17 High-risk Agencies

VA needs more data

A lack of data on how well its services are working remains a top management challenge at the Department of Veterans Affairs, the General Accounting Office reported last month.

The report was released as part of GAO's series on "Major Management Challenges and Program Risks" at more than 20 federal agencies.

Besides citing the VA for poor collection of data on services, the GAO report cites the VA's poor management of existing information as a potential stumbling block to continued supervision of services to veterans.

"VA must implement and institutionalize fundamental changes to its approach to information systems management to ensure that benefits payments and medical care to veterans are not disrupted in the Year 2000, unauthorized access to and misuse of VA systems do not occur, and sound information technology practices continue," the report states.

Y2K, financial management woes plague DOD

Weaknesses in financial management practices and in the use of financial computer systems pose the top challenge to better performance at the Defense Department, according to a General Accounting Office report released last month.

The report, part of GAO's series on "Major Management Challenges and Program Risks," also highlights the Year 2000 problem and information security as key areas that threaten improved operations at the department.

GAO also reported that information technology problems overall remain a major challenge to a more effective DOD. "[DOD] faces a major change in its current organizational structure and culture, which impedes oversight and coordination of information resources from a departmentwide perspective," the report states. "Accordingly, we are continuing to designate DOD's information technology project management efforts as high-risk."

DOJ suffers from financial management problems

Persistent problems in financial management at the Immigration and Naturalization Service are the No. 1 barrier to a better-managed Justice Department, according to a General Accounting Office report released last month.

The report targets INS' "selection of a replacement financial management system without first analyzing its business processes" as central to the technology-related obstacles that impede better performance at the agency. The report was released as part of GAO's series on "Major Management Challenges and Program Risks" at federal agencies.

But the problems extend beyond INS. GAO also references a financial audit that found "improvements were needed in general controls at the department's data centers and in certain components' financial management systems."

The GAO report goes on to state that access controls were weak for information files for the FBI, the Drug Enforcement Administration, INS and the Marshals Service. "User passwords were not required to be changed, security software was not configured to prevent access to inactive users, and system programmers had been inappropriately provided the ability to make numerous types of modifications to files that would allow them to circumvent security controls or assist others in such actions," the report states.

Education gets low grade for Y2K, integration

The Year 2000 problem and a lack of integrated computer systems pose the greatest technology-related management challenges at the Education Department, according to a General Accounting Office report released last month.

The lack of integration among computer systems means that program managers at Education do not have accurate and timely data on participants in federal student-aid programs, according to the report. The report was released as part of a GAO series on "Major Management Challenges and Program Risks" at federal agencies.

"Federal student financial aid programs remain vulnerable to losses because the department, guaranty agencies, schools and lenders often do not have the accurate, complete and timely information on program participants needed to effectively and efficiently operate and manage the programs," the report states. "These difficulties stem from the lack of a fully functional integrated database covering all department-administered financial aid programs."

Separate databases emerged over the years as new and separate aid programs developed at the department, according to the report. The Higher Education Amendments of 1992, however, required the department to integrate its databases containing student financial aid information.

NASA lacks IT for procurement oversight

The General Accounting Office will continue to classify NASA's overall contract management efforts as "high risk" until the agency launches its new integrated financial management system, which is behind schedule, GAO officials said in a report released last month.

The report notes that NASA's contract management function encompasses several processes, including financial management and oversight. But NASA lacks adequate systems and processes to oversee procurement activities and produce accurate management data, according to the report, which was released as part of a GAO series on "Major Management Challenges and Program Risks" at federal agencies.

In a 1997 internal NASA report, officials said the agency's financial management environment was made up of decentralized, nonintegrated systems with polices and procedures unique to its field centers. GAO concluded that data formats were not standardized, automated systems were not interfaced, and online financial information was not readily available to program managers.

NASA's new integrated financial management system is intended to solve these problems, but the system has been delayed. In May, NASA signed a contract modification with its contractor, KPMG Peat Marwick, delaying the initial implementation of the financial system at two space centers until June 1999. The modification also postponed agencywide installation from July 1999 to June 2000.

KPMG has had difficulties upgrading its software to support new technologies and meet all federal requirements, according to the GAO report. These difficulties have been especially prevalent in two systems directly related to contract management: the core financial and procurement systems.

GAO highlights access, Y2K concerns at HHS

The Department of Health and Human Services does not have access to the data or information technology systems needed to effectively manage various programs, and concerns posed by Year 2000 conversion efforts further complicate these shortcomings, according to a General Accounting Office report released last month.

The report, part of GAO's series on "Major Management Challenges and Program Risks" at federal agencies, notes that HHS does not have access to data needed to manage health insurance programs, grant-making activities and regulatory responsibilities. Developing and maintaining such systems is challenging, however, because many HHS programs are administered by state and local governments. In addition, the automated-systems challenges presented by the Year 2000 conversion effort compound these problems and could put services at risk, the report says.

The Health Care Financing Administration's mission-critical systems supporting the Medicare program are not yet Year 2000-compatible; if not corrected, these systems could malfunction or produce incorrect information beginning in January 2000, according to the report. HHS also faces the possibility of massive system failures for state Medicaid programs, although the responsibility for system renovations for Medicaid lies with the states, not directly with HCFA.

GAO faults USDA's telecom and service center efforts

The General Accounting Office last month slapped the Agriculture Department for not properly managing its telecommunications systems and services, as well as for poor management of its service center modernization initiative.

The GAO report, which is part of its series on "Major Management Challenges and Program Risks" at federal agencies, said, "Among other things, the USDA has not consolidated and optimized telecommunications where opportunities exist to do so or established sound management practices to ensure that telecommunications resources are effectively management and payments for unused ...services are terminated."

In addition, GAO said there are several weaknesses in the USDA's multibillion-dollar effort to modernize service centers, including several management weaknesses that raise concerns regarding the extent to which the IT modernization program will achieve an adequate return on investment or significantly improve customer service. The weaknesses include "acquiring new IT without first determining how it will operate to provide required service, not managing the IT projects as investments and not developing a comprehensive plan and management structure."

Y2K threatens Postal Service

The U.S. Postal Service faces a "major challenge" in upgrading its computer systems to avoid the Year 2000 problem, according to a report released last month by the General Accounting Office.

GAO said in its report, which is part of its series on "Major Management Challenges and Program Risks" at federal agencies, that an early assessment by USPS' Office of the Inspector General showed that the agency was slow to recognize the scope of the Year 2000 challenge and take necessary steps to ensure that all its systems were Year 2000-compliant.

USPS is unique in that a number of private-sector and government groups may need to use USPS as a backup delivery system if their computers malfunction because of the Year 2000 bug. "For this reason, the USPS is concerned about the prospect of a mail surge in January 2000," GAO said. USPS estimates it will cost $500 million to $700 million to fix its Year 2000 problem.

Meanwhile, USPS' continued success will depend heavily on its ability to control operating costs, strengthen internal controls and ensure the integrity of its services, GAO said. While USPS has recognized this, "in recent years we have reported on the need to control costs and protect postal revenue in several areas, such as [USPS'] automation program to improve the efficiency of letter carriers," GAO said.

High costs afflict FAA air traffic control modernization

The Federal Aviation Administration still faces significant cost overruns, schedule delays and performance shortfalls with its multibillion-dollar air traffic control modernization program, the General Accounting Office said in a report released last month.

The report on the Transportation Department, which is part of GAO's series on "Major Management Challenges and Program Risks" at federal agencies, said Congress has appropriated more than $25 billion for the FAA's modernization program through fiscal 1998, and the FAA estimates it will need an additional $17 billion for fiscal 1999 through 2004. "Because of its size, complexity, cost and problem-plagued past, we have designated this program as a high-risk information technology initiative since 1995," GAO said in its report.

The FAA also faces challenges in making its computer systems ready for the Year 2000 computer bug. The agency is unlikely to complete all critical tests on time, and unresolved risks, including those associated with data exchanges and international coordination, threaten aviation operations, the report said.

Other challenges laid out in the report include a 20-year, $9.8 billion Coast Guard project to replace or modernize many of the Coast Guard's ships and aircraft. "We found that the Coast Guard needs to more thoroughly address the project's justification and affordability," GAO said. In addition, DOT's "lack of accountability for its financial activities impairs its ability to efficiently and effectively manage programs" and exposes DOT to potential mismanagement and waste, GAO said.

Weather Service modernization lagging

The General Accounting Office reported last month that the National Weather Service's Advanced Weather Interactive Processing System is not scheduled for deployment until June, and then "with less than full functionality.

"Until AWIPS is deployed and functioning properly, NWS will not be able to take full advantage of the $4.5 billion investment it has made in the modernization to date," GAO concluded.

In its report, which is part of GAO's series on "Major Management Challenges and Program Risks" at federal agencies, GAO also reported that the Commerce Department must improve its financial management to comply with federal accounting standards and effectively reconcile and close its books at year's end. In addition, most bureaus in Commerce "lack effective automated systems to support sound financial management."

Old systems, missing data put EPA at risk

Outdated computer systems and missing data are two significant barriers to the Environmental Protection Agency's ability to perform its job, according to a General Accounting Office report released last month.

The report, which is part of a GAO series on "Major Management Challenges and Program Risks" at federal agencies, states that the old databases and even information within individual databases are not compatible, making it difficult to draw conclusions from the data. There are also important gaps in the information reported in the databases, the report says.

In 1998, the EPA approved an initiative to standardize the data so that it can be combined and reported from various information systems. The agency also announced plans to perform an in-depth analysis of data gaps and to determine ways to address those gaps. Additionally, the agency announced plans to create an office for information management, information policy and technology stewardship. All these initiatives must be carried through, GAO said.

"Although these efforts are steps in the right direction, collecting and managing the data the EPA needs [has] been a long-standing challenge for the agency," the report says. "Achieving these improvements will require long-term commitment and resources."

Inaccurate IT systems waste billions at HUD

The Department of Housing and Urban Development is wasting billions of dollars because of poor procurement management and an inaccurate financial management system, according to a General Accounting Office report released last month.

In its report, which is part of a series on "Major Management Challenges and Program Risks" at federal agencies, GAO found that existing information technology systems cannot accurately track the agency's funds or the information reported by clients on which payments are based. HUD also has no reliable process to procure systems and assess their performance.

GAO acknowledged HUD's efforts to develop better management of IT investment and to fully overhaul the financial management system and the various integrated systems since the last report in 1997. But it will be several years until all the changes are made, and "[HUD] will continue to be adversely affected by inadequate systems and information until its efforts are successfully completed," the report says.

Y2K puts USAID computers at risk of failure

New computer systems worth at least $92 million at the U.S. Agency for International Development have not yet been equipped to handle the Year 2000 problem, according to a General Accounting Office report released last month.

The report, which is part of a series on "Major Management Challenges and Program Risks" at federal agencies, states that USAID has not taken adequate steps to address the computer millennium problem and has not developed contingency plans to ensure the continuity of all its mission-critical business operations.

USAID continues to face a serious risk that its systems and operations could fail or be significantly degraded, according to the report. The agency is only now beginning to prepare contingency plans after being criticized for poor progress in its Year 2000 efforts, the report says.

IT weaknesses hinder Interior's management of trust accounts, ALMRS

Problems with systems for managing American Indian trust accounts and for tracking records on land leases and mineral rights are the core technology issues hindering better management at the Interior Department, according to a General Accounting Office report released last month.

Inadequate accounting, information systems weaknesses and poor record-keeping make the management of $3 billion in American Indian funds more difficult, GAO reported. "Because many of the needed improvements [in trust fund management] center on information technology, adhering to legal and regulatory requirements, such as the Clinger-Cohen Act and the Office of Management and Budget's guidance for major information technology investments, is critical," according to the report, which was released as part of a GAO series on "Major Management Challenges and Program Risks" at federal agencies.

The report also targets Interior's Automated Land and Mineral Records System, which department officials originally pegged as costing $403 million. Cost estimates for ALMRS have ballooned to more than $530 million, however, and project deadlines have slipped, according to the report. The delays put Interior at risk for the Year 2000 problem because ALMRS will replace some computer systems that are susceptible to the problem.

Y2K could hamper State's visa application process

The State Department has been slow in addressing Year 2000 issues, which could have a major impact on the agency's ability to perform key functions, including identifying visa applicants who may pose a threat to the nation's security, according to a report released last month by the General Accounting Office.

The report, part of a GAO series on "Major Management Challenges and Program Risks" at federal agencies, also recommends that State make the full implementation of an IT planning and investment process a top priority. This would include the development of an IT architecture to help guide the modernization, the establishment of a fully functioning technical review board and the identification of potential cost savings and efficiencies.

In terms of the Year 2000 computer problem, the report states that recent data suggests that State is beginning to make progress in remediating systems that have been determined to be mission-critical. State has prioritized its mission-critical applications and adopted an improved approach and contingency planning efforts focused on core business functions and supporting systems, according to the report.

GAO recommends that State needs to establish a central information security unit, adopt risk-based information technology security management techniques, prepare new management guidance on IT security and increase IT security awareness activity.

IRS still lacks skills to modernize systems

Despite some progress, the Internal Revenue Service still lacks the ability to effectively modernize its tax systems, according to a report released last month by the General Accounting Office.

For more than a decade, the IRS has been attempting to modernize its outdated, paper-intensive approach to tax return processing. In December, the IRS awarded its multibillion-dollar Prime contract for systems modernization to Computer Sciences Corp.

Because of the importance and high cost of the modernization and the fact that GAO's key recommendations still remain open, the report categorizes the IRS' systems modernization effort as a high-risk program. In its report, part of a GAO series on "Major Management Challenges and Program Risks" at federal agencies, GAO recommends that the tax agency account for changes in system requirements and priorities caused by the IRS' organizational restructuring and change to accommodate new technology and to implement the IRS Restructuring and Reform Act of 1998 requirements.

Public data at SSA not secure

Weaknesses in computer systems at the Social Security Administration have exposed the agency to external and internal intrusion, jeopardizing sensitive information to unauthorized users, according to a report released last month by the General Accounting Office.

The report, part of a GAO series on "Major Management Challenges and Program Risks" at federal agencies, also states that the weaknesses have increased the risk of introducing errors or irregularities into data processing operations and have allowed some individuals to bypass critical controls, such as authorization and supervisory review.

SSA also faces difficult choices about how to provide cost-effective, world-class service to its customers, who are now living longer. SSA may need to restructure how it does business to take advantage of new technologies and cost-effectively meet changing customer preferences, according to the report.