GAO's 2015 High-Risk Series: An Update

GAO-15-373T Published: Feb 11, 2015. Publicly Released: Feb 11, 2015.
Jump To:
Skip to Highlights

What GAO Found

Solid, steady progress has been made in the vast majority of the high-risk areas. Eighteen of the 30 areas on the 2013 list at least partially met all of the criteria for removal from the high risk list. Of those, 11 met at least one of the criteria for removal and partially met all others. Sufficient progress was made to narrow the scope of two high-risk issues— Protecting Public Health through Enhanced Oversight of Medical Products and DOD Contract Management. Overall, progress has been possible through the concerted actions of Congress, leadership and staff in agencies, and the Office of Management and Budget.

This year GAO is adding 2 areas, bringing the total to 32.

  • Managing Risks and Improving Veterans Affairs (VA) Health Care. GAO has reported since 2000 about VA facilities' failure to provide timely health care. In some cases, these delays or VA's failure to provide care at all have reportedly harmed veterans. Although VA has taken actions to address some GAO recommendations, more than 100 of GAO's recommendations have not been fully addressed, including recommendations related to the following areas: (1) ambiguous policies and inconsistent processes, (2) inadequate oversight and accountability, (3) information technology challenges, (4) inadequate training for VA staff, and (5) unclear resource needs and allocation priorities. The recently enacted Veterans Access, Choice, and Accountability Act included provisions to help VA address systemic weaknesses. VA must effectively implement the act.

Improving the Management of Information Technology (IT) Acquisitions and Operations. Congress has passed legislation and the administration has undertaken numerous initiatives to better manage IT investments. Nonetheless, federal IT investments too frequently fail to be completed or incur cost overruns and schedule slippages while contributing little to mission-related outcomes. GAO has found that the federal government spent billions of dollars on failed and poorly performing IT investments which often suffered from ineffective management, such as project planning, requirements definition, and program oversight and governance. Over the past 5 years, GAO made more than 730 recommendations; however, only about 23 percent had been fully implemented as of January 2015.

GAO is also expanding two areas due to evolving high-risk issues.

Enforcement of Tax Laws. This area is expanded to include IRS's efforts to address tax refund fraud due to identify theft. IRS estimates it paid out $5.8 billion (the exact number is uncertain) in fraudulent refunds in tax year 2013 due to identity theft. This occurs when a thief files a fraudulent return using a legitimate taxpayer's identifying information and claims a refund.

Ensuring the Security of Federal Information Systems and Cyber Critical Infrastructure and Protecting the Privacy of Personally Identifiable Information (PII). This risk area is expanded because of the challenges to ensuring the privacy of personally identifiable information posed by advances in technology. These advances have allowed both government and private sector entities to collect and process extensive amounts of PII more effectively. The number of reported security incidents involving PII at federal agencies has increased dramatically in recent years.

Why GAO Did This Study

The federal government is one of the world's largest and most complex entities; about $3.5 trillion in outlays in fiscal year 2014 funded a broad array of programs and operations. GAO maintains a program to focus attention on government operations that it identifies as high risk due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement or the need for transformation to address economy, efficiency, or effectiveness challenges.

Since 1990, more than one-third of the areas previously designated as high risk have been removed from the list because sufficient progress was made in addressing the problems identified. The five criteria for removal are: (1) leadership commitment, (2) agency capacity, (3) an action plan, (4) monitoring efforts, and (5) demonstrated progress.

This biennial update describes the status of high-risk areas listed in 2013 and identifies new high-risk areas needing attention by Congress and the executive branch. Solutions to high-risk problems offer the potential to save billions of dollars, improve service to the public, and strengthen government performance and accountability.

Skip to Recommendations


This report contains GAO's views on progress made and what remains to be done to bring about lasting solutions for each high-risk area. Perseverance by the executive branch in implementing GAO's recommended solutions and continued oversight and action by Congress are essential to achieving greater progress.

GAO's 2015 High Risk List

Strengthening the Foundation for Efficiency and Effectiveness

Limiting the Federal Government's Fiscal Exposure by Better Managing Climate Change Risks

Management of Federal Oil and Gas Resources

Modernizing the U.S. Financial Regulatory System and the Federal Role in Housing Financea

Restructuring the U.S. Postal Service to Achieve Sustainable Financial Viabilitya

Funding the Nation's Surface Transportation Systema

Strategic Human Capital Management

Managing Federal Real Property

Improving the Management of IT Acquisitions and Operations (new)

Transforming DOD Program Management

DOD Approach to Business Transformation

DOD Business Systems Modernization

DOD Support Infrastructure Managementa

DOD Financial Management

DOD Supply Chain Management

DOD Weapon Systems Acquisition

Ensuring Public Safety and Security

Mitigating Gaps in Weather Satellite Data

Strengthening Department of Homeland Security Management Functions

Establishing Effective Mechanisms for Sharing and Managing Terrorism-Related Information to Protect the Homeland

Ensuring the Security of Federal Information Systems and Cyber Critical Infrastructure and Protecting the Privacy of Personally Identifiable Informationa

Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interestsa

Improving Federal Oversight of Food Safetya

Protecting Public Health through Enhanced Oversight of Medical Products

Transforming EPA's Processes for Assessing and Controlling Toxic Chemicalsa

Managing Federal Contracting More Effectively

DOD Contract Management

DOE's Contract Management for the National Nuclear Security Administration and Office of Environmental Management

NASA Acquisition Management

Assessing the Efficiency and Effectiveness of Tax Law Administration

Enforcement of Tax Lawsa

Modernizing and Safeguarding Insurance and Benefit Programs

Managing Risks and Improving VA Health Care (new)

Improving and Modernizing Federal Disability Programs

Pension Benefit Guaranty Corporation Insurance Programsa

Medicare Programa

Medicaid Programa

National Flood Insurance Programa

Source: GAO. | GAO-15-373T

aLegislation is likely to be necessary to effectively address this high-risk area.

Full Report

GAO Contacts