OCR of the Document

View the Document >>

United States Government Accountability Office, GAO Testimony Before the Subcommittees on government operations and information technology, committee on oversight and government reform, house of representatives. INFORMATION TECHNOLOGY: OBM and Agencies need to focus continued attention on implementing reform law, May 18 2016

United States Government Accountability Office Testimony Before the Subcommittees on Government Operations and Information Technology Committee on Oversight and Government Reform House of Representatives For Release on Delivery Expected at 2 00 p m ET Wednesday May 18 2016 INFORMATION TECHNOLOGY OMB and Agencies Need to Focus Continued Attention on Implementing Reform Law Statement of David A Powner Director Information Technology Management Issues GAO-16-672T May 18 2016 INFORMATION TECHNOLOGY OMB and Agencies Need to Focus Continued Attention on Implementing Reform Law Highlights of GAO-16-672T a testimony before the Subcommittees on Government Operations and Information Technology Committee on Oversight and Government Reform House of Representatives Why GAO Did This Study What GAO Found The federal government plans to invest more than $89 billion on IT in fiscal year 2017 Historically these investments have frequently failed incurred cost overruns and schedule slippages or contributed little to mission-related outcomes Accordingly in December 2014 IT reform legislation was enacted into law aimed at improving agencies’ acquisition of IT Further in February 2015 GAO added improving the management of IT acquisitions and operations to its high-risk list—a list of agencies and program areas that are high risk due to their vulnerabilities to fraud waste abuse and mismanagement or are most in need of transformation Between fiscal years 2010 and 2015 GAO made about 800 recommendations related to this highrisk area to OMB and agencies As of May 2016 about 33 percent of these had been implemented The Office of Management and Budget OMB and agencies have taken steps to improve federal information technology IT through a series of initiatives however additional actions are needed This statement primarily summarizes 1 GAO’s published work on data center consolidation and 2 GAO’s draft reports on the risk of major investments as reported on the IT Dashboard and the implementation of incremental development practices These draft reports with recommendations are currently with applicable agencies for comment What GAO Recommends GAO has previously made numerous recommendations to OMB and federal agencies to improve the oversight and execution of the data center consolidation initiative the accuracy and reliability of the IT Dashboard and incremental development policies Most agencies agreed with GAO’s recommendations or had no comment  Consolidating data centers In an effort to reduce the growing number of data centers OMB launched a consolidation initiative in 2010 GAO recently reported that agencies had closed 3 125 of the 10 584 total data centers and achieved $2 8 billion in cost savings and avoidances through fiscal year 2015 Agencies are planning a total of about $8 2 billion in savings and avoidances through fiscal year 2019 However these planned savings may be higher because 10 agencies had not fully developed their planned savings goals In addition agencies made limited progress against OMB’s fiscal year 2015 data center optimization performance targets such as the utilization of data center facilities GAO recommended that the agencies take action to complete their cost savings targets and improve optimization progress Most agencies agreed with the recommendations or had no comment  Enhancing transparency OMB’s IT Dashboard provides detailed information on major investments at federal agencies including ratings from Chief Information Officers CIO that should reflect the level of risk facing an investment In a draft report GAO’s assessments of the risk ratings showed more risk than the associated CIO ratings In particular of the 95 investments reviewed GAO’s assessments matched the CIO ratings 22 times showed more risk 60 times and showed less risk 13 times Several issues contributed to these differences such as ratings not being updated frequently In its draft report GAO is recommending that agencies improve the quality and frequency of their CIO ratings  Implementing incremental development An additional key reform initiated by OMB has emphasized the need to deliver investments in smaller parts or increments in order to reduce risk and deliver capabilities more quickly Since 2012 OMB has required investments to deliver functionality every 6 months In a draft report GAO determined that 22 agencies reported that 64 percent of 469 active software development projects had plans to deliver usable functionality every 6 months for fiscal year 2016 Further for seven selected agencies GAO identified significant differences in the percentage of software projects delivering every 6 months reported to GAO compared to what was reported on the IT Dashboard For example the percentage of software projects reported to GAO by the Department of Commerce decreased by about 42 percentage points from what was reported on the IT Dashboard These differences were due in part to agencies having different interpretations of OMB’s guidance on reporting software development projects In its draft report GAO is recommending that OMB and agencies improve the use of incremental development View GAO-16-672T For more information contact David A Powner at 202 512-9286 or pownerd@gao gov United States Government Accountability Office Letter Letter Chairmen Meadows and Hurd Ranking Members Connolly and Kelly and Members of the Subcommittees I am pleased to be here today to discuss our recent work related to the December 2014 information technology IT reform law commonly referred to as the Federal Information Technology Acquisition Reform Act or FITARA 1 As you know the effective and efficient acquisition and management of IT investments has been a long-standing challenge in the federal government In particular the federal government has spent billions of dollars on failed and poorly performing IT investments which often suffered from ineffective management Moreover spending on IT operations has been inefficient In light of these ongoing challenges in February 2015 we added improving the management of IT acquisitions and operations to our list of high-risk areas for the federal government 2 My statement today will primarily discuss our recently published work on data center consolidation and our draft reports with recommendations which are currently with applicable agencies for comment on the 1 risk of major investments as reported on the Office of Management and Budget’s OMB IT Dashboard and 2 implementation of incremental development practices A more detailed discussion of the objectives scope and methodology of this work is included in each of the reports that are cited throughout this statement 3 We conducted the work on which this statement is based in accordance with generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives We believe that the evidence obtained 1 Federal Information Technology Acquisition Reform provisions of the Carl Levin and Howard P ‘Buck’ McKeon National Defense Authorization Act for Fiscal Year 2015 Pub L No 113-291 div A title VIII subtitle D 128 Stat 3292 3438-3450 Dec 19 2014 2 GAO High-Risk Series An Update GAO-15-290 Washington D C Feb 11 2015 GAO maintains a high-risk program to focus attention on government operations that it identifies as high risk due to their greater vulnerabilities to fraud waste abuse and mismanagement or the need for transformation to address economy efficiency or effectiveness challenges 3 See the related GAO products page at the end of this statement for a list of the reports on which this testimony is based Page 1 GAO-16-672T provides a reasonable basis for our findings and conclusions based on our audit objectives Background The federal government plans to invest more than $89 billion on IT in fiscal year 2017 However as we have previously reported investments in federal IT too often result in failed projects that incur cost overruns and schedule slippages while contributing little to the mission-related outcome For example  The Department of Defense’s Expeditionary Combat Support System was canceled in December 2012 after spending more than a billion dollars and failing to deploy within 5 years of initially obligating funds 4  The Department of Homeland Security’s Secure Border Initiative Network program was ended in January 2011 after the department obligated more than $1 billion to the program because it did not meet cost-effectiveness and viability standards 5  The Department of Veterans Affairs’ Financial and Logistics Integrated Technology Enterprise program was intended to be delivered by 2014 at a total estimated cost of $609 million but was terminated in October 2011 due to challenges in managing the program 6  The Office of Personnel Management’s Retirement Systems Modernization program was canceled in February 2011 after 4 GAO DOD Financial Management Implementation Weaknesses in Army and Air Force Business Systems Could Jeopardize DOD’s Auditability Goals GAO-12-134 Washington D C Feb 28 2012 and DOD Business Transformation Improved Management Oversight of Business System Modernization Efforts Needed GAO-11-53 Washington D C Oct 7 2010 5 See for example GAO Secure Border Initiative DHS Needs to Strengthen Management and Oversight of Its Prime Contractor GAO-11-6 Washington D C Oct 18 2010 Secure Border Initiative DHS Needs to Reconsider Its Proposed Investment in Key Technology Program GAO-10-340 Washington D C May 5 2010 and Secure Border Initiative DHS Needs to Address Testing and Performance Limitations That Place Key Technology Program at Risk GAO-10-158 Washington D C Jan 29 2010 6 GAO Information Technology Actions Needed to Fully Establish Program Management Capability for VA's Financial and Logistics Initiative GAO-10-40 Washington D C Oct 26 2009 Page 2 GAO-16-672T spending approximately $231 million on the agency’s third attempt to automate the processing of federal employee retirement claims 7  The tri-agency8 National Polar-orbiting Operational Environmental Satellite System was stopped in February 2010 by the White House’s Office of Science and Technology Policy after the program spent 16 years and almost $5 billion 9  The Department of Veterans Affairs’ Scheduling Replacement Project was terminated in September 2009 after spending an estimated $127 million over 9 years 10 These and other failed IT projects often suffered from a lack of disciplined and effective management such as project planning requirements definition and program oversight and governance In many instances agencies had not consistently applied best practices that are critical to successfully acquiring IT investments Federal IT projects have also failed due to a lack of oversight and governance Executive-level governance and oversight across the government has often been ineffective specifically from chief information officers CIO For example we have reported that not all CIOs had the 7 See for example GAO Office of Personnel Management Retirement Modernization Planning and Management Shortcomings Need to Be Addressed GAO-09-529 Washington D C Apr 21 2009 and Office of Personnel Management Improvements Needed to Ensure Successful Retirement Systems Modernization GAO-08-345 Washington D C Jan 31 2008 8 The weather satellite program was managed by the National Oceanic and Atmospheric Administration the Department of Defense and the National Aeronautics and Space Administration 9 See for example GAO Polar-Orbiting Environmental Satellites With Costs Increasing and Data Continuity at Risk Improvements Needed in Tri-agency Decision Making GAO-09-564 Washington D C June 17 2009 and Environmental Satellites PolarOrbiting Satellite Acquisition Faces Delays Decisions Needed on Whether and How to Ensure Climate Data Continuity GAO-08-518 Washington D C May 16 2008 10 GAO Information Technology Management Improvements Are Essential to VA’s Second Effort to Replace Its Outpatient Scheduling System GAO-10-579 Washington D C May 27 2010 Page 3 GAO-16-672T authority to review and approve the entire agency IT portfolio and that CIOs’ authority was limited 11 Recent Law Can Improve Agencies’ Management of IT Recognizing the severity of issues related to government-wide management of IT FITARA was enacted in December 2014 The law holds promise for improving agencies’ acquisition of IT and enabling Congress to monitor agencies’ progress and hold them accountable for reducing duplication and achieving cost savings FITARA includes specific requirements related to seven areas  Federal data center consolidation initiative FDCCI Agencies are required to provide OMB with a data center inventory a strategy for consolidating and optimizing the data centers to include planned cost savings and quarterly updates on progress made The law also requires OMB to develop a goal for how much is to be saved through this initiative and provide annual reports on cost savings achieved  Enhanced transparency and improved risk management OMB and agencies are to make detailed information on federal IT investments publicly available and agency CIOs are to categorize their IT investments by risk Additionally in the case of major IT investments rated as high risk for 4 consecutive quarters the law requires that the agency CIO and the investment’s program manager conduct a review aimed at identifying and addressing the causes of the risk  Agency CIO authority enhancements 12 Agency CIOs are required to 1 approve the IT budget requests of their respective agencies 2 certify that IT investments are adequately implementing OMB’s incremental development guidance 3 review and approve contracts for IT and 4 approve the appointment of other agency employees with the title of CIO 11 GAO Federal Chief Information Officers Opportunities Exist to Improve Role in Information Technology Management GAO-11-634 Washington D C Sept 15 2011 12 The provisions apply to the agencies covered by the Chief Financial Officers Act of 1990 31 U S C § 901 b except that the Department of Defense is exempted from this and other activities Page 4 GAO-16-672T  Portfolio review Agencies are to annually review IT investment portfolios in order to among other things increase efficiency and effectiveness and identify potential waste and duplication In developing the associated process the law requires OMB to develop standardized performance metrics to include cost savings and to submit quarterly reports to Congress on cost savings  Expansion of training and use of IT acquisition cadres Agencies are to update their acquisition human capital plans to address supporting the timely and effective acquisition of IT In doing so the law calls for agencies to consider among other things establishing IT acquisition cadres or developing agreements with other agencies that have such cadres  Government-wide software purchasing program The General Services Administration is to develop a strategic sourcing initiative to enhance government-wide acquisition and management of software In doing so the law requires that to the maximum extent practicable the General Services Administration should allow for the purchase of a software license agreement that is available for use by all Executive Branch agencies as a single user  Maximizing the benefit of the federal strategic sourcing initiative Federal agencies are required to compare their purchases of services and supplies to what is offered under the Federal Strategic Sourcing initiative OMB is also required to issue related regulations In June 2015 OMB released guidance describing how agencies are to implement the law 13 OMB’s guidance states that it is intended to among other things  assist agencies in aligning their IT resources to statutory requirements  establish government-wide IT management controls that will meet the law’s requirements while providing agencies with flexibility to adapt to unique agency processes and requirements 13 OMB Management and Oversight of Information Technology Memorandum M-15-14 Washington D C June 10 2015 Page 5 GAO-16-672T  clarify the CIO’s role and strengthen the relationship between agency CIOs and bureau CIOs and  strengthen CIO accountability for IT cost schedule performance and security The guidance includes several actions agencies are to take to establish a basic set of roles and responsibilities referred to as the “common baseline” for CIOs and other senior agency officials that are needed to implement the authorities described in the law For example agencies were required to conduct a self-assessment and submit a plan describing the changes they will make to ensure that common baseline responsibilities are implemented Agencies were to submit their plans to OMB’s Office of E-Government and Information Technology by August 15 2015 and make portions of the plans publicly available on agency websites no later than 30 days after OMB approval As of May 2016 22 of the 24 Chief Financial Officers Act agencies had made their plans publicly available In addition OMB recently released proposed guidance for public comment on the optimization of federal data centers and implementation of FITARA’s data center consolidation and optimization provisions 14 Among other things the proposed guidance instructs agencies to maintain complete inventories of all data center facilities owned operated or maintained by or on behalf of the agency develop cost savings targets due to consolidation and optimization for fiscal years 2016 through 2018 and report any actual realized cost savings and measure progress toward defined performance metrics including server utilization on a quarterly basis as part of their data center inventory submissions The proposed guidance also directs agencies to develop a data center consolidation and optimization strategic plan that defines the agency’s data center strategy for the subsequent 3 years This strategy is to include a timeline for agency consolidation and optimization activities with an emphasis on cost savings and optimization performance benchmarks the agency can achieve between fiscal years 2016 and 2018 Finally the proposed guidance indicates that OMB will maintain a public dashboard 14 OMB Data Center Optimization Initiative DCOI accessed April 28 2016 https datacenters cio gov OMB sought feedback and suggestions on the proposed guidance through April 1 2016 Page 6 GAO-16-672T that will display consolidation-related costs savings and optimization performance information for the agencies IT Acquisitions and Operations Identified by GAO as a High Risk Area In February 2015 we introduced a new government-wide high-risk area Improving the Management of IT Acquisitions and Operations 15 This area highlights several critical IT initiatives in need of additional congressional oversight including reviews of troubled projects an emphasis on incremental development a key transparency website reviews of agencies’ operational investments data center consolidation and efforts to streamline agencies’ portfolios of IT investments We noted that implementation of these initiatives has been inconsistent and more work remains to demonstrate progress in achieving IT acquisition outcomes Further in our February 2015 high-risk report we identified actions that OMB and the agencies need to take to make progress in this area These include implementing FITARA as well as implementing our previous recommendations such as developing comprehensive inventories of federal agencies’ software licenses As noted in that report we have made multiple recommendations to improve agencies’ management of IT acquisitions and operations many of which are discussed later in this statement Between fiscal years 2010 and 2015 we made approximately 800 such recommendations to OMB and federal agencies As of May 2016 about 33 percent of these recommendations had been implemented Also in our high risk report we stated that OMB and agencies will need to demonstrate measurable government-wide progress in the following key areas  implement at least 80 percent of GAO’s recommendations related to the management of IT acquisitions and operations within 4 years  ensure that a minimum of 80 percent of the government’s major acquisitions deliver functionality every 12 months and 15 GAO-15-290 Page 7 GAO-16-672T  Implementation of IT Reform Law Needed to Improve Performance of Key Initiatives achieve no less than 80 percent of the planned PortfolioStat16 savings and 80 percent of the planned savings for data center consolidation One of the key initiatives to implement FITARA is data center consolidation OMB established FDCCI in February 2010 to improve the efficiency performance and environmental footprint of federal data center activities In a series of reports over the past 5 years we determined that while data center consolidation could potentially save the federal government billions of dollars weaknesses existed in several areas including agencies’ data center consolidation plans and OMB’s tracking and reporting on cost savings 17 In total we have made 111 recommendations to OMB and agencies to improve the execution and oversight of the initiative Most agencies agreed with our recommendations or had no comment Most recently in March 2016 we reported18 that the 24 departments and agencies 19 participating in FDCCI collectively made progress on their data 16 Launched by OMB in March 2012 PortfolioStat requires agencies to conduct an annual agency-wide IT portfolio review to among other things reduce commodity IT spending and demonstrate how its IT investments align with the agency’s mission and business functions For more information see OMB Implementing PortfolioStat Memorandum M12-10 Washington D C Mar 30 2012 17 GAO Data Center Consolidation Reporting Can Be Improved to Reflect Substantial Planned Savings GAO-14-713 Washington D C Sept 25 2014 Data Center Consolidation Strengthened Oversight Needed to Achieve Cost Savings Goal GAO-13-378 Washington D C Apr 23 2013 Data Center Consolidation Agencies Making Progress on Efforts but Inventories and Plans Need to Be Completed GAO-12-742 Washington D C July 19 2012 and Data Center Consolidation Agencies Need to Complete Inventories and Plans to Achieve Expected Savings GAO-11-565 Washington D C July 19 2011 18 GAO Data Center Consolidation Agencies Making Progress but Planned Savings Goals Need to Be Established Reissued on March 4 2016 GAO-16-323 Washington D C Mar 3 2016 19 The 24 agencies that FITARA requires to participate in FDCCI are the Departments of Agriculture Commerce Defense Education Energy Health and Human Services Homeland Security Housing and Urban Development the Interior Justice Labor State Transportation the Treasury and Veterans Affairs the Environmental Protection Agency General Services Administration National Aeronautics and Space Administration National Science Foundation Nuclear Regulatory Commission Office of Personnel Management Small Business Administration Social Security Administration and U S Agency for International Development Page 8 GAO-16-672T center closure efforts Specifically as of November 2015 agencies had identified a total of 10 584 data centers of which they reported closing 3 125 through fiscal year 2015 Notably the Departments of Agriculture Defense the Interior and the Treasury accounted for 84 percent of these total closures Agencies are also planning to close an additional 2 078 data centers—for a total of 5 203—by the end of fiscal year 2019 See figure 1 for a summary of agencies’ total data centers and reported and planned closures Figure 1 Agencies’ Total Data Centers and Completed and Planned Closures fiscal years 2010 through 2019 as of November 2015 In addition we reported that 19 of the 24 agencies reported achieving an estimated $2 8 billion in cost savings and avoidances from their data center consolidation and optimization efforts from fiscal years 2011 to 2015 Notably the Departments of Commerce Defense Homeland Security and the Treasury accounted for about $2 4 billion or about 86 percent of the total Further 21 agencies collectively reported planning an additional $5 4 billion in cost savings and avoidances for a total of approximately $8 2 billion through fiscal year 2019 See figure 2 for a summary of agencies’ reported achieved and planned cost savings and avoidances from fiscal years 2011 through 2019 Page 9 GAO-16-672T Figure 2 Agency-reported Data Center Consolidation Cost Savings and Avoidances dollars in billions However we noted that planned savings may be higher because 10 of the 21 agencies that reported planned closures from fiscal years 2016 through 2018 have not fully developed their cost savings and avoidance goals for these fiscal years 20 Agencies provided varied reasons for not having this information including that they were in the process of reevaluating their data center consolidation strategies as well as facing other challenges in determining such information We noted that the reporting of planned savings goals is increasingly important considering the enactment of FITARA which requires agencies to develop yearly calculations of cost savings as part of their multi-year strategies to consolidate and optimize their data centers We concluded that until agencies address their challenges and complete and report such information the $8 2 billion in total savings and avoidances may be 20 These 10 agencies are the Departments of the Interior State Transportation and the Treasury the Environmental Protection Agency National Aeronautics and Space Administration National Science Foundation Nuclear Regulatory Commission Office of Personnel Management and Small Business Administration Page 10 GAO-16-672T understated and agencies will not be able to satisfy the data center consolidation strategy provisions of FITARA Finally we reported that agencies made limited progress against OMB’s fiscal year 2015 core data center optimization performance metrics 21 In total 22 of the 24 agencies reported data center optimization information to OMB 22 However of the nine metrics with targets only one—full-time equivalent ratio a measure of data center labor efficiency —was met by half of the 24 agencies while the remaining eight were each met by less than half of the agencies See figure 3 for a summary of agencies’ progress against OMB’s data center optimization metric targets Figure 3 Agencies’ Progress against OMB Data Center Optimization Metric Targets 21 In May 2014 OMB issued a set of metrics to measure the extent to which agencies’ data centers are optimized in areas such as data center energy labor and storage For more information see OMB Fiscal Year 2014 PortfolioStat Memorandum M-14-08 Washington D C May 7 2014 22 Two agencies—the National Science Foundation and the Small Business Administration—do not have any reported core data centers in their inventories and therefore do not have a basis to measure and report optimization progress Page 11 GAO-16-672T Agencies reported a variety of challenges in meeting OMB’s data center optimization targets such as the decentralized nature of their agencies making consolidation and optimization efforts more difficult We noted that addressing this challenge and others is increasingly important in light of the enactment of FITARA which requires agencies to measure and report progress in meeting data center optimization performance metrics We concluded that until agencies take action to improve progress against OMB’s data center optimization metrics including addressing any challenges identified they could be hindered in the implementation of the data center consolidation provisions of FITARA and in making initiativewide progress against OMB’s optimization targets To better ensure that federal data center consolidation and optimization efforts improve governmental efficiency and achieve cost savings we recommended that 10 agencies23 take action to complete their planned data center cost savings and avoidance targets for fiscal years 2016 through 2018 We also recommended that 22 agencies24 take action to improve optimization progress including addressing any identified challenges Fourteen agencies agreed with our recommendations 4 did not state whether they agreed or disagreed and 6 stated that they had no comments Risks Need to Be Fully Considered When Agencies Rate Their Major Investments on OMB’s IT Dashboard To facilitate transparency across the government in acquiring and managing IT investments OMB established a public website—the IT Dashboard—to provide detailed information on major investments at 26 agencies including ratings of their performance against cost and schedule targets Among other things agencies are to submit ratings from their CIOs which according to OMB’s instructions should reflect the level of risk facing an investment relative to that investment’s ability to 23 These 10 agencies are the Departments of the Interior State Transportation and the Treasury the Environmental Protection Agency National Aeronautics and Space Administration National Science Foundation Nuclear Regulatory Commission Office of Personnel Management and Small Business Administration 24 These 22 agencies are the Departments of Agriculture Commerce Defense Education Energy Health and Human Services Homeland Security Housing and Urban Development the Interior Justice Labor State Transportation the Treasury and Veterans Affairs the Environmental Protection Agency General Services Administration National Aeronautics and Space Administration Nuclear Regulatory Commission Office of Personnel Management Social Security Administration and U S Agency for International Development Page 12 GAO-16-672T accomplish its goals In this regard FITARA includes a requirement for CIO’s to categorize their major IT investment risks in accordance with OMB guidance 25 Over the past 6 years we have issued a series of reports about the IT Dashboard that noted both significant steps OMB has taken to enhance the oversight transparency and accountability of federal IT investments by creating its IT Dashboard as well as issues with the accuracy and reliability of data 26 In total we have made 22 recommendations to OMB and federal agencies to help improve the accuracy and reliability of the information on the IT Dashboard and to increase its availability Most agencies agreed with our recommendations or had no comment Most recently as part of our ongoing work we determined that agencies had not fully considered risks when rating their major investments on the IT Dashboard Specifically our assessment of 95 investments at 15 agencies 27 matched the CIO ratings posted on the Dashboard 22 times showed more risk 60 times and showed less risk 13 times Figure 4 summarizes how our assessments compared to the select investments’ CIO ratings 25 40 U S C § 11302 c 3 C 26 GAO IT Dashboard Agencies Are Managing Investment Risk but Related Ratings Need to Be More Accurate and Available GAO-14-64 Washington D C Dec 12 2013 Information Technology Dashboard Opportunities Exist to Improve Transparency and Oversight of Investment Risk at Select Agencies GAO-13-98 Washington D C Oct 16 2012 IT Dashboard Accuracy Has Improved and Additional Efforts Are Under Way to Better Inform Decision Making GAO-12-210 Washington D C Nov 7 2011 Information Technology OMB Has Made Improvements to Its Dashboard but Further Work Is Needed by Agencies and OMB to Ensure Data Accuracy GAO-11-262 Washington D C Mar 15 2011 and Information Technology OMB’s Dashboard Has Increased Transparency and Oversight but Improvements Needed GAO-10-701 Washington D C July 16 2010 27 The 15 selected agencies were the Departments of Agriculture Commerce Defense Education Energy Health and Human Services Homeland Security the Interior Labor State Transportation the Treasury and Veterans Affairs the Environmental Protection Agency General Services Administration Social Security Administration and Office of Personnel Management Page 13 GAO-16-672T Figure 4 Comparison of Selected Investments’ April 2015 CIO Rating to GAO’s Assessments Aside from the inherently judgmental nature of risk ratings we identified three factors which contributed to differences between our assessments and CIO ratings  Forty-one of the 95 CIO ratings were not updated during the month we reviewed which led to more differences between our assessments and the CIOs’ ratings This underscores the importance of frequent rating updates which help to ensure that the information on the Dashboard is timely and accurately reflects recent changes to investment status  Three agencies’ rating processes span longer than 1 month Longer processes mean that CIO ratings are based upon older data and may not reflect the current level of investment risk  Seven agencies’ rating processes did not focus on active risks According to OMB’s guidance CIO ratings should reflect the CIO’s assessment of the risk and the investment’s ability to accomplish its goals CIO ratings that do no incorporate active risks increase the chance that ratings overstate the likelihood of investment success As a result we concluded that the associated risk rating processes used by the agencies were generally understating the level of an investment’s risk raising the likelihood that critical federal investments in IT are not receiving the appropriate levels of oversight To better ensure that the Dashboard ratings more accurately reflect risk we are recommending in our draft report which is with the applicable agencies for comment that Page 14 GAO-16-672T 15 agencies 28 take actions to improve the quality and frequency of their CIO ratings Agencies Need to Increase Their Use of Incremental Development Practices OMB has emphasized the need to deliver investments in smaller parts or increments in order to reduce risk deliver capabilities more quickly and facilitate the adoption of emerging technologies In 2010 it called for agencies’ major investments to deliver functionality every 12 months and since 2012 every 6 months Subsequently FITARA codified a requirement that agency CIO’s certify that IT investments are adequately implementing OMB’s incremental development guidance 29 In May 2014 we reported30 that almost three-quarters of selected investments at five major agencies31 did not plan to deliver capabilities in 6-month cycles and less than half planned to deliver functionality in 12month cycles We also reported that most of the five agencies reviewed had incomplete incremental development policies Accordingly we recommended that OMB develop and issue clearer guidance on incremental development and that selected agencies update and implement their associated policies Most agencies agreed with our recommendations or had no comment More recently as part of our ongoing work we determined that agencies had not fully implemented incremental development practices for their software development projects Specifically as of August 31 2015 on 28 These 15 agencies are the Departments of Agriculture Commerce Defense Education Energy Health and Human Services Homeland Security the Interior State Transportation the Treasury and Veterans Affairs the Environmental Protection Agency Office of Personnel Management and Social Security Administration 29 40 U S C § 11319 b 1 B ii 30 GAO Information Technology Agencies Need to Establish and Implement Incremental Development Policies GAO-14-361 Washington D C May 1 2014 31 These five agencies are the Departments of Defense Health and Human Services Homeland Security Transportation and Veterans Affairs Page 15 GAO-16-672T the IT Dashboard 22 federal agencies32 reported that 300 of 469 active software development projects approximately 64 percent were planning to deliver usable functionality every 6 months for fiscal year 2016 as required by OMB guidance Regarding the remaining 169 projects or 36 percent that were reported as not planning to deliver functionality every 6 months agencies provided a variety of explanations for not achieving that goal including project complexity the lack of an established project release schedule or that the project was not a software development project Table 1 lists the total number and percent of software development projects that agencies reported plans to deliver functionality from highest to lowest 32 These 22 agencies are the Departments of Agriculture Commerce Defense Education Energy Health and Human Services Homeland Security Housing and Urban Development the Interior Justice Labor State Transportation the Treasury and Veterans Affairs the Environmental Protection Agency General Services Administration National Archives and Records Administration Office of Personnel Management Small Business Administration Social Security Administration and U S Agency for International Development Page 16 GAO-16-672T Table 1 Federal Agency Software Development Projects’ Plans to Deliver Functionality Every 6 Months for Fiscal Year 2016 as Reported on the IT Dashboard Number of major IT investments Agency Department of Veterans Affairs Number of projects Number of projects associated with planning delivery of Percent planning investments release every 6 months release every 6 months 10 95 95 100% Department of Commerce 9 84 78 93% Department of Health and Human Services 18 48 42 88% Department of Education 12 14 11 79% Department of the Treasury 12 28 18 64% Department of Homeland Security 13 23 13 57% Social Security Administration 9 24 12 50% Department of Transportation 20 60 5 8% Department of Defense 36 51 4 8% a All other federal agencies Total 30 42 22 52% 169 469 300 64% Source GAO analysis of Federal IT Dashboard data as of August 31 2015 I GAO-16-672T a Thirteen additional departments and agencies had at least one major IT investment and a total of 20 or fewer projects These agencies have been totaled together because calculating a percent of functionality delivered for a small number of projects does not provide a reliable figure In reviewing seven selected agencies’33 software development projects we determined that the percentage delivering functionality every 6 months was reported at 45 percent for fiscal year 2015 and planned for 54 percent in fiscal year 2016 However significant differences existed between the delivery rates that the agencies reported to us and what they reported on the IT Dashboard For example the percentage of software projects delivering every 6 months that was reported to us by the Department of Commerce decreased by about 42 percentage points from what was reported on the IT Dashboard In contrast the Department of Defense reported a 55 percentage point increase from what was reported on the IT Dashboard Figure 5 compares what the seven agencies reported on the IT Dashboard and the numbers they reported to us 33 These seven agencies are the Departments of Commerce Defense Education Health and Human Services Homeland Security Transportation and the Treasury Page 17 GAO-16-672T Figure 5 Comparison of Software Development Projects’ Percentage of Planned Delivery Every 6 Months Reported on the IT Dashboard and to GAO for Fiscal Year 2016 a The Department of Defense did not provide requested information in time to verify the information reported for a sample of projects We determined that the significant differences in delivery rates were due in part to agencies having different interpretations of OMB’s guidance on reporting software development projects and because the information reported to us was generally more current than the information reported on the IT Dashboard We concluded that until the inconsistences in the information reported to us versus the information provided on the IT Dashboard are addressed the seven agencies we reviewed are at risk that OMB and key stakeholders may make decisions regarding agency investments without the most current and accurate information Finally nearly all of the seven agencies we reviewed had not yet implemented the FITARA requirement related to certifying that major IT investments are adequately implementing OMB’s incremental development guidance Specifically only one agency—the Department of Homeland Security—had processes and policies to ensure that the CIO Page 18 GAO-16-672T will certify that major IT investments are adequately implementing incremental development while the remaining six agencies had not established such processes and policies Officials from most of these six agencies reported they were in the process of updating their existing incremental development policies to address certification To improve the use of incremental development we are recommending in our draft report which is with the applicable agencies for comment that agencies take action to update their policies for incremental development and IT Dashboard project information 34 We are also recommending that OMB provide clarifying guidance on what IT investments are required to use incremental development and for reporting on projects that are not subject to these requirements In summary with the recent enactment of FITARA the federal government has an opportunity to improve the transparency and management of IT acquisition and operations and strengthen the authority of CIOs to provide needed direction and oversight However improvements are needed in several critical IT initiatives including data center consolidation efforts to increase transparency via OMB’s IT Dashboard and incremental development—all of which are related to provisions of FITARA Accordingly OMB and federal agencies should expeditiously implement the requirements of the new IT reform law and continue to implement our previous recommendations To help ensure that these improvements are achieved continued congressional oversight of OMB’s and agencies’ implementation efforts is essential Chairmen Meadows and Hurd Ranking Members Connolly and Kelly and Members of the Subcommittees this completes my prepared statement I would be pleased to respond to any questions that you may have at this time 34 More specifically we recommended that the Departments of Commerce Defense Education Health and Human Services Transportation and the Treasury update their policies We also recommended that in addition to those agencies the Department of Homeland Security update IT Dashboard project information Page 19 GAO-16-672T GAO Contacts and Staff Acknowledgments If you or your staffs have any questions about this testimony please contact me at 202 512-9286 or at pownerd@gao gov Individuals who made key contributions to this testimony are Dave Hinchman Assistant Director Justin Booth Chris Businsky Rebecca Eyler Linda Kochersberger and Jon Ticehurst Page 20 GAO-16-672T Related GAO Products Related GAO Products Data Center Consolidation Agencies Making Progress but Planned Savings Goals Need to Be Established Reissued on March 4 2016 GAO-16-323 Washington D C March 3 2016 High-Risk Series An Update GAO-15-290 Washington D C February 11 2015 Data Center Consolidation Reporting Can Be Improved to Reflect Substantial Planned Savings GAO-14-713 Washington D C September 25 2014 Information Technology Agencies Need to Establish and Implement Incremental Development Policies GAO-14-361 Washington D C May 1 2014 IT Dashboard Agencies Are Managing Investment Risk but Related Ratings Need to Be More Accurate and Available GAO-14-64 Washington D C December 12 2013 Data Center Consolidation Strengthened Oversight Needed to Achieve Cost Savings Goal GAO-13-378 Washington D C April 23 2013 Information Technology Dashboard Opportunities Exist to Improve Transparency and Oversight of Investment Risk at Select Agencies GAO-13-98 Washington D C October 16 2012 Data Center Consolidation Agencies Making Progress on Efforts but Inventories and Plans Need to Be Completed GAO-12-742 Washington D C July 19 2012 IT Dashboard Accuracy Has Improved and Additional Efforts Are Under Way to Better Inform Decision Making GAO-12-210 Washington D C November 7 2011 Data Center Consolidation Agencies Need to Complete Inventories and Plans to Achieve Expected Savings GAO-11-565 Washington D C July 19 2011 Federal Chief Information Officers Opportunities Exist to Improve Role in Information Technology Management GAO-11-634 Washington D C September 15 2011 Page 21 GAO-16-672T Related GAO Products Information Technology OMB Has Made Improvements to Its Dashboard but Further Work Is Needed by Agencies and OMB to Ensure Data Accuracy GAO-11-262 Washington D C March 15 2011 Information Technology OMB’s Dashboard Has Increased Transparency and Oversight but Improvements Needed GAO-10-701 Washington D C July 16 2010 100855 Page 22 GAO-16-672T This is a work of the U S government and is not subject to copyright protection in the United States The published product may be reproduced and distributed in its entirety without further permission from GAO However because this work may contain copyrighted images or other material permission from the copyright holder may be necessary if you wish to reproduce this material separately GAO’s Mission The Government Accountability Office the audit evaluation and investigative arm of Congress exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people GAO examines the use of public funds evaluates federal programs and policies and provides analyses recommendations and other assistance to help Congress make informed oversight policy and funding decisions GAO’s commitment to good government is reflected in its core values of accountability integrity and reliability Obtaining Copies of GAO Reports and Testimony The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website http www gao gov Each weekday afternoon GAO posts on its website newly released reports testimony and correspondence To have GAO e-mail you a list of newly posted products go to http www gao gov and select “E-mail Updates ” Order by Phone The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white Pricing and ordering information is posted on GAO’s website http www gao gov ordering htm Place orders by calling 202 512-6000 toll free 866 801-7077 or TDD 202 512-2537 Orders may be paid for using American Express Discover Card MasterCard Visa check or money order Call for additional information Connect with GAO Connect with GAO on Facebook Flickr Twitter and YouTube Subscribe to our RSS Feeds or E-mail Updates Listen to our Podcasts and read The Watchblog Visit GAO on the web at www gao gov To Report Fraud Waste and Abuse in Federal Programs Contact Website http www gao gov fraudnet fraudnet htm E-mail fraudnet@gao gov Automated answering system 800 424-5454 or 202 512-7470 Congressional Relations Katherine Siggerud Managing Director siggerudk@gao gov 202 5124400 U S Government Accountability Office 441 G Street NW Room 7125 Washington DC 20548 Public Affairs Chuck Young Managing Director youngc1@gao gov 202 512-4800 U S Government Accountability Office 441 G Street NW Room 7149 Washington DC 20548 Please Print on Recycled Paper