Summary

The National Transportation Safety Board (NTSB) plays a vital role in advancing transportation safety by investigating accidents, determining their causes, issuing safety recommendations, and conducting safety studies. To support its mission, NTSB's training center provides training to NTSB investigators and others. It is important that NTSB use its resources efficiently to carry out its mission. In 2006, GAO made recommendations to NTSB in most of these areas. In 2007, an independent auditor made information security recommendations. This testimony addresses NTSB's progress in following leading practices in selected management areas, increasing the efficiency of aspects of investigating accidents and conducting safety studies, increasing the utilization of its training center, and improving information security. This testimony is based on GAO's assessment of agency plans and procedures developed to address these recommendations.

NTSB has made progress in following leading management practices in the eight areas in which GAO made prior recommendations. For example, the agency has improved communication from staff to management by conducting periodic employee surveys, which should help build more constructive relationships within NTSB. Similarly, the agency has made significant progress in improving strategic planning, human capital management, and IT management. It has issued new strategic plans in each area. Although the plans still leave room for improvement, they establish a solid foundation for NTSB to move forward. However, until the agency has developed a full cost accounting system and a strategic training plan, it will miss other opportunities to strengthen the management of the agency. NTSB has improved the efficiency of activities related to investigating accidents and tracking the status of recommendations. For example, it has developed transparent, risk-based criteria for selecting which rail, pipeline, hazardous materials, and aviation accidents to investigate at the scene. The completion of similar criteria for marine accidents will help provide assurance that NTSB is managing its resources in a manner to ensure a maximum safety benefit. Also, it is in the process of automating its lengthy, paper-based process for closing-out recommendations. Although NTSB has increased the utilization of its training center--from 10 percent in fiscal year 2006 to a projected 24 percent fiscal year 2008--the classroom space remains significantly underutilized. The increased utilization has helped increase revenues and reduce the center's overall deficit, which declined from about $3.9 million in fiscal year 2005 to about $2.3 million in fiscal year 2007. For fiscal year 2008, NTSB expects the deficit to decline further to about $1.2 million due, in part, to increased revenues from subleasing some classrooms starting July 2008. However the agency's business plan for the training center lacks specific strategies to achieve further increases in utilization and revenue. NTSB has made progress toward correcting previously reported information security weaknesses. For example, in an effort to implement an effective information security program, the agency's Chief Information Officer is monitoring corrective actions and has procured and, in some cases, begun to implement automated processes and tools to help strengthen its information security controls. While improvements have been made, work remains before the agency is fully compliant with federal policies, requirements, and standards pertaining to information security, access controls, and data privacy. In addition, GAO identified new weaknesses related to unencrypted laptops and excessive user access privileges. Agency officials attributed these weaknesses to incompatible encryption software and a mission need for certain users. Until the agency addresses these weaknesses, the confidentiality, integrity, and availability of NTSB's information and information systems continue to be at risk.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Implemented" or "Not implemented" based on our follow up work.

Recommendations for Executive Action