The Government Accountability Office has taken two items off its high-risk list — a governmentwide inventory of programs that put agencies on-notice about major threats of fraud, waste, abuse and mismanagement.
Getting an agency program off the high-risk list isn’t unheard of, but it takes a lot of momentum and a lot of buy-in from agency leadership to pull it off. And once a program ends up on the high-risk list, lawmakers waste no time sounding the alarms.
Insight by Microsoft and ServiceNow: Experts from the State Department, Defense Logistics Agency and CISA will explore how innovation and security can happen in tandem in this free webinar.
GAO took the Defense Department’s supply chain management off the list, as well as the government’s handling of weather satellite data.
By working to get off the high-risk list, Comptroller General Gene Dodaro said DoD has helped ensure it has the right supplies at the right time, and at the right place. Dodaro told members of the House Oversight and Government Reform Committee what the improvements with weather satellites mean going forward.
“We were very concerned about this years ago because it would diminish the ability to get long-term and short-term weather forecasts, which are still necessary to protect life and property,” Dodaro said Wednesday.
In order to get off the high-risk list, the National Oceanic and Atmospheric Administration (NOAA) launched a satellite producing better weather information. Dodaro said DoD is also scheduled to release a new satellite within the next few years.
Another 24 areas on GAO’s high-risk list took steps toward getting off the high-risk list. Dodaro told members of the Homeland Security and Governmental Affairs committee Wednesday those issues are serious but solvable.
“When I was before this committee for my confirmation, one of the goals I set for myself was to not only identify all the high-risk areas across government, but to get them actually solved and off of the list,” he said.
But other programs on the high-risk list continue to deteriorate. GAO assigned lower scores to three program areas that were already on the high-risk list — NASA acquisition, the Environmental Protection Agency’s oversight of toxic chemicals and the government reducing its financial risk to climate change.
GAO also announced it was adding the Department of Veterans Affairs’ acquisition to its high-risk list.
“Many purchases are being made under emergency situations when they should be able to more routinely identify what kind of medical supplies and services they need for the hospitals.”
This now puts VA on the high-risk list three times.
Dodaro, as recently as last week, expressed concerns about a high turnover rate in VA leadership. But now he said the agency faces management challenges as well.
“Their management structure at the VA is among the most challenged in the federal government in my opinion,” Dodaro said. “That’s why they have many areas on the list — they need leadership, they need plans, and then they need follow-up holding them accountable for results.”
Last year, the watchdog office added the government’s security clearance process to the list.
At the House Oversight hearing, Dodaro identified five high-risk items that have been on the list since the 1990s: Medicare, IRS tax administration, DoD weapons systems, Energy Department contact management, and NASA acquisition.
HSGAC chairman Ron Johnson (R-Wis.) said it’s one thing for GAO to highlight a problem, but it’s another issue to get agencies to do anything about the problem.
“We need to get the attention of secretaries and department heads and deputy secretaries … so many of your recommendations can be carried out, and need to be carried out by the agencies,” Johnson said, requesting GAO to recommend legislative fixes where necessary.
GAO has issued more than 3,000 recommendations in the past 10 years, and more than 700 of those remain outstanding.
Dodaro said part of the problem is getting multiple agencies to work together in areas like cybersecurity. That’s an issue that’s been on the high-risk list since 1997.
“I still don’t believe there’s enough of a sense of urgency in correcting the problems across the government, whether it’s in individual agencies or across the government. And I think the cyber risks are getting more complicated with the internet of things, artificial intelligence, quantum computing on the horizon. This issue’s going to get more complicated, not less.”
Senator Gary Peters (D-Mich.) HSGAC’s ranking member, asked Dodaro what steps agencies are taking to fill critical gaps in their cybersecurity workforce. Dodaro responded by saying some agencies haven’t figured out yet where those workforce gaps are.
“Congress has put a lot of legislative requirements on agencies to assess their cybersecurity workforce gaps, and most of the agencies have not completed that task, so there isn’t really a full assessment in most parts of the federal government about their existing cybersecurity workforce and what gaps they need to fill in those areas.”
“We got rid of the GS classification system and went to a broadband system where it’s much easier to bring people in and out of the government,” Dodaro said. “In any one year, the number of people we hire are people we’re hiring back into GAO — who have been there earlier, went to the private sector, went to academia or some other place and then came back to the organization.”
Sen. James Lankford (R-Okla.) the chair of the Subcommittee on Regulatory Affairs and Federal Management, said GAO’s personnel model might be worth emulating across government.
“That could be the most earth-shattering personnel [and] whole-series-of-hearings conversation I’ve heard in a long time — that we got rid of the GS structure, we went to this and it actually worked more effectively,” Lankford said.
Graphics by Amelia Brust/Federal News Network