Here's an expert's evaluation of the testing and certification process for voting systems.

While the federal government is encouraging the states to switch to computerized voting, it is providing no technical guidance and a certification process that is "virtually non-existent."

Testimony of Michael I. Shamos Before the Environment, Technology, and Standards Subcommittee of the U.S. House of Representatives’ Committee on Science. June 24, 2004

Excerpts (highlighting added):

I am here today to offer my opinion that the system we have for testing and certifying voting equipment in this country is not only broken, but is virtually nonexistent.

For example, one of the principal election security worries is the possibility of a computer virus infecting a voting system. Yet the FVSS place virus responsibility on the voting system vendor and do not provide for any testing by the Independent Testing Authority (ITA).
. . .
Even if there were suitable standards, it is a significant question how to assure the public that a particular machine meets them. The current process of qualification testing by Independent Testing Authorities certified by the National Association of State Election Directors (NASED) is dysfunctional. As proof I need only cite the fact that the voting systems about which security concerns have recently been raised, such as Diebold Accuvote, were all ITA-qualified. Some of these systems contain security holes so severe that one wonders what the ITA was looking for during its testing.
. . .
A further examination, called certification, is needed to learn whether the machine can actually be used in a given state. Even a certified machine may fail to function when purchased unless it is tested thoroughly on delivery, a form of evaluation known as acceptance testing. I am not aware of any state that makes such testing a statutory requirement.
. . .
Assuming that the machines operate properly when delivered, there is no assurance that they will be stored, maintained, transported or set up properly so they work on Election Day. While many states provide for pre-election testing of machines, in the event of a large-scale failure they can find themselves without enough working machines to conduct an election.
. . .
The machines may work according to specification but if they have not been loaded with the appropriate set of ballot styles to be used in a polling place they will be completely ineffective. The process of verifying ballot styles is left to representatives of the political parties, who may have little interest in the correctness of non-partisan races and issues.
. . .
In this whole discussion we have ignored the matter of where the software used in the machine comes from. It may have worked when delivered by the vendor but may have been modified or substituted, either deliberately or innocently, by persons known or unknown. We need a central repository for election software to which candidates and the public has continuous access, so it may be known and verified exactly what software was used to present the ballot and tabulate the results.
. . .
The existence of Federal standards and ITAs has actually had a counterproductive effect. Many states that formerly had statutory certification procedures have abdicated them in favor of requiring no more from a vendor than an ITA qualification letter, and in some cases even less. Alabama, for example, requires no certification at all but relies on a written guarantee by the vendor that its system satisfies the state’s requirements. My own state, Pennsylvania, abandoned certification in 2002 because it believed the ITA process was sufficient. We are less safe in 2004 than we were 20 years ago.
. . .
What can be done to improve these processes before the 2004 election?
. . .
I do not believe that Congress can act meaningfully in the 130 days that remain before the 2004 election. Even if it could, the states would be powerless to comply in so short a time.

Computers magnify human error.
Hand counting ballots is vulnerable to local error and fraud.
Computer counting is vulnerable to wide-scale error and fraud.

