LegiStorm

What GAO Found

Solid, steady progress has been made in the vast majority of the high-risk areas. Eighteen of the 30 areas on the 2013 list at least partially met all of the criteria for removal from the High Risk List. Of those, 11 met at least one of the criteria for removal and partially met all others. Sufficient progress was made to narrow the scope of two high-risk issues—Protecting Public Health through Enhanced Oversight of Medical Products and DOD Contract Management. Overall, progress has been possible through the concerted actions of Congress, leadership and staff in agencies, and the Office of Management and Budget.

This year GAO is adding 2 areas, bringing the total to 32.

Managing Risks and Improving Veterans Affairs (VA) Health Care. GAO has reported since 2000 about VA facilities' failure to provide timely health care. In some cases, these delays or (VA's failure to provide care at all) have reportedly harmed veterans. Although VA has taken actions to address some GAO recommendations, more than 100 of GAO's recommendations have not been fully addressed, including recommendations related to the following areas: (1) ambiguous policies and inconsistent processes, (2) inadequate oversight and accountability, (3) information technology challenges, (4) inadequate training for VA staff, and (5) unclear resource needs and allocation priorities. The recently enacted Veterans Access, Choice, and Accountability Act included provisions to help VA address systemic weaknesses. VA must effectively implement the act.

Improving the Management of Information Technology (IT) Acquisitions and Operations. Congress has passed legislation and the administration has undertaken numerous initiatives to better manage IT investments. Nonetheless, federal IT investments too frequently fail to be completed or incur cost overruns and schedule slippages while contributing little to mission-related outcomes. GAO has found that the federal government spent billions of dollars on failed and poorly performing IT investments which often suffered from ineffective management, such as project planning, requirements definition, and program oversight and governance. Over the past 5 years, GAO made more than 730 recommendations; however, only about 23 percent had been fully implemented as of January 2015.

GAO is also expanding two areas due to evolving high-risk issues.

Enforcement of Tax Laws. This area is expanded to include IRS's efforts to address tax refund fraud due to identify theft. IRS estimates it paid out $5.8 billion (the exact number is uncertain) in fraudulent refunds in tax year 2013 due to identity theft. This occurs when a thief files a fraudulent return using a legitimate taxpayer's identifying information and claims a refund.

Ensuring the Security of Federal Information Systems and Cyber Critical Infrastructure and Protecting the Privacy of Personally Identifiable Information (PII). This risk area is expanded because of the challenges to ensuring the privacy of personally identifiable information posed by advances in technology. These advances have allowed both government and private sector entities to collect and process extensive amounts of PII more effectively. The number of reported security incidents involving PII at federal agencies has increased dramatically in recent years.

The federal government is one of the world's largest and most complex entities: about $3.5 trillion in outlays in fiscal year 2014 funded a broad array of programs and operations. GAO maintains a high-risk program to focus attention on government operations that it identifies as high risk due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement or the need for transformation to address economy, efficiency, or effectiveness challenges.

Since 1990, more than one-third of the areas previously designated as high risk have been removed from the list because sufficient progress was made in addressing the problems identified. The five criteria for removal are (1) leadership commitment, (2) agency capacity, (3) an action plan, (4) monitoring efforts, and (5) demonstrated progress.

This biennial update describes the status of high-risk areas listed in 2013 and identifies new high-risk areas needing attention by Congress and the executive branch. Solutions to high-risk problems offer the potential to save billions of dollars, improve service to the public, and strengthen government performance and accountability.

This report contains GAO's views on progress made and what remains to be done to bring about lasting solutions for each high-risk area. Perseverance by the executive branch in implementing GAO's recommended solutions and continued oversight and action by Congress are essential to achieving greater progress.

For more information, contact J. Christopher Mihm at (202) 512-6806 or mihmj@gao.gov.