What GAO Found In 2021, the Department of Defense (DOD) required the military services to establish career paths in military justice that would allow military attorneys, known as judge advocates, to specialize as litigators (e.g., trial counsel, defense counsel, and military judges). The Navy has had such a program in place since 2007, and by 2022 the Army, the Marine Corps, and the Air Force had submitted plans for their own career paths. However, GAO identified issues that may hinder the success of these judge advocate career reforms. Specifically, the services: Do not have a communication strategy. The Army, Marine Corps, and Air Force have begun to promote their newly established career paths. However, judge advocates interviewed during this review told GAO that, in general, litigators at these three services do not trust that it will result in department-wide cultural change. Developing and implementing a strategy to communicate the establishment of and leadership support for the career paths may help attract judge advocates and increase litigator experience levels. Have not assessed the need for tailored experience standards for supervisory litigators and defense counsel. All four services have developed general professional experience requirements—called experience standards—judge advocates must obtain to serve as litigators. The services have also developed specific experience standards for a limited number of positions, such as military judges and victims' counsel. However, they have not assessed the need for tailored experience standards for other key positions, including supervisory litigators and defense counsel. Without assessing the need for tailored experience standards for other litigation positions, and implementing any recommendations from the assessment, the services lack reasonable assurance that they are placing the right judge advocates into potentially critical positions. Lack an approach for evaluating career path effectiveness. Multiple issues will limit the military services' ability to determine the effectiveness of these paths once fully implemented. First, the services do not collect key data to assess the effectiveness of the career paths, including litigator retention rates, reasons litigators separate from military service, and the number of litigator positions the services have filled. Second, DOD lacks a framework for assessing the effectiveness of the career path that includes performance measures and an evaluation plan. Collecting quality data on the military justice career path, developing a standardized suite of performance measures, and an evaluation plan would help the services measure progress towards achieving their goals and objectives as well as identify and address any challenges. Without addressing these issues, DOD risks falling short of achieving the objective of its judge advocate career reforms—increasing the experience and competence of military justice litigators. Why GAO Did This Study The military justice system depends on skilled and experienced litigators to try cases involving military personnel. However, DOD and a congressional committee have recently raised concerns about litigators' skills, qualifications, and career management, and whether they are sufficient to handle highly complex cases, such as sexual assault cases. House Report 117-397 includes a provision for GAO to review the military services' military justice communities, including their structure, experience requirements, and the use of military justice career paths. This report examines the extent to which the services have (1) implemented military justice career paths, (2) established experience standards for litigation positions, and (3) established mechanisms to determine the effectiveness of the career paths. GAO reviewed guidance, analyzed program documentation, and interviewed service officials as well as litigators at a nongeneralizable sample of four military installations.

What GAO Found The Strategic National Stockpile (SNS) is a multibillion dollar inventory of drugs, vaccines, supplies, and other medical countermeasures that can be provided to jurisdictions—states, localities, territories—and Tribes during emergencies. The Department of Health and Human Services (HHS) provided four primary types of resources ahead of recent public health emergencies—COVID-19 and mpox—to help jurisdictions access and use SNS assets. This included guidance, recurring communication, trainings and exercises, and an inventory management system. The 62 jurisdictions we surveyed reported challenges during the COVID-19 and mpox responses related to understanding the SNS inventory and coordinating on requesting and receiving SNS assets. HHS has taken steps to address some of these challenges by creating a new office focused on external coordination and developing a new system to track SNS requests. Jurisdictions also reported challenges related to understanding federal agencies' roles and navigating outdated guidance. These challenges led to jurisdictional confusion during response efforts. While HHS has taken some actions, challenges still exist regarding the lack of (1) clearly defined roles for HHS agencies that work with SNS assets; and (2) procedures for updating SNS's main guidance document. For example, the main guidance document for SNS assets has not been updated since 2014 and does not reflect the agency currently responsible for the SNS. By defining and sharing SNS roles and developing procedures for updating guidance, HHS would help jurisdictions navigate SNS processes improving response efforts. GAO Survey Results About Strategic National Stockpile Written Guidance Jurisdiction and tribal officials identified other coordination issues that may affect future responses. This included jurisdiction officials not seeing, or being unaware of, HHS response plans including those specific to the SNS, and federal efforts needed to help jurisdictions manage stockpiles that expanded after the COVID-19 pandemic. HHS officials said they plan to coordinate with jurisdictions on these issues by creating and sharing information about response planning and stockpile management. Also, GAO found that Tribes experienced various concerns with requesting and receiving SNS assets. In response, an HHS working group is focused on clarifying the ways Tribes can request SNS assets. However, HHS has not assessed the unique challenges—such as geography and infrastructure—that could affect Tribes' ability to receive SNS assets. By engaging with Tribes to do such an assessment, HHS and Tribes would be better equipped to deliver and receive assets, respectively, collectively strengthening preparedness and response efforts to future incidents. Why GAO Did This Study Recent public health emergencies have highlighted the importance of coordination across all levels of government. One key component of the nation's medical response is the SNS. In January 2022, GAO placed HHS's leadership and coordination of public health emergencies on its High Risk List, in part due to coordination issues with the SNS. The CARES Act includes a provision for GAO to report on the federal response to the COVID-19 pandemic. This report examines (1) SNS resources provided to jurisdictions; (2) challenges jurisdictions faced in accessing SNS assets during two recent emergencies; and (3) jurisdictional and tribal SNS coordination issues that might affect future responses. For this work, GAO surveyed public health officials from all 62 jurisdictions nationwide and received a 100 percent response rate. GAO also interviewed officials in nine jurisdictions which were selected to obtain variation in governance structure and tribal presence, among other criteria. GAO also reviewed guidance, presentations, strategic plans, and other documentation; compared HHS actions to leading practices for collaboration and federal internal controls; and interviewed HHS and tribal officials.

Why This Matters Changing maritime threats are pushing the U.S. Navy to increase its pace for designing and delivering new ships. Since 2009, GAO has used leading practices in commercial shipbuilding to evaluate the plans and execution of Navy shipbuilding programs. GAO’s numerous recommendations have spurred Navy action to improve acquisition practices and the use of taxpayer dollars. Yet, the Navy has continued to face persistent challenges in its ability to design and deliver timely, affordable new ships that perform as expected. Computing power and digital design capabilities have rapidly changed in the 15 years since GAO first identified leading ship design practices. As a result, GAO’s examination of commercial industry’s current practices helps ensure that the activities and performance of the Navy’s shipbuilding programs are evaluated against cutting-edge practices used to design new ships efficiently and effectively. Key Takeaways GAO found that leading commercial ship buyers and builders prioritize shorter, predictable periods for design and construction, which result in delivering timely ships that meet current user needs. In contrast, the Navy's approach often results in significantly longer design and construction cycle times for its shipbuilding programs' lead ships. Comparison of Design and Construction Cycles for Selected Commercial and Navy Ships Note: For commercial ships, the range of months indicates the shortest and longest typical periods for companies to deliver a ship after contract award. For Navy ships, the range of months for different ship types indicates the shortest and longest periods for the Navy to provide selected lead ships to the fleet since 2007. For Navy programs with a contract prior to the detail design and construction award, the earlier award date represents the start of the cycle. Key differences between commercial companies' and the Navy's ship design practices contribute to the slower pace and less predictable cost, schedule, and performance outcomes for Navy shipbuilding programs. Leading design practices involve effective management of a ship's business case—a reflection of the balance of customer needs and the resources needed to develop and produce the ship; and focus on efficiently maturing new ship designs to better inform decisions on schedule, cost, and performance. This includes using consistent, meaningful design maturity measures to determine readiness to move from design to construction. GAO Comparison of Leading Ship Design Practices for Commercial Companies and U.S. Navy How GAO Did This Study A conference report directed GAO to examine ship design practices. This report assesses (1) the leading design practices used by commercial ship buyers and builders to inform their understanding of design maturity and readiness for construction, and (2) how the Navy’s ship design practices compare to the leading practices in commercial ship design. To address these objectives. GAO interviewed and reviewed documentation from four commercial ship buyers and five shipbuilders—builders generally also design the ships. GAO selected these companies using criteria reflective of commercial success in designing, building, and buying ships relatable to Navy ships. GAO also reviewed its prior work on leading practices for shipbuilding and product development. In addition, GAO reviewed documentation and interviewed representatives from the Navy and selected Navy shipbuilders, as well as reviewed prior work on Navy shipbuilding program efforts. Based on the results of these activities, GAO compared the ship design practices used by the Navy with leading commercial practices.

What GAO Found The top priority of the 2022 National Defense Strategy is to defend the U.S. homeland by addressing the growing multi-domain threat posed by China. As the Department of Defense (DOD) addresses this priority, GAO's body of work has shown that U.S. military readiness has been degraded over the last 2 decades due to a variety of challenges, including high operational demands. Implementing GAO's open recommendations will help DOD address these challenges and enhance readiness. The figure below shows selected GAO recommendations that DOD has not yet implemented. Selected Open GAO Recommendations to Address Persistent Military Readiness Challenges Why GAO Did This Study DOD is continuing its work to maintain the U.S. military's advantage across all domains in a new security environment characterized by great-power competition. To meet that goal, DOD's focus is rebuilding and restoring readiness while also modernizing its forces. DOD's readiness rebuilding efforts are occurring in a challenging context that requires the department to make difficult decisions regarding how best to address continuing operational demands while preparing for future challenges. This statement provides information on readiness challenges across the air, sea, ground, and space domains. This statement is primarily based on published GAO reports since 2021 that have examined aspects of military readiness, operations, and sustainment in the air, sea, ground, and space domains. This statement also is based on a draft report on space readiness that was provided to DOD in February 2024 for review and comment. To perform all this work, GAO analyzed Army, Navy, Air Force, Marine Corps, and Space Force readiness, maintenance, personnel, and training data and interviewed cognizant officials.

What GAO Found The U.S. Victims of State Sponsored Terrorism Fund (Fund) was created in 2015 to provide compensation to certain U.S. persons injured in acts of state sponsored terrorism. It is financed through the collection of certain criminal or civil penalties, fines, and proceeds from asset forfeitures. From fiscal years 2016 through 2023, the Fund received deposits of about $3.4 billion, including $2.4 billion from civil and criminal receipts. Since 2020, the Fund has experienced a declining balance mostly attributable to lower deposits from civil and criminal penalties, fines and forfeitures. Civil and Criminal Case Deposits to the U.S. Victims of State Sponsored Terrorism Fund, Fiscal Years 2016 through 2023 GAO evaluated the three options for increasing deposits to the Fund, as identified in the 2022 Fairness for 9/11 Families Act, and identified potential impacts associated with each option. Specifically: Increase percentage of civil fines and penalties deposited from 75 to 100 percent: Using Department of Justice data from 2016 to 2023, GAO estimated this option would likely increase the annual amount deposited to the Fund in future years by about $17 million, with a range of $13 to $23 million. Expand scope of criminal offenses: GAO found this option would result in an increase in deposits to the Fund. However, the change could adversely impact other funds and programs such as the Department of Justice's Assets Forfeiture Fund. Expand type of civil penalties or fines: GAO found this option may result in an increase in deposits to the Fund. For example, deposits may increase if applicable civil penalties were expanded to include providing material support to a Foreign Terrorist Organization. However, the change would result in an inconsistency in the types of covered actions for which penalties are deposited and the claimants eligible for the Fund. Why GAO Did This Study Acts of international state sponsored terrorism resulted in the deaths and injuries of thousands of people. In 2015, the Justice for U.S. Victims of State Sponsored Terrorism Act established the U.S. Victims of State Sponsored Terrorism Fund. The Fund provides compensation to certain U.S. persons injured in acts of state sponsored terrorism. The Fund did not authorize a round of payments in January 2024 due to insufficient funds. The Fund's balance at the end of fiscal year 2023 was down to $281 million. The 2022 Fairness for 9/11 Families Act includes a provision for GAO to evaluate three specific options for increasing deposits to the Fund, including the impact of these options. This report addresses the potential effects of, among other things, (1) increasing the percentage of civil penalties and fines that are currently deposited to the Fund under existing statutes from 75 percent to 100 percent; (2) expanding the scope of the criminal offenses for which funds are deposited in the Fund; and (3) expanding the type of the civil penalties or fines for which funds are deposited in the Fund. GAO reviewed Department of Justice and Treasury reports and analyzed data on all prior and current sources of deposits into the Fund from criminal and civil penalties and fines. GAO also conducted a literature review of funding mechanisms used by other government trust funds, and interviewed agency officials and representatives from groups representing or advocating for victims of state-sponsored terrorism. For more information, contact Triana McNeil at (202) 512-8777 or mcneilt@gao.gov.

What GAO Found Spacecraft developed by the National Aeronautics and Space Administration (NASA) depend on software and IT, which, in turn, rely on cybersecurity to prevent, detect, and respond to potential cyber incidents. A cyber incident could result in loss of mission data, decreased lifespan or capability of space systems, or the loss of control of space vehicles. Cyber threats and technology change rapidly. In response, the federal government issues government-wide cybersecurity guidelines, such as the National Institute of Standards and Technology's Risk Management Framework. Contracts for the selected NASA projects GAO reviewed required contractors to address cybersecurity, consistent with NASA standards. In 2019, NASA identified a set of cybersecurity requirements for spacecraft to address. For example, NASA requires spacecraft to protect positioning, navigation, and timing systems. The three spacecraft projects GAO reviewed—Gateway Power and Propulsion Element; Orion Multi-Purpose Crew Vehicle; and Spectro-Photometer for the History of the Universe, Epoch of Re-ionization and Ices Explorer—started development before 2019. Nevertheless, GAO found these contracts include requirements related to NASA's spacecraft cybersecurity standards. Contracts also required contractors to demonstrate requirements are met through testing. Since the issuance of its 2019 cybersecurity requirements, NASA has considered, but not yet implemented, updates to its spacecraft acquisition policies and standards. In 2023, NASA issued a space best practices guide containing information on cybersecurity principles and controls, threat actor capabilities, and potential mitigation strategies, among other things. However, this guidance is optional for spacecraft programs. NASA officials explained that one key reason they have not yet incorporated this guidance into required acquisition policies and standards is because of the length of time it takes to do so. GAO acknowledges that the standards-setting process can take time, but it is essential that NASA do so for practices that should be required. However, officials stated that they did not have an implementation plan and time frame to incorporate additional security controls into acquisition policies and standards. As a result, NASA risks inconsistent implementation of cybersecurity controls and lacks assurance that spacecraft have a layered and comprehensive defense against attacks. Why GAO Did This Study NASA's space development project portfolio includes 34 major projects, in which NASA plans to invest more than $83 billion. Spacecraft are operating in a heightened cyber threat environment with increased risks of attack and mission disruption. NASA has identified civil space events that demonstrate the need to better protect spacecraft against cyber threats. GAO was asked to examine the cybersecurity requirements in NASA contracts for its spacecraft projects. This report assesses the extent to which NASA (1) incorporated cybersecurity in selected spacecraft contracts and (2) determined whether additional cybersecurity updates, if any, are needed to its acquisition policies and standards for spacecraft. GAO reviewed NASA policies and standards regarding spacecraft cybersecurity. GAO selected a nongeneralizable sample of three spacecraft projects, chosen because they represent different NASA centers and development stages, and include at least one robotic and one human spaceflight project. For these three, GAO analyzed contracts and project documents. GAO also interviewed project and cybersecurity officials.

What GAO Found The Department of Defense (DOD) provided Ukraine with billions of dollars’ worth of weapons from its stockpiles to help respond to Russia’s full-scale invasion in 2022. As of March 2024, Congress provided $25.9 billion in supplemental funding that DOD can use to replace these weapons. DOD obligated more than 70 percent of this funding—over $18 billion—as of December 31, 2023. Over $16 billion was obligated for the procurement of weapons and industrial base expansion, while the remainder was obligated to reimburse DOD transportation and logistics costs. Ammunition, missiles, and combat vehicles account for most of these obligations, as shown below. Procurement Obligations for Supplemental Replacement Funding by Defense Industrial Base Sector, as of December 2023 Note: The DOD Comptroller subsequently updated the data to correct some internal reprogramming actions that were inaccurately recorded, which could result in some variations in the dollar values presented in the figure. DOD requested an additional $18 billion in supplemental funding beyond the $7.7 billion that remains unobligated to continue replacing weapons transferred to Ukraine. In April 2024, Congress passed legislation to provide DOD about $13.4 billion that may be used to replace weapons sent to Ukraine. DOD identified multiple supply chain challenges that weapon programs are experiencing. Generally, these are long-standing challenges made worse by events such as the COVID-19 pandemic and increased demands from Ukraine, among other factors. Long lead times associated with the delivery of supplier parts and raw materials are affecting many weapons programs. One missile program that GAO reviewed reported a lead time increase from 19 to 34 months within the last 2 years for electronic parts, such as circuit card assemblies. To address these challenges, DOD is using some of the $25.9 billion that Congress provided to expand the defense industrial base’s production capacity. Since February 2022, DOD has committed or obligated over $2.8 billion to increase weapons production. For example, DOD is using nearly $2 billion of this funding to drive a sevenfold increase in 155mm ammunition production. DOD is also relying on multiyear procurement, a contracting approach that provides up to 5 years of requirements through one contract. Multiyear procurements can benefit the industrial base by providing a stable demand signal up front. This can drive cost savings for the government. For example, DOD can generate discounted pricing by purchasing multiple years’ worth of supplies at once. The military departments awarded or plan to award multiyear procurement contracts to help replace five types of weapons provided to Ukraine. However, DOD officials and contractor representatives told GAO that they face challenges implementing this authority. Some suppliers are reluctant to enter into long-term agreements that lock them into certain prices across multiple years. DOD is collecting lessons learned based on its first-time use of supplemental funding for replacement. These include observations on challenges and solutions for using multiyear procurement contracts, among other things. Why GAO Did This Study In response to Russia’s invasion of Ukraine in February 2022, Congress appropriated supplemental funding to assist Ukraine. Of the more than $113 billion under four Ukraine supplemental appropriations acts as of November 2023, $25.9 billion can be used by DOD to replace weapons transferred to Ukraine, such as missiles and ammunition The defense industrial base—the companies, people, and facilities needed to produce and sustain weapons—will need surge production to replenish DOD’s stocks, in addition to meeting other increased demands. DOD previously identified risks in 2018 and during the COVID-19 pandemic that may limit the defense industrial base’s ability to do so. Public Law 117-328 includes a provision for GAO to monitor DOD’s use of Ukraine supplemental funding. This report provides information on DOD’s use of the $25.9 billion to replace weapons sent to Ukraine and actions DOD is taking to address defense industrial base challenges that could delay replacement efforts. To perform this review, GAO analyzed DOD data and documentation as well as interviewed DOD officials and contractor representatives. GAO also conducted case studies of four weapons in the missile and combat vehicle sectors. For more information, contact W. William Russell at (202) 512-4841 or RussellW@gao.gov.

What GAO Found The U.S. Agency for International Development (USAID) has standard processes to assess risks to its delivery of assistance in countries worldwide. In countries affected by violent conflict, factors such as attacks on aid facilities can complicate delivery of assistance. Certain USAID processes target specific types of risk, including fiduciary risks such as fraud, counterterrorism- or sanctions-related risks, and security risks. However, GAO found that, contrary to leading practices, USAID did not comprehensively assess or document, in fraud risk profiles, the relevant fraud risks affecting its assistance in the three conflict-affected countries GAO selected for its review—Nigeria, Somalia, and Ukraine. As a result, USAID cannot ensure it has identified and is mitigating all relevant fraud risks in these countries. Funding Obligated by Selected USAID Bureaus and Missions, Fiscal Year 2023 Note: Selected bureaus are the Bureau for Humanitarian Assistance and the Bureau for Conflict Prevention and Stabilization. Amounts shown have been rounded to the nearest million. USAID bureaus and missions providing assistance overseas have controls to prevent and detect fiduciary, counterterrorism- or sanctions-related, and security risks, but their ability to conduct direct oversight in conflict zones is limited. Therefore, they rely largely on remote techniques, such as third-party monitoring for oversight. However, an absence of guidance for using third-party monitoring to detect risks has led to varying use and knowledge of this method. In addition, while the Nigeria and Ukraine missions conduct financial reviews to detect fiduciary risks, the Somalia mission has not. Additional oversight in conflict zones would strengthen USAID's ability to detect risks of misuse or diversion. USAID's Bureaus for Humanitarian Assistance and for Conflict Prevention and Stabilization have formal mechanisms to share lessons learned about risk management in conflict zones, but USAID does not have such a mechanism for its missions in conflict-affected countries. The bureaus share these lessons through risk-focused groups, among other means. USAID missions primarily identify lessons learned from staff's prior experiences in conflict zones. Without a mechanism to systematically share lessons learned across conflict zones, conflict-affected missions will not benefit from valuable practices employed in other conflict zones and may unnecessarily make or repeat mistakes. Why GAO Did This Study In 2023, USAID obligated about $26 billion to assist 19 countries experiencing violent conflict. Limitations on USAID's ability to directly oversee its assistance in conflict-affected areas increase the risk of misuse or diversion. USAID has documented its commitment to protect the integrity of foreign assistance, steward taxpayer funds, and manage risks of fraud and corruption. GAO was asked to review USAID's risk management in conflict zones. This report evaluates the extent to which USAID has processes for assessing risks to assistance delivery in conflict zones; controls to prevent and detect such risks; and mechanisms for sharing lessons learned about risk management in conflict zones. GAO reviewed documents and interviewed agency officials. GAO also conducted site visits and reviewed a sample of USAID-funded awards for Nigeria, Somalia, and Ukraine. GAO based its selection of these countries on factors such as the prevalence of conflict. In addition, GAO compared USAID's processes and controls to guidance for fraud risk management in federal programs, USAID policies and guidance, and standards for internal control in the federal government.

This letter provides GAO's comments on the International Ethics Standards Board for Accountants' (IESBA) exposure draft, Using the Work of an External Expert. GAO promulgates generally accepted government auditing standards, which provide professional standards for auditors of government entities in the United States.

To alert the audit community to changes in professional standards, we periodically issue Professional Standards Updates (PSU). These updates highlight the effective dates of recently issued standards and guidance related to engagements conducted in accordance with Government Auditing Standards. PSUs contain summary information only, and those affected by a change should refer to the respective standard or guidance for details.

What GAO Found The Navy uses data to measure its crewing target levels and monitor personnel readiness. These data are called fill and fit metrics. Fill metrics measure the number of personnel onboard a ship. Fit metrics measure the skill, experience, and specialty skills of personnel. However, the data are not sufficiently reliable or transparent. Specifically, GAO found that the Navy applies some calculation rules to this data that result in counting some junior enlisted sailors as filling positions that require more senior-level sailors. For example, with one calculation rule removed, the number of fit sailors in positions linked to nuclear-powered ships fell (see figure). Until the Navy removes these calculation rules, it will continue to rely on data that does not provide an accurate understanding of the true extent of the skill and experience gaps across the fleet. Example of Calculation Rules Included and Removed on Enlisted Sailor Fit Data as of May 2023 The Navy does not consistently use validated personnel requirements to inform decisions. Personnel requirements identify the sailor positions and the specific skill levels needed to perform the Navy's work. Navy Manpower Analysis Center (NAVMAC) determines and validates personnel requirements through periodic workload studies for ships to ensure these requirements reflect the right number and mix of positions needed to support Navy operations. These validated requirements should be used to inform funding decisions. However, GAO found that personnel requirements data in the Navy's authoritative system was sometimes lower and sometimes higher than validated requirements. Several issues contribute to limitations in the reliability of the Navy's requirements data. For example, Navy guidance does not clearly specify that only NAVMAC can validate changes to these requirements. As a result, the Navy may rely on unvalidated requirements during its annual process to inform funding decisions. Until the Navy updates relevant guidance to clarify what specific sources it can rely on to present validated personnel requirements, it cannot ensure that it is making decisions about personnel funding based on accurate information. Why GAO Did This Study Crewing ships with an adequate number of personnel who have the right skills and experience is vital for executing missions and mitigating risks. However, the Navy has historically assigned fewer crewmembers to ships than are required to operate them safely. Such crewing shortfalls contributed to the fatal Navy surface ship collisions in 2017. A House Report includes a provision for GAO to review the Navy's ship crewing efforts. Among other things, GAO assessed the extent to which the Navy uses data that reflect accurate crewing levels and validates personnel requirements to make informed funding and crewing decisions. GAO reviewed policies and guidance for crewing personnel to ships, compared and analyzed fill and fit metric and personnel requirements data from fiscal years 2018 through 2023, and interviewed Navy officials. GAO also conducted small group discussions with enlisted sailors and leadership from seven ships.

Applying lessons from prior U.S. efforts in countries engaged in recovery activities during and after a conflict can inform recovery efforts in Ukraine and increase the likelihood of sustainable results. The Big Picture Recovery efforts can start while a conflict is ongoing. In Ukraine, such efforts have begun as the country seeks to stabilize areas under its control. The U.S. has already started funding and implementing projects to address short-term recovery needs and to plan for longer-term efforts, even during the conflict. Our work over the last 30 years illustrates lessons for improving the results of U.S. recovery assistance, which could aid these efforts in Ukraine. The U.S. is currently focusing on governance, rule of law, and economic reform assistance, which is vital for attracting private sector investment, preparing Ukraine for European Union membership, and ensuring the results of future reconstruction efforts. The World Bank and other donors estimate total recovery needs at $486 billion over 10 years. Donors expect that the private sector could fund a significant portion, including large infrastructure projects, if investment risks are manageable. Applying lessons on (1) maintaining a clear strategy and financial plan, (2) ensuring political and civil society support, (3) promoting effective coordination, and (4) establishing and utilizing accountability mechanisms increases the prospect that assistance will lead to sustainable outcomes and reduces fiduciary risks. What GAO’s Work Shows U.S. assistance for recovery efforts should be guided by comprehensive strategies that, among other things, clearly define objectives and estimate costs. Rule of law assistance to countries of the former Soviet Union had limited results and was unsustainable. We recommended that U.S. agencies create strategies with defined, sustainable outcomes. In Iraq and Afghanistan, challenges in rebuilding efforts underscored the importance of strategies that clearly articulate objectives and indicate the funding resources needed to achieve and sustain them. In Iraq, worsening security conditions led to delays and increased overall project costs beyond what was anticipated, emphasizing the need to revise timelines and estimated costs to reflect changes in security. Political will and civil society support in the host (recipient) country are necessary for reforms to succeed. Opposition from powerful vested interests can slow reform or prevent it entirely. Enhancing political will and civil society support can increase the chances of assistance having the greatest benefit. In Bosnia, where U.S. assistance aimed to build basic government institutions and create a free market economy, we found Bosnian leaders' lack of political will had impeded reform. We recommended conditioning aid on measurable progress. In Nigeria and other African countries, working with leaders who were committed to anti-corruption reforms was crucial. Public-private partnerships and campaigns by civil society groups are ways to raise awareness of problems and generate will for reform. Practices that facilitate coordination among U.S. agencies and with the host country and other international donors increase awareness of ongoing programs. They also increase the quality and efficiency of assistance through improved program design and reduced duplication. Coordination mechanisms, such as embassy-level working groups or interagency databases, may reduce duplication, overlap, or fragmentation in U.S. assistance. In 2020, we found embassy staff in Ukraine lacked full information on democracy assistance programs. We recommended that State Department develop an information-sharing mechanism for coordination, but it had not done so as of April 2024. Transferring information to incoming embassy staff ensures continuity in decision-making, especially in conflict zones with high staff turnover and attrition. International donors can better support host country priorities when the host government identifies the type and amount of assistance it needs. Coordination may be hindered when other donors have their own mandates, funding, and priorities. Establishing U.S. and host country accountability mechanisms for recovery assistance can increase transparency and the likelihood that any financial assistance is used as intended. In Iraq and Afghanistan, the U.S. increased oversight of recovery efforts by providing additional funding for departmental and government-wide oversight entities. Their work identified accountability issues and resulted in cost savings. Limited monitoring of projects in Afghanistan due to security concerns heightened the risk of fraud, waste, and mismanagement of resources. In Syria, third-party monitors promoted accountability in insecure situations but needed training, including on identifying fraud. Remote monitoring with digital tools such as videoconferencing can also be used where it is unsafe to conduct in-person oversight. Security issues can reduce the quality of foreign assistance evaluations by limiting the ability to collect appropriate and reliable data. A preventive, strategic approach to managing corruption and fraud risks is critical. It should include context-specific risk assessments, a risk mitigation plan emphasizing preventive controls, anti-corruption controls, and documentation requirements for transparent decision-making. Challenges and Opportunities Policymakers need to consider several questions in applying lessons for improving the results of recovery assistance to Ukraine, including the following: Given that insecurity can threaten recovery, howcan the U.S. make sustainable investments inUkraine’s recovery while the war is ongoing? Currently, Ukraine’s government supportsaccountability reform. What actions can the U.S.take to sustain this support while managinguncertainty over continued funding? How can the U.S. best coordinate with otherdonors and Ukraine to avoid duplication orfragmentation of efforts? Amid volatile security conditions, whataccountability measures can the U.S. implementto mitigate corruption, fraud, and diversion risks? For more information, contact: Latesha Love-Grayer, Director, International Affairs and Trade, LovegrayerL@gao.gov, (202) 512-4409.

What GAO Found The Census Bureau fully implemented selected leading practices for risk management, but it did not fully implement selected leading practices for managing requirements, cost, and schedule for the Center for Enterprise Dissemination Services and Consumer Innovation (an enterprise-wide data dissemination modernization program), as shown in the table. Extent to Which the Census Bureau Implemented Selected Areas for Managing the Center for Enterprise Dissemination Services and Consumer Innovation Program Management area Overall assessment Risk Management ● Fully implemented Requirements Management ◕ Substantially implemented Cost ◐ Partially implemented Schedule ◔ Minimally implemented Source: GAO analysis of Census Bureau data. | GAO-24-105979 The Bureau substantially implemented leading practices for requirements management. However, it did not consistently trace requirements forward and backward from their source to the end product. As a result, the program faces challenges in ensuring it adheres to project requirements. Additionally, the program's cost and schedule estimates were unreliable because the Bureau did not substantially or fully implement leading practices. Specifically: Although the program substantially met two of the four characteristics of a high-quality, reliable cost estimate (well documented and accurate), it only partially met the remaining two characteristics (credible and comprehensive). The program did not substantially meet any of the four characteristics of a reliable schedule: comprehensive, well constructed, credible, and controlled. Without reliable cost and schedule estimates, the Bureau increases the risk of cost overruns and unmet performance targets. GAO's prior work identified several cybersecurity and privacy challenges the Bureau faces implementing its IT modernization programs, including addressing cybersecurity workforce challenges, improving information security initiatives and programs, enhancing its detection and response to cyber incidents, and ensuring respondent privacy while maintaining the usability of public Census data. The Bureau has taken steps to address these challenges but lacks detailed plans and strategies. For example, the Bureau drafted a strategy in 2023 to improve the cybersecurity of software development and operations. However, the strategy has not been finalized and does not include specific information (e.g., time frames) for accomplishing its objectives. In addition, the Bureau was unable to provide detailed information about the steps it plans to take to balance the privacy of respondents to the 2025 American Community Survey against the usability of public data. Until the Bureau develops detailed plans and time frames for these activities, it risks not meeting its objectives of effectively securing and protecting its IT systems and data. Why GAO Did This Study The Census Bureau's IT systems are essential to collecting and providing data about the nation's people and economy. During the run up to the 2020 Census, the Bureau faced challenges in modernizing and consolidating its IT systems. For future surveys, including the 2030 Census, the Bureau has embarked on four modernization programs to collect, process, and disseminate data. GAO was asked to review the Bureau's implementation of key modernization programs. This report (1) examines the extent to which the Bureau is implementing leading practices related to managing risks, requirements, cost, and schedule for a selected enterprise-wide IT program; and (2) describes the key cybersecurity and privacy challenges the Bureau faces in implementing its IT modernization programs and the extent to which the Bureau has plans to address them. GAO selected the data dissemination program due to the maturity of its cost and schedule documentation. GAO assessed the program's management of risks, requirements, cost, and schedule against leading practices. In addition, GAO reviewed prior GAO reports and Bureau plans related to cybersecurity and privacy challenges, and interviewed Bureau officials.

The Big Picture Trade and investment between the U.S. and the People’s Republic of China (PRC) have grown immensely in recent decades. In 2023, PRC was the second-largest source of U.S. imports and the third-largest U.S. export market, according to the U.S. Census Bureau and the U.S. Bureau of Economic Analysis. In 2022, PRC-based foreign direct investment in the U.S. totaled almost $29 billion, and U.S. direct investment in PRC was $126 billion, according to the U.S. Bureau of Economic Analysis. But PRC is also a major competitor, and the U.S. Trade Representative warned that “China routinely deploys economic and trade policies and practices that promote unfair competition and state-directed outcomes rather than fair competition and market-based outcomes.” These practices include trade in illicit goods, use of forced labor, and theft of sensitive technologies. Our extensive work in this area has identified actions that federal agencies should take to ensure that their workforce, information-sharing, data collection, and decision-making processes address these practices. The U.S. government has programs to mitigate these economic security risks while maintaining an open investment climate and protecting the robust and codependent trade relations on which America’s prosperity relies. Export controls are used to manage risks associated with exporting sensitive technology, while protecting contributions of foreign scholars. Tariffs that protect U.S. industries from certain PRC trade practices have exclusions to mitigate potential harm to U.S. companies and workers. Import restrictions are enforced to stop illicit trade, which threatens to harm the U.S. economy and consumer safety. What GAO’s Work Shows We made numerous recommendations to bolster policymakers’ efforts to combat PRC’s harmful and unfair economic practices. Workforce planning can help ensure agencies have enough staff with the right skills to enforce import restrictions on goods made with forced labor. The Executive Branch committee authorized to review certain foreign investment transactions that can result in foreign control of a U.S. business faces resource limitations due to its growing workload and the complexity of the transactions it reviews.  Resource assessments are crucial to ensuring the committee’s effectiveness. Agencies still need to determine whether legislation is required to address security concerns posed by some foreign investments. Targeted outreach to universities is a key enforcement mechanism to prevent unauthorized transfer of sensitive technology to PRC. Agencies still need to establish mechanisms to periodically assess risk factors used to prioritize universities for such outreach. Additional guidance can support university efforts to properly safeguard export-controlled items and comply with export controls, but agencies still need to ensure they consistently interpret regulations. Better public communication can strengthen enforcement of prohibitions on importing goods produced by forced labor, such as seafood. Improved information sharing with companies can strengthen enforcement of prohibitions on importing counterfeit goods. Agencies still need to evaluate the effectiveness of their enforcement efforts. Agencies need to enhance policies, such as conflict of interest procedures, to help mitigate threats of foreign influence in federally funded research. Agencies still need to take steps to enhance data collection and sharing on foreign investments in agricultural land to increase the visibility of potential security risks. Improved data on students from countries of concern, such as PRC, can strengthen efforts to identify and assess technology transfer risk. Enhanced data analysis of duties collected to remedy unfair trade practices can help identify risks, and agencies still need to take further steps to mitigate nonpayment risk. We found that consistent and timely decisions are needed on company requests for exclusion from certain tariffs on imports from PRC that protect against excess global supply. Agencies still need to take steps to minimize errors in requests and improve timeliness. Public guidance to companies requesting relief from paying certain steel and aluminum tariffs should be complete and up-to-date, and agencies still need to create a policy to update their guidance. Challenges and Opportunities Despite recent declines in its economy, PRC’s power continues to grow. Experts have warned that PRC’s ambitious infrastructure investments and role in implementing development programs may expand its global economic and political influence. For example, its “Belt and Road Initiative,” sometimes referred to as the New Silk Road, is designed to link global trade routes through physical infrastructure. PRC-based companies dominate supply chains for both critical minerals and everyday goods, and recent disruptions have highlighted subsequent vulnerabilities, such as product shortages and inflationary pressures. To protect a fair and open economic system, the U.S. must balance the benefits and risks of trade and investment with PRC. Policymakers continue to combat economic risks through actions such as preventing theft of sensitive technologies, strengthening import prohibitions on goods made with forced labor, and reviewing potential national security risks of PRC-based ownership of agricultural land. With continued focus, policymakers can further enhance these efforts to counteract PRC abuses and enforce rules against unfair trade and labor practices. For more information, contact Kimberly Gianopoulos, Direct, Internional Affairs and Trade at (202) 512-8612 or GianopoulosK@gao.gov.

What GAO Found Target date funds (TDFs) are widely offered and have become the most popular investment option used by 401(k) plan participants. TDFs allocate assets over time based on participants' targeted retirement dates. The Pension Protection Act of 2006 facilitated plan sponsors' automatic enrollment of employees into their plans using default investments, including TDFs. Plan sponsors GAO spoke with said they choose TDFs as their default investment because TDFs offer low fees, a well-diversified all-in-one portfolio, and a “set it and forget it” option for participants. A nationwide study showed that the share of participants offered TDFs increased from 42 percent in 2006 to 84 percent in 2020. According to other studies, auto-enrollment contributed to a majority of participants investing solely or primarily in TDFs, which represent more than a quarter of 401(k) assets. Variation in TDF design affects their performance and risk. Asset managers design TDFs' investment mixes to shift from higher risk assets (e.g., stocks) to lower risk assets (e.g., fixed income) over time, based on participants' targeted retirement dates. These mixes varied more within 10 years of the target date, according to GAO's analysis of Morningstar Direct data. In addition, as COVID-19 disrupted financial markets in March 2020, TDFs that were further from their target dates lost a larger share of their value than TDFs closer to their target dates because they were more heavily invested in higher risk assets. For instance, an average TDF with a 2060 target date lost 14 percent of its value from February to March 2020, whereas the average TDF with a 2020 target date lost 8 percent of its value. While TDFs closer to their target dates experienced smaller losses in March 2020 than those further from their target dates, their performance varied more. This was due to more variation in their investment mixes. Negative returns are significant for participants close to, or in, retirement because they have less time to recover from them than those who are further from retirement. The Department of Labor (DOL), the Office of the Comptroller of the Currency (OCC), and the Securities and Exchange Commission (SEC) oversee TDFs through disclosure requirements, enforcement, and examinations. But DOL's guidance has not been updated and lacks detail. For example, DOL developed guidance in 2010 for participants and in 2013 for plan sponsors to help them select TDFs. However, the guidance does not include recent developments such as the increase of TDFs structured as collective investment trusts. Collective investment trusts are bank-administered pooled funds established exclusively for qualified plans such as 401(k)s. The responsible bank acts as the fiduciary and holds legal title to the assets. Without updated guidance, plan sponsors and participants may experience challenges identifying and understanding disclosures for collective investment trust TDFs. Why GAO Did This Study Millions of Americans depend on TDF investment options offered by their 401(k) plans for financial security in retirement. According to Morningstar, a financial services firm, and the Investment Company Institute, an association that represents regulated investment funds, there was about $2.8 trillion in TDF assets held in defined contribution plans as of June 2023. As the stock market dropped precipitously at the start of COVID-19, retirement experts and members of Congress raised questions about variation in the performance and risk exposure in TDFs, particularly those held by participants close to retirement. GAO was asked to examine TDFs' performance and risk. This report examines the extent to which 401(k) plans and participants use TDFs; how asset allocations, risk, performance, and fees vary across TDFs; and how DOL, OCC, and SEC oversee TDFs, among other topics. GAO analyzed Morningstar Direct data, including all TDFs structured as mutual funds that were active from 2017 to 2021, the most recent available data at the time of the request. GAO also reviewed retirement industry documents; and interviewed industry representatives and officials from DOL, OCC, and SEC.

What GAO Found The National Mediation Board (NMB), which facilitates labor relations for railroads and airlines, has implemented two of GAO's four remaining recommendations from past reports. Specifically, NMB has updated its privacy policy and developed a process to track issues raised by the National Labor Relations Board (NLRB) Inspector General's (IG) office, which operates a hotline on NMB's behalf. However, NMB has not yet fully implemented the other two recommendations. NMB has not updated its continuity of operations plan, a key component of an information security program. The agency also continues to use two cloud services that are not federally approved. By not fully implementing these recommendations, NMB is increasingly vulnerable to information security risks to its data and systems. Status of GAO Recommendations to the National Mediation Board In addition, NMB faces challenges related to its workforce planning, training, and personnel policies. NMB has no procedures for regularly reviewing and updating its workforce and succession plan. NMB has had difficulty filling its many vacant positions, and more than half of NMB's current staff are eligible for retirement within the next 5 years. NMB has initiated efforts to update the plan, but without procedures for keeping it up to date, NMB will not be positioned to effectively manage its workforce needs. NMB lacks procedures for regularly updating its training policy. Moreover, some officials have been assigned essential duties outside of their primary expertise but received little training related to these roles. Without procedures to keep NMB's training policy up to date, and sufficient training for officials with essential additional roles, NMB cannot ensure all officials have the knowledge and skills required to meet the agency's mission. NMB also lacks procedures for ensuring its personnel policies are complete and updated. Without such procedures, NMB risks operating without needed policies or being out of compliance with federal regulations. Why GAO Did This Study NMB was created by a 1934 amendment to the Railway Labor Act. It plays a critical role in helping airline and railway carriers resolve labor disputes to avoid work stoppages and prevent disruptions to interstate commerce. The FAA Modernization and Reform Act of 2012 includes a provision for GAO to evaluate NMB programs and activities every 2 years. Between 2013 and 2022, GAO issued five reports that included a total of 18 recommendations. As of the start of this review in May 2023, NMB had implemented 14 of those recommendations. This sixth report examines (1) the extent to which NMB has taken actions to implement the four remaining recommendations from GAO's prior reports; and (2) any other challenges NMB faces in key management areas and in overseeing its operations. GAO reviewed relevant federal laws and regulations and examined NMB documents, plans, policies, and practices. GAO also interviewed officials from NMB, an NMB advisory group, the NLRB IG, and NMB's independent financial auditor.