High-Risk Areas: Benefits to Be Gained by Continued Emphasis on Addressing High-Risk Areas

Published by the Government Accountability Office on 1997-03-04.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                          United States General Accounting Office

GAO                       Testimony
                          Before the Subcommittee on Oversight, Committee on
                          Ways and Means, House of Representatives

For Release on Delivery
Expected at
10 a.m.
                          HIGH-RISK AREAS
March 4, 1997

                          Benefits to Be Gained by
                          Continued Emphasis on
                          Addressing High-Risk Areas
                          Statement of Gene L. Dodaro
                          Assistant Comptroller General
                          Accounting and Information Management Division

    Madam Chairman and Members of the Subcommittee:

    We are pleased to be here today to discuss major government programs
    and operations we have identified as high risk because of vulnerabilities to
    waste, fraud, abuse, and mismanagement. In 1990, we began a special
    effort to focus attention on such areas, and over the past several years we
    have made hundreds of recommendations to get at the heart of high-risk
    problems and help improve this situation. On February 12, 1997, we issued
    our latest series of high-risk reports.1

    Overall, legislative and agency actions have resulted in progress toward
    fixing these high-risk areas and establishing a solid foundation to help
    ensure greater progress. However, because these areas involve
    long-standing problems that are difficult to fix, additional corrective
    measures are necessary to remove the high-risk designation.

    Today, at the Subcommittee’s request, we will focus on high-risk areas
    related to the Internal Revenue Service (IRS) and the Medicare and
    Supplemental Security Income (SSI) programs. While this statement
    provides a brief synopsis of these areas, more detailed statements on these
    three topics are also being issued today. In addition, this statement will
    discuss other high-risk areas that affect agencies under the
    Subcommittee’s jurisdiction, including the Customs Service’s financial
    management, information security weaknesses, and the possibility of
    serious computer disruptions in service to the public due to the Year 2000

    As the key message of this testimony, I would like to emphasize the
    importance of the Subcommittee using recent legislative management
    reforms to help oversee these agencies’ actions to fully and effectively
    remedy their high-risk problems. These include

•   the 1995 Paperwork Reduction Act and the 1996 Clinger-Cohen Act, which
    provide a basis for agencies to better manage investments in information
•   the expanded Chief Financial Officers (CFO) Act of 1990, which requires
    agencies to prepare financial statements that can pass the test of an
    independent audit and provide decisionmakers more reliable financial
    information; and

     The 25 areas that are the current focus of our high-risk initiative are listed in attachment I, and the
    reports in our 1997 high-risk series are listed in attachment II.

    Page 1                                                                               GAO/T-AIMD-97-54
                •   the 1993 Government Performance and Results Act (GPRA), which requires
                    agencies to measure performance and focus on results.

                    In 1995, IRS reported collecting $1.4 trillion from taxpayers, disbursing
Ensuring All        $122 billion in tax refunds, and managing an estimated accounts receivable
Revenues Are        inventory of $113 billion in delinquent taxes. The reliability of IRS’ financial
Collected and       information is critical to effectively manage the collection of revenue to
                    fund the government’s operations.
Accounted for
                    Our audits of IRS’ financial statements, however, have identified many
                    significant weaknesses in IRS’ accounting for revenue and accounts
                    receivable, as well as for funds provided to carry out IRS’ operations. IRS
                    has improved payroll processing and accounting for administrative
                    operations and is working on solutions to revenue and accounts receivable
                    accounting problems. But much remains to be done, and effective
                    management follow-through is paramount to achieving fully the goals of
                    the CFO Act.

                    In addition, IRS is hampered in efficiently and effectively managing its huge
                    inventory of accounts receivable due to inadequate management
                    information. The root cause here is IRS’ antiquated information systems
                    and outdated business processes, which handle over a billion tax returns
                    and related documents annually. IRS has undertaken many initiatives to
                    deal with its accounts receivable problems, including correcting errors in
                    its tax receivable masterfile and attempting to speed up aspects of the
                    collection process. Efforts such as these appear to have had some impact
                    on collections and the tax debt inventory, but many of the efforts are
                    long-term in nature and demonstrable results may not be available for
                    some time.

                    Further, while IRS’ efforts to reduce filing fraud have resulted in some
                    success—especially through more rigid screening in the electronic filing
                    program—this continues to be a high-risk area. IRS’ goal is to increase
                    electronic filings, which would strengthen its fraud detection capabilities.
                    But to effectively achieve its electronic filing goal, IRS must (1) identify
                    those groups of taxpayers who offer the greatest opportunity for filing
                    electronically and (2) develop strategies focused on alleviating
                    impediments that have inhibited those groups from participating in the

                    Page 2                                                         GAO/T-AIMD-97-54
In attempting to overhaul its timeworn, paper-intensive approach to tax
return processing, IRS has spent or obligated over $3 billion on its tax
systems modernization, which has encountered severe difficulties.
Currently, funding for tax systems modernization has been curtailed, and
IRS and the Department of the Treasury are taking several steps to address
modernization problems and implement our recommendations. However,
much more progress is needed to fully resolve serious underlying
management and technical weaknesses.

Behind IRS, the Customs Service is the next highest revenue collector. The
Customs Service has made considerable progress in correcting major
management and organizational structure weaknesses we pointed to in
our 1992 high-risk report. In 1995, we reported that Customs had taken
several actions to address these problems, including revising its planning
process, improving controls over identification and collection of revenues
owed, aggressively pursuing delinquent receivables, and embarking on an
agencywide reorganization plan. As a result, we narrowed the scope of our
high-risk work at Customs to focus only on its financial management

Since 1995, Customs has continued to take actions to address its financial
management and internal control weaknesses. These include, for example,
statistically sampling compliance of commercial importations through
ports of entry to better focus enforcement efforts and to project and report
duties, taxes, and fees lost due to noncompliance. However, Customs still
has not fully corrected significant problems in these areas. For example,
audits of Customs’ financial statements under the CFO Act disclose that
Customs continues to lack adequate assurance that all revenue due is
collected, has weaknesses in readily detecting duplicate and excessive
drawback payments, and lacks integrated core financial systems. These
problems diminish Customs’ ability to reasonably ensure that (1) duties,
taxes, and fees on imports are properly assessed and collected and refunds
of such amounts are valid and (2) core financial systems provide reliable
information for managing operations.

We have made numerous recommendations to Customs to address its
financial management weaknesses and have assisted in developing
corrective actions. It will be important for top management at Customs to
provide continuing support to ensure that the planned financial
management improvements are properly implemented.

Page 3                                                      GAO/T-AIMD-97-54
                     Medicare—the nation’s second largest social program—is inherently
Controlling Fraud,   vulnerable to and a perpetually attractive target for exploitation. The
Waste, Abuse, and    Congress and the President have been seeking to introduce changes to
Mismanagement in     Medicare to help control program costs, which were $197 billion in fiscal
                     year 1996. At the same time, they are concerned that the Medicare
Benefit Programs     program loses significant amounts due to persistent fraudulent and
                     wasteful claims and abusive billings, which could be from $6 billion to as
                     much as $20 billion, based on 1996 outlays. The Congress passed the
                     Health Insurance Portability and Accountability Act of 1996 to add funding
                     for program safeguard efforts and make the penalties for Medicare fraud
                     more severe. Effective implementation of this legislation and other agency
                     actions are key to mitigating many of Medicare’s vulnerabilities to fraud
                     and abuse.

                     Also, the Health Care Financing Administration (HCFA), which runs the
                     Medicare program, has begun to acquire a new claims processing
                     system—the Medicare Transaction System (MTS)—to provide, among other
                     things, better protection from fraud and abuse. In the past, we have
                     reported on risks associated with this project, including (1) HCFA’s plan
                     to implement the system in a single stage rather than incrementally,
                     (2) difficulty in defining requirements, (3) inadequate investment analysis,
                     and (4) significant schedule problems. HCFA has responded to these
                     concerns by changing its single-stage approach to one under which the
                     system will be implemented incrementally and working to resolve other
                     reported problems.

                     A newly designated high-risk area involves overpayments in the SSI
                     program, which provided about $22 billion in federal benefits to recipients
                     between January 1, 1996, and October 31, 1996. SSI overpayments have
                     grown to over $1 billion per year, which is about 5 percent of total benefit
                     payments. Also, criticisms have been raised regarding the Social Security
                     Administration’s (SSA) ability to effectively manage SSI workloads and
                     internal control weaknesses that leave the program susceptible to fraud,
                     waste, and abuse. For example, in August 1996, we reported that about
                     3,000 current and former prisoners in 13 county and local jail systems had
                     been erroneously paid $5 million in SSI benefits, primarily because SSA
                     lacked timely and complete information.

                     One root cause of SSI overpayments is SSA’s difficulty in corroborating
                     financial eligibility information that program beneficiaries self report and
                     that affects their benefit levels. In addition, determining whether an
                     impairment qualifies a claimant for disability benefits can often be

                     Page 4                                                       GAO/T-AIMD-97-54
                       difficult, especially in cases involving applicants with mental impairments
                       and other hard-to-diagnose conditions.

                       In addition to the difficulties agencies have in managing large computer
Addressing             systems modernization efforts, our high-risk effort identified two
Governmentwide         governmentwide information technology issues that affect agencies under
Information            the Committee’s purview: information security and the Year 2000 Problem.

Technology Issues
Information Security   Information systems security weaknesses pose high risk of unauthorized
                       access and disclosure of sensitive data. Many federal operations that rely
                       on computer networks are attractive targets for individuals or
                       organizations with malicious intentions. Examples of such operations
                       include law enforcement, import entry processing, and various financial

                       Since June 1993, we have issued over 30 reports describing serious
                       information security weaknesses at major federal agencies. For example,
                       our financial audits at IRS and the Customs Service have identified poor
                       computer controls. IRS cannot ensure that the confidentiality and accuracy
                       of taxpayer data are protected and that the data are not manipulated for
                       purposes of individual gain. The Customs Service continues to have
                       problems that diminish its ability to reasonably ensure that sensitive data
                       maintained in automated systems are adequately protected from
                       unauthorized access and modification.

                       In September 1996, we reported that during the previous 2 years, serious
                       information security control weaknesses had been reported for 10 of the
                       15 largest federal agencies. We have made dozens of recommendations for
                       improvement to individual agencies, and they have started acting on many
                       of them.

                       In addition, we have recommended ways for the Office of Management
                       and Budget (OMB) to enhance its ability to oversee and improve federal
                       information security programs. We suggested steps that OMB can take to
                       (1) effectively use opportunities to aid in overseeing and improving agency
                       information security programs, such as annual financial audits and the
                       newly created Chief Information Officers Council,and (2) increase the
                       expertise of its staff in information security management issues.

                       Page 5                                                      GAO/T-AIMD-97-54
The Year 2000 Problem       The Year 2000 Problem poses the high risk that computer systems
                            throughout government will fail to run or malfunction because computer
                            equipment and software were not designed to accommodate the change of
                            date at the new millennium. For example, IRS’ tax systems could be unable
                            to process returns, which in turn could jeopardize the collection of
                            revenue and the entire tax processing system. Or SSA’s disability insurance
                            process could experience major disruptions if the interface with various
                            state systems failed, thereby causing delays and interruptions in disability
                            payments to citizens.

                            We recently issued a guide, Year 2000 Computing Crisis: An Assessment
                            Guide (GAO/AIMD-10.1.14, exposure draft), to provide agencies a framework
                            and a checklist for assessing their readiness to achieve year 2000
                            compliance. It provides information on the scope of the challenge, and
                            offers a structured approach for reviewing the adequacy of agency
                            planning and management of the year 2000 program.

                            Continued congressional oversight, such as this hearing by the
Continuing                  Subcommittee, will add essential impetus to make improvements and
Congressional               ensure more progress in addressing the high-risk areas just discussed and,
Oversight Using New         thus, to achieve greater benefits. Effective and sustained follow-through
                            by agency managers is necessary to resolve specific high-risk problems
Management Tools Is         and implement broader management reforms, which the Congress has
Key                         established to achieve better financial and information management and
                            measure the results of program operations.

                            The Subcommittee can focus on agencies’ progress in fixing specific
                            high-risk problems and implementing this legislative framework through
                            the following three efforts.

                        •   Apply a framework of modern technology management, as required by the
                            1995 Paperwork Reduction Act and the Clinger-Cohen Act of 1996.

                            This framework is based on practices followed by leading public-sector
                            and private-sector organizations that have successfully used technology to
                            dramatically improve performance and meet strategic goals. These laws
                            fundamentally revamp and modernize federal information management
                            practices by emphasizing the involvement of senior executives in
                            information management decisions, establishing senior-level Chief
                            Information Officers, tightening controls over technology spending,
                            redesigning inefficient work processes, and using performance measures

                            Page 6                                                      GAO/T-AIMD-97-54
    to assess technology’s contribution to achieving mission results. These
    management practices provide agencies—such as IRS for tax systems
    modernization—a proven, practical means of addressing the federal
    government’s information problems, maximizing benefits from technology
    spending, and controlling the risks of systems development efforts.

•   Improve financial reporting and make other financial management
    improvements, as called for by the expanded Chief Financial Officers Act.

    The landmark CFO Act spelled out a long overdue and ambitious agenda to
    help resolve financial management problems. This act has prompted many
    improvements at IRS, the Customs Service, and other agencies to provide
    reliable financial information for managing government programs. Fully
    and effectively implementing the CFO Act is critical to achieving full
    accountability and providing relevant information on the government’s
    true financial status.

    In addition, improved reporting and internal controls, as called for by the
    CFO Act, can produce substantial savings in high-risk areas. For example,
    better data and controls can help reduce the billions of dollars now lost
    annually in the Medicare program due to fraudulent and abusive claims
    and help decrease the $1 billion in overpayments that the SSI program
    experiences each year.

•   Use the Government Performance and Results Act to measure
    performance and focus on results, which can help to pinpoint
    opportunities for improved performance and increased accountability.

    GPRA  requires agencies to set goals, measure performance, and report on
    their accomplishments. Under GPRA, every major federal agency must now
    ask itself basic questions about performance to be measured and how
    performance information can be used to make improvements. For
    instance, performance measures would be useful for (1) reaching
    agreement with the Congress on and monitoring acceptable levels of
    errors in benefit programs (errors which may never be totally eliminated
    but can be much better controlled) and (2) assessing the results of tax
    enforcement initiatives, delinquent tax collection activities, and filing
    fraud reduction efforts.

    Without additional attention to resolving problems in the high-risk areas
    that we have discussed today, the government will continue to miss

    Page 7                                                      GAO/T-AIMD-97-54
important opportunities to ensure effective revenue collection operations,
have well controlled and operated information systems, and save billions
of dollars. We will continue to identify other ways for agencies to more
effectively manage and control these and other high-risk areas and to
make recommendations for improvements that can be implemented to
overcome the root causes of these problems.

Madam Chairman, this concludes my statement. I will be happy to respond
to any questions.

Page 8                                                     GAO/T-AIMD-97-54
Page 9   GAO/T-AIMD-97-54
Attachment I

Areas Designated High Risk

                       Financial management (1995)
Providing for          Contract management (1992)
Accountability and     Inventory management (1990)
Cost-Effective         Weapon systems acquisition (1990)
                       Defense infrastructure (1997)
Management of
Defense Programs
                       IRS financial management (1995)
Ensuring All           IRS receivables (1990)
Revenues Are           Filing fraud (1995)
Collected and          Tax Systems Modernization (1995)
                       Customs Service financial management (1991)
Accounted for          Asset forfeiture programs (1990)

                       Tax Systems Modernization (1995)
Obtaining an           Air traffic control modernization (1995)
Adequate Return on     Defense’s Corporate Information Management initiative (1995)
Multibillion Dollar    National Weather Service modernization (1995)
                       Information security (1997)
Investments in         The Year 2000 Problem (1997)
                       Medicare (1990)
Controlling Fraud,     Supplemental Security Income (1997)
Waste, and Abuse in
Benefit Programs
                       HUD (1994)
Minimizing Loan        Farm loan programs (1990)
Program Losses         Student financial aid programs (1990)

                       Department of Energy (1990)
Improving              NASA (1990)
Management of          Superfund (1990)
Federal Contracts at
                       Also, planning for the 2000 Decennial Census was designated high risk in
Civilian Agencies      February 1997.

                       Page 10                                                   GAO/T-AIMD-97-54

1997 High-Risk Series

               An Overview (GAO/HR-97-1)

               Quick Reference Guide (GAO/HR-97-2)

               Defense Financial Management (GAO/HR-97-3)

               Defense Contract Management (GAO/HR-97-4)

               Defense Inventory Management (GAO/HR-97-5)

               Defense Weapon Systems Acquisition (GAO/HR-97-6)

               Defense Infrastructure (GAO/HR-97-7)

               IRS   Management (GAO/HR-97-8)

               Information Management and Technology (GAO/HR-97-9)

               Medicare (GAO/HR-97-10)

               Student Financial Aid (GAO/HR-97-11)

               Department of Housing and Urban Development (GAO/HR-97-12)

               Department of Energy Contract Management (GAO/HR-97-13)

               Superfund Program Management (GAO/HR-97-14)

               The entire series of 14 high-risk reports is numbered GAO/HR-97-20SET.

(918899)       Page 11                                                      GAO/T-AIMD-97-54
Ordering Information

The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order
made out to the Superintendent of Documents, when
necessary. VISA and MasterCard credit cards are accepted, also.
Orders for 100 or more copies to be mailed to a single address
are discounted 25 percent.

Orders by mail:

U.S. General Accounting Office
P.O. Box 6015
Gaithersburg, MD 20884-6015

or visit:

Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (301) 258-4066, or TDD (301) 413-0006.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information on
how to obtain these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with "info" in the body to:


or visit GAO’s World Wide Web Home Page at:


United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. G100
Official Business
Penalty for Private Use $300

Address Correction Requested