GAO Finds 32 Significantly 'High-Risk' Federal Programs

WASHINGTON – Comptroller General Eugene Dodaro said the federal government is making “solid, steady progress” in dealing with its “high risk” programs but some areas susceptible to abuse require additional attention.

Dodaro appeared before the Senate Homeland Security and Governmental Affairs Committee and told lawmakers that the biennial High Risk Report compiled by the Government Accountability Office has identified 32 federal programs with significant issues dealing with fraud, waste, abuse and mismanagement or the need for transformation to address economy, efficiency, or effectiveness challenges.

“Overall, the government continues to take high-risk problems seriously and is making long-needed progress toward correcting them,” Dodaro said. “Congress has acted to address several individual high-risk areas through hearings and legislation.”

Since the last high-risk update in 2013, Dodaro said, progress has been made “in the vast majority of areas that remain on the list.” Since 1990, when the first report was issued, more than one-third of the designated areas have been removed because steps were taken to address the identified problems.

Over the last two years, GAO estimates that congressional and executive branch attention to the high-risk areas has saved $40 billion. Despite the progress, Dodaro said “much remains to be done” to address the 32 high-risk issues found on the list.

Two issues were added to this year’s list, the most significant being the government’s ongoing problems dealing with IT acquisition and implementation. The GAO report maintains a significant potential for overspending and program failure exists within IT projects. Officials thus far have yet to address problems of waste and mismanagement.

The GAO asserts that “although the executive branch has undertaken numerous initiatives to better manage the more than $80 billion that is annually invested in information technology, federal IT investments too frequently fail or incur cost overruns and schedule slippages while contributing little to mission-related outcomes.”

While the Obama administration has “set forth initiatives to meet these objectives,” the report found, “they have largely been ineffective.”

The GAO cited nine critical factors that can improve IT acquisition, including making sure that the program staff have the necessary knowledge and skills to handle the implementation, that stakeholders be involved in the development of program requirements and that program officials maintain regular communication with the prime contractor.

"Over the past five years, we have reported numerous times on shortcomings with IT acquisitions and operations and have made about 737 related recommendations," the GAO report said. “As of January 2015, about 23 percent of the 737 recommendations had been fully implemented."

President Obama is aware of the continuing problem and is requesting $450 million in his 2016 budget for IT reform. But the GAO is holding out little hope for a quick fix.

"Given the federal government's continued experience with failed and troubled IT projects, coupled with the fact that OMB (Office of Management and Budget) initiatives to help address such problems have not been fully implemented, the government will likely continue to produce disappointing results," the GAO said.

This year’s list also places Veterans Affairs Health Care in the high-risk category, citing the program’s failure to provide timely treatment.

In some cases, Dodaro told the committee, delays or the VA’s failure to provide care at all have reportedly harmed veterans. While the agency has taken some action to address the problem there remain unaddressed issues dealing with ambiguous policies and inconsistent processes, inadequate oversight and accountability and inadequate training for VA staff.

The Veterans Access, Choice, and Accountability Act, which passed last summer and was signed by Obama, includes provisions to help the VA address systemic weaknesses, Dodaro noted, and the agency “must effectively implement the act.”

“We have made numerous recommendations that aim to address weaknesses in VA’s management of its health care system—more than 100 of which have yet to be fully resolved,” Dodaro said. “For example, to ensure that its facilities are carrying out processes at the local level more consistently -- such as scheduling veterans’ medical appointments and collecting data on veteran suicides -- VA needs to clarify its existing policies. VA also needs to strengthen oversight and accountability across its facilities by conducting more systematic, independent assessments of processes that are carried out at the local level, including how VA facilities are resolving specialty care consults, processing claims for non-VA care, and establishing performance pay goals for their providers.”

Dodaro said the agency should improve its methods for identifying VA facilities’ resource needs and for analyzing the cost-effectiveness of VA health care.

The VA issue caught the attention of Sen. Ron Johnson (R-Wis.), the committee chairman.

“It is obvious to all of us that there continue to be serious problems with the government’s ability to provide health care to our nation’s veterans,” Johnson said. “Back home in Wisconsin, these problems are becoming increasingly evident with new reports coming in every day. While there are many public servants at the VA who do their best to provide quality care to our nation’s heroes, it is clear that a lack of oversight and longstanding bureaucratic mismanagement has led to the systemic problems that have put our veterans at risk.”

One constant on the high-risk list since 1997 is cybersecurity, with an added emphasis this year protecting personally identifiable information from entering the public sphere. The GAO maintains breaches remain within the system, threatening the widespread release of data.

In September, the report said, hackers hit the U.S. Postal Service network gaining access to Social Security numbers, birthdates, addresses and other information on more than 800,000 current and former employees. A Veterans Affairs network encountered a similar fate in November, resulting in about 7,000 former service members facing the prospect of having their health information compromised.

GAO recommended several steps to prevent what it characterized as the “erosion of personal privacy,” asserting that Congress should adopt stronger privacy laws.

Sen. Tom Carper (D-Del.), the panel’s ranking member, said the GAO is telling lawmakers that “if we don’t solve these problems, the taxpayers are exposed to a high level of waste, fraud or abuse, which can cost our government billions of dollars every year.”

“We can solve all the problems on the high-risk list,” Carper said. “But it is a shared responsibility. Congress must leverage the good work of GAO and the Inspectors General across the government and work closely with the Office of Management and Budget and the agencies responsible for these programs.”