GAO: Better oversight of federal agency IT needed

Federal agencies have failed to adequately assess whether billions of dollars invested in major IT projects will keep those projects on track to meet agency needs, according to a report from the Government Accountability Office (GAO).

The GAO requires annual operational analyses (OAs) for 17 key factors, including cost, schedule, customer satisfaction and innovation, for the performance of investments in operations and maintenance.

Of the $79 billion federal agencies budgeted for IT in 2011, $54 billion (about 69 percent) was reported to have been spent on the operations and maintenance of existing legacy IT systems—commonly referred to as steady state investments. “Given the size and magnitude of these investments, it is essential that agencies effectively manage them to ensure they continue to meet agency needs,” according to a summary on the GAO website.

To determine how well federal agencies are analyzing the performance of steady state investments in accordance with Office of Management and Budget (OMB) guidance, GAO selected five agencies, the Departments of Defense (DoD), Health and Human Services (HHS), Homeland Security (DHS), Treasury and Veterans Affairs (VA), which reported spending $4.6 billion annually on major steady state investments. GAO compared their fiscal year 2011 OAs to OMB criteria. GAO also analyzed documents and interviewed agency officials regarding any variances as well as their causes.

DHS and HHS developed a policy which included all OMB assessment factors and performed OAs. However, according to GAO, they did not include all investments and key factors. In particular, DHS analyzed 16 of its 44 steady state investments, meaning 28 investments with annual budgets totaling $1 billion were not analyzed; HHS analyzed 7 of its 8 steady state investments. For OAs performed by DHS and HHS, both fully addressed approximately half of the key factors.

With regard to the DHS and HHS investments that did not undergo an analysis or were not fully assessed against key factors, agency officials said this was due in part to program officials inconsistently applying OMB and agency guidance in conducting OAs and that OAs were not a priority. DHS and HHS have recently begun to take action to make OAs a priority and improve consistency. For example, DHS's chief information officer recently issued a directive requiring all steady state IT investments to conduct analyses annually and plans to assign staff in the office of the chief information officer to review them to ensure they are complete.

The DOD, Treasury and VA did not develop a policy and did not perform analyses on their 23 major steady state investments with annual budgets totaling $2.1 billion. DOD and VA officials said that they did not have a policy or perform analyses because they measure the performance of steady state investments via development of plans and business cases submitted to OMB (called exhibit 300s) as part of the budget process. While these can be helpful in managing performance and do address aspects of the 17 key factors, they do not address 11 of the key factors. For example, the exhibit 300 does not address reviewing strategic business results and making recommendations to modify or terminate an investment. Treasury officials stated that they did not to perform OAs in 2011 and instead decided to use the time to develop a policy. However, the officials stated they did not anticipate the policy to be completed until the end of this calendar year.

Overall, these five agencies have steady state investments with a fiscal year 2011 budget of more than $3 billion which have not undergone needed analyses. While OMB requires agencies to perform OAs, its existing guidance does not provide mechanisms that ensure the OAs are completed and allow public transparency into the results of the assessments. Until agencies address these shortcomings, there is increased risk that these agencies will not know whether the multibillion dollar investments fully meet their intended objectives.

GAO is recommending that DOD, Treasury and VA develop an OA policy and conduct annual OAs; and that DHS and HHS ensure OAs are being performed for all investments and that all factors are fully assessed. GAO also is recommending that OMB revise its guidance to incorporate mechanisms to ensure OAs are completed and provide for increased transparency. In commenting on a draft of this report, OMB and the five agencies GAO reviewed agreed with its content and recommendations.