The Government Accountability Office, in a two-year update to its “High-Risk List” issued today, has removed Department of Defense (DoD) supply chain management from its list of 35 pressing Federal government issues, citing progress by the Pentagon on addressing supply chain risk.
But the report’s 35 high-risk areas continue to feature major areas including “ensuring the cybersecurity of the nation” as pressing risks, along with numerous other cybersecurity and IT-related issues.
GAO’s High Risk List identifies Federal government operations “with vulnerabilities to fraud, waste, abuse, and mismanagement, or in need of transformation to address economy, efficiency, or effectiveness challenges.” The list is the subject of a consolidated report every two years, although the agency make additions and deletions in the interim.
The report released today shows little change in more than half of the 35 items on the list since 2017. During that span, GAO said seven of the areas showed improvement, three regressed, and two showed what the agency called “mixed progress.”
On the improvements front, GAO highlighted DoD’s supply chain work, which the agency said included “progress on seven actions and outcomes related to monitoring and demonstrated progress” that GAO had recommended DoD take to improve supply chain management.
“For example, DOD improved the visibility of physical inventories, receipt processing, cargo tracking, and unit moves,” GAO said. “Improvements in asset visibility have saved millions of dollars and allow DOD to better meet mission needs by providing assets where and when needed,” it said.
Also in the improvement column enough to be removed form the High Risk List is action by the National Oceanic and Atmospheric Administration (NOAA) to mitigate gaps in weather satellite data, including the launch of a new weather satellite in 2017. On the same issue, GAO said that DoD has taken action to address gaps in weather data with a planned satellite launch in 2022.
But as a few older issues drop off the list, other big ones have been added. New to the list this year Department of Veterans Affairs (VA) acquisition management, for which GAO has identified seven contracting challenges including “outdated acquisition regulations and policies, lack of an effective medical supplies procurement strategy, and inadequate acquisition training.”
Added to the High Risk List last year on Federal government-wide was the personal security clearance process, which GAO said in today’s report faces “significant challenges related to processing clearances in a timely fashion, measuring investigation quality, and ensuring information technology security.”
Among the 35-item High Risk List, GAO said that nine of those need “especially focused executive and congressional attention,” including “ensuring the cybersecurity of the nation,” improving VA health care, and ensuring an effective 2020 census.
In addition to general cybersecurity protections, the High-Risk List also features tech-related items including “ensuring the effective protection of technologies critical to U.S. national security interests,” acquisition and contracting management issues at DoD, VA, the Energy Department, and the National Aeronautics and Space Administration. It also includes a host of other issues at DoD such in the areas of weapons systems acquisition, financial management, business systems modernization, infrastructure management, and business transformation.
GAO did not spare Congress in its latest report, and said that of the 35 items listed, 21 of those likely require legislation to effectively address, along with executive action.
The payoff to addressing the high-risk items–for which GAO has made collectively made hundreds of specific recommendations for improvement–could be substantial. GAO said solutions “to high risk-problems save billions of dollars, improve service to the public, and would strengthen government performance and accountability.”