For some department leaders and agency managers, the Government Accountability Office’s High Risk List is an albatross around their necks, but Comptroller General Gene Dodaro says now is a perfect time to lighten their loads and consider recommendations as they implement their reorganization plans.
Speaking at an Aug. 23 National Academy of Public Administration event in Washington, D.C., Dodaro said he’s sent letters to agency and department heads outlining open GAO recommendations not only on the High Risk List, but ones related to overlap, duplication and fragmentation.
“At any one time, even though 77 percent of our recommendations are implemented, there will probably be 4,000 or 5,000 open recommendations at GAO,” Dodaro said. “But I prioritized the ones that I thought were important and I wanted to get that to them, so they could consider that in their reorganization efforts. It’s a perfect opportunity for them to look at open GAO recommendations and see if they want to embrace that as part of their reorganization effort. So we’ll wait and see, but we’ve done our part; we’ve given them the information to help them make informed decisions and I’m in the process of meeting with all the new heads of departments and agencies and their leadership teams … doing appropriate outreach given our role and our independence.”
GAO released its 2017 High Risk List in February. Two-thirds, or 23 out of 34 areas, met or partly met GAO’s criteria for removing those programs from the list.
The 2020 census was one of three new areas GAO added to its list, which also included agencies’ management of federal health and education programs that serve tribes and their members, and government’s environmental liabilities.
“GAO’s role is not only to identify areas of high risk, but to help agencies appropriately given our independence, help them get off the list,” Dodaro said. “That’s the way we view success at GAO, is helping the government operate better, more efficiently and effectively, by solving these high risk problems.”
GAO removed one area — sharing and managing terrorism-related information to protect the homeland — from this year’s list.
“When we take something off the list, I always mention to the agency and the Congress, just because it’s off the list doesn’t mean it’s out of sight,” Dodaro said. “We keep an eye on some of these areas over time and some have indeed been added back to the High Risk List if they slip in terms of their progress over time.”
Wait and see
President Donald Trump’s government reorganization directive isn’t the only major management issue Dodaro is keeping an eye on.
Dodaro said GAO should be publishing a report later this year on the hiring freeze.
Dodaro said GAO looked at hiring freezes from previous administrations and judged “they weren’t an effective tool for managing government. It was better to manage based upon having a good workforce and strategic plan in place.”
In 2001, GAO designated strategic human capital management as a high risk area, and it’s still on the list because of already existing critical skills gaps across the government.
“They made some exceptions, it wasn’t in for a long period of time,” Dodaro said. “So we’ll have to wait and see, but I’ll see what the facts are based on the work that we’ve done.”
Dodaro told a reporter that when it comes to filling political appointee positions, GAO had not noticed “any major issues at this point,” when it comes to communicating with agencies.
He said he’s meeting with new leadership as they come in, “to firmly establish a constructive working relationship with GAO, where we get the information we need as quickly and prudently as possible, and that we get responses to our draft reports in a timely manner so that we can keep our commitments to the Congress to publish our reports on time.”
Bad management approach
Dodaro said he’s also noticed the reassignments and departures of agency chief information officers, which also ties to cybersecurity high risk areas.
“That’s an area to be concerned about,” Dodaro said. “We need good, strong CIOs, we need good, strong CFOs in the government. The [IT] investment that the federal government has made every year, it’s about $80 billion or $90 billion, we feel that the federal government does not get an adequate return on that investment.”
Dodaro said several years ago GAO designated governmentwide IT acquisitions and operations as a high risk area. If leaders aren’t in place to manage risk and oversee implementation of the Federal IT Acquisition Reform Act (FITARA), “that’s of concern to me,” he said.
He said Congress has also passed at least five laws addressing cyber issues, and he doesn’t expect lawmakers to take their attention off cyber any time soon.
“Obviously, cyber challenges today are a lot more dramatic than they were when we put them on in 1997, so you need to continue to evolve to the risk,” Dodaro said. “The only way you do that is having management’s attention to the risk to begin with. You can’t just say well, that’s the way it is, nothing we do will have an effect. That is not a good management approach.”
Dodaro said there are still 1,000 open recommendations just in cybersecurity alone, and he was concerned agencies were not moving fast enough to address known problems.
“None of these areas do we ask for zero risk,” Dodaro said. “We never identify an area that’s just based on inherent risk, we always feel that there are management actions that could be taken by the agencies to mitigate the risk going forward. That’s really the focus of this is mitigating your risk, reducing risk to the lowest possible activity … and doing as best as you can and try to identify how the risk will morph over time.”