GAO's new high-risk list looks much like the old one

The Government Accountability Office has added three federal program areas to its high-risk series report.Released today, the report highlights the need to protect technologies critical to national security, improve food safety and pay for transportation improvements. GAO’s auditors emphasized in their high-risk series report that critical technologies continue to be the targets of theft, espionage, reverse engineering and illegal export.There are as many as eight often competing federal programs to identify and protect critical technologies. “Poor coordination and fundamental disagreements among the departments have had unintended consequences for both national security and economic interests,” GAO’s auditors wrote. The agency called for creating a comprehensive framework of clear responsibilities and accountability for identifying and protecting critical technologies.The report commends the Homeland Security Department for progress on developing a departmentwide framework for managing information. But it faults DHS for lack of progress on a comprehensive information security program and for not providing its senior leaders with adequate support for making decisions about technology spending. Auditors focused on DHS’ failure to develop a national cyberthreat and vulnerability assessment or to complete public/private recovery plans for securing cyberspace.The Federal Aviation Administration remains on the high-risk list, GAO said, largely because it lacks the technical and contract management expertise it needs to plan, install and integrate complex programs and systems. The FAA expects to spend about $9.4 billion between now and the end of fiscal 2011 to upgrade and replace air traffic-control systems.The auditors also did not spare the Defense Department, citing a lack of sustained leadership at the right level to achieve successful and lasting transformation. GAO repeated its recommendation that DOD hire a chief management officer to provide the long-term, nonpolitical leadership it says is required to achieve business transformation. Despite recent efforts focused on business transformation, DOD is not sticking to a modernization blueprint when it makes information technology spending decisions, GAO reported. And DOD remains lax about managing major acquisition activities such as defining contract requirements and measuring contract performance.Speeding security clearances remains a problem for DOD. “Clearances continue to take longer than the time prescribed in government goals,” the report states, despite DOD’s expanded use of a system for submitting clearance applications electronically and increased numbers of background investigators working at the Office of Personnel Management. OPM administers the federal security clearance program.GAO offset the added high-risk areas of concern by taking two programs off its list. The U.S. Postal Service demonstrated sufficient progress in its transformation efforts for GAO to take it off the list. However, GAO wrote that USPS continues to face challenges, particularly in optimizing its infrastructure and workforce to reduce costs and improve operational efficiency, and providing reliable data to assess performance.GAO’s auditors removed the Department of Housing and Urban Development’s single-family mortgage insurance and rental housing assistance program from the high-risk list. Notably, HUD reduced its inventory of at-risk financial management systems from 17 in 2003 to two in 2006.