The nation needs a watchdog whose bark is heeded. The U.S. General Accounting Office has issued more than two dozen reports on aviation security over the past 15 years. These reports recognized – and articulated clearly – the potential for security failures that terrorists exploited in the attacks of 9-11-01. How can auditors get their message out and get results? In studying what did and did not go well in the case of aviation security, GAO can both improve its own performance and allow those of us in state and local government audit shops to learn to do better as well.
On April 6, 2000, Dr. Gerald Dillingham of GAO testified before Congress that “It is often said that a chain is only as strong as its weakest link; in the case of aviation security, there are still many weak links.” In June 2000, GAO issued its last major report on aviation security prior to the attacks. In light of subsequent events, the opening paragraph of the report seems chilling.
The threat of attacks on aircraft by terrorists or others remains a persistent and growing concern for the United States. According to the Federal Bureau of Investigation, the trend in terrorism against U.S. targets is toward large-scale incidents designed for maximum destruction, terror, and media impact – exactly what terrorists intended in a 1995 plot to blow up 12 U.S. airliners in a single day. That plot, uncovered by police in the Philippines, focused on U.S. airliners operating in the Pacific region, but concerns are growing about the potential for attacks within the United States.
We have long recognized that the measure of success in performance auditing is impact. A 1991 report from GAO entitled How to Get Action on Audit Recommendations states:
The benefit from audit work is not in the recommendations made, but in their effective implementation. Important measures of an audit organization’s effectiveness are the type of issues it tackles and the changes/improvements it is able to effect.
The report goes on to say that while management is ultimately responsible for the result, there is a great deal that an auditor can do to get more action and better results. Four areas are outlined for auditors to focus on: quality recommendations, commitment, aggressive monitoring and follow-up, and special attention to key recommendations. An Association of Government Accountants task force on performance auditing drew a similar conclusion. Their report, issued in 1993, recognized that while many factors could prevent auditors from having an appropriate impact on agency operations and results, nevertheless, the auditor is responsible for getting results. They wrote:
In fact, it would be inappropriate to call any particular audit a failure because its recommendations were not implemented. But, after all of these and other limitations are recognized, we come back to the view that performance auditors should aim for impact. Over time, a successful performance audit organization should see its reports being used in the executive and legislative processes, and it should see a significant number of its recommendations implemented, either through legislative or executive action.
The AGA task force further concluded that audit organizations should actively strive to examine and improve their performance in this regard, including having independent studies of the impact of their work. They go on to say:
We suggest, however, that performance auditors do more than keep a score card on implementation of recommendations. Auditors should use their impact tracking system to gain insights into the factors that influence the successful utilization of audit reports. And, in addition to self-monitoring, auditors should periodically obtain an outside assessment of how well their work is being utilized and what impact it is having.
The world of government auditing looks to GAO for leadership. In many respects, it can be argued that GAO is the premier audit institution in the world. The agency’s annual report, Performance and Accountability, shows a recommendation implementation rate that regularly hits a respectable 75 percent and outstanding performance on a broad array of other measures. And yet, in aviation security, GAO did not get the action needed, and, I think, recognized that it was failing to do so. Understanding the reasons for the failure would take a great deal of work as well as honest reflection and soul searching. I think GAO should undertake this effort, make changes in its own work, and communicate to the accountability community the lessons learned so that the rest of us may also become better at what we do.
|
Funkhouser on Auditing