The GAO’s 2021 High-Risk List

Key Takeaways:

• Federal response programs related to current national crises - COVID-19 and the opioid epidemic - are added to the GAO’s latest High-Risk List
• DOD’s programs fared well on the High-Risk List, remaining unchanged or improving since 2019, with one area successfully removed from the list altogether.
• Cybersecurity weaknesses cause programs such as the Decennial Census to regress under the GAO’s radar.   
• Three acquisition-related programs on the GAO’s list saw improvements since 2019, denoting a general trend in effective contract management at agencies.

Dubbed as the federal government’s “watchdog agency,” every two years the GAO publishes a report card of sorts on high-risk federal programs and operations. Specifically, the agency’s High-Risk Series, “identifies government operations with vulnerabilities to fraud, waste, abuse, and mismanagement, or in need of transformation to address economy, efficiency, or effectiveness challenges.”

Overall, the GAO’s 2021 update reveals 20 areas that remained unchanged, while five lapsed in improvements, seven progressed, and two new areas added, bringing the total to 36 areas for the 2021 High-Risk List.

The below table summarizes the changes to the High-Risk List since 2019. For a complete list of high-risk areas, refer to the GAO’s full report.

A few different themes emerge from the above list.

Current Crises Push New Areas to List

Effects of current crises, the opioid epidemic and the COVID-19 pandemic, primarily drive the two areas added to this year’s GAO list. In particular, oversight of small business emergency loans prompted by COVID-19’s economic downturn faces increased scrutiny.  While the SBA issued billions of dollars in loans and advances to help small business recover from the impacts by COVID-19, the agency proved ill equipped to develop sufficient safeguards to approve pandemic-related loans and lacked finalized plans of oversight for the PPP and EIDL programs after loan disbursement. Among other recommendations, the GAO advises the SBA to utilize data analytics across loans and advances made in response to the pandemic to detect fraudulent applications.   

DOD Fares Well on the 2021 List

DOD is typically an agency in the “hot seat” for many federal program reviews and evaluations. Nonetheless, several DOD programs on GAO’s list improved in progress, with one program even removed from the list due to its compliance with GAO metrics. Among other successes, DOD’s Support Infrastructure Management area, “efficiently utilized military installation space; reduced its infrastructure footprint and use of leases, reportedly saving millions of dollars; and improved its use of installation agreements, reducing base support costs.” For example, DOD improvement in data quality, particularly with the implementation of the Data Analytics and Integration Support (DAIS) system for real property inventory data, helped provide the agency with a common platform and connect to other military service real property system to form a unified and transparent picture of its infrastructure assets.

Cyber Concerns Befall High-Risk Areas

Though the 2020 Decennial Census has somewhat come and gone, the GAO stressed multiple vulnerabilities post-enumeration operations as well as planning for the 2030 count. Among its recommendations to the Census Bureau, the GAO urges the agency to improve credibility of schedules and quantitative risk assessments, and address data quality concerns in post-2020 count procedures. Moreover, the bureau has not addressed the GAO’s recommendation to implement corrective actions for cybersecurity weaknesses, with 61% of actions delayed past scheduled completion dates.

Additionally, the GAO identified several concerns with overall federal efforts in national cybersecurity. For instance, the National Cyber Strategy does not address all “desirable characteristics of national strategies.” While DHS, GSA and OMB have established various programs of cyber management, several sector-specific agencies are still struggling to adopt high-levels of cybersecurity frameworks.

Contract and Acquisition Programs on the Mend

Pleasantly surprising is the number of acquisition-related programs rising out of the GAO high-risk ashes. Contract and acquisition programs at DOD, DOE and NASA all received praises from the GAO for numerous improvements in management and oversight. With the DOD significantly building up its acquisition workforce and addressing several challenges, the GAO narrowed the scope of the high-risk area by removing Acquisition Workforce as a key element under the DOD Contract Management high-risk area.

At DOE, the NNSA has continually addressed contract performance issues not meeting expectations since 2019. Moreover, NNSA implemented a data collection format for enterprise-wide financial data insight into total program costs. Nonetheless, the GAO found that NNSA has not yet developed a full suite of program management tools to manage and monitor several plutonium- and uranium-based projects.

At NASA, the agency has met GAO’s leadership commitment and monitoring criteria since 2019. Specifically, the agency began utilizing earned value management data to measure the value of work accomplished under a given project in a given period. Furthermore, the agency is pursuing additional hiring and training opportunities to strengthen its acquisition workforce.