Transportation Worker Identification Credential
Internal Control Weaknesses Need to Be Corrected to Help Achieve Security Objectives Gao ID: GAO-11-648T May 10, 2011This testimony discusses credentialing issues associated with the security of U.S. transportation systems and facilities. Securing these systems requires balancing security to address potential threats while facilitating the flow of people and goods that are critical to the U.S. economy and international commerce. As we have previously reported, these systems and facilities are vulnerable and difficult to secure given their size, easy accessibility, large number of potential targets, and proximity to urban areas. The Maritime Transportation Security Act of 2002 (MTSA) required regulations preventing individuals from having unescorted access to secure areas of MTSA-regulated facilities and vessels unless they possess a biometric transportation security card and are authorized to be in such an area. MTSA further required that biometric transportation security cards be issued to eligible individuals unless determined that an applicant poses a security risk warranting denial of the card. The Transportation Worker Identification Credential (TWIC) program is designed to implement these biometric maritime security card requirements. The TWIC program, once implemented, aims to meet the following stated mission needs: (1) Positively identify authorized individuals who require unescorted access to secure areas of the nation's transportation system. (2) Determine the eligibility of individuals to be authorized unescorted access to secure areas of the transportation system by conducting a security threat assessment. (3) Ensure that unauthorized individuals are not able to defeat or otherwise compromise the access system in order to be granted permissions that have been assigned to an authorized individual. (4) Identify individuals who fail to maintain their eligibility requirements subsequent to being permitted unescorted access to secure areas of the nation's transportation system and immediately revoke the individual's permissions. Within the Department of Homeland Security (DHS), the Transportation Security Administration (TSA) and the U.S. Coast Guard are responsible for implementing and enforcing the TWIC program. In addition, DHS's Screening Coordination Office facilitates coordination among the various DHS components involved in TWIC. This testimony is based on a report we are releasing publicly today on the TWIC program. Like the report, this testimony discusses the extent to which: (1) TWIC processes for enrollment, background checking, and use are designed to provide reasonable assurance that unescorted access to secure areas of MTSA-regulated facilities and vessels is limited to qualified individuals, and (2) DHS has assessed the effectiveness of TWIC, and whether the Coast Guard has effective systems in place to measure compliance.
DHS has established a system of TWIC-related processes and controls. However, internal control weaknesses governing the enrollment, background checking, and use of TWIC potentially limit the program's ability to meet the program's stated mission needs or provide reasonable assurance that access to secure areas of MTSA-regulated facilities is restricted to qualified individuals. Specifically, internal controls in the enrollment and background checking processes are not designed to provide reasonable assurance that (1) only qualified individuals can acquire TWICs; (2) adjudicators follow a process with clear criteria for applying discretionary authority when applicants are found to have extensive criminal convictions; or (3) once issued a TWIC, TWIC holders have maintained their eligibility. To meet the stated program purpose, TSA's focus in designing the TWIC program was on facilitating the issuance of TWICs to maritime workers. However, TSA did not assess the internal controls in place to determine whether they provided reasonable assurance that the program could meet defined mission needs for limiting access to only qualified individuals. For example, controls that the TWIC program has in place to identify the use of potentially counterfeit identity documents are not used to routinely inform background checking processes. Internal control weaknesses in TWIC enrollment, background checking, and use could have contributed to the breach of selected MTSA-regulated facilities during covert tests conducted by our investigators. During these tests at several selected ports, our investigators were successful in accessing ports using counterfeit TWICs, authentic TWICs acquired through fraudulent means, and false business cases (i.e., reasons for requesting access). DHS asserted in its 2009 and 2010 budget submissions that the absence of the TWIC program would leave America's critical maritime port facilities vulnerable to terrorist activities. However, to date, DHS has not assessed the effectiveness of TWIC at enhancing security or reducing risk for MTSA-regulated facilities and vessels. Further, DHS has not demonstrated that TWIC, as currently implemented and planned with card readers, is more effective than prior approaches used to limit access to ports and facilities, such as using facility-specific identity credentials with business cases. According to TSA and Coast Guard officials, because the program was mandated by Congress as part of MTSA, DHS did not conduct a risk assessment to identify and mitigate program risks prior to implementation. Further, according to these officials, neither the Coast Guard nor TSA analyzed the potential effectiveness of TWIC in reducing or mitigating security risk--either before or after implementation--because they were not required to do so by Congress. However, internal control weaknesses raise questions about the effectiveness of the TWIC program. Moreover, as we have previously reported, Congress also needs information on whether and in what respects a program is working well or poorly to support its oversight of agencies and their budgets, and agencies' stakeholders need performance information to accurately judge program effectiveness. Therefore, we recommended in our May 2011 report that the Secretary of Homeland Security conduct an effectiveness assessment that includes addressing internal control weaknesses and, at a minimum, evaluates whether use of TWIC in its present form and planned use with readers would enhance the posture of security beyond efforts already in place given costs and program risks. DHS concurred with our recommendation.
GAO-11-648T, Transportation Worker Identification Credential: Internal Control Weaknesses Need to Be Corrected to Help Achieve Security Objectives
This is the accessible text file for GAO report number GAO-11-648T
entitled 'Transportation Worker Identification Credential: Internal
Control Weaknesses Need to Be Corrected to Help Achieve Security
Objectives' which was released on May 10, 2011.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
United States Government Accountability Office:
GAO:
Testimony:
Before the Committee on Commerce, Science, and Transportation, U.S.
Senate:
For Release on Delivery:
Expected at 2:30 p.m. EDT:
Tuesday, May 10, 2011:
Transportation Worker Identification Credential:
Internal Control Weaknesses Need to Be Corrected to Help Achieve
Security Objectives:
Statement of Stephen M. Lord, Director:
Homeland Security and Justice Issues:
GAO-11-648T:
Chairman Rockefeller, Ranking Member Hutchison, and Members of the
Committee:
I am pleased to be here today to discuss credentialing issues
associated with the security of U.S. transportation systems and
facilities. Securing these systems requires balancing security to
address potential threats while facilitating the flow of people and
goods that are critical to the U.S. economy and international
commerce. As we have previously reported, these systems and facilities
are vulnerable and difficult to secure given their size, easy
accessibility, large number of potential targets, and proximity to
urban areas.[Footnote 1] The Maritime Transportation Security Act of
2002 (MTSA) required regulations preventing individuals from having
unescorted access to secure areas of MTSA-regulated facilities and
vessels unless they possess a biometric transportation security card
and are authorized to be in such an area. MTSA further required that
biometric transportation security cards be issued to eligible
individuals unless determined that an applicant poses a security risk
warranting denial of the card. The Transportation Worker
Identification Credential (TWIC) program is designed to implement
these biometric maritime security card requirements.[Footnote 2]
The TWIC program, once implemented, aims to meet the following stated
mission needs:
* Positively identify authorized individuals who require unescorted
access to secure areas of the nation's transportation system.
* Determine the eligibility of individuals to be authorized unescorted
access to secure areas of the transportation system by conducting a
security threat assessment.
* Ensure that unauthorized individuals are not able to defeat or
otherwise compromise the access system in order to be granted
permissions that have been assigned to an authorized individual.
* Identify individuals who fail to maintain their eligibility
requirements subsequent to being permitted unescorted access to secure
areas of the nation's transportation system and immediately revoke the
individual's permissions.
Within the Department of Homeland Security (DHS), the Transportation
Security Administration (TSA) and the U.S. Coast Guard are responsible
for implementing and enforcing the TWIC program. In addition, DHS's
Screening Coordination Office facilitates coordination among the
various DHS components involved in TWIC.
My statement is based on a report we are releasing publicly today on
the TWIC program.[Footnote 3] Like the report, it will discuss the
extent to which: (1) TWIC processes for enrollment, background
checking, and use are designed to provide reasonable assurance that
unescorted access to secure areas of MTSA-regulated facilities and
vessels is limited to qualified individuals, and (2) DHS has assessed
the effectiveness of TWIC, and whether the Coast Guard has effective
systems in place to measure compliance.
For the report, we reviewed applicable laws, regulations, and
policies, as well as documentation provided by TSA on the TWIC program
systems and processes. We also reviewed the processes and data sources
with TWIC program management from TSA and Lockheed Martin (the
contractor responsible for implementing the program) and met with
officials from TSA and the Coast Guard, as well as the Criminal
Justice Information Services Division at the Federal Bureau of
Investigation (FBI). We then evaluated the processes against the TWIC
program's mission needs and Standards for Internal Control in the
Federal Government.[Footnote 4] Further, our investigators conducted
covert testing at enrollment center(s) to identify whether individuals
providing fraudulent information could acquire an authentic TWIC, and
at maritime ports with MTSA-regulated facilities and vessels to
identify security vulnerabilities and program control deficiencies. In
addition, we reviewed the type and substance of management information
available to the Coast Guard and compared them to Standards for
Internal Control in the Federal Government. We conducted this work in
accordance with generally accepted government auditing standards. We
conducted our related investigative work in accordance with standards
prescribed by the Council of the Inspectors General on Integrity and
Efficiency.
Internal Control Weaknesses in DHS's Biometric Transportation ID
Program Hinder Efforts to Ensure Security Objectives Are Fully
Achieved:
DHS has established a system of TWIC-related processes and controls.
However, internal control weaknesses governing the enrollment,
background checking, and use of TWIC potentially limit the program's
ability to meet the program's stated mission needs or provide
reasonable assurance that access to secure areas of MTSA-regulated
facilities is restricted to qualified individuals. Specifically,
internal controls[Footnote 5] in the enrollment and background
checking processes are not designed to provide reasonable assurance
that (1) only qualified individuals can acquire TWICs; (2)
adjudicators follow a process with clear criteria for applying
discretionary authority when applicants are found to have extensive
criminal convictions; or (3) once issued a TWIC, TWIC holders have
maintained their eligibility.
To meet the stated program purpose, TSA's focus in designing the TWIC
program was on facilitating the issuance of TWICs to maritime workers.
However, TSA did not assess the internal controls in place to
determine whether they provided reasonable assurance that the program
could meet defined mission needs for limiting access to only qualified
individuals. For example, controls that the TWIC program has in place
to identify the use of potentially counterfeit identity documents are
not used to routinely inform background checking processes.
Additionally, controls are not in place to determine whether an
applicant has a need for a TWIC. For example, regulations governing
the TWIC program security threat assessments require applicants to
disclose their job description and location(s) where they will most
likely require unescorted access, if known, among other things.
However, TSA enrollment processes do not require that this information
be provided by applicants.
In addition, TWIC program controls are not designed to require that
adjudicators follow a process with clear criteria for applying
discretionary authority when applicants are found to have extensive
criminal convictions. Being convicted of a felony does not
automatically disqualify a person from being eligible to receive a
TWIC; however, prior convictions for certain crimes are automatically
disqualifying.[Footnote 6] For example, offenses such as espionage or
treason would permanently disqualify an individual from obtaining a
TWIC. Other offenses, such as murder or the unlawful possession of an
explosive device, while categorized as permanent disqualifiers, are
also eligible for a waiver under TSA regulations. These offenses might
not permanently disqualify an individual from obtaining a TWIC if TSA
determines that an applicant does not represent a security threat. As
of September 8, 2010, the agency reported 460,786 cases where the
applicant was approved, but had a criminal record based on the results
from the FBI. This represents approximately 27 percent of individuals
approved for a TWIC at the time. Although TSA has the discretion and
authority to consider the totality of an individual's criminal record,
including the existence of (1) extensive criminal convictions, (2)
criminal offenses not defined as a permanent or interim disqualifying
criminal offense, such as theft or larceny, and (3) certain periods of
imprisonment, TSA has not developed a definition for what extensive
foreign or domestic criminal convictions means, or developed guidance
to ensure that adjudicators apply this authority consistently. In
commenting on our report, DHS concurred with our related
recommendation, and consequently may address this weakness as part of
its efforts to correct internal control weaknesses in the TWIC program.
Further, TWIC program controls are not designed to provide reasonable
assurance that TWIC holders have maintained their eligibility once
issued TWICs. For example, controls are not designed to determine
whether TWIC holders have committed disqualifying crimes at the
federal or state level after being granted a TWIC. Although existing
policies may hamper TSA's ability to check FBI-held fingerprint-based
criminal history records for the TWIC program on an ongoing basis
after TWIC issuance, TSA has not explored alternatives for addressing
this weakness, such as informing facility and port operators of this
weakness and identifying solutions for leveraging existing state
criminal history information, where available. In addition, controls
are not designed to provide reasonable assurance that TWIC holders
continue to meet immigration status eligibility requirements. For
example, if a TWIC holder's stated period of legal presence in the
United States is about to expire or has expired, the TWIC program does
not request or require proof from TWIC holders to show that they
continue to maintain legal presence in the United States.
Additionally, although it has regulatory authority to do so, the
program does not issue TWICs for a term less than 5 years to match the
expiration of a visa.[Footnote 7]
Internal control weaknesses in TWIC enrollment, background checking,
and use could have contributed to the breach of selected MTSA-
regulated facilities during covert tests conducted by our
investigators. During these tests at several selected ports, our
investigators were successful in accessing ports using counterfeit
TWICs, authentic TWICs acquired through fraudulent means, and false
business cases (i.e., reasons for requesting access). Our
investigators did not gain unescorted access to a port where a
secondary port-specific identification was required in addition to the
TWIC. TSA and Coast Guard officials stated that the TWIC card alone is
not sufficient and that the cardholder is also required to present a
business case. However, our covert tests demonstrated that having an
authentic TWIC and a legitimate business case were not always required
in practice.
Prior to fielding the program, TSA did not conduct a risk assessment
of the TWIC program to identify program risks and the need for
controls to mitigate existing risks and weaknesses, as called for by
internal control standards. Such an assessment could help provide
reasonable assurance that control weaknesses in one area of the
program do not undermine the reliability of other program areas or
impede the program from meeting mission needs. TWIC program officials
told us that control weaknesses were not addressed prior to initiating
the TWIC program because they had not previously identified them, or
because they would be too costly to address. However, as we noted in
our report, officials did not provide (1) documentation to support
their cost concerns and (2) did not complete an assessment of whether
they needed to implement additional compensating controls or of the
risks associated with not correcting for existing internal control
weaknesses. In our May 2011 report, we recommended that the Secretary
of Homeland Security perform an internal control assessment of the
TWIC program by (1) analyzing existing controls, (2) identifying
related weaknesses and risks, and (3) determining cost-effective
actions needed to correct or compensate for those weaknesses so that
reasonable assurance of meeting TWIC program objectives can be
achieved. This assessment should consider weaknesses we identified in
this report among other things. DHS officials concurred with our
recommendation.
TWIC's Effectiveness at Enhancing Security Has Not Been Assessed, and
the Coast Guard Lacks the Ability to Assess Trends in TWIC Compliance:
DHS asserted in its 2009 and 2010 budget submissions that the absence
of the TWIC program would leave America's critical maritime port
facilities vulnerable to terrorist activities.[Footnote 8] However, to
date, DHS has not assessed the effectiveness of TWIC at enhancing
security or reducing risk for MTSA-regulated facilities and vessels.
Further, DHS has not demonstrated that TWIC, as currently implemented
and planned with card readers, is more effective than prior approaches
used to limit access to ports and facilities, such as using facility-
specific identity credentials with business cases.
According to TSA and Coast Guard officials, because the program was
mandated by Congress as part of MTSA, DHS did not conduct a risk
assessment to identify and mitigate program risks prior to
implementation. Further, according to these officials, neither the
Coast Guard nor TSA analyzed the potential effectiveness of TWIC in
reducing or mitigating security risk--either before or after
implementation--because they were not required to do so by Congress.
However, internal control weaknesses raise questions about the
effectiveness of the TWIC program. Moreover, as we have previously
reported, Congress also needs information on whether and in what
respects a program is working well or poorly to support its oversight
of agencies and their budgets, and agencies' stakeholders need
performance information to accurately judge program effectiveness.
Therefore, we recommended in our May 2011 report that the Secretary of
Homeland Security conduct an effectiveness assessment that includes
addressing internal control weaknesses and, at a minimum, evaluates
whether use of TWIC in its present form and planned use with readers
would enhance the posture of security beyond efforts already in place
given costs and program risks. DHS concurred with our recommendation.
Further, executive branch requirements provide that prior to issuing a
new regulation, agencies are to conduct a regulatory analysis, which
is to include an assessment of costs, benefits, and risks. Therefore,
DHS is required to issue a new regulatory analysis for its proposed
regulation on the use of TWIC with biometric card readers. Conducting
a regulatory analysis using the information from the internal control
and effectiveness assessments could better inform the new regulatory
analysis and could help DHS identify and assess the full costs and
benefits of implementing the TWIC program. Therefore, in our May 2011
report, we recommended that the Secretary of Homeland Security use the
information from the internal control and effectiveness assessments as
the basis for evaluating the costs, benefits, security risks, and
corrective actions needed to implement the TWIC program. This should
be done in a manner that will meet stated mission needs and mitigate
existing security risks as part of the regulatory analysis being
completed for the new TWIC biometric card reader regulation. DHS
concurred with our recommendation.
Finally, the Coast Guard's approach for monitoring and enforcing TWIC
compliance nationwide could be improved by enhancing its collection
and assessment of related maritime security information. For example,
the Coast Guard tracks TWIC program compliance, but the processes
involved in the collection, cataloging, and querying of information
cannot be relied on to produce the management information needed to
assess trends in compliance with the TWIC program or associated
vulnerabilities. The Coast Guard uses its Marine Information for
Safety and Law Enforcement (MISLE) database to monitor activities
related to MTSA-regulated facility and vessel oversight, including
observations of TWIC-related deficiencies. Coast Guard officials
reported that they are making enhancements to the MISLE database and
plan to distribute updated guidance on how to collect and input
information. However, as of May 2011, the Coast Guard had not yet set
a date for implementing these changes. Further, these enhancements do
not address all weaknesses identified in our report that hamper the
Coast Guard's efforts to conduct trend analysis of the deficiencies as
part of its compliance reviews. Therefore, in our May 2011 report, we
recommended that the Secretary of Homeland Security direct the
Commandant of the Coast Guard to design effective methods for
collecting, cataloging, and querying TWIC-related compliance issues to
provide the Coast Guard with the enforcement information needed to
assess trends in compliance with the TWIC program and identify
associated vulnerabilities. DHS concurred with our recommendation.
As the TWIC program continues on the path to full implementation--with
potentially billions of dollars needed to install TWIC card readers in
thousands of the nation's ports, facilities, and vessels at stake--it
is important that Congress, program officials, and maritime industry
stakeholders fully understand the program's potential benefits and
vulnerabilities, as well as the likely costs of addressing these
potential vulnerabilities. The report we are releasing today aims to
help inform stakeholder views on these issues.
Chairman Rockefeller, Ranking Member Hutchison, and Members of the
Committee, this concludes my prepared testimony. I look forward to
answering any questions that you may have.
[End of section]
Footnotes:
[1] See GAO, Transportation Worker Identification Credential: Progress
Made in Enrolling Workers and Activating Credentials but Evaluation
Plan Needed to Help Inform the Implementation of Card Readers,
[hyperlink, http://www.gao.gov/products/GAO-10-43] (Washington, D.C.:
Nov. 18, 2009).
[2] The program requires maritime workers to complete background
checks to obtain a biometric identification card and be authorized to
be in the secure area by the owner/operator in order to gain
unescorted access to secure areas of MTSA-regulated facilities and
vessels. Under Coast Guard regulations, a secure area, in general, is
an area over which the owner/operator has implemented security
measures for access control in accordance with a Coast Guard-approved
security plan. For most maritime facilities, the secure area is
generally any place inside the outer-most access control point. For a
vessel or outer continental shelf facility, such as off-shore
petroleum or gas production facilities, the secure area is generally
the whole vessel or facility. Biometrics refers to technologies that
measure and analyze human body characteristics for authentication
purposes. The Department of Homeland Security (DHS) has estimated that
implementing the TWIC program could cost the federal government and
the private sector a combined total of between $694.3 million and $3.2
billion over a 10-year period. However, these figures do not include
costs associated with implementing and operating readers. A pilot on
the use of TWIC with card readers is currently underway and will
inform a proposed TWIC regulation, and these figures are to be updated
as part of this process.
[3] See GAO, Transportation Worker Identification Credential: Internal
Control Weaknesses Need to Be Corrected to Help Achieve Security
Objectives, [hyperlink, http://www.gao.gov/products/GAO-11-657]
(Washington, D.C.: May 10, 2011).
[4] GAO, Standards for Internal Control in the Federal Government,
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]
(Washington, D.C.: November 1999).
[5] In accordance with Standards for Internal Control in the Federal
Government, the design of the internal controls is to be informed by
identified risks the program faces from both internal and external
sources; the possible effect of those risks; control activities
required to mitigate those risks; and the cost and benefits of
mitigating those risks.
[6] Threat assessment processes for the TWIC program include
conducting background checks to determine whether each TWIC applicant
poses a security threat. These checks, in general, can include checks
for criminal history records, immigration status, terrorism databases
and watchlists, and records indicating an adjudication of a lack of
mental capacity, among other things. As defined in TSA implementing
regulations, the term security threat means an individual who TSA
determines or suspects of posing a threat to national security, to
transportation security, or of terrorism.
[7] Instead, TSA relies on (1) TWIC holders to self-report if they no
longer have legal presence in the country, and (2) employers to report
if a worker is no longer legally present in the country. TWIC-related
regulations provide, for example, that individuals disqualified from
holding a TWIC for immigration status reasons must surrender the TWIC
to TSA. In addition, the regulations provide that TWICs are deemed to
have expired when the status of certain lawful nonimmigrants with a
restricted authorization to work in the United States (e.g., H-1B1
Free Trade Agreement) expires, the employer terminates the employment
relationship with such an applicant, or such applicant otherwise
ceases working for the employer, regardless of the date on the face of
the TWIC. Upon the expiration of such nonimmigrant status for an
individual who has a restricted authorization to work in the United
States, the employer and employee both have related responsibilities--
the employee is required to surrender the TWIC to the employer, and
the employer is required to retrieve the TWIC and provide it to TSA.
[8] See DHS, DHS Exhibit 300 Public Release BY10/TSA - Transportation
Worker Identification Credentialing (TWIC) (Washington, D.C.: Apr. 17,
2009) and DHS Exhibit 300 Public Release BY09/TSA - Transportation
Worker Identification Credentialing (TWIC) (Washington, D.C.: July 27,
2007).
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
