FAS | Intelligence | GAO Reports | GGD-98-141 Building Security ||||
Index | Search | Join FAS

General Services Administration: Many Building Security Upgrades Made But Problems Have Hindered Program Implementation
(Testimony, 06/04/98, GAO/T-GGD-98-141)

Testimony of Bernard G. Ungar 

Before the Subcommittee on Public Buildings and Economic Development

Committee on Transportation and Infrastructure

House of Representatives



Many Building Security Upgrades Made But

Problems Have Hindered Program Implementation










In response to the April 19, 1995, bombing of the Murrah Federal Building in Oklahoma City, the President directed the Department of Justice (DOJ) to assess the vulnerability of federal office buildings, particularly to acts of terrorism and other forms of violence. A DOJ-directed interagency working group issued a report in June 1995 recommending specific minimum security standards for federal buildings and criteria, guidance, and timetables for evaluating the security needs of federal buildings and estimating the cost of needed upgrades. The President directed executive departments and agencies to upgrade the security of their facilities to the extent feasible based on the DOJ report's recommendations, and he gave the General Services Administration (GSA) this responsibility for the buildings it controls.

In July 1995, GSA initiated a multimillion-dollar security enhancement program for its 8,300 buildings. Using the criteria, guidance, and timetables recommended in the DOJ report, GSA has made progress in assessing risks, setting priorities, and completing thousands of upgrades in its buildings, particularly the high-risk ones. GSA's computer-based upgrade tracking system showed that about 7,000 upgrades were completed between October 1, 1995, and March 31, 1998, and based on data from GSA's accounting system, we estimated that GSA obligated roughly $353 million from the Federal Buildings Fund (FBF) for these upgrades. However, because of erroneous and incomplete data in these systems, we were unable to reliably determine the exact status or costs of the program.

Mistakes made by rushing to meet the DOJ report's recommended timetables so it could improve security in federal buildings before the first anniversary of the Oklahoma City bombing, staff reductions due to downsizing, uncertain funding sources, and unreliable data in GSA's upgrade tracking and accounting systems hindered GSA's implementation of the program. GSA didn't meet either the DOJ recommended times for completing building security evaluations and upgrade cost estimates or its own internal goals for completing security upgrades. Funding uncertainties continue because GSA and the Office of Management and Budget (OMB) have not yet completely agreed on how best to fund all the future costs of the building security program. Finally, GSA does not have valid data needed to assess the costs versus the benefits of upgrades and the extent to which completed upgrades have contributed to increased security or reduced vulnerability to the greatest threats to federal office buildings. Therefore, we are recommending that GSA correct the data in its upgrade tracking and accounting systems; ensure that all GSA buildings are evaluated for security needs; work with OMB to ensure sufficient funding is available for the building security program; and develop outcome-oriented program goals, measures, and evaluations so that it can better manage the program and work toward mitigating security threats in its buildings.

Mr. Chairman and Members of the Subcommittee:

I am pleased to be here today to discuss the General Services Administration's (GSA) progress in upgrading the security of federal buildings under its operation. As you know, following the April 19, 1995, bombing of the Murrah Federal Building in Oklahoma City, the President directed the Department of Justice (DOJ) to assess the vulnerability of federal office buildings, particularly to acts of terrorism and other forms of violence. Under the direction of DOJ, an interagency working group comprising security professionals from nine federal departments and agencies issued, in June 1995, a report recommending specific minimum security standards for federal buildings. Subsequently, the President directed executive departments and agencies to upgrade the security of their facilities to the extent feasible based on the DOJ report's recommendations. The President gave GSA this responsibility for the buildings it controls, and in July 1995, GSA initiated a multimillion-dollar security enhancement program for its 8,300 buildings.

You requested that we evaluate the GSA building security upgrade program. Specifically, you asked that we determine (1) what criteria GSA used to assess security risks and prioritize security upgrades for its buildings, (2) the implementation and operational status of GSA's security upgrade program and the costs GSA has incurred by both funding source and type of security upgrade (such as x-ray machines and security guards), and (3) whether any problems have hindered GSA's implementation of the security upgrade program.

In summary, we found that GSA used the DOJ report's criteria to assess risks and prioritize security upgrades in its buildings. Despite the formidable challenges posed by this program, GSA has made progress implementing upgrades in federal buildings throughout the country, particularly in its higher risk buildings. GSA's data systems indicate that about 7,000 upgrades were completed and we estimate that roughly $353 million were obligated from the FBF for the upgrade program nationally between October 1, 1995, and March 31, 1998. However, mistakes made by rushing to meet the timetables in the DOJ report because of GSA's sense of urgency to upgrade security in its buildings, reduced staffing due to downsizing, data reliability problems, and uncertain funding sources have hindered GSA's upgrade program implementation. Because of data reliability problems, neither GSA nor we can specify the exact status or cost of the building security upgrade program, and because GSA has not established program outcome measures, neither GSA nor we know the extent to which completed upgrades have resulted in greater security or reduced vulnerability for federal office buildings. Thus, GSA is not in a good position to manage its program to mitigate security threats.

Before presenting specific information on our findings, I would like to provide some information on our scope and methodology. In responding to your request, we interviewed key GSA officials in Washington, D.C.; and in GSA Regional Offices in Atlanta, GA; Ft. Worth, TX; Denver, CO; and the National Capital Region of Washington, D.C.; and obtained and reviewed the DOJ report as well as documents from GSA relating to the planning, implementation, and operation of the security upgrade program. We held discussions and obtained data from representatives of the Office of Management and Budget (OMB), the GSA Office of Inspector General (OIG), and several federal agencies that have organizational units in GSA-owned and -leased buildings. We did not evaluate the appropriateness of the DOJ building security standards or the effectiveness of either GSA's building security program or security programs administered by other agencies. We did our work from July 1997 to May 1998 in accordance with generally accepted government auditing standards. We have included more details about our scope and methodology and additional details about our findings in appendixes I through IV.


GSA used the criteria and guidance recommended in the DOJ report to assess the types of security upgrades needed and to prioritize its buildings for receiving upgrades. The DOJ report established minimum security standards in categories such as perimeter and interior security, and provided guidance for estimating upgrade costs. Different standards were to be applied to each building based on its evaluated risk level. Risk levels were to be assigned to buildings using criteria such as tenant population and volume of public contact, with level I the lowest risk level and level V the highest. The report also recommended that GSA establish a building security committee (BSC) in each GSA-controlled building to identify the minimum security requirements needed in each specific building. The committees were to consist of representatives from all agencies occupying a given building and were to be assisted by a GSA regional physical security specialist in identifying and estimating the costs of needed security upgrades. GSA assigned initial risk level designations to its buildings based on information available at the time, pending more definitive determinations by the BSCs. Generally, GSA prioritized its buildings for receiving security upgrades based on risk level, with the higher risk buildings receiving security assessments and needed upgrades first. (For further details, see app. II.)


Although GSA has completed many building security assessments, upgrade cost estimates, and upgrades, we weren't able to reliably determine the total numbers of upgrades completed nationally because GSA's upgrade tracking system contained incomplete and erroneous data. According to GSA, tracking system data were unreliable because its regional staff did not always appropriately or accurately record upgrade transactions in the tracking system.

The Federal Protective Service (FPS)--the physical security and law enforcement arm of GSA's Public Buildings Service--developed a computerized database system to track the status of all building security committee-requested upgrades. The system, which became fully operational in early 1996, was designed to track by region, and by building, upgrades requested, approved, and completed, as well as upgrade cost estimates.

The tracking system was also intended to serve in part as a forerunner to a larger government-wide database of security upgrades in all federal buildings, as required by Executive Order 12977, dated October 19, 1995. The order created the Interagency Security Committee, which was to be chaired by GSA's administrator or his designee, comprising representatives from 17 federal agencies and specific individuals. The Committee was established to enhance the quality and effectiveness of security in buildings and facilities occupied by federal employees.

As of March 31, 1998, the tracking system showed that about 7,800 upgrades had been approved and about 7,000, or 90 percent, had been completed. Our review of the records of 53 buildings and our visits to 43 buildings in GSA regions 4, 7, 8, and 11, as well as visits by GSA's OIG audit staff to 121 buildings in GSA regions 1, 4, 7, and 11, showed that GSA had completed security upgrades in many of its buildings across the United States. Examples of the types of upgrades that we observed on our visits to GSA buildings around the country included (1) concrete bollards constructed around building perimeters, (2) security cameras installed and in use both inside and outside of buildings, and (3) metal detectors and x-ray machines installed at building entrances and operated by GSA or contract security personnel.

However, based on our work and that of the OIG, we do not believe that a reliable determination of the building security upgrade program's status can be made because of errors in the upgrade tracking system. GSA's upgrade tracking system contained errors related to the number of upgrades approved and the number completed in 24, or 45 percent, of the buildings we reviewed and in 65, or 54 percent, of the buildings reviewed by the OIG. For example, (1) some upgrades that were shown as approved and completed in the tracking system in fact were not completed, and the requests for the upgrades had been cancelled; and (2) some approved upgrades shown in the system as completed weren't complete, and in fact the related security equipment was boxed and stored. According to GSA, these errors occurred because GSA personnel didn't always appropriately or accurately record the status of the upgrades in the tracking system.

In addition to these errors related to upgrades approved, completed, and cancelled in the tracking system, we have concerns about whether all GSA buildings have been evaluated for security needs. We found that, as of October 1997, the nationwide upgrade tracking system contained little or no evidence that building security evaluations had been done for 754 GSA buildings, 14 of which were level-IV buildings. We judgmentally selected a sample of 26 of the 754 buildings and attempted to determine whether a security evaluation had been done by contacting a representative from each building's security committee during December 1997 and January 1998. Representatives from 22 of the 26 buildings responded. Of the 22, representatives of 5 buildings told us that a building evaluation wasn't done, 6 said they weren't sure whether one was done, and 7 representatives said that the evaluations were done, but the remaining 4 representatives said that evaluations weren't applicable for their buildings because (1) the lease for the federal agency tenants in the building had been terminated, (2) the building was leased and used only for storage purposes, (3) the building was a maintenance garage with access limited to agency personnel, and (4) the building was no longer in use.

For the 11 building representatives that said a building evaluation was not done or that they weren't sure, we asked whether they believed that their buildings' current levels of security met the DOJ minimum standards. Representatives of four buildings said "yes"; five said they didn't know; and two said that the standards weren't applicable to their specific buildings because the agencies were moving out of the buildings. Four of the five that said they didn't know also said that they weren't aware of the DOJ minimum security standards.

Similarly, we found no evidence in GSA's building files that security evaluations had been done for a number of buildings that had no requests for security upgrades in the tracking system. During the latter part of 1997, we judgmentally selected 50 buildings in two GSA regions that showed no requests for security upgrades in the tracking system, and we found no evaluations on file for 12, or 24 percent, of the buildings. GSA had initially classified 3 of these 12 buildings as level IVs, 8 as level IIIs, and 1 as level II. Ten of the 12 buildings were in one GSA region.

FPS officials told us that they weren't sure whether evaluations had been done for all GSA buildings. They said that although they had attempted to obtain evaluations for all buildings, not all BSCs had provided evaluations.


In addition to being unable to reliably determine the program's operational and implementation status, we also couldn't reliably determine the actual costs or obligations incurred by GSA for security upgrades because GSA's accounting system, like its tracking system, contained significant errors. Further, we couldn't determine the actual costs incurred by type of security upgrade because GSA said that its accounting system was not designed to account for costs by upgrade type. Nevertheless, based on the existing accounting system data, we estimate that from October 1, 1995, through March 31, 1998, GSA obligated roughly $353 million for the building security upgrade program nationally. The source of those funds was the FBF. As you know, the Fund consists primarily of rent that GSA charges federal agencies for space and is administered by GSA. It is the primary means of financing the capital and operating costs associated with GSA-controlled federal space.

According to GSA, and we agree, the accuracy of these obligations data was unreliable because of errors GSA personnel had made when they recorded obligations for upgrade transactions in the accounting system. For example, late in fiscal year 1997, FPS attempted to identify regions with unneeded upgrade funding allowances that could be shifted to regions in need of funds to complete upgrades. In FPS' analysis, it identified over $5 million in obligations shown in the accounting system for upgrades in 109 buildings in 10 GSA regions for which there were no corresponding approved upgrades shown in the tracking system. FPS found that (1) $0.9 million of the obligations related to other GSA programs rather than the building security upgrade program; (2) $0.6 million in obligations related to upgrades that in fact had been completed but were shown in the tracking system as cancelled and voided by GSA; (3) $1.2 million in obligations related to upgrades completed in other buildings; and (4) $1.6 million were valid obligations, but the corresponding upgrades had inadvertently not been entered into the tracking system. FPS was uncertain about the remaining discrepancies. FPS found similar problems relating to upgrades recorded in the tracking system for which there were no corresponding obligations recorded in the accounting system. Because of these errors or discrepancies in the obligations data, FPS was unable to complete its efforts to reallocate funds among regions for over 2 months. We discuss these discrepancies in more detail in appendix III.


In addition to the unreliable nature of the data in the upgrade tracking and accounting systems, several other problems have hindered and slowed GSA's implementation of the security upgrade program. These included (1) funding source uncertainties; (2) mistakes made to meet deadlines by a downsized staff, as well as a sense of urgency to rapidly complete as many security upgrades as possible; and (3) unreliable upgrade cost estimates. As a result of these problems, GSA was not able to meet several program implementation goals. In addition, GSA lacks information about the benefits of upgrades relative to their costs; has not established specific program effectiveness goals, outcomes, or measures; and doesn't know whether and to what extent federal office buildings' vulnerability to acts of terrorism and other forms of violence has been reduced.

Funding uncertainties: Uncertainties about the source of funds for the security upgrade program have confronted GSA from the beginning. With no specific building security upgrade funding initially identified in fiscal year 1996 budget plans, GSA had to use FBF funds that were intended for other purposes. In addition, because of funding concerns in early fiscal year 1996, GSA placed on hold proposed costly upgrades, such as the purchase of parking areas adjacent to GSA buildings. Further, even though the June 1995 DOJ report recommended that GSA consider increasing the rent of federal agencies to pay for the increased costs of upgraded security, uncertainty continues to exist regarding the source of funds for the building security program. While GSA has projected about $260 million in obligations for fiscal year 1998 and budgeted about $251 million in obligations for fiscal year 1999 on building security, GSA and OMB have not yet reached complete agreement on how best to fund all the future costs of the program. Once GSA and OMB agree on how to fund increased security costs, the increased funding would be contingent on congressional approval in the appropriations process.

Timetables, staff, and urgency issues: According to GSA officials, GSA wanted to add as much security as possible in federal buildings before the first anniversary of the Oklahoma City bombing--April 19, 1996. The officials said that this sense of urgency, coupled with the program implementation timetables in the DOJ report and limited availability of staff due to downsizing, led to security upgrade decisions being made with the information available, recognizing that planning and implementation adjustments would likely be necessary. They acknowledged that, as a result, some initial efforts suffered and some mistakes were made. GSA and agency staffs at GSA-controlled buildings had about 3.5 months after issuance of the DOJ report to do security assessments and develop upgrade cost estimates for several hundred level-IV buildings, and they had about 7 months to do the same for several thousand lower level buildings.

According to FPS staff and a member of the DOJ report task force from the U.S. Marshals Service, there was little time available to develop the desired level of implementing guidance and training for FPS staff and the thousands of BSCs. Further, they said that the ratio of GSA-operated buildings to FPS physical security specialists added to the difficulties. For example, in one GSA region, we were told that the region had responsibility for about 1,000 buildings but had only 15 FPS physical security specialists available to assist BSCs with the building risk assessments. Nationwide, a total of about 200 FPS physical security specialists were responsible for assisting in the assessment of over 8,000 GSA-operated buildings.

According to GSA, the speed with which these assessments and cost estimates had to be done caused errors that contributed to the need to reevaluate, change, cancel, and void a number of decisions on security upgrades. For example, some hurriedly approved upgrades had to be cancelled and voided or modified because of the effects that the planned upgrades would have had on the flow of people and vehicular traffic in and around the buildings or because of concerns raised by local governments or by others due to the historic nature of some of the buildings. As a result, GSA had to devise alternative security measures, which sometimes required additional funds.

Unreliable cost estimates: A number of the initial cost estimates for upgrades recorded in the tracking system proved unreliable. In an effort to determine how much money was available to complete approved upgrades and reallocate funds among its regions, GSA analyzed upgrade cost estimates versus the actual obligations required to complete the upgrades in many of its buildings, and it found that many of the initial cost estimates were unreliable. For example, the estimated costs in the tracking system of completed upgrades for a group of 98 buildings in 11 GSA regions were about $10.4 million, while the actual obligations to complete the upgrades recorded in the accounting system were about $29 million--that is, obligations to complete the upgrades were over $18 million more than the estimated costs of completing the upgrades. According to GSA, the initial cost estimates were made using the general guidance contained in the DOJ report. Although more accurate cost estimates were made as the upgrade implementation progressed, the upgrade tracking system was not designed to readily capture the revised cost estimates. Without more accurate cost estimates, GSA decisionmakers were not in the best position to judge the cost/benefit of various upgrade options or to reliably estimate funds needed to complete approved upgrades.

The unreliable cost estimates combined with the unreliability of the status and cost data in the upgrade tracking and accounting systems, the funding source uncertainties, the reduced level of staff, and the mistakes made due to program deadlines, as well as the sense of urgency by GSA to complete upgrades as quickly as possible hindered the implementation of the upgrade program. Thus, GSA was unable to fully meet program timetables established in the DOJ report and several upgrade implementation goals it had established internally. Further, because additional security upgrade requests were received in the last half of fiscal year 1997, and additional funds were needed to complete previously approved upgrades, GSA estimated in October 1997 that it would need about $7.8 million in additional funds in fiscal year 1998 to complete the upgrades approved as of September 26, 1997.

The DOJ report called for GSA to complete security assessments and upgrade cost estimates by October 15, 1995, for its high-risk (level-IV) buildings, and by February 1, 1996, for the remaining lower risk buildings (levels I through III). Level-V buildings were generally not included in GSA's building security upgrade program because the DOJ report recommended that agencies (usually those involved in national security issues) in these buildings secure the buildings according to their own requirements. Although the DOJ report did not specify goals for GSA's completion of the security upgrades, GSA established and subsequently revised internal goals for completing upgrades in all its buildings several times in 1996 and 1997.

GSA has indicated that it had met the goals established by the DOJ report for evaluating the security needs and estimating the costs of upgrades for all level-IV buildings: In November 1995, GSA told the Senate Subcommittee on Transportation and Infrastructure that, in accordance with the DOJ report's recommendation and the President's directive, it had established 429 level-IV building security committees, and it had received over 2,500 upgrade requests from these committees. Also, later that same month, GSA told OMB that $222.6 million would be needed in fiscal years 1996 and 1997 to pay for the upgrades in these 429 buildings.

However, we believe that GSA did not fully meet either goal specified in the DOJ report because (1) security evaluations were not made for some level-IV buildings until after November 1995 and (2) in October 1997, much later than the DOJ report's target dates of October 15, 1995, and February 1, 1996, we found indications that not all of GSA's buildings, including some level-IV buildings, had been evaluated for security needs. In addition, GSA reported to us that, by March 1996, the number of level-IV buildings had increased to over 700. GSA stated that the increase was partly caused by DOJ's request that GSA reclassify certain buildings containing court-related tenants from lower levels to level IV, and partly by additional level-IV BSCs' decisions to conduct building evaluations and provide GSA with upgrade requests after November 1995.

Concerning GSA's internal goals, GSA initially established a goal to have all security upgrades completed for level-IV buildings by September 30, 1996. When it didn't meet the September 30, 1996, goal, GSA established a new goal to have upgrades completed in all buildings, including level IVs, by September 30, 1997. This goal was not met either, and now GSA's goal is September 30, 1998, for completing all upgrades approved as of September 26, 1997. GSA's tracking system indicated that GSA had completed about 85 percent of the approved upgrades for all buildings as of October 3, 1997, and reached the 90-percent mark by March 31, 1998.

Information lacking on program goals, measures, and results: GSA did not have information to evaluate whether the benefits of the upgrades justified their costs, to determine the effectiveness of the security upgrades completed, or to know whether upgrades reported as completed were actually complete and operating as planned. GSA needs this information to justify expenditures for security upgrades and to make changes in its security program if and when appropriate. For example, Social Security Administration (SSA) officials expressed concern to GSA about certain security upgrades that GSA initially placed in some SSA-occupied buildings. SSA was concerned about both the need for and the costs of purchasing and operating the upgrade equipment. After negotiations, GSA removed some upgrades from some SSA locations.

Further, security-related evaluations, which GSA security staff were doing prior to the Oklahoma City bombing, were curtailed because these staff were needed to help implement the upgrade program, and at the time of our review, these evaluations hadn't been resumed.

In addition, GSA also hadn't fully implemented a key recommendation, from an internal "lessons learned" study done after the Oklahoma City bombing incident, to evaluate its current risk assessment methodology to ensure that a wider range of risks are addressed, with an increased emphasis on acts of mass violence. The principal conclusion of the October 1995 study was that GSA's security and law enforcement processes currently in place did not adequately address the threat environment.

In a related issue, the Government Performance and Results Act of 1993 (the Results Act) requires every major federal agency to establish its mission, its goals and how they will be achieved, how its performance toward meeting its goals will be measured, and how performance measures will be used to make improvements. In accordance with the Results Act, GSA established its strategic plan, dated September 30, 1997, covering years 1998 through 2002. GSA's building security program is specifically addressed in the 1997 plan and in its annual performance plan for fiscal year 1999. However, GSA did not identify in its strategic plan security program evaluations it plans to do, and the 1999 annual performance plan did not state its goals and indicators for the security program in terms of outcomes or desired results as is called for by OMB in Circular A-11. Finally, although GSA's data systems for tracking program status and funding had incorrect data, which hampered implementation, GSA has just recently initiated efforts to ensure security program measurement data would be valid in connection with the security-related performance goal included in its 1999 annual performance plan prepared under the Results Act.

Without more specific information on security program goals and results, GSA does not know the extent to which the upgrades have improved security or reduced federal office building vulnerability to acts of terrorism or other forms of violence. (For further details, see app. IV.)


We recommend that the GSA Administrator direct the PBS Commissioner to

-- correct the data in GSA's upgrade tracking and accounting systems and institute procedures to accurately record approved and completed upgrades in the upgrade tracking system and accurately record obligations incurred for security upgrades in the accounting system;

-- review all GSA buildings to ensure that security evaluations have been completed;

-- complete agreements with OMB on the most appropriate means of providing sufficient funding for the security of GSA-operated buildings at the minimum standard levels recommended by the DOJ report;

-- develop outcome-oriented goals and measures for its security program, identify security program evaluations to be done and implement them as appropriate, and identify the means by which FPS will verify and validate measurement data related to security program goals in GSA's annual performance plan for 2000; and

-- complete the internally recommended review of GSA's current security risk assessment methodology, and once the appropriate risk assessment methodology is determined, resume GSA's program of periodic building security inspections by GSA physical security specialists.


On May 27, 1998, we met with GSA's Public Buildings Service Deputy Commissioner and Assistant Commissioner, Office of the Federal Protective Service, and members of their staff to obtain their comments on the information discussed in a draft of our testimony. These GSA officials generally agreed with the information in the testimony and with our recommendations. The Deputy Commissioner stated though that he did not completely agree with our characterization that funding uncertainties hindered GSA's implementation of the building security upgrade program because GSA was able to fund virtually all of the upgrades requested by the building security committees. He pointed out that all required funding to accomplish security enhancements has been provided to the GSA regions. However, we believe that our characterization is appropriate because, as we have described, GSA faced uncertainties throughout much of the program about the source of funds to pay for the capital and operating costs of the upgrades. For example, GSA initially had to use funds to pay for upgrades that had been intended for other purposes. Further, as we have pointed out, early in the program GSA placed on hold proposed costly upgrades, such as the purchase of parking areas adjacent to GSA buildings, because of funding concerns. Thus, while some security upgrades were put on hold due to lack of funds, our major concern is the uncertain funding sources that have confronted the program from its inception.

In addition, the GSA officials stated that they have directed GSA regions to resume the periodic building inspection and risk assessment program placed on hold after the Oklahoma City bombing. They said that the inspections are to resume shortly, and inspections for all level-IV buildings are to be completed by the end of fiscal year 1998. Also, the GSA officials said that they have begun to correct the data in the upgrade tracking system and will consider developing outcome-oriented goals for the security program that will be described in GSA's Year 2000 annual performance plan. In addition, the GSA officials said that they have made substantial progress in discussions with OMB on adjusting agency rental charges to cover the cost of security, and they expect to reach agreement with OMB in time for the Year 2000 budget cycle.

- - - - -

Mr. Chairman, this concludes my prepared statement. I will be happy to answer any questions you or Members of the Subcommittee may have.