Department of Education
Improved Oversight and Controls Could Help Education Better Respond to Evolving Priorities Gao ID: GAO-11-194 February 10, 2011In Process
Education faces challenges in managing expanded responsibilities and evolving program priorities. In recent years Education has faced a large increase in the amount of grant funding and programs that it is responsible for managing. Education's annual budget increased by nearly 36 percent in real terms between fiscal years 2000 and 2008, and Congress authorized additional funds under the American Recovery and Reinvestment Act of 2009 (Recovery Act). Education will be further challenged to administer additional competitive programs under the Recovery Act, and current legislative proposals may shift additional programs to competitive award processes. This new emphasis on competitive programs may change job requirements for grants managers and increase demands on staff to monitor these programs. Education has improved its strategic workforce planning and performance management systems, but lacks workload data and sufficient oversight of performance standards and appraisals. Education has addressed many key elements of effective strategic workforce planning identified by GAO. However, a lack of reliable data on workload has limited the ability of the agency to accurately estimate resource needs and inform workforce planning efforts. Education has recently made improvements to its performance management system, but the system lacks sufficient oversight to ensure that performance standards and appraisals are consistent across the department. Education has developed overall guidance directed at maintaining financial accountability over two of its challenging resource management areas--contract monitoring and Pell Grants. However, Education has not yet developed and implemented detailed procedures for all control activities essential to ensuring that its contract monitoring policy directives are effectively carried out, including conducting supervisory reviews and documenting contract monitoring activity. Such deficiencies impair Education's ability to maintain effective financial accountability over its significant contract resource investment. GAO's review of internal controls over its Pell Grants program did not identify any flaws in their overall design. Education has developed key IT management controls, but still faces challenges with planning and investment management. Education has developed an information resources management strategic plan as required, but did so prior to the development of an updated department strategic plan, and without incorporating the IT goals from other key planning documents. In addition, Education has established controls to evaluate its IT investments, but has not conducted postimplementation reviews as required. Education has taken steps to improve IT security and privacy, but is still working to address a 2009 recommendation by the Education Office of the Inspector General about implementing appropriate security controls. GAO recommends that Education take steps to better estimate workloads; strengthen safeguards over its performance management system; properly implement established contract monitoring guidelines; and improve its management controls over IT resources. Education generally agreed with our recommendations.
GAO-11-194, Department of Education: Improved Oversight and Controls Could Help Education Better Respond to Evolving Priorities
This is the accessible text file for GAO report number GAO-11-194
entitled 'Department of Education: Improved Oversight and Controls
Could Help Education Better Respond to Evolving Priorities' which was
released on February 10, 2011.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
United States Government Accountability Office:
GAO:
Report to the Ranking Member, Committee on Education and the
Workforce, House of Representatives:
February 2011:
Department of Education:
Improved Oversight and Controls Could Help Education Better Respond to
Evolving Priorities:
GAO-11-194:
GAO Highlights:
Highlights of GAO-11-194, a report to the Ranking Member, Committee on
Education and the Workforce, House of Representatives.
Why GAO Did This Study:
The U.S. Department of Education (Education) manages one of the
largest discretionary appropriations of any federal agency, and plays
a key role in supporting efforts to meet the nation‘s education goals.
While Education managed a discretionary appropriation of over $160
billion in fiscal year 2009 and was responsible for administering
about 200 grant programs, it has the smallest workforce of any cabinet
agency. As requested, this report examines (1) the key high-level
management challenges facing Education, (2) Education‘s strategic
management of its workforce, (3) Education‘s design of internal
controls to help ensure accountability over contracts and student aid
grants, and (4) Education‘s information technology (IT) management
controls. To do this, GAO reviewed relevant Education documents and
interviewed Education program and management officials about strategic
workforce management, IT, contracts, and Pell Grants.
What GAO Found:
Education faces challenges in managing expanded responsibilities and
evolving program priorities. In recent years Education has faced a
large increase in the amount of grant funding and programs that it is
responsible for managing. Education‘s annual budget increased by
nearly 36 percent in real terms between fiscal years 2000 and 2008,
and Congress authorized additional funds under the American Recovery
and Reinvestment Act of 2009 (Recovery Act). Education will be further
challenged to administer additional competitive programs under the
Recovery Act, and current legislative proposals may shift additional
programs to competitive award processes. This new emphasis on
competitive programs may change job requirements for grants managers
and increase demands on staff to monitor these programs.
Education has improved its strategic workforce planning and
performance management systems, but lacks workload data and sufficient
oversight of performance standards and appraisals. Education has
addressed many key elements of effective strategic workforce planning
identified by GAO. However, a lack of reliable data on workload has
limited the ability of the agency to accurately estimate resource
needs and inform workforce planning efforts. Education has recently
made improvements to its performance management system, but the system
lacks sufficient oversight to ensure that performance standards and
appraisals are consistent across the department.
Education has developed overall guidance directed at maintaining
financial accountability over two of its challenging resource
management areas”contract monitoring and Pell Grants. However,
Education has not yet developed and implemented detailed procedures
for all control activities essential to ensuring that its contract
monitoring policy directives are effectively carried out, including
conducting supervisory reviews and documenting contract monitoring
activity. Such deficiencies impair Education‘s ability to maintain
effective financial accountability over its significant contract
resource investment. GAO‘s review of internal controls over its Pell
Grants program did not identify any flaws in their overall design.
Education has developed key IT management controls, but still faces
challenges with planning and investment management. Education has
developed an information resources management strategic plan as
required, but did so prior to the development of an updated department
strategic plan, and without incorporating the IT goals from other key
planning documents. In addition, Education has established controls to
evaluate its IT investments, but has not conducted postimplementation
reviews as required. Education has taken steps to improve IT security
and privacy, but is still working to address a 2009 recommendation by
the Education Office of the Inspector General about implementing
appropriate security controls.
What GAO Recommends:
GAO recommends that Education take steps to better estimate workloads;
strengthen safeguards over its performance management system; properly
implement established contract monitoring guidelines; and improve its
management controls over IT resources. Education generally agreed with
our recommendations.
View [hyperlink, http://www.gao.gov/products/GAO-11-194] or key
components. For more information, contact George A. Scott at (202) 512-
7215 or scottg@gao.gov.
[End of section]
Contents:
Letter:
Background:
Education Faces Challenges in Managing Added Responsibilities and
Shifting Program Priorities:
Education Has Implemented Workforce Management Initiatives but Lacks
Workload Data and Sufficient Performance Management Oversight:
Education Has Policies over Contract Monitoring and Pell Grants, but
FSA's Contract Monitoring Procedures Are Insufficient:
Education Has Established Important Information Technology Management
Controls, but Planning And Investment Management Challenges Remain:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Objectives, Scope, and Methodology:
Appendix II: Summary of Changes to Education's Performance Management
System, Implemented in 2010:
Appendix III: Education IT Governance Structure:
Appendix IV: Comments from the Department of Education:
Appendix V: GAO Contact and Staff Acknowledgments:
Tables:
Table 1: Key Principles for Effective Strategic Workforce Planning and
Key Education Efforts, Fiscal Years 2001 through 2010:
Table 2: Key Pell Grant Program Financial Accountability Controls:
Figures:
Figure 1: Organizational Structure of Education Offices Included in
GAO Review:
Figure 2: Education Grants Awarded and Staffing Levels, Fiscal Years
2000 through 2010:
Figure 3: Education Department Offices Included in Our Review of
Strategic Workforce Planning and Employee Performance Management:
Figure 4: Education Department Offices Related to Our Review of
Information Technology Controls and Management, Fiscal Year 2010:
Figure 5: Education IT Governance Process:
Abbreviations:
EDPAS: Education Department Performance Appraisal System:
Education: Department of Education:
FISMA: Federal Information Security Management Act:
FSA: Federal Student Aid:
IRM: Information Resources Management:
IT: information technology:
OCIO: Office of the Chief Information Officer:
OIG: Office of Inspector General:
OPM: Office of Personnel Management:
OMB: Office of Management and Budget:
PAAT: Performance Assessment and Accountability Tool:
REACH: Results Achieved:
Recovery Act: American Recovery and Reinvestment Act of 2009:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
February 10, 2011:
The Honorable George Miller:
Ranking Member:
Committee on Education and the Workforce:
House of Representatives:
Dear Mr. Miller:
The U.S. Department of Education (Education) is responsible for
managing one of the largest discretionary appropriations of any
federal agency and plays a key role in kindergarten through grade 12
(K-12) and postsecondary education by supporting and funding efforts
to improve student achievement and ensure equal access.[Footnote 1]
During fiscal year 2009, Education managed a discretionary
appropriation in excess of $160 billion--an increase of approximately
170 percent over the previous fiscal year, primarily due to $98.2
billion in additional funding provided by the American Recovery and
Reinvestment Act of 2009 (Recovery Act).[Footnote 2] Education
administers about 200 programs that award grants for K-12 and higher
education to grantees that include states, school districts, and
institutions of higher education. Education is also responsible for
administering student financial aid for more than 14 million
postsecondary students through loans, grants, and other assistance,
including Pell Grants, which are grants to low-income students to
promote access to higher education. Despite a large discretionary
budget relative to most federal agencies, Education has the smallest
workforce of any cabinet-level agency. In fiscal year 2010, Education
had approximately 4,200 employees in headquarters and field offices,
and the number has decreased over the past decade. The department has
over 20 offices, including those responsible for programs and research
(program offices) and for management and business operations
(management offices) to support program activities.
Given the increasing amount of federal funding it is responsible for
administering and its decreasing staff resources, Education must rely
on effective management of resources, including human capital, grants
and contracts, and information technology (IT), to accomplish its
diverse goals. In prior reports, GAO and Education's Office of
Inspector General (OIG) have identified issues with Education's
management of these resources. In response to your request, we
addressed the following questions: (1) What key, high-level management
challenges does Education face? (2) To what extent does Education have
human capital strategic planning and management strategies to meet its
workforce needs? (3) To what extent has Education designed internal
controls to help ensure accountability over contracts and student aid
grants? (4) To what extent has Education established management
controls needed to oversee, manage, and modernize its IT to support
its mission?
To identify key, high-level management challenges faced by Education,
we reviewed Education's historical budget and staffing information,
the department's budget request and program proposals, and previous
relevant OIG and GAO reports. We interviewed officials at Education,
the federal Office of Personnel Management (OPM) and Office of
Management and Budget (OMB), and former high-ranking Education
managers. We also reviewed grant award and student loan data. We
assessed the reliability of Education data by interviewing agency
officials knowledgeable about the data and determined that the data
were sufficiently reliable for the purposes of this report. For human
capital strategic planning and performance management, we reviewed
Education documents that included the Human Capital Management plan,
performance management policies, and sample performance expectations.
We interviewed Education officials responsible for overall management
of the department, officials from five selected Education program
offices,[Footnote 3] former Education officials, and a senior official
from Education's labor union. To determine whether the design of
Education's internal controls was adequate to help ensure
accountability over contracts and student aid grants, we focused our
review on key internal control activities at Education's Office of
Federal Student Aid (FSA) because it administers student aid grants
and incurred approximately 58 percent of Education's contract
obligations in fiscal year 2009.[Footnote 4] For contracts, we focused
our review on the design of controls over contract monitoring because
it has been a long-standing management challenge for the department.
To examine the design of controls over contract monitoring processes,
we assessed related policies and procedures using governmentwide
internal controls standards, interviewed officials in FSA, and
reviewed a nongeneralizable sample of 28 contracts[Footnote 5] and two
interagency acquisitions[Footnote 6] from fiscal year 2009. To review
the design of controls for student aid grants, we focused on Pell
Grants because this program accounted for over 91 percent of all
student aid grant disbursements in fiscal year 2009 and because this
program was not covered in a recent GAO study that examined internal
controls for other Education grants.[Footnote 7] To obtain an
understanding of the design of controls over Pell Grants, we analyzed
FSA's policies and procedures using GAO's Standards for Internal
Controls in the Federal Government.[Footnote 8] We also reviewed
Education's and FSA's assessment of their internal controls under the
requirements of OMB Circular No. A-123. To assess IT management, we
reviewed Education's IT strategic plans, investment controls, and
information security and privacy plans, and interviewed officials
responsible for IT functions in seven management and program
offices.[Footnote 9] We also selected and assessed 12 investments,
representing about 73 percent of the department's total IT budget, to
determine the extent to which Education has established management
controls needed to oversee, manage, and modernize its IT to support
its mission.[Footnote 10] We interviewed officials in Education's
Office of the Chief Information Officer (OCIO), Education's OIG, and
Office of Management responsible for IT security and privacy programs.
We also reviewed relevant federal laws and regulations. Appendix I
provides a detailed description of our scope and methodology.
We conducted this performance audit from October 2009 to February 2011
in accordance with generally accepted government auditing standards.
Those standards require that we plan and perform the audit to obtain
sufficient, appropriate evidence to provide a reasonable basis for our
findings and conclusions based on our audit objectives. We believe
that the evidence obtained provides a reasonable basis for our
findings and conclusions based on our audit objectives.
Background:
The Department of Education was established in 1980 and designated by
the President as a cabinet-level agency to promote student achievement
and preparation for global competitiveness by fostering educational
excellence and ensuring access to equal educational opportunity.
[Footnote 11] In 2009, the department reported that its elementary and
secondary programs provided funding to more than 14,000 school
districts serving approximately 56 million students attending some
97,000 public schools and 28,000 private schools. As part of this
effort, Education provides funds to support the education of low-
income students, students with disabilities, and others, and oversees
certain education-related civil rights issues. Department programs
also provide assistance to postsecondary students, and financial and
other supports to postsecondary institutions.
Education's program offices--such as the Office of Elementary and
Secondary Education and the Office of Postsecondary Education--
administer grants to entities that provide education or education-
related services to students. Management offices--such as the Chief
Financial Officer--provide technical assistance and guidance to the
program offices, and have overall responsibility for managing key
support functions at Education. For example, the Office of Management
has primary responsibility for human capital management at Education.
The organizational structure of Education offices included in our
review is shown in figure 1.
Figure 1: Organizational Structure of Education Offices Included in
GAO Review:
[Refer to PDF for image: illustration]
Management offices:
* Budget Service:
* Chief Financial Officer:
* Communications and Outreach:
* Inspector General:
* Office of Management:
Management Offices: Provides technical assistance, guidance, and
oversight to Program offices.
Program Offices:
* Civil Rights:
* Elementary and Secondary Education:
* Federal Student Aid:
* Institute of Education Sciences:
* Postsecondary Education:
* Special Education and Rehabilitative Services:
* White House Initiatives:
Program Offices: Reports staffing, resource,and policy information to
Management Offices.
Program Offices: Administer Education programs.
Source: GAO analysis of Education documents.
[End of figure]
Different offices have responsibility for human capital management,
financial management, and information technology. A description of how
each of these support functions is managed at Education is below.
Human Capital Management:
The Office of Management has primary responsibility for Education's
human capital management and is composed of six organizations, such as
Human Capital and Client Services, and Security Services. The Office
of Management's human capital responsibilities include strategic
workforce planning, which is the systematic assessment of current and
future workforce needs and implementation of strategies to fill gaps
in staff and skills, and performance management for Education staff.
The Office of Management coordinates with other management and program
offices that also play important roles in human capital management.
For example, the Office of Management provides advice and guidance to
program offices on regulatory and policy requirements regarding the
performance management system.
Financial Management:
Education's Chief Financial Officer is charged with overall
responsibility for developing and implementing sound financial
management policies, procedures, systems, and program controls
throughout Education. Education's Chief Financial Officer's
responsibilities include leading Education's implementation of key
governmentwide financial management reform legislation, including the
Chief Financial Officers Act of 1990[Footnote 12] and the Federal
Managers' Financial Integrity Act of 1982[Footnote 13] (along with
OMB's implementing guidance in Circular No. A-123). Specifically, in
accordance with this and other legislation, Education's Chief
Financial Officer is responsible for preparing and submitting
Education's overall financial statements for annual audit and for
directing the establishment of systems and controls necessary to
provide financial accountability over Education's programs and
resources. Since fiscal year 2002, Education has consistently received
unqualified audit opinions on its financial statements. However, in
its 2009 report on the department's management challenges, Education's
OIG also noted that Education faced challenges in effectively managing
key resources, such as in the areas of student aid grants and contract
monitoring.[Footnote 14]
Led by its Chief Operating Officer, FSA manages and administers
student financial aid programs authorized under Title IV of the Higher
Education Act of 1965, as amended.[Footnote 15] FSA contracts with a
range of service providers for operational needs, such as managing FSA
systems for processing student aid applications, disbursing student
aid, and servicing student loans. In fiscal year 2009, FSA reported
obligating over $870 million under contracts, or approximately 58
percent of Education's total contract obligations.[Footnote 16] FSA is
required to follow requirements set forth in applicable procurement
laws, in the Federal Acquisition Regulation,[Footnote 17] and in
Education's directives and policies and procedures, but also has the
authority to create its own policies and procedures. FSA's contract
management staff includes contracting officers, contract specialists,
and contracting officers' representatives. According to Education's
Departmental Directive--OCFO 02-108, Contract Monitoring for Program
Officials--the contracting officer is responsible for the overall
monitoring and administration of contracts, including ensuring both
parties perform under applicable contract terms and conditions.
[Footnote 18] To assist in monitoring activities, such as assessing a
contractor's compliance with contract requirements, a contracting
officer may appoint, in writing, a contracting officer's
representative. Contracting officers' representatives report to
applicable program offices and assist with technical oversight and
administration of a specific contract. For example, according to the
Departmental Directive, contracting officers' representatives should
monitor individual contracts to ensure technical performance of a
contractor and should review and make timely recommendations to the
contracting officer on actions related to payment requests (invoices),
deliverables (goods or services provided by contractor), and status
reports.
FSA's responsibilities include program administration and monitoring
of Pell Grants. For the 2009-2010 award year, FSA reported disbursing
$29 billion in Pell Grants to approximately 8 million students, with
an average award of $3,591.[Footnote 19] Pell Grant amounts to
students vary based on student and family expected contribution, cost
of attendance, and enrollment status (full-time or part-time). Pell
Grants are awarded to students through nearly 5,400 participating
schools.
Information Technology Management:
Education has established three primary IT goals:
* ensuring that IT investments support the department's mission
objectives;
* sharing technology services, in addition to providing basic
infrastructure services; and:
* ensuring the effectiveness of IT governance, information processing,
and technology utilization.
The OCIO has primary responsibility for ensuring that Education's IT
is acquired and managed consistent with requirements and priorities,
providing management advice and assistance on investments and
operations, and providing services to effectively manage information.
The office focuses on the deployment, operation, and maintenance of
the department's technical infrastructure.
Education's fiscal year 2010 budget for IT was approximately $814
million, with $53 million for development and modernization and $762
million for maintenance. This included 210 investments, with 26 of
those classified as major investments.[Footnote 20] From fiscal years
2006 through 2009, Education reported spending over $2.2 billion on IT
investments, comprised of approximately $231 million for development
and modernization and approximately $2 billion for maintenance.
Education Faces Challenges in Managing Added Responsibilities and
Shifting Program Priorities:
In recent years, Education has faced expanded responsibilities that
have challenged the department to strategically allocate resources to
balance new duties with ongoing ones. The nearly $100 billion in
additional funding appropriated under the Recovery Act added
significantly to Education's responsibilities temporarily,[Footnote
21] but increases in program funds it administers and program
activities have occurred for a decade, reflecting a longer-term trend
of increasing responsibilities. Prior to the Recovery Act, from fiscal
years 2000 through 2008, Education's annual budget increased by nearly
36 percent in real terms, from approximately $44 billion to $60
billion in 2008 dollars.[Footnote 22] Further, the number of grants it
awarded increased from about 14,000 in 2000 to about 21,000 just 2
years later and has since remained around 18,000,[Footnote 23] even as
the number of full-time equivalent staff decreased by 13 percent from
fiscal years 2000 to 2009. In addition, FSA became the sole lender for
all new federal student loans as of July 2010. This new responsibility
is projected by Education to increase the Direct Loan portfolio that
Education originates and services by approximately 127 percent between
the end of FY 2009 and FY 2011.[Footnote 24] The changes in
Education's responsibilities and staffing are shown in figure 2.
Figure 2: Education Grants Awarded and Staffing Levels, Fiscal Years
2000 through 2010:
[Refer to PDF for image: two vertical bar graphs; data combined below]
Fiscal year: 2000;
Number of grants awarded[A]: 14,100;
Staffing: 4,600.
Fiscal year: 2001;
Number of grants awarded[A]: 16,600;
Staffing: 4,600.
Fiscal year: 2002;
Number of grants awarded[A]: 20,800;
Staffing: 4,500.
Fiscal year: 2003;
Number of grants awarded[A]: 20,200;
Staffing: 4,500.
Fiscal year: 2004;
Number of grants awarded[A]: 18,900;
Staffing: 4,400.
Fiscal year: 2005;
Number of grants awarded[A]: 18,800;
Staffing: 4,300.
Fiscal year: 2006;
Number of grants awarded[A]: 17,100;
Staffing: 4,200.
Fiscal year: 2007;
Number of grants awarded[A]: 16,900;
Staffing: 4,100.
Fiscal year: 2008;
Number of grants awarded[A]: 17,900;
Staffing: 4,100.
Fiscal year: 2009;
Number of grants awarded[A]: 19,100;
Staffing: 4,000.
Fiscal year: 2010;
Number of grants awarded[A]: 18,200;
Staffing: 4,200.
Source: Education data from the Grant Administration and Payment
System and the Federal Personnel Payroll System.
[A] The number of grants awarded excludes Pell Grants.
[End of figure]
Legislative changes have further affected workloads in some Education
offices. For example, primarily due to the large but temporary
increase in Education funding under the Recovery Act, the Office of
Elementary and Secondary Education was responsible for managing
approximately $45 billion in additional grant funding and over 700
more grants in fiscal year 2009 compared to 2008. In addition,
according to Education officials, the reauthorization of the Higher
Education Act of 1965 in August 2008[Footnote 25] and enactment of the
Consolidated Appropriations Act, 2010 in December 2009[Footnote 26]
added four new programs in the Office of Postsecondary Education for
fiscal year 2009, resulting in nearly 103 new grant applications for
review and 66 new grant awards to monitor. New programs and changes to
existing programs often increased Education's workload, requiring
staff to develop new guidance and provide technical assistance to
program participants. To meet these new legislative requirements,
Education officials told us they reassigned staff but expressed
concerns that ongoing responsibilities and longer-term department
goals may suffer as a result. Previously, we reported that Education
officials said some efforts related to the Recovery Act, such as
issuing written guidance, had strained staff capacity,[Footnote 27]
and officials in the Offices of Elementary and Secondary Education and
Postsecondary Education described reassigning staff from longer-term
efforts to meet immediate needs associated with new programs. For
example, a Postsecondary Education manager told us that staff were
reassigned from strategic planning to grant management.
These increased responsibilities also increase risk in managing grants
and contracts, identified as long-standing weaknesses in our previous
work[Footnote 28] and by Education's OIG.[Footnote 29] For example, we
previously reported that Education was unable to perform necessary
grant follow-up and monitoring and recommended that Education improve
its oversight of risk management, increase financial expertise among
its grant monitoring staff, and develop an accessible mechanism to
share information. In addition, Education increasingly relies on
contractors, many of them for IT services, to fulfill its
responsibilities.[Footnote 30] In fiscal year 2010, Education had
nearly $1.8 billion in contract obligations, which is about a 22
percent increase over the fiscal year 2009 level. Education is taking
steps to improve grant and contract monitoring, but has cited limited
resources and staff expertise as impediments to addressing
recommendations from GAO and OIG reports.
Shifting program priorities also would demand different skills of
employees. In the Recovery Act, Congress authorized two new
competitive grant programs for K-12 schools, including the $4.35
billion Race to the Top Fund, through which grants are awarded to
individual states based on selection criteria such as how well
proposals address education reform. Education has proposed further
transitions from formula grant programs--which calculate grant amounts
based on factors identified by law, such as high concentrations of
students from families living in poverty--to competitive grant
programs in which states or other entities compete against each other
for limited funds awarded on the merits of their proposals.[Footnote
31] Competitive grants may change job requirements for grants managers
and increase demands on staff for reviewing applications and
monitoring grantees. According to Education and OMB officials,
administering competitive grants requires analytical skills and
greater program expertise of staff, who must evaluate applications and
select a limited number of recipients as opposed to granting awards on
a formula set by law. For example, the Race to the Top Fund required
staff to develop guidance on selection criteria and provide technical
assistance on reporting requirements. Education managers told us that
competitive grant programs will require the department to hire staff
with appropriate skills and train existing staff.
Education Has Implemented Workforce Management Initiatives but Lacks
Workload Data and Sufficient Performance Management Oversight:
Education has implemented many new workforce management initiatives,
but it lacks critical data on employee workloads to guide its
strategic planning and does not provide sufficient oversight of its
process for managing individual employee performance to ensure
consistency across the department. Strategic workforce planning and
employee performance management are important because Education's
staff has decreased even as department responsibilities have grown. We
evaluated Education's strategic workforce planning and performance
management practices and procedures, as well as their implementation
in five program offices: the Office for Civil Rights, the Office of
Elementary and Secondary Education, the Office of Postsecondary
Education, the Office of Special Education and Rehabilitative
Services, and the White House Initiative on Educational Excellence for
Hispanic Americans. The organizational structure of the offices
included in our review is shown in figure 3.
Figure 3: Education Department Offices Included in Our Review of
Strategic Workforce Planning and Employee Performance Management:
[Refer to PDF for image: illustration]
Management Offices:
* Office of Management;
* Budget Service.
Management Offices: Provides technical assistance, guidance, and
oversight to Program Offices.
Program Offices:
* Elementary and Secondary Education;
* Postsecondary Education;
* Special Education and Rehabilitative Services;
* Civil Rights;
* White House Initiative on Educational Excellence for Hispanic
Americans.
Program Offices: Reports staffing, resource,and policy information to
Management Offices.
Program Offices: Administer Education programs.
Source: GAO analysis of Education documents.
[End of figure]
Education Has Implemented Strategic Workforce Planning but Lacks
Reliable Workload Data to Better Meet Shifting Priorities:
Education has developed and implemented initiatives that address many
of our key principles for effective strategic workforce planning,
[Footnote 32] including identifying workforce needs and developing
ways to attract and train staff to meet those needs across the
department. Education has worked to involve staff and top management
in planning, and its Office of Management has taken a lead role. In
fiscal year 2009, Education began quarterly workforce meetings led by
senior managers[Footnote 33] to increase communication with program
offices on human capital challenges and workforce needs, as well as to
increase program office accountability for strategic workforce
planning. Managers told us the reviews have spurred planning efforts
within some program offices, and focused attention on hiring,
succession planning, and organizational restructuring to help meet
workforce needs. Education also established a human capital policy
group in 2010 to advise senior leadership on strategies and to foster
collaboration across the department.
Education management has identified core competencies for its mission-
critical occupations and begun to develop strategies to address gaps
in employee skills, a key principle of effective strategic workforce
planning.[Footnote 34] Since fiscal year 2003, Education identified
competencies for its 14 mission-critical occupations, such as
vocational rehabilitation specialist, management/program analyst, and
financial management specialist/accountant/auditor, and assessed the
skills of over 1,400 employees in these occupations. Education also
used the results of a skills-gap analysis to develop targeted
training. For example, in 2009, within three mission-critical
occupations, Education identified large gaps in written and oral
communications and in project and time management, and used this
information to determine that these skill gaps should be closed
through hiring and training. Education offered training courses in
grants monitoring, technical writing, and presentation skills to help
close gaps identified in 2009 and reported that it met its goal of
closing at least 50 percent of the gaps in these competencies by
September 30, 2010.
Education is also engaged in succession planning and recruitment
efforts intended to develop a pipeline of high-quality and diverse
candidates. Education anticipates 35 percent of its permanent
workforce will be eligible to retire by fiscal year 2012. In fiscal
year 2008, Education created a departmentwide leadership succession
plan and created additional incentives for prospective employees. In
2010, it launched a 9 month training and development program for new
managers. We have previously reported that successful organizations
use strategic workforce planning to identify current needs and
anticipate human capital issues, such as changes in mission-critical
skills that could jeopardize organization goals.[Footnote 35] More
information about Education's strategic workforce planning efforts is
shown in table 1.
Table 1: Key Principles for Effective Strategic Workforce Planning and
Key Education Efforts, Fiscal Years 2001 through 2010:
Key principle: Involve top management, employees, and other
stakeholders in developing, communicating, and implementing strategic
workforce plan;
Key Department of Education efforts: Quarterly Workforce Review--
Education's top-level management across the agency hold quarterly
meetings in order to increase coordination and communication across
program offices, increase offices' accountability for strategic
workforce planning, and align human capital needs with the budget;
Fiscal year implemented: 2009.
Key principle: Involve top management, employees, and other
stakeholders in developing, communicating, and implementing strategic
workforce plan;
Key Department of Education efforts: Human Capital Policy Group--This
high-level management advisory group was created to assist senior
leadership in setting human capital strategies for Education's
employees, foster collaboration across organizational boundaries, and
facilitate a coordinated corporate approach;
Fiscal year implemented: 2010.
Key principle: Determine critical skills and competencies needed to
achieve current and future programmatic results;
Key Department of Education efforts: Updated Mission-Critical
Occupations--Identified 11 mission-critical occupations for the
department and 3 governmentwide;
identified general and technical competencies (e.g., reading a
financial statement) for each occupation using focus groups;
updated these occupations in 2009 to include grants management
specialist;
Fiscal year implemented: 2009.
Key principle: Determine critical skills and competencies needed to
achieve current and future programmatic results;
Key Department of Education efforts: Mission-Critical Occupation
Competency Model--Established descriptions of skill levels for each
competency in mission-critical occupations and guidance for
supervisors on proficiency targets for each;
Fiscal year implemented: 2003.
Key principle: Develop strategies tailored to address gaps in number,
deployment, and alignment of workforce to enable and sustain critical
skills and competencies;
Key Department of Education efforts: Leadership Succession Plan--
Prepared for planned and unplanned attrition, loss of institutional
knowledge, and leadership transitions;
Fiscal year implemented: 2006-2007; updated in 2008-2009, revision
expected in March 2011;
* Leadership Succession Review Pilot Program--Designed to build a
talent pool for leadership continuity, develop potential successors,
identify best candidates for positions and promotion, and to
strategically direct resources for talent development to yield greater
return on investment in each program office;
Fiscal year implemented: 2010;
* Pathways to Leadership Program--Designed to develop leadership
pipeline for mid-level employees who aspire to supervising, managing,
and leading others;
Fiscal year implemented: 2009;
* Transition to Supervisor Training--Created new 9 month program that
develops new supervisors, team leaders, and managers;
Fiscal year implemented: 2010.
Key principle: Develop strategies tailored to address gaps in number,
deployment, and alignment of workforce to enable and sustain critical
skills and competencies;
Key Department of Education efforts: Talent Enhancement Program--
Created new career development and mentoring programs and leadership
succession strategy so employees can gain experience in other offices
and programs;
Fiscal year implemented: In development.
Key principle: Build capacity needed to address administrative,
educational, and other requirements to support workforce planning
strategies;
Key Department of Education efforts: Hiring Plan & Corporate
Recruitment Strategy--Human resource specialists consulted with hiring
officials on recruitment options and incentives available to attract
best-qualified candidates, including hiring incentives, retention
allowance, student loan repayment, tuition reimbursement, and others;
Fiscal year implemented: 2009.
Key principle: Monitor and evaluate progress toward human capital
goals and contribution of those results to achieving programmatic
results;
Key Department of Education efforts: Human Capital Management Plan--
Requires an annual tactical roadmap that provides a framework to
monitor and evaluate results of Human Capital Management Plan which
are reported in the Human Capital Management Report;
Fiscal year implemented: 2008.
Key principle: Monitor and evaluate progress toward human capital
goals and contribution of those results to achieving programmatic
results;
Key Department of Education efforts: Mission Critical Occupations Gap
Analysis & Leadership Competency Gap Analysis Report--Summarized
results of 2009 Mission Critical Occupations Competency Assessment and
Leadership Competency Assessment to identify the strengths and
developmental needs of workforce;
Fiscal year implemented: 2010.
Source: GAO analysis of Education Documents.
[End of table]
Education has begun taking steps to use data about workloads for
individuals and offices to allocate staff and estimate budget
requests, but these efforts are in the early stages. Our work on
strategic workforce planning states that staffing decisions should be
based on valid and reliable data, and in prior reports, we found that
workload data help decision makers determine how to allocate resources
effectively, justify staffing requests, and streamline administrative
processes to improve efficiency.[Footnote 36] Valid and reliable data
are critical in helping agencies develop credible cost estimates so
managers can evaluate affordability and performance relative to
project plans and to support budget estimates. Managers in Education's
Budget Service Office said they initiated a project in 2009 to analyze
workload data and identify indicators that affect workload for grant
programs across Education offices. The managers said this information
will help them estimate workforce needs and improve budget
projections, and may allow comparisons of workloads of employees with
similar job titles and responsibilities in different Education offices
so offices can better justify staffing requests. In addition, two
program offices--the Office of Special Education and Rehabilitative
Services and the Office of Elementary and Secondary Education--hired a
contractor in September 2010 for an additional study of workload
specific to their offices' unique needs to determine an optimal number
and mix of full-time employees based on data about workload and
current skills. Education managers told us that they plan to use the
results of the workload study to inform the Budget Service analysis.
The Budget Service Office has not established a timeline for
completion or implementation of its analysis, and results of the
workload study conducted by the two program offices are expected in
late 2011.
While the Budget Service Office plans to analyze workload data when
new types of programs are initiated to determine staffing needs,
Budget Service officials told us that using this data has been a
challenge because Education's programs vary in terms of complexity.
Education officials indicated that Education does not provide guidance
to program offices about how to use this information to estimate
workloads and incorporate workload data into workforce planning.
Program offices typically estimate workforce needs using data such as
retirement eligibility, the number of grants administered, and grant
size, but program managers told us they lack a reliable method for
estimating workforce needs based on key indicators that drive
workload. For example, program offices do not systematically analyze
the level of skill needed and the amount of work involved for key
steps in the grant-making process such as providing technical
assistance to grantees. As a result, program offices estimate
workloads inconsistently and based on historical precedents and
professional judgment. This has created challenges for the department,
according to senior managers. For example, when staff members were
shifted to the Office of Elementary and Secondary Education to
administer newly added Recovery Act programs, there was no reliable
way to estimate workload. Education managers said they relied on
professional judgment to estimate how many staff members were needed
and how it would affect other program offices. In addition, these
managers told us a shift from formula to competitive grants will have
a major impact on workload, but they do not currently have data
necessary to estimate the impact on Education's workload in order to
plan for such a shift. For example, managers told us that competitive
grants require more staff time for making decisions about which
applicants receive grants, but could not estimate how much more staff
time.
Education Has Taken Steps to Improve Management of Employee
Performance but Lacks Sufficient Oversight to Ensure Consistency in
Standards and Appraisals:
In fall 2010, Education implemented a modified performance management
system, Results Achieved (REACH), in order to improve employee
satisfaction with the process and encourage feedback to employees on
their performance throughout the year. Prior to the implementation of
the new system, the 2008 Federal Human Capital Survey[Footnote 37]
found 57 percent of Education employees said their appraisals were
fair reflections of their performance, and approximately 53 percent
reported understanding what they were expected to do to receive
certain ratings. Education's results for these two questions were
lower than the average for all federal agencies, which were 63.2
percent and 64.3 percent, respectively. Education's former performance
management system--Education Department Performance Appraisal System
(EDPAS)--did not require managers to provide ongoing feedback and
coaching to employees except at the annual midpoint and year-end
appraisal period. REACH emphasizes the need to provide feedback
throughout the year. We previously reported that effective performance
management systems provide candid and constructive feedback throughout
the performance management process to help individuals maximize their
contribution to and understanding of an agency's goals and objectives.
[Footnote 38]
Education's modified performance management system is also designed to
improve the clarity of individual performance standards and better
align them with organizational goals. Although Education had developed
extensive requirements on the EDPAS system, REACH introduces a
requirement for measurable, aligned, specific, realistic, and time-
based performance standards that clearly define the performance
necessary to accomplish ratings at the satisfactory level.[Footnote
39] Management officials told us supervisors struggled under the
previous system with writing clear and measurable standards to
distinguish achievements of individuals, making it difficult to
justify ratings. We previously found that agencies should set
standards that allow for distinctions in performance. In addition,
REACH emphasizes alignment between individual standards and
organizational goals. We previously reported that an explicit
alignment of daily activities with broader results helps individuals
see a connection between their work and organizational goals.[Footnote
40] For a summary of changes to Education's performance management
system, see appendix II.
In modifying its performance management system, Education sought input
from employees and stakeholders through internal focus groups, and
created a stakeholder input team to receive contributions from
employees, program offices, and managers. Education made several
changes based on employee feedback, such as shifting from a paper to
electronic system. Education managers told us that the paper-based
system was cumbersome. Senior managers also sought union input, and a
union official told us senior managers solicited feedback on how the
new system could be better implemented.
While the REACH performance management system made many positive
changes, Education retained its procedures for upper management review
of performance standards and employee appraisals for employees at the
satisfactory level or higher. The system requires a supervisor's
review before employees' performance standards and appraisals are
final. After the supervisor develops performance standards and
appraisals, the approving official--the second-level supervisor--must
sign off. Management also periodically reviews the distribution of
appraisal scores within program offices. For example, managers told us
they compare average appraisal scores in an office to an analysis of
whether the office met its annual objectives. If, for example, the
office met its objectives but staff received low appraisals relative
to other offices, officials said this is an issue for senior managers
to explain. In addition, Education periodically reviews its appraisal
system, including a random sample of performance standards, using
OPM's Performance Assessment and Accountability Tool (PAAT).[Footnote
41] An OPM official told us that Education's current performance
management system meets regulatory requirements.[Footnote 42]
Even with these efforts, Education does not have adequate safeguards
to ensure consistency in performance standards and appraisals across
the department. Education does not have a formal review process to
determine whether standards and ratings for employees in one office
are consistent with those of employees in other program or regional
offices with similar job titles and responsibilities. Although
Education requires review by a second-level supervisor, ratings of
satisfactory or higher are not subject to higher-level review by
someone with a departmentwide perspective. As a result, Education is
unable to ensure that employees with the same job title and
responsibilities are rated consistently. For example, one regional
manager said that although they make an effort to ensure consistency
in performance standards and appraisals within their office, there is
no effort to ensure consistency with other regional offices and
headquarters. Education managers said that several years ago, in an
attempt to promote consistency, Office of Management officials
reviewed and scored a sample of performance standards in each program
office and found inconsistency among supervisors. However, these
managers said that the Office of Management ended these reviews due to
resistance from supervisors who had concerns that reviewers did not
have adequate understanding of employees' work. We have previously
reported that agencies should have safeguards to achieve consistency
in a performance management system.[Footnote 43] At other agencies, we
found this type of review applied as a part of performance management
decisions in order to better ensure consistency. For example, several
federal financial regulatory agencies provide agencywide reviews by
offices outside an employee's work unit, such as the human capital
office, for individual performance appraisals.[Footnote 44]
Education Has Policies over Contract Monitoring and Pell Grants, but
FSA's Contract Monitoring Procedures Are Insufficient:
Education has policies that are designed to help ensure accountability
over contract monitoring and Pell Grants, but FSA did not have
sufficient procedures and guidance to implement Education's
Departmental Directive on contract monitoring, which resulted in
contract files that were missing key documentation and inconsistencies
in how contract monitoring activities were documented. While
contracting and grant programs are spread across Education offices, we
focused our work on FSA because it obligated over $870 million under
contracts or approximately 58 percent of Education's total contract
obligations in fiscal year 2009 and is responsible for administering
Pell Grants.[Footnote 45]
FSA Procedures and Guidance are Insufficient to Implement Education's
Contract Monitoring Directive:
FSA has not fully developed detailed guidance or procedures to
implement Education's Departmental Directive and other policies for
contract monitoring, resulting in inconsistencies in how certain
control activities were performed. Education has issued its
Departmental Directive to manage its contract monitoring
responsibilities. In addition, Education has also issued certain
operating procedures for documenting past performance reports and for
writing contract monitoring plans.[Footnote 46] However, as detailed
below, our analysis of FSA's policies and procedures and our review of
28 FSA contract files[Footnote 47] and two FSA interagency acquisition
files showed that FSA did not have (1) adequate guidance on how to
document and file evidence of inspection of contracted goods and
services; (2) clear guidance on how, when, and where monitoring
activities and results should be documented and retained; and (3)
quality control procedures to help ensure that contract file
documentation and contractor's past performance reports were completed
and documented in a timely manner. A 2007 report by Education's OIG
also cited similar deficiencies related to two of our findings on
improper communication of acceptance and rejection of deliverables and
on instances of missing contracting officers' representatives
appointment memoranda.[Footnote 48]
GAO's Standards for Internal Control in the Federal Government
provides that management should establish control mechanisms and
activities, and monitor and evaluate these controls. Therefore, clear
guidance and quality controls such as qualified and continuous
supervision should be provided to ensure that internal control
objectives are achieved. In addition, without clear guidance and
quality control procedures, FSA may not be able to effectively and
efficiently maintain financial accountability over its significant
contract obligations.
FSA could improve its guidance on how to document and file evidence of
deliverables inspection. The Federal Acquisition Regulation requires
that agencies prescribe procedures and instructions for the use,
preparation, and distribution of material inspection and for receiving
reports to evidence government inspection. According to FSA's
procedures, inspections of contract deliverables are acknowledged in
Education's Financial Management Support System by entering receipt
information into the system. However, these procedures do not provide
for obtaining and retaining documentation of activities related to
inspection of deliverables performed by the contracting officer or the
delegated contracting officers' representatives. In addition, these
procedures do not provide for retaining a record when deliverables are
recommended for rejection by the contracting officer's representative.
[Footnote 49] Also, according to FSA Acquisition officials, the
Financial Management Support System lacks adequate controls to ensure
that only designated contracting officers' representatives
knowledgeable about the specific contract enter the receipt in the
system certifying the inspection and recommendation of acceptance of
deliverables. Without adequate policies and procedures for documenting
inspection of deliverables, FSA management may not be able to
determine if the contracting officers confirmed whether deliverables
were received or inspected for conformance with contract terms and
conditions by the designated staff prior to accepting goods and
services. Also, the lack of controls to ensure only designated
representatives enter receipts in the Financial Management Support
System increases the risk of improper payments of vendor's invoices.
In addition, the lack of clear guidance on the information and
documentation that should be maintained increases the risk that FSA
may not be maintaining key documentation which could impede FSA's
ability to hold contractors accountable as well as its ability to
readily identify contractor performance issues.
While we found that contracting officers and contracting officers'
representatives were performing monitoring activities, FSA did not
have clear guidance on how, when, and where contract monitoring
activities and results should be documented in the contracting
officer's representative's file and the official contract file. As a
result, monitoring activities and results were inconsistently
documented and it was difficult to readily obtain consistent insight
into the status of contract monitoring activities. FSA's file
management policy establishes a formal system for the maintenance and
filing of official contract records, including documentation
checklists that are organized by specific categories.[Footnote 50] For
example, the policy states that section III of the contract file
should be used for contract administration documentation, which
includes monitoring activities such as periodic technical reports,
inspection, acceptance and shipping reports, invoices, progress
payments, and contract payment information. However, we found that
this policy does not address where to file certain monitoring
documentation such as contract monitoring plans, evaluations of
technical reports, and documentation of site visits. Except for
reviews of invoices, we could not find evidence of contract monitoring
results in the 28 contract files we reviewed. Through interviews with
contracting officers' representatives, we found that monitoring
results documentation was maintained on their computers or in hard
copies in their offices. According to the Departmental Directive, if
the contracting officer's representative deems certain monitoring
documentation significant, such documentation is to be placed in the
program office contract file and a copy of the documentation is to be
sent to the contracting officer for entry into the official contract
file.[Footnote 51] However, the lack of clear procedural guidance on
what contract monitoring documentation should be kept in the official
contract file made it difficult to have a central point of reference
from which to readily obtain up-to-date monitoring results such as
received deliverables or performance issues, without continued
assistance from the contracting officer's representative.
FSA contracting officials informed us they did not have a formal
system in place to document ongoing contractor performance issues and
that sharing of contract monitoring activities and results was done
through communications between the contracting officer and the
contracting officer's representative. According to the Departmental
Directive, the purpose of detailed record-keeping is to build a
complete history of each project so that information is not lost or
forgotten, and so that others (e.g., a supervisor or a newly
designated contracting officer's representative) could get a clear
picture of what has occurred during the life of the contract. Without
clear guidance and procedures for documenting and retaining contract
monitoring activities and results, Education's management may not have
sufficient support in a government action against a contractor for
failing to meet contract objectives and diminishes its ability to
share contract monitoring information in the case of staff attrition.
We also found that while FSA had quality control policies and
procedures in place, they were insufficient to help ensure contract
files were complete. FSA Acquisition management stated that they
perform contract review procedures as part of staff performance
evaluations, Contract Review Boards, and contract management reviews.
However, these reviews do not require a review of the contract files
in their entirety. In addition, these review procedures do not specify
what key contract monitoring documentation should be considered as a
part of their review. As a result, we found instances in which the 28
contract files we reviewed did not always contain evidence of key
contract monitoring activities such as contractor's performance
evaluations, contract monitoring plans, and memoranda documenting the
appointment of a contracting officer's representative,[Footnote 52] as
described below.
* Five contracts, for which a performance evaluation was required, did
not have them.[Footnote 53] Education's procedures provide that for
contracts in excess of $100,000 contracting officers and contracting
officers' representatives are to evaluate and document whether the
contractor performed in accordance with contract terms annually.
However, without fully completed contractor's evaluations, FSA is at
risk of not having pertinent performance information to address
problems or concerns with a contractor, to make proper decisions on
whether to extend a contract with a current contractor, or to share
information about contractor's performance.
* Twenty-six contracts did not have a stand-alone written contract
monitoring plan which was required, even though we found that
contracts were being monitored through various methods. These
contracts ranged from approximately $10,000 to over $41 million in
obligated funds for a total of approximately $130 million for all 26
contracts. The Departmental Directive and other related guidance
provide that all contracts[Footnote 54] must have a contract
monitoring plan that includes information such as reporting and
compliance requirements, and the methods of tracking, inspecting, and
accepting deliverables.[Footnote 55] Without written monitoring plans,
FSA lacks an effective tool to determine the types of monitoring
activities planned and whether monitoring activities had occurred in
accordance with established policies and procedures.
* Nine contracts reviewed were missing contracting officer's
representative appointment memoranda. For five of these nine
contracts, an employee who was not designated by an appointment
memorandum was acting as a representative, routinely entering receipts
for contracted goods and services and recommending the acceptance of
deliverables. For the other four contracts, an employee was acting as
the backup for the appointed contracting officer's representative
during the absence of the designated representative without an
appointment memorandum.[Footnote 56] Because contracting officers'
representatives are the designated representatives in charge of
monitoring contract performance, it is important that their
designations are clear, and that related duties and responsibilities
are adequately defined. In addition, because contracting officers rely
on the representatives' recommendations to accept deliverables and
approve invoices, it is important that only designated officials with
contract knowledge perform inspections and recommendations. Without
review procedures to ensure that all contracting officers'
representatives have proper designations of duties and
responsibilities, FSA is at risk of not knowing whether contracting
officers' representatives acted within the scope of their duties, and
whether inspections of the deliverables were performed by the
designated and knowledgeable staff.
FSA management informed us that it performed contract review
procedures as part of staff performance evaluations, Contract Review
Boards, and contract management reviews. However, these reviews, while
they serve other purposes, do not provide ongoing assessments for FSA
to take necessary corrective actions to best ensure timely
implementation of contract monitoring controls.
Pell Grant Controls Designed to Provide Financial Accountability:
Our review of internal controls over FSA's Pell Grant program did not
identify any flaws in overall design. Consequently, if fully and
effectively implemented, the controls should provide reasonable
assurance that Education can adequately maintain financial
accountability over the billions of dollars it disburses annually to
participating schools on behalf of eligible postsecondary students.
Specifically, our review of FSA's policies, procedures, and additional
related supporting documentation showed that FSA has a range of
internal control activities designed to provide financial
accountability over Pell Grant resources, including key financial
controls summarized in table 2.
Table 2: Key Pell Grant Program Financial Accountability Controls:
Process: Student eligibility[A];
Internal control activity: To verify student eligibility, FSA's
Central Processing System is used to compute the amount of Pell Grants
for which a student is eligible and perform matches with other federal
agency records. For example, the Central Processing System data is
matched with Social Security Administration data to ensure that
applicants and their parents have a valid social security number and
to verify the applicant's citizenship status. (2009-2010 Federal
Student Aid Handbook, Volume 1, Chapter 1, The Application Process:
FAFSA to ISIR and Chapter 2, Citizenship).
Process: School eligibility;
Internal control activity: FSA developed controls to help ensure that
only schools meeting program requirements participate in the Pell
Grant program. One of the key controls calls for FSA staff to review
school applications, and supporting documentation, including
accreditations, state licenses, and audited financial statements to
assess the initial and continuing eligibility of schools participating
in the program. (2009-2010 Federal Student Aid Handbook, Volume 2,
School Eligibility and Operations, 2009-2010).
Process: Disbursements and reconciliations;
Internal control activity: FSA's Common Origination and Disbursement
System includes various edit checks on disbursement records to help
ensure that records are complete, accurate, and from eligible schools.
FSA staff also perform monthly and year-end reconciliations of Pell
Grants received by schools to amounts disbursed to students. (2009-
2010 COD Technical Reference, Volume 2, Common Record Technical
Reference, Section 4, Edits, April 2010 and Grant Reconciliation
Procedures, September 9, 2010).
Source: GAO analysis of Department of Education's policies and
procedures.
[A] In addition to FSA controls, schools have a role in determining
and verifying student eligibility and application data, and making
accurate award computations and disbursements.
[End of table]
In addition, FSA, based on its OMB Circular No. A-123 assessment,
provided reasonable assurance that its internal controls over Pell
Grant financial reporting as of June 30, 2010, were operating
effectively and no material weaknesses or reportable conditions were
found in the design of financial reporting internal controls. FSA's
assessment included all of the key controls processes discussed in
table 2, including controls over student eligibility, school
eligibility, disbursements, and reconciliations.
FSA has designed controls over the Pell Grant process to help protect
the government's interest in providing financial aid, but the program
is heavily dependent on schools establishing their own companion
controls to help assure Pell Grants are proper and in correct amounts.
Specifically, risks still exist in the Pell Grant process due to the
role of schools in determining and verifying student eligibility and
application data, and making accurate award computations and
disbursements. For example, fiscal year 2009 audits of two schools by
Education's OIG found that these schools did not have adequate
procedures, which resulted in improper disbursements of federal
student aid to students who attended ineligible locations of an
eligible school and in failure to return funds that were disbursed to
students who withdrew from school.[Footnote 57] Education's OIG found
that these schools had breakdowns in controls that did not prevent or
detect improper disbursements. Also, in Education's fiscal year 2010
Agency Financial Report,[Footnote 58] Education reported an estimate
of over $1 billion of improper payments caused in part by applicants
who incorrectly report their income on student aid applications.
[Footnote 59] To help address this problem, Education's fiscal year
2010 Agency Financial Report noted that FSA implemented a process for
applicants to transfer certain tax return data from an Internal
Revenue Service Web site to their online student aid applications.
This process was piloted on January 28, 2010, and went live in
September 2010. Additionally, FSA reported that it continues to
explore ways to facilitate the detection of errors and simplify the
application process.
While the focus of our work was on whether FSA's financial controls
over Pell Grants were designed to provide reasonable assurance that it
can maintain effective accountability over its significant grant
resources, we did identify a deficiency in the reconciliation process,
which resulted in a relatively minor (approximately $12,000)
unreconciled disbursement transaction that existing controls detected
but did not correct. FSA subsequently developed a corrective action
plan with an estimated completion date of March 18, 2011, to correct
the unreconciled amount and to establish an additional control to
timely and properly research and resolve any such unreconciled
differences in the future. Further, FSA's 2010 assessment conducted in
accordance with OMB Circular No. A-123 also identified some relatively
minor deficiencies in the implementation of its Pell Grant controls
for which it has already developed and implemented corrective actions.
[Footnote 60]
Education Has Established Important Information Technology Management
Controls, but Planning And Investment Management Challenges Remain:
Education has established IT strategic planning and management
controls, but challenges remain in some areas of its management,
including the effective use of an information resources management
(IRM) strategic plan to guide its efforts. Specifically, the
department is relying on an IRM strategic plan that was prepared
without the benefit of being informed by a current departmentwide
strategic plan and that did not reflect how IT activities will support
critical goals from other departmental planning documents. In
addition, Education has inconsistently implemented OMB's and its own
guidelines for investment management. Without effective IT strategic
planning and investment management controls, Education jeopardizes its
ability to effectively support its mission and efficiently use its $3
billion IT investment. To review Education's IT management, we focused
on seven program and management offices and 12 selected investments
representing about 73 percent of the department's total IT budget. The
organizational structure of the offices and the IT investments
included in our review are shown in figure 4.
Figure 4: Education Department Offices Related to Our Review of
Information Technology Controls and Management, Fiscal Year 2010:
[Refer to PDF for image: illustration]
Management Offices:
* Chief Information Officer [3, 4, 5, 6];
* Planning, Evaluation, and Policy {5, 8];
* Communications and Outreach;
* Office of Management[A];
* Inspector General.
Program Offices:
* Federal Student Aid [9, 10, 11, 12];
* Elementary and Secondary Education:
- Migrant Education [1];
* Institute of Education Sciences:
- National Center for Education Statistics: Assessment Division [2].
Management Offices: Provides technical assistance, guidance, and
oversight to Program Offices.
Program Offices: Reports staffing, resource,and policy information to
Management Offices.
Program Offices: Administer Education programs.
Source: GAO analysis of Education documents.
Note: The 12 investments are the (1) Migrant Student Information
Exchange; (2) National Assessment of Educational Progress; (3)
Contracts and Purchasing Support System; (4) Education Department
Utility for Communications, Applications, and Technical Environment;
(5) Budget Formulation and Execution Line of Business; (6) G-5 Grants
Management; (7) Integrated Support Services; (8) EDFacts; (9) National
Student Loan Data System; (10) Enterprise Web Portal; (11) Common
Services for Borrowers; and (12) Common Origination and Disbursement.
[A] The Office of Management was included because of the office's
privacy-related responsibilities.
[End of figure]
Education Developed an IRM Strategic Plan to Guide Its IT Investments,
but Did So without the Benefit of a Current Departmentwide Strategic
Plan:
Strategic planning is essential to define what an organization seeks
to accomplish, identify strategies to achieve desired results, and
measure progress to subsequently determine how well it is succeeding
in reaching results-oriented goals and objectives.[Footnote 61]
[Footnote 62] The Government Performance and Results Act of 1993
requires federal agencies to prepare and submit a strategic plan to
the Director of OMB and to Congress, and to update or revise the plan
at least every 3 years.[Footnote 63] Further, OMB Circular A-130,
Management of Federal Information Resources, requires agencies to
develop an IRM strategic plan to support the agency's strategic plan,
provide a description of how information resources management
activities are expected to help accomplish the agency's mission, and
ensure that IRM decisions are integrated with organizational planning
and program decisions.
In September 2010, Education released its IRM strategic plan for
fiscal years 2010 through 2014. The plan describes how IT activities
will be used to support the department's mission and operations and
includes three primary technology goals: (1) aligning IT investments
with Education business objectives; (2) establishing the OCIO as
provider of common and infrastructure services; and (3) ensuring the
effectiveness of IT governance, data and information processing, and
use of technology across the department. However, while Education met
OMB's requirement to update its IRM strategic plan and identified how
IT activities will be used to support its mission, the plan was
developed prior to, and thus, was not informed by a current
departmental strategic plan. The most recent update of the IRM plan,
as well as the previous 2006 revision, were both completed prior to
the department releasing its respective strategic plans. Specifically,
while the previous IRM plan was completed in 2006, the departmental
strategic plan was not issued until 2007, and the department
subsequently did not update its IRM plan to reflect any relevant
changes in the department's strategic direction. More recently,
Education issued its updated IRM strategic plan in September 2010, but
as of January 2011, the departmental strategic plan had not yet been
published. An official in the Office of the Deputy Secretary indicated
that this departmental strategic plan was in draft form and commented
that the goals of this plan were still evolving.
An OCIO official stated that the sequence in updating the department
and IRM strategic plans has hindered that office's ability to identify
performance measures and goals that are essential to ensuring that IT
effectively supports the department's mission. Moreover, insight into
the department's current strategic direction is critical because the
Deputy Secretary of Education has set a goal of increasing the
department's budget for new investments by fiscal year 2012.[Footnote
64] According to the Director, Information Technology Program
Services, the department has, in part, mitigated risks of these IT
investments not being aligned with the department current strategic
priorities by organizing similar IT investments into IT categories or
"segments,"[Footnote 65] such as grants management, developing
modernization plans[Footnote 66] and collaborating with business
segment owners. The official stated that when deciding whether to
allocate funds to IT investments, the department uses segment
modernization plans to rank the investments to determine the degree to
which they support the department's strategic priorities. While it is
good practice to take these actions to mitigate risks, without an
overall IRM strategic plan that is informed by the department's
current strategic plan, there remains a risk that IT investments may
not be aligned to the department's most current priorities. An OCIO
official recognized this potential risk and as such, stated that the
department intends to update the IRM strategic plan when a department
strategic plan is released in the first half of 2011.
Further, Education's 2010 IRM strategic plan did not incorporate
critical goals from three other planning documents--the Open
Government plan, the Strategic Sustainability Performance plan, and
the Data Center Consolidation plan--that reflect the department's
planned use of IT to support its mission.[Footnote 67] [Footnote 68]
While the updated IRM strategic plan includes the goals of Education's
open government plan--which aims to, among other things, make
Education activities more transparent--the IRM plan does not
specifically address how IT activities will support that effort. For
example, the open government plan identifies a goal for making more
data and information available to the public. However, the IRM
strategic plan does not include plans, resources, or time frames to
show how IT activities will support these goals. An OCIO official
indicated that, while the department prepared an open government plan
in accordance with OMB guidance, in order to meet the IRM strategic
planning time frame, the department decided to address how IT will be
used to accomplish these goals at a later time. Addressing these goals
in the IRM strategic plan is critical to ensure that competing IT
resources are effectively prioritized to meet the open government
goals. Further, with regard to the Strategic Sustainability
Performance Plan, an official in Education's OCIO noted that although
this plan was published in June 2010, the office had not been aware of
the plan when updating the IRM strategic plan in September 2010. As
such, the goals from the Strategic Sustainability Performance Plan
were not addressed in the IRM plan. Additionally, while an OCIO
official noted that a major investment involving a data center that
aims to provide information technology services for the department was
addressed in the IRM plan, Education did not address other IT-related
goals included in the department's Data Center Consolidation plan. The
official stated that both the Strategic Sustainability Performance
Plan and the Data Center Consolidation Plan are intended to be
addressed when the IRM plan is next updated. By not including these
goals in the IRM strategic plan, Education lacks an essential means of
ensuring that it can comprehensively and effectively support the
department's goals to, for example, reduce technology energy
consumption in the data centers and streamline operations. Because the
department updated the IRM strategic plan before it finalized its
current strategic direction, it may not effectively prioritize IT
investments in support of the department's mission.
Education Has Established Processes for Managing IT Investments but
Has Not Always Implemented OMB and Department Guidelines:
Education has developed an IT investment management process and
guidelines to address selection, control, and evaluation of its
investments.[Footnote 69] For example, Education has a documented
policy, implemented in 2006, which states all IT initiatives must
support and be aligned with the department's business objectives and
strategic plan to minimize duplication.[Footnote 70] Further, in 2009
the department revised its guidance to prioritize investments based on
decisions from its Planning and Investment Review Working Group; it
also made the Chief Information Officer responsible for the
department's IT investment management process.[Footnote 71]
Additionally, Education has established key oversight bodies to
monitor and control IT investments. The Investment Review Board, whose
membership represents the department's offices and critical areas,
including acquisition, budget, IT management, and planning, is the
executive decision-making body for investments, with responsibility
for reviewing proposals and recommendations of the Chief Information
Officer. According to Education, the Planning and Investment Review
Working Group, whose membership includes senior managers with
specialized knowledge and skills in the various disciplines that
comprise the work of the department, assesses the effectiveness of
Education's investment management process and provides recommendations
for improving the process. These elements of Education's governance
structure are consistent with IT investment management best practices.
[Footnote 72] See appendix III for a description of Education's
governance structure.
While Education has developed guidelines to support IT investment
management best practices, the department has not consistently
conducted postimplementation reviews. An Education directive
stipulates that postimplementation reviews are to be conducted during
the evaluation phase of IT investments.[Footnote 73]
Postimplementation reviews are used to evaluate whether the estimated
return on investment was actually achieved and to identify lessons
learned.[Footnote 74] Specifically, a postimplementation review should
evaluate stakeholder and user satisfaction with the end product,
mission impact, and technical capability, as well as provide decision
makers with lessons learned so they can improve investment decision-
making processes.
Of the 10 completed IT investments that we reviewed--representing 6
department and 4 FSA investments--only 3 had undergone post
implementation reviews. These three reviews were performed by FSA on
its IT investments. The Education Chief Information Officer had not
conducted postimplementation reviews for any of the six department
investments that required such reviews.[Footnote 75] Moreover, the
department had not finalized or approved the guidance for performing
them. The department's 2005 IT investment management process guide
reports that in 2004, Education outlined a process for conducting such
reviews. According to the department, it postponed implementing this
review process in February 2005 because other IT capital planning
activities took priority. Further, an Education official stated that
the department conducts operational analyses that satisfy the
requirement to conduct postimplementation reviews. However, according
to Education's own documentation, these reviews serve different
purposes.[Footnote 76] Specifically, an operational analysis allows an
agency to understand only how a particular investment is performing,
whereas a postimplementation review is intended to improve the
investment management process by identifying differences between
estimated and actual investment costs and benefits and lessons learned
for continuous improvements.[Footnote 77] By not performing
postimplementation reviews of department-level investments, Education
limits its ability to apply lessons learned from IT investments to
improve the effectiveness of the department's overall IT investment
management process.
Education Has Taken Steps to Establish Its IT Information Security and
Privacy Programs but Has an Unresolved Issue with Protecting Access to
Data:
Education has established an information security program that
addresses key components of the Federal Information Security
Management Act of 2002 (FISMA).[Footnote 78] FISMA was enacted into
law on December 17, 2002, as Title III of the E-Government Act of
2002.[Footnote 79] FISMA requires federal agencies to develop and
implement an agencywide security program for the information and
information systems that support the operations and assets of the
agency. FISMA's eight key components include periodic risk assessment,
risk-based policies and procedures, a security plan, security
awareness training, periodic security testing, a remedial action
process, security incident procedures, and continuity of operations
plans. An Education OCIO official stated that the department has taken
a number of steps to establish this program. We reviewed the
department's security guidance, policies, and procedures and verified
that Education has responded to key FISMA requirements that include,
among other things,
* developing, maintaining, and updating an inventory of major
information systems operated by the department or under its control;
* developing policies and procedures aimed at reducing information
security risks;
* providing security awareness training for agency personnel and
contractors;
* performing periodic testing and evaluation of the effectiveness of
information security policies, procedures, and practices; and:
* implementing a process for planning, implementing, evaluating, and
documenting remedial action to address any deficiencies identified in
its policies, procedures, and practices.
Further, Education is responsible for protecting and controlling the
personal information it collects to perform its missions.[Footnote 80]
These laws and guidance define specific privacy responsibilities that
include, for example, reviewing and evaluating the privacy
implications of agency policies, regulations, and initiatives;
producing reports on the status of privacy protections; and ensuring
that employees and contractors receive appropriate training.
The Education Senior Agency Official for Privacy stated that the
department conducts assessments to ensure that personally identifiable
information is adequately protected from inappropriate disclosure.
[Footnote 81] In addition, this official stated that Education has
developed a program that discusses privacy implications of agency
policies, instructs employees to respond to possible privacy
incidents, and describes training that employees and contractors are
to receive. According to the officials, and our review of related
department documentation and FISMA reporting, Education has taken the
following specific actions:
* Using a system to track notices to the public required under law
about IT systems that maintain personal information.[Footnote 82]
* Inventorying data assets, program offices to which they belong, and
whether the assets store or contain personally identifiable
information.
* Developing guidance on privacy by creating several privacy
directives and establishing a Social Security number best practices
guide to address OMB guidelines.[Footnote 83] Education is taking
steps to follow OMB's mandate to reduce and remove duplicative
personally identifiable information and the use of Social Security
numbers in its databases. For example, some Education organizations
have retired systems or merged duplicate systems to reduce the use of
Social Security numbers.
According to Education officials and our review of related security
guidelines, the department has taken steps to fulfill OMB
organizational and reporting elements on privacy guidelines and
statutory privacy requirements. In addition, as we have previously
reported, a chief privacy officer is critical to serving as a focal
point for a department's overall privacy responsibilities.[Footnote
84] According to Education's Open Government Plan, it plans to
establish a chief privacy officer to ensure that, as required by law,
individual privacy is protected.[Footnote 85] A senior agency official
for privacy said the department expects to have the position filled by
January 2011.
Nonetheless, although Education has taken important steps to improve
security protections, it has not resolved a long-standing critical
access control issue. In a memorandum dated June 23, 2006, OMB
directed agencies to ensure that there are adequate controls over
critical systems, such as Education's student loan and grants systems.
[Footnote 86] A critical control measure that OMB recommended was two-
factor authentication, which improves the control over system access
by using something the employee knows--a password or PIN--and
something in the employee's possession--an authenticator or token--to
identify users. In 2007 and again in 2009 Education's OIG found that,
to protect privacy from an escalating threat and to manage risk to
Education operations, the department and FSA should consider moving
more quickly toward implementing two-factor authentication for all
users (students, lenders, employees, contractors, and other third
parties) because an uncertain number of accounts are vulnerable to
threats. The 2009 OIG report recommended that the Chief Information
Officer accelerate two-factor authentication for protecting the
confidentiality, integrity, and availability of personally
identifiable data residing on public Web sites. However, the
department has not implemented this security measure. Implementation
of this security measure is essential due to the increasing number of
Pell grants and direct loans being administered by FSA. Education
officials stated that they are currently taking steps to incorporate
two-factor authentication into department system architectures and
fund the implementation of two-factor authentication. A senior advisor
at FSA provided us with the major milestones for implementing a two-
factor authentication for department employees by midsummer 2011.
Conclusions:
The U.S. Department of Education is tasked with responsibility over a
broad array of complex federal education programs. In recent years,
the federal role in education has expanded significantly, and with it,
so have its responsibilities as staff resources have decreased. In
order for Education to carry out its responsibilities, it must
establish and carry out an effective set of management practices. Our
work for this report in the key management areas we reviewed
demonstrates that Education has, in general, addressed many of these
challenges and worked to put in place a number of good management
practices, but that there are several areas in which Education could
build on its these efforts.
With respect to strategic workforce planning, Education will be
challenged to figure out how best to allocate its workforce to address
its top priorities. To the extent that it can improve the quality of
the workload data it uses to make decisions on how to allocate its
staff, it will be in a better position to move quickly and decisively
to address its changing priorities. Currently, Education's program
offices use professional judgment to estimate workload, making it
difficult to compare estimates across program offices. Until Education
establishes a more consistent agencywide approach to developing
workload estimates, the department may not be able to respond
effectively to rapidly changing legislative demands or efficiently
meet its strategic goals. In addition, Education recently implemented
a new performance management system with many key improvements over
its previous system. While it is critical that any performance
management system ensure the consistency of ratings, Education's new
system still lacks safeguards in this regard. Until Education
systematically reviews decisions made by supervisors about performance
standards or appraisals before they are finalized, Education cannot be
certain that its performance management system treats employees
consistently across the department.
Education has designed internal controls to help ensure accountability
over contract monitoring and Pell Grants, but does not have adequate
assurance that FSA is following departmental contract monitoring
policies. FSA is responsible for administering a number of large,
complex contracts that play a key role in its ability to oversee and
administer its financial student aid programs. Accordingly, it is
critical for FSA to exercise full and proper oversight of these
contracts. Until FSA develops guidance on how to file and retain
deliverable inspection evidence, guidance on how to document contract
monitoring activities and results, and quality control procedures such
as formal supervisory reviews, assurances of documentation of contract
monitoring do not exist, hindering effective oversight of FSA
contracts. For Pell Grants, we did not identify any significant flaws
in the overall design of controls.
IT systems are critical to Education's ability to carry out its
increasing workload. Although it has established important IT
management controls, several challenges remain to ensure that the
department is overseeing, managing, and modernizing IT to support its
mission. Unless Education has an IRM strategic plan that is aligned
with, and informed by, the current departmentwide strategic plan, and
the IRM strategic plan describes how IT activities will fulfill key
goals and department initiatives, Education may not comprehensively
and effectively support its mission. Education also has not finalized
guidance for, nor consistently performed, postimplementation reviews,
which are critical to assessing IT investments. If the department does
not conduct postimplementation reviews for IT investments, it cannot
effectively incorporate experiences and lessons learned from system
development efforts that may save the agency time and money.
Recommendations for Executive Action:
To build on Education's current efforts to improve human capital
management, we recommend the Secretary of Education take the following
two actions:
1. Provide guidance to program offices on developing data-based
estimates of workload, and incorporating these data into department
workforce planning. This effort could include conducting an assessment
of workload, developing an evidence-based estimate of staff needed to
meet agency responsibilities using valid and reliable data, and using
this estimate to inform agency budget requests and expenditures for
human resources.
2. Develop a formal process for reviewing performance standards and
performance appraisal decisions to help ensure Education's performance
management system is consistent across the department. For example,
such a review could include an analysis of standards and appraisals
for all Education employees over a 3 to 5 year cycle to assess whether
performance standards and appraisal decisions are being applied
consistently.
To help improve contract monitoring controls, we recommend that the
Secretary of Education direct the Chief Operating Officer of FSA to
take the following three actions:
1. Develop procedures that detail how to file and retain evidence
demonstrating receipt and acceptance of contracted goods and services.
2. Develop procedures that outline how contract monitoring activities
and results should be documented, retained, and shared.
3. Develop comprehensive quality control procedures that include
guidance for review of contract files and contractor past performance
reports to ensure that files are complete and contain documentation to
evidence compliance with departmental contracting policies, including
the following documents:
* contractor performance evaluations,
* contract monitoring plans, and:
* contracting officers' representative appointment memoranda.
We recommend the Secretary of Education build on Education's IT
management efforts by directing the Chief Information Officer to take
the following three actions:
1. Ensure that during the strategic planning process, the IRM
strategic plan is aligned with and informed by the department's
strategic plan to eliminate any potential risk of major IT investments
not supporting the department's most current priorities.
2. Update the IRM strategic plan to reflect goals from the Open
Government, Strategic Sustainability Performance, and Data Center
Consolidation plans.
3. Finalize and approve department guidance for implementing
postimplementation reviews and conduct these reviews, where
appropriate, to assess lessons learned and identify potential
improvements to the IT management process.
Agency Comments and Our Evaluation:
We provided a draft of this report to Education for review and comment
and received a written response, which is reprinted in appendix IV.
Education agreed with our recommendations and highlighted several
steps it has taken, or intends to take, to address issues raised in
our report. For example, to improve human capital management,
Education responded that it has already identified data that primarily
impacts workload of formula and discretionary grant programs and that
it plans to take several steps to improve the quality of its workload
data and how it is used to inform decision making. In addition,
Education plans to convene a working group this year to determine how
best to conduct a review of all employees performance standards and
appraisals. In response to our recommendation to improve contracting
monitoring controls, Education generally agreed with our
recommendations and noted that FSA will develop guidance to improve
how it documents and retains contracting activities and to require
contracting officers to inspect and document findings and corrective
actions related to contracting officers' representatives' records. In
addition, FSA said it will develop and document methods to address
quality controls for contract files. In response to our recommendation
to build on Education's IT management efforts, Education noted that it
has already taken steps to align the IRM strategic plan with the
department's strategic plan and other critical plans. Education plans
to take further steps by updating the IRM Strategic plan with the
latest department strategic plan once it is finalized and by providing
greater detail in the IRM strategic plan on the goals of other
critical plans. Finally, Education noted that, as a part of an effort
to increase the portion of its IT portfolio dedicated to
modernization, the department will release a post implementation
review guide and begin conducting these reviews by the second half of
fiscal year 2011, assuming projects are ready for that stage of
review. We are encouraged that the department is implementing a
process for conducting postimplementation reviews on future
investments. However, it is important that such reviews also be
performed on already-deployed systems, as five out of the six projects
we reviewed were deployed over the last 4 years did not have
postimplementation reviews performed. These reviews could help
Education determine whether the estimated return on the department's
investments was realized and identify any lessons learned. Education
also provided technical comments that we incorporated as appropriate.
We are sending copies of this report to the appropriate congressional
committee and the Secretary of Education. In addition, the report will
be available at no charge on GAO's Web site at [hyperlink,
http://www.gao.gov].
If you or your staff have any questions about this report, please
contact me at (202) 512-7215 or scottg@gao.gov. Contact points for our
Offices of Congressional Relations and Public Affairs may be found on
the last page of this report. GAO staff who made major contributions
to this report are listed in appendix V.
Sincerely yours,
Signed by:
George A. Scott:
Director, Education, Workforce and Income Security Issues:
[End of section]
Appendix I: Objectives, Scope, and Methodology:
To describe the Department of Education's (Education) high-level
management challenges, we reviewed documents detailing the shifting
landscape faced by Education and how that may challenge the agency.
These documents included Education's historical budget and staffing
information, its fiscal year 2011 budget request, the Recovery Act,
and the fiscal year 2009 through fiscal year 2012 workforce plan. We
also reviewed grant award and student loan data. We assessed the
reliability of Education data by interviewing agency officials
knowledgeable about the data and determined that the data were
sufficiently reliable for the purposes of this report. In addition, we
examined the administration's proposal to reauthorize the Elementary
and Secondary Education Act of 1965, which could include major changes
to Education's role and responsibilities. We reviewed past GAO work
and Office of Inspector General (OIG) work, including the fiscal year
2011 Management Challenges. We conducted interviews with high-level
Education officials with responsibility for overall management of the
agency. We also interviewed officials at the Office of Management and
Budget (OMB) and the Office of Personnel Management (OPM), and former
high-ranking Education officials, to obtain their perspectives on key
management challenges facing Education.
To assess the extent to which Education has human capital strategic
planning and management strategies to meet its needs, we focused our
work on two key aspects of human capital management--strategic
workforce planning and performance management. Both were identified as
key areas of focus after our initial interviews with Education, former
Education, OIG, and OMB officials, and after our review of the 2008
Federal Human Capital Survey. We reviewed documents related to
Education's strategic workforce planning and performance management
efforts. The strategic workforce planning documents included
Education's quarterly workforce review, Leadership Succession
Management plan, corporate recruitment strategy, and Human Capital
Management plan. The documents related to performance management
included Education's current and former performance management
policies, sample employee performance standards that were submitted to
OPM using the Performance Assessment and Accountability Tool (PAAT),
employee performance management system training modules, the 2008
Federal Human Capital Survey results, and OPM's PAAT handbook. We also
conducted interviews with officials responsible for the overall
planning and management of Education's human capital efforts, and in
five program offices--Office of Elementary and Secondary Education,
Office of Postsecondary Education, Office for Civil Rights, Office of
Special Education and Rehabilitative Services, and the White House
Initiative on Educational Excellence for Hispanic Americans. These
offices were selected based on the number of staff, the work functions
of the employees in the office, and the results of the 2008 OPM
Federal Human Capital Survey. In addition to four program offices with
large staffs, we included a smaller office, the White House Initiative
on Educational Excellence for Hispanic Americans, to capture the
experience of officials from a smaller program office. We also
interviewed a senior official from Education's labor union. We used
criteria developed by GAO to assess Education's efforts to identify
risks and implement improvements in human capital processes. For
strategic workforce planning, we used a GAO report identifying key
principles of strategic workforce planning--Human Capital: Key
Principles for Effective Strategic Workforce Planning (GAO-04-39)--and
the GAO Cost Estimating and Assessment Guide (GAO-09-3SP) that
addresses the importance of workload data for estimating agency
budgets. For performance management criteria, we used Results-Oriented
Cultures: Creating a Clear Linkage between Individual Performance and
Organizational Success (GAO-03-488).
In the area of financial management, our objective was to determine
whether the design of Education's internal controls was adequate to
help provide accountability over (1) contracts and (2) student aid
grants. Our review focused on key internal control activities at
Education's Office of Federal Student Aid (FSA) because it administers
student aid grants and incurred approximately 58 percent of
Education's contract obligations in fiscal year 2009. Fiscal year 2009
was the most recent year for which transactions for an entire fiscal
year were available for our review. For contracts, we focused our
review on the design of controls over contract monitoring because it
has been a long-standing management challenge for the department. To
obtain an understanding of the design of controls over FSA's contract
monitoring process, we assessed applicable Education policies and
procedures using governmentwide internal controls standards and
interviewed FSA officials. To further understand the effect of
identified design controls weaknesses, we selected a nongeneralizable
sample of 15 active and 13 closed contracts and 2 closed interagency
acquisitions from Education's Contracts Purchasing Support System.
[Footnote 87] These 28 contracts and 2 interagency acquisitions had in
total $171.5 million of contract obligations as of September 30, 2009.
Contracts and interagency acquisitions selected were either closed in
2009 or active in 2009, but could have been obligated since October 1,
2006. The Departmental Directive defines contracts to include awards
and notices of awards; job orders or task letters issued under basic
ordering agreements; letter contracts; and orders, such as purchase
orders, under which a contract becomes effective by written acceptance
or performance. Therefore, our sample of 28 contracts may include job
orders performed under the same vendor but treated as separate
"contracts" under the Departmental Directive for contract monitoring
purposes. To ensure that we reviewed monitoring controls over
contracts and interagency acquisitions, hereafter referred to as
acquisitions, with various award amounts, we sorted both the active
and the closed acquisitions populations into five strata by obligated
amount of the acquisitions. To maximize the total dollar value of the
acquisitions included in our selection, we selected more acquisitions
from strata with larger award amounts. In addition, we selected the
acquisitions with the largest award amounts from each stratum.
We focused on Pell Grants because it accounted for over 91 percent of
all student aid grant disbursements in fiscal year 2009 and because a
recent GAO study examined internal controls for other Education
grants.[Footnote 88] To obtain an understanding of the design of
controls over Pell Grants, we reviewed relevant Pell Grant policies
and procedures using GAO's Standards for Internal Controls in the
Federal Government[Footnote 89] and interviewed FSA officials. We also
reviewed documentation such as process cycle memos and flowcharts
related to the assessment of internal control activities over Pell
Grant financial reporting, which was performed by FSA in accordance
with OMB Circular No. A-123, Appendix A, Management's Responsibility
for Internal Control Over Financial Reporting. To obtain an
understanding of the scope and methodology of FSA's procedures related
to the OMB Circular No. A-123 review process, we reviewed FSA's OMB
Circular No. A-123 test plans and sampling methodology. Using a
nongeneralizable sample selection,[Footnote 90] FSA's OMB Circular No.
A-123 assessment covered financial reporting internal control
activities from July 1, 2009, through June 30, 2010, including areas
such as student eligibility, disbursements, and reconciliations. To
validate the accuracy of the results issued by the FSA's OMB Circular
No. A-123 assessment, we reperformed a selected number of FSA's
sampled transactions for each one of its testing procedures. Our
assessment did not include an evaluation of internal controls at
schools that have a role in determining, and if necessary, verifying
student eligibility and application data, and making accurate award
computations and disbursements.
To assess the extent to which Education has established management
controls needed to oversee, manage, and modernize its information
technology to support its mission, we reviewed strategic planning,
investment controls, and information security and privacy plans for
information technology (IT). We conducted interviews with officials
responsible for IT functions in seven Education management and program
offices: FSA; the Institute of Education Sciences; Office of
Elementary and Secondary Education; Office of the Chief Information
Officer; Office of Management; Office of Communications and Outreach;
and Office of Planning, Evaluation, and Policy Development. We
selected these six offices because they had at least one major IT
investment. Additionally, we selected 12 investments representing
approximately 73 percent of the department's total IT budget.[Footnote
91] These investments are:
* Migrant Student Information Exchange;
* National Assessment of Educational Progress;
* Contracts and Purchasing Support System;
* Education Department Utility for Communications, Applications, and
Technical Environment;
* Budget Formulation and Execution Line of Business;
* G-5 Grants Management;
* Integrated Support Services;
* EDFacts;
* National Student Loan Data System (now Aid Data);
* Enterprise Web Portals (now Enterprise IT Services);
* Common Services for Borrowers (now Aid Servicing); and:
* Common Origination and Disbursement (now Aid Delivery):
We selected at least one major investment from each of the offices
that had major IT investments to determine how department guidance is
implemented at the system level. In making the selections, we
considered whether the investments spanned multiple offices across
Education; had potential IT security issues; called for major spending
from Education's IT systems budget and were under development or
operational. We also reviewed Education's Information Resource
Management (IRM) strategic plan to determine the extent to which
Education had included the critical elements, such as addressing all
agency IRM requirements in its strategic plan as described in OMB
Circulars A-11 and A-130. Further, to determine how effectively
Education is identifying weaknesses and opportunities for improvement
in investments throughout the systems development lifecycle, we
reviewed relevant Education policies, procedures, guidance, and
documentation. Specifically, we looked at its postimplementation
review guide, investment board charters, budget documents, and project
reviews and presentations. To assess the quality of Education's IT
security program, we used requirements in the Federal Information
Security Management Act of 2002 (FISMA) and relevant department and
inspectors general reporting. We assessed Education's level of
compliance with FISMA requirements by reviewing relevant Office of
Inspector General (OIG) reports (including access controls and service
continuity), and met with personnel from OIG, the Office of the Chief
Information Officer, and other Education IT security personnel. We did
not conduct our own assessment of the IT security program. However, to
validate the information provided by the agency officials, we reviewed
Education's (1) FISMA reporting and security risk levels of systems;
(2) policies and procedures related to reducing security risks,
including Education's certification and accreditation program; (3)
incident reporting and handling processes to identify how the
department was responding to security violations; and (4) security
training materials and guidance to ascertain that the department had a
program in place to respond to FISMA training requirements. To assess
Education's privacy program, we interviewed officials responsible for
privacy and reviewed Education's directives and guidelines on privacy
to determine to what extent the department's privacy program
implemented applicable laws and guidance.
We conducted this performance audit from October 2009 to February 2011
in accordance with generally accepted government auditing standards.
Those standards require that we plan and perform the audit to obtain
sufficient, appropriate evidence to provide a reasonable basis for our
findings and conclusions based on our audit objectives. We believe
that the evidence obtained provides a reasonable basis for our
findings and conclusions based on our audit objectives.
[End of section]
Appendix II: Summary of Changes to Education's Performance Management
System, Implemented in 2010:
Education's goal: Establish more transparency throughout process;
EDPAS (Former system): During appraisal year, feedback emphasized
between employee and supervisor at annual midpoint and rating period;
REACH (Revised system): Feedback and communication emphasized between
employee and supervisor over course of year.
Education's goal: Establish more transparency throughout process;
EDPAS (Former system): At midpoint review, a discussion between
supervisor and employee occurred, and each signed performance plan to
document the discussion;
REACH (Revised system): Employee and supervisor provided a space in
new software to write midpoint narratives so employee better
understands midpoint status.
Education's goal: Simplify process for employee and supervisor;
EDPAS (Former system): Parts of the performance management process
were paper-based;
for example, performance plans had to be printed and signed;
REACH (Revised system): New software makes the entire performance
management process electronic.
Education's goal: Improve performance standards;
EDPAS (Former system): Did not require performance standards to be
clear, specific, measurable goals aligned to organizational goals;
REACH (Revised system): Each performance standard should be aligned,
measurable, specific, realistic, time-based, and clearly define
expected performance.
Education's goal: Differentiate between levels of employee performance;
EDPAS (Former system): Five-tier rating system for performance
included unacceptable, minimally successful, successful, highly
successful, and outstanding;
REACH (Revised system): Four-tier rating system for performance
includes unsatisfactory results, achieves results, achieves high
results, and achieves exceptional results.
Education's goal: Differentiate between levels of employee performance;
EDPAS (Former system): Employees were eligible for performance awards
at the highly successful and outstanding levels;
REACH (Revised system): Employees are eligible for performance awards
at the achieves results, achieves high results, and achieves
exceptional results levels.
Education's goal: Improve managers' understanding of responsibilities,
and encourage employees to take active role in own professional
development;
EDPAS (Former system): New employees were provided orientation on
EDPAS, and all employees encouraged to take performance management
trainings when offered;
REACH (Revised system): Required joint training for supervisors and
employees on REACH, and a performance management toolkit is available
as a reference for employees and supervisors.
Source: GAO analysis of Education policies and procedures and
interviews with Education officials.
[End of table]
[End of section]
Appendix III: Education IT Governance Structure:
The Office of the Chief Information Officer provides advice and
assistance to the Secretary and other senior officials to ensure that
IT is acquired and information resources are managed in a manner that
is consistent with laws and executive orders. The capital planning and
investment control is a decision-making process for ensuring IT
investments integrate strategic planning, budgeting, procurement, and
the management of IT in support of agency missions and business needs.
Capital planning and investment control at Education consists of three
phases: select, control, and evaluate.[Footnote 92] To carry out these
responsibilities, Education has set up an IT governance process as
shown in figure 5.
Figure 5: Education IT Governance Process:
[Refer to PDF for image: illustration]
Top level:
Secretary of Education.
Second level, reporting to Secretary of Education:
Chief Information Officer (CIO).
* Investment Review Board (IRB);
* Planning and Investment Review Working Group (PIRWG);
* Enterprise Architecture Advisory Committee (EAAC);
* Enterprise Architecture Review Board (EARB).
Providing support to CIO:
* Investment Acquisition Management Team (IAMT).
Providing support to EAAC and EARB:
* Enterprise Architecture Program Office (EAPO).
Source: Department of Education.
[End of figure]
The IT governance process is managed through a review board and
subordinate working groups. The Investment Review Board is the highest
level decision-making body for the department's IT investment
management process. Membership of the board includes the Deputy
Secretary, Chief Information Officer, Assistant Secretary for
Management, Chief Financial Officer, Director of Budget, Senior
Counselor to the Secretary of Federal Student Aid, and additional
principal officers of the department representing business units. It
meets quarterly, or more frequently if required, to support the IT
investment management process. The Investment Review Board sets the
priorities and objectives used to assess IT initiatives and oversees
the entire IT portfolio. During the select phase, the Investment
Review Board receives funding recommendations from the Planning and
Investment Review Working Group. Upon Investment Review Board
approval, the IT portfolio is submitted to OMB as part of Education's
budget request.
The Planning and Investment Review Working Group is comprised of
senior managers with specialized knowledge and skills in the various
disciplines that comprise the work of the department. It meets
monthly, or more frequently if required, to support the IT investment
management process, the Chief Information Officer, and the Investment
Review Board. Members represent the department's principal offices and
critical areas including acquisition, budget, information technology
management, and planning. During the select phase, the Planning and
Investment Review Working Group reviews candidate investments and
makes funding recommendations to the Investment Review Board. The
working group reviews the IT portfolio from a departmentwide
perspective and makes recommendations to the Chief Information Officer
to inform decisions on selecting, controlling, and evaluating
investments.
The Enterprise Architecture Advisory Committee meets quarterly to
develop and maintain segment architectures, propose business
modernization and shared service investments to the Planning and
Investment Review Working Group, assess opportunities for IT reuse and
collaboration, and review the department's IT portfolio for enterprise
architecture compliance. The Enterprise Architecture Advisory
Committee is comprised of senior managers from the principal office
responsible for supporting a segment of the department's enterprise
architecture.
The Enterprise Architecture Review Board maintains the department's
technical standards and conducts reviews in accordance with the
department's lifecycle management framework.
The Investment and Acquisition Team is responsible for developing and
implementing strategies and programs designed to enhance the
department's OMB Exhibit 300 business case preparation and capital
investment management and planning and for day-to-day oversight of its
capital planning and investment control processes. The Investment and
Acquisition Team reports to Information Technology Program Services,
which in turn reports to the Chief Information Officer.[Footnote 93]
The Enterprise Architecture Program Office is responsible for
maintaining the departmental enterprise architecture, which includes
reviewing all IT investments and making recommendations to the
Planning and Investment Review Working Group.
FSA Has Additional Responsibilities for IT Governance:
FSA is responsible for administration of the information and financial
systems that support student financial assistance programs. As a
performance-based organization, FSA has been given independent control
of its budget allocations and expenditures, personnel decisions and
processes, procurements, and other administrative and management
functions. FSA has also established a separate investment review board
to provide oversight of its investment management and ensure effective
utilization of investment dollars and human capital.
[End of section]
Appendix IV: Comments from the Department of Education:
United States Department Of Education:
The Deputy Secretary:
400 Maryland Ave. S.W.
Washington, DC 20202:
[hyperlink, http://www.cd.gov]
January 24, 2011:
Mr. George Scott:
Director, Education, Workforce, and Income Security Issues:
Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Mr. Scott:
I am writing in response to your request for comments on the U.S.
Government Accountability Office's (GAO's) draft report (GAO-11-194)
dated January 2011, entitled "Department of Education: Improved
Oversight and Controls Could Help Education Better Respond to Evolving
Priorities." I appreciate the opportunity to comment on the draft
report on behalf of the U.S. Department of Education (the Department).
The Department takes very serious') its stewardship role in
administering all of its programs. including those newly created by
significant legislation such as the American Recovery and Reinvestment
Act of 2009 (ARRA). Over the last two years. our workforce effectively
administered grantmaking at an unprecedented scale and level of
complexity. In addition. during this time. the Department also
successfully completed the transition to direct student loans. We
wholeheartedly agree that continuous improvement is key to meeting the
evolving needs of the Department and to further enhancing the impact.
We must also ensure our infrastructure is able to meet the demands of
this increased responsibility, and acknowledge GAO's recognition of
this effort and recommendations for improvement. The Department's
responses to the report's recommendations follow.
Recommendation Area 1: To build on Education's current efforts to
improve human capital management, we recommend the Secretary of
Education:
1. Provide guidance to program offices on developing data-based
estimates of workload, and incorporating these data into department
workforce planning. This effort could include conducting an assessment
of workload, developing an evidence-based estimate of staff needed to
meet agency responsibilities using valid and reliable data, and using
this estimate to infOrm agency budget requests and expenditures for
human resources.
Generally, the Department agrees with GAO's recommendation. It is
important to note that developing a set of workforce planning tools
and algorithms to accurately forecast new and/or shifting resource
needs, changing skill requirements, and potential process
"bottlenecks" is complex and resource intensive. It also requires
specific expertise that is not widely available within the Department.
Many complex variables govern the work of the Department. These
variables include items that are quantitative and predictable (e.g.,
number of new grants) on the one hand, and subjective, nuanced, or
outside of the Department's control on the other (e.g., timing of
final appropriation, need for and complexity of supporting
regulations). We have discovered that these complexities present many
challenges in creating useful Department workload models. In addition
to these challenges, we also have limited resources ” dollars and
staffing ” to take the Department's current workload analysis efforts
to the next level of rigor. Despite these and other challenges, and
compared to other federal agencies, the Department has demonstrated
exemplary performance over the past several years in the effective use
and distribution of taxpayer dollars. We are entrusted with more
program dollars per FTE (Full Time Equivalent) than any other
government agency with the third largest discretionary appropriation
and a direct loan program. As noted by GAO, we were able to shift our
workforce to meet the demands of ARRA. These achievements have been
the result, in part, of unprecedented work in the Department over the
past several years, which included the development of an FTE model to
assess workload impact.
Initial Department efforts to improve workload analysis primarily
focused on identifying "key drivers" of work for the Department's
formula and discretionary grant programs. Based on interviews with the
Department's grantmaking experts, an initial set of workload drivers
were identified. These drivers are basic data elements, including
program dollar size, the number of new and continuing awards
distributed each year, the frequency of grant competitions, the
complexity of the grant competitions, and the number of site visits
performed. Subjective drivers were also identified, including the
level of innovation and/or flexibility that exists in the grant
program.
With an acknowledgment that the Department has limited resources to
develop and implement a workload analysis system that fully integrates
Department-wide human capital, operations, and cost data, we are
determined to make continued progress. Our next steps include:
* Building on the Department's Budget Service's fiscal year (FY) 2010
workload project, categorizing, and analyzing grant work by common
program characteristics (that is, grouping common workload drivers
among the Department's program offices);
* Analyzing the results of in-process workload data studies
commissioned by program offices (i.e., Office of Special and Education
and Rehabilitative Services and Office of Elementary and Secondary
Education) for Department-wide application; and;
* Developing grantmaking workload activity "standards."
The Office of Management, Human Capital and Client Services will
continue collaborating with the Department's Budget Service, program
offices, and other Department support offices to develop workload
guidance to be used across the Department. Additional specific actions
will include appropriately reclassifying positions from the current
343-Management and Program Analyst series to the 1109-Grants
Management series established by the Office of Personnel Management in
November 2010. Updating grants management position descriptions and
gathering more reliable data around full-time equivalents in this
series will lead to more effective workload modeling and workforce
planning in the critical grants management area.
2. Develop a formal process for reviewing performance standards and
performance appraisal decisions to help ensure Education's performance
management system is consistent across the department. For example,
such a review could include an analysis of standards and appraisals
for all Education employees over a 3 to 5 year cycle to assess whether
performance standards and appraisal decisions are being applied
consistently.
Performance management in government has been historically
challenging. This is especially true in four primary areas: aligning
performance expectations with strategic goals and operational
priorities, developing standards that are quantifiable and measurable,
calibrating across these standards to consistently identify varying
levels of performance, and reliably assessing performance against
these standards.
The Department's approach over the past several years has been to
improve strategic alignment and development of standards for both
organizational and individual commitments. We have established
organizational metrics that set expectations for each business unit
and serve as the basis for organizational performance ratings. This
Organizational Assessment ("OA") tool provides for a quantitative and
qualitative review, and provides a link to strategic and operational
priorities. We have begun to change the performance culture for all
employees with a greater focus on measurable results aligned to
organizational and strategic priorities. This coincides with the
launch of a redesigned performance appraisal system called REsults
ACHieved ("REACH") for the FY 2011 performance cycle. As part of this
launch, the Department provided manager training on setting
expectations and creating an effective performance management culture.
We are also providing performance plan coaching for supervisors and
employees on writing effective performance plans with standards that
are specific, measurable, aligned, realistic, and time-based. In the
FY 2010 performance cycle, the Department became a leader in
government by explicitly basing a percentage of the senior executives'
individual bonuses on their organizations' performance rating. In FY
2011, we will explore extending this practice that aligns individual
and organizational performance to all employees.
The Department agrees with GAO's recommendation that we should also
incorporate a review process. We have recently developed written
policy and reached agreement with the union to conduct ongoing
assessments of REACH. We will convene a joint working group this year
to determine how best to conduct this review. At a minimum, we expect
that it will include a review of 100 percent of our employees over a 5-
year period. as suggested by GAO. We will continue our efforts to
enhance and improve performance management across the Department.
Recommendation Area 2: To help improve contract monitoring controls,
we recommend that the Secretary of Education direct the Chief
Operating Officer of FSA to:
1. Develop procedures that detail how to file and retain evidence
demonstrating receipt and acceptance of contracted goods and services.
The Department agrees with GAO's recommendation as it pertains to
activities preceding receipt and acceptance. FSA successfully adjusted
its contracting activities to meet the requirements of both the
Ensuring Continued Access to Student Loans Act and the Student Aid and
Fiscal Responsibility Act, §2212 of the Health Care and Education
Reconciliation Act. Our work has included significant effort to
renegotiate existing contracts and also put in place new contracts
such as Title IV Additional Servicer vehicles. Altogether, over the
past two years FSA has seen nearly a 50 percent increase in contract
spending for which it is accountable without a corresponding growth in
staff and absent additional investment in contract management
information technology systems. Given the significant role of
contracting in delivering FSA's mission, we appreciate GAO's
acknowledgment that we appropriately utilize the Financial Management
Support System (FMSS) to capture evidence of receipt and acceptance of
our contracted goods and services. We also engage in a variety of
activities preceding entry of receipt and acceptance. We agree with
GAO's finding that its reviewers were not able to efficiently validate
information about these activities without direct intervention by the
Contracting Officer (CO) or Contracting Officer's Representative (COR).
We do not currently have guidance on how to document and retain
artifacts of activities preceding receipt and acceptance.
Consequently, the Department will develop guidance that details how to
file and retain receipt and acceptance supporting documents in the
contract and COR files to supplement what we capture in FMSS. The
procedures will be prepared for distribution to each COR and CO, and
COs will be directed to include a copy of the procedures as an
attachment to each COR appointment letter. A copy of this guidance
will also be distributed as part of the on-boarding process for each
incoming Contract Specialist or CO.
Furthermore, the Department will investigate whether the commercial
application of FMSS includes features that would enable either the
linking to, or storage of, additional recordation or documentation.
Funding for alternative procurement management packages that may
provide these important features or functions is not currently
included in the budget.
2. Develop procedures that outline how contract monitoring activities
and results should be documented, retained, and shared.
The Department agrees with GAO's recommendation. GAO noted
considerable evidence of FSA's contract monitoring activities,
including many of the practices identified in the Office of Federal
Procurement Policy's Guide to Acquisition Best Practices. These
practices include the use of Service-Level Agreements, incentive and
disincentive contract terms, and Quality Surveillance Assurance Plans.
Nevertheless, we share GAO's vision for continuous improvement in this
area. GAO's recommendation is especially timely considering the
increased mobility of the acquisition workforce. Without clear
guidance on how monitoring activities must be documented, the
potential exists for knowledge of important contract events to be lost
when personnel leave the organization.
Information pertaining to contract monitoring activities will be
included in the guidance identified in Recommendation 1. In addition,
Federal Student Aid will issue guidance requiring COs to inspect COR
records, document their review findings and require corrective
actions, if appropriate, at least annually.
3. Develop comprehensive quality control procedures that include
guidance for review of contract files and contractor past performance
reports to ensure that files are complete and contain documentation to
evidence compliance with departmental contracting policies. including
the following documents:
* Contractor performance evaluations,
* Contract monitoring plans, and,
* Contracting officer's representative appointment memoranda.
The Department agrees with GAO's recommendation. We understand the
importance of full accountability in ensuring that taxpayer dollars
are appropriately leveraged through contracts to achieve the
Department's mission. Federal Student Aid's increased spending on
contracts over the past few years has been substantially due to the
passage of significant legislation such as the Ensuring Continued
Access to Student Loans Act, the Student Aid and Fiscal Responsibility
Act, and §2212 of the Health Care and Education Reconciliation Act.
Because of these additional requirements, we are assessing the need
for additional tools and guidance, and greater management oversight,
to ensure contract files include all required documentation. Federal
Student Aid will continue to use historically effective quality
control procedures such as Contract Review Boards, Contract Management
Reviews, and soon-to-be implemented peer reviews. Likewise, FSA will
work to make better use of data contained in acquisition systems to
effect improvements in this area.
GAO's review documented limited incidences of missing performance
evaluations and COR appointment memoranda. Even so, we share in GAO's
goal of consistent documentation of all contract monitoring
activities. To achieve this goal, we shall implement greater internal
controls to improve assurances that all required documentation is
included in contract files. Past performance records will be monitored
to ensure evaluations are prepared on a timely basis. The Department's
Administrative Communications System Directive on contract monitoring
will be revisited with acquisition personnel, as will the issue of COR
appointment memoranda. FSA will also develop and document methods to
address quality control at all obligation levels.
Recommendation Area 3: We recommend the Secretary of Education build
on Education's IT management efforts by directing the Chief
Information Officer to:
1. Align the IRM strategic plan with the department's strategic plan
to eliminate any potential risk of major IT investments not supporting
the department's most current priorities.
The Department concurs with GAO's recommendation and has addressed
this issue. Alignment between the Department's published Strategic
Plan and the IRM Strategic Plan is demonstrated in section 3.1 of the
current (September 2010) release of the IRM Strategic Plan. The agency
will update the IRM Strategic Plan to reflect the latest Department
Strategic Plan. During the interim, risks related to the misalignment
of dates between the IRM and Department strategic plans were discussed
in the Planning and Investment Review Working Group (PIRWG) and the
Investment Review Board (IRB). Agency officials determined that the
modernization plans adequately conveyed current goals and priorities
and mitigated the risk of selecting investments that did not align
with the Department's current priorities. Further, the Department
supports the use of modernization plans based on IT category or
"segments," such as grants management and 1T security. These plans
ensure a better alignment of investments and allow more precise
allocation of IT resources to key milestones that accomplish the
Department's mission.
2. Update the IRM strategic plan to reflect goals from the Open
Government, Strategic Sustainability Performance, and Data Center
Consolidation plans.
The Department concurs with the recommendation and will address in
greater detail the contents of each of these plans. Each of these
plans received significant internal review by the appropriate subject
matter experts, and each plan received positive feedback from external
reviewers in the public and private sectors. The Department recognizes
that timing of updates to each of these documents presents a
significant challenge to continuous alignment with the IRM Strategic
Plan; however, the benefit of ensuring that IT resources are most
effectively and efficiently applied to the highest priorities of the
Department is our goal. Specifically, the Office of the Chief
Information Officer (OCIO) will collaborate more broadly among the
subject matter experts, leveraging internal working groups to address
the contents of the Open Government, Strategic Sustainability
Performance, and Data Center Consolidation plans in the FY 2011 update
to the IRM Strategic Plan.
3. Finalize and approve department guidance for implementing post
implementation reviews and conduct these reviews, where appropriate,
to assess lessons learned and identify potential improvements to the
IT management process.
The Department concurs with the recommendation. GAO's review
documented that the Department has not conducted post-implementation
reviews. Over the last several years, the Department's IT portfolio
has been dominated by maintenance of current systems. Many of these
systems have been operating successfully for more than a decade. In FY
2009, the Deputy Secretary and Investment Review Board Chair
established the goal of increasing the portion of the IT portfolio
dedicated to enhancements and modernization. As a result of this
effort, the agency will have new capabilities deployed in FY 2011.
Concurrent with the deployment of these new capabilities, the OCIO
will deploy procedures to conduct post-implementation reviews. The
Department is on schedule to release the post-implementation review
guide and template in January 2011. The OCIO plans to begin conducting
these reviews by the second half of FY 2011, assuming projects are
available in that stage of the lifecycle.
We appreciate the opportunity to review the draft report and comment
on the recommendations. If you have any questions or concerns
regarding our response, please have your staff members contact Beverly
Ortega Babers at (202) 205-0167.
Sincerely,
Signed by:
Anthony W. Miller:
[End of section]
Appendix V: GAO Contact and Staff Acknowledgments:
GAO Contact:
George A. Scott, (202) 512-7215 or scottg@gao.gov:
Staff Acknowledgments:
Bryon Gordon, Assistant Director; Scott Spicer, analyst-in-charge; and
Sheranda Campbell managed this assignment. Alise Nacson and Leigh Ann
Sennette also made significant contributions to the human capital
component of the project. Kay Daly, Elizabeth Martinez, Rathi Bose,
Chau Dinh, and Rebecca Riklin managed the Pell Grants and contracts
component of this assignment. Judy Lee, Pierre Kamga, and Joshua
Edelman also made contributions to the Pell Grants and contracts work.
Valerie Melvin, Christie Motley, and Charles Youman managed the
information technology component of this assignment, and Rebecca
Alvarez, Cortland Bradford, Neil Doherty, Scott Pettis, and Bradley
Roach also made contributions to the information technology work.
Additionally, Susan Aschoff, Rebecca Eyler, Janice Latimer, Steven
Lozano, Jean McSween, James Rebbe, Karen Richey, and William Woods
aided in this assignment.
[End of section]
Footnotes:
[1] Discretionary appropriations refers to budgetary resources that
are provided in appropriation acts, other than those that fund
mandatory programs. Mandatory spending refers to budget authority that
is provided in laws other than appropriations acts and the outlays
that result from such budget authority. Discretionary appropriations
constituted most of Education's budget in fiscal year 2009.
[2] Pub. L. No. 111-5, 123 Stat. 115 (2009).
[3] These offices were selected based on the number of staff, the work
functions of the employees in the office, and the results of the 2008
OPM Federal Human Capital Survey.
[4] Fiscal year 2009 was the most recent year for which transactions
for an entire fiscal year were available for our review.
[5] We selected 15 active and 13 closed contracts and two closed
interagency acquisitions based on award amounts to ensure we reviewed
monitoring controls over contracts and interagency acquisitions with
various award amounts while still maximizing the total dollar value of
contracts and interagency acquisitions included in our selection. The
active contracts population consisted of 309 contracts and interagency
acquisitions obligated since October 1, 2006, and active as of
September 30, 2009. The closed contracts population consisted of 233
contracts and interagency acquisitions obligated since October 1,
2006, and closed in fiscal year 2009 (from October 1, 2008 to
September 30, 2009).
[6] According to the Federal Acquisition Regulation, interagency
acquisitions are procedures by which an agency needing supplies or
services obtains them from another agency by an assisted or direct
acquisition.
[7] GAO, Grant Monitoring: Department of Education Could Improve Its
Processes with Greater Focus on Assessing Risks, Acquiring Financial
Skills, and Sharing Information, [hyperlink,
http://www.gao.gov/products/GAO-10-57] (Washington, D.C.: Nov. 19,
2009).
[8] GAO, Standards for Internal Control in the Federal Government,
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]
(Washington, D.C.: November 1999).
[9] We selected six offices because they had at least one major IT
investment. The Office of Management was included because of the
office's privacy-related responsibilities.
[10] We selected at least one major IT investment (obligating more
than $500,000 annually) from each of the offices that had major IT
investments to determine how department guidance is implemented at the
system level. In selecting these investments we considered whether the
investments span multiple offices across Education, had potential IT
security issues, called for major spending from Education's IT systems
budget, and were under development or operational.
[11] Department of Education Organization Act, Pub. L. No. 96-88, 93
Stat. 668 (1979).
[12] Pub. L. No. 101-576, 104 Stat. 2838 (1990).
[13] 31 U.S.C. § 3512(c), (d).
[14] Department of Education, FY 2009 Agency Financial Report (Nov.
16, 2009).
[15] 20 U.S.C. § 1070 et seq. These postsecondary programs include the
William D. Ford Federal Direct Loan Program, the Federal Family
Education Loan Program, Pell Grants, and certain campus-based programs.
[16] An obligation is a definite commitment that creates a legal
liability of the government for the payment of goods or services
ordered or received, such as a contract, and federal agencies must
record and report obligations as part of their system for tracking
federal funds. For more details on methods of tracking federal funds,
see appendix III of GAO, A Glossary of Terms Used in the Federal
Budget Process, [hyperlink, http://www.gao.gov/products/GAO-05-734SP]
(Washington, D.C.: September 2005).
[17] 48 C.F.R. ch. 1.
[18] FSA's contracting officers are part of FSA's Acquisition Group.
[19] The Federal Pell Grant Program provides need-based grants to low-
income undergraduate and certain postbaccalaureate students to promote
access to postsecondary education. Students may use their grants at
any one of nearly 5,400 participating schools. The Pell Grant award
year begins on July 1 and ends on June 30 of the following year, which
differs from the October 1 to September 30 federal fiscal year.
[20] A major investment is defined in OMB Circular A-11 as a financial
management investment obligating more than $500,000 annually.
Additionally, such an investment may be a system or acquisition
requiring special management attention because of its importance to
the mission or function of the agency, a component of the agency, or
another organization. OMB, Preparation, Submission, and Execution of
the Budget, Circular A-11 (Washington, D.C., July 21, 2010).
[21] For the three largest programs under the Recovery Act, recipients
must obligate all funds by September 30, 2011. Education is
responsible for monitoring the use of these funds.
[22] According to an Education financial report, nearly all of
Education's nonadministrative appropriations support grants or loans
for K-12 and higher education. In fiscal year 2009, administrative
expenditures were less than 1 percent of the department's
appropriations.
[23] The number of grants awarded excludes Pell Grants because these
grants are funded with both discretionary and mandatory funds.
However, FSA reported a nearly 60 percent increase in the amount of
aid disbursed to students in fiscal year 2010 compared to 2009.
[24] In March 2010, the Health Care and Education Reconciliation Act
of 2010 (Pub. L. No. 111-152, 124 Stat. 1029 (2010)) terminated
authority as of June 30, 2010, for the Federal Family Education Loan
Program, under which nonfederal lenders made student loans guaranteed
by the federal government. Instead, borrowers who would have been
eligible to receive these loans can receive loans made directly by
Education. However, those outstanding loans made by nonfederal lenders
and guaranteed repayment by the federal government after that date
will continue under the same structure with FSA oversight for possibly
30 years, depending on the repayment plan.
[25] Higher Education Opportunity Act, Pub. L. No. 110-315, 122 Stat.
3078 (2008).
[26] Consolidated Appropriations Act, 2010, Pub. L. No. 111-117, 123
Stat. 3034 (2009).
[27] GAO, Recovery Act: Opportunities to Improve Management and
Strengthen Accountability over States' and Localities' Uses of Funds,
[hyperlink, http://www.gao.gov/products/GAO-10-999] (Washington, D.C.:
Sept. 20, 2010).
[28] GAO, Low-Income and Minority Serving Institutions: Sustained
Attention Needed to Improve Education's Oversight of Grant Programs,
[hyperlink, http://www.gao.gov/products/GAO-10-659] (Washington, D.C.:
May 27, 2010), and Grant Monitoring: Department of Education Could
Improve Its Processes with Greater Focus on Assessing Risks, Acquiring
Financial Skills, and Sharing Information, [hyperlink,
http://www.gao.gov/products/GAO-10-57] (Washington, D.C.: Nov. 19,
2009).
[29] Department of Education, Office of Inspector General, FY 2011
Management Challenges (October 2010).
[30] In fiscal year 2010, 93 percent of contracts obligations were IT
related.
[31] Department of Education, A Blueprint for Reform: The
Reauthorization of the Elementary and Secondary Education Act (March
2010).
[32] GAO, Human Capital: Key Principles for Effective Strategic
Workforce Planning, [hyperlink, http://www.gao.gov/products/GAO-04-39]
(Washington, D.C.: Dec. 11, 2003). These principles include: (1)
involving top management, employees, and other stakeholders in the
strategic workforce plan; (2) determining skills and competencies
needed in the future workforce to meet the organization's goals and
identifying gaps in skills and competencies; (3) developing strategies
tailored to address these gaps; (4) building the capability to address
these gaps; and (5) monitoring and evaluating the agency's progress
toward its human capital goals and the contribution that human capital
results have made toward achieving programmatic results.
[33] Senior-level officials include the Assistant Deputy Secretary,
the Chief Human Capital Officer, and the Chief Financial and Budget
Officer.
[34] [hyperlink, http://www.gao.gov/products/GAO-04-39].
[35] [hyperlink, http://www.gao.gov/products/GAO-04-39].
[36] GAO, GAO Cost Estimating and Assessment Guide: Best Practices for
Developing and Managing Capital Program Costs, [hyperlink,
http://www.gao.gov/products/GAO-09-3SP] (Washington, D.C.: March 2009).
[37] This survey is a tool that gauges the attitudes and impressions
of federal employees in four areas of their work: leadership and
knowledge management, results-oriented performance culture, talent
management, and job satisfaction. The survey was first implemented in
2002 and is conducted every 2 years.
[38] GAO, Results-Oriented Cultures: Creating a Clear Linkage between
Individual Performance and Organizational Success, [hyperlink,
http://www.gao.gov/products/GAO-03-488] (Washington, D.C.: March 2003).
[39] Education refers to the satisfactory appraisal level as "achieves
results."
[40] [hyperlink, http://www.gao.gov/products/GAO-03-488].
[41] The PAAT is used to evaluate an agency's performance system to
determine how well appraisal systems meet OPM's criteria for the
design, implementation, and results expected for effectiveness.
[42] Under 5 C.F.R. § 430.210, OPM determines whether an appraisal
system meets applicable law, regulation, or OPM policy and, if not,
directs an agency to implement an appropriate system or to take other
corrective action.
[43] GAO, Human Capital: DOD Needs to Improve Implementation of and
Address Employee Concerns about Its National Security Personnel
System, [hyperlink, http://www.gao.gov/products/GAO-08-773]
(Washington, D.C.: Sept. 10, 2008).
[44] GAO, Financial Regulators: Agencies Have Implemented Key
Performance Management Practices, but Opportunities Exist for
Improvement, [hyperlink, http://www.gao.gov/products/GAO-07-678]
(Washington, D.C.: June 18, 2007).
[45] Our work focused on Pell Grants because it accounted for over 91
percent of all student aid grant disbursements in fiscal year 2009 and
a recent GAO study examined internal controls for other Education
grants. For more information, see GAO, Grant Monitoring: Department of
Education Could Improve Its Processes with Greater Focus on Assessing
Risks, Acquiring Financial Skills, and Sharing Information,
[hyperlink, http://www.gao.gov/products/GAO-10-57] (Washington, D.C.:
Nov. 19, 2009).
[46] U.S. Department of Education, Financial Management and
Accountability, Procedure for Performing Contractor Performance
Evaluation (CO-107) (May 4, 2006) and U.S. Department of Education,
Financial Management and Accountability, Procedure for Writing and
Implementing a Contract Monitoring Plan (CO-111) (Revised on June 4,
2007).
[47] Education's Departmental Directive, OCFO 2-108, defines contracts
as awards and notices of awards; job orders or task letters issued
under basic ordering agreements; letter contracts; orders, such as
purchase orders, under which a contract becomes effective by written
acceptance or performance; and bilateral contract modifications.
Therefore, our selection of contracts may include purchase orders or
new task orders for the same original contract. This guidance further
provides that each task order should be treated as a separate contract
and should be monitored according to the guidance in this directive.
[48] U.S. Department of Education, Office of Inspector General,
Controls Over Contract Monitoring for Federal Student Aid Contracts,
ED-OIG/A19G0006 (Aug. 24, 2007).
[49] FSA Acquisition Policy Letter, Invoice Payment Procedure, ACQ-07-
001, provides that the contracting officers' representatives shall
identify, through e-mail, to the contracting officers those
deliverables that do not conform to the contract requirements. FSA
management does not have guidance on retaining these e-mails.
[50] FSA Acquisition Policy Letter, Contract Records File Management,
ACQ-08-001.
[51] Education's Departmental Directive provides that the contracting
officer's representative shall use his or her judgment to determine if
any of the contractor's actions are significant and worthy of
documentation.
[52] Contracting officers' representatives report to applicable FSA
program offices and perform contract management duties, as assigned,
including monitoring individual contracts to ensure technical
performance of a contractor and inspecting and making recommendations
to the contracting officer on actions related to invoices and
deliverables. Contracting officers' representatives are designated but
not supervised by contracting officers who are part of FSA's
Acquisition Group.
[53] According to Education's guidance on performing contractor
evaluations, contracting officers and contracting officers'
representatives must complete contractor performance evaluations
annually and at the completion of a contract in excess of $100,000.
Our nongeneralizable sample included 11 contract and interagency
acquisition files that were obligated for less than the simplified
acquisition threshold of $100,000 and, therefore, did not require
annual contractor performance evaluations.
[54] Our sample included two interagency acquisitions that were
government printing acquisitions under subpart 8.8 of the Federal
Acquisition Regulation. According to an agency official, the
Departmental Directive is not applicable to interagency acquisitions
including government printing acquisitions. For interagency
acquisitions, generally, section 17.502-1(b) of the Federal
Acquisition Regulation requires agencies to define in advance the
roles that the requesting and servicing agencies will take with regard
to contract administration and management.
[55] A contract monitoring plan is a written document outlining how
the department will manage a contract from award to the completion of
the contract period. A contract monitoring plan is usually prepared by
the contracting officer or contracting specialist in coordination with
the contracting officer's representative and lists the key performance
objectives to monitor the effectiveness and efficiency of the contract.
[56] Education's Departmental Directive provides that contracting
officers' representatives responsible for monitoring individual
contracts must be appointed in writing by the contracting officer
through an appointment memorandum. The Departmental Directive also
states that no program official can act on a contracting officer's
behalf, or perform any duties normally reserved for the contracting
officer's designee, without specific written delegation of authority
from the contracting officer for that particular contract.
[57] Department of Education, Office of Inspector General, Touro
College's Title IV, Higher Education Act Programs, Institutional and
Program Eligibility (Oct. 30, 2008). Department of Education, Office
of Inspector General, TUI University's Administration of Higher
Education Act, Title IV Student Financial Assistance Programs (Aug. 5,
2009).
[58] U.S. Department of Education, FY 2010 Agency Financial Report
(Nov. 15, 2010).
[59] An improper payment is defined as any payment that should not
have been made or that was made in an incorrect amount (including
overpayments and underpayments) under statutory, contractual,
administrative, or other legally applicable requirements.
[60] Deficiencies included, for example, the lack of a signature on a
form documenting that a participating school should not receive funds
and deficiencies in FSA's tracking of annual audit reports required of
participating schools. FSA's corrective action plans included, for
example, enhancing procedures to require FSA staff to confirm all
required steps are taken so that documentation is complete and to
perform more frequent quality control reviews of its report on missing
audits.
[61] GAO, Information Resources Management: Comprehensive Strategic
Plan Needed to Address Mounting Challenges, [hyperlink,
http://www.gao.gov/products/GAO-02-292] (Washington, D.C.: Feb. 22,
2002).
[62] The Paperwork Reduction Act of 1995 and OMB Circular A-130 state
that agencies should prepare a strategic IRM plan that describes how
Information Resources Management activities will help accomplish
agency missions. OMB Circular A-130 states that the IRM plan should
support the agency strategic plan. 44 U.S.C. § 3506(b)(2), OMB,
Management of Federal Information Resources, Circular A-130
(Washington, D.C., Nov. 28, 2000).
[63] 5 U.S.C. § 306 (as of Dec. 31, 2010).
[64] The department's modernization efforts represented 6 percent of
its IT budget in Fiscal Year 2010--the lowest percentage of the major
25 government agencies. The department plans to increase the
percentage of the budget allocated to modernization to 15 percent by
2012.
[65] A segment is a part of the overall enterprise architecture that
can be pursued as separate initiative. As such, segments serve as a
bridge between the departmentwide enterprise architecture and the
individual programs with separate system investments. For example
segments can be grouped into categories, such as core mission areas
(e.g., grants management), business services (e.g., financial
management), and enterprise services (e.g., records management). An
enterprise architecture is a blueprint for organizational
transformation and IT modernization. Generally it consists of
snapshots of the enterprise's current operational and technological
environment, and its target environment, and contains a capital
investment road map for transitioning from the current version to the
target environment.
[66] The objective of the department's segment modernization plans is
to enable segment owners to help identify and prioritize IT investment
decisions. This includes identifying business needs, evaluating
current capabilities, and ensuring that these business needs are
aligned to performance goals.
[67] For example, Education's Open Government Plan (June 25, 2010)
states that the development of the plan uncovered some internal
challenges in data management and technology processes that need to be
resolved. Education's Strategic Sustainability Performance Plan (June
8, 2010) includes a goal to reduce technology energy consumption in
the department's data centers. The Data Center Consolidation Plan
(Aug. 31, 2010) established goals to streamline operations.
[68] According to OMB Circular A-130, the IRM strategic plan should
address all agency IRM requirements.
[69] Selection refers to a process when the organization identifies
and analyzes each project's risks and returns before committing
significant funds to any project and selects those IT projects that
will best support its mission needs. Control refers to the process of
ensuring that projects meet mission needs at the expected levels of
cost and risk as they are implemented. Evaluation refers to the
process that takes place after a project has been fully implemented
where the organization compares the actual versus expected results.
GAO, Information Technology Investment Management: A Framework for
Assessing and Improving Process Maturity, [hyperlink,
http://www.gao.gov/products/GAO-04-394G] (Washington, D.C.: March
2004).
[70] Department of Education, Information Technology Investment
Management (ITIM) and Software Acquisition Policy, Directive OCIO: 3-
108 (Sept. 15, 2006).
[71] Department of Education, IT Investment Management Process Guide,
Version 1.1 (December 2009).
[72] An agency's IT investment review board is necessary because it is
a key component in the investment management process and ensures the
organization has effective oversight for its IT projects throughout
all phases of their lifecycles. While the board should not micromanage
each project, it should maintain adequate oversight and observe each
project's performance and progress toward predefined cost and schedule
expectations, as well as each project's anticipated benefits and risk
exposure. See [hyperlink, http://www.gao.gov/products/GAO-04-394G].
[73] Department of Education, Lifecycle Management Framework
Directive, OCIO 1-106, (2005); Department of Education, Information
Technology Investment Management and Software Acquisition Policy,
Directive, OCIO 3-108 (2006). Agencies must conduct postimplementation
reviews of capital programming and acquisition processes and projects
to validate estimated benefits and costs and document effective
management practices. See OMB, Preparation, Submission, and Execution
of the Budget, Circular A-11 (Washington, D.C., July 21, 2010).
[74] According to the OMB Capital Planning Guide, post implementation
reviews of IT projects serve as a diagnostic tool to evaluate the
overall effectiveness of an agency's capital planning and acquisition
process.
[75] Of these six IT investments only one--the Contracts and
Purchasing Support System--has been in operation for more than a
decade; the remaining five were deployed within the last 4 years.
[76] Department of Education, IT Investment Management Process Guide,
Version 1.1.
[77] OMB, Capital Programming Guide, Supplement to OMB Circular A-11,
Part 7: Planning, Budgeting, and Acquisition of Capital Assets
(Washington, D.C., June 2006).
[78] The eight key components are (1) periodically assessing the risk
from unauthorized access, use, disclosure, disruption, modification,
or destruction of information or systems; (2) developing risk-based
policies and procedures to reduce information security risks; (3)
developing plans for providing adequate information security for
systems; (4) providing security awareness training for agency
personnel and contractors; (5) performing periodic testing and
evaluating the effectiveness of information security policies,
procedures, and practices; (6) implementing a process for remedial
action to address deficiencies identified in the agency's IT security;
(7) developing procedures for detecting, reporting, and responding to
security incidents; and (8) developing plans and procedures to ensure
the continuity of operations for information systems that support the
operations and assets of the agency. In addition, an annually updated
inventory of major information systems operated by or under the
control of the agency is also required.
[79] Pub. L. No. 107-347, 116 Stat. 2899, 2946 (2002).
[80] Government agencies have an obligation under the Privacy Act of
1974 (5 U.S.C. § 552a) and the E-Government Act (E-Gov Act) of 2002
(Pub. L. No. 107-347, 116 Stat. 2899 (2002)) to protect the privacy of
individuals about whom they collect personal information.
[81] As used in this report, personally identifiable information is
any information about an individual maintained by an agency, including
(1) any information that can be used to distinguish or trace an
individual's identity, such as name, Social Security number, date and
place of birth, mothers' maiden name, or biometric records; and (2)
any other information that is linked or linkable to an individual,
such as medical, educational, financial, and employment information.
[82] See 5 U.S.C. § 552a(e)(4), (e)(11).
[83] Office of Management and Budget, Safeguarding Against and
Responding to the Breach of Personally Identifiable Information, OMB
memorandum M-07-16, (Washington, D.C., May 22, 2007). Specifically,
OMB guidelines state that agencies review and reduce the volume of
personally identifiable information. Agencies are required to review
their current holdings of all personally identifiable information and
ensure, to the maximum extent practicable, such holdings are accurate,
relevant, timely, and complete, and reduce them to the minimum
necessary for the proper performance of a documented agency function.
OMB also mandates the reduction of the use of Social Security numbers.
[84] GAO, Privacy: Agencies Should Ensure That Designated Senior
Officials Have Oversight of Key Functions, [hyperlink,
http://www.gao.gov/products/GAO-08-603] (Washington, D.C.: May 30,
2008).
[85] Privacy Act of 1974, 5 U.S.C. § 552a, as amended.
[86] OMB, Protection of Sensitive Agency Information, Memorandum M-06-
16 (June 23, 2006).
[87] The active contracts population consisted of 309 contracts and
interagency acquisitions obligated since October 1, 2006, and active
as September 30, 2009. The closed contracts population consisted of
233 contracts and interagency acquisitions obligated since October 1,
2006, and closed in fiscal year 2009 (between October 1, 2008, and
September 30, 2009).
[88] GAO, Grant Monitoring: Department of Education Could Improve Its
Processes with Greater Focus on Assessing Risks, Acquiring Financial
Skills, and Sharing Information, [hyperlink,
http://www.gao.gov/products/GAO-10-57] (Washington, D.C.: Nov. 19,
2009).
[89] GAO, Standards for Internal Control in the Federal Government,
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]
(Washington, D.C.: November 1999).
[90] FSA followed the United States Chief Financial Officers Council's
Implementation Guide for OMB Circular A-123, Management's
Responsibility for Internal Control, Appendix A, Internal Control over
Financial Reporting to select samples.
[91] A major investment is defined in OMB Circular A-11 as a financial
management investment obligating more than $500,000 annually.
Additionally, such an investment may be a system or acquisition
requiring special management attention because of its importance to
the mission or function of the agency, a component of the agency, or
another organization. OMB, Preparation, Submission, and Execution of
the Budget, Circular A-11 (Washington, D.C., July 21, 2010).
[92] Selection refers to a process when the organization identifies
and analyzes each project's risks and returns before committing
significant funds to any project and selects those IT projects that
will best support its mission needs. Control refers to the process of
ensuring that projects meet mission needs at the expected levels of
cost and risk as they are implemented. Evaluation refers to the
process that takes place after a project has been fully implemented
where the organization compares the actual versus expected results.
GAO, Information Technology Investment Management: A Framework for
Assessing and Improving Process Maturity, [hyperlink,
http://www.gao.gov/products/GAO-04-394G] (Washington, D.C.: March
2004).
[93] Information Technology Program Services has other
responsibilities in addition to the capital planning and investment
control processes performed by the Investment and Acquisition
Management Team. For example, the Project Management Team provides a
single point of access to department principal offices for
coordinating the provision of IT services and capabilities and the
Development Services Team manages the web-based applications that
support and enhance the agency's online business processes. The
Director of Information Technology Program Services reports to the
Chief Information Officer.
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
