Introduction
The CIGIE is comprised of all Inspectors General whose offices are established under section 2 or section 8G of the Inspector General Act of 1978 (5 U.S.C. App.), those that are Presidentially-appointed/Senate Confirmed and those that are appointed by agency heads (designated federal entities). The Deputy Director for Management of the Office of Management and Budget is the Executive Chair of the Council. The Chair of the Council is elected by the Council members to serve a 2 year term. The Chair appoints a Vice Chair from other than the category from which the Chair was elected. Other statutory members of the CIGIE include: the Inspectors General of the Office of the Director of National Intelligence and the Central Intelligence Agency, the Controller of the Office of Federal Financial Management, a senior level official of the Federal Bureau of Investigation designated by the Director of the Federal Bureau of Investigation, Director of the Office of Government Ethics, Special Counsel of the Office of Special Counsel, the Deputy Director of the Office of Personnel Management, the Inspectors General of the Library of Congress, Capitol Police, Government Publishing Office, Government Accountability Office, and the Architect of the Capitol.
Prior to the establishment of the CIGIE, the Federal Inspectors General operated under the auspices of two councils, The President's Council on the Integrity and Efficiency (PCIE) and the Executive Council on the Integrity and Efficiency (ECIE) from the time they were established by Executive Order 12805, May 11, 1992 until the signing of P.L. 110-409.
The Council of the Inspectors General on Integrity and Efficiency (CIGIE) was statutorily established as an independent entity within the executive branch by the "The Inspector General Reform Act of 2008," P.L. 110-409 to:
To accomplish its mission, the CIGIE:
Annual Reports on the Top Management and Performance Challenges
Each year, federal Inspectors General (IGs) identify and report on the top management and performance challenges (TMPC) facing their individual agencies pursuant to the Reports Consolidation Act of 2000.1 In addition, the Council of the Inspectors General on Integrity and Efficiency (CIGIE) issues an Annual Report to the President and Congress that includes a list of the top management and performance challenges shared by many federal agencies. Many of the identified challenges remain the same each year and can be found in agencies throughout the federal government, despite vast differences in size and mission.
The objective of this report is to consolidate and provide insight into the most frequently reported challenges identified by federal, statutory Offices of Inspector General (OIGs) based on work conducted in the previous fiscal year (FY). The report also may serve to assist policymakers in determining how best to address these challenges in the future. Even though the broad categories of challenges may remain the same over time, the specific areas of concern may change from year to year, based on the federal government’s progress in addressing certain aspects of the challenges, changing priorities, and emerging risks.
To accomplish this objective, OIG reviewed TMPC reports that were issued by federal, statutory OIGs in the previous FY. Specifically, reviewing every challenge reported in each TMPC report to ascertain whether it fell within one of the broad categories identified in the CIGIE Annual Report to the President and Congress or fell into another broad category. Through this process, the most frequently reported challenges by category are identified. Note that this methodology resulted in a number of extremely important challenges that were cited by several OIGs, such as those related to national security, public safety, and public health, not being included in this report because they did not rank among the challenges most frequently reported by the 61 OIGs, primarily because only a limited number of those OIGs have oversight responsibilities in these areas. Their absence in this report does not reflect a qualitative judgment about the impact or importance of these challenges. OIG top management and performance challenges reports reviewed were:
Amtrak
Appalachian Regional Commission
Architect of the Capitol
Board of Governors of the Federal Reserve System
Broadcasting Board of Governors
Chemical Safety and Hazard Investigation Board
Committee for Purchase From People Who Are Blind or Severely Disabled (AbilityOne Program)
Consumer Financial Protection Bureau
Consumer Product Safety Commission
Corporation for National and Community Service
Defense Nuclear Facilities Safety Board
Denali Commission
Department of Agriculture
Department of Commerce
Department of Defense
Department of Education
Department of Energy
Department of Health and Human Services
Department of Homeland Security
Department of Housing and Urban Development
Department of Justice
Department of Labor
Department of State
Department of the Interior
Department of the Treasury
Department of Transportation
Department of Veterans Affairs
Election Assistance Commission
Environmental Protection Agency
Equal Employment Opportunity Commission
Export-Import Bank of the United States
Farm Credit Administration
Federal Election Commission
Federal Housing Finance Agency
Federal Labor Relations Authority
Federal Maritime Commission
Federal Trade Commission
General Services Administration
Government Publishing Office
Gulf Coast Ecosystem Restoration Council
Internal Revenue Service (Treasury Inspector General for Tax Administration)
Library of Congress
National Aeronautics and Space Administration
National Archives and Records Administration
National Endowment for the Arts
National Endowment for the Humanities
National Labor Relations Board
National Science Foundation
Nuclear Regulatory Commission
Office of Personnel Management
Peace Corps
Pension Benefit Guaranty Corporation
Railroad Retirement Board
Securities and Exchange Commission
Small Business Administration
Social Security Administration
Special Inspector General for Troubled Asset Relief Program
U.S. Agency for International Development
U.S. Commodity Futures Trading Commission
U.S. International Trade Commission
U.S. Postal Service
Many IGs reported that their agencies’ challenges were impacted by resource issues, both human and budgetary. For example, the inadequate allocation of funding directly impacted the challenges related to Information Technology Security and Management, Human Capital Management, and Facilities Maintenance. Similarly, the inability to hire, recruit, train, and/or retain personnel who have the skills needed to efficiently and effectively execute federal agencies’ missions directly impacts the Information Technology Security and Management, Human Capital Management, and Procurement Management challenges. In addition, OIGs reported that federal agencies’ failure to use performance-based metrics to assess the success of their programs and operations negatively impacted the Performance Management and Accountability, Procurement Management, and Grant Management challenges.
The information technology (IT) security and management challenge includes TMPC challenges related to (1) the protection of federal IT systems from intrusion or compromise by external or internal entities and (2) the planning and acquisition for replacing or upgrading IT infrastructure. This is a long-standing, serious, and ubiquitous challenge for federal agencies across the government, because agencies depend on reliable and secure IT systems to perform their mission-critical functions. The security and management of government IT systems remain challenges due to significant impediments faced by federal agencies, including resource constraints and a shortage of cybersecurity professionals.
Key areas of concern are safeguarding sensitive data and information systems, networks, and assets against cyber-attacks and insider threats; modernizing and managing federal IT systems; ensuring continuity of operations; and recruiting and retaining a highly skilled cybersecurity workforce.
Federal information systems continue to be targets of cyber-attacks and vulnerable to insider threats. In the face of this ever-present and ever-escalating threat, federal agencies across the government face challenges in ensuring information systems are secure and sensitive data is protected. Given the immense responsibilities with which federal agencies are charged, failure to meet this challenge can have significant consequences in any number of ways, including by exposing individuals’ personal information and compromising national security. For instance, in 2015, data breaches at the Office of Personnel Management exposed the personal information of over 20 million people.
The Social Security Administration (SSA) OIG reported deficiencies in the agency’s ability to protect the confidentiality, integrity, and availability of the SSA’s information systems and data. The SSA OIG recommended that the SSA should make protecting its network and information system a top priority and dedicate the resources needed to ensure the appropriate design and operating effectiveness of information security controls and prevent unauthorized access to sensitive information. Compounding this challenge, some agencies, including the Department of Commerce (DOC) and Department of Justice (DOJ), have encountered difficulty sharing information regarding cybersecurity threats with internal and external stakeholders because the information is often either classified or extremely sensitive.
Some OIGs expressed a concern with agencies’ efforts to detect and mitigate the impact of insider threats. The Department of Defense (DOD) OIG noted that despite the DOD’s efforts to limit insider risks, two contractors working for the National Security Agency removed classified information in 2017, and, in at least one instance, disclosed classified information. Across the government, progress in addressing the challenge of safeguarding data and information systems can be impeded by limited resources. The Export-Import Bank of the United States (EXIM) OIG stated that limited budgetary resources have posed a challenge for EXIM in developing, implementing, and maintaining a mature information security program.
Outdated or obsolete IT systems can potentially reduce system reliability and affect an agency’s ability to fulfill its mission. Many OIGs found that their respective agencies were using legacy IT systems to perform core functions and responsibilities. For instance, the Treasury Inspector General for Tax Administration (TIGTA) stated that the Internal Revenue Service (IRS) has a large and increasing amount of aged hardware, some of which is three to four times older than industry standards. In its FY 2016 President’s Budget, the IRS noted that its information technology infrastructure poses significant risk of failures due to its reliance on legacy systems and use of outdated programming languages. However, it is unknown when these failures will occur, how severe they will be, or whether they will have material impacts on tax administration during a filing season.
Outdated IT systems can also impact the security of the agency. The DOJ OIG reported that the DOJ’s Justice Security Operations Center, which provides 24/7 monitoring of the DOJ’s internet gateways and incident response management, is hampered by its aging infrastructure, some of which is past its end of useful life and is no longer supported.
The cost of maintaining legacy IT systems has also inhibited efforts to develop and implement updated IT systems, as agencies are forced to grapple with limited budgets and competing priorities. In particular, the SSA OIG stated that the SSA spent $1.8 billion on IT in fiscal year 2017. However, according to the SSA, budget constraints have forced SSA to use much of its IT funding to operate and maintain existing systems.
In addition, the failure to improve and modernize IT systems can threaten national security. The Department of Homeland Security (DHS) OIG found that the slow performance of a critical pre-screening system greatly reduced U.S. Customs and Border Protection (CBP) officers’ ability to identify passengers who may be of concern, and frequent network outages hindered air and marine surveillance operations.
Some OIGs have noted deficiencies with agency IT contingency planning. The Department of the Interior (DOI) OIG, for example, has highlighted agency data backup issues, which could potentially leave DOI without access to important data should a computer fail or system be compromised. Similarly, the Department of State (State) OIG found that IT contingency plans for some overseas posts failed to meet departmental guidelines, which could negatively affect a post’s ability to recover from an IT incident.
Compounding these issues, many federal agencies face challenges in attracting and retaining a highly skilled cybersecurity workforce to help mitigate attacks and protect federal agencies from cyber intrusions. A significant impediment for agencies in expanding the federal cybersecurity workforce is a shortage of available cybersecurity professionals. For example, the Department of Transportation (DOT) OIG stated that federal and private sector demand for cybersecurity professionals is outpacing supply by approximately 40,000 jobs in the United States.
The performance management and accountability challenge includes challenges related to managing agency programs and operations efficiently and effectively to accomplish mission-related goals. Although federal agencies vary greatly in size and mission, they face some common challenges in improving performance in agency programs and operations. Key areas of concern include collecting and using performance-based metrics; overseeing private-sector corporations’ impact on human health, safety, and the economy; and aligning agency component operations to agency-wide goals.
Agencies also face challenges related to their responsibilities for conducting oversight of private-sector products or services that could have impacts on human health, safety, and economic viability. Effective oversight not only improves the operations of the agency in question; it also directly affects the experience of citizens, businesses, and organizations that depend on these products and services. For example, the DOT OIG reported that DOT continues to face new and longstanding oversight challenges to ensure safety efforts keep pace with the rapidly evolving airline industry. Among them is DOT’s effort to oversee the manufacture and repair of aircraft parts according to federal standards. Similarly, the Department of Health and Human Services (HHS) OIG noted HHS’s challenge in overseeing the safety of drugs and medical devices. Specifically, HHS OIG stated that the intricate global supply chains for drugs and medical devices present HHS with many challenges, and the products are at risk of diversion, theft, counterfeiting, and adulteration. The Department of Labor (DOL) OIG reported on DOL’s challenge in enforcing laws to protect workers from death, injury, and illness in high-risk industries such as construction, forestry, fishing, agriculture, and mining. The Securities and Exchange Commission (SEC) OIG reported an immediate and pressing need for ensuring sufficient examination coverage of registered investment advisors. The Board of Governors of the Federal Reserve System (FRB) continues to take measures to enhance its oversight framework for banking organizations and will have to be sufficiently nimble to respond to changes that could influence the strategic direction of its supervisory efforts.
The human capital management challenge includes TMPC challenges related to recruiting, managing, developing, and optimizing agency human resources. Human capital management is a significant challenge that impacts the ability of federal agencies to meet their performance goals and to execute their missions efficiently. Consistent with the findings of the IG community, GAO has identified strategic human capital management within the federal government as a high-risk area since 2001. Key areas of concern include inadequate funding and staffing; recruiting, training, and retaining qualified staff; agency cultures that negatively impact the agency’s mission; and the impact of the lack of succession planning and high employee turnover.
The lack of adequate, predictable funding and staffing can negatively affect an agency’s ability to meet its mission. Further, the necessity of operating under Continuing Resolutions and complying with hiring freezes result in budget uncertainties, delayed hiring actions, and overworked agency staffs. The National Labor Relations Board (NLRB) OIG reported that reduced or flat appropriations and the loss of key personnel through retirements directly affect the NLRB’s ability to maintain a stable and productive workforce. Similarly, the U.S. AbilityOne Commission (AbilityOne) OIG reported that AbilityOne does not have adequate staffing and resources to effectively execute its responsibilities and sustain its mission. AbilityOne OIG further reported that its agency faces challenges as it operates with a staff of less than 31 people responsible for administering a $3 billion program with locations in all 50 states, Puerto Rico, and Guam.
The financial management challenge includes challenges related to a broad range of functions, from program planning, budgeting, and execution to accounting, audit, and evaluation. Weaknesses in any of these functional areas limit an agency’s ability to ensure that taxpayer funds are being used efficiently and effectively and constitute a significant risk to federal programs and operations. Key areas of concern include both the need for agencies to improve their financial reporting and systems, and the significant amount of dollars federal agencies lose through improper payments.
As government programs and operations continue to grow in complexity, stringent reporting requirements become increasingly necessary to ensure program integrity, efficiency, and transparency. However, agencies’ ability to track and report financial data has not kept pace with agency needs. In particular, outdated financial management systems may not have the configurations necessary to track and report financial data reliably as agency needs evolve, making effective financial management difficult. For example, some OIGs reported on agencies’ challenges complying with regulatory changes and modernization requirements, such as the Digital Accountability and Transparency Act of 2014 (Public Law No. 113-01) that established new financial reporting requirements for all federal agencies. Multiple OIGs also reported deficiencies in the internal controls over their agencies’ financial management reporting and systems, such that the agencies’ ability to report reliable financial information was impacted. In some instances, OIGs found that these deficiencies rose to the level of material weaknesses in internal controls over financial reporting, meaning that there was a reasonable possibility that a material misstatement of an agency’s financial statement would not be prevented or detected on a timely basis.
The procurement management challenge encompasses the entire procurement process, including pre-award planning, contract award, and post-award contract administration. Given that the federal government awarded over $500 billion in contracts in FY 2017, the fact that many federal agencies face challenges in Procurement Management indicates that billions of taxpayer dollars may be at increased risk for fraud, waste, abuse and mismanagement. Further, many federal agencies rely heavily on contractors to perform their missions and, as a result, the failure of a federal agency to efficiently and effectively manage its procurement function could also impede the agency’s ability to execute its mission. Key areas of concern for this challenge include weaknesses with procurement planning, managing and overseeing contractor performance, and the training of personnel involved in the procurement function.
Federal agencies face challenges ensuring that their facilities stay in proper condition and remain capable of fulfilling the government’s needs. Throughout the federal government, OIGs have identified insufficient funding as the primary reason why agencies fail to maintain and improve their equipment and infrastructure. Without additional funding for required maintenance and modernization, it is unclear how agencies will manage the challenges of equipment and infrastructure that are simultaneously becoming more costly and less effective. Key areas of concern related to facilities maintenance are the increased likelihood of mission failure and the higher overall cost of deferred maintenance.
Promptly addressing maintenance needs reduces the chance of structural failures that may impact whether an agency can accomplish its mission. In some cases, agencies are dealing with deteriorating infrastructure that may cause substandard working conditions for staff, create inconveniences in using equipment, fail to incorporate newer technologies and standards, or cause other issues. In other, more significant cases, agencies may be hampered in performing their missions effectively because of breakdowns in essential equipment or hazards posed by unmaintained infrastructure. For example, the DOE OIG noted its Department had reported that only 50 percent of its structures and facilities were considered functionally adequate to meet the mission. Additionally, a DOD report stated that in order to remain safe, secure, and effective, the U.S. nuclear stockpile must be supported by a modern physical infrastructure, but the DOE OIG noted that the average age of its Department’s facilities, which support the nuclear stockpile, is 36 years.
The grant management challenge includes challenges related to the process used by federal agencies to award, monitor, and assess the success of grants. Deficiencies in any of these areas can lead to misspent funds and ineffective programs. As proposed in the President’s budget for FY 2018, federal agencies will spend more than $700 billion through grants to state and local governments, non-profits, and community organizations to accomplish mission-related goals. However, the increasing number and size of grants has created complexity for grantees and made it difficult for federal agencies to assess program performance and conduct oversight. Even though the key areas of concern relating to the grant management challenge overlap with issues discussed in other challenges, such as the Performance Management and Accountability and the Financial Management sections, OIGs reported grant management as a TMPC with sufficient frequency that it ranked as a separate, freestanding challenge. Key areas of concern are ensuring grant investments achieve intended results, overseeing the use of grant funds, and obtaining timely and accurate financial and performance information from grantees.