Department of Labor
Further Management Improvements Needed to Address Information Technology and Financial Controls
Gao ID: GAO-11-157 March 16, 2011
The Department of Labor (Labor) plays a vital role in promoting the welfare of American workers through administering and enforcing more than 180 federal laws that cover some 10 million employers and 125 million workers. Since the recent economic downturn, Labor's role has become even more critical as its programs provide additional employment and training supports. As such, GAO was asked to determine how well Labor is currently adhering to best management practices departmentwide to ensure that its programs are operating effectively. Specifically, this report assesses Labor's (1) strategic workforce management, (2) management controls to manage and modernize its information technology, and (3) accountability over its discretionary grants. To do this, GAO collected and reviewed Labor documents related to workforce and information technology planning, as well as grants management information, and conducted interviews with Labor's national and regional staff.
Labor strategically manages its current and future workforce needs by (1) collecting, analyzing, and disseminating workforce data to its program agencies; (2) leading the development of departmentwide human capital planning documents; (3) conducting workforce gap analyses departmentwide and working with its program agencies to remedy these gaps; and (4) monitoring its program agencies' human capital programs. Labor has taken steps to understand its employees' skills and develop competencies to inform its succession planning and, according to Labor's workforce data, has maintained sufficient leadership strength in recent years. Several program agencies were also developing future leaders in various ways, such as providing training or mentoring opportunities. To monitor agencies' activities, Labor employs an accountability review to determine their compliance with federal and department human capital activities and, more recently, expanded this review to include an evaluation of their strategic workforce planning. While Labor has established a process to oversee, manage, and modernize the department's IT investments, it has not fully developed certain management controls, which may hinder its systems' ability to maximize mission performance and expected IT benefits. Specifically, Labor has (1) established an IT governance structure and system development processes, but needs better representation from program managers with expertise of business operations; (2) provided guidance to its program agencies and offices on developing performance measurements, but system performance measures for selected investments did not comprehensively link to mission and expected outcomes; (3) established an investment management process that tracks cost and schedule variances for IT investments, but did not ensure that a major IT investment had sufficient business representation and adequate testing before departmentwide implementation; and (4) implemented a security program. However, Labor faces challenges in keeping current with certain security requirements and ensuring appropriate user access controls. Labor's Employment and Training Administration (ETA) has designed policies and procedures to ensure accountability over its discretionary grants management process. However, ETA has not developed supervisory review procedures nor enhanced its guidance to ensure that (1) competitive grant award documentation is properly maintained, (2) monitoring activities results are properly and consistently documented in its Grants Electronic Management System (GEMS), and (3) Single Audit results are fully integrated as part of discretionary grantee monitoring activities. Inadequate guidance and quality assurance procedures over discretionary grants may diminish ETA's ability to show that competitive grants were properly awarded and adequately assess the results of its key monitoring activities. ETA's discretionary budget accounted for $11.4 billion, approximately 80 percent of Labor's estimated discretionary budget in fiscal year 2010, which includes discretionary grants. GAO recommends that Labor strengthen its information technology planning and discretionary grant management by further developing guidance, procedures, and processes. Labor generally agreed with GAO's findings and six recommendations, providing additional perspective concerning the portrayal of its security controls and grant monitoring procedures. GAO clarified two recommendations in response, as discussed in the report.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director:
Andrew Sherrill
Team:
Government Accountability Office: Education, Workforce, and Income Security
Phone:
(202) 512-7252
GAO-11-157, Department of Labor: Further Management Improvements Needed to Address Information Technology and Financial Controls
This is the accessible text file for GAO report number GAO-11-157
entitled 'Department Of Labor: Further Management Improvements Needed
to Address Information Technology and Financial Controls' which was
released on March 16, 2011.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
United States Government Accountability Office:
GAO:
Report to Ranking Member, Committee on Education and the Workforce,
House of Representatives:
March 2011:
Department Of Labor:
Further Management Improvements Needed to Address Information
Technology and Financial Controls:
GAO-11-157:
GAO Highlights:
Highlights of GAO-11-157, a report to the Ranking Member, Committee on
Education and the Workforce, House of Representatives.
Why GAO Did This Study:
The Department of Labor (Labor) plays a vital role in promoting the
welfare of American workers through administering and enforcing more
than 180 federal laws that cover some 10 million employers and 125
million workers. Since the recent economic downturn, Labor‘s role has
become even more critical as its programs provide additional
employment and training supports. As such, GAO was asked to determine
how well Labor is currently adhering to best management practices
departmentwide to ensure that its programs are operating effectively.
Specifically, this report assesses Labor‘s (1) strategic workforce
management, (2) management controls to manage and modernize its
information technology, and (3) accountability over its discretionary
grants. To do this, GAO collected and reviewed Labor documents related
to workforce and information technology planning, as well as grants
management information, and conducted interviews with Labor‘s national
and regional staff.
What GAO Found:
Labor strategically manages its current and future workforce needs by
(1) collecting, analyzing, and disseminating workforce data to its
program agencies; (2) leading the development of departmentwide human
capital planning documents; (3) conducting workforce gap analyses
departmentwide and working with its program agencies to remedy these
gaps; and (4) monitoring its program agencies‘ human capital programs.
Labor has taken steps to understand its employees‘ skills and develop
competencies to inform its succession planning and, according to Labor‘
s workforce data, has maintained sufficient leadership strength in
recent years. Several program agencies were also developing future
leaders in various ways, such as providing training or mentoring
opportunities. To monitor agencies‘ activities, Labor employs an
accountability review to determine their compliance with federal and
department human capital activities and, more recently, expanded this
review to include an evaluation of their strategic workforce planning.
While Labor has established a process to oversee, manage, and
modernize the department‘s IT investments, it has not fully developed
certain management controls, which may hinder its systems‘ ability to
maximize mission performance and expected IT benefits. Specifically,
Labor has (1) established an IT governance structure and system
development processes, but needs better representation from program
managers with expertise of business operations; (2) provided guidance
to its program agencies and offices on developing performance
measurements, but system performance measures for selected investments
did not comprehensively link to mission and expected outcomes; (3)
established an investment management process that tracks cost and
schedule variances for IT investments, but did not ensure that a major
IT investment had sufficient business representation and adequate
testing before departmentwide implementation; and (4) implemented a
security program. However, Labor faces challenges in keeping current
with certain security requirements and ensuring appropriate user
access controls.
Labor‘s Employment and Training Administration (ETA) has designed
policies and procedures to ensure accountability over its
discretionary grants management process. However, ETA has not
developed supervisory review procedures nor enhanced its guidance to
ensure that (1) competitive grant award documentation is properly
maintained, (2) monitoring activities results are properly and
consistently documented in its Grants Electronic Management System,
and (3) Single Audit results are fully integrated as part of
discretionary grantee monitoring activities. Inadequate guidance and
quality assurance procedures over discretionary grants may diminish
ETA's ability to show that competitive grants were properly awarded
and adequately assess the results of its key monitoring activities.
ETA's discretionary budget accounted for $11.4 billion, approximately
80 percent of Labor's estimated discretionary budget in fiscal year
2010, which includes discretionary grants.
What GAO Recommends:
GAO recommends that Labor strengthen its information technology
planning and discretionary grant management by further developing
guidance, procedures, and processes. Labor generally agreed with
GAO‘s findings and six recommendations, providing additional
perspective concerning the portrayal of its security controls and
grant monitoring procedures. GAO clarified two recommendations in
response, as discussed in the report.
View GAO-11-157 or key components. For more information, contact
Andrew Sherrill at (202) 512-7215 or sherrilla@gao.gov.
[End of section]
Contents:
Letter:
Background:
Labor Integrates Workforce Planning Principles Departmentwide and
Monitors Its Program Agencies' Human Capital Activities through
Accountability Reviews:
Labor Established an IT Oversight Process, but Has Not Fully Developed
Management Controls That Could Improve Mission Performance:
Labor Has Established Policies for Grants Accountability, but
Weaknesses Exist in Documentation and Monitoring:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluations:
Appendix I: Scope and Methodology:
Appendix II: Select Financial Management Deficiencies Identified at
the Department of Labor, Fiscal Year 2010:
Appendix III: Department of Labor Workforce Trends:
Appendix IV: Comments from the Department of Labor:
Appendix V: Contact and Acknowledgments:
Related GAO Products:
Figures:
Figure 1: Labor's IT Governance Structure:
Figure 2: Capital Planning and Investment Control Process:
Figure 3: Labor's Competency Assessment Process:
Figure 4: Retirement Eligibility Rates for Labor's Overall Workforce
and in Selected Program Agencies from Fiscal Year 2005 through 2009:
Figure 5: Attrition Rates for Labor and Select Program Agencies,
Fiscal Years 2005-2009:
Figure 6: Percent of Separations by Type for Labor, Fiscal Years 2005-
2009:
Figure 7: Percent of Employees Eligible to Retire for Labor and Select
Program Agencies, Fiscal Years 2005-2009:
Figure 8: Percent of Employees Eligible to Retire for Mission Critical
Occupations in Select Program Agencies, Fiscal Year 2009:
Figure 9: Federal Tenure Rates for Labor, Fiscal Years 2005-2009:
Figure 10: Percent of New Hires for Labor and Select Program Agencies,
Fiscal Years 2005-2009:
Figure 11: Number of New Hires and Separations for Labor, Fiscal Years
2005-2009:
Figure 12: Percent of Special Versus Ordinary Hires for Labor, Fiscal
Years 2005-2009:
Abbreviations:
BLS: Bureau of Labor Statistics:
CIO: Chief Information Officer:
CPDF: Central Personnel Data File:
CPIC: capital planning and investment control:
EBSA: Employee Benefits Security Administration:
ESA: Employment Standards Administration:
ETA: Employment and Training Administration:
FISMA: Federal Information Security Management Act of 2008:
FPO: federal project officer:
FSIO: Financial Systems Integration Office:
GEMS: Grants Electronic Management System:
HRC: Human Resource Center:
IT: Information Technology:
Labor: Department of Labor:
MSHA: Mine Safety and Health Administration:
NCFMS: New Core Financial Management System:
NIST: National Institute of Standards and Technology:
OASAM: Office of the Assistant Secretary for Administration and
Management:
OCFO: Office of the Chief Financial Officer:
OCIO: Office of the Chief Information Officer:
OIG: Office of Inspector General:
OMB: Office of Management and Budget:
OPM: Office of Personnel Management:
OSHA: Occupational Safety and Health Administration:
Recovery Act: American Recovery and Reinvestment Act of 2009:
SOL: Office of the Solicitor:
TRB: Technical Review Board:
WHD: Wage and Hour Division:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
March 16, 2011:
The Honorable George Miller:
Ranking Member:
Committee on Education and the Workforce:
House of Representatives:
The Department of Labor (Labor) plays a vital role in promoting the
welfare of American job seekers, wage earners, and retirees by
administering and enforcing more than 180 federal labor laws that
cover some 10 million employers and 125 million workers. Since the
recent economic downturn, the department's financial and employment
programs have become even more critical. Labor has a key role to play
in efforts under the American Recovery and Reinvestment Act of 2009
(Recovery Act)[Footnote 1] by providing worker training as well as
assistance and education regarding unemployment and health benefits.
While Labor is taking steps to manage these expanded responsibilities
and increased workloads, the department's strategic management of its
resources--such as agency personnel, information technology systems,
and financial resources--is even more essential in order to accomplish
its goals.
In recent years, we, along with Labor's Office of Inspector General
(OIG), have identified challenges with Labor's departmental management
related to its workforce, information technology, and financial
resources. In light of these challenges, coupled with planned
departmentwide initiatives, we were asked to determine how well the
department is currently adhering to best management practices across
the department. Specifically, this report assesses the extent to which
(1) Labor is strategically managing its current and future workforce
needs, (2) Labor has established management controls needed to manage
and modernize its information technology (IT) in order to support its
mission, and (3) the design of Labor's key internal control activities
helps ensure accountability over its discretionary grants.
To identify the steps that Labor has taken to strategically manage and
plan for its current and future workforce needs, we reviewed the
department's planning documents and interviewed Labor officials. We
selected three of Labor's program agencies--the Employee Benefits
Security Administration (EBSA), the Occupational Safety and Health
Administration (OSHA), and the Employment and Training Administration
(ETA)--in part, due to their authorization to hire additional staff in
fiscal year 2010. We reviewed their workforce planning efforts and
compared them to our key workforce planning principles and the Office
of Personnel Management's (OPM) human capital framework. To identify
workforce trends, we analyzed data from OPM's Central Personnel Data
File (CPDF) on Labor's program agencies' mission critical occupations
from fiscal years 2005 to 2009. To assess the reliability of OPM's
CPDF, we reviewed our prior data reliability work on the CPDF data
file as well as updated information about the data. While we concluded
that the CPDF information was sufficiently reliable to provide
information on Labor's recent workforce trends, we did not
independently verify the data as part of this review.
To assess whether Labor has established management controls needed to
manage and modernize its IT resources to support its mission, we
reviewed the department's governance structure, interviewed key
information technology officials, and obtained and reviewed relevant
documents. We focused on guidelines to manage IT investments,
including the capital planning and investment control process. For
this study, we selected and reviewed information technology and
guidance related to six Labor program agencies--OSHA, ETA, the Office
of Workers' Compensation Programs, the Office of the Assistant
Secretary for Administration and Management (OASAM), Bureau of Labor
Statistics, and the Wage and Hour Division. In total, these agencies
comprised about 83 percent of Labor's fiscal year 2010 IT budget. We
also reviewed Labor's approach in implementing a departmentwide IT
investment--the New Core Financial Management System--to assess
adherence to select and control guidelines and the adequacy of
testing. Further, we reviewed federal statutes and requirements
pertaining to IT planning, E-Government guidelines, and security
requirements, as well as our and OMB's frameworks for IT system
design, implementation, and management.
To determine the extent to which the design of Labor's key internal
control activities ensure accountability over the department's
discretionary grant processes, we reviewed our prior and Labor's OIG
reports and relevant policies and procedures. We also interviewed key
financial management officials, including the Office of the Chief
Financial Officer (OCFO). We performed our internal control review of
discretionary grants at ETA because the agency's discretionary budget
accounted for $11.4 billion, or approximately 80 percent, of Labor's
overall estimated discretionary budget in fiscal year 2010, which
includes discretionary grants. In addition, in prior years, challenges
have been reported on ETA's management of its discretionary grants.
Specifically, we assessed (1) whether the design of ETA's controls is
adequate to help ensure accountability over its award, monitoring, and
closeout of discretionary grants and (2) the extent to which ETA uses
the Single Audit to help the agency in performing oversight functions
over its grantees. We conducted in-depth reviews of key controls
designed for its grant management process, which includes its award,
monitoring, and closeout process. We also selected, as case studies, a
nongeneralizable sample of 30 ETA discretionary grants that were
active or closed in fiscal year 2009. For these grants, we reviewed
documentation in the corresponding grant case files and information in
ETA's Grants Electronic Management System. For each objective, we
reviewed relevant federal laws and regulations.
We conducted this performance audit from August 2009 to March 2011 in
accordance with generally accepted government auditing standards. The
standards require that we plan and perform the audit to obtain
sufficient, appropriate evidence to provide a reasonable basis for our
findings and conclusions based on our audit objectives. We believe the
evidence obtained provides a reasonable basis for findings and
conclusions based on our audit objectives. Appendix I discusses our
scope and methodology in further detail.
Background:
Established as a cabinet-level department in 1913, Labor has primary
responsibility for overseeing the nation's job training programs and
for enforcing a variety of federal labor laws. Labor defines its
mission as fostering, promoting, and developing the welfare of the
wage earners, job seekers, and retirees of the United States;
improving working conditions; advancing opportunities for profitable
employment; and assuring work-related benefits and rights. Labor
administers its various responsibilities through 21 agencies and
offices with a total staff of approximately 16,500 federal employees
distributed across the United States. Many of these agencies and
offices operate through a network of regional, field, district, and
area offices, and in some cases, local grantees and contractors.
Historically, Labor has operated as a set of individual agencies, each
largely working independently with limited centralized control. For
example, many of the larger agencies--such as OSHA and ETA--manage
their own administrative needs at the national office level, including
human capital. As we have previously reported, this organizational
structure may allow Labor more flexibility to meet a variety of needs
and focus resources in particular areas, but it may also limit Labor
in adopting better management practices, such as central planning and
performance oriented measures.[Footnote 2] To ensure continuity across
program agencies, Labor's OASAM is responsible for developing
departmentwide policies, standards, and guidance for the department's
program agencies related to its human resource and administrative
management.
Strategic Human Capital Management:
Strategic workforce planning, an integral part of human capital
management, addresses two critical needs: (1) aligning an
organization's human capital program with its current and emerging
mission and programmatic goals and (2) developing long-term strategies
for acquiring, developing, and retaining staff to achieve programmatic
goals.[Footnote 3] Agency approaches to such planning can vary with
each agency's particular needs and mission. However, our previous work
suggests that the workforce planning process incorporate several
principles, including involving top management, employees, and other
stakeholders in developing, communicating, and implementing the
strategic workforce plan; determining skills and competencies needed
in the future workforce to meet the organization's goals and
identifying gaps in skills and competencies that an organization needs
to address; selecting and implementing human capital strategies that
are targeted toward addressing these skill gaps; and monitoring and
evaluating the agency's progress toward its human capital goals.
Workforce planning efforts, including succession planning, can enable
an agency to remain aware of and be prepared for its current and
future needs as an organization. When effectively conducted, this
planning entails the collection of valid and reliable data on such
indicators as distribution of employee skills and competencies,
attrition rates, or projected retirement rates and retirement
eligibility by occupation and organizational unit. Agencies can use an
organizationwide knowledge and skills inventory and industry
benchmarks to identify current problems in their workforces and plan
for future improvements.
IT Management:
Labor maintains a large inventory of IT assets supporting mission-
critical program operations. In fiscal year 2010, the department
estimated its IT portfolio was worth approximately $466 million, of
which approximately $401 million was dedicated to maintaining systems
and $65 million was for modernization and enhancement initiatives,
including office automation across program agencies and common
management systems, security, and E-Government.[Footnote 4] The Office
of the Chief Information Officer is responsible for establishing and
maintaining each aspect of IT management, including the department's
IT System Development Life Cycle Management, capital planning and
investment control, security, and enterprise architecture processes.
[Footnote 5] Labor's Chief Information Officer (CIO) has also
established an IT governance structure for the review and management
of IT investments within the department (see figure 1). The structure
consists of the CIO, Deputy CIO, and Technical Review Board (TRB).
[Footnote 6] The TRB serves as a forum to identify and resolve
departmentwide IT-related issues. The TRB members work together with
three program offices--Enterprise Architecture, Capital Planning, and
Security--that report to the Deputy CIO. The Enterprise Architecture
Program Office reviews IT investments to ensure that they are
consistent and compliant with departmental standards. The Capital
Planning Office reviews existing IT investments and makes
recommendations for new initiatives to the CIO. Further, the Security
Program Office's role is to identify potential risks and help ensure
that the department and agency information is adequately safeguarded.
Labor's IT governance structure also includes five subcommittees--the
Enterprise Architecture, Capital Planning, IT Architecture, IT
Security, and Configuration and Control subcommittees. The
subcommittees meet regularly to review and discuss major IT investment
projects, issues, and plans across the department and within program
agencies. The subcommittees identify, manage, and resolve
departmentwide IT investment issues in their respective areas, and
each provides recommendations from their respective areas to the TRB.
Figure 1: Labor's IT Governance Structure:
[Refer to PDF for image: illustration]
Top level:
CIO.
Second level, reporting to CIO:
Deputy CIO.
Third level, reporting to Deputy CIO:
OCIO Enterprise Architecture Program Office:
OCIO Capital Planning Office:
OCIO Security Office.
All three offices provide advise, counsel,and support to the Technical
Review Board subcommittees, listed below.
Set aside from the structure, reporting to both CIO and Deputy CIO:
Technical Review Board.
Reporting to the Technical Review Board:
Enterprise Architecture Subcommittee:
Capital Planning Subcommittee:
IT Security Subcommittee:
* Configuration and Control Subcommittee;
Configuration and Control Subcommittee.
Source: DOL.
[End of figure]
When properly implemented, an agency's IT investments should help
streamline business processes to create efficiencies in day-to-day
operations. Congress recognized the need for added diligence in IT
investment management with the enactment of the Clinger-Cohen Act of
1996.[Footnote 7] The Act requires that federal agencies define their
IT investments and follow a capital planning and investment control
approach. Our IT investment management framework defines three phases--
select, control, and evaluate (see figure 2).[Footnote 8] In the
select phase, the costs and benefits of all available projects are
assessed and the optimal portfolio of projects is selected. During the
control phase, the project costs and risks are monitored and
corrective action is applied where needed. In the evaluate phase,
implemented projects are reviewed to assure that they are producing
the benefits expected and adjustments are made where appropriate.
Within an organization, all phases may be underway at once, as they
may be applied to projects at different stages of their lifecycle.
[Footnote 9]
Figure 2: Capital Planning and Investment Control Process:
[Refer to PDF for image: illustration of a continuous circular process]
Evaluate existing portfolio:
Select:
Control:
* Reselect (return to Select step);
Implement modules/systems:
[Repeat process from beginning]
Source: GAO.
[End of figure]
The security of the information stored in IT systems is also a
critical management area for federal agencies. Concerned by reports of
significant weaknesses in the security of federal computing systems,
Congress passed the Federal Information Security Management Act of
2002 (FISMA), which requires agencies to develop and implement an
information security program, independent annual evaluation process,
and annual report.[Footnote 10] To help implement the provisions of
FISMA, the National Institute of Standards and Technology (NIST)
developed a risk management framework for agencies to follow in
developing information security programs.[Footnote 11] One NIST
publication related to risk management provides guidelines for
selecting and specifying security controls for information systems.
[Footnote 12]
Financial Management:
Labor's strategic management of its annual budget--totaling about $206
billion in fiscal year 2010, including an increase in grant funding
provided by the Recovery Act--is essential to conducting its mission
effectively and efficiently. Labor's OCFO is charged with the overall
responsibility for the financial leadership throughout the department.
The OCFO's primary duty is to uphold strong financial management and
accountability while providing timely, accurate, and reliable
financial information and enhancing internal control. Labor's Chief
Financial Officer's responsibilities also include leading the
department's implementation of key governmentwide financial management
reform legislation, including the Chief Financial Officers Act of 1990
[Footnote 13] and the Federal Managers' Financial Integrity Act
[Footnote 14] (along with OMB's implementing guidance in OMB Circular
No. A-123). Labor's management of its discretionary grants has been
identified by the department's OIG as one of its top management
challenges from fiscal years 2007 through 2009.[Footnote 15] Labor's
OCFO also identified this area as a challenge during its fiscal year
2009 assessment of the department's internal controls over its grants
process.[Footnote 16] In addition, we and Labor have previously
identified challenges related to the department's ability to ensure
discretionary grants are properly awarded and monitored.[Footnote 17]
Labor relies heavily on ETA for awarding, monitoring, and closing out
ETA grants. ETA may award discretionary funding through formula or
competitive grant processes.[Footnote 18] ETA's grant management
process consists of four key phases: preaward, award, monitoring, and
closeout.[Footnote 19] ETA's award phase involves evaluating grant
applications, awarding new grants, and making continuation awards for
existing Labor grants. ETA's monitoring phase consists of reviews of
the grantee's performance, including the grantees' financial and
administrative compliance, by ETA's federal project officers.[Footnote
20] ETA monitors most grants in their period-of-performance through a
risk-based strategy,[Footnote 21] which is described in its Core
Monitoring Guide and Grant Management Desk Reference Guide.[Footnote
22] ETA's closeout phase is aimed at ensuring that the agency has
received all required financial, programmatic, and audit reports and
has accounted for all federal funds. ETA's Office of Grants Management
has the responsibility for discretionary grant awards and closeouts,
while ETA's Office of Regional Management oversees the monitoring
activities performed by the federal project officers.
Further, entities receiving Labor grants may also be subject to the
provisions of the Single Audit Act of 1984, as amended, if certain
conditions are met.[Footnote 23] The Act established the option of the
Single Audit for grantees by replacing multiple grant audits as
required by each individual grant agreement with one audit of a
recipient as a whole. As such, a Single Audit is an independent
organizationwide financial audit that covers, among other things, the
recipient's financial statements, internal controls, and its
compliance with applicable provisions of laws, regulations, contracts,
and grant agreements.
In addition to a continuing management challenge related to
discretionary grants, Labor was also confronted with a new management
challenge in 2010 related to its core financial management system. For
13 consecutive years, until fiscal year 2010, Labor had received clean
audit opinions on its financial statements.[Footnote 24] In fiscal
year 2010, Labor's independent auditor was unable to issue an opinion
on the department's financial statements due to deficiencies related
to its January 2010 implementation of the New Core Financial
Management System (NCFMS).[Footnote 25] Labor's auditor also
identified four material weaknesses[Footnote 26] in internal controls
related to the preparation of financial statements, accounting for
budgetary resources, preparation and review of journal entries, and
access to key financial and support systems. (See appendix II for
examples of financial management deficiencies resulting from the
implementation of NCFMS as identified by Labor's auditor in fiscal
year 2010.) In response to the identified deficiencies by the
auditors, Labor reported in its fiscal year 2010 Agency Financial
Report on plans to prioritize its resources to focus, in part, on
updating existing quality assurance documentation, data quality, and
training, as well as formally documenting NCFMS financial reporting
processes by September 30, 2011.
Labor Integrates Workforce Planning Principles Departmentwide and
Monitors Its Program Agencies' Human Capital Activities through
Accountability Reviews:
To manage its current and future workforce needs strategically,
Labor's Human Resource Center (HRC)--an office of the Office of the
Assistant Secretary for Administration and Management--analyzes and
disseminates workforce data and incorporates several key principles
into its departmentwide strategic workforce planning. HRC uses data to
inform Labor's workforce decisions, leads the development of key
departmentwide workforce documents, communicates regularly with its
program agencies about human capital policies and procedures, and
supports and assists program agencies' efforts in their own strategic
workforce planning. Labor has taken steps to understand its employees'
skills and develop competencies to measure their abilities and has
maintained sufficient leadership strength in recent years, according
to departmentwide workforce data. In addition, several program
agencies were taking various steps to prepare their employees to
transition into leadership roles. To monitor each agency's human
resources activities and workforce planning efforts, HRC uses an
accountability review mechanism.
Labor Leads Departmentwide Workforce Planning and Provides Guidance to
Its Program Agencies:
To inform its departmentwide strategic workforce planning decisions,
HRC systematically collects and analyzes workforce data--such as
hiring and separation rates, employee tenure, and demographic
information--necessary to develop an overall workforce profile. Our
prior work has found that collecting and analyzing workforce data are
fundamental to measuring the effectiveness of an organization's human
capital approach in support of its mission and goals.[Footnote 27] HRC
has used these workforce data--such as retirement eligibility rates
and supervisory ratio data--to assess and inform its overall
departmental workforce plans and strategies.
HRC is also responsible for leading the development of key
departmentwide workforce planning documents, such as the strategic
human capital plan. In 2003, we reported that these documents should
be linked to federal agencies' overall strategic goals and outline a
framework of human capital strategies to ensure that it is well-
positioned to meet its current and future mission needs.[Footnote 28]
While the current strategic human capital plan for fiscal years 2008
through 2011 outlines Labor's framework, officials said it reflects
the prior administration's human capital goals and no longer guides
the department.[Footnote 29] Senior Labor officials said that rather
than revising the multi-year departmentwide strategic human capital
plan, they required each agency to develop an operating plan for
fiscal year 2011 that outlines their programmatic priorities, key
activities, and strategies, as well as links to the department's
overall strategic plan.
In addition to providing leadership, HRC actively engages top
management and program agencies in the department's human capital
initiatives by meeting with Labor's senior managers and regional human
resources staff regularly to discuss human resources policy, process,
and implementation issues. During these meetings, HRC provides
agencies with departmentwide guidance on federal hiring initiatives
and workforce planning strategies and shares progress towards annual
hiring goals. According to the HRC Director, these meetings serve
different purposes. The monthly meetings with regional human resource
officers are used to share best practices, obtain feedback on
predecisional human capital issues, and discuss cross-cutting issues
that affect the entire department. The issues discussed at the
biweekly meetings with administrative officers are broader than human
capital, but allow HRC to share information with and obtain input from
senior program agency management on human capital issues, as needed.
Several program agency officials reported that these biweekly,
departmentwide management meetings serve as an opportunity to interact
and share information with HRC officials and other program managers.
[Footnote 30]
HRC provides assistance to agencies within Labor to support their
workforce planning efforts, including distributing workforce data to
its agencies, providing guidance on federal human capital policies,
and developing tools to help agencies implement these policies. For
example, as of September 2010, HRC published workforce data on a
regular basis that highlighted key demographic information about
Labor's overall workforce.[Footnote 31] Several program agency
officials we interviewed said that they generally found these
workforce data to be useful, and some noted that they rely on them to
inform their own workforce planning efforts. For example, one OSHA
regional official said he used the data to track progress towards
their regional hiring goals. In addition to the regularly published
data reports, other senior program agency officials noted that key
workforce data specific to their own agency was readily available from
HRC upon request.
To help its agencies implement the department's human capital
initiatives, HRC has developed several workforce planning templates to
guide their strategic discussions with Labor's program agencies and
assist these agencies in devising their individual workforce
strategies. These templates are worksheets used to assist program
agencies in compiling information they need for particular management
activities. HRC has identified the need to develop these templates in
response to the administration's priorities or enacted legislation.
For example, in fiscal year 2009, Labor developed a template to assist
some program agencies--including ETA, EBSA, and OSHA--in their efforts
to hire large numbers of short-term staff in response to the passage
of the Recovery Act. HRC's template helped to ensure that program
agencies analyzed information--such as the program agency's mission,
programmatic needs, and employee skills--and allowed the agencies to
describe their recruitment and staffing plans to hire for key
positions. Subsequently, these documents guided HRC and program agency
discussions and helped tailor program agency planning to their
specific recruiting and hiring strategies. For instance, as a result
of these discussions, EBSA and HRC worked together to determine that
the Student Career Employment Program was the best option to hire
student workers to address EBSA's Recovery Act workload demands.
According to EBSA, this strategy was effective because the agency was
able to identify high caliber applicants and more easily convert
Student Career Employment Program employees to full-time positions
within the department, as needed. In another example, HRC developed a
template to assist each program agency in outlining its action plan to
meet its diversity goals. The template asked program agencies to
include elements such as a list of positions in which the agency was
underrepresented and a recruitment strategy for those positions.
Several senior program agency officials said these types of workforce
planning templates were helpful in guiding their thinking about how
best to meet agency and administration goals. In fact, senior ETA
officials said they plan to continue to develop written staffing plans
based on the Recovery Act template. An HRC official said these
templates are typically developed as needed and have not historically
been used on a regular basis to inform ongoing strategic workforce
planning discussions. However, in recognition of the need to conduct
more proactive, routine strategic workforce planning with its program
agencies, HRC recently developed additional templates--including a
recruitment checklist and a document to guide strategic workforce
conversations--to facilitate routine workforce planning discussions
with program agencies. HRC and some program agency officials reported
that these additional templates have led to productive discussions
about human capital planning. For example, OSHA officials said that
HRC's recruitment checklist greatly assisted their recruiting efforts.
While HRC provides guidance and acts as a resource, Labor's program
agencies have ultimate responsibility for conducting their own
workforce analysis and planning.[Footnote 32] In addition to
responding to periodic guidance and completing templates from HRC
about strategic workforce planning, officials in each of the three
agencies we reviewed also considered workload data in analyzing their
workforce needs, which is another critical component of strategically
managing a federal agency's workforce.[Footnote 33] For example, OSHA
regional officials said they used data on the number of workplace
fatalities and the number of employers in high-risk industries to
determine how to distribute full-time employees among their district
and area offices and to identify worksites for inspections. ETA
regional officials stated that they prioritized regional workforce
needs based on factors such as dollar values and risk levels of grants
assigned to them. EBSA regional offices are all required to annually
submit a regional program operating plan to the national office that
prioritizes workforce needs, taking into consideration workload data,
such as the number of regulated financial institutions in their region
and number of inquiries received by their benefit advisors.
Labor Uses Employee Competency Assessments to Determine Its Workforce
Needs and Has a Mechanism to Monitor Its Program Agencies' Human
Capital Activities:
To ensure that it is hiring and developing its employees to meet the
needs of the department, Labor has taken steps to identify and assess
its employees' critical skills and competencies. Our prior work has
noted that a federal agency needs to identify, develop, and select
appropriate leaders, managers, and staff to meet its future
challenges.[Footnote 34] One critical step is effective succession
planning and management that is focused on strengthening both current
and future organizational capacity, rather than simply replacing
individuals. HRC has taken steps to strengthen Labor's organizational
capacity by identifying core competencies for the department's mission
critical occupations[Footnote 35] and worked with its program agencies
to develop strategies to reduce employee skill gaps.[Footnote 36] This
process, which began at Labor in fiscal year 2002, is cyclical (see
figure 3). From 2002 through 2003, Labor first developed its mission
critical occupation models, including (1) general competencies that
could be applied across the department, such as writing or problem
solving, and (2) technical competencies for each occupation, such as
workforce development program knowledge for ETA employees, or
occupational safety knowledge for OSHA investigators. Subsequently, in
fiscal year 2004, HRC led a departmentwide process to assess the
critical skills and competencies of its mission critical employees and
worked with its agencies to develop agencywide action plans to reduce
any skill gaps that existed. This online assessment process involved
managers rating each mission critical employee's competency level in
the department's Learning Link system, followed by the development of
summary reports. Agency management reviewed these summary reports to
identify if skills gaps existed in any of their agency's mission
critical occupations and, if so, developed an action plan accordingly.
Figure 3: Labor's Competency Assessment Process:
[Refer to PDF for image: illustration]
Circular process:
1) Identify core competencies and assign to agency‘s mission critical
occupations.
2) Assess agency mission critical employees‘ competency levels.
3) Develop agency action plans to address existing skill gaps.
4) Agencies implement action plans to address skill gaps.
[Repeat process beginning with step 1]
Source: GAO analysis of Labor‘s process.
[End of figure]
In fiscal year 2008, the department conducted its second assessment of
its mission critical employees' skills and asked its program agencies
to revise their action plans in light of those findings. Then, in
fiscal year 2010, HRC reviewed and updated its mission critical
occupations and related competency models that were initially
developed in 2002 and 2003. Using panels of program agency
representatives and subject matter experts,[Footnote 37] HRC led this
departmentwide effort to determine what competencies, if any, should
be modified in light of changes to individual program agencies'
mission, goals, and anticipated needs. For example, Labor revised its
"investigator" mission critical occupation at the Office of Labor
Management Standards into two separate occupations--Labor Investigator
and Criminal Investigator--to reflect the program agency's non-law
enforcement and law enforcement work, respectively. Labor also added a
new "workforce analyst" mission critical occupation at ETA based on
input from subject matter experts. Labor intends to use this revised
list to conduct another assessment of its mission critical employees'
skills in fiscal year 2011. Agencies will subsequently be asked to
update their action plans to address any skills gaps. According to
OPM's official Labor liaison, the department is ahead of other federal
agencies in conducting this type of competency assessment process.
This competency assessment process is routinely used to support
workforce analysis and planning at the department and its program
agencies, and HRC annually reports its efforts to reduce employee
skill gaps to OPM.[Footnote 38] For example, in fiscal year 2008, OSHA
identified skill gaps in its safety and occupational specialist
workforce in the areas of oral communication, interpersonal skills,
and inspection. To address these gaps, OSHA developed an action plan,
including revising OSHA's Training Institute curriculum for employees
in these areas. Results from the fiscal year 2008 assessment showed
that OSHA exceeded its target competency levels for these employees.
In another example, EBSA targeted its employee benefits law
specialists for improvement in the areas of individual and
interpersonal effectiveness. The action plan outlined by EBSA included
offering a comprehensive training program for newly hired specialists,
and encouraging more experienced specialists to make use of other
available Web-based or headquarters training courses provided by the
department, such as effective presentations, problem solving and
decision making, and customer service. Additionally, EBSA asked that
each regional office director adopt training plans that would
specifically assist in maintaining or increasing competency levels in
these areas. HRC determined that competency levels for EBSA's employee
benefits law specialists remained constant between fiscal years 2008
and 2009, and will again target them for improvement in the next
assessment process.
Beyond the departmental efforts to work with its program agencies to
identify and address employee skill gaps, program agencies we reviewed
took additional steps to assess employee skill gaps in various ways.
For example, OSHA officials have developed a model that identifies the
core components of its mission critical inspectors' knowledge base
above and beyond those identified in the departmentwide process, such
as promoting compliance and conducting walk-around inspections. To
ensure that employees obtain these skills, OSHA's Training Institute
provides relevant training and monitors its employees' developmental
progress. Senior officials in two of the OSHA regional offices we
visited said they require employees to utilize individual development
plans so they can identify current and future skill needs and provide
training as needed. In another OSHA regional office, a senior official
said that she identifies and assesses skill gaps through informal,
regular discussions with her managers. EBSA regional officials said
that they annually monitored skill gaps during employee performance
reviews and have identified both individual and group training needs
to address these gaps. ETA completed a training needs assessment in
2009 to inform the development of its fiscal year 2010 training
programs, and noted that the agency is currently planning to improve
its automated system to maintain data on employee skills and training
and allow its managers to access this information in real time.
Building on its skills and competencies data, Labor established a
succession plan in 2007 and implemented several departmentwide
programs in subsequent years. However, HRC reported that the plan no
longer guides the department's efforts. In its fiscal year 2009 report
to OPM, Labor noted that it had cultivated sufficient leadership
strength for its future needs, and therefore had placed these
succession planning programs on hold.[Footnote 39] For example, as of
December 2009, Labor estimated that it had prepared more than twice
the number of mid-level staff with the skills necessary to cover
anticipated attrition of its managers and supervisors. Senior Labor
officials said they are considering ways to further assess and develop
portions of their workforce that could assume leadership positions in
the future and had recently opened a Senior Executive Service
Candidate program class.[Footnote 40] Given Labor's projected
leadership capacity, however, officials said that they did not intend
to revise the 2007 succession plan at this time.
Although Labor has maintained sufficient leadership strength in recent
years, more and more of its employees are becoming eligible to retire,
which could leave critical gaps in leadership and institutional
knowledge. Between fiscal year 2005 and 2009, the retirement
eligibility rate of Labor's workforce continued to rise departmentwide
as well as in two of our three selected program agencies (see figure
4).
Figure 4: Retirement Eligibility Rates for Labor's Overall Workforce
and in Selected Program Agencies from Fiscal Year 2005 through 2009:
[Refer to PDF for image: combination vertical bar and line graph]
Percentage of retirement eligibility:
Fiscal year: 2005;
OSHA: 15.9%;
ETA: 23.6%;
EBSA: 9.8%;
Overall labor: 16.4%.
Fiscal year: 2006;
OSHA: 17.4%;
ETA: 21.1%;
EBSA: 9.8%;
Overall labor: 16.2%.
Fiscal year: 2007;
OSHA: 19.1%;
ETA: 20.7%;
EBSA: 11.2%;
Overall labor: 17%.
Fiscal year: 2008;
OSHA: 19.3%;
ETA: 20.4%;
EBSA: 11.8%;
Overall labor: 17.9%.
Fiscal year: 2009;
OSHA: 19.5%;
ETA: 21%;
EBSA: 11.8%;
Overall labor: 18.5%.
Source: GAO analysis of CPDF data.
[End of figure]
These retirement eligibility data indicate that nearly 20 percent of
Labor's workforce was eligible to retire in fiscal year 2009, of which
approximately half of those staff were designated as mission critical.
Likewise, our review found that 35.5 percent of Labor's workforce had
21 or more years of federal experience as of fiscal year 2009,
suggesting that a greater portion of Labor's workforce will be
eligible to retire over the next decade. In addition to the potential
loss of talent and knowledge, the percentage of Labor's workforce with
less than 3 years of federal experience has steadily increased from
about 9 percent in fiscal year 2005 to more than 13 percent in fiscal
year 2009 (see appendix III).[Footnote 41] This workforce composition
could present Labor with challenges in the future as more and more of
its experienced workforce becomes eligible for retirement. While the
timing of an eligible employee's retirement may be difficult to
predict, we found that, on average, a quarter of retirement-eligible
Labor employees did so each year between fiscal years 2005 and 2009.
However, Labor officials said that given their leadership capacity and
recent hiring activity the department will have the staff available to
replace many of these employees as they retire.
In addition to HRC assessing ways to develop future leaders across the
department, program agencies we reviewed were taking various steps to
develop leaders within their own agency. For example, OSHA's regional
offices' succession planning activities ranged from informal
mentoring, providing management training, and using data to track
retirement-eligible employees. Senior OSHA national office officials
noted that they planned to further develop agencywide succession
planning programs in fiscal year 2011. EBSA officials reported that
they examine the retirement eligibility data of their top management
at least twice a year and had several programs in place to address the
retirement of its employees, such as rotational assignments with
senior executives to provide national and regional office supervisory
and nonsupervisory employees a broader perspective of the agency's
work. We also found that ETA's fiscal year 2011 operating plan noted
agencywide succession planning as a goal, and several ETA regional
officials said they provided prospective management staff with
challenging assignments or training opportunities to prepare them for
advancement.
To facilitate management of Labor's human capital, HRC developed an
accountability review mechanism to monitor aspects of their human
capital activities and plans to broaden the review to include a focus
on strategic elements of agencies' human capital programs.[Footnote
42] During these reviews, an HRC audit team uses a survey instrument
to evaluate a sample of personnel case files, and conducts focus
groups with agencies' human resources staff, managers, and other
employees. Once completed, HRC issues a report to the audited office
with required and recommended actions, and subsequently, determines if
there are departmentwide issues that require continued action.
[Footnote 43] According to the Director of HRC's Performance and
Accountability Office, these accountability reviews historically
focused on agencies' compliance with relevant OPM and Labor hiring
regulations. However, in fiscal year 2009, HRC expanded the program to
align with OPM's Human Capital Assessment and Accountability
Framework.[Footnote 44] At this time, HRC also added a section on the
strategic alignment of human capital plans and goals to ensure that
program agencies develop and document human capital and succession
plans that are linked to their mission, goals, and objectives. As of
November 2010, HRC had not yet implemented this part of the review,
but planned to do so during fiscal year 2011.[Footnote 45]
Labor Established an IT Oversight Process, but Has Not Fully Developed
Management Controls That Could Improve Mission Performance:
Management controls are essential to effectively develop and maintain
systems. An important control element includes ensuring that
sufficient representation by business units is obtained to understand
information needs and how IT supports those needs.[Footnote 46]
Further, measuring performance is critical to describing how
effectively IT investments are supporting mission requirements, and
performing post-implementation reviews of deployed systems provides
additional opportunities to improve system processes.[Footnote 47]
Security requirements are also critical controls that need to be in
place to help prevent unauthorized access. While Labor has established
controls to oversee, manage, and modernize the department's IT
investments, it has not fully developed certain management processes
that could aid in improving mission performance and maximize expected
IT benefits. Specifically, Labor:
* established an IT governance structure and system development
processes, but its structure does not include comprehensive business
stakeholder representation;
* required program agencies and offices to develop performance
measures and provided guidance on developing them, but the performance
measures for the systems we reviewed varied in quality and often did
not comprehensively link to productivity and expected outcomes;
* established an investment management process that tracks cost and
schedule variances for IT investments, but did not ensure adequate
stakeholder representation or sufficient testing of a major project
prior to deployment, and it did not conduct post-implementation
reviews to assess IT investments; and:
* implemented a security program, but has been challenged with keeping
current with NIST requirements; the department also has not ensured
appropriate user access controls for separated employees or conducted
periodic reviews to ensure that system access privileges were still
appropriate and necessary.
Labor's IT Governance Structure and System Development Efforts Lack
Adequate Business Unit Representation:
Because information needs are derived from the business mission goals
and requirements, business needs are the foundation of any IT
investment. Sufficient representation from business units is essential
to understanding information needs and priorities and how these needs
can best be supported by IT. In 2009, we reported that, unlike 22 of
the other major federal agencies, Labor did not include business unit
(i.e., mission) representation on its investment review board[Footnote
48] as called for in IT investment management best practices.[Footnote
49] As we noted in that report, IT investments require fundamental
trade-offs among a multitude of business objectives and are dependent
on both IT and business units (representing the program agencies that
perform mission critical work) for defining and implementing the
department's IT investments. On the basis of these findings, we
recommended that Labor expand its investment review board to include
senior business executive representation to ensure that each
investment meets its respective mission needs. In response, the
department reported that the senior IT and administrative executives
who served on the investment review board had in-depth detailed and
expert knowledge and were capable of representing their units'
missions and business objectives. However, we have previously reported
that IT and administrative executives responsible for mission support
functions do not constitute sufficient business representation
because, by virtue of their responsibilities, they are not in the best
position to make business decisions.[Footnote 50]
While Labor has established an IT governance structure that consists
of a CIO, a Deputy CIO, and a TRB that have technical knowledge,
according to Office of the Chief Information Officer (OCIO) officials,
this board does not have members representing mission-related business
units. As such, the department's IT governance structure continues to
lack comprehensive business unit representation to oversee its IT
investments.[Footnote 51] During our current review, selected program
managers in the department's business units and system users across
the department noted an ongoing need for representation in IT
investments, such as the need to consult both agency management and
system users in the development of system requirements. Otherwise,
systems run the risk of not meeting the needs of their intended users.
For example, an ETA business manager noted that it would be important
to bring together regional, IT, and business units to discuss current
and long-term IT issues and that, among other things, they should
prioritize systems' enhancements and determine how those enhancements
should be developed over the next few years. Further, ETA regional
officials expressed concerns that they were not involved in defining
business and system requirements. Those officials stated that the
systems did not fully support their grant management process and
mission needs. Financial managers also indicated that the needs of the
business units were not comprehensively assessed before Labor deployed
NCFMS. Additionally, the Wage and Hour Division (WHD) investigators in
three regions noted that the information system intended to support
its business processes and manage investigative case findings was
outdated and difficult to use, requiring an excessive number of
screens to navigate and also requiring investigators to enter unneeded
data to avoid system errors.
During our review, the Deputy CIO agreed that business unit
representation was important. Further, the official believed that
Labor has an IT governance process in place that includes the key
elements of oversight, but that it strives to maintain a balance
between providing the benefits of oversight and control to agencies
without being burdensome in resource or administrative requirements.
The official noted that the department is researching alternative
approaches to developing a new governance structure that would
incorporate business unit representation without becoming cumbersome.
The official added that for two major IT investments, Labor had
recently established governance bodies to improve business unit
representation. For example, Labor established a steering committee to
meet biweekly with administrative officers to obtain their input on a
new human resource IT system. According to the Deputy CIO, this
steering committee included representatives from major agencies such
as Bureau of Labor Statistics (BLS), ETA, and OIG, and has provided
direction for the human resource initiative. The Deputy CIO
acknowledged that the department is applying lessons learned from
issues caused by insufficient business input for NCFMS and, as such,
would not want to develop another system that did not have adequate
stakeholder involvement. The official added that now there is an
increased awareness of the need for better business representation in
systems development.
While this steering committee has provided additional business
representation to Labor's governance structure for the human resources
project managed by OCIO, it does not support other IT projects
initiated and managed by other program offices and the Deputy CIO
noted that Labor's governance structure has not changed. As of
December 2010, OCIO officials noted that Labor's TRB continued to lack
business unit representation. Until the department defines and
implements a comprehensive governance structure that includes adequate
business representation and involves end users in all major system
development efforts across the department, it is at risk of updating
or replacing its outdated systems with new systems capabilities that
do not fully meet the business goals and needs of the department.
Labor Requires Agencies to Develop Performance Measures, But Measures
Vary in Quality and Do Not Comprehensively Link to Expected Benefits
of IT Investments:
Comprehensive performance measures are essential to determine if an
investment is achieving the expected benefits and efficiently and
effectively supporting an agency's mission. According to the Paperwork
Reduction Act, agencies are required to establish performance measures
that depict how effectively systems are supporting mission needs.
[Footnote 52] OMB provides agencies guidance on developing IT
performance measures that cover four management areas: (1) mission and
business results, (2) processes and activities, (3) customer results,
and (4) technology.[Footnote 53] While Labor has developed guidance
and requires its agencies and program offices to follow this guidance,
we found that these measures varied in quality and were not
comprehensive in assessing each investment's expected benefits.
[Footnote 54] Specifically, BLS established performance measures to
assess its consumer price index system and effectively addressed
expected benefits to support mission performance. For example, one
measure described that the system intends to provide statistically
sound, reliable, timely, relevant, and impartial statistical
information concerning trends in consumer prices and inflation in the
United States. Further, BLS provided a baseline, target, and actual
results for this measure. However, measures for four other systems
(representing three program agencies--OSHA, WHD, and ETA--and one
office, the OCFO) did not adhere to Labor's guidance to develop
comprehensive performance measures, limiting Labor's ability to assess
each investment's expected benefits and determine whether it is
targeting appropriate resources to improve overall mission goals.
[Footnote 55] Examples of how performance measures were addressed in
the four management areas follow:
Mission and business results. IT investments are designed to support
the mission and improve business processes. However, comprehensive
measures to determine whether mission and business results were
achieved had not been established for the four systems. For example,
OSHA did not have performance measures that clearly linked its
existing investigator's case file management system to the agency's
mission outcomes for securing safe and healthy workplaces.[Footnote
56] This existing case management system provides OSHA program
managers with critical mission information, including accident
summaries, injury inspection data, and workplace health assessments.
However, the system's technology is outdated and Labor lacks
comprehensive system performance measures. OSHA's program manager
stated that the agency is in the process of replacing part of this
system and intends to develop and track more specific performance
measures[Footnote 57] when the new system[Footnote 58] is deployed to
more effectively support mission needs and business results.
Processes and activities measurements. Processes and activities are
the basic functions that the IT investment is intended to perform.
However, comprehensive processes and activities measures had not been
established for the four systems. For example, while WHD's
investigative system (1) provides support for managing and reporting
on business' compliance with labor laws, including the minimum wage,
overtime, and child labor provisions; and (2) enables investigators,
managers, and assistants to process complaints; assign, manage, and
investigate cases; assist with outreach; and record and monitor
investigator time, a WHD official acknowledged a need for more
comprehensive performance measures. WHD has defined certain measures
for this investigative system (to support the tracking of cases), but
it had not developed comprehensive performance measures for several
other intended functions, such as processing complaints, assigning and
investigating cases, and managing case findings and case outcomes.
Customer results. To be effective, IT investments need to support the
customer. However, for the four systems, Labor did not comprehensively
address all five categories of measurement within the customer results
area as defined by OMB.[Footnote 59] For example, while ETA had
developed measures corresponding to one category--service coverage--
the agency had not developed measures for customer benefit, timeliness
and responsiveness, service quality, and service availability. ETA's
system provides the federal project officers' information regarding
preaward, award, and closeout of grants, and integrates separate
systems that are used to track the grants process. According to the
Chief of the Division of Application Systems, the grant management
process system has more than 100,000 active system users distributed
nationwide and, as such, customer performance measures are important.
The official acknowledged that the agency does not have comprehensive
customer results performance measurements and that, given the
magnitude of the system, such measures would be useful. The official
added that the agency does have a dedicated technical support staff
that provides system users the opportunity to give feedback on system
speed, accessibility, and availability.
Technology. OMB defines six measurement categories that are intended
to capture key elements of performance that directly relate to an IT
initiative.[Footnote 60] We found that, for the four systems, measures
within this category were not comprehensively developed. For example,
OCFO defined two performance measures for NCFMS--(1) reliability and
availability and (2) quality assurance--but had not developed measures
for the remaining four categories: technology costs, efficiency,
information and data, and effectiveness.
Labor's Chief Enterprise Architect, responsible for providing
agencies' guidance on performance measures, told us that the
department requires IT performance measures that describe how systems
will improve mission performance. The official stated that OCIO has
developed and implemented an outreach program to advise program
agencies on how to develop specific quality measures that link
systems' performance to mission outcomes. However, the department
relies on the program agencies to establish these measures and ensure
they are related to the systems' intended goals. The Chief Enterprise
Architect acknowledged that measures were not comprehensive and added
that establishing effective performance measures require frequent data
collection using survey instruments and identification of specific,
measurable, achievable, realistic, and time-based measures. Labor's
Deputy CIO also stated that the agencies' measures were not
comprehensive and that the department could provide better oversight
to the agencies to ensure more relevant and comprehensive measures are
formulated, but that doing so is a challenge. According to the Deputy
CIO, IT staff at the agencies are responsible for developing IT
performance measures specific to the system, such as assessing the
time that systems are available for data processing, and the business
units should also develop measures that determine how well the systems
are supporting mission needs. Given the magnitude of Labor's IT
systems and the diversity of users, defining comprehensive performance
measures that reflect business managers and IT representatives'
perspectives is important. A BLS financial manager stated that, for
NCFMS, the department tracked errors but did not (1) determine how the
system affected business unit productivity or (2) link measures to
financial management performance. If the department does not require
comprehensive measures to be developed for all systems, it will lack
the ability to determine whether systems are achieving business
outcomes and improving mission performance. Additionally, if program
agencies do not measure actual-versus-expected performance results for
their IT systems, Labor will lack the information it needs to
determine whether it is targeting appropriate resources to improve
overall mission goals.
Labor Has Established an Investment Management Process, but Has Not
Always Fully Evaluated the Development and Implementation of IT
Investments:
If managed effectively, IT investments can have a positive impact on
an agency's performance and accountability. A central tenet of the
federal approach to IT investment management is the capital planning
and investment control (CPIC) process, which includes three phases:
select, control, and evaluate (see figure 2).[Footnote 61] Labor has
established an investment management process that includes a CPIC
approach to managing its IT investments. However, we identified
instances where Labor had not followed selected aspects of the select
and control phases of this approach to monitor the development and
implementation of a major IT investment--NCFMS. It also had not
performed post-implementation reviews of its IT projects as required
in the evaluate phase, limiting the department's ability to maximize
the expected benefits of IT investments and increasing the risk of not
effectively supporting mission needs.
Labor Did Not Adhere to Certain Aspects of its Select and Control
Guidelines:
For the select phase, Labor has established a process to screen and
score proposed IT investments, consistent with best practices.
[Footnote 62] As part of its selection methodology, Labor evaluates an
investment proposal by determining if the project supports the
department's mission. This includes checking to ensure proper
stakeholder identification and involvement was performed as part of
the initial requirements development. It also assesses whether the
investment needs to be undertaken by Labor or whether some other
source can better support the need. In addition, it reviews the
potential for sharing information across the department to avoid
redundancy in systems.
During the control phase, the organization should ensure that, as
projects develop and investment expenditures continue, the project
continues to meet mission needs at the expected levels of cost and
risk. If the project is not meeting expectations or if problems have
arisen, steps should be taken to address the deficiencies. Labor has
established processes to assess projects during the control phase.
These processes, for example, include system testing to provide a
reasonable assurance that the IT investment will perform as expected.
The department also has processes to (1) track cost and schedule
variances and (2) review systems' compliance with architecture,
security, cost benefit analysis, and risk management requirements.
These processes are consistent with best practices.
Nonetheless, we found that Labor had not adhered to certain aspects of
its select and control guidelines for a departmentwide investment--
NCFMS--deployed in January 2010.[Footnote 63] Effective system
development requires (1) adequate stakeholder representation to
support thorough systems requirements and (2) sufficient testing prior
to deployment.[Footnote 64] During the select phase, Labor's OCFO
officials did not obtain adequate stakeholder input prior to the
development and implementation of NCFMS. As we have noted earlier in
this report, stakeholders should be involved in helping to develop the
requirements for the system to help define what functions the system
needs to perform.[Footnote 65] The systems development teams should
perform an analysis of these requirements and the OCIO, as part of the
final CPIC select phase, should review the analysis. However, Labor IT
personnel and system users from six program agencies and four regional
offices told us that users were not adequately involved in developing
NCFMS requirements prior to system deployment. According to a BLS
program manager, only two individuals representing business units were
involved in the initial NCFMS team; all other representatives were
from OCFO. While the Associate Deputy Chief Financial Officer for
Financial Systems and an official from OCIO stated that the department
reached out to the program agencies, many agencies decided not to
engage.
In the department's comments on this report, Labor officials stated
that the department consulted agency representatives prior to NCFMS'
deployment and that many of the system's issues were attributed to
relearning basic processes, rather than to lack of stakeholder
involvement. The officials stated that the financial system changed
the business practice and impacted every financial activity performed
in the department. Labor officials also stated that NCFMS requirements
were based on the Financial Systems Integration Office (FSIO) and were
the result of common requirements developed by experts from throughout
the federal government. While we agree that relearning basic processes
can be challenging for users, it does not account for the range of
system problems experienced nor the volume or types of engineering
changes required after NCFMS implementation. Further, while FSIO
requirements provide the functional capabilities, these do not address
accounting policy or procedures. As such, adequate stakeholder
involvement is essential to implement these functional requirements,
configure the system to meet its needs, and adequately test the
software to ensure that the system has properly implemented the FSIO
requirements.[Footnote 66]
Labor also did not comprehensively test NCFMS prior to its deployment.
This step, which is generally part of the control phase, is intended
to help demonstrate through testing that the system can function in
its target environment and to provide reasonable assurances that new
or modified systems process information correctly.[Footnote 67]
Effective testing requires organizations to plan and conduct testing
activities in a structured and disciplined fashion. This includes
different levels of testing, such as system and user acceptance
testing.[Footnote 68] Our examination of the test steps for one
script--procure to pay[Footnote 69]--revealed characteristics of an
undisciplined testing process.[Footnote 70] As a result, Labor's
testing efforts did not accomplish a key objective--to obtain
reasonable assurance that NCFMS would perform as expected.
Specifically, system testing prior to deployment was inadequate in
three areas:
* Quality. The scripts[Footnote 71] used to conduct the testing for
this process did not include expected results to measure against,
which would allow errors to be readily identified and corrected.
Instead, Labor personnel involved in testing the system had to rely on
their own knowledge in evaluating whether the test results were
accurate. As we have noted, relying on testers to assess system
quality without identifying expected results is inadequate because it
is difficult for the testers to remember all the items needed for
evaluating whether the system is operating as expected.[Footnote 72]
In addition, Labor did not set adequate boundary conditions for
testing.[Footnote 73] For example, one test was to determine whether
the system would reject more than 100 items, as intended. To
adequately test this, the department should have determined whether
the system would accept a quantity just below 100 items, such as 99,
yet reject a quantity of 101. We found that the department did not
test these quantities and, as a result, did not have reasonable
assurance that the system would accurately detect and reject
quantities beyond established limits.[Footnote 74]
* Documentation. Adequate documentation of tests performed helps
obtain reasonable assurance that the tests produce expected results,
however, Labor did not adequately document test results. For the 26
steps of the procure to pay script that we reviewed, Labor could not
provide adequate documentation for 17 steps.[Footnote 75] Test
documentation provided did not document whether the testing had
identified any defects. While Labor officials stated that errors had
been identified and corrected, the test documentation did not identify
errors or the testing performed to ensure that the defects had been
corrected. As a result, Labor was limited in its ability to understand
whether the testing process was effectively implemented and produced
expected results.
* Scope. Labor did not test certain aspects of the standardized
payment processing functions applicable to systems used by federal
agencies.[Footnote 76] For example, rules such as rejecting the
delivery of goods at locations other than the appropriate receiving
site, rejecting invoices, and properly processing a payment were not
tested.
In commenting on these findings, Labor noted that the OCIO engaged an
independent verification and validation contractor with specific
knowledge of the financial system and that the contractor verified the
system testing and performed its own independent testing of each
system segment. Nonetheless, as discussed above, our review of the
documentation provided by the department to support its testing
activities indicated that these processes had not been effectively
implemented. We found that disciplined testing activities had not
taken place and, as a result of these weaknesses, Labor's testing
efforts did not provide reasonable assurance that the system would
perform as expected.
Before NCFMS' deployment, Labor's OIG also identified inadequate
system testing, a lack of user acceptance testing and related
documentation, and a lack of end-to-end testing.[Footnote 77] The OIG
reported that:
* not all real-time interface requirements were appropriately tested
during the user acceptance test phase,[Footnote 78]
* evidence could not be obtained to determine if failed system test
cases were corrected and retested, and:
* a completeness and accuracy validation was not performed between
real-time interfaces and NCFMS.[Footnote 79]
According to the OIG report, Labor conducted data interface and system
testing of the NCFMS system just prior to departmentwide
implementation. Consequently, Labor may not have allowed sufficient
time for its personnel to assess the test results and correct errors.
Labor's systems development guidance requires that user acceptance
tests be planned and implemented. However, the NCFMS program manager
acknowledged that to meet project implementation milestones, Labor had
not appropriately performed user acceptance testing and had not
adequately documented the testing that was performed. Inadequate
testing coupled with the premature implementation of NCFMS contributed
to the department being unable to perform basic accounting functions
once the system was implemented. Officials at four regional offices
and five program agencies told us that in NCFMS' first year of
deployment, the system was cumbersome, time consuming, and caused
inefficiencies in basic daily operations.
Further, according to the OIG's December 7, 2010, testimony,
inadequate testing, among other issues, caused the department to issue
a disclaimer of an opinion on its fiscal year 2010 financial
statements.[Footnote 80] Until Labor develops an effective selection
and control process that ensures key stakeholders are involved and
adequate requirements analysis and testing has been performed, it
risks investing in projects that do not effectively meet mission needs.
Labor Has Not Performed Post-implementation Reviews:
In addition to not following certain aspects of the CPIC process for
the select and control phase, Labor has not conducted post-
implementation reviews of its IT projects as part of its project
evaluations. Post-implementation reviews are conducted during the
evaluate phase and actual-versus-expected results are compared after
an agency fully implements a project. This step is done to (1) assess
the project's impact on mission performance, (2) identify any changes
or modifications to the project that may be needed, and (3) revise the
investment management process based on lessons learned. Post-
implementation reviews are used to evaluate whether the estimated
return on investment was actually achieved and to identify how
effectively the system has supported stakeholders and met baseline
goals in terms of cost, schedule, and performance. OMB and Labor
require such reviews in order to assess what the agency achieved with
the investment. According to Labor's system development guidelines, a
post-implementation review should be performed within 6-9 months of
deployment to assess the system's performance and ability to meet
expected benefits.[Footnote 81] The CPIC program manager said that the
department has not performed post-implementation reviews of its
systems because it has devoted resources to the select and control
CPIC processes and, that, until recently Labor did not have the
structured guidance available to conduct these reviews. The program
manager added that the department is in the process of developing post-
implementation review guidance and plans to conduct reviews on
investments in the future. Without such reviews, Labor may not be able
to revise its investment management process on the basis of lessons
learned or identify opportunities to improve system performance.
Labor Has Implemented a Security Program but Information Security
Risks Remain:
Labor has established an information security program and policies
that address the key requirements of FISMA, but the department faces
weaknesses in several areas, such as not fully complying with select
security requirements and ensuring appropriate user access.
Specifically, Labor has taken the following steps to establish its
information security program:
* periodically assessed the risk and magnitude of harm that could
result from unauthorized access, use, disclosure, disruption,
modification, or destruction of information or systems;
* developed risk-based policies and procedures that cost-effectively
reduce information security risks;
* developed plans for providing adequate information security for
networks, facilities, and systems;
* provided security awareness training for agency personnel and
contractors;
* performed periodic testing and evaluation of the effectiveness of
information security policies, procedures, and practices, performed
with a frequency based on risk level, but not less than annually;
* implemented a process for planning, implementing, evaluating, and
documenting remedial actions to address any deficiencies identified in
the agency's information security policies, procedures, and practices;
* developed procedures for detecting, reporting, and responding to
security incidents; and:
* developed plans and procedures to ensure the continuity of
operations for information systems that support the operations and
assets of the agency.
Nonetheless, Labor faces several security risks. For example, it is
challenged with updating its IT operations in accordance with current
NIST requirements and ensuring appropriate user access. Until Labor
strengthens its controls over these security weaknesses, its systems
and the information they store are at increased risk of security
breaches.
Labor Has Not Fully Implemented Current Security Requirements:
Labor is not fully meeting current security requirements for IT
operations as defined in NIST Special Publication 800-53, guidelines
that apply to all components of an information system that processes,
stores, or transmits federal information.[Footnote 82] These
guidelines set forth security controls that are intended to prevent
unauthorized access and detect any inappropriate modifications of
data. This is essential to protect and safeguard information processed
in systems. Federal agencies are required to follow NIST special
publications and implement the requirements within one year.[Footnote
83] However, Labor's Chief Information Security Officer stated that as
of November 3, 2010, not all program agencies were fully in compliance
with NIST 800-53 revision 2, which was to be implemented by December
2008. Further, Labor has not fully implemented the most recent
requirement, NIST 800-53 revision 3, which was to be implemented by
August 2010. According to NIST documentation, NIST 800-53 revision 3
controls are a significant improvement over revision 2 and earlier
versions, because when implemented they will, among other things,
provide for organizationwide and continuous security risk assessments
instead of periodic, isolated system reviews as provided for in
earlier versions.[Footnote 84] The Chief Information Security Officer
stated, early in 2010, that Labor planned to have all agencies
compliant with revision 3 by the end of fiscal year 2011. In
subsequent comments on a draft of this report, Labor officials stated
that the department plans to have agencies compliant with revision 3
by December 2011, and noted that this revised implementation schedule
was supported by a risk-based analysis of both revisions 2 and 3 and a
determination that the risks associated with delayed implementation of
the new controls were low to moderate. Labor officials further noted
that the controls that were not fully compliant have been documented
and the department has developed plans for corrective actions. We are
encouraged by the department's assertions to take action; however, the
current plans to fully implement revision 3 are about one and a half
years behind schedule. Until the department fully implements the
revised controls, Labor will continue to face potential security risks.
Further, under FISMA, agencies are required to classify their systems
according to three risk levels--low, moderate, and high. The risk
classification serves as a basis for determining the level of security
applied to the system to ensure that information resources are
adequately protected. Risk classifications are based on the
confidentiality, integrity, and availability of the information. Labor
has classified all of its 72 operational systems at the moderate risk
level since fiscal year 2008, but according to the Deputy CIO and
Chief Information Security Officer, the department was re-evaluating
these systems' risk levels. The Chief Information Security Officer
stated that given the significance of NCFMS on the department's
financial activities, this system may not be appropriately assessed at
a moderate risk level. Further, this official also noted two other
systems that may be misclassified. According to the Deputy CIO, the
systems' risk levels may be misclassified because the systems have
matured and evolved over time. As such, in November 2010, Labor
officials said that they intended to re-evaluate the risk
classification of agency systems. In January 2011, Labor's Chief
Information Security Officer stated that the department had,
consistent with FISMA requirements, conducted its annual review of
systems' classifications.[Footnote 85] This official stated that the
department re-evaluated the systems and determined that all 72
operational IT systems will continue to be assessed at the moderate
risk level. Nonetheless, while the department stated that it has
completed its annual evaluation of system risks and indicated that it
is focusing on risk-based analyses in prioritizing security controls,
we remain concerned that there are substantive issues with IT controls
and the condition of information security at the department. As part
of our work in our high-risk reporting, Labor has been downgraded from
a significant deficiency in department financial controls in 2009 to a
material weakness in 2010 based on vulnerabilities with overall
security management and access controls. The department is 1 of 8
organizations (out of 24 total) designated with material IT security
weaknesses in its financial and information systems.[Footnote 86]
Labor Has Not Completely Implemented Effective Controls to Ensure
Appropriate User Access:
Labor has not always limited systems access to appropriate personnel.
In particular, Labor guidance states that employee system access
should be terminated at the time an employee separates from the
department. However, headquarters and regional personnel we
interviewed said that inappropriate access by former employees had
been an issue in their respective regions. In addition, the OIG
reported in November 2010 that Labor had recurring access issues and
vulnerabilities associated with user access privileges to information
systems.[Footnote 87] For example, the OIG found that:
* five of seven information systems tested did not have processes or
procedures in place for conducting periodic reviews to ensure that
user system access privileges were still appropriate and necessary,
creating the risk of unauthorized individuals having access to view,
update, or delete data in the information system, and:
* four of seven information systems tested contained active user
accounts for employees that had separated from the department.
Specifically, former employees accessed their user accounts in three
of the four information systems subsequent to separation.
Labor officials said that inappropriate access to systems occurred
because systems personnel were not notified of an employee's
separation. Labor's policy states that a human resources manager is to
initiate and terminate access to all systems and facilities for
federal and contractor personnel upon their entry and prior to their
exit from the department. The Deputy CIO acknowledged that such
inappropriate access had occurred, however, he said that the
department was taking corrective action to prevent inappropriate
access in the future by incorporating this requirement into its new
human resources management system. Further, Labor stated in its
response to the IG report that it is taking aggressive steps to
strengthen IT security and noted increased emphasis on prioritizing IT
security issues.
Labor Has Established Policies for Grants Accountability, but
Weaknesses Exist in Documentation and Monitoring:
Our review of one of Labor's top management challenges--the
discretionary grant management process--showed that although ETA had
designed overall policies intended to provide accountability over its
discretionary grants award and monitoring processes, it did not have
sufficient procedures and guidance to help ensure that award and
monitoring internal control activities are conducted and properly
documented and that the results of single audits are fully integrated
with monitoring activities. In its Fiscal Year 2009 Performance and
Accountability Report,[Footnote 88] Labor acknowledged that the large
increase in grant funding provided by the enactment of the Recovery
Act[Footnote 89] exacerbated the challenge facing the department in
the grants area with respect to ensuring that grant funds are
appropriately spent on activities that will yield the desired training
and employment outcomes.
Specifically, our review of ETA's grant management process showed that
ETA did not always have sufficient quality assurance procedures and
comprehensive guidance with respect to (1) maintaining and retaining
discretionary competitive grant award documentation, (2) properly and
consistently conducting and documenting federal project officer (FPO)
monitoring activities, and (3) fully integrating the results of single
audits in its discretionary grantee monitoring activities. From our
review of 30 grant files, we identified instances[Footnote 90] in
which these design deficiencies resulted in ETA's inability to locate
essential documentation needed to verify that key discretionary award
processes were performed and instances where evidence supporting key
monitoring activities were not consistently retained in a central
location to facilitate management oversight.
Weaknesses in ETA's Procedures for Retaining Documentation for
Competitive Discretionary Grant Awards:
While ETA's discretionary grant management procedures provide guidance
on key control activities intended to help provide assurance that
grants are appropriately justified and awarded, these procedures did
not specify where and how long to retain documentation of grant award
reviews and results.[Footnote 91] According to ETA's Grant Management
Desk Reference Guide, the award process for discretionary competitive
grants requires the preparation of documentation such as conflict of
interest and nondisclosure statements signed by the members of the
review panel, and a scoring and written report of the panel's
evaluation of grantee's response to the solicitation of grant awards.
In addition, the Employment and Training Order No. 1-08 requires a
preaward clearance to be performed and documented for prospective
grantees, which is performed by Labor's Office of Special Programs and
Emergency Preparedness.[Footnote 92] However, we found that ETA did
not have guidance with respect to where these required documents were
to be centrally filed and how long they are to be retained to
facilitate management oversight. Inadequate documentation of these key
award activities increases the risk that ETA may not have support to
show that grantees selected were the best for meeting the government's
requirement or that in conducting award activities, its members were
free of any conflicts that would hinder their ability to perform fair
and objective assessments of discretionary grant applicants. For
example, our review found instances related to competitive grants
[Footnote 93] in which agency staff could not locate key discretionary
grant award documentation including:
* seven grant files that did not include conflict of interest and
nondisclosure statements signed by the members of the preaward review
panel,
* five grant files that did not include the review panel's preaward
scoring and related written reports, and:
* nine grant files that did not include results of preaward clearance,
such as results of investigations, audit resolution, and other matters.
Of the ten competitive grant files we reviewed, some files were
missing multiple documents. For five grants, the files did not contain
any of the key discretionary grant award documentation--a conflict of
interest nondisclosure statement, review panel's preaward scoring, and
related written reports and results of preaward clearance.
Our Standards for Internal Control in the Federal Government provides
that internal control and all transactions and other significant
events should be clearly documented and readily available for
examination.[Footnote 94] The standards also provide that records
should be properly managed and maintained, and documentation should
appear in management directives, administrative polices, or operating
manuals. According to ETA officials, as of December 2010, the agency
was in the process of developing standard operating procedures to
address centralizing the location and retention of award documents.
Weakness in Properly and Consistently Conducting and Documenting ETA's
Quality Assurance Monitoring Activities:
While ETA's grant management procedures require performing and
documenting the results of its monitoring activities, they did not
specify quality assurance steps, such as supervisory reviews,
necessary to ensure that required grant monitoring activities are
consistently and properly conducted and documented. To monitor
grantees' compliance with administrative, financial, and performance
regulations, ETA's guidance requires FPOs to perform a combination of
office-based reviews referred to as "desk reviews" and, for new and
"at-risk" grantees, conduct on-site visits at grantees' locations.
Through desk reviews, FPOs are to analyze grantees' program and
financial reports, as well as any other related information available
to identify current risk areas and problems related to grantee
performance, noncompliance with federal requirements, or mismanagement
of funds. FPOs are to conduct on-site visits at the grantee's work
site to observe and review work being done under the provision of the
grant.
FPOs begin the grant monitoring process by performing an initial risk
assessment of the grantee using ETA's Grants Electronic Management
System (GEMS).[Footnote 95] The initial risk assessment consists of
the FPOs answering a series of standard questions about the grantee in
GEMS to determine the risk level. The result of this initial risk
assessment is then used to determine the type of monitoring activities
that an FPO will perform on the grantee. For example, monitoring
activities for new grantees and those rated "at-risk" grantees will
require an on-site visit, while low-or medium-risk grantees will be
monitored at the office through desk reviews. Throughout this process,
FPOs in the regional offices are required to document the results of
these activities in GEMS, such as documenting deficiencies observed
and areas of concern relating to the administration and performance of
each grant. According to key ETA officials, GEMS is also intended to
be the central repository for data on grant monitoring activities to
provide information on all grantees that can be shared agencywide.
ETA's Grant Management Desk Reference Guide provides that GEMS grant
monitoring records are considered an integral part of the official
grant file.
However, ETA's procedures did not specify quality assurance steps
necessary to help assure that required FPOs' monitoring procedures
were properly and consistently carried out and documented in GEMS.
Such quality assurance procedures should be the responsibility of an
ETA organizational component with an FPO quality assurance role, such
as ETA's regional management. Without quality assurance procedures,
such as supervisory reviews, to ensure that complete and consistent
monitoring is conducted and data results are recorded in GEMS, ETA is
hampered in its ability to effectively and efficiently account for its
discretionary grants. For example, as summarized in the following
bullets, our review found instances in which (1) risk assessments were
not documented or were changed without proper justification, (2) desk
reviews of financial and performance information were not documented,
(3) on-site monitoring activities were not recorded, and (4) final
desk reviews were not documented.[Footnote 96]
* Risk assessment. We found one grant where the initial risk
assessment calculated in GEMS was overridden by the FPOs without
explanation. In addition, we found seven grants where the quarterly
risk assessment changed from one quarter to another without
explanations for the change.[Footnote 97] GEMS data entry forms
provide a comment box where narrative information regarding the
results of the risk assessments can be entered; however, we found that
it was not consistently used by the FPOs.[Footnote 98] The grant risk
assessment determines the extent of subsequent monitoring activities
such as site visits, and the lack of narrative to address the
overriding of the initial risk assessments prevents management from
understanding the rationale used to change the risk levels. Therefore,
unexplained risk level changes may place the agency at risk of not
performing the required level of monitoring for its grants.
* Quarterly desk reviews. We found three grants where desk reviews
were not documented for specific quarters during the life of the
grant. Desk reviews conducted by the FPOs assess information provided
by the grantee such as financial reports, statements of work, program
narratives and performance reports, and budget information. The
results of quarterly desk reviews may also change the risk level of a
grantee and affect monitoring strategies. ETA's guidance requires the
performance of desk reviews every quarter while the grant is active.
Without clear documentation on the results of quarterly desk reviews,
the agency cannot determine whether the grantee has complied with
legal requirements of the grant agreement. Further, the failure to
perform quarterly desk reviews could result in ETA's inability to
identify issues of nonconformance that would require corrective
actions by the grantee or issues that require an on-site visit.
* On-site reports. We found 19 grants where the grantees were either
new or deemed as "at-risk" and required on-site visits to be performed
by the FPOs. Of these 19 grants, we found four instances where on-site
reports were not uploaded into GEMS and three instances where the FPOs
did not separately enter the findings from the on-site visits. ETA's
guidance requires FPOs to upload a copy of a report summarizing the
results of the on-site visit in GEMS. Additionally, this guidance
requires the FPOs to enter separately all findings from the on-site
visits into GEMS. Site visits provide FPOs a unique opportunity to
have a close inspection into the grantee's use of federal funds and
document whether the project is proceeding according to the grant's
requirements or whether action must be taken to resolve identified
issues. Also, on-site visits allow FPOs to identify issues, which they
normally would not identify while performing a desk review. For
example, as a result of on-site visits, FPOs have identified instances
where fiscal agents were writing and depositing checks to themselves
and timesheets were incomplete. In other instances, FPOs found that
grantees did not have adequate internal controls to protect government
assets, invoices were not approved, and reporting activities lacked
supporting information. The absence of on-site monitoring data in GEMS
limits the information readily available to share with other staff,
supervisors, and program managers about issues that may require
immediate attention.
* Final desk review. We found three closed grants and one active grant
where a final desk review had not been documented in GEMS. In
addition, we found that for eight grants, the required final review
narrative was not included. ETA's guidance requires FPOs to make a
final desk review and also include a narrative on the results in GEMS.
The final desk review provides a documented assessment of the
performance of the grantee during the period of performance and
provides important information for future solicitations in which prior
performance is a criterion. Without timely and adequate documentation
of the grantee's performance assessment, supervisors and program
managers are not able to fully assess the grantee's overall
performance and could place future discretionary funding at risk.
Standards for Internal Control in the Federal Government requires that
entities are to provide continuous supervision to provide reasonable
assurance that internal control objectives are achieved. In addition,
the standards provide that transactions should be promptly recorded to
maintain their relevance and value to management in controlling
operations and making decisions. Moreover, ETA management will not be
able to effectively obtain and share complete and consistent
information on the results of grantees' overall performance, including
the grantees compliance with legal requirements of the grant agreement.
Weaknesses in Fully Integrating Single Audit Results into
Discretionary Grant Monitoring:
The results of Single Audits provide important information for the
oversight and monitoring of discretionary grant recipients' use of
federal awards. Our review of ETA's Single Audit process showed that
while ETA has implemented a resolution process, it has not established
procedures for using the results of Single Audits in FPOs' monitoring
activities documented in GEMS.[Footnote 99] ETA officials stated that
the Single Audit findings and information on their resolution process
may not always be shared with the FPOs in charge of monitoring the
grantees. While Labor has procedures for resolving Single Audit
findings, its procedures did not require that Single Audit results be
consistently submitted to the FPOs and considered as part of their
discretionary grant monitoring procedures. Specifically, Labor has a
centralized process in place to resolve audit findings reported in
Single Audits through coordination with the regional offices and
Labor's OIG. Further, ETA requires FPOs, as part of the Core
Monitoring Guide, to ask their grantees during on-site visits whether
a Single Audit has been performed and if so, to obtain a copy.
However, the Guide does not require FPOs to use the information from
the Single Audits when conducting risk assessments or to document any
relevant findings in GEMS. According to ETA officials, FPOs may be
aware of the Single Audit findings for their grantees if during the
resolution process the FPOs are consulted to obtain information or
documents to support the corrective action plans prepared by the
grantee. Not requiring such information to be obtained and retained in
GEMS may hinder the FPOs' ability to effectively assess risks related
to a grantees' performance. For example, we identified five grantees
with Single Audits for which the grant files in GEMS did not contain
any documentation that the results of the Single Audit findings were
entered in GEMS. Standards for Internal Control in the Federal
Government provides that agency officials, program managers, and
others responsible for managing and controlling program operations
should receive relevant, reliable, and timely information to make
operating decisions, monitor performance, and allocate resources.
Because Single Audit results could help identify problems with
grantees financial management and program operations, it is important
for the FPOs to have results of Single Audits when performing risk
assessments of grantees to determine the level of monitoring
activities that FPOs will perform on the grantees.
Conclusions:
Labor has made strides over the last decade in establishing a
departmentwide framework for managing its information technology and
developing an internal control structure for monitoring its financial
resources. However, opportunities remain for Labor to improve their
management of these areas.
While the department has taken steps to ensure mission unit
representation in selected IT investments, its IT governance structure
continues to lack necessary input from business units to ensure that
projects meet mission needs, and performance measures do not always
reflect actual productivity and benefits of systems. The department
also does not consistently apply elements for adequately evaluating
its IT investments, such as implementing best practices for project
selection and oversight and performing post-implementation reviews.
Until Labor develops an effective selection and control process that
ensures key stakeholders are involved and adequate requirements
analysis is performed, it risks investing in projects that do not
effectively meet the department or its program agencies' mission
needs. In this regard, Labor can apply lessons learned from its
implementation of NFCMS. If Labor does not consistently implement its
IT investment guidelines and adequately test systems prior to
deployment, it may run the risk of deploying systems that do not
support users and operate less effectively, potentially wasting
limited resources. In addition, risks remain in Labor's implementation
of its information security program. These include not keeping current
with security requirements and implementing adequate access controls.
As a result, Labor has increased vulnerability to security threats,
such as destruction of and inappropriate access to systems and
databases.
Labor should also take steps to strengthen its grant management
processes. Specifically, ETA's ability to adequately assess the
results of its monitoring activities for billions in discretionary
grant funds is diminished, in part, due to its staff not collecting
and maintaining all needed documentation for performing key monitoring
activities. By strengthening its policies and procedures for the
documentation and maintenance of information, ETA would be better
positioned to determine whether its grantees are using federal dollars
as intended.
Recommendations for Executive Action:
To further strengthen Labor's IT planning and oversight process and
financial management, we recommend that the Secretary of Labor direct
the Chief Information Officer to:
* ensure that the department-level investment review boards and
governance structure incorporate business unit (i.e., mission)
representation to effectively define business system requirements;
* ensure that program agencies implement Labor's guidance to develop
comprehensive performance measures for their respective systems in
order to provide reasonable assurance that new systems will provide
expected functionality and benefits;
* further refine Labor's IT investment management oversight process in
the select and control phases to apply lessons learned from its
implementation of NCFMS to ensure adequate stakeholder involvement and
comprehensive testing is performed throughout the systems development
process;
* conduct post-implementation reviews, where appropriate, to determine
if the investments are meeting stakeholder needs and realizing
expected benefits; and:
* ensure systems fully comply with NIST 800-53 revision 3 guidance
and, if not, take appropriate steps to meet these requirements.
We also recommend that the Secretary of Labor direct the Assistant
Secretary of the Employment and Training Administration to:
* establish procedures for retaining grant award-related
documentation, including location and retention period;
* establish quality assurance procedures, such as supervisory reviews,
to ensure that grant monitoring activities are performed and
documented in GEMS. Procedures should identify how the review is to be
conducted, the regional-level official responsible for reviewing grant
documentation in GEMS, and the frequency of the reviews, and:
* establish procedures addressing the communication and incorporation
of Single Audit findings and related corrective actions as part of the
ETA's grantee's monitoring activities to be documented in GEMS.
Agency Comments and Our Evaluations:
We obtained written comments on a draft of this report from Labor's
Assistant Secretary for Administration and Management, which are
reproduced in appendix IV. Labor also provided technical comments that
we incorporated in the report as appropriate.
Labor generally agreed with our findings. In response to our five
recommendations to further strengthen the department's IT planning and
oversight process, Labor stated, in general, the portrayals of their
information management controls are substantiated. However, Labor
raised concerns about how we presented the IT security references. For
example, Labor stated that the report implies that program agencies
did not place priority on implementing current security requirements
and that this is not completely accurate. In response to Labor's
comments, we revised the wording of the fifth recommendation to
highlight the need to fully implement current security requirements.
Labor provided additional clarifying information in its technical
comments regarding its information technology controls, and we
incorporated this information as appropriate.
With respect to discretionary grant management, ETA agreed with our
recommendation to establish procedures for retaining competitive grant
award documentation. However, in response to our recommendation to
establish quality assurance procedures--such as supervisory reviews--
to ensure that grant monitoring activities are performed and
documented in GEMS, ETA stated that the recommendation suggests that
such steps are not in place and that this is not the case. ETA added
that they have a broad range of grants management and monitoring
practices and procedures in place to ensure effective grants
management review. For example, ETA discussed having performance
agreements established for regional administrators, managers, and
FPOs, which include standards that address grant monitoring and other
grant management responsibilities. However, as evidenced by our
findings, these standards and procedures do not specify steps
necessary to assure that required FPOs' monitoring procedures are
properly and consistently documented in GEMS. As ETA transitions from
a largely paper-based federal grant management system to electronic
filing using GEMS, it is important that its main monitoring
documentation storage system be consistently updated and reviewed to
reflect the current status and results of its grant monitoring
activities. By doing so, management will have one central repository,
where they can effectively obtain and share complete and consistent
information on the results of grantees' overall performance, including
the grantees' compliance with legal requirements of the grant
agreement. In response to Labor's comments, we revised the wording of
the recommendation to make more clear that the focus is on specifying
the steps needed to ensure that grant monitoring activities are
performed and documented in GEMS.
In response to our recommendation to establish procedures to document
Single Audit results in GEMS, ETA stated that it recognizes the
importance of various Labor offices and staff in communicating and
incorporating Single Audit findings and will continue to further
strengthen this critical monitoring process. ETA noted that its Core
Monitoring Guide already requires reviewers to ascertain the status of
the Single Audit and any open issue as part of their on-site review.
However, as our report indicates, there is no requirement that the
results of the Single Audit be documented in GEMS. Not requiring such
information to be retained in GEMS may hinder the reviewer's ability
to effectively assess risks related to a grantee's performance.
Because Single Audit results could help identify problems with
grantees' financial management and program operations, it is important
for the reviewers to have these results readily available when
performing risk assessments of grantees to help determine the level of
monitoring activities that they will perform on the grantees.
We are sending copies of this report to the Secretary of Labor, the
Office of Management and Budget, and other interested parties. We will
also make copies available to others on request. In addition, the
report will be available at no charge on the GAO Web site at
[hyperlink, http://www.gao.gov].
Please contact me at (202) 512-7215 or sherrilla@gao.gov if you or
your staff have any questions concerning this report. Contact points
for our Offices of Congressional Relations and Public Affairs may be
found on the last page of this report. Key contributors to this report
are listed in appendix V.
Sincerely yours,
Andrew Sherrill:
Director, Education, Workforce and Income Security Issues:
[End of section]
Appendix I: Scope and Methodology:
To identify the steps that the Department of Labor (Labor) had taken
to strategically manage and plan for its current and future workforce
needs, we reviewed our previous work on strategic human capital
management and our prior work on the department's management
challenges. We also reviewed Labor's planning documents, such as
strategic, human capital, and succession plans, and Labor's annual
report to the Office of Personnel Management (OPM). Moreover, we
reviewed our reports and OPM's reports on human capital to identify
criteria for Labor's workforce and succession planning efforts.
[Footnote 100] On the basis of this information, we assessed Labor's
planning documents, such as the human capital strategic plan and
succession plan, and human capital management practices against our
key workforce planning principles and OPM's Human Capital Assessment
and Accountability Framework for federal agencies to determine if any
areas were in need of improvement.
We also obtained and reviewed workforce planning documents and data
for Labor departmentwide and selected program agencies and compared it
to our key workforce planning principles and OPM's human capital
framework. In addition, we selected three of Labor's program agencies--
Employee Benefits Security Administration (EBSA), Occupational Safety
and Health Administration (OSHA), and Employment and Training
Administration (ETA)--and reviewed their strategic workforce planning
efforts in more detail. We selected these agencies based on the
following criteria:
* their differing organizational structure within Labor;
* their overall fiscal year 2010 budget and full-time equivalent (FTE)
levels; and:
* their authorization to each hire more than 150 additional staff in
fiscal year 2010.
At each of these program agencies, we reviewed workforce planning
documents and data from the national and regional offices, and
interviewed officials responsible for strategic workforce planning,
recruitment, hiring, and succession planning.
To determine Labor's workforce trends, Labor's human capital office
identified the department's mission-critical occupations. We then
analyzed data from OPM's Central Personnel Data File (CPDF) on Labor's
program agencies' from fiscal years 2005 to 2009. To assess the
reliability of CPDF, we reviewed our prior data reliability work on
CPDF data and updated information about the data.[Footnote 101] We
determined that the data were sufficiently reliable to provide
information on Labor's recent workforce trends. While we concluded
that the CPDF information was sufficiently reliable for the purposes
of our review, we did not independently verify the data as part of
this review. However, to corroborate these data, we requested
workforce trend data from Labor and compared it to the CPDF data. No
material differences were found.
The following describes the steps that we took to identify selected
workforce trends in CPDF for Labor's employees positioned across the
department:
* Hiring. We identified all new hires for fiscal years 2005-2009 by
using personnel action codes in CPDF for individuals accepting career
or career conditional positions. These included new hires to Labor
(both new hires to the government and transfers from other agencies)
and hires of individuals returning to the government. To put Labor's
hiring into context, we used attrition data to compare the numbers of
staff hired with the number of staff leaving. Additionally, we used
Labor's time-to-hire data from 2009 to describe how quickly Labor
fills its job vacancies.
* Attrition rates. To determine the overall attrition rates, we
analyzed data from the CPDF for fiscal years 2005 through 2009. For
each fiscal year, we counted the number of permanent (career)
employees with personnel actions indicating they had separated from
Labor. Separation data for new hires included resignations,
retirements, terminations, transfers to other agencies,[Footnote 102]
and deaths. We did not include a small percentage of individuals with
inconsistent data such as multiple or different hiring or separation
dates. The small percentage of employees with inconsistent data is
similar to the generally reliable data in the CPDF we have reported
previously. We then divided the total number of separations for each
fiscal year by the average of the number of these employees in the
CPDF as of the last pay period of the fiscal year before the fiscal
year of the separations and the number of these employees in the CPDF
as of the last pay period of the fiscal year of separation.
To determine the attrition rates for new hires, we used CPDF data to
identify the newly hired staff and followed them over time to see how
many left Labor. We identified all new hires for fiscal years 2005-
2009 by using personnel action codes for accessions to career or
career conditional positions. Next, we determined whether these
individuals had personnel actions indicating they had separated from
Labor. By subtracting the hire date from the separation date, we
determined how long individuals worked before separating. We
calculated the attrition rates for a specific time period by dividing
the number of individuals who left within that time period by the
total number of new hires tracked for that time period.
* Separations. To identify the ways staff separated from Labor from
2005 through 2009, we used the CPDF codes that identify how employees
separated; including resignations from federal employment, retirement,
transferred to another federal agency, or separated in another way,
such as a reduction in force.
* Retirement eligibility rates. To determine retirement eligibility
for Labor's employees employed as of the end of September 2009 we used
CPDF information on service computation date, birth date, and
retirement plan coverage to calculate the date of eligibility to
retire with an immediate, unreduced annuity. The rules stipulating the
number of years of service in conjunction with the age when a person
would be eligible to retire were used for the retirement plan of which
the employee was a member. In particular, we calculated retirement
eligibility for Labor overall, for the selected program agencies, and
for Labor's overall mission critical versus nonmission critical
occupations, including the specific mission critical occupations
within the selected program agencies for fiscal year 2009.
* Federal tenure rates. To determine federal tenure rates, we examined
CPDF information on number of years of federal service for overall
Labor employees between fiscal years 2005 and 2009. We report years of
federal service rather than years of service with Labor or in a
particular occupation because the CPDF records the service computation
date of entry into federal employment rather than date of entry to an
agency or occupation (the service computation date is adjusted
whenever an employee leaves federal employment and then returns to
federal employment).
To evaluate Labor's controls related to managing and modernizing its
information technology (IT) investments, we interviewed Labor and
component agency officials including the Office of the Chief
Information Officer's (OCIO) capital planning team, enterprise
architecture team, security team, component agency IT managers, and
system users. We reviewed relevant provisions in the Clinger-Cohen
Act, the Paperwork Reduction Act, the Federal Information Security
Management Act (FISMA),[Footnote 103] Office of Management and Budget,
and Financial Systems Integration Office[Footnote 104] guidance
related to defining IT goals and plans, assessing progress toward
achieving IT goals, and measuring performance of IT operations.
To assess Labor's ability to manage its IT portfolio we used our
guidance and Labor guidance to determine the extent to which the
department's investment management process is effective in evaluating
investments throughout the development life cycle.[Footnote 105] To
conduct our assessment, we reviewed relevant Labor policies,
processes, guidance, and documentation including the department's IT
Capital Planning Guide, investment board meeting minutes, budget
documents, cost benefit analyses, and project reviews to identify the
department's processes in managing IT investments throughout the
systems development lifecycle. We also:
* reviewed agency documentation, including select and control reviews,
submitted to the OCIO for their evaluation of IT investments;
* reviewed requirements and testing artifacts for the procure to pay
and trust fund functions to determine adequacy of testing for the New
Core Financial Management System (NCFMS);
* interviewed Labor's program agency IT directors and program
managers; and:
* interviewed relevant OCIO agency officials to determine the extent
to which Labor has established responsibility and accountability for
modernization management.
To evaluate Labor's IT security program we reviewed the departmentwide
IT security program and evaluated them against criteria in FISMA and
other related sources, such as National Institute of Standards and
Technology (NIST) special publication 800-53, revisions 2 and 3. We
compared Labor IT security documentation to FISMA criteria to
determine the quality of compliance with FISMA requirements. We also
interviewed relevant Labor OCIO, Office of Inspector General (OIG),
and component agency staff with responsibility for managing IT
security and obtained relevant support for further analysis from them.
While we assessed Labor's IT security program and policies, we did not
perform system security reviews nor evaluate the effectiveness of the
department's implementation of security controls or NIST requirements.
We also did not independently assess the assigned risk levels of
Labor's systems.
We selected six program agencies--OSHA, ETA, Office of Workers'
Compensation Programs, Office of the Assistant Secretary for
Administration and Management (OASAM), Bureau of Labor Statistics
(BLS), and the Wage and Hour Division--which comprise about 83 percent
of Labor's fiscal year 2010 IT budget to perform case studies in order
to determine strengths and weaknesses in the department's ability to
manage IT investments. Within these agencies we identified systems
under development and in operation to review. We also reviewed the
NCFMS modernization effort to assess the department's adherence to
select and control guidelines. To understand the testing conducted for
NCFMS, we reviewed 2--procure to pay and trust fund--of 23 test
scripts to assess the adequacy of testing Labor's financial management
requirements. For the procure to pay test script we performed analyses
on 26 of 159 test steps to assess the quality, scope, and adequacy of
test documentation. Additionally, we met with other program agencies
as necessary to assess IT management controls.
In the area of financial management, our objective was to determine
the extent to which the design of Labor's key internal control
activities help ensure accountability over one of Labor's top
management challenges, discretionary grants. Our review of the design
of internal control over discretionary grants was performed at ETA
because it accounts for $11.4 billion--approximately 80 percent--of
Labor's overall estimated discretionary budget in fiscal year 2010,
which includes discretionary grants. In addition, in prior years
challenges have been reported on ETA's management of its discretionary
grants.
We assessed the extent to which the design of ETA's controls is
adequate to help ensure accountability over its award, monitoring, and
closeout of discretionary grants,[Footnote 106] including the extent
to which ETA uses the Single Audits to help oversee its grantees. To
assess the design of key controls over ETA's discretionary grant
management process, we obtained and reviewed relevant ETA policies and
procedures, interviewed key Labor and ETA officials, and compared
these policies, procedures, and practices with internal control
standards.
To understand the design of controls over monitoring activities to be
conducted during the period-of-performance for the grantees, we
reviewed documentation requirements for key activities such as initial
risk assessments, quarterly desk reviews, and on-site visit reports
recorded in Labor's Grants Electronic Management System (GEMS). To
further understand the possible effect of identified control design
flaws, we selected a nongeneralizable sample of 30 (15 active and 15
closed) discretionary grants from the E-Grants system, Labor's main
grant obligation and cost subsidiary system. Such a sample cannot be
used to draw conclusions on the extent to which there are problems in
the universe of discretionary grants. To select our sample of
discretionary grants in fiscal year 2009,[Footnote 107] we stratified
the population of discretionary grants data by ETA programs that had
awarded discretionary grants and identified the top five programs that
disbursed the largest discretionary grants during fiscal year 2009.
For these programs, we sorted the grants from the highest to the
lowest total disbursement and categorized the disbursements in three
tiers--high, medium, and low dollar value. We selected the grants with
the highest disbursement dollar value from each of the three tiers for
our sample. For these grants we reviewed documentation in the grant
files for key activities conducted during the award and close out
process, such as grant agreement approvals, modification approvals,
and close out checklists.
To determine the extent to which ETA has controls designed to use the
Single Audit process to help the agency in performing oversight and
monitoring functions over its grantees, we reviewed ETA's procedures
for coordinating Single Audit reviews and its process for correcting
identified Single Audit deficiencies. We also interviewed ETA
officials to better understand the extent to which they have controls
to use Single Audits to perform oversight functions. In addition to
further our understanding of the effect of identified control design
flaws in this area, for the nongeneralizable sample of 30 grant files
discussed previously, we inquired whether a Single Audit had been
performed, and if performed, we reviewed documentation and spoke to
ETA officials to determine if ETA conducted the required resolution
process for correcting identified Single Audit deficiencies.
We conducted our review at Labor's national office as well as four
regional locations: Atlanta, Georgia; Chicago, Illinois; Philadelphia,
Pennsylvania; and San Francisco, California. These regional offices
were selected to ensure geographical representation and because
Labor's OASAM was located in each of these offices. In addition to
interviewing Labor program agency officials, we also interviewed
officials from Labor's OIG, OMB, and OPM, as well as representatives
from Labor's employee unions to better understand Labor's management
practices. Moreover, for each objective, we reviewed relevant federal
laws and regulations.
We conducted this performance audit from August 2009 to March 2011 in
accordance with generally accepted government auditing standards. The
standards require that we plan and perform the audit to obtain
sufficient, appropriate evidence to provide a reasonable basis for our
findings and conclusions based on our audit objectives. We believe the
evidence obtained provides a reasonable basis for findings and
conclusions based on our audit objectives.
[End of section]
Appendix II: Select Financial Management Deficiencies Identified at
the Department of Labor, Fiscal Year 2010:
Challenge or issue: Incomplete and inaccurate data from Labor's
Accounting and Related Systems or subsidiary systems to NCFMS, which
were caused by coding, configuration, migration, and interface issues;
Impact on financial reporting:
* Significant differences were noted in general ledger accounts and
subsidiary records for the payroll, trust fund, and property accounts;
* Certain obligations were not transmitted from Labor's system to the
U.S. Department of Health and Human Services Payment Management System
in order for grantees to drawdown funds;
Status as of fiscal year 2010:
* The auditors reported that Labor has made progress in addressing
some of these issues. However, as of the end of fiscal year 2010, not
all differences had been resolved;
* The auditors acknowledged Labor had addressed the majority of these
issues by June 2010.
Challenge or issue: Incomplete and unresolved reconciliations with the
Department of the Treasury accounts and intragovernmental transaction;
Impact on financial reporting:
* Difference of $1.7 billion difference was noted between Labor's
general ledger accounts and the fund balance with the Department of
the Treasury account;
* Unexplained differences were found in intragovernmental
transactions. For example, the Unemployment Trust Fund's interest
receivable, investments, and interest revenue accounts had unexplained
differences of $158 million, $7.2 billion, and $345 million,
respectively;
Status as of fiscal year 2010:
* According to Labor's auditors, as of September 30, 2010, Labor was
still unable to reconcile the net differences that were identified in
its fund balance with the Department of the Treasury accounts and had
not resolved all errors related to intergovernmental transactions.
Challenge or issue: Inadequate financial processes and incomplete
financial statement information;
Impact on financial reporting:
* Processes needed to record current year apportionments, evaluate the
accuracy of the grant accrual, and record property, plant, and
equipment additions and deletions that were not fully implemented and
documented for a significant part of the year. Also, significant
difficulties pertaining to data migration prevented the OCFO from
finalizing and recording the adjusting entries needed to begin
preparation of the financial statements;
* Financial statement drafts received by the auditor contained
numerous errors. For example, (1) balances between financial statement
amounts and notes to the financial statements did not reconcile;
(2) financial information contained large errors that were not
corrected or adjusted prior to submission, such as similar balances
that should be repeated in different report areas did not agree and
were not corrected; and (3) the year end statement reported a
liability of approximately $13 billion when the amount should have
been reported as approximately $20 billion;
Status as of fiscal year 2010:
* Beginning in fiscal year 2011, Labor reported it plans to prioritize
the OCFO resources to focus on updating existing quality assurance
documentation and to formally document NCFMS financial reporting
processes. Labor anticipates these efforts to be completed by
September 30, 2011;
* The auditors reported that Labor subsequently corrected the errors
identified by the auditors on the financial statement drafts;
however, financial statement preparation has been a longstanding
deficiency for Labor.
Source: Department of Labor, Agency Financial Report, fiscal year 2010.
Note: We did not independently evaluate the status of the corrective
actions identified in Labor's fiscal year 2009 Performance
Accountability Report and its fiscal year 2010 Agency Financial Report.
[End of table]
[End of section]
Appendix III: Department of Labor Workforce Trends:
The following data illustrates Labor's workforce trends between fiscal
years 2005 and 2009 for eight of the department's program agencies. We
selected these agencies because they had 500 or more full-time
equivalent employees. The agencies are BLS, EBSA, Employment Standards
Administration (ESA),[Footnote 108] ETA, Mine Safety and Health
Administration (MSHA), OASAM, OSHA, and Office of the Solicitor (SOL).
We obtained the data from CPDF. See appendix I for an overview of the
CPDF data reliability and our methodology for calculating workforce
trends.
Attrition within Labor's Workforce:
Labor averaged an attrition rate[Footnote 109] of about 11 percent
between fiscal years 2006 and 2008. Attrition was consistently lower
for mission critical employees.[Footnote 110] Attrition rates within
the eight selected program agencies varied; for example, SOL ranged
from about 5 to 8 percent attrition per year, while OASAM ranged from
about 14 to 17 percent attrition per year (see figure 5).
Figure 5: Attrition Rates for Labor and Select Program Agencies,
Fiscal Years 2005-2009:
[Refer to PDF for image: illustrated table]
Year: 2005;
Overall labor: 9.3%;
Overall mission critical: 6.7%;
Overall nonmission critical: 13.7%;
Overall attrition by agency:
BLS: 8.0%;
EBSA: 11.2%;
ESA: 9.1%;
ETA: 11.2%;
MSHA: 7.5%;
OASAM: 13.7%;
OSHA: 6.1%;
SOL: 5.2%.
Year: 2006;
Overall labor: 11.6%;
Overall mission critical: 9.3%;
Overall nonmission critical: 15.5%;
Overall attrition by agency:
BLS: 10.2%;
EBSA: 11.9%;
ESA: 10.6%;
ETA: 17.9%;
MSHA: 9.9%;
OASAM: 14.7%;
OSHA: 7.9%;
SOL: 8.3%.
Year: 2007;
Overall labor: 11.0%;
Overall mission critical: 8.3%;
Overall nonmission critical: 15.6%;
Overall attrition by agency:
BLS: 10.0%;
EBSA: 14.2%;
ESA: 10.3%;
ETA: 10.9%;
MSHA: 9.2%;
OASAM: 17.2%;
OSHA: 9.0%;
SOL: 7.1%.
Year: 2008;
Overall labor: 11.2%;
Overall mission critical: 9.1%;
Overall nonmission critical: 14.8%;
Overall attrition by agency:
BLS: 9.5%;
EBSA: 10.7%;
ESA: 10.4%;
ETA: 11.7%;
MSHA: 10.3%;
OASAM: 16.2%;
OSHA: 9.8%;
SOL: 8.3%.
Year: 2009;
Overall labor: 9.2%;
Overall mission critical: 6.9%;
Overall nonmission critical: 13.6%;
Overall attrition by agency:
BLS: 7.1%;
EBSA: 10.0%;
ESA: 8.4%;
ETA: 8.9%;
MSHA: 7.4%;
OASAM: 17.0%;
OSHA: 9.5%;
SOL: 5.8%.
Source: GAO analysis of CPDF data.
[End of figure]
Types of Separations within Labor's Workforce:
Of those leaving the department, resignations and retirements
comprised approximately 70-76 percent of Labor's separations each year
between fiscal years 2005 and 2009. The proportion of transfers to
other federal agencies increased each year from about 12 percent in
fiscal year 2005 to almost 19 percent by fiscal year 2009 (see figure
6).
Figure 6: Percent of Separations by Type for Labor, Fiscal Years 2005-
2009:
[Refer to PDF for image: stacked horizontal bar graph]
Percentage of separation by type: 2005;
Resigned: 31.2%;
Retired: 40.9%;
Transfer[A]: 12.1%;
Other[B]: 15.8%.
Percentage of separation by type: 2006;
Resigned: 33%;
Retired: 43.1%;
Transfer[A]: 12.4%;
Other[B]: 11.5%.
Percentage of separation by type: 2007;
Resigned: 38%;
Retired: 36.6%;
Transfer[A]: 14.8%;
Other[B]: 10.6%.
Percentage of separation by type: 2008;
Resigned: 32.4%;
Retired: 38.6%;
Transfer[A]: 18.5%;
Other[B]: 10.5%.
Percentage of separation by type: 2009;
Resigned: 35.7%;
Retired: 34.1%;
Transfer[A]: 18.9%;
Other[B]: 11.3%.
Source: GAO analysis of CPDF data.
[A] "Transfer" is when an individual employee accepts a position in a
different federal agency.
[B] "Other" includes expired appointments, death, failed probations,
fires, reductions in force, and unknown.
[End of figure]
Retirement Eligibility of Labor's Workforce:
The retirement eligibility of Labor's workforce has generally been
increasing between fiscal years 2005 and 2009, with its lowest rate at
16.2 percent in 2006 and its highest rate at 18.5 percent in 2009 (see
figure 7). As of 2009, retirement eligibility rates ranged from 11.8
percent for EBSA to 21 percent for ETA. The average of the 2009
retirement eligibility rates at the eight selected program agencies
was 18 percent.
Figure 7: Percent of Employees Eligible to Retire for Labor and Select
Program Agencies, Fiscal Years 2005-2009:
[Refer to PDF for image: illustrated table]
Year: 2005;
Overall labor: 16,4%;
Overall mission critical: 17.7%;
Overall nonmission critical: 15.6%;
Overall retirement eligibility per agency:
BLS: 14.1%;
EBSA: 9.8%;
ESA: 15.5%;
ETA: 23.6%;
MSHA: 18.9%;
OASAM: 18.0%;
OSHA: 15.9%;
SOL: 16.1%.
Year: 2006;
Overall labor: 16.2%;
Overall mission critical: 17.7%;
Overall nonmission critical: 15.3%;
Overall retirement eligibility per agency:
BLS: 14.0%;
EBSA: 9.8%;
ESA: 15.7%;
ETA: 21.1%;
MSHA: 17.2%;
OASAM: 18.9%;
OSHA: 17.4%;
SOL: 17.8%.
Year: 2007;
Overall labor: 17.0%;
Overall mission critical: 18.5%;
Overall nonmission critical: 16.1%;
Overall retirement eligibility per agency:
BLS: 15.7%;
EBSA: 11.2%;
ESA: 16.5%;
ETA: 20.7%;
MSHA: 16.6%;
OASAM: 18.9%;
OSHA: 19.1%;
SOL: 18.2%.
Year: 2008;
Overall labor: 17.9%;
Overall mission critical: 19.3%;
Overall nonmission critical: 17.1%;
Overall retirement eligibility per agency:
BLS: 17.0%;
EBSA: 11.8%;
ESA: 18.0%;
ETA: 20.4%;
MSHA: 17.6%;
OASAM: 20.3%;
OSHA: 19.3%;
SOL: 18.3%.
Year: 2009;
Overall labor: 18.5%;
Overall mission critical: 20.4%;
Overall nonmission critical: 17.4%;
Overall retirement eligibility per agency:
BLS: 17.7%;
EBSA: 11.8%;
ESA: 18.0%;
ETA: 21.0%;
MSHA: 18.7%;
OASAM: 19.4%;
OSHA: 19.5%;
SOL: 18.8%.
Source: GAO analysis of CPDF data.
[End of figure]
Of Labor's retirement-eligible employees each year between 2005 and
2009, about 4 to 5 percent were supervisors. The percentage of
retirement-eligible employees in nonsupervisory positions ranged
between 11.8 percent in fiscal year 2006 to 13.5 percent in fiscal
year 2009.
Specifically, in seven of the selected program agencies in fiscal year
2009, there were a larger percentage of mission critical employees
eligible for retirement than nonmission critical employees. In OASAM,
however, the reverse was true. Of the approximately 19 percent of
employees who were retirement eligible as of fiscal year 2009, about
14 percent were in nonmission critical positions compared to 5 percent
in mission critical positions (see figure 8).
Figure 8: Percent of Employees Eligible to Retire for Mission Critical
Occupations in Select Program Agencies, Fiscal Year 2009:
[Refer to PDF for image: illustrated table]
Agency: BLS;
Overall retirement eligibility: 17.7%;
Overall retirement eligibility by mission critical occupation:
Economist: 13.7%;
Mathematical statistician–1529: 19.6%;
Mathematical statistician–1530: 30.0%;
Computer specialist: 14.6%;
Nonmission critical occupations: 25.7%.
Agency: EBSA;
Overall retirement eligibility: 11.8%;
Overall retirement eligibility by mission critical occupation:
Benefit advisor: 7.2%;
Auditor: 15.4%;
Pension law specialist: 16.9%;
Investigator: 10.9%;
Nonmission critical occupations: 14.8%.
Agency: ESA;
Overall retirement eligibility: 18.0%;
Overall retirement eligibility by mission critical occupation:
Wage and hour compliance investigator–0249: 18.8%;
Wage and hour investigator–1849: 9.5%;
Equal opportunity specialist: 19.9%;
Workmens compensation claims examiner: 15.8%;
Investigator: 15.6%;
Nonmission critical occupations: 21.8%.
Agency: ETA;
Overall retirement eligibility: 21.0%;
Overall retirement eligibility by mission critical occupation:
Unemployment insurance program specialist: 28.4%;
Workforce analyst: 7.0%;
Workforce development specialist–0142: 18.6%;
Workforce development specialist–0301: 12.8%;
Apprentice and training representative: 27.8%;
Grant management: 29.6%;
Nonmission critical occupations: 24.1%.
Agency: MSHA;
Overall retirement eligibility: 18.7%;
Overall retirement eligibility by mission critical occupation:
Mining engineer: 18.7%;
Mine inspector: 16.9%;
Nonmission critical occupations: 22.7%.
Agency: OASAM;
Overall retirement eligibility: 19.4%;
Overall retirement eligibility by mission critical occupation:
Human resource specialist: 19.6%;
Computer specialist: 16.9%;
Nonmission critical occupations: 22.7%.
Agency: OSHA;
Overall retirement eligibility: 19.5%;
Overall retirement eligibility by mission critical occupation:
Safety specialist–0018: 20.2%;
Industrial hygenist–0690: 15.6%;
Nonmission critical occupations: 20.9%.
Agency: SOL;
Overall retirement eligibility: 18.8%;
Overall retirement eligibility by mission critical occupation:
Attorney: 18.8%;
Nonmission critical occupations: 18.7%.
Source: GAO analysis of CPDF data.
[End of figure]
Federal Tenure Rates of Labor's Workforce:
The proportion of employees with fewer years of federal experience has
increased while the proportion of those with more experience has
decreased. As of fiscal year 2009, 13.5 percent of Labor's employees
had less than 3 years of federal experience, up 4 percent from fiscal
year 2005. The proportion of those with 11 or more years of federal
experience has generally decreased each year between fiscal years 2005
and 2009, with 35.5 percent of Labor's workforce having 21 or more
years of federal experience in fiscal year 2009. In fiscal year 2009,
about half of Labor's workforce had less than 3 years or more than 21
years of federal experience; approximately one-quarter had 3-11 years
of federal experience (see figure 9).
Figure 9: Federal Tenure Rates for Labor, Fiscal Years 2005-2009:
[Refer to PDF for image: vertical bar graph]
Federal tenure rates:
Year: 2005;
0 to less than 3 years of federal experience: 9.1%;
3 to less than 6 years of federal experience: 10.3%;
6 to less than 11 years of federal experience: 13.7%;
11 to less than 21 years of federal experience: 29.6%;
21 or more years of federal experience: 37.4%.
Year: 2006;
0 to less than 3 years of federal experience: 10.1%;
3 to less than 6 years of federal experience: 10.3%;
6 to less than 11 years of federal experience: 14.5%;
11 to less than 21 years of federal experience: 28.8%;
21 or more years of federal experience: 36.3%.
Year: 2007;
0 to less than 3 years of federal experience: 11.9%;
3 to less than 6 years of federal experience: 8.9%;
6 to less than 11 years of federal experience: 16.7%;
11 to less than 21 years of federal experience: 27%;
21 or more years of federal experience: 35.4%.
Year: 2008;
0 to less than 3 years of federal experience: 12.4%;
3 to less than 6 years of federal experience: 9.4%;
6 to less than 11 years of federal experience: 16.3%;
11 to less than 21 years of federal experience: 26.4%;
21 or more years of federal experience: 35.5%.
Year: 2009;
0 to less than 3 years of federal experience: 13.5%;
3 to less than 6 years of federal experience: 10%;
6 to less than 11 years of federal experience: 16.5%;
11 to less than 21 years of federal experience: 24.5%;
21 or more years of federal experience: 35.5%.
Source: GAO analysis of CPDF data.
[End of figure]
Hires within Labor's Workforce:
Labor hired[Footnote 111] approximately 9-14 percent of its workforce
per year between fiscal years 2005 and 2009, averaging about 11
percent per year in fiscal years 2006 to 2008 (see figure 10).
[Footnote 112] Labor's hires ranged from almost 1,300 employees in
fiscal year 2005 to more than 2,100 employees in fiscal year 2009,
averaging about 1,700 employees each year (see figure 11). For each of
those years, there were approximately equal proportions of mission
critical and nonmission critical hires. The eight selected program
agencies varied in their proportions of new hires between fiscal years
2005 and 2009. For example, in OASAM, approximately 15 to 21 percent
of its employees each year were new hires, while in SOL approximately
2.7 to 15.1 percent of its employees were new hires in each of those
years (see figure 10).
Figure 10: Percent of New Hires for Labor and Select Program Agencies,
Fiscal Years 2005-2009:
[Refer to PDF for image: illustrated table]
Year: 2005;
All labor: 8.6%;
Overall hiring by agency:
BLS: 8.4%;
EBSA: 13.6%;
ESA: 7.7%;
ETA: 6.1%;
MSHA: 9.3%;
OASAM: 15.3%;
OSHA: 4.3%;
SOL: 2.7%.
Year: 2006;
All labor: 11.2%;
Overall hiring by agency:
BLS: 12.6%;
EBSA: 14.1%;
ESA: 13.3%;
ETA: 14.2%;
MSHA: 7.7%;
OASAM: 16.5%;
OSHA: 4.8%;
SOL: 3.4%.
Year: 2007;
All labor: 11.0%;
Overall hiring by agency:
BLS: 6.6%;
EBSA: 12.1%;
ESA: 10.3%;
ETA: 11.1%;
MSHA: 15.8%;
OASAM: 14.9%;
OSHA: 8.7%;
SOL: 5.1%.
Year: 2008;
All labor: 10.6%;
Overall hiring by agency:
BLS: 4.7%;
EBSA: 9.7%;
ESA: 10.5%;
ETA: 8.9%;
MSHA: 12.9%;
OASAM: 17.4%;
OSHA: 9.4%;
SOL: 10.3%.
Year: 2009;
All labor: 14.2%;
Overall hiring by agency:
BLS: 10.4%;
EBSA: 17.0%;
ESA: 14.7%;
ETA: 26.3%;
MSHA: 10.1%;
OASAM: 20.8%;
OSHA: 12.6%;
SOL: 15.1%.
Source: GAO analysis of CPDF data.
[End of figure]
Figure 11: Number of New Hires and Separations for Labor, Fiscal Years
2005-2009:
[Refer to PDF for image: combination vertical bar and line graph]
Year: 2005;
Hires: 1,295;
Separations: 1,528.
Year: 2006;
Hires: 1,665;
Separations: 1,754.
Year: 2007;
Hires: 1,645;
Separations: 1,654.
Year: 2008;
Hires: 1,578;
Separations: 1,711.
Year: 2009;
Hires: 2,177;
Separations: 1,426.
Source: GAO analysis of CPDF data.
[End of figure]
Special Hires versus Ordinary Hires within Labor's Workforce:
Between fiscal years 2005 and 2009, Labor's ordinary hires have
generally remained at approximately 60 percent, with the remaining
being special hires. In fiscal year 2009, ordinary and special hires
had a greater proportion of mission critical positions (see figure 12).
Figure 12: Percent of Special Versus Ordinary Hires for Labor, Fiscal
Years 2005-2009:
[Refer to PDF for image: stacked horizontal bar graph]
Percentage of overall Labor:
Year: 2005;
Special Hires: Mission critical: 13.4%;
Special Hires: Nonmission critical: 25.3%;
Special Hires: Overall: 38.7%;
Ordinary Hires: Mission critical: 36.5%;
Ordinary Hires: Nonmission critical: 24.9%;
Ordinary Hires: Overall: 61.3%.
Year: 2006;
Special Hires: Mission critical: 17.1%;
Special Hires: Nonmission critical: 24.4%;
Special Hires: Overall: 41.5%;
Ordinary Hires: Mission critical: 36.1%;
Ordinary Hires: Nonmission critical: 22.4%;
Ordinary Hires: Overall: 58.5%.
Year: 2007;
Special Hires: Mission critical: 26.8%;
Special Hires: Nonmission critical: 21.4%;
Special Hires: Overall: 48.2%;
Ordinary Hires: Mission critical: 28.2%;
Ordinary Hires: Nonmission critical: 23.7%;
Ordinary Hires: Overall: 51.8%.
Year: 2008;
Special Hires: Mission critical: 18%;
Special Hires: Nonmission critical: 19.5%;
Special Hires: Overall: 37.5%;
Ordinary Hires: Mission critical: 32.3%;
Ordinary Hires: Nonmission critical: 30.2%;
Ordinary Hires: Overall: 62.5%.
Year: 2009;
Special Hires: Mission critical: 21.7%;
Special Hires: Nonmission critical: 16.7%;
Special Hires: Overall: 38.4%;
Ordinary Hires: Mission critical: 33.8%;
Ordinary Hires: Nonmission critical: 27.8%;
Ordinary Hires: Overall: 61.6%.
Source: GAO analysis of CPDF data.
[End of figure]
[End of section]
Appendix IV: Comments from the Department of Labor:
U.S. Department of Labor:
Office of the Assistant Secretary for Administration:
Administration and Management:
Washington, D.C. 20210:
February 25, 2011:
Mr. Andrew Sherrill:
Director, Education, Workforce, and Income Security Issues:
Government Accountability Office:
441 G Street, N.W.
Washington, DC 20548:
Dear Mr. Sherrill:
This letter is provided in response to the draft report GAO-11-157,
Further Management Improvements Needed to Address Information
Technology and Financial Controls, dated February 2011. The Department
of Labor (DOL) appreciates the opportunity to provide comments on this
far-reaching review of our management controls.
Recommendations #1 - 5, directed to the Chief Information Officer
(CIO):
DOL response: In general, the portrayals of our information technology
management controls are substantiated. However, we have concerns
regarding how the security references throughout the report were
presented. For example, the report implies that program agencies
within DOL, as a whole, did not place priority on implementing current
security requirements. This is not completely accurate and it is one
example of a misleading conclusion about our security program. We have
expressed our comments specific to page references in an enclosure
accompanying this response. We request the Government Accountability
Office (GAO) review our comments and consider adjusting the report
accordingly.
Recommendation #6 ” 8, directed to the Assistant Secretary for
Employment and Training (ETA):
Recommendation #6: Establish procedures for retaining grant award-
related documentation, including location and retention period.
DOL response: ETA concurs with the recommendation to establish
procedures for retaining pre-award documentation. The agency is in the
process of developing and disseminating standard operating procedures
for grant applications and related documents. The procedures will
provide guidance on the retention of competitive grant applications
and relevant documentation associated with solicitations for grant
applications.
Recommendation #7: Establish quality assurance steps to be performed,
such as supervisory reviews, and documented in GEMS with respect to
grantee monitoring activities, including how such procedures are to be
conducted, how often, and identifying the regional-level responsible
agency official to perform these duties.
DOL response: ETA supports continuous improvement of the stewardship
of its discretionary grants with respect to supervisory reviews and
documentation of grantee monitoring activities-”including how such
procedures are to be conducted, and how often the personnel
responsible to perform those duties-”and our management of
discretionary grants reflects this principle. However, the
recommendations suggest that quality assurance steps and supervisory
review procedures are not currently in place. This is not the case.
ETA has a broad range of grants management and monitoring practices
and procedures in place. Over the years, ETA has developed a broad set
of tools to support effective grants management, including the Core
Monitoring Guide, the ETA Desk Reference Tool, and the electronic GEMS
system, among other critical tools to ensure the effective management
of Federal grants. It should be noted that GEMS is a tool for grants
management and not the grants management system. However, since the
creation of GEMS, ETA has continued to upgrade the tool and expand its
utility. For example, in 2008, ETA established a policy that required
the use of the GEMS system for the storage of documents from grant
monitoring and follow-up procurement activities.
Further, during a grants period of performance, Regional
Administrators and their managers in ETA's six Regional Offices have
the primary responsibility for management and oversight of grant
monitoring and grants management activities, which is performed by
Federal Project Officers. The performance agreements established for
Regional Administrators, managers, and Federal Project Officers
include standards that address grant monitoring and other grants
management responsibilities for which these staff are accountable.
Management reports also are retrieved from GEMS on at least a
quarterly basis, and more often as necessary, and are reviewed by
managers during regular team meetings where requirements and
monitoring findings of significance are addressed.
We continue to build on ETA's quality assurance procedures, training
and guidance to staff to use the GEMS system effectively as one of our
grant management system tools. In fact, the GEMS system has proven
useful in transitioning from a largely paper-based federal grant
management system to electronic filing and ETA views this as a
positive approach that continues to make substantial improvements to
its overall federal grants management activities.
Recommendation #8: Establish procedures addressing the communication
and incorporation of Single Audit findings and related corrective
actions as part of the ETA's grantees' monitoring activities to be
documented in GEMS.
DOL Response: ETA's Core Monitoring Guide (and the Financial
Supplement to the guide) already requires reviewers to ascertain the
status of the single audit and any open issues as part of onsite
reviews. It is important to note that agency fiscal staff are
ultimately responsible for single audit resolutions. ETA involves all
appropriate individuals, who vary depending upon the audit findings,
to resolve A-133 and Office of Inspector General audits. All final
determinations resulting from audit resolutions are forwarded to the
appropriate national program or regional office for their
dissemination to the appropriate staff in their respective offices.
ETA recognizes the importance of the program office, Regional
Administrators, and their fiscal and program management staff in the
communication and incorporation of Single Audit findings and will
continue to further strengthen this critical monitoring process.
Additional Comments:
Additional page-specific comments are enclosed.
Conclusion:
Thank you again for the opportunity to comment on the draft report. If
you have any questions or you require further discussion about our
comments, please have your staff contact Edward C. Hugler, Deputy
Assistant Secretary, at hugler.edward@dol.gov. or 202-693-4040.
Sincerely,
Signed by:
T. Michael Kerr:
Assistant Secretary for Administration and Management:
Enclosure:
[End of section]
Appendix V: Contact and Acknowledgments:
GAO Contact:
Andrew Sherrill, (202) 512-7215 or sherrilla@gao.gov:
Acknowledgments:
The following staff members made key contributions to this report:
Directors Kay Daly and Valerie Melvin; Assistant Directors Sara
Schibanoff Kelly, Gale Harris, Elizabeth Martinez, and Christie
Motley; Jason Holsclaw, Analyst-in-Charge; and Nora Boretti, Rathi
Bose, Susannah Compton, Melinda Cordero, Pamela Davidson, Peter Del
Toro, Neil Doherty, Aimee Elivert, Rebecca E. Eyler, Kenrick Isaac,
Franklin Jackson, Pierre Kamga, Jason Kirwan, Judy Lee, Steven Lozano,
Chris Martin, Jean McSween, Mimi Nguyen, Scott Pettis, James Rebbe,
Susan Sachs, Melissa Schermerhorn, Amber Yancey Carroll, and Gregory
Wilmoth.
[End of section]
Related GAO Products:
Department of Labor:
Whistleblower Protection: Sustained Management Attention Needed to
Address Long-standing Program Weaknesses. [hyperlink,
http://www.gao.gov/products/GAO-10-722]. Washington, D.C.: August 17,
2010.
Employment and Training Administration: Increased Authority and
Accountability Could Improve Research Program. [hyperlink,
http://www.gao.gov/products/GAO-10-243]. Washington, D.C.: January 29,
2010.
Employee Benefits Security Administration: Enforcement Improvements
Made but Additional Actions Could Further Enhance Pension Plan
Oversight. [hyperlink, http://www.gao.gov/products/GAO-07-22].
Washington, D.C.: January 18, 2007.
National Emergency Grants: Labor Has Improved Its Grant Award
Timeliness and Data Collection, but Further Steps Can Improve Process.
[hyperlink, http://www.gao.gov/products/GAO-06-870]. Washington, D.C.:
September 5, 2006.
Major Management Challenges and Program Risks: Department of Labor.
[hyperlink, http://www.gao.gov/products/GAO-03-106]. Washington, D.C.:
January 1, 2003.
Major Management Challenges and Program Risks: Department of Labor.
[hyperlink, http://www.gao.gov/products/GAO/OCG-99-11]. Washington,
D.C.: January 1, 1999.
Strategic Workforce Planning and Human Capital Management:
Workforce Planning: Interior, EPA, and the Forest Service Should
Strengthen Linkages to Their Strategic Plans and Improve Evaluation.
[hyperlink, http://www.gao.gov/products/GAO-10-413]. Washington, D.C.:
March 31, 2010.
Human Capital: Selected Agencies Have Opportunities to Enhance
Existing Succession Planning and Management Efforts. [hyperlink,
http://www.gao.gov/products/GAO-05-585]. Washington, D.C.: June 30,
2005.
Human Capital: Selected Agencies' Statutory Authorities Could Offer
Options in Developing a Framework for Governmentwide Reform.
[hyperlink, http://www.gao.gov/products/GAO-05-398R]. Washington,
D.C.: April 21, 2005.
Diversity Management: Expert-Identified Leading Practices and Agency
Examples. [hyperlink, http://www.gao.gov/products/GAO-05-90].
Washington, D.C.: January 14, 2005.
Human Capital: Principles, Criteria, and Processes for Governmentwide
Federal Human Capital Reform. [hyperlink,
http://www.gao.gov/products/GAO-05-69SP]. Washington, D.C.: December
1, 2004.
Human Capital: A Guide for Assessing Strategic Training and
Development Efforts in the Federal Government. [hyperlink,
http://www.gao.gov/products/GAO-04-546G]. Washington, D.C.: March 1,
2004.
Human Capital: Selected Agencies' Experiences and Lessons Learned in
Designing Training and Development Programs. [hyperlink,
http://www.gao.gov/products/GAO-04-291]. Washington, D.C.: January 30,
2004.
Human Capital: Key Principles for Effective Strategic Workforce
Planning. [hyperlink, http://www.gao.gov/products/GAO-04-39].
Washington, D.C.: December 11, 2003.
Human Capital: Succession Planning and Management Is Critical Driver
of Organizational Transformation. [hyperlink,
http://www.gao.gov/products/GAO-04-127T]. Washington, D.C.: October 1,
2003.
Human Capital: A Guide for Assessing Strategic Training and
Development Efforts in the Federal Government (Exposure Draft).
[hyperlink, http://www.gao.gov/products/GAO-03-893G]. Washington,
D.C.: July 1, 2003.
A Model of Strategic Human Capital Management (Exposure Draft).
[hyperlink, http://www.gao.gov/products/GAO-02-373SP]. Washington,
D.C.: March 15, 2002.
Information Technology Management:
Information Technology: Federal Agencies Need to Strengthen Investment
Board Oversight of Poorly Planned and Performing Projects. [hyperlink,
http://www.gao.gov/products/GAO-09-566]. Washington, D.C.: June 2009.
Information Technology: HHS Has Several Investment Management
Capabilities in Place, but Needs to Address Key Weaknesses.
[hyperlink, http://www.gao.gov/products/GAO-06-11]. Washington, D.C.:
October 28, 2005.
Information Technology: DOD's Acquisition Policies and Guidance Need
to Incorporate Additional Best Practices and Controls. [hyperlink,
http://www.gao.gov/products/GAO-04-722]. Washington, D.C.: July 2004.
Information Technology Management: Governmentwide Strategic Planning,
Performance Measurements, and Investment Management Can Be Further
Improved. [hyperlink, http://www.gao.gov/products/GAO-04-49].
Washington, D.C.: January 12, 2004.
Information Technology: A Framework for Assessing and Improving
Enterprise Architecture Management (Version 1.1). [hyperlink,
http://www.gao.gov/products/GAO-03-584G]. Washington, D.C.: April 1,
2003.
Financial Management:
Financial Management: Persistent Financial Management Systems Issues
Remain for CFO Act Agencies. [hyperlink,
http://www.gao.gov/products/GAO-08-1018]. Washington, D.C.: September
30, 2008.
Financial Management: Improvements Under Way but Serious Financial
Systems Problems Persist. [hyperlink,
http://www.gao.gov/products/GAO-06-970]. Washington, D.C.: September
26, 2006.
[End of section]
Footnotes:
[1] Pub. L. No. 111-5, 123 Stat. 115.
[2] GAO, Department of Labor: Strategic Planning and Information
Management Challenges Facing the Department, [hyperlink,
http://www.gao.gov/products/GAO/T-HEHS-98-88] (Washington, D.C.: Feb.
5, 1998).
[3] GAO, Human Capital: Key Principles for Effective Strategic
Workforce Planning, [hyperlink, http://www.gao.gov/products/GAO-04-39]
(Washington, D.C.: Dec. 11, 2003).
[4] The E-Government Act of 2002 (Pub. L. No. 107-347, 116 Stat. 2899)
was enacted to promote the use of the Internet and other information
technologies to improve government services for citizens, internal
government operations, and opportunities for citizen participation in
government.
[5] An enterprise architecture is a blueprint for organizational
change defined in models that describe (in both business and
technology terms) how the entity operates today and how it intends to
operate in the future; it also includes a plan for transitioning to
this future state.
[6] The TRB consists of the Deputy CIO, who serves as the chair and
manager, and technical representation from the department's program
agencies.
[7] Pub. L. No. 104-106, 110 Stat. 679.
[8] GAO, Information Technology Investment Management: A Framework for
Assessing and Improving Process Maturity, version 1.1, [hyperlink,
http://www.gao.gov/products/GAO-04-394G] (Washington D.C.: Mar. 1,
2004).
[9] According to the Paperwork Reduction Act, each agency shall assume
responsibility for maximizing the value and assessing and managing the
risks of major information systems initiatives through a select,
control, and evaluate process.
[10] FISMA was enacted as Title III, E-Government Act of 2002, Pub. L.
No. 107-347, 116 Stat. 2899, 2946.
[11] NIST, Guide for Applying the Risk Management Framework to Federal
Information Systems, Special Publication 800-37, revision 1
(Gaithersburg, Md., February 2010).
[12] NIST, Recommended Security Controls for Federal Information
Systems and Organizations, Special Publication 800-53, revision 3
(Gaithersburg, Md., August 2009).
[13] Pub. L. No. 101-576, 104 Stat. 2838.
[14] 31 U.S.C. § 3512(c), (d).
[15] U.S. Department of Labor, Fiscal Year 2007 Performance and
Accountability Report (Washington, D.C., Nov. 15, 2007); Fiscal Year
2008 Performance and Accountability Report (Nov. 17, 2008); and Fiscal
Year 2009 Performance and Accountability Report (Nov. 16, 2009).
[16] U.S. Department of Labor, Office of the Chief Financial Officer,
Fiscal Year 2009 OMB Circular A-123, Appendix A, Assessment of
Internal Control Over Financial Reporting July 1, 2008 through June
30, 2009 (Nov. 15, 2009). Appendix A of OMB Circular A-123,
Management's Responsibility for Internal Control, provides a
methodology for agency management to assess, document, and report on
the internal controls over financial reporting. Labor's fiscal year
2009 A-123, appendix A assessment included an internal control
assessment and testing for grants management among other significant
business processes. Labor's fiscal year 2009 OMB Circular A-123
assessment identified deficiencies over monitoring of ETA's grantees.
[17] GAO, Employment and Training Program Grants: Evaluating Impact
and Enhancing Monitoring Would Improve Accountability, GAO-08-486
(Washington, D.C.: May 7, 2008). U.S. Department of Labor, Office of
Inspector General-Office of Audit, High Growth Job Training
Initiative: Decisions for Non-competitive Awards Not Adequately
Justified, 02-08-201-03-390 (Washington, D.C., Nov. 2, 2007) and
Selected High Growth Job Training Initiative Grants: Value Not
Demonstrated, 02-08-204-03-390 (Washington, D.C., Apr. 29, 2008).
[18] Discretionary competitive grants are awarded through a
solicitation process. Labor issues two types of discretionary grants:
limited-competition and competitive grants. Limited-competition grants
are awards for programs where funds are made available through a
defined application process to members of a defined eligible applicant
group, who meet specific requirements and offer a program designed to
deliver acceptable results. Competitive grants are awards for programs
where available funds are announced in the Federal Register and
through a Solicitation for Grant Application. A Technical Review Panel
is required to be convened for competitive grants to select grantees
with the best technical approach for meeting the government's
requirements; or the organization that best provides for the
requirements specified in the Solicitation for Grant Application. In
addition to competitive grants, Labor also issues formula grants.
Formula funded grants are awarded under programs where the
distribution of funds is prescribed by formula contained in federal
statute or established by departmental regulation or administrative
policy. Formula programs are typically funded through an annual
funding agreement and operate pursuant to an approved annual or multi-
year plan.
[19] Our review excluded the preaward phase because this phase does
not involve grantee related activities.
[20] Federal project officers have overall responsibility for
monitoring the conduct and progress of grantees, including conducting
on-site visits. Specifically, they are responsible for collaborating
with the grantees--both in the planning and implementation of the
program and in the evaluation of activities--and making
recommendations regarding program continuance.
[21] Labor's risk-based approach focuses on the readiness and capacity
of the grantee to administer the grant, including complying with
applicable laws and regulations and specific program requirements.
[22] The Core Monitoring Guide and the Grant Management Desk Reference
Guide are ETA's basic references of policies and procedures that the
federal project officer relies on to evaluate the administration of
grants.
[23] Single Audits are prepared to meet the requirements of the Single
Audit Act, as amended, (codified at 31 U.S.C. §§7501-7507) and provide
a source of information on internal control and compliance findings
and the underlying causes and risks. The Single Audit Act requires
states, local governments, and nonprofit organizations expending
$500,000 or more in federal awards in a year to obtain an audit in
accordance with the requirements in the Act. A Single Audit consists
of (1) an audit and opinions on the fair presentation of the financial
statements and the Schedule of Expenditures of Federal Awards; (2)
gaining an understanding of and testing internal control over
financial reporting and the entity's compliance with laws,
regulations, and contract or grant provisions that have a direct and
material effect on certain federal programs (that is, the program
requirements); and (3) an audit and an opinion on compliance with
applicable program requirements for certain federal programs.
[24] A clean audit opinion provides independent confirmation that the
department's financial statements are presented fairly and in
conformity with generally accepted accounting principles.
[25] In January 2010, Labor implemented NCFMS, a new financial
accounting and reporting system, in an effort to modernize its legacy
accounting and reporting system, called the Department of Labor
Accounting and Related Systems. NCFMS is intended to enhance Labor's
ability to provide greater financial efficiency, transparency, and
accountability.
[26] A material weakness is a deficiency, or combination of
deficiencies, in an internal control such that there is a reasonable
possibility that a material misstatement of the entity's financial
statements will not be prevented, or detected and corrected, on a
timely basis.
[27] GAO, A Model for Strategic Human Capital Management, [hyperlink,
http://www.gao.gov/products/GAO-02-373SP] (Washington, D.C.: Mar. 15,
2002).
[28] [hyperlink, http://www.gao.gov/products/GAO-04-39].
[29] U.S. Department of Labor, Sustaining a Model Workforce for the
21ST Century: Human Capital Strategic Plan 2008-2011 (Washington,
D.C.).
[30] In addition to these OASAM-led meetings, the HRC director is a
participant at the weekly Management Review Board meeting led by
Labor's Deputy Secretary. During these meetings, HRC officials brief
the Deputy Secretary on key human capital initiatives, as appropriate,
and gather his input on strategic human capital management for the
department.
[31] These data include information such as hiring and separation
rates, grade level and occupational distribution, retirement
eligibility, tenure, diversity, and frequency of use of recruitment
and retention incentives.
[32] While HRC maintains departmentwide information, certain program
agencies manage their own human capital initiatives at the national
level, in part, due to program agencies' different missions, budgets,
and workforce needs. Further, in each of the three program agencies
where we reviewed human capital operations, the national office
delegated some of the human capital decision-making to the regional
administrators, such as determining where to distribute staff among
their respective programs and suboffices.
[33] [hyperlink, http://www.gao.gov/products/GAO-02-373SP].
[34] GAO, Human Capital: Succession Planning and Management Is
Critical Driver of Organizational Transformation, [hyperlink,
http://www.gao.gov/products/GAO-04-127T] (Washington, D.C.: Oct. 1,
2003).
[35] Mission critical occupations are those which an agency considers
core to carrying out its mission. Such occupations usually reflect the
primary work of the organization without which mission-critical work
cannot be completed.
[36] This type of analysis is used to identify critical skills and
competencies currently needed by a federal agency's workforce and
those that will be needed in the future. By conducting such analyses,
federal agencies are able to better inform and appropriately focus
their succession planning efforts. See GAO, Human Capital: Selected
Agencies Have Opportunities to Enhance Existing Succession Planning
and Management Efforts, [hyperlink,
http://www.gao.gov/products/GAO-05-585] (Washington, D.C.: June 30,
2005).
[37] HRC assembled a team of 15 subject matter experts from 12 program
agencies to provide input into this process.
[38] U.S. Department of Labor, Fiscal Year 2009 Annual Human Capital
Management Report (Washington, D.C., December 2009). This report is
required of all federal agencies and must include details such as
human capital goals and objectives, workforce analysis, performance
measures and milestones, and human capital accountability systems. See
5 C.F.R. § 250.203.
[39] U.S. Department of Labor, Fiscal Year 2009 Annual Human Capital
Management Report (Washington, D.C., December 2009).
[40] According to Labor's workforce data, close to 42 percent of the
department's senior executives were eligible to retire as of January
10, 2011.
[41] According to Labor's data, in fiscal year 2010, Labor hired
approximately 1,700 permanent employees (including new hires and
conversions), of which more than 1,200 employees had less than 3 years
of federal experience.
[42] According to Labor, its accountability review program was
developed, in part, in response to regulatory requirements. HRC
evaluates each of the department's human resource offices every 2
years on a rotating schedule.
[43] In fiscal year 2010, HRC identified departmentwide problems with
(1) outdated and inaccurate position descriptions, (2) insufficient
hiring documentation and personnel actions in their automated system,
and (3) untimely applicant notifications. HRC uses these summary
findings to inform discussion topics for its monthly manager meetings
and issues advisories to all Labor agencies to correct or clarify
their policies.
[44] HRC expanded the survey instrument to include reviews of each
program agencies' recruiting and hiring initiatives, performance
management, knowledge management, and personnel security.
[45] In fiscal year 2010, Labor conducted six reviews, and has
scheduled seven for fiscal year 2011.
[46] [hyperlink, http://www.gao.gov/products/GAO-04-394G]. This
framework emphasizes the importance of management controls, including
the need for business unit representation. As described in the
framework, an IT governance structure should be comprised of senior
executives representing the heads of business units and supporting
units, such as financial management. The purpose is to ensure buy-in
from senior executives and users representing various departments.
[47] The Clinger-Cohen Act requires agencies to establish performance
measures to identify how IT contributes to program productivity; OMB
circular A-130 requires agencies to conduct post-implementation
reviews to assess the project's impact on mission performance and
document lessons learned.
[48] Labor's investment review board is known as their technical
review board.
[49] GAO, Information Technology: Federal Agencies Need to Strengthen
Investment Board Oversight of Poorly Planned and Performing Projects,
[hyperlink, http://www.gao.gov/products/GAO-09-566] (Washington, D.C.:
June 30, 2009).
[50] GAO, Information Technology: HHS Has Several Investment
Management Capabilities in Place, but Needs to Address Key Weaknesses,
[hyperlink, http://www.gao.gov/products/GAO-06-11] (Washington, D.C.:
Oct. 28, 2005).
[51] The TRB members represent information technology management from
the program agencies. The TRB members have support from five
subcommittees, which are responsible for major IT issues, such as
security capital planning and enterprise architecture functions. See
figure 1 for a detailed description of Labor's IT governance structure.
[52] The Clinger-Cohen Act requires agencies to establish a variety of
performance measures, such as those related to how IT contributes to
program productivity, efficiency, and effectiveness, and to monitor
the actual-versus-expected performance of those measures. Further, to
be effective, as part of the federal enterprise architecture, agencies
should include a performance reference model in order to provide a
means for using an agency's enterprise architecture to measure the
success of IT investments and their impact on strategic outcomes.
[53] Executive Office of the President of the United States, Federal
Enterprise Architecture: Consolidated Reference Model Document,
version 2.3 (October 2007).
[54] U.S. Department of Labor Enterprise Architecture Program
Management Office, DEAMS Requirements and Guidance Reference Manual,
version 2.5 (January 2010).
[55] The four systems that did not comprehensively adhere to Labor
guidance on performance measures were OSHA's information system, WHD's
Wage and Hour Investigative Support and Reporting Database, ETA's
grants management system (eGrants), and OCFO's NCFMS.
[56] This type of measurement could have included determining if
consistent data inputs provided accurate names and addresses of the
worksites assessed for violations. For example, if there was an
explosion at one business site the metric would assess the system
accuracy in identifying other site locations and associated
inspections. Another metric would be to identify if the name of the
worksite was consistent across all inspections.
[57] An example of a performance measure that will support mission
needs and business results that OSHA intends to track with the new
system includes capturing information on fatalities and gathering data
on fatalities to non-English-speaking individuals.
[58] The new system, OSHA Information System, is intended to replace
part of the existing legacy systems that have obsolete technology and
to provide support for the agency's mission needs. According to OSHA
officials, Labor is scheduled to begin field deployment during the 3rd
quarter of fiscal year 2011. Initially, the new Web-based system will
include enforcement, consultation, health sampling, and establishment
processing modules.
[59] The five categories for the customer results measurement area
are: (1) customer benefit, (2) service coverage, (3) timeliness and
responsiveness, (4) service quality, and (5) service availability.
[60] The six categories for the technology measurement areas are: (1)
technology costs, (2) quality assurance, (3) efficiency, (4)
information and data, (5) reliability and availability, and (6)
effectiveness. An IT initiative, according to OMB, can include
applications, infrastructure, or services provided in support of a
process or program.
[61] According to the Paperwork Reduction Act, with respect to federal
information technology, each agency shall assume responsibility for
maximizing the value and assessing and managing the risks of major
information systems initiatives through a process that is used to
select, control, and evaluate the results of major information systems
initiatives.
[62] GAO, Assessing Risks and Returns: A Guide for Evaluating Federal
Agencies' IT Investment Decision-making, [hyperlink,
http://www.gao.gov/products/GAO/AIMD-10.1.13] (Washington, D.C.: Feb.
3, 1997). This guidance states that the starting point for the
selection phase is the screening process and that assurances should be
provided that all necessary project proposal and justification steps
have been performed. Also, the costs, benefits, and risks of all IT
projects--such as proposed, under development, and operational--are
then assessed. Finally, a senior management decision-making body
should make decisions about which projects to select for funding based
on mission needs and organizational priorities. The systems and
projects that are selected for funding make up the portfolio of IT
investments.
[63] NCFMS is critical for the effective operation of the department
and is the financial system that supports all Labor agencies and
offices. NCFMS is intended to process and report financial
transactions and support administrative functions, such as travel and
vendor invoices, as well as interface with other major departmental
systems, such as Labor's grants management system.
[64] The Information Technology Investment Management framework states
that the starting point for the selection phase is the screening
process, and that assurances should be provided that all necessary
project proposal and justification steps have been performed. This
includes checking to ensure that stakeholders were involved. Also, the
costs, benefits, and risks of all IT projects--such as proposed, under
development, and operational--are then assessed. Finally, a senior
management decision-making body should make decisions about which
projects to select for funding based on mission needs and
organizational priorities. The systems and projects that are selected
for funding make up the portfolio of IT investments.
[65] GAO, Information Technology: DOD's Acquisition Policies and
Guidance Need to Incorporate Additional Best Practices and Controls,
[hyperlink, http://www.gao.gov/products/GAO-04-722] (Washington, D.C.:
July 30, 2004).
[66] We found that systems problems reported by Labor in part related
to improperly testing system user requirements to determine if FSIO
requirements had been effectively implemented. For example, Labor
reported that it was unable to properly perform the Treasury
confirmation process on some payments, even though FSIO has
requirements for performing this function.
[67] According to the Institute of Electrical and Electronics
Engineers, the key components of ensuring that systems will perform as
intended include, but are not limited to, (1) preparing selected test
requirements, test cases, and test specifications for analyzing test
results; (2) testing the software product as appropriate in selected
areas of the target environment; and (3) testing that representative
users can successfully achieve their intended tasks using the software
product.
[68] User acceptance testing involves evaluating system
interoperability, all documentation, system reliability, and the level
to which the system meets user requirements.
[69] As defined by Labor, the "procure to pay" process is the process
used to obtain and pay for goods. The process begins with the receipt
of the invoice from a vendor. The Labor Finance Center records the
invoice information in the system based on the invoice received. Once
data are entered, the invoice is routed for the necessary approvals
and certified by the authorized certifying officer. Once certified,
payment schedules are created and sent to Treasury for payment.
[70] To understand the testing conducted for NCFMS, we reviewed 2
(procure to pay and trust fund) of the 23 test scripts to assess the
adequacy of testing Labor's financial management requirements. The
procure to pay test scripts were intended to provide the essential
standardized set of financial management activities and the trust fund
scripts were intended to, among other actions, test the processing of
billions in unemployment dollars annually. After reviewing the two
test scripts, we interviewed Labor officials on 26 of the 159 procure
to pay test steps. Of the 26 test steps, 17 did not have sufficient
documentation to show they were tested adequately. The department did
not comprehensively document the expected test results, actual
results, identified errors, or any corrections, if performed. As we
have previously reported in our testing guide, test results should be
fully documented so that the information can be used to (1) validate
that test criteria have been met and (2) assist in assessing and
correcting defects. GAO, Year 2000 Computing Crisis: A Testing Guide,
[hyperlink, http://www.gao.gov/products/GAO/AIMD-10.1.21] (Washington,
D.C.: Nov. 1, 1998).
[71] A test script is a list of sequential actions that testers follow
when executing a test. If a test requires that special setup
activities be performed, these actions are identified in the test
script.
[72] GAO, Business Modernization: Improvements Needed in Management of
NASA's Integrated Financial Management Program, [hyperlink,
http://www.gao.gov/products/GAO-03-507] (Washington, D.C.: Apr. 30,
2003).
[73] Boundary condition testing is the boundary or limit conditions of
the software being tested.
[74] Instead of testing quantities just below and above the
established limit of 100, such as 99 and 101; Labor tested the
quantities of 40, 50, 100, and 110, potentially not identifying system
errors.
[75] For example, one of the tests required that certain accounting
entries be posted to the general ledger; however, Labor did not have
documentation available to show that the general ledger was posted.
[76] Financial Systems Integration Office, Financial Management
Systems Standard Business Process for U.S. Government Agencies,
Standard Business Processes (September 2009).
[77] U.S. Department of Labor, Office of Inspector General-Office of
Audit, Department of Labor (DOL) New Core Financial Management System
(NCFMS) Pre-Implementation Performance Audit Report, 22-10-014-13-001
(Jan. 13, 2010). Also, end-to-end testing refers to user-level testing
that verifies that the integrated component works correctly as part of
the overall system, and that the existing components of the system
work as before.
[78] According to the OIG, integration testing includes the real-time
interfaces that connect with NCFMS. The purpose of real-time interface
testing is to evaluate and verify the exchange of data, transmission
and control, and processing times.
[79] According to the OIG, without testing the completeness and
accuracy of data being transferred between the batch interfaces and
NCFMS, errors may occur that limit the system's ability to process
financial data properly and meet Labor's financial reporting
requirements.
[80] A disclaimer of opinion is an auditor's statement disclaiming any
opinion regarding an entity's financial condition due to an inability
to gather certain relevant facts.
[81] U.S. Department of Labor, Office of the Chief Information
Officer, System Development Life Cycle Management (SDLCM) Manual,
version 2.2 (Washington, D.C., November 2006).
[82] U.S. Department of Commerce, National Institute of Standards and
Technology, Recommended Security Controls for Federal Information
Systems and Organizations, Special Publication 800-53 revision 3
(Gaithersburg, Md., August 2009).
[83] Office of Management and Budget, FY 2010 Reporting Instructions
for the Federal Information Security Management Act and Agency Privacy
Management (Washington, D.C., Apr. 21, 2010).
[84] Patricia Toth, Computer Security Division, Information Technology
Laboratory, NIST Next Generation Risk Management: Information Security
Transformation for the Federal Government (May 11, 2010); Dr. Ron
Ross, Computer Security Division, Information Technology Laboratory,
NIST, State of Transformation: Next Generation Risk Management for the
Federal Government, (Mar. 24, 2010).
[85] Under FISMA, agencies perform an annual independent evaluation of
their information security program and practices, and report
assessments of risk of their IT systems, using determinations of high,
moderate, and low risk, as described in NIST FIPS pub. 199.
[86] GAO, High-Risk Series: An Update, [hyperlink,
http://www.gao.gov/products/GAO-11-278] (Washington, D.C.: Feb.16,
2011).
[87] U.S. Department of Labor, Office of Inspector General, FY 2010
Independent Auditors' Report, 22-11-002-13-001 (Nov. 15, 2010) and
Semiannual Report To Congress, Volume 64 (October 2010).
[88] U.S. Department of Labor, Fiscal Year 2009 Performance and
Accountability Report (Nov. 16, 2009).
[89] With the enactment of the Recovery Act, Congress increased
Labor's grant funding by an additional $45 billion, of which $4.8
billion was budgeted through 2009 for discretionary funds.
[90] The purpose of our testing was not to determine the extent to
which there were deficiencies in the documentation systems of ETA's
discretionary grants process, but rather to illustrate the possible
effect of identified control design flaws. For this purpose, we
selected a nongeneralizable sample of 30 (15 active and 15 closed)
discretionary grants. For additional information about our sample
methodology, see appendix I.
[91] ETA, Employment and Training Order No. 1-08--Grant Management
Policies and Responsibilities within the Employment and Training
Administration (June 18, 2008), and Grant Management Desk Reference
(February 2009).
[92] As part of this procedure, the Office of Special Programs and
Emergency Preparedness is required to conduct a preaward clearance
that includes a review of documents obtained from official grant
files, reflecting financial accountability, incident reports,
investigations, audit resolutions, and outstanding debt. The preaward
clearance also includes consultation with Labor's OIG to identify
debarment issues and audit findings that could affect the award
process.
[93] Our nongeneralizable sample included 10 competitive grants where
this documentation would have been required.
[94] GAO, Internal Control: Standards for Internal Control in the
Federal Government, [hyperlink,
http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.:
November 1999).
[95] In 2008, GEMS was designated as ETA's primary electronic grant
monitoring system. It is intended to be the repository for grant
documentation related to risk assessment, monitoring, on-site visits,
quarterly desk reviews, technical assistance, and any other monitoring
documentation created in the period of performance.
[96] To understand the possible effect of identified control design
flaws, we selected a nongeneralizable sample of 30 (15 active and 15
closed) discretionary grants. For additional information about our
sample, see appendix I. Of the 30 selected grant files, we found 2
that were closed in fiscal year 2009 but did not include monitoring
activities in GEMS. According to ETA officials, one of the grant files
selected was awarded prior to 2006 and therefore, was not managed in
GEMS. For the other grant, ETA officials stated that the information
was incorrectly filed under another project number and they have now
corrected this error.
[97] For the majority of the seven grants, the quarterly risk
assessments changed from medium-risk to low-risk but no explanations
were provided to justify such changes.
[98] According to ETA officials, GEMS was upgraded to include a
notification box that prompts the FPOs to provide an explanation when
they overrode an initial and quarterly risk assessment. For initial
risk assessment, the upgrade went into affect for all grants that were
active as of April 2010. The upgrade for quarterly risk assessment
applied to all desk reviews for the period ending March 31, 2010, and
forward. If properly implemented, these changes should address the
design deficiency noted in our sampled grants, which were issued prior
to the GEMS upgrade.
[99] ETA's Single Audit resolution process, which is primarily
conducted at ETA headquarters, includes reviewing a grantee's audit
report and corrective action plans to determine whether the corrective
action plans address the findings, contacting a grantee for follow-up
questions, and issuing a final determination letter after OIG's
approval. The final determination (also called a management decision)
is the process through which the grant officer determines if
appropriate actions required to correct audit deficiencies have been
met. Once the grant officer approves the actions to correct the audit
deficiencies, a final determination letter is issued, which is
approved by Labor's OIG.
[100] [hyperlink, http://www.gao.gov/products/GAO-04-39], [hyperlink,
http://www.gao.gov/products/GAO-05-585], and [hyperlink,
http://www.gao.gov/products/GAO-02-373SP]. OPM, Human Capital
Standards for Success: Human Capital Assessment and Accountability
Framework.
[101] GAO, OPM's Central Personnel Data File: Data Appear Sufficiently
Reliable to Meet Most Customer Needs, [hyperlink,
http://www.gao.gov/products/GAO/GGD-98-199] (Washington, D.C.: Sept.
30, 1998) and Human Capital: Diversity in the Federal SES and Senior
Levels of the U.S. Postal Service and Processes for Selecting New
Executives, [hyperlink, http://www.gao.gov/products/GAO-08-609T]
(Washington, D.C.: Apr. 3, 2008.)
[102] A mass transfer is when a unit or function along with its
employees of an agency is transferred to a different agency. A
voluntary transfer is when an individual employee accepts a position
in a different agency.
[103] The Clinger-Cohen Act of 1996, Pub. L. No. 104-106, 110 Stat.
186 (1996). U.S. Department of Commerce, National Institute of
Standards and Technology, Recommended Security Controls for Federal
Information Systems and Organizations, Special Publication 800-53
revision 3 (Gaithersburg, MD, August 2009); Office of Management and
Budget, FY 2010 Reporting Instructions for the Federal Information
Security Management Act and Agency Privacy Management (Washington,
D.C.: Apr. 21, 2010); and the Federal Information Security Management
Act of 2002, enacted as Title III, E-Government Act of 2002, Pub. L.
No. 107-347, 116 Stat. 2899, 2946.
[104] Executive Office of the President of the United States, Federal
Enterprise Architecture: Consolidated Reference Model Document,
version 2.3 (Washington, D.C., October 2007) and U.S. General Services
Administration, Financial Systems Integration Office, Financial
Management Systems Standard Business Process for U.S. Government
Agencies, Standard Business Processes (Washington, D.C., September
2009).
[105] [hyperlink, http://www.gao.gov/products/GAO-04-394G];
Information Technology Management: Governmentwide Strategic Planning,
Performance Measurements, and Investment Management Can Be Further
Improved, [hyperlink, http://www.gao.gov/products/GAO-04-49]
(Washington, D.C.: Jan. 12, 2004); [hyperlink,
http://www.gao.gov/products/GAO-03-584G]; [hyperlink,
http://www.gao.gov/products/GAO/AIMD-98-89]; and [hyperlink,
http://www.gao.gov/products/GAO/AIMD-10.1.13].
[106] Our review did not include the preaward phase because it does
not involve grantee related activities.
[107] The E-grants system included 1,357 discretionary grants that
were active as of September 30, 2009, and 374 discretionary grants
that were closed during fiscal year 2009.
[108] In November 2009, ESA was reorganized into four stand-alone
program agencies that report directly to the Secretary of Labor--the
Wage and Hour Division, Office of Federal Contracts Compliance
Programs, Office of Workers' Compensation Programs, and Office of
Labor Management Standards. CPDF data presented in this report uses
data from ESA overall, prior to this reorganization.
[109] We calculated attrition by dividing the total number of
separations for each fiscal year by the average of the number of these
employees in the CPDF as of the last pay period of the fiscal year
before the fiscal year of the separations and the number of these
employees in the CPDF as of the last pay period of the fiscal year of
separation.
[110] Throughout this appendix, references to mission critical
occupations include those that Labor considered mission critical as of
fiscal year 2008.
[111] We identified all Labor hires for fiscal years 2005-2009 by
using personnel action codes in CPDF for accessions to career or
career conditional positions within each of these years. Accessions
include new hires to the agency and hires of individuals returning to
the government.
[112] Hiring data for each fiscal year may not reflect employees who
were hired and did not stay through the end of the fiscal year.
[113] We refer to "ordinary" federal hires as those hired through the
competitive process. We refer to "special hire" as those employees
hired under certain flexible hiring authorities. OPM has established
many flexible hiring authorities for critical occupations, hard-to-
fill occupations, populations of applicants targeted by law or
executive order, occupations for which examining and ranking are not
feasible, and selected other situations. Special hires include, for
example, those hired through the Presidential Management Fellowship
Program and the Veterans Recruitment Appointment.
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548: