
                       (GAO/T-GGD-96-40, Mar. 19, 1996).

                       High-Risk Series: Asset Forfeiture Programs (GAO/HR-95-7, Feb. 1995).

                       High-Risk Series: Asset Forfeiture Programs (GAO/HR-93-17, Dec. 6, 1992).

                       Asset Forfeiture: Noncash Property Should Be Consolidated Under the
                       Marshals Service (GAO/GGD-91-97, June 28, 1991).




(918906)               Page 113                                         GAO/HR-97-30 High-Risk Program
Ordering Information

The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order
made out to the Superintendent of Documents, when
necessary. VISA and MasterCard credit cards are accepted, also.
Orders for 100 or more copies to be mailed to a single address
are discounted 25 percent.

Orders by mail:

U.S. General Accounting Office
P.O. Box 6015
Gaithersburg, MD 20884-6015

or visit:

Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (301) 258-4066, or TDD (301) 413-0006.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information on
how to obtain these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with "info" in the body to:

info@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

http://www.gao.gov




PRINTED ON    RECYCLED PAPER
United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. G100
Official Business
Penalty for Private Use $300

Address Correction Requested