The Government Accountability Office said it’s pleased by some progress it saw in preparing the 2017 High-Risk List, which it officially released Wednesday morning. Two-thirds, or 23 out of 34 areas, met or partly met GAO’s criteria for removing those programs from the list.
But Gene Dodaro, GAO’s comptroller general, said progress on other areas is moving too slowly, and he wants more congressional attention and hearings on those topics.
And members of Congress, which took turns praising GAO and its thorough, biennial assessment of federal programs and governmentwide-initiatives, seemed committed to Dodaro’s request.
“The last administration, I think, failed, and it’s our obligation to hold this administration to a much higher standard to cooperate with GAO, because without them, our oversight is not meaningful,” said Rep. Darrell Issa (R-Calif.) during a Feb. 15 House Oversight and Government Reform Committee hearing on the High-Risk list.
Insight by Booz Allen Hamilton: Technology experts explore cyber engineering in government in this free webinar.
The 2020 count was one of three new areas GAO added to its 2017 list this year, which also included agencies’ management of federal health and education programs that serve tribes and their members, and government’s environmental liabilities.
GAO removed one area — sharing and managing terrorism-related information to protect the homeland — from this year’s list.
The Census Bureau has been working on several new IT systems and a census redesign that the agency said could make the upcoming 2020 count the cheapest one yet. But GAO has had its concerns. It’s made 30 recommendations for the census since 2014, and the bureau has fully implemented six of them.
The last census was the most expensive count in the bureau’s history. This time, the agency hopes that the off-the-shelf technology that it’s modifying will save money for the 2020 count.
“It’s still an open issue,” said Chris Mihm, managing director for strategic issues at GAO. “There are three big technology issues that they’re confronting. One, to make sure that we can have the internet response option. … The second is a major processing effort, which is called CEDCAP. The third then, is the mobile devices, which you alluded to was a big problem last time. There are unresolved issues with all three of these major technology issues. It was a major driver to why we put the 2020 Census on the High-Risk list.”
The new technologies that the bureau is working on would in fact save the bureau money, if the agency can deliver. Census is not necessarily behind schedule on its preparations for the 2020 count yet, but GAO is concerned the agency will run into delays.
“They need to maintain the schedule that they’re on,” Mihm said. “They’ve canceled a test that’s coming up for a variety of regions, which they say is primarily driven by budget concerns … related to the CR and other issues.”
With much of the bureau’s preparations plagued with uncertainty, the committee is concerned that come 2019, the census will earn another spot on GAO’s High-Risk list.
“How worried should we be that, here we go again, the Census Bureau, with the best intentions, is facing three years out a serious problem both with the technology and with the budget, the cost of this enterprise?” Rep. Gerry Connolly (D-Va.) asked. “Or are these just glitches that we’re confident can be worked out?”
“If we weren’t worried, we wouldn’t put it on the list,” Dodaro said in response.
Committee Chairman Jason Chaffetz (R-Utah) said the committee may introduce new legislation that would also allow U.S. Postal Service workers to collect census information.
The High-Risk list covers nearly every corner of the government, from the Homeland Security Department’s management function to strategic human capital management. Many of these areas have made progress over the last two years in meeting GAO’s criteria for removal from the list, but they’re not out of the clear yet.
The Homeland Security Department’s management function earned praise from GAO for its progress since 2015.
“DHS continued to meet the criteria for leadership commitment and corrective action plan,” GAO said. “DHS’s top leadership has demonstrated exemplary support and a continued focus on addressing the department’s management challenges.”
Agencies, with the Office of Personnel Management’s leadership, have also made strides on strategic human capital management, specifically in addressing mission critical skills gaps.
Yet of the 34 high-risk areas, 15 of them had federal workforce mission critical skills gaps associated with them, Ranking Member Elijah Cummings (D-Md.) said. He’s particularly concerned by the challenges agencies have to find highly skilled auditors.
“We know there are already skills gaps … cybersecurity, acquisition workforce, oil and gas management, petroleum engineers, a number of areas on our High-Risk list have human capital [challenges],” Dodaro said. “There’s a lot of areas. There will be, likely, emerging skill gaps, and you’re going to have a lot of people retiring. You have to be able to realign the workforce.”
The hiring freeze could impact agencies’ abilities to address these skills gaps, Dodaro said, but GAO will be more attentive to the Office of Management and Budget’s upcoming workforce plan.
Previous hiring freezes, didn’t reduce the size of the workforce as much as past administrations anticipated, Dodaro said. Budgetary controls or strategic workforce planning would be the best way to control the size of the federal workforce, he added.
“If you want to reduce the number of federal employees … you have to reduce the functions that those employees are doing,” Dodaro said. “If you don’t reduce federal programs, or eliminate programs or find some other way to do it — if you just eliminate the people but keep all the functions there — you’re going to have a problem.”
GAO first added human capital management back in 2001.
In addition, Dodaro said he’s keeping an eye on the status of the National Background Investigations Bureau and OPM’s efforts to improve the federal security clearance system. It’s not part of the High-Risk List, but GAO is preparing a report on the topic sometime this fall. Dodaro said he may decide to add security clearances to the list out of cycle if he sees fit.
GAO has made more than 2,500 recommendations related to agency cybersecurity, which was added to the High-Risk list in 1997.
As of October 2016, agencies implemented about half of them.
“I’ve been very concerned about the pace of agencies implementing our recommendations in this area,” Dodaro said. “It was the first time we ever designated anything across the entire federal government high-risk in 1997. It’s hard to get agencies’ attention to put in place comprehensive systems.”
Many agencies put more attention behind the issue after OPM’s cyber breaches, Dodaro acknowledged.
“There’s more attention being given to this area, but not enough, [not] a sense of urgency in actually fixing these problems,” he said.
Dodaro said he planned to flag these cyber challenges for the new administration when he meets with them.
Health care at the Veterans Affairs Department, which GAO added to the High-Risk List in 2015, also needs significantly more attention.
Dodaro said the department’s leadership began several pilots and transformational efforts to address these issues.
“I’m very concerned about this area,” Dodaro said. “I raised it [on] the High-Risk list last update because I knew it wouldn’t be fixed right away. But I’m disappointed by the lack of progress.”
Electronic health record interoperability between VA and the Defense Department has been a huge area of frustration for GAO, which initially flagged it as a challenge 15 to 20 years ago.
“You have the two most bureaucratic government entities trying to work together in this area,” Dodaro said. “They haven’t done it. They still haven’t provided us a good rationale for why they decided not to have an integrated system, and they’ve gone off on their own way.”