Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
IRS program, interagency contracting finally removed from High-Risk list
Thursday - 2/14/2013, 10:04am EST
GAO removed these two programs from its biennial High Risk List released today.
The multi-billion dollar IRS program made it off the list after 18 years of constant challenges around technology and financial management controls, and other management weaknesses.
The GAO put the management of interagency contracting on watch in 2005 because of unclear lines of accountability between customer and assisting agencies, and improper use of these contracts, which included buying out-of-scope work and limited or non-competitive procurements.
GAO said both the IRS and the Office of Federal Procurement Policy have improved the weaknesses so the programs now are considered to be on a strong path toward success.
While those two initiatives came off, GAO added two new areas: federal financial risks due to climate change and reducing the gaps in weather satellite data.
Little change over two years
In all, GAO placed 30 programs across six major programmatic areas on its High Risk list. The number of programs remained the same as in 2011, with the two additions and two subtractions.
"Throughout the past decades, attention to high risk areas has brought results," Comptroller General Gene Dodaro wrote in a letter to Sens. Tom Carper (D-Del.) and Tom Coburn (R-Okla.), chairman and ranking member of the Homeland Security and Governmental Affairs Committee, respectively, and Reps. Darrell Issa (R-Calif.) and Elijah Cummings (D-Md.), chairman and ranking member of the Oversight and Government Reform Committee. "More than one-third of the areas previously designated as high risk have been removed from the list because sufficient progress was made to address the problems identified."
Issa and Cummings will hold a hearing on the High Risk List this morning. Two years ago, Congress promised tough oversight on these areas, but few hearings or other forms of oversight emerged.
From left to right: Rep. Darrell Issa (R-Calif.), Comptroller General Gene Dodaro, Rep. Elijah Cummings (D-Md.), and Sen. Tom Carper (D-Del.) at the release of the 2013 GAO High Risk List.
Still, GAO's meetings with agencies and the Office of Management and Budget helped spur at least two programs to get off the list, and a host of improvements across many other troubled initiatives.
GAO identified the IRS Business Systems Modernization (BSM) program in 1995 as high risk because of management and technical weaknesses in agency's plans. Under the BSM, the IRS is modernizing its tax administration and internal management systems.
GAO said the IRS made progress throughout the 2000s and finally in 2011 and 2012 took necessary steps to fix weaknesses by creating cross-functional working groups to fix at-risk control areas, improved the encryption of information transferred between accounting systems and upgraded the cybersecurity of internal systems.
Additionally, the IRS addressed its outdated operating system and application software, improved its auditing and monitoring capabilities of its general support system and tested its general ledger system for tax transactions in its current operating environment.
"IRS delivered the initial phase of its cornerstone tax processing project and began the daily processing and posting of individual taxpayer accounts in January 2012," the GAO stated. "This enhanced tax administration and improved service by enabling faster refunds for more taxpayers, allowing more timely account updates and faster issuance of taxpayer notices. IRS has put in place close to 80 percent of the practices needed for an effective investment management process, including all of the processes needed for effective project oversight."
GAO said it will continue to monitor IRS's progress as required by law.
Risks of using governmentwide contracts reduced
As for the management of interagency contracting, the Office of Federal Procurement Policy led effort included reducing the risks of using these acquisition vehicles.
GAO said in both 2009 and 2011 high risk updates, OFPP and the General Services Administration made improvements such as better defining the roles and responsibilities of the provider and the customer through new interagency agreements.
GAO found in October 2012 that most of the 24 largest users of interagency contracts implemented management controls to reinforce new Federal Acquisition Regulation requirements to justify the use of interagency contracts and strengthened the management of interagency acquisitions more broadly, such as oversight mechanisms to ensure their internal controls were operating properly.
OFPP also addressed contract duplication by requiring business cases for all new interagency multiple award contracts. Additionally, GAO said the new strategic sourcing council adds another layer of control to creating new, possibly duplicative contracts.
Finally, GAO said OFPP and GSA improved the interagency contract directory, and is testing how best to collect and share pricing data across the schedule contracts.
"Removing the management of interagency contracting from the High Risk list does not mean that the federal government's use of these contracts is without challenges," GAO stated. "For example, we and the DoD inspector general have found instances in which DoD did not complete best procurement determinations as required. Continued management attention is necessary. But, we believe there are mechanisms in place that OMB and federal agencies can use to identify and address interagency waste, fraud and abuse."
Climate change and satellites
As for the two new areas, GAO determined both pose enough risks for the government that they deserve more attention.
Auditors said the federal financial exposure due to climate change needs a risk-management strategy to help protect vulnerable sectors and communities.
GAO determined that federal financial exposure comes from property owned by the U.S. government, including 650 million acres of land, state and local infrastructure projects using federal funds and disaster aid from FEMA.
"Federal agencies have made some progress toward better organizing across agencies, within agencies and among different levels of government; however, increasing fiscal exposure for the federal government calls for more comprehensive and systematic strategic planning," GAO stated.
- a governmentwide strategic approach with strong leadership and the authority to manage climate change risks,
- more information to understand and mange federal insurance programs' long-term exposure to climate change and analyze the potential impacts of an increase in frequency or severity of weather related events,
- a governmentwide approach for providing best available climate-related data and assistance in translating data for officials to make decisions, and
- improved criteria for assessing a jurisdiction's capability to respond and recover from a disaster without federal assistance.
Related to the federal fiscal risks because of climate change is the government's inability to buy satellites in a timely manner to ensure they have data to predict weather-related events.
The National Oceanic and Atmospheric Administration predicts it will have a gap of 18-to-24 months between the time its current fleet of polar orbiting satellites are no longer useful and when the new ones are ready to transmit data. GAO said it identified scenarios where the gap could be anywhere from 17-to-53 months.
NOAA also is struggling with its new geostationary environmental satellites. GAO estimated in June that these satellites have less than a 50 percent chance of meeting its launch date of June 2015.
"It is not evident that the critical steps have been implemented including simulating continuity situations and working with the user community to account for differences in various continuity scenarios," GAO stated. "These steps are critical for NOAA to move forward in documenting the processes it will take to implement contingency plans. Once these activities are completed, NOAA should update its contingency plan to provide more details on its contingency scenarios, associated time frames and any preventative actions it is taking to minimize the possibility of a gap."
Six programs on the list since 1990
Of the 28 other programs on the High Risk list, GAO said six have been in trouble since 1990, including NASA acquisition management, Defense Department supply chain management and the Medicare program.
DoD continues to have the most programs on the list with seven programs, including its business systems modernization, financial management, contract management and business transformation programs.
Several governmentwide challenges also remain on the list, such as strategic human capital management, federal real property management and cybersecurity.
"Additional progress is both possible and needed in all 30 high-risk areas," GAO stated. "Continued perseverance will ultimately yield significant benefits. Lasting solutions to high risk problems offer the potential to save billions of dollars, dramatically improve service to the American public, strengthen public confidence and trust in the performance and accountability of the federal government, and ensure the ability of the government to deliver on its promises."