The Department of Defense (DOD) did not meet statutory military whistleblower reprisal 180-day notification requirements in about half of reprisal investigations closed in fiscal year 2013, and DOD’s average investigation time for closed cases in fiscal years 2013 and 2014 was 526 days, almost three times DOD’s internal 180-day requirement. In 2012, GAO made recommendations to improve investigation timeliness, and DOD has taken some actions to address those recommendations. However, based on a random sample of 124 cases, GAO estimated that there was no evidence that DOD sent the required notification letters in about 47 percent of the cases that DOD took longer than 180 days to close in fiscal year 2013. For cases in which DOD sent the required letter, GAO estimated that the median notification time was about 353 days after the servicemember filed the complaint, and on average the letters significantly underestimated the expected investigation completion date. DOD does not have a tool, such as an automated alert, to help ensure compliance with the statutory notification requirement to provide letters by 180 days informing servicemembers about delays in investigations. Without a tool for DOD to ensure that servicemembers receive reliable, accurate, and timely information about their investigations, servicemembers may be discouraged from reporting wrongdoing.
Available evidence does not support whether behavioral indicators, which are used in the Transportation Security Administration’s (TSA) Screening of Passengers by Observation Techniques (SPOT) program, can be used to identify persons who may pose a risk to aviation security. GAO reviewed four meta-analyses (reviews that analyze other studies and synthesize their findings) that included over 400 studies from the past 60 years and found that the human ability to accurately identify deceptive behavior based on behavioral indicators is the same as or slightly better than chance. Further, the Department of Homeland Security’s (DHS) April 2011 study conducted to validate SPOT’s behavioral indicators did not demonstrate their effectiveness because of study limitations, including the use of unreliable data. Twenty-one of the 25 behavior detection officers (BDO) GAO interviewed at four airports said that some behavioral indicators are subjective. TSA officials agree, and said they are working to better define them. GAO analyzed data from fiscal years 2011 and 2012 on the rates at which BDOs referred passengers for additional screening based on behavioral indicators and found that BDOs’ referral rates varied significantly across airports, raising questions about the use of behavioral indicators by BDOs. To help ensure consistency, TSA officials said they deployed teams nationally to verify compliance with SPOT procedures in August 2013. However, these teams are not designed to help ensure BDOs consistently interpret SPOT indicators.
GAO Report: Increasing the Effectiveness of Efforts to Share Terrorism-Related Suspicious Activity Reports
The Department of Justice (DOJ) has largely implemented the Nationwide Suspicious Activity Reporting Initiative among fusion centers—entities that serve as the focal point within a state for sharing and analyzing suspicious activity reports and other threat information. The state and local law enforcement officials GAO interviewed generally said the initiative’s processes worked well, but that they could benefit from additional feedback from the Federal Bureau of Investigation (FBI) on how the reports they submit are used. The FBI has a feedback mechanism, but not all stakeholders were aware of it. Implementing formalized feedback mechanisms as part of the initiative could help stakeholders conduct accurate analyses of terrorism-related information, among other things.
The majority of state and local participant feedback on training that DHS or DOJ provided or funded and that GAO identified as CVE-related was positive or neutral, but a minority of participants raised concerns about biased, inaccurate, or offensive material. DHS and DOJ collected feedback from 8,424 state and local participants in CVE-related training during fiscal years 2010 and 2011, and 77—less than 1 percent—provided comments that expressed such concerns. According to DHS and DOJ officials, agencies used the feedback to make changes where appropriate. DOJ’s Federal Bureau of Investigation (FBI) and other components generally solicit feedback for more formal, curriculum-based training, but the FBI does not require this for activities such as presentations by guest speakers because the FBI does not consider this to be training. Similarly, DOJ’s United States Attorneys’ Offices (USAO) do not require feedback on presentations and similar efforts. Nevertheless, FBI field offices and USAOs covered about 39 percent (approximately 9,900) of all participants in DOJ CVE-related training during fiscal years 2010 and 2011 through these less formal methods, yet only 4 of 21 FBI field offices and 15 of 39 USAOs chose to solicit feedback on such methods. GAO has previously reported that agencies need to develop systematic evaluation processes in order to obtain accurate information about the benefits of their training. Soliciting feedback for less formal efforts on a more consistent basis could help these agencies ensure their quality.
The Federal Reserve Act requires each Reserve Bank to be governed by a nine-member board—three Class A directors elected by member banks to represent their interests, three Class B directors elected by member banks to represent the public, and three Class C directors that are appointed by the Federal Reserve Board to represent the public. The diversity of Reserve Bank boards was limited from 2006 to 2010. For example, in 2006 minorities accounted for 13 of 108 director positions, and in 2010 they accounted for 15 of 108 director positions. Specifically, in 2010 Reserve Bank directors included 78 white men, 15 white women, 12 minority men, and 3 minority women. According to the Federal Reserve Act, Class B and C directors are to be elected with due but not exclusive consideration to the interests of agriculture, commerce, industry, services, labor, and consumer representation.
As part of a systematic evaluation framework, agency policies should ensure organizational competence, evaluations of a system’s effectiveness and privacy protections, executive review, and appropriate transparency throughout the system’s life cycle. While DHS and three of its component agencies—U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, and the U.S. Citizenship and Immigration Services—have established policies that address most of these key policy elements, the policies are not comprehensive. For example, DHS policies do not fully ensure executive review and transparency, and the component agencies’ policies do not sufficiently require evaluating system effectiveness. DHS’s Chief Information Officer reported that the agency is planning to improve its executive review process by conducting more intensive reviews of IT investments, including the data-mining systems reviewed in this report. Until such reforms are in place, DHS and its component agencies may not be able to ensure that critical data mining systems used in support of counterterrorism are both effective and that they protect personal privacy.
GAO U.S. Agencies Are Not Able to Fully Account for U.S. Nuclear Material Located at Foreign Facilities
DOE, NRC, and State are not able to fully account for U.S. nuclear material overseas that is subject to nuclear cooperation agreement terms because the agreements do not stipulate systematic reporting of such information, and there is no U.S. policy to pursue or obtain such information. Section 123 of the AEA, as amended, does not require nuclear cooperation agreements to contain provisions stipulating that partners report information on the amount, status, or location (facility) of special nuclear material subject to the agreement terms. However, U.S. nuclear cooperation agreements generally require that partners report inventory information upon request, although DOE and NRC have not systematically sought such data. We requested from multiple offices at DOE and NRC a current and comprehensive inventory of U.S. nuclear material overseas, to include country, site, or facility, and whether the quantity of material was rated as Category I or Category II material. However, neither agency has provided such an inventory. NMMSS does not contain the data necessary to maintain an inventory of U.S. special nuclear material overseas. DOE, NRC, and State have not pursued annual inventory reconciliations of nuclear material subject to U.S. cooperation agreement terms with all foreign partners that would provide the U.S. government with better information about where such material is held. Furthermore, according to DOE, NRC, and State officials, no U.S. law or policy directs U.S. agencies to obtain information regarding the location and disposition of U.S. nuclear material at foreign facilities.
Since it began operations in 2003, DHS has implemented key homeland security operations and achieved important goals and milestones in many areas to create and strengthen a foundation to reach its potential. As it continues to mature, however, more work remains for DHS to address gaps and weaknesses in its current operational and implementation efforts, and to strengthen the efficiency and effectiveness of those efforts to achieve its full potential. DHS’s accomplishments include developing strategic and operational plans; deploying workforces; and establishing new, or expanding existing, offices and programs.
On numerous occasions in 2008 and 2009, the Federal Reserve Board invoked emergency authority under the Federal Reserve Act of 1913 to authorize new broad-based programs and financial assistance to individual institutions to stabilize financial markets. Loans outstanding for the emergency programs peaked at more than $1 trillion in late 2008. The Federal Reserve Board directed the Federal Reserve Bank of New York (FRBNY) to implement most of these emergency actions. In a few cases, the Federal Reserve Board authorized a Reserve Bank to lend to a limited liability corporation (LLC) to finance the purchase of assets from a single institution. In 2009 and 2010, FRBNY also executed large-scale purchases of agency mortgage-backed securities to support the housing market. The table below provides an overview of all emergency actions covered by this report. The Reserve Banks’ and LLCs’ financial statements, which include the emergency programs’ accounts and activities, and their related financial reporting internal controls, are audited annually by an independent auditing firm. These independent financial statement audits, as well as other audits and reviews conducted by the Federal Reserve Board, its Inspector General, and the Reserve Banks’ internal audit function, did not report any significant accounting or financial reporting internal control issues concerning the emergency programs.
GAO found that 40 executives for 10 companies received approximately $350 million in pay and other compensation in the years leading up to the termination of their companies’ underfunded pension plans. GAO identified salaries, bonuses, and benefits provided to small groups of high-ranking executives at these companies during the 5 years leading up to the termination of their pension plans. For example, beyond the tens of millions in base salaries received, GAO found that executives also received millions of dollars in stock awards, income tax reimbursements, retention bonuses, severance packages, and supplemental executive-only retirement plans.
Leadership roles and responsibilities for an influenza pandemic need to be clarified, tested, and exercised, and existing coordination mechanisms, such as critical infrastructure coordinating councils, could be better utilized to address challenges in coordination between the federal, state, and local governments and the private sector in preparing for a pandemic.
Since 2004, HHS has awarded nine contracts using its Special Reserve Fund (Fund) purchasing authority under the BioShield Act to procure countermeasures that address anthrax, botulism, smallpox, and radiation poisoning. HHS may procure countermeasures that are approved by the Food and Drug Administration and ones that are unapproved, but are within 8 years of approval.
Preliminary Results Show Federal Protective Service’s Ability to Protect Federal Facilities Is Hampered By Weaknesses in Its Contract Security Guard Program
FPS does not fully ensure that its contract security guards have the training and certifications required to be deployed to a federal facility. FPS requires that all prospective guards complete about 128 hours of training including 8 hours of x-ray and magnetometer training. However, in one region, FPS has not provided the x-ray or magnetometer training to its 1,500 guards since 2004. Nonetheless, these guards are assigned to posts at federal facilities. X-ray training is critical because guards control access points at facilities. Insufficient x-ray and magnetometer training may have contributed to several incidents where guards were negligent in carrying out their responsibilities. For example, at a level IV facility, an infant in a carrier was sent through an xray machine due to a guard’s negligence. Moreover, GAO found that FPS does not have a fully reliable system for monitoring and verifying guard training and certification requirements. GAO reviewed 663 randomly selected guard records and found that 62 percent of the guards had at least one expired certification including a declaration that guards have not been convicted of domestic violence, which make them ineligible to carry firearms.
As of March 27, 2009, Treasury had disbursed $303.4 billion of the $700 billion in TARP funds. Most of the funds (about $199 billion) went to purchase preferred shares of 532 financial institutions under the Capital Purchase Program (CPP)—Treasury’s primary vehicle under TARP for stabilizing financial markets. Treasury has continued to take significant steps to address all of the recommendations from our December 2008 and January 2009 reports. In particular, Treasury has recently expanded the scope of the monthly CPP surveys of the largest institutions to include all institutions participating in the program, which is intended to provide Treasury with information necessary to begin to track the effectiveness of the program. Treasury also continued to make progress in several other areas, including requiring firms participating in certain new programs to show how assistance will expand lending. These requirements will better enable Treasury to determine what institutions plan to do with any capital infusions and to track the resulting lending activity of participating institutions on a regular basis. In addition, we specifically found that though Treasury is now receiving dividends from the investments it has made in CPP and certain other programs, it has not publicly reported these receipts, which totaled almost $2.9 billion through March 20, 2009. We recommended that Treasury could improve transparency pertaining to TARP program activities by reporting publicly the monies, such as dividends, paid to Treasury by TARP participants.
Since 2005, GAO has reported that DHS has yet to comprehensively satisfy its key cybersecurity responsibilities, including those related to establishing effective partnerships with the private sector. Shortcomings exist in key areas that are essential for DHS to address in order to fully implement its cybersecurity responsibilities (see table). DHS has since developed and implemented certain capabilities, but still has not fully satisfied aspects of these responsibilities and needs to take further action to enhance the public/private partnerships needed to adequately protect cyber critical infrastructure. GAO has also previously reported on significant security weaknesses in systems supporting two of the department’s programs, one that tracks foreign nationals entering and exiting the United States, and one for matching airline passenger information against terrorist watch-list records. DHS has corrected information security weaknesses for systems supporting the terrorist watch-list, but needs to take additional actions to mitigate vulnerabilities associated with systems tracking foreign nationals.