United States General Accounting Office GAO Testimony Before the Subcommittee on Oversight, Committee on Ways and Means, House of Representatives For Release on Delivery Expected at 10 a.m. HIGH-RISK AREAS Tuesday, March 4, 1997 Benefits to Be Gained by Continued Emphasis on Addressing High-Risk Areas Statement of Gene L. Dodaro Assistant Comptroller General Accounting and Information Management Division GAO/T-AIMD-97-54 Madam Chairman and Members of the Subcommittee: We are pleased to be here today to discuss major government programs and operations we have identified as high risk because of vulnerabilities to waste, fraud, abuse, and mismanagement. In 1990, we began a special effort to focus attention on such areas, and over the past several years we have made hundreds of recommendations to get at the heart of high-risk problems and help improve this situation. On February 12, 1997, we issued our latest series of high-risk reports.1 Overall, legislative and agency actions have resulted in progress toward fixing these high-risk areas and establishing a solid foundation to help ensure greater progress. However, because these areas involve long-standing problems that are difficult to fix, additional corrective measures are necessary to remove the high-risk designation. Today, at the Subcommittee’s request, we will focus on high-risk areas related to the Internal Revenue Service (IRS) and the Medicare and Supplemental Security Income (SSI) programs. While this statement provides a brief synopsis of these areas, more detailed statements on these three topics are also being issued today. In addition, this statement will discuss other high-risk areas that affect agencies under the Subcommittee’s jurisdiction, including the Customs Service’s financial management, information security weaknesses, and the possibility of serious computer disruptions in service to the public due to the Year 2000 Problem. As the key message of this testimony, I would like to emphasize the importance of the Subcommittee using recent legislative management reforms to help oversee these agencies’ actions to fully and effectively remedy their high-risk problems. These include • the 1995 Paperwork Reduction Act and the 1996 Clinger-Cohen Act, which provide a basis for agencies to better manage investments in information technology; • the expanded Chief Financial Officers (CFO) Act of 1990, which requires agencies to prepare financial statements that can pass the test of an independent audit and provide decisionmakers more reliable financial information; and 1 The 25 areas that are the current focus of our high-risk initiative are listed in attachment I, and the reports in our 1997 high-risk series are listed in attachment II. Page 1 GAO/T-AIMD-97-54 • the 1993 Government Performance and Results Act (GPRA), which requires agencies to measure performance and focus on results. In 1995, IRS reported collecting $1.4 trillion from taxpayers, disbursing Ensuring All $122 billion in tax refunds, and managing an estimated accounts receivable Revenues Are inventory of $113 billion in delinquent taxes. The reliability of IRS’ financial Collected and information is critical to effectively manage the collection of revenue to fund the government’s operations. Accounted for Our audits of IRS’ financial statements, however, have identified many significant weaknesses in IRS’ accounting for revenue and accounts receivable, as well as for funds provided to carry out IRS’ operations. IRS has improved payroll processing and accounting for administrative operations and is working on solutions to revenue and accounts receivable accounting problems. But much remains to be done, and effective management follow-through is paramount to achieving fully the goals of the CFO Act. In addition, IRS is hampered in efficiently and effectively managing its huge inventory of accounts receivable due to inadequate management information. The root cause here is IRS’ antiquated information systems and outdated business processes, which handle over a billion tax returns and related documents annually. IRS has undertaken many initiatives to deal with its accounts receivable problems, including correcting errors in its tax receivable masterfile and attempting to speed up aspects of the collection process. Efforts such as these appear to have had some impact on collections and the tax debt inventory, but many of the efforts are long-term in nature and demonstrable results may not be available for some time. Further, while IRS’ efforts to reduce filing fraud have resulted in some success—especially through more rigid screening in the electronic filing program—this continues to be a high-risk area. IRS’ goal is to increase electronic filings, which would strengthen its fraud detection capabilities. But to effectively achieve its electronic filing goal, IRS must (1) identify those groups of taxpayers who offer the greatest opportunity for filing electronically and (2) develop strategies focused on alleviating impediments that have inhibited those groups from participating in the program. Page 2 GAO/T-AIMD-97-54 In attempting to overhaul its timeworn, paper-intensive approach to tax return processing, IRS has spent or obligated over $3 billion on its tax systems modernization, which has encountered severe difficulties. Currently, funding for tax systems modernization has been curtailed, and IRS and the Department of the Treasury are taking several steps to address modernization problems and implement our recommendations. However, much more progress is needed to fully resolve serious underlying management and technical weaknesses. Behind IRS, the Customs Service is the next highest revenue collector. The Customs Service has made considerable progress in correcting major management and organizational structure weaknesses we pointed to in our 1992 high-risk report. In 1995, we reported that Customs had taken several actions to address these problems, including revising its planning process, improving controls over identification and collection of revenues owed, aggressively pursuing delinquent receivables, and embarking on an agencywide reorganization plan. As a result, we narrowed the scope of our high-risk work at Customs to focus only on its financial management problems. Since 1995, Customs has continued to take actions to address its financial management and internal control weaknesses. These include, for example, statistically sampling compliance of commercial importations through ports of entry to better focus enforcement efforts and to project and report duties, taxes, and fees lost due to noncompliance. However, Customs still has not fully corrected significant problems in these areas. For example, audits of Customs’ financial statements under the CFO Act disclose that Customs continues to lack adequate assurance that all revenue due is collected, has weaknesses in readily detecting duplicate and excessive drawback payments, and lacks integrated core financial systems. These problems diminish Customs’ ability to reasonably ensure that (1) duties, taxes, and fees on imports are properly assessed and collected and refunds of such amounts are valid and (2) core financial systems provide reliable information for managing operations. We have made numerous recommendations to Customs to address its financial management weaknesses and have assisted in developing corrective actions. It will be important for top management at Customs to provide continuing support to ensure that the planned financial management improvements are properly implemented. Page 3 GAO/T-AIMD-97-54 Medicare—the nation’s second largest social program—is inherently Controlling Fraud, vulnerable to and a perpetually attractive target for exploitation. The Waste, Abuse, and Congress and the President have been seeking to introduce changes to Mismanagement in Medicare to help control program costs, which were $197 billion in fiscal year 1996. At the same time, they are concerned that the Medicare Benefit Programs program loses significant amounts due to persistent fraudulent and wasteful claims and abusive billings, which could be from $6 billion to as much as $20 billion, based on 1996 outlays. The Congress passed the Health Insurance Portability and Accountability Act of 1996 to add funding for program safeguard efforts and make the penalties for Medicare fraud more severe. Effective implementation of this legislation and other agency actions are key to mitigating many of Medicare’s vulnerabilities to fraud and abuse. Also, the Health Care Financing Administration (HCFA), which runs the Medicare program, has begun to acquire a new claims processing system—the Medicare Transaction System (MTS)—to provide, among other things, better protection from fraud and abuse. In the past, we have reported on risks associated with this project, including (1) HCFA’s plan to implement the system in a single stage rather than incrementally, (2) difficulty in defining requirements, (3) inadequate investment analysis, and (4) significant schedule problems. HCFA has responded to these concerns by changing its single-stage approach to one under which the system will be implemented incrementally and working to resolve other reported problems. A newly designated high-risk area involves overpayments in the SSI program, which provided about $22 billion in federal benefits to recipients between January 1, 1996, and October 31, 1996. SSI overpayments have grown to over $1 billion per year, which is about 5 percent of total benefit payments. Also, criticisms have been raised regarding the Social Security Administration’s (SSA) ability to effectively manage SSI workloads and internal control weaknesses that leave the program susceptible to fraud, waste, and abuse. For example, in August 1996, we reported that about 3,000 current and former prisoners in 13 county and local jail systems had been erroneously paid $5 million in SSI benefits, primarily because SSA lacked timely and complete information. One root cause of SSI overpayments is SSA’s difficulty in corroborating financial eligibility information that program beneficiaries self report and that affects their benefit levels. In addition, determining whether an impairment qualifies a claimant for disability benefits can often be Page 4 GAO/T-AIMD-97-54 difficult, especially in cases involving applicants with mental impairments and other hard-to-diagnose conditions. In addition to the difficulties agencies have in managing large computer Addressing systems modernization efforts, our high-risk effort identified two Governmentwide governmentwide information technology issues that affect agencies under Information the Committee’s purview: information security and the Year 2000 Problem. Technology Issues Information Security Information systems security weaknesses pose high risk of unauthorized access and disclosure of sensitive data. Many federal operations that rely on computer networks are attractive targets for individuals or organizations with malicious intentions. Examples of such operations include law enforcement, import entry processing, and various financial transactions. Since June 1993, we have issued over 30 reports describing serious information security weaknesses at major federal agencies. For example, our financial audits at IRS and the Customs Service have identified poor computer controls. IRS cannot ensure that the confidentiality and accuracy of taxpayer data are protected and that the data are not manipulated for purposes of individual gain. The Customs Service continues to have problems that diminish its ability to reasonably ensure that sensitive data maintained in automated systems are adequately protected from unauthorized access and modification. In September 1996, we reported that during the previous 2 years, serious information security control weaknesses had been reported for 10 of the 15 largest federal agencies. We have made dozens of recommendations for improvement to individual agencies, and they have started acting on many of them. In addition, we have recommended ways for the Office of Management and Budget (OMB) to enhance its ability to oversee and improve federal information security programs. We suggested steps that OMB can take to (1) effectively use opportunities to aid in overseeing and improving agency information security programs, such as annual financial audits and the newly created Chief Information Officers Council,and (2) increase the expertise of its staff in information security management issues. Page 5 GAO/T-AIMD-97-54 The Year 2000 Problem The Year 2000 Problem poses the high risk that computer systems throughout government will fail to run or malfunction because computer equipment and software were not designed to accommodate the change of date at the new millennium. For example, IRS’ tax systems could be unable to process returns, which in turn could jeopardize the collection of revenue and the entire tax processing system. Or SSA’s disability insurance process could experience major disruptions if the interface with various state systems failed, thereby causing delays and interruptions in disability payments to citizens. We recently issued a guide, Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14, exposure draft), to provide agencies a framework and a checklist for assessing their readiness to achieve year 2000 compliance. It provides information on the scope of the challenge, and offers a structured approach for reviewing the adequacy of agency planning and management of the year 2000 program. Continued congressional oversight, such as this hearing by the Continuing Subcommittee, will add essential impetus to make improvements and Congressional ensure more progress in addressing the high-risk areas just discussed and, Oversight Using New thus, to achieve greater benefits. Effective and sustained follow-through by agency managers is necessary to resolve specific high-risk problems Management Tools Is and implement broader management reforms, which the Congress has Key established to achieve better financial and information management and measure the results of program operations. The Subcommittee can focus on agencies’ progress in fixing specific high-risk problems and implementing this legislative framework through the following three efforts. • Apply a framework of modern technology management, as required by the 1995 Paperwork Reduction Act and the Clinger-Cohen Act of 1996. This framework is based on practices followed by leading public-sector and private-sector organizations that have successfully used technology to dramatically improve performance and meet strategic goals. These laws fundamentally revamp and modernize federal information management practices by emphasizing the involvement of senior executives in information management decisions, establishing senior-level Chief Information Officers, tightening controls over technology spending, redesigning inefficient work processes, and using performance measures Page 6 GAO/T-AIMD-97-54 to assess technology’s contribution to achieving mission results. These management practices provide agencies—such as IRS for tax systems modernization—a proven, practical means of addressing the federal government’s information problems, maximizing benefits from technology spending, and controlling the risks of systems development efforts. • Improve financial reporting and make other financial management improvements, as called for by the expanded Chief Financial Officers Act. The landmark CFO Act spelled out a long overdue and ambitious agenda to help resolve financial management problems. This act has prompted many improvements at IRS, the Customs Service, and other agencies to provide reliable financial information for managing government programs. Fully and effectively implementing the CFO Act is critical to achieving full accountability and providing relevant information on the government’s true financial status. In addition, improved reporting and internal controls, as called for by the CFO Act, can produce substantial savings in high-risk areas. For example, better data and controls can help reduce the billions of dollars now lost annually in the Medicare program due to fraudulent and abusive claims and help decrease the $1 billion in overpayments that the SSI program experiences each year. • Use the Government Performance and Results Act to measure performance and focus on results, which can help to pinpoint opportunities for improved performance and increased accountability. GPRA requires agencies to set goals, measure performance, and report on their accomplishments. Under GPRA, every major federal agency must now ask itself basic questions about performance to be measured and how performance information can be used to make improvements. For instance, performance measures would be useful for (1) reaching agreement with the Congress on and monitoring acceptable levels of errors in benefit programs (errors which may never be totally eliminated but can be much better controlled) and (2) assessing the results of tax enforcement initiatives, delinquent tax collection activities, and filing fraud reduction efforts. Without additional attention to resolving problems in the high-risk areas that we have discussed today, the government will continue to miss Page 7 GAO/T-AIMD-97-54 important opportunities to ensure effective revenue collection operations, have well controlled and operated information systems, and save billions of dollars. We will continue to identify other ways for agencies to more effectively manage and control these and other high-risk areas and to make recommendations for improvements that can be implemented to overcome the root causes of these problems. Madam Chairman, this concludes my statement. I will be happy to respond to any questions. Page 8 GAO/T-AIMD-97-54 Page 9 GAO/T-AIMD-97-54 Attachment I Areas Designated High Risk Financial management (1995) Providing for Contract management (1992) Accountability and Inventory management (1990) Cost-Effective Weapon systems acquisition (1990) Defense infrastructure (1997) Management of Defense Programs IRS financial management (1995) Ensuring All IRS receivables (1990) Revenues Are Filing fraud (1995) Collected and Tax Systems Modernization (1995) Customs Service financial management (1991) Accounted for Asset forfeiture programs (1990) Tax Systems Modernization (1995) Obtaining an Air traffic control modernization (1995) Adequate Return on Defense’s Corporate Information Management initiative (1995) Multibillion Dollar National Weather Service modernization (1995) Information security (1997) Investments in The Year 2000 Problem (1997) Information Technology Medicare (1990) Controlling Fraud, Supplemental Security Income (1997) Waste, and Abuse in Benefit Programs HUD (1994) Minimizing Loan Farm loan programs (1990) Program Losses Student financial aid programs (1990) Department of Energy (1990) Improving NASA (1990) Management of Superfund (1990) Federal Contracts at Also, planning for the 2000 Decennial Census was designated high risk in Civilian Agencies February 1997. Page 10 GAO/T-AIMD-97-54 Attachment 1997 High-Risk Series An Overview (GAO/HR-97-1) Quick Reference Guide (GAO/HR-97-2) Defense Financial Management (GAO/HR-97-3) Defense Contract Management (GAO/HR-97-4) Defense Inventory Management (GAO/HR-97-5) Defense Weapon Systems Acquisition (GAO/HR-97-6) Defense Infrastructure (GAO/HR-97-7) IRS Management (GAO/HR-97-8) Information Management and Technology (GAO/HR-97-9) Medicare (GAO/HR-97-10) Student Financial Aid (GAO/HR-97-11) Department of Housing and Urban Development (GAO/HR-97-12) Department of Energy Contract Management (GAO/HR-97-13) Superfund Program Management (GAO/HR-97-14) The entire series of 14 high-risk reports is numbered GAO/HR-97-20SET. (918899) Page 11 GAO/T-AIMD-97-54 Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and MasterCard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Orders by mail: U.S. General Accounting Office P.O. Box 6015 Gaithersburg, MD 20884-6015 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (301) 258-4066, or TDD (301) 413-0006. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touchtone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send an e-mail message with "info" in the body to: email@example.com or visit GAO’s World Wide Web Home Page at: http://www.gao.gov PRINTED ON RECYCLED PAPER United States Bulk Rate General Accounting Office Postage & Fees Paid Washington, D.C. 20548-0001 GAO Permit No. G100 Official Business Penalty for Private Use $300 Address Correction Requested
High-Risk Areas: Benefits to Be Gained by Continued Emphasis on Addressing High-Risk Areas
Published by the Government Accountability Office on 1997-03-04.
Below is a raw (and likely hideous) rendition of the original report. (PDF)