Federal agencies have increasingly made improvements in solving challenges the Government Accountability Office (GAO) features in its “High Risk” list, but more long-standing challenges still need to be addressed, U.S. Comptroller General Gene Dodaro said on April 20 before the Senate Homeland Security and Governmental Affairs Committee.
GAO’s 2023 High Risk list – a biennial report of Federal programs and operations that are vulnerable to fraud, waste, abuse, and mismanagement, or need transformation – noted that 16 of the 37 items on the list improved for 2023, including healthcare at the Department of Veterans Affairs, as well as operations at the Postal Service.
“Congress passed the Postal Service Reform Act that eliminated some of the financial pressures on the Postal Service, but the business model is still not viable in the future. They continue to lose money and that remains on the list,” Dodaro said.
“Congress has provided some additional resources to IRS, which deals with our high-risk area of tax administration,” he said.
Congressional committees use GAO’s high-risk list to help create their oversight agenda and, according to Dodaro, some areas on the list saw improvement due to more stable funding from Congress. But despite the improvements GAO saw, there are still several areas on the high-risk list that still need to be addressed.
Some of the biggest risk areas that GAO sees are those involving cybersecurity, healthcare, and unemployment insurance.
Cybersecurity Remains Top Risk in Mind
Since 1997 GAO has designated information security as a government-wide high-risk area, and according to the high-risk list, threats to national cybersecurity persist as a major risk governmentwide.
“GAO has placed our nation’s cybersecurity as one of the top five high-risk areas that need significant attention and has issued more than 4,000 recommendations in the cybersecurity domain since 2010,” Sen. Gary Peters, D-Mich., chairman of the committee, said during the hearing.
Long-term challenges with the cybersecurity workforce remain major obstacles for the Federal government, and according to GAO, many of the issues with Federal cybersecurity stem from those challenges.
“If we’re going to be truly effective at strengthening our networks and leading the world in this fast-growing area, and protecting our national security, then we must have qualified and dedicated cybersecurity, IT, and AI experts working all across the Federal government,” Sen Peters said.
However, there’s no comprehensive way for Federal agencies to know what their cyber staffing requirements are. Therefore, according to GAO Managing Director of IT and Cybersecurity Nick Marinos, each agency needs to focus on not only recruiting and hiring but also retaining highly qualified staff.
“We know there’s a shortage not only within the federal government but across the nation,” Marinos said.
“There’s an unlevel playing field. Some agencies have special hiring authorities and pay — others don’t,” Dodaro said. “I think there needs to be a look at that, and whether that’s rationalized properly.”
HHS Leadership and Coordination of Public Health Emergencies
According to GAO, the Department of Health and Human Services (HHS) must improve its leadership and coordination of public health emergencies to save lives, mitigate severe economic impacts, and prepare the nation to respond to multiple simultaneous threats.
“The department’s response to the COVID-19 pandemic compounded our long-standing concerns about its ability to execute its role in leading Federal public health and medical emergencies and responding to extreme weather events,” Dodaro said.
As of February 2023, 92 of the 155 recommendations GAO has made in this area remained open including the following:
- HHS should take steps to standardize ongoing data collection and reporting standards across Federal agencies to help respond to the COVID-19 pandemic and prepare for future pandemics; and
- HHS should prioritize the development of an interoperable network of systems for near real-time public health situational awareness – including designating a lead office for implementing it and clearly defining roles and responsibilities.
Unemployment Insurance System
In June 2022, GAO designated the Unemployment Insurance (UI) system – a joint Federal and state program – as high risk. According to GAO, the UI system’s administrative and program integrity challenges pose significant risks to service delivery and expose the system to significant financial losses.
“The Labor Department needs to develop and execute a transformation plan for the [UI] system that outlines actions to improve service and mitigate financial risk,” Dodaro said.
As of March 2023, there were 19 open recommendations to the Labor Department for improving the UI systems, including:
- Develop and execute a transformation plan that outlines coordinated and sustained actions to address known issues related to providing effective service and mitigating financial risk; and
- Designate a dedicated entity and document its responsibilities for managing the process of assessing fraud risks to the UI program.