Can reorg plans get agencies off the high-risk list?

Comptroller General Gene Dodaro 

Comptroller General Gene Dodaro, shown here introducing the 2015 GAO High-Risk List.

As agencies continue preparations to submit their reorganization plans, many also have to reckon with their places on the Government Accountability Office's high-risk list.

Since 1990, GAO has chronicled a single list of government programs imperiled by waste, fraud, abuse and mismanagement. The 2017 edition identified 34 high-risk areas, with government-wide IT management, cybersecurity and strategic human capital management making repeat appearances.

At an Aug. 23 event hosted by the National Academy of Public Administration, GAO head Gene Dodaro said that, contrary to perception, it's not impossible to get off the high-risk list after being placed on it -- but it does require a specific, committed response.

"We've taken over 20 areas off over the years," he said, adding that agencies "don't have to have the risk completely solved … but you have to have it under management as much as possible and actually demonstrate you're fixing some of the problems."

One area of particular concern for Dodaro is federal cybersecurity, which made its debut on the high-risk list in 1997 and has become an omnipresent issue for agencies.

"Obviously, the cyber challenges today are a lot more dramatic than they were in 1997," he said.

In addition to the challenges posed by governmentwide reliance on legacy equipment, agencies "are not working with enough urgency" to mitigate vulnerabilities and unauthorized access on their networks, Dodaro said.

"Most of the attacks involve areas of known weakness that haven't been patched or haven't been fixed," he said, adding that GAO has made thousands of recommendations over the years, and that 1,000 remain open. "While there is an inherent problem, there are known things that could be done to reduce agencies' vulnerability."

Dodaro gave credit to agencies' inspectors general, who have taken a lead role in identifying and helping resolve concerns in the cybersecurity arena, and to Congress for its continued legislative and oversight interests.

Congress has "taken a lot of legislative action" on cybersecurity and workforce issues in recent years, "and I don't expect attention in Congress to wane," Dodaro said.

Dodaro added that despite laws like the Federal IT Acquisition Reform Act that have given CIOs more authority, "the government does not get an adequate return on investment" on its annual IT spend of about $90 billion.

However, the recent departures of top agency tech officials at Homeland Security, Treasury and Agriculture -- as well as the prolonged absence of a current federal CIO -- is "an area to be concerned about," he said.

Dodaro said that the high number of remaining vacancies throughout the Trump administration has "not yet" resulted in a slowdown in the reporting or progress on program reform efforts, but added, "it's something to keep an eye on."

On the human capital front, there's an intrinsic relationship between the government's security posture and recruiting and retaining a skilled workforce.  

Veronica Villalobos, principal deputy associate director for the Office of Personnel Management's Employee Services division, pointed out that sequestration, repeated continuing resolutions and this year's federal hiring freeze have also made filling cyber positions more difficult.   

Dodaro said GAO is currently investigating the effects of President Donald Trump's hiring freeze and expects to publish a report "later this year." In the past GAO has reported that hiring freezes don't help the cause of government efficiency,

Ongoing reorganization efforts, Dodaro said, present the "perfect opportunity" to work with GAO and address remaining open recommendations. Whether agencies will take the opportunity to address the recommendations, "we'll wait and see," he said. "But we've done our part."

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter


  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.