Skip to main content

High-Risk Series: An Update

GAO-15-290 Published: Feb 11, 2015. Publicly Released: Feb 11, 2015.
Jump To:
Skip to Highlights


What GAO Found

Solid, steady progress has been made in the vast majority of the high-risk areas. Eighteen of the 30 areas on the 2013 list at least partially met all of the criteria for removal from the High Risk List. Of those, 11 met at least one of the criteria for removal and partially met all others. Sufficient progress was made to narrow the scope of two high-risk issues—Protecting Public Health through Enhanced Oversight of Medical Products and DOD Contract Management. Overall, progress has been possible through the concerted actions of Congress, leadership and staff in agencies, and the Office of Management and Budget.

This year GAO is adding 2 areas, bringing the total to 32.

Managing Risks and Improving Veterans Affairs (VA) Health Care. GAO has reported since 2000 about VA facilities' failure to provide timely health care. In some cases, these delays or (VA's failure to provide care at all) have reportedly harmed veterans. Although VA has taken actions to address some GAO recommendations, more than 100 of GAO's recommendations have not been fully addressed, including recommendations related to the following areas: (1) ambiguous policies and inconsistent processes, (2) inadequate oversight and accountability, (3) information technology challenges, (4) inadequate training for VA staff, and (5) unclear resource needs and allocation priorities. The recently enacted Veterans Access, Choice, and Accountability Act included provisions to help VA address systemic weaknesses. VA must effectively implement the act.

Improving the Management of Information Technology (IT) Acquisitions and Operations. Congress has passed legislation and the administration has undertaken numerous initiatives to better manage IT investments. Nonetheless, federal IT investments too frequently fail to be completed or incur cost overruns and schedule slippages while contributing little to mission-related outcomes. GAO has found that the federal government spent billions of dollars on failed and poorly performing IT investments which often suffered from ineffective management, such as project planning, requirements definition, and program oversight and governance. Over the past 5 years, GAO made more than 730 recommendations; however, only about 23 percent had been fully implemented as of January 2015.

GAO is also expanding two areas due to evolving high-risk issues.

Enforcement of Tax Laws. This area is expanded to include IRS's efforts to address tax refund fraud due to identify theft. IRS estimates it paid out $5.8 billion (the exact number is uncertain) in fraudulent refunds in tax year 2013 due to identity theft. This occurs when a thief files a fraudulent return using a legitimate taxpayer's identifying information and claims a refund.

Ensuring the Security of Federal Information Systems and Cyber Critical Infrastructure and Protecting the Privacy of Personally Identifiable Information (PII). This risk area is expanded because of the challenges to ensuring the privacy of personally identifiable information posed by advances in technology. These advances have allowed both government and private sector entities to collect and process extensive amounts of PII more effectively. The number of reported security incidents involving PII at federal agencies has increased dramatically in recent years.

Why GAO Did This Study

The federal government is one of the world's largest and most complex entities: about $3.5 trillion in outlays in fiscal year 2014 funded a broad array of programs and operations. GAO maintains a high-risk program to focus attention on government operations that it identifies as high risk due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement or the need for transformation to address economy, efficiency, or effectiveness challenges.

Since 1990, more than one-third of the areas previously designated as high risk have been removed from the list because sufficient progress was made in addressing the problems identified. The five criteria for removal are (1) leadership commitment, (2) agency capacity, (3) an action plan, (4) monitoring efforts, and (5) demonstrated progress.

This biennial update describes the status of high-risk areas listed in 2013 and identifies new high-risk areas needing attention by Congress and the executive branch. Solutions to high-risk problems offer the potential to save billions of dollars, improve service to the public, and strengthen government performance and accountability.


This report contains GAO's views on progress made and what remains to be done to bring about lasting solutions for each high-risk area. Perseverance by the executive branch in implementing GAO's recommended solutions and continued oversight and action by Congress are essential to achieving greater progress.

    GAO's 2015 High Risk List

    Strengthening the Foundation for Efficiency and Effectiveness

    Limiting the Federal Government's Fiscal Exposure by Better Managing Climate Change Risks

    Management of Federal Oil and Gas Resources

    Modernizing the U.S. Financial Regulatory System and the Federal Role in Housing Financea

    Restructuring the U.S. Postal Service to Achieve Sustainable Financial Viabilitya

    Funding the Nation's Surface Transportation Systema

    Strategic Human Capital Management

    Managing Federal Real Property

    Improving the Management of IT Acquisitions and Operations (new)

    Transforming DOD Program Management

    DOD Approach to Business Transformation

    DOD Business Systems Modernization

    DOD Support Infrastructure Managementa

    DOD Financial Management

    DOD Supply Chain Management

    DOD Weapon Systems Acquisition

    Ensuring Public Safety and Security

    Mitigating Gaps in Weather Satellite Data

    Strengthening Department of Homeland Security Management Functions

    Establishing Effective Mechanisms for Sharing and Managing Terrorism-Related Information to Protect the Homeland

    Ensuring the Security of Federal Information Systems and Cyber Critical Infrastructure and Protecting the Privacy of Personally Identifiable Informationa

    Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interestsa

    Improving Federal Oversight of Food Safetya

    Protecting Public Health through Enhanced Oversight of Medical Products

    Transforming EPA's Processes for Assessing and Controlling Toxic Chemicalsa

    Managing Federal Contracting More Effectively

    DOD Contract Management

    DOE's Contract Management for the National Nuclear Security Administration and Office of Environmental Management

    NASA Acquisition Management

    Assessing the Efficiency and Effectiveness of Tax Law Administration

    Enforcement of Tax Lawsa

    Modernizing and Safeguarding Insurance and Benefit Programs

    Managing Risks and Improving VA Health Care (new)

    Improving and Modernizing Federal Disability Programs

    Pension Benefit Guaranty Corporation Insurance Programsa

    Medicare Programa

    Medicaid Programa

    National Flood Insurance Programa

    Source: GAO. | GAO-15-290

    aLegislation is likely to be necessary to effectively address this high-risk area.


    Full Report

    GAO Contacts

    Office of Public Affairs


    Contract administrationCyber securityDefense cost controlDefense procurementFederal procurementFederal property managementFinancial management systemsHomeland securityInformation technologyPublic healthRisk managementStrategic planningTax lawWeapons systems