Some Agencies Yet to Implement IT Oversight Reforms, GAO Reports

This week the Government Accountability Office (GAO) released a report on federal agencies’ implementation of information technology (IT) reforms that require closer oversight from Chief Information Officers (CIOs) of their respective agency’s software development projects.

In response to years of major waste and mismanagement of IT investments, about which the Project On Government Oversight has previously reported, the federal government passed the Federal Information Technology Acquisition Reform Act (FITARA) as part of the National Defense Authorization Act for fiscal year 2015. The bill requires federal agencies to switch from a traditional waterfall software development approach, which has a long time frame and a broad scope, to an incremental approach, which divides an investment into smaller parts with shorter time frames. By establishing incremental development as the standard, FITARA increases the likelihood that potential problems in projects will be caught and corrected sooner, ensuring less waste. The bill also calls on the Office of Management and Budget (OMB) to require an agency’s Chief Information Officer (CIO) to certify major investments are being incrementally developed and to clearly report on the certification process.

In the past, agencies have invested years and millions—or even billions—of taxpayer dollars into a project just to cancel it or end up with a system that performs well below projected productivity. The GAO report points to examples such as the 2012 cancelation of the billion-dollar Department of Defense (DoD) Expeditionary Combat Support System after DoD had spent more than five years on the project, and the Farm Service Agency’s endeavor to replace aging hardware and software applications that, ten years and $423 million dollars later, only delivered about 20 percent of planned functionality.

Since 2015 the management of IT acquisitions and operations has been on GAO’s “high-risk list,” a list of agencies and areas that have a higher potential for fraud, waste, abuse, and mismanagement. This “high risk” classification highlights the importance of properly implementing FITARA reporting and certification standards to foster accountability and transparency.

While FITARA is a step in the right direction, there is still a ways to go. This week’s GAO report shed light on the implementation of FITARA reforms: only 4 of the 24 federal agencies GAO reviewed (the Departments of Commerce, Energy, Homeland Security, and Transportation) had clearly defined processes and policies for certification by the CIO. Eleven agencies had policies that were not clear or detailed enough, and 9 had no policy at all. Furthermore, as of August 2016, across the participating agencies only 62 percent of investments were certified by the CIO.

The GAO report implies this outcome is at least partially because of a lack of clarity in OMB guidelines for how agencies should report CIO certifications. GAO emphasizes the “critical” nature of “a clear and consistent approach for agencies to follow.” OMB has responded to GAO’s concerns by issuing a new guidance this year for fiscal year 2019 with more specific guidelines. GAO felt the updated guidance was a “key improvement” and a “positive step.”

For fiscal year 2017, federal agencies were budgeted to spend over $89 billion on IT, including more than $43 billion on major investments. It is important that agencies and OMB work together to effectively implement FITARA reforms to make sure this money is well spent.