NASA Inspector General: NASA’s Most Serious Management and Performance Challenges

Full report

13 Nov 2007

TO: Administrator

FROM: Inspector General

SUBJECT: NASA’s Most Serious Management and Performance Challenges

As required by the Reports Consolidation Act of 2000, these are our views of the most serious management and performance challenges facing NASA. Over the past year, NASA has been working to address these challenges and improve Agency programs and operations through various initiatives and by implementing recommendations made by the Office of Inspector General (OIG) and other evaluative bodies, such as the Government Accountability Office (GAO). An overarching challenge concerns how NASA integrates diverse programmatic and institutional functions across geographically dispersed operations. Each of the five challenges listed below, and summarized in the enclosure, is colored by this overarching challenge.

• Transitioning from the Space Shuttle to the Next Generation of Space Vehicles. Balancing schedule and resource constraints while maintaining the capabilities required to fly the Space Shuttle safely and effectively and, simultaneously, developing the next generation of space vehicles.
• Managing Risk to People, Equipment, and Mission. Effectively managing risk, safety, and mission assurance controls to ensure reliable operations in the context of aggressive launch and mission schedules, funding limitations, and other future uncertainties.
• Financial Management. Ensuring that the Integrated Enterprise Management Program (IEMP) improves NASA’s ability to efficiently provide reliable information to management, supports compliance with the Chief Financial Officers Act and other Federal requirements, and strengthens the Agency’s Internal Control Program to address continued problems such as NASA’s internal controls over property, plant, and equipment and materials (PP&E).
• Information Technology (IT) Security. Improving management and operational and technical controls to protect the information and information systems vital to the Agency’s mission.
• Acquisition and Contracting Processes. Developing adequate cost estimates, managing program costs, and ensuring that NASA is using the most advantageous acquisition and procurement strategies and safeguards to promote competition in contracting and to maximize the Agency’s ability to fulfill its missions.

Transitioning from the Space Shuttle to the next generation of space vehicles remains on the list of challenges because of the complexity of balancing the human capital, equipment, and property needs of the Space Shuttle Program with the needs of the Constellation Program without compromising either program. The challenge arises within the framework of a projected 5-year gap between the last expected flight of the Space Shuttle in 2010 and the first projected flight of the Crew Exploration Vehicle (CEV) in 2015.

That 5-year period will challenge NASA’s ability to maintain employee skill sets, efficiently utilize its infrastructure and suppliers, and provide adequate support to the activities of the International Space Station (ISS). At issue is maintaining the critical skills now present in the Space Shuttle workforce throughout the remaining Shuttle flights while placing additional emphasis on defining the skill sets needed by the Constellation Program. NASA’s plans to rely on international partners and commercial providers during the 5-year gap period to provide the support necessary to operate the ISS will also be a challenge because the capabilities, schedules, and funding requirements for NASA, its international partners, and commercial cargo vehicles are not yet firm enough to ensure that the ISS mission objectives can be fulfilled.

NASA’s role as the Nation’s leader in space and aeronautics research and development contains inherent risk management challenges. Continuing to confront the Agency are operational and safety risks and mitigating these risks is a continuous challenge.

Even when the risk management system is robust, activities such as flying the Space Shuttle involves the acceptance of substantial amounts of risks. For example, notwithstanding risk mitigation efforts by the Agency subsequent to the Columbia accident and since return to flight, foam continues to liberate from the external tank and potentially threaten the orbiters and their crews. The alternative to managing (and accepting) the risk would be to permanently ground the Shuttles. Grounding has occurred for temporary periods to address specific issues or to conduct a comprehensive review of issues. However, grounding the Shuttles prior to the planned retirement of the Space Shuttle program in 2010 would result in a failure to accomplish the missions that have been laid out for the program over the next 3 years. The Agency’s willingness to accept risks, such as those associated with continued Shuttle flights to accomplish the mission, may reflect or it may exceed the Nation’s tolerance for such risk. NASA refers to the Shuttle as a test flight and experimental vehicle recognizing the risk inherent in the program. A misalignment between the risk NASA accepts and the Nation’s tolerance for such risk will bear no negative consequence so long as NASA’s risk acceptance is rewarded with successful flights. Were tragedy to strike again, however, the merits of manned space flight to the moon and Mars would likely be reevaluated.

NASA programs are constantly challenged by risks introduced by fiscal and schedule tightening that result from internal weaknesses such as failing to adequately identify requirements prior to program execution and not adequately overseeing contractor performance. NASA programs are also challenged by risks associated with the reprioritization of resources to meet continually evolving demands. These pressures can be manifest in subtle and incremental ways. These fiscal challenges are not new and NASA’s past difficulty in developing systems within cost, schedule, and performance parameters are well documented.

NASA’s financial management remains on the list of challenges because of continued internal control problems affecting the Agency’s ability to produce complete and accurate financial statements and provide sufficient evidence to support statements throughout the fiscal year. These deficiencies have resulted in a disclaimer of opinion on its financial statements by Independent Public Accountant audits since FY 2003. Many of the deficiencies the audits disclosed resulted from a lack of effective internal control procedures and data integrity issues. Although NASA has made progress in addressing these deficiencies, during FY 2007, the auditors noted that similar inadequacies still exist.

Two of the most significant deficiencies involve the financial statement preparation process and NASA’s internal controls over property, plant, and equipment and materials (PP&E). NASA’s financial statement preparation process contains deficiencies affecting NASA’s ability to effectively accumulate, assemble, and analyze information to timely develop its financial statements on a routine and recurring basis. Consistent with last year’s audit report, NASA’s ongoing PP&E weakness is a result of NASA relying primarily on a retrospective review of disbursements to determine amounts that should be capitalized with a heavy dependence on contractors to identify assets created at a contractor’s location.

We have again included IT Security as a most serious management and performance challenge because our work and that of the Agency continues to report that significant weaknesses persist and many IT security challenges remain. Significant management and operational and technical control weaknesses continue to impact the Agency’s IT Security Program and threaten the confidentiality, integrity, and availability of NASA information and its systems. That threat is tangible in that the Agency continues to be a target for criminal computer intrusions. For example, NASA OIG recently investigated a series of unlawful computer intrusions into NASA’s Earth Observation System networks. Aside from the operational impact to the Agency’s mission, such as the temporary suspension of automated processes, these intrusions cost NASA $1.5 million for incident mitigation and clean-up costs alone.

Significant challenges include establishing an IT security internal control program; enhancing intrusion detection and computer forensics with incident management analysis; implementing improved NASA network security monitoring capabilities; and managing IT asset and Internet protocol addresses. Although these challenges are significant, NASA has taken tremendous steps in FY 2007 to bolster its IT security defenses. Despite the progress NASA has made in improving its IT Security Program, IT security is still a most serious management and performance challenge and is recognized by the Agency as a material weakness.

Weaknesses in NASA’s acquisition and contracting processes pose significant challenges to NASA’s ability to make informed investment decisions. GAO reported that NASA still lacks a modern, fully implemented integrated financial management system to provide accurate and reliable information on contract spending, has undisciplined cost-estimating processes, and lacks the ability to obtain information needed to assess contract progress. Audits and investigations completed by OIG and GAO in FY 2007 also continued to reveal systemic problems in areas such as knowledge-based acquisitions and procurement process abuses. Challenges to the Agency include implementation of changes to its acquisition approach and preventing and deterring procurement fraud.

In FY 2008, the OIG will continue to conduct work that focuses on NASA’s efforts to meet these challenges as part of our overall mission to promote the economy and efficiency of the Agency and to root out fraud, waste, and abuse.

Robert W. Cobb
Enclosure