The Government Accountability Office has added Information Technologies management and Veterans Affairs health care facilities to its high-risk list, the GAO’s biennial report that identifies areas of the federal government that are particularly vulnerable to fraud, waste, abuse and mismanagement.
Both are high-budget areas, have seen recent high-profile blunders, and have failed to follow many recommendations for improvement from the GAO.
“So it is critical to add these issues to the list and bring sustained attention to finding and implementing solutions,” said the GAO’s head, Comptroller General Gene L. Dodaro in a statement.
In addition to the two new inclusions, which brought the number of high-risk areas to 32, the GAO also identified two areas with expanded risk and two areas that were reduced.
The VA was added to the list after patients faced such long delays that it “harmed veterans,” the report said. Its large size — with 150 medical centers, 800 community-based clinics and a $55.5 billion budget — makes the VA particularly vulnerable. The accountability office has made more than 100 recommendations that the VA has not so far addressed.
“We have found problems going back over many years in VA healthcare delivery on ambiguous policies, inconsistent processes, the need for strength in oversight and accountability, better IT investments,” said GAO managing director of strategic issues, Chris Mihm in a podcast.
Information Technology Acquisitions and Operations, which receives an annual $80 million from the federal government, made the list after many failed and poor-performing projects, including the botched launch of the Health Exchange Marketplace in 2013. The office said it had made 730 recommendations to IT over the past five years, of which only 23 percent have been implemented.
“This is a real high-risk effort both because of the importance of IT and obviously the size of the investment,” Mihm said. “[Problems] seem to center on a lack of discipline and effective management practices, the need for improvements in project planning, and poor program oversight in governance.”
Two other high-risk areas were expanded: tax law enforcement and improved cybersecurity.
The Internal Revenue Service paid an estimated $5.8 billion in fraudulent refunds due to identity theft in 2013. Also, both the government and private entities have faced a slew of cybersecurity breaches that have compromised individuals’ identities.
Of the 30 high-risk areas identified in the 2013 list, 18 partially met all the criteria to be removed from the list. However, no areas fully met the criteria, though the oversight of medical products and Department of Defense contract management have both been narrowed in scope.
The DoD, however, has its own subsection on the list, comprised of six high-risk areas. Contract management falls under a separate category.
To be removed from the list, a related agency must meet five criteria, including commitment from leadership and evidence of progress.
