Mr. Chairman and Members of the Subcommittee,

I thank you for the opportunity to be here today to discuss key management issues at NASA.

The Office of Inspector General (OIG) conducts audits, investigations, inspections, and assessments over the full range of NASA activities, from exciting unique programs like the International Space Station (ISS), to less glamorous-but still important-subjects such as outsourcing and oversight of cooperative agreements. The key management challenges confronting NASA likewise range from unique problems, such as determining an effective strategy for lowering the cost of space launches, to everyday issues of procurement and fiscal management.

Today, I will highlight some of these key management challenges. I will also update you on the Agency's performance and accountability measurements and goals under the Government Performance and Results Act.

SAFETY

The NASA Administrator established safety as the Agency's number one value. In the high-risk environments in which NASA works, safety must be a significant priority if the Agency is to successfully accomplish its missions. In particular, space is an unforgiving environment. As a result, we are emphasizing safety-related audits, reviews, and investigations.

Contractor safety

Since NASA distributes approximately 87 percent of its funding to contractors, any comprehensive Agency safety effort must necessarily include contractors. In 15 of 25 (60%) contracts we reviewed, however, we found that NASA was not applying existing basic safety provisions (such as including mandatory contract safety clauses, requiring contractor safety plans when the contract was awarded, and ensuring that NASA safety offices were involved in the procurement process). As a result of these omissions, NASA contractors, including some involved in hazardous operations, may not be sufficiently protected. We recommended that NASA identify all open contracts that either involve potentially hazardous operations or exceed $1 million and determine whether those contracts have required safety clauses and contractor safety plans. The Administrator personally directed the Agency to implement our recommendations and the Agency is taking steps to comply.

In response to a Congressional request, we reviewed the contract and operations of the Kennedy Space Center (Kennedy) payload ground operations contractor (Boeing) to determine whether (1) safety responsibilities between Boeing and NASA were clearly defined; (2) hazardous materials were being used in Kennedy's processing facilities; and (3) hazardous materials were properly controlled. We found that ground workers were using potentially hazardous materials without exercising proper control and safety precautions. Improper use of these materials is hazardous to ground workers and increases the risk of damage to Space Shuttle payloads, including International Space Station hardware and equipment. We recommended that NASA increase surveillance of the Boeing safety office's compliance with inspection procedures and direct Boeing to analyze its use of materials that do not meet requirements for flammability and electrostatic discharge. Management concurred with our recommendations and has implemented a number of procedures to control the use of these noncompliant materials. However, in an ongoing audit, we are finding similar problems with potentially unsafe materials used by United Space Alliance's ⁽¹⁾ shuttle processing operations.

Product safety and reliability

Our Office of Criminal Investigations works to improve safety at NASA by investigating and prosecuting cases where dishonest companies supply inferior parts for aircraft or space systems. Just last month, an Oklahoma company pled guilty to two counts in such a case. The company, a subcontractor to Boeing, contracted to produce aluminum battery align-ment guides that will be used by astronauts to replace batteries on the International Space Station (ISS). The company made unauthorized welds to repair their manufacturing errors and attempted to hide the welds. Sentencing for the company is scheduled for May 25, 2001. In a case worked in cooperation with the Defense Criminal Investigative Service, we investigated a California company that provided parts for the Shuttle, ISS, and commercial and military aircraft. The investigators found that the company was not properly heat treating parts, causing the parts to be weaker than required. The company was fined $1.6 million and the company's general manager was sentenced to 55 months in prison.

In another case, we investigated a Florida company that sold fasteners to NASA and Department of Defense contractors and certified that they met military standards and specifications, when in fact they did not. The company's owner was sentenced to 18 months incarceration.

To ensure safety in future NASA operations, we will continue to assess whether NASA is:

• properly training staff who conduct safety reviews and evaluations,
• ensuring that workers are aware of safety standards and regulations,
• maintaining adequate safety reporting systems,
• appropriately justifying, reviewing, and approving any variances to standard safety procedures,
• maintaining an effective emergency preparedness program, and
• appropriately protecting the crews of the Space Shuttle and the ISS.

INTERNATIONAL SPACE STATION

The International Space Station (ISS) is currently being assembled in Earth orbit. The ISS is intended to serve as a long-duration orbital residence and laboratory. Six major elements of the ISS and a total of three NASA and Russian crewmembers are now in orbit. Additional ISS elements are on the ground awaiting launch. Some of the key issues we see facing NASA in this program are:

Russian logistics

The ISS program relies upon Russian vehicles to transfer crews and fuel to the station and to provide a crew rescue capability. Russia's ability to sustain ISS operations, however, remains a major concern. When NASA has paid Russia to provide ISS elements, Russian performance has been adequate. However, due to lack of funding, Russia's ability to fund its own contributions to the station remains in doubt. The President's recent blueprint for the FY 2002 budget (which may result in the termination of the propulsion module ⁽²⁾ and the Crew Return Vehicle) ensures that Russia will be supplying critical elements for the ISS for many years to come. We plan to monitor the situation and conduct in-depth reviews as necessary.

Barter arrangements

We are concerned about NASA's use of barter arrangements with its international partners in the ISS program. These arrangements allow the participants to trade elements of the program among each other without exchanging funds. (For example, the United States is launching some foreign-built ISS modules on the Shuttle in exchange for the rights to use those modules' research facilities.). While there are positive benefits to all parties involved in the barter, these agreements often escape internal or other oversight. They may solve short-term problems, but these solutions might not be in the best long-term interest of the nation. We reviewed one barter arrangement last year, ⁽³⁾ and plan to conduct a more wide-ranging review of ISS barter arrangements later this year.

Cost growth

The cost of assembling and operating the ISS is another major concern. Our review of ISS contract performance management found that the ISS prime contractor (Boeing) reported unrealistically low estimates of projected cost overruns to NASA management from October 1998 through February 1999. In March 1999, Boeing announced that actual and projected cost overruns on the ISS prime contract had grown by $203 million. This was the third major increase in reported overruns within 2 years-a total increase of $708 million over original cost estimates. Two ongoing audits are examining ISS costs, and we are currently monitoring the recently disclosed additional multibillion-dollar overrun.

Research on the space station

The ISS program has always experienced a tension between the engineers who are focused on building and launching the ISS and the research community who plan to use the ISS as an orbiting laboratory. We are concerned that recent budget problems may greatly reduce the research that can take place aboard the ISS. If NASA terminates its planned Crew Return Vehicle, the maximum-sized crew on the ISS will be reduced to six. However, very preliminary and assumption-driven assessments of crew productivity show that a seven-member crew will be able to devote more than twice as much time to research as a six-member crew. If the ISS crew never exceeds three astronauts, as some have proposed, astronauts may have very little time to conduct research. Additionally, if the Centrifuge module is cut, much of the ISS's life science research will be crippled. We will monitor the situation and report whether the ISS is able to accomplish its research goals.

Commercial ventures

The 1998 Commercial Space Act established as national policy that the economic development of Earth orbital space is a priority goal of the ISS. NASA is now developing policies and processes intended to stimulate industry investment in ISS economic development. In June 2000, NASA and a newly created company, Dreamtime Holdings, Incorporated, announced a partnership to provide unprecedented public access to space exploration by delivering high-definition television coverage of astronaut activities aboard the ISS, as well as on the Space Shuttle. The partnership is also intended to create an easily accessible, Web-searchable, digital archive of the best of NASA's space imagery. Effective management of the Agreement is essential in order to ensure that the Government's rights and interests are protected. Our ongoing review of the NASA/Dreamtime partnership found that to ensure that the Government's rights and interests are protected, more emphasis needs to be placed on oversight and accountability.

INFORMATION TECHNOLOGY SECURITY

Our investigation, audit, and inspection activities continue to find a fragmented, decentralized NASA information technology security (ITS) program facing numerous management challenges. The Federal Bureau of Investigation echoed our concerns in a recent report that recommended numerous changes to address ITS weaknesses at NASA. The House Subcommittee on Government Management, Information, and Technology recently gave NASA's information security a grade of D-. The May 1999 Government Accounting Office (GAO) Report, "Many NASA Mission-Critical Systems Face Serious Risks," indicated that significant management shortcomings exist in every aspect of NASA's ITS program, including risk management, policy implementation, monitoring and evaluation of policies and controls, training, and response to security incidents. Although NASA management had accepted many of the GAO's and our recommendations for improvement, they have not taken many of the (often low-cost or no-cost) steps necessary to ensure the security of the Agency's information systems. As a result, resource requirements have not been fully identified, funding shortfalls exist, priorities are unclear, and corrective action has been slow and incomplete.

Fragmentation

Responsibilities for ITS are divided among NASA's Centers. The Ames Research Center (California) has primary responsibility for ITS, Kennedy (Florida) and Headquarters (DC) split the communications security ⁽⁴⁾ functions, Goddard Space Flight Center (Maryland) performs incident response, Glenn Research Center (Ohio) develops ITS training, and Marshall Space Flight Center (Alabama) is responsible for firewall policies. In many cases, key functions are performed by individuals who have little or no backup support. To make matters worse, Center Chief Information Officers (CIO's) do not report directly to the Agency CIO. This fragmented approach has led to serious coordination problems and a lack of corporate oversight.

The NASA Administrator recently established a new organization, the Office of Security Management and Safeguards, to focus and advance the Agency's security efforts, particularly with respect to espionage and terrorism. This organization will coordinate with the CIO and the OIG on ITS issues. This coordination and new organization hopefully may help to reduce some of the vulnerability in the Agency's ITS program by focusing management's attention on risk assessments.

Collection of personal information

Online privacy has emerged as one of the most contentious issues surrounding the continued evolution of the Internet. Public Law 106-554 requires Inspectors General to report any activity related to the collection of personal information on their Agency's publicly accessible Internet Web sites. Our review of a sample of publicly accessible NASA Web sites found that none collected personally identifiable information without the user's permission. However, we found persistent cookies ⁽⁵⁾ in use at some sites we visited. NASA's use of these cookies is not in full compliance with Federal policies. The same audit found that the Agency's Privacy Statement ⁽⁶⁾ is not in full compliance with Federal policies. We recommended that the Agency correct these problems and improve its management of publicly accessible Web sites. NASA's CIO has not yet taken appropriate steps to implement all of the report's recommendations.

Mission critical systems

During FY 2000, we audited several mission-critical information systems to determine whether NASA had implemented adequate controls to protect systems, data, and information from unauthorized access. The audits disclosed that NASA had not implemented adequate basic controls in areas such as system access, protection of critical files, system backup and restore procedures, privileged operations controls, and system audit and monitoring capabilities. These deficiencies increased the risk of unauthorized access that could result in loss of mission support, loss of mission data, and illegal use of computer systems. We are continuing to conduct audit work in this area.

Human resources

NASA has acknowledged the need to increase the number of employees with specialized IT skills. However, the Agency has not fully used all available tools to ensure that IT skills are present in the right mix and locations across the Agency. For example, NASA does not fully use recruitment, retention, and relocation bonuses and allowances in its attempts to recruit and retain key IT skills, in part, due to budget constraints and general restrictions on hiring.

The Agency also has a problem in sufficiently training its existing employees. Our assessment of NASA's IT training and recruitment/ retention program found that NASA is not moving aggressively to ensure that all individuals granted access to IT applications and systems have been appropriately trained. In addition, many critical IT security personnel, including IT security managers, Center CIO's, and personnel responsible for securing critical networks assets, ⁽⁷⁾ do not have the security clearances necessary to gain access to critical network threat information. Their ability to take the necessary precautions against threats without this information is seriously hindered. Given the increase in the frequency and sophistication of hacker attacks against NASA IT systems, NASA's lack of sufficient IT skills puts the Agency at risk and could compromise its IT resources and information.⁽⁸⁾

Physical security of IT facilities

In prior years, the OIG identified weaknesses in physical security controls at many of NASA's major data centers. For example, we identified weaknesses in the physical security activities of a NASA space flight system and various other NASA systems that support the processing of mission, business, and restricted technology activities. Specifically, we found that NASA had not established or implemented procedures to ensure that controlled computing areas were adequately protected from unauthorized access. Inadequate physical access controls increase NASA's vulnerability to financial or operational losses in its IT environment.

PROCUREMENT

About 87 percent of NASA's funding is spent on procurement. For this reason, we expend significant resources on investigations, audits, and other reviews of procurement matters. Some key areas of focus include:

Outsourcing

The pressure is rising for Government agencies to outsource activities currently performed by civil servants. Nevertheless, Federal regulations and legislation continue to place constraints on the types of services that can be obtained through contracted sources. In particular, performance of personal services and/or inherently governmental functions by contractors continues to be prohibited. Two recent OIG reports examined NASA's use of support service contractors and found that NASA needs to establish adequate separation of the functions performed by civil servants and contractors. We recommended that NASA institute several Agencywide policy changes to ensure appropriate differentiation between civil servants and support service contractors. NASA management concurred with all of our recommendations.

NASA is also attempting to improve efficiency by outsourcing some IT functions. However, outsourcing brings with it considerable risks unless appropriate internal controls are established. Future reviews of the appropriateness of IT outsourcing will address the following questions:

• Does NASA include contract oversight clauses and does it provide oversight of the implementation of these clauses?
• Can/Does NASA ensure that contractors provide security screening for IT employees working on NASA information systems?
• Does the Agency know who has ownership interests in the service provider? Can/does NASA determine whether the provider has foreign ownership?
• Does NASA know the security posture of the provider? Is the provider compromised by organized groups/hostile entities?

Oversight of subcontractors

NASA is increasingly relying on its prime contractors and other Government agencies to provide oversight of subcontractor operations. NASA uses a risk-based acquisition management approach to determine how much contractor surveillance is necessary. NASA also relies on the Defense Contract Management Agency (DCMA) and the Defense Contract Audit Agency (DCAA) for oversight reviews and audits of contractors. Both agencies, however, have undergone major reductions in staff and have, therefore, experienced a significant loss of expertise. As a result, NASA contracting officers must remain vigilant over the contracts for which they are responsible and request specific and detailed reviews of areas of risk.

Electronic commerce

NASA is moving rapidly to expand procurements that involve electronic commerce. The Agency now makes purchases through electronic catalogs; the Internet; purchase, fleet, and travel credit cards; and other electronic means, such as just-in-time purchase systems. The Agency is also delegating increased purchase authority to individual employees. NASA must ensure that prudent safeguards and internal controls are in place as the Agency implements these new technologies.

Our audit of NASA's use of SmartPay purchase cards found that the program was generally effective. Management had implemented appropriate controls over the majority (more than 95 percent) of sampled purchases, and the purchases were efficient and cost-effective. We believe that Center managers must continue their vigilance over purchases because we did find some problems by users, including non-conformance with the Federal Acquisition Regulation (FAR) and other Federal guidance. Future reviews will determine whether the Agency is taking full advantage of these new approaches to procurement and whether the Agency has established adequate internal controls over electronic procurements.

Criminal cases

Our Office of Criminal Investigations continues to investigate and prosecute those who commit procurement-related crimes. For example:

• Our investigation of rigged bidding on a computer maintenance contract led to three men pleading guilty to theft of government property, accepting kickbacks, and false claims.
• The principals of a Florida company conspired to create a fraudulent small woman- owned business to obtain NASA Shuttle Processing subcontracts. After our investigation, the company pled guilty to the Major Fraud Act, and paid restitution totaling $685,000.
• A Virginia company pled guilty to mischarging contractual labor hours, and paid restitution.
• Six people pled guilty to kickback conspiracy in a scheme that caused NASA's Stennis Space Center to order millions of dollars worth of materials that were not needed. (In some instances, the materials were subsequently stolen and resold to NASA.) Sentencing resulted in prison terms, fines, and the restitution of $209,000 to NASA.
• In March 2000, a NASA contractor agreed to settle a lawsuit involving unallowable sale-leaseback charges to contracts. The contractor agreed to pay back $38 million.
• Lockheed-Martin agreed to pay $450,000 to NASA after an investigation revealed that Lockheed Martin appeared to have had been underreporting rental income to NASA since 1989.

We have embarked on several outreach efforts to improve the effectiveness of our contract fraud investigation program. We are routinely speaking to both civil service and private sector contracting officials to emphasize the need for these people to cast a watchful eye for suspected fraud and to notify us as soon as possible when they suspect criminal actions against NASA. We also are proposing a Federal Acquisition Regulation requiring the placement of our NASA OIG Hotline posters in most NASA contractor locations to encourage contractor employees to report crimes against NASA. Recently, we distributed to over 30,000 recipients a web version of our OIG Hotline poster.

FISCAL MANAGEMENT

Ongoing and recently completed audits have identified problems with NASA's fiscal management in a number of areas:

Integrated financial management and full-cost accounting

NASA continues to experience difficulty in moving towards an accounting system that would allow NASA managers, as well as the GAO, OMB, and Congress, to accurately determine the full costs of a project and to track whether projects are within budget. NASA's major effort in this direction was the Integrated Financial Management Program (IFMP), a NASA-wide, fully integrated, transaction-driven financial management system. The IFMP was intended to provide full-cost accounting and other budget information, but the contractor tasked to develop the IFMP was unable to deliver the promised system, and NASA issued a stop work order on March 10, 2000. Full implementation of the IFMP has slipped indefinitely. NASA is now focusing on the core financial elements of the IFMP. We remain concerned that delays in implementing the new system will result in continued reliance on outdated systems that do not efficiently provide the financial and management information that the Agency needs.

PROGRAM AND PROJECT MANAGEMENT

NASA faces significant challenges in its program and project management. The Agency is aware of these challenges, and is attempting to improve its application of risk management techniques, human resources management, technology research, and project communication. NASA's Integrated Action Team released a December 2000 report discussing these challenges, and we expect a continuing dialogue with the Agency regarding the best approaches to improving program and project management. We are focusing on key areas, including:

Cost assessment

NASA's ability to provide accurate and credible cost assessments for its projects has been a concern for many years. The 1990 Report of the Advisory Committee on the Future of the U.S. Space Program recommended NASA form an independent cost analysis group made up of about 20 "top-notch specialized personnel" to advise the Administrator on significant cost estimates provided to the Office of Management and Budget and Congress. In 1992, the GAO emphasized that "estimates and analysis provided to the Administrator by the cost analysis group need to be independent in fact and appearance." However, our 1996 review of NASA's relocation of the independent assessment and cost estimation functions found that NASA had not fully implemented these recommendations. Instead, NASA was creating a small assessment and cost estimation function at the Langley Research Center, reporting to the Director of that Center. We were concerned that this group would not have sufficient access to key project and program staff, and might not be considered impartial in any cost evaluations involving Langley.

Last year, we again reviewed the Agency's independent cost estimating capability. We found that NASA is taking steps to improve the Agency's independent cost estimating capability by establishing a Systems Management Office at each Center and adding cost estimators to the Independent Program Assessment Office at Langley. However, we found that NASA had not identified the cost estimating and cost analysis function as a discipline with a specific job series, had not established career development plans for its cost estimators, and did not have a requirement to develop independent cost estimates at all major reviews. Further, we question whether the Agency's reporting and funding structures provide assurance that the cost estimates are independent in fact and/or appearance. NASA Management took some steps to address our recommendations, but we remain concerned that the Agency still does not have the high-quality, independent cost estimation capability required to produce accurate and credible cost estimates. ⁽⁹⁾

Faster, better, cheaper approach

Since 1992, NASA has sought ways to manage programs and projects using the "faster, better, cheaper" ⁽¹⁰⁾ (FBC) philosophy. Following the failure of some high-profile missions (including two missions to Mars) ⁽¹¹⁾ conducted using the FBC approach, we reviewed NASA's implementation of FBC. We found that the FBC initiative has changed the way NASA does business, but has not been adequately defined in NASA's policies and guidance or strategic planning process. (A NASA Task Force on FBC also found that Agency guidance on this philosophy was not sufficiently articulated.) We recommended that NASA develop policies and guidance to define FBC and address how it is to be implemented at NASA, fully incorporate FBC into key strategic management documents and report the results in the annual performance report. We also recommended NASA align human resources with strategic goals, as discussed below.

Human Resources

Our audits have identified human resources challenges in a broad range of NASA programs and projects. In addition to the previously discussed IT security training and recruitment challenges, we found problems in management of human resources in NASA's Expendable Launch Vehicle (ELV) Program Office and in NASA-wide "faster, better, cheaper" projects. Our audit of the ELV Program Office found that during the initial stages of the ELV office at the Kennedy Space Center, the Office of Space Flight had not integrated strategic human resources management into the Office's staff planning. As a result, the ELV Office was understaffed and unable to meet customer demand without the use of overtime and compensatory time. NASA subsequently hired 15 additional engineers in support of the ELV Program Office.

We also identified human resource challenges on a NASA-wide level during our audit of NASA's "faster, better, cheaper" approach to program management. NASA determined that lack of resources (including qualified project managers) contributed to the unsuccessful Mars missions in 1999. We found that other NASA programs were also having difficulty building teams with sufficient skills and experience. We recommended that NASA align human resources with strategic goals in the Enterprise Strategic Plans and Center Implementation Plans. In addition, we recommended that NASA's Annual Performance Plan describe how the Agency is implementing human resources management and that NASA develop a workforce strategy addressing recruitment, training, awards, bonuses, promotions, retention, and succession planning.

LAUNCH VEHICLES

NASA's best-known launch vehicles are the Space Shuttles. Operated on a day-to-day basis by the United Space Alliance, the Shuttles are the world's most capable-and among the world's most expensive-launch vehicles. NASA buys commercial expendable launch vehicles (ELV's) to launch spacecraft that do not require the shuttle's unique capabilities. In addition, since the mid-1990s, NASA has funded technologies and prototypes intended to reduce the cost of access to space and eventually replace the Shuttle.

We continue to be concerned about the use of Space Shuttles to launch payloads that do not require the Shuttle's unique capabilities. The Commercial Space Act of 1998 ⁽¹²⁾ requires the Federal Government to acquire space transportation services from United States commercial providers when feasible. However, our 1999 Assessment of the Triana Mission found that the proposed launch of the Triana spacecraft on the Space Shuttle may conflict with the Act's goals. Our ongoing audit of X-37 Project Management found a similar situation. NASA originally planned to launch the X-37 technology demonstrator vehicle twice on Space Shuttle flights, although the launches do not appear to require the Shuttle's unique capabilities. The X-37 is also being designed for possible launch on an ELV. For both Triana and the X-37, NASA used an exception in the Act that allows "secondary" payloads to be flown on the Shuttle. Neither Triana nor the X-37, however, strictly fit the Agency's only published definition of a secondary payload.

Our Space Shuttle Payloads audit discussed the challenge of setting prices for the launch of commercial or other non-NASA payloads on the Shuttle. NASA has provided customers with prices for individual commercial shuttle payloads, but has not developed a consistent pricing policy for such launches. NASA and the OIG disagree whether a pricing system is required by law, ⁽¹³⁾ and whether NASA must establish a definition for the "fair value" that must be charged to Department of Defense customers in accordance with federal law. ⁽¹⁴⁾ NASA management contends that a pricing policy is not required and that establishing pricing formulas for all conceivable cases would serve no purpose and would reduce the flexibility NASA requires.

Our audits have reported serious problems with NASA's X-vehicle programs. ⁽¹⁵⁾ We believe NASA must take care not to make the same mistakes in the Space Launch Initiative that were made in the cancelled X-33 and X-34 programs. For example, the arrangement under which a program is conducted contributes to the success or failure of a program. Our audit of the X-33 Cooperative Agreement found that use of a cooperative agreement ⁽¹⁶⁾ contributed to a variety of program management problems, which adversely affected X-33 program planning, execution, resource management, property control, and ownership rights. Another potential problem is ill-defined program goals. For example, our audit of the X-34 Technology Demonstrator found that NASA had established a requirement that the X-34 fly 27 times, but had not determined what the requirements were for each flight. In the Space Launch Initiative, we expect NASA to:

• determine clearly what the Agency's goals for the program are and how the funding should be distributed to support those goals,
• develop a management structure that protects the interests of the government, and
• protect the interests of the Government in any assignment of technology rights to industry partners.

TECHNOLOGY DEVELOPMENT

The National Aeronautics and Space Act of 1958 charges NASA with "the improvement of the usefulness, performance, speed, safety, and efficiency of aeronautical and space vehicles." To achieve this goal, NASA-often in partnership with industry and academia-researches and develops new aeronautics and space technologies.

Recent major changes have drawn our attention to NASA's technology development activities. At NASA, the Office of the Chief Technologist was abolished and the Agency's technology development efforts are now the responsibility of the Office of Aerospace Technology. While NASA's aeronautics research programs have been sharply curtailed, consolidation in the aerospace industry has left the United States with only one builder of large commercial aircraft. In space, the commercial space industry continues to drive new space technology development in many areas, but the International Space Station era has begun, opening up new opportunities for in-space research and technology development.

We recently completed an audit of one NASA technology program: the Aviation Safety Program (AvSP). The AvSP consists of six projects that will provide research and technology needed to help the FAA and the aviation community to achieve the national goal of reducing the aviation fatal accident rate by a factor of 5 by 2007. We found that coordination between NASA, the Federal Aviation Administration (FAA), and other partners is adequate. However, NASA needed to make improvements in measuring the Agency's contributions toward meeting the National Aviation Safety goal in order to provide Congress, the aviation community, and the public a more accurate portrayal of the efforts and the risks involved. Management concurred with all recommendations.

Future reviews of NASA technology development activities will focus on a broad range of themes, including:

• ensuring a proper balance between scientific research and technology development and demonstration projects,
• continuing to refine the technology transfer process to ensure that U.S. industry achieves the maximum benefit from the new technologies identified,
• determining whether NASA's organizational structure effectively supports technology development and transfer,
• ensuring that NASA technology demonstrations do not unfairly distort the marketplace,
• ensuring that adequate controls exist on cooperative technology development programs,
• ensuring adequate protection of NASA-developed technology, and
• determining whether appropriate controls are in place on NASA's cooperative technology development programs.

Additional questions we may ask include:

• Is NASA considering the advice of its advisory bodies concerning technology development?
• Is NASA making appropriate use of technologies developed outside of the Agency? Is NASA duplicating technology research that has been (or would have been) developed outside of the Agency?
• Is NASA's technology development organization appropriately structured to ensure effective technology development? Are NASA's enterprises cooperating in research and technology development?
• Are NASA's technology demonstration programs being compromised by added requirements unrelated to technology demonstration?
• Is funding intended for technology development being diverted to other programs?
• Is NASA adequately ensuring that the technologies it develops are not misappropriated? Are trade secrets being protected? Is technology development information appropriately secured?
• Does NASA have the human capital necessary to conduct or oversee technology development programs?

INTERNATIONAL AGREEMENTS

The Space Act provides NASA statutory authority to enter into binding agreements with foreign entities. Since its inception, NASA has entered into approximately 3,500 international agreements. International agreements span every NASA Enterprise and involve numerous programs and projects-the most visible being the multinational ISS Program. International agreements can bring new capabilities to NASA programs, and can serve important foreign policy goals, but they can also increase the risks to mission success, compromise the security of NASA personnel and property, and result in the inappropriate disclosure of sensitive information.

Risks to mission success

International agreements are subject to changes in the policies of both the United States and the foreign governments involved. Changes in economic conditions can also affect some agreements. Untimely Russian contributions, for example, have led to delays and cost increases in the ISS Program. The delay, inability, or decision of a foreign partner to not fulfill an agreement can result in increased NASA cost, impacts to mission schedule, or failure. NASA must ensure that its programs and projects involving international agreements have plans to ensure mission success and/or minimize losses if an international partner is unable to provide their contribution. Our report on space station planning for international partners found that the ISS program's plans for contingencies involving international partners did not contain cost and schedule impacts for the contingencies, and did not clearly identify mitigation measures.

Foreign visitors

International agreements often involve NASA personnel working with foreign national personnel and foreign nationals visiting NASA installations. The Space Act requires the NASA Administrator to establish security requirements, restrictions, and safeguards ⁽¹⁷⁾ to protect NASA personnel, property, and the national security interests of the United States. Our review of Foreign National Visitors at NASA Centers found that controls over access to NASA Centers by foreign national visitors need to be strengthened and uniformly applied on an Agency-wide basis. In response to the report's recommendation, NASA agreed to modify applicable Agency policies to (1) establish a NASA-wide definition of a foreign national, (2) clearly define National Agency Check requirements ⁽¹⁸⁾ and procedures, (3) define procedures for escorting foreign national visitors, and (4) provide a standard badging scheme.

Export Control

NASA's international activities often involve the transfer of commodities, software, and technologies to foreign partners. NASA technology transfers are generally subject to export control laws and regulations, regardless of whether they occur in the United States, overseas, or in space. In response to previous audits, NASA has developed a catalog of classifications for specific exports, improved training and guidance for Export Control Program auditors, and enhanced and strengthened training for NASA employees involved directly or indirectly with technology control. Last year, we reviewed NASA's oversight of contractor exports of controlled technologies and found that the Agency lacked assurance that contractor export activities are performed in accordance with applicable laws and regulations. The review also identified potential export violations by two NASA contractors who were exporting NASA-funded controlled technologies to foreign contractors in furtherance of the International Space Station (ISS) and Space Shuttle External Tank programs. NASA agreed with the report's recommendations, and will provide greater insight on contractors' export activities and strengthen the oversight of NASA-directed exports of controlled technologies.

We followed up our finding of potential export violations with an audit of contractor exports of controlled technologies to determine whether major NASA contractors have established adequate controls over the export of controlled technologies. We found that a major Company did not have effective company policies in place with regard to ISS-related exports, and NASA did not provide sufficient oversight of that Company's export control program. As a result, that Company may have exported controlled technologies in noncompliance with U.S. export laws and regulations. We recommended that NASA management (1) require the Company to establish an appropriate export control program and a detailed company-wide export policy, and (2) periodically review the export control programs of the Company and its subcontractors to ensure that ISS-related exports are being accomplished in accordance with applicable U.S. export laws and regulations. NASA management agreed with the report's recommendations.

Funds paid to the Russian Space Agency

An auditor from the OIG participated in two NASA reviews concerning the payment of NASA funds to the Russian Space Agency. Following one of these reviews, we conducted an in-depth assessment that uncovered a significant problem with the Agency's oversight of NASA-funded Russian research. Our review found that NASA's funding of Russian biotechnology research (as part of a larger program to sustain Russian space researchers) was successful in some regards. However, NASA made a serious misstep. After learning that it was funding biotechnology research at institutes that had been part of the Soviet biological warfare program, and after being provided guidance by the State Department on how to collaborate safely with such institutes, NASA did not follow the State Department guidance. Management agreed with our recommendation that NASA carefully coordinate with the State Department on any future program that funds foreign researchers, particularly in nations not traditionally allied with the United States.

ENVIRONMETNAL MANAGEMENT

We continue to review NASA's management of environmental issues because (1) oversight is often required to ensure that environmental regulations are correctly followed even in times of tight budgets, and (2) the potential downside for the Agency from environmental mismanagement is serious. Some of the issues we are working on include:

Environmental crimes

Our Office of Criminal Investigations has been active in uncovering and prosecuting environmental crime. In an interagency effort, NASA investigators found that a NASA and DOD contractor had regularly illegally stored and burned hazardous waste on its property. Federal criminal and civil cases are underway, but the company has already paid a $500,000 fine to the California Department of Toxic Substances Control. In another case currently in court, we found that a company shipped hazardous materials from a NASA Center and forged shipping documents to show that the drivers were certified to drive hazardous material cargoes, when in fact they were not.

Cost sharing

We found that NASA is not doing enough to pursue cost sharing and cost recovery agreements with potentially responsible parties (PRP's) in cleaning up contaminated sites. (PRP's are entities that may be responsible for contaminating a site and thus must help pay to clean up the site.) The latest in our series of audits on this issue found that NASA has not conducted the preliminary analyses necessary to start the PRP identification and cost sharing agreement process for some of NASA's contaminated sites. We estimate that NASA could save at least $37.9 million through cost sharing at these sites. (Management believes that $7.5 million was a more accurate total.) Although NASA has agreed to supplement its PRP guidance to aid the Centers' cost sharing efforts, we consider this issue to be a significant concern until Headquarters management can ensure that Centers are consistently and adequately implementing Agency policy.

Compliance with NEPA

The National Environmental Policy Act (NEPA) requires federal agencies to consider environmental values and factors in agency planning and decision-making. We audited the Agency's compliance with NEPA. As a result of the audit, the Agency has agreed to address NEPA planning in new guidance under development and to reassess each of the projects or programs that we reported as being noncompliant with NEPA. Again, we will continue to consider this on a significant issue until program and project managers at NASA's Centers consistently and adequately implement Headquarters revised NEPA policies.

RESULTS ACT

The Government Performance and Results Act (GPRA) requires NASA to prepare strategic plans, an annual performance plan, and an annual performance report. We have reviewed and commented on all of these documents during their development, and in response to a Congressional request, we have conducted reviews of the Agency's performance reports. (The performance reports, which state whether the goals of the Performance Plan had been met, are released yearly in March.)

Our review of the FY 1999 performance report concluded that supporting data and information on about one in five performance targets we reviewed did not accurately support the results described. We recommended that NASA's CFO establish policies to ensure (1) that all targets in the annual Performance Plan are clear and specific and can be accurately measured and reported and (2) that the program offices effectively validate and certify supporting data and reported final results prior to submitting them for the annual Performance Report. NASA management concurred with the recommendations.

We are now preparing an audit report on NASA's FY 2000 Performance Report. The audit and NASA's report will be issued later this month. The audit reviewed the supporting data for 23 performance targets related to 6 critical areas: procurement, financial management, information technology, the ISS, program and project management, and safety and mission assurance. We found a significant improvement in the reporting of actual performance. However, again we found that the data did not accurately support the described results in approximately one in five performance targets we reviewed.

NASA could improve the accuracy of its performance reports by more effectively validating supporting data and by developing clearer, more specific performance targets. We plan to recommend that NASA verify and validate supporting data for the FY 2000 targets we did not audit; ensure the development of future GPRA targets that are clearer and better represent desired performance ⁽¹⁹⁾; and ensure that data limitations are fully disclosed in future performance reports. These changes, if implemented, would make the Performance Report a more valuable resource for decision-makers.

CONCLUSION

NASA faces a broad range of challenges. Our audits, investigations, and other reviews are intended to assist the Agency in identifying challenges and to propose potential solutions. We look forward to continued cooperation with management in promoting economy, efficiency, and effectiveness within the Agency.

If you are interested in learning more about the activities or reports referenced in this testimony, you can find the full text of most of our reports on the NASA OIG homepage, at http://oig.nasa.gov/, or contact my Office at (202) 358-2061.

Again, thank you for the opportunity to discuss NASA's management challenges.

---

FOOTNOTES:

1. The United Space Alliance (USA) is a Boeing /Lockheed Martin joint venture responsible for day-to-day operations of the Space Shuttle.

2. Our draft report on the propulsion module recommended that NASA cancel the module due to its increased estimated cost.

3. In response to a Congressional request, we reviewed the proposed airborne ISS Crew Medical Transport (available 24 x 7) and found that NASA was involved in a complex barter arrangement with a Japanese company to procure an aircraft. However, the Agency had not conducted a thorough assessment to determine whether the aircraft was the most effective means of meeting the Agency's needs.

4. Communications security (COMSEC) is defined as the measures and controls taken to deny unauthorized persons information derived from telecommunications and ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emission security, and physical security of COMSEC material.

5. Cookies are text files saved in the browser's directory or folder. There are two types of cookies -- session and persistent. A session cookie is automatically deleted when the user's browser is closed. A persistent cookie is a small text file placed on a consumer's computer hard drive by a Web server. The cookie transmits information back to the server that placed it and, in general, can be read only by that server.

6. A Privacy Statement contains an agency's privacy policy. The policy must clearly and concisely inform visitors to the site what information the agency collects about individuals, why the agency collects it, and how the agency will use it. Privacy policies must be clearly labeled and easily accessed when someone visits a Web site.

7. Critical network assets include border routers, firewalls, and intrusion detection systems.

8. NASA's lack of IT skills and awareness of threats has also impeded some of our computer-related criminal investigations.

9. The 1998 report of the Cost Assessment and Validation Task Force on the International Space Station (the Chabrow report) provides an example of how a small independent group of skilled cost estimators can provide highly useful budget predictions for NASA and Congress. The report is available on the web at http://www.nasa.gov/cavtf/cavtf_1.html.

10. The "faster, better, cheaper" philosophy has never been clearly defined by NASA. However, compared to past NASA practice, "faster, better, cheaper" is generally understood to involve launching a larger number of smaller spacecraft on shorter schedules, and incorporating advanced technology into those spacecraft. In part, the purpose of "faster, better, cheaper" missions is to decrease the financial risk involved in losing large expensive projects. The missions also reflect a philosophy to "build, test, fly" scientific and technology experiments in the context of NASA's decreased budgets.

11. After review teams found that a mistake involving conversions between English and metric units had contributed to the failure of one of the Mars missions, we reviewed NASA's use of the metric system and recommended changes to ensure that the NASA followed national and Agency guidelines for metric use.

12. Public Law 105-303

13. 42 United States Code (USC) 2466 sets forth a "reasonable customer incentives" provision which NASA contends provides them wide latitude.

14. 42 USC 2464

15. NASA's X-Vehicle programs are aimed at building and flying experimental vehicles to test new technologies and concepts. NASA recently decided to end support for the X-34 technology demonstrator rocket-plane and the X-33, a program initiated to build and fly a prototype next-generation launch vehicle.

16. Cooperative agreements are not procurement contracts as they do not acquire goods and services for the direct benefit of the U. S. Government. Also, these agreements are not subject to the procurement statutes, or the Federal Acquisition Regulation (FAR).

17. Possible safeguards include different-colored badges for foreign visitors, escorts, etc.

18. A National Agency Check consists of a records check with the Federal Bureau of Investigation (FBI), Department of State, Immigration and Naturalization Service, Central Intelligence Agency, and the Defense Security Service to determine whether an agency's records contain any information on a specified individual's involvement in criminal or intelligence gathering activities.

19. For example, NASA's IT security metrics need improvement. An ongoing report on Information Technology Security Planning found that the limited IT security metrics in NASA's fiscal year 2001 performance plan do not provide an adequate assessment of NASA's IT security program. As a result, the IT security risks and metrics that NASA reports to the Congress may understate NASA's IT vulnerabilities and provide undue assurance on the integrity, availability, and confidentially of information.