Oversight

Can reorg plans get agencies off the high-risk list?

Comptroller General Gene Dodaro 

Comptroller General Gene Dodaro, shown here introducing the 2015 GAO High-Risk List.

As agencies continue preparations to submit their reorganization plans, many also have to reckon with their places on the Government Accountability Office's high-risk list.

Since 1990, GAO has chronicled a single list of government programs imperiled by waste, fraud, abuse and mismanagement. The 2017 edition identified 34 high-risk areas, with government-wide IT management, cybersecurity and strategic human capital management making repeat appearances.

At an Aug. 23 event hosted by the National Academy of Public Administration, GAO head Gene Dodaro said that, contrary to perception, it's not impossible to get off the high-risk list after being placed on it -- but it does require a specific, committed response.

"We've taken over 20 areas off over the years," he said, adding that agencies "don't have to have the risk completely solved … but you have to have it under management as much as possible and actually demonstrate you're fixing some of the problems."

One area of particular concern for Dodaro is federal cybersecurity, which made its debut on the high-risk list in 1997 and has become an omnipresent issue for agencies.

"Obviously, the cyber challenges today are a lot more dramatic than they were in 1997," he said.

In addition to the challenges posed by governmentwide reliance on legacy equipment, agencies "are not working with enough urgency" to mitigate vulnerabilities and unauthorized access on their networks, Dodaro said.

"Most of the attacks involve areas of known weakness that haven't been patched or haven't been fixed," he said, adding that GAO has made thousands of recommendations over the years, and that 1,000 remain open. "While there is an inherent problem, there are known things that could be done to reduce agencies' vulnerability."

Dodaro gave credit to agencies' inspectors general, who have taken a lead role in identifying and helping resolve concerns in the cybersecurity arena, and to Congress for its continued legislative and oversight interests.

Congress has "taken a lot of legislative action" on cybersecurity and workforce issues in recent years, "and I don't expect attention in Congress to wane," Dodaro said.

Dodaro added that despite laws like the Federal IT Acquisition Reform Act that have given CIOs more authority, "the government does not get an adequate return on investment" on its annual IT spend of about $90 billion.

However, the recent departures of top agency tech officials at Homeland Security, Treasury and Agriculture -- as well as the prolonged absence of a current federal CIO -- is "an area to be concerned about," he said.

Dodaro said that the high number of remaining vacancies throughout the Trump administration has "not yet" resulted in a slowdown in the reporting or progress on program reform efforts, but added, "it's something to keep an eye on."

On the human capital front, there's an intrinsic relationship between the government's security posture and recruiting and retaining a skilled workforce.  

Veronica Villalobos, principal deputy associate director for the Office of Personnel Management's Employee Services division, pointed out that sequestration, repeated continuing resolutions and this year's federal hiring freeze have also made filling cyber positions more difficult.   

Dodaro said GAO is currently investigating the effects of President Donald Trump's hiring freeze and expects to publish a report "later this year." In the past GAO has reported that hiring freezes don't help the cause of government efficiency,

Ongoing reorganization efforts, Dodaro said, present the "perfect opportunity" to work with GAO and address remaining open recommendations. Whether agencies will take the opportunity to address the recommendations, "we'll wait and see," he said. "But we've done our part."

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.