This is the accessible text file for CG Presentation number GAO-09-
158CG entitled 'Upcoming Transition Includes Key Information Technology 
Challenges' which was released on November 3, 2009. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Upcoming Transition Includes Key Information Technology Challenges: 

Gene L. Dodaro: 

INPUT Fed Focus 2009: 

October 21, 2008: 


Slide 1: Outline: 

* Dynamics shaping the environment: 

* GAO efforts to assist upcoming transition: 

* Examples of key information technology challenges: 

Slide 2: No Ordinary Transition: Dynamics Shaping our Environment: 

* A nation at war and facing first homeland security change: 

* Near-term and long-term economic challenges: 
- Financial Turmoil; 
- Economic Slowdown; 
- Long-term fiscal imbalance as backdrop. 

* Personnel and Performance Challenges: 

Slide 3: Near Term: GAO Role in Financial Rescue: 

* Oversight roles included in Economic Stabilization Act. 

* Auditors of FDIC, FHFA and governmentwide statements. 

* Advice and analysis in reassessing regulatory structure. 

Slide 4: Long Term: GAO Simulations on Federal Fiscal Path: 

* Short term issues require responses. 

* Long term unsustainable path will ultimately need attention. 

* Need to reexamine base, reform entitlements and review revenue 

Slide 5: Transition: GAO Objectives: 

* Provide insight into pressing national issues. 

* Highlight the growing need for innovative, integrated approaches to 
solve national and global challenges. 

* Document targeted opportunities to conserve resources that can be 
applied to new initiatives. 

* Underscore critical capacity-building needs in individual agencies 
that will affect implementation of whatever new priorities are pursued. 

* Help inform the management improvement agendas of Congress and the 
new administration. 

* Update High Risk list. 

Slide 6: Work with the Private Sector and Other Levels of Government to 
Protect Critical Cyber Infrastructures: 

* Bolster cyber analysis and warning capabilities. 

* Reduce organizational inefficiencies. 

* Complete actions identified during cyber exercises. 

* Develop sector-specific plans that fully address all of the cyber-
related criteria. 

* Improve cybersecurity of infrastructure control systems. 

* Strengthen DHS’s ability to help recover from Internet disruptions. 

Slide 7: Strengthen Information Security Controls: 

* Implement controls that prevent, limit, or detect access to computer 

* Manage the configuration of network devices to prevent unauthorized 
access and ensure system integrity. 

* Create and maintain inventories of major systems, implement common 
security configurations, ensure staff receive information security 
training, test and evaluate controls, take remedial actions for known 
deficiencies, and certify and accredit systems for operation.

* Implement controls that reduce the chance of incidents involving data 
loss or theft, computer intrusions, and privacy breaches. 

Slide 8: Figure: Federal Information Security Continues to be Weak: 

[Refer to PDF for image] 

This figure is a vertical bar graph depicting the following data: 

Federal Information Security Continues to be Weak: 

Access control:	
Number of agencies: 23. 

Configuration management: 
Number of agencies: 22. 

Segregation of duties: 
Number of agencies: 18. 

Service continuity: 
Number of agencies: 23. 

Entitywide security program: 
Number of agencies: 21. 

Source: GAO analysis of agency, IG, and GAO reports for FY2007. 

[End of figure] 

Slide 9: Better Manage IT to Achieve Benefits and Control Costs: 

* Improve the planning, management, and oversight of IT investments. 

* Institute key management controls (e.g., disciplined investment and 
acquisition management processes) to effectively define, design, 
develop, acquire, and implement investments. 

* Hold executives accountable for ensuring that program commitments and 
expectations are met. 

Slide 10: Develop and Implement Well-Defined Modernization Blueprints: 

* To advance the state of enterprise architecture development and use 
in the federal government: 
- senior leadership in the departments and agencies need to demonstrate 
their commitment to this organizational transformation tool; 
- they need to ensure that the kind of management controls embodied in 
GAO’s Enterprise Architecture Management Maturity Framework are in 
place and functioning. 

Slide 11: Ensure Citizen Access to Government Information: 

* The timeliness of the Freedom of Information Act (FOIA) processing 
continues to be a challenge for many agencies. 

* Agencies will need to ensure that plans to reduce backlogged FOIA 
requests are developed and implemented appropriately, and the results 

* GAO will continue to provide agencies, the Department of Justice, and 
the Congress with recommendations to help address backlogs and improve 
FOIA processing. 

Slide 12: Ensure Privacy Protections in a Post-9/11 Environment: 

* Amend applicable laws to better ensure the protection of citizens’ 
privacy rights. 

* Enhance protection of personally identifiable information through 
revisions or supplements to OMB’s privacy guidance. 

Slide 13: Further the Exchange of Electronic Patient Health 

* Ensure that privacy principles (such as limiting access 
appropriately) and challenges (such as resolving legal and policy 
issues) are fully addressed within HHS’ federal health IT strategic 

* Increase the numbers and kinds of health IT systems that are 
certified, as well as encourage the widespread use of such systems in 
the public and private health care sectors, while protecting privacy. 

* Progress made in sharing of electronic patient health information, 
but more work remains between VA and DOD to achieve fully interoperable 
electronic health records: 
- Agree to standards for categories of medical information that are not 
yet standardized; 
- Complete the development of modernized systems, and; 
- Transition to these modernized systems. 

Slide 14: Key IT Contacts: 

* Better manage IT to achieve benefits and control costs (David 
A.Powner/ and Randolph C. Hite/ 

* Work with the private sector and other levels of government to 
protect cyber critical infrastructures (David A. Powner/ 

* Develop and implement well-defined modernization blueprints (Randolph 
C. Hite/ 

* Ensure privacy protections in a post-9/11 environment (Joel 

* Ensure citizen access to government information (Joel 

* Strengthen information security controls (Greg Wilshusen/ 

* Further the exchange of electronic patient health information 
(Valerie Melvin/ 

On the Web: 

Web site: [hyperlink,]. 


Chuck Young, Managing Director, Public Affairs: (202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: 


This is a work of the U.S. government and is not subject to copyright 
protection in the United States. The published product may be 
reproduced and distributed in its entirety without further permission 
from GAO. However, because this work may contain copyrighted images or 
other material, permission from the copyright holder may be necessary 
if you wish to reproduce this material separately. 

[End of presentation]