This is the accessible text file for GAO report number GAO-13-297T entitled 'Information Technology: OMB and Agencies Need to Fully Implement Major Initiatives to Save Billions of Dollars' which was released on January 22, 2013. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony: Before the Committee on Oversight and Government Reform, House of Representatives: For Release on Delivery: Expected at 1:00 p.m. EST: Tuesday, January 22, 2013: Information Technology: OMB and Agencies Need to Fully Implement Major Initiatives to Save Billions of Dollars: GAO-13-297T: GAO Highlights: Highlights of GAO-13-297T, a testimony before the Committee on Oversight and Government Reform, House of Representatives. Why GAO Did This Study: The federal government plans to spend more than $74 billion on IT investments in fiscal year 2013. Given the size of these investments and the criticality of many of them to the health, economy, and security of the nation, it is important that OMB and federal agencies provide appropriate oversight of and adequate transparency into these programs. Nevertheless, IT projects too frequently incur cost overruns and schedule slippages, and result in duplicate systems while contributing little to mission-related outcomes. GAO was asked to testify on the results and recommendations from its selected reports that focused on key aspects of the federal government’s acquisition and management of IT investments. To prepare this statement, GAO drew on previously published work. What GAO Found: GAO has issued a number of key reports on the federal government’s efforts to efficiently acquire and operate information technology (IT) investments and found that if major initiatives are fully implemented, billions of dollars in savings could be realized. In particular, GAO has made recommendations regarding the Office of Management and Budget’s (OMB) public website, known as the IT Dashboard, which provides detailed information on federal agencies’ major IT investments; agencies’ efforts to perform analyses on existing IT investments; and agencies’ progress toward consolidating data centers. OMB has taken significant steps to enhance the oversight, transparency, and accountability of federal IT investments by creating its IT Dashboard, and by improving the accuracy of investment ratings. However, there were issues with the accuracy and reliability of cost and schedule data in the Dashboard, and GAO has recommended steps that OMB and agencies should take to improve these data-—this is important since the Dashboard reports 190 investments totaling almost $12.5 billion being at risk. GAO recently reported that six federal agencies consistently rated the majority of their IT investments as low risk. Further, the Department of Defense’s (DOD) ratings reflected considerations in addition to those OMB recommends, and consequently it did not rate any of its investments as high risk. However, GAO has recently reported that several DOD investments experienced significant performance problems and were indeed high risk, and that DOD business systems modernization is a high-risk area. In the past, OMB reported trends for risky IT investments needing management attention as part of its annual budget submission, but discontinued this reporting in fiscal year 2010. GAO recommended OMB analyze agencies’ investment risk over time as reflected in the Dashboard’s ratings and present its analysis with the President’s annual budget submission. While agencies plan to spend billions on operational investments-—more than $54 billion in fiscal year 2013—-they have not always provided adequate oversight of these investments. Specifically, GAO reported in October 2012 that five agencies had operational investments with a fiscal year 2011 budget of over $3 billion that had not undergone operational analyses as required by OMB. The report also noted that until operational investments are fully assessed, there was increased potential for these multibillion dollar investments to result in unnecessary waste and duplication. GAO recommended that the five agencies conduct required analyses. GAO reported on the federal government’s progress toward data center consolidation (which OMB expects will save $3 billion by 2015). In July 2012, GAO found that agencies updated their required inventories and plans, but only 3 of 24 agencies in the review submitted complete inventories and only 1 agency submitted a complete plan, as required by OMB. Until these inventories and plans were complete, agencies would continue to be at risk of not realizing anticipated savings, improved infrastructure utilization, or energy efficiency. Accordingly, GAO reiterated a prior recommendation to update inventories and plans, and also recommended that agencies use best practices when developing estimates. What GAO Recommends: GAO has issued numerous recommendations to OMB and agencies on key aspects of IT management, including (1) OMB’s public website, known as the IT Dashboard, which provides detailed information on federal agencies’ major IT investments, and (2) efforts to oversee IT operations and consolidate data centers. View [hyperlink, http://www.gao.gov/products/GAO-13-297T]. For more information, contact David A. Powner at (202) 512-9286 or pownderd@gao.gov. [End of section] January 22, 2013: Chairman Issa, Ranking Member Cummings, and Members of the Committee: I am pleased to be here today to discuss the highlights and recommendations of our selected reports that focused on key aspects of the federal government's acquisition and management of information technology (IT) investments. As reported to the Office of Management and Budget (OMB), federal agencies plan to spend more than $74 billion on IT investments in fiscal year 2013. Given the size of these investments and the criticality of many of these systems to the health, economy, and security of the nation, it is important that OMB and federal agencies provide appropriate oversight of and adequate transparency into these programs. As we have previously reported, federal IT projects too frequently incur cost overruns and schedule slippages while contributing little to mission-related outcomes.[Footnote 1] During the past several years, we have issued multiple reports and testimonies on federal initiatives to acquire and improve the management of IT investments. [Footnote 2] We made numerous recommendations to federal agencies and OMB to further enhance the management and oversight of IT programs. As part of its response to our prior work, OMB deployed a public website in June 2009, known as the IT Dashboard, which provides detailed information on federal agencies' major IT investments, [Footnote 3] including assessments of actual performance against cost and schedule targets (referred to as ratings) for approximately 700 major federal IT investments. In addition, OMB has initiated other significant efforts following the creation of the Dashboard. For example, it developed a 25-point plan for reforming federal IT (IT Reform Plan), launched an initiative to reduce the number of federal data centers (the Federal Data Center Consolidation Initiative (FDCCI)), implemented a cloud computing[Footnote 4] policy, and recently initiated its PortfolioStat effort.[Footnote 5] You asked us to testify on the results and recommendations from our selected reports that focused on key aspects of the federal government's acquisition and management of IT investments. Accordingly, my testimony specifically discusses our recent reports on OMB's IT Dashboard, IT acquisition best practices, management of IT operations and maintenance (O&M) investments, cloud computing, the IT Reform Plan, and data center consolidation.[Footnote 6] All work on which this testimony is based was performed in accordance with generally accepted government auditing standards or all sections of GAO's Quality Assurance Framework that were relevant to our objectives. Those standards and the framework require that we plan and perform our audits and engagements to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives; the framework also requires that we discuss any limitations in our work. We believe that the information, data, and evidence obtained and the analysis conducted provide a reasonable basis for our findings and conclusions based on our objectives. Background: OMB assists the President in overseeing the preparation of the federal budget submission and supervising budget administration in executive branch agencies. In helping to formulate the President's spending plans, OMB is responsible for evaluating the effectiveness of agency programs, policies, and procedures; assessing competing funding demands among agencies; and setting funding priorities. Further, the agency ensures that the budget submission is consistent with relevant statutes and presidential objectives. Each year, OMB and federal agencies work together to determine how much the government plans to spend on IT projects and how these funds are to be allocated. As reported to OMB, federal agencies plan to spend more than $74 billion on IT investments in fiscal year 2013, which is the total expended for not only acquiring such investments, but also the funding to operate and maintain them. Of the reported amount, agencies plan to spend about $20 billion on development and acquisition, and $54 billion on O&M. Figure 1 shows the percentages of total planned spending for 2013. Figure 1: Percentages of Planned IT Spending for Fiscal Year 2013: [Refer to PDF for image: pie-chart] O&M: $54.23 billion; 73%; Development: $19.8 billion; 27%. Source: OMB's IT Dashboard. [End of figure] However, this $74 billion does not reflect the spending of the entire federal government. We have previously reported that OMB's figure understates the total amount spent in IT investments.[Footnote 7] Specifically, it does not include IT investments by 58 independent executive branch agencies, including the Central Intelligence Agency, or by the legislative or judicial branches. Further, agencies differed on what they considered an IT investment; for example, some have considered research and development systems as IT investments, while others have not. As a result, not all IT investments are included in the federal government's estimate of annual IT spending. OMB provided guidance to agencies on how to report on their IT investments, but this guidance did not ensure complete reporting or facilitate the identification of duplicative investments. Consequently, we recommended, among other things, that OMB improve its guidance to agencies on identifying and categorizing IT investments. To assist agencies in managing their IT investments, Congress enacted the Clinger-Cohen Act of 1996, which requires OMB to establish processes to analyze, track, and evaluate the risks and results of major capital investments in information systems made by federal agencies and report to Congress on the net program performance benefits achieved as a result of these investments.[Footnote 8] Further, the act places responsibility for managing investments with the heads of agencies and establishes chief information officers (CIO) to advise and assist agency heads in carrying out this responsibility. Many of these investments are critical to our nation. For example, they include systems to process tax returns, secure our nation, and control aircraft. However, the federal government has spent billions of dollars on poorly performing IT investments, as the following examples illustrate: * In July 2010, OMB directed the National Archives and Records Administration (NARA) to halt development of its Electronic Records Archive system at the end of fiscal year 2011 (1 year earlier than planned). OMB cited concerns about the system's cost, schedule, and performance and directed NARA to better define system functionality and improve strategic planning. Through fiscal year 2010, NARA had spent about $375 million on the system. We issued several reports and made recommendations to improve this system.[Footnote 9] These findings and recommendations contributed to the decision to halt the system. * In January 2011, the Secretary of Homeland Security ended the Secure Border Initiative Network program after obligating more than $1 billion to the program because it did not meet cost-effectiveness and viability standards. Since 2007, we have identified a range of issues and made several recommendations to improve this program.[Footnote 10] For example, in May 2010 we reported that the final acceptance of the first two deployments had slipped from November 2009 and March 2010 to September 2010 and November 2010, respectively, and that the cost- effectiveness of the system had not been justified.[Footnote 11] We concluded that the Department of Homeland Security (DHS) had not demonstrated that the considerable time and money being invested to acquire and deploy the program was a wise and prudent use of limited resources. As a result, we recommended that the department (1) limit near-term investment in the first incremental block of the program, (2) economically justify any longer-term investment in it, and (3) improve key program management disciplines. This work contributed to the department's decision to cancel the program. * In February 2011, the Office of Personnel Management canceled its Retirement Systems Modernization program after several years of trying to improve the implementation of this investment.[Footnote 12] According to the Office of Personnel Management, it spent approximately $231 million on this investment. We issued a series of reports on the agency's efforts to modernize its retirement system and found that the Office of Personnel Management was hindered by weaknesses in several important management disciplines that are essential to successful IT modernization efforts.[Footnote 13] Accordingly, we made recommendations in areas such as project management, organizational change management, testing, cost estimating, and earned value management. In May 2008, an Office of Personnel Management official cited the issues that we identified as justification for issuing a stop work order to the system contractor, and the agency subsequently terminated the contract. * In March 2011, we reported that while the Department of Defense's (DOD) Navy Next Generation Enterprise Network investment's first increment was estimated to cost $50 billion, the program was not well- positioned to meet its cost and schedule estimates.[Footnote 14] Accordingly, we recommended DOD limit further investment until it conducts an interim review to reconsider the selected acquisition approach and addresses its investment management issues. DOD stated that it did not concur with the recommendation to reconsider its acquisition approach, but we maintained that without doing so, DOD could not be sure it was pursuing the most cost-effective approach. * In December 2012, DOD canceled the Air Force's Expeditionary Combat Support System after having spent more than a billion dollars and missing multiple milestones. We issued several reports on this system and found that, among other things, the program was not fully following best practices for developing reliable schedules and cost estimates.[Footnote 15] In addition to these poorly performing investments, the IT Dashboard identifies other at-risk investments. Specifically, as of August 2012, according to the IT Dashboard, 190 of the federal government's approximately 700 major IT investments--totaling almost $12.5 billion-- were in need of management attention (rated "yellow" to indicate the need for attention or "red" to indicate significant concerns). (See figure 2.) Figure 2: Overall Performance Ratings of Major Investments on the IT Dashboard, as of August 2012: [Refer to PDF for image: pie-chart] Normal: 74%; $27.0 billion; Needs attention: 22%; $11.1 billion; Significant concerns: 4%; $1.4 billion. Source: OMB's IT Dashboard. [End of figure] OMB's Recent Major Initiatives for Overseeing IT Investments: As previously mentioned, in June 2009, to further improve the transparency into and oversight of agencies' IT investments, OMB publicly deployed the IT Dashboard. As part of this effort, OMB issued guidance directing federal agencies to report, via the Dashboard, the performance of their IT investments. Currently, the Dashboard publicly displays information on the cost, schedule, and performance of over 700 major federal IT investments at 26 federal agencies. Further, the public display of these data is intended to allow OMB, other oversight bodies, and the general public to hold the government agencies accountable for results and progress. In December 2010 OMB released its 25-point plan to reform federal IT. Among other things, the plan noted the goal of turning around or terminating at least one-third of underperforming projects by June 2012. To its credit, OMB's IT Reform Plan provided specific actions to agencies so they could (1) more effectively manage IT acquisitions and (2) achieve operational efficiencies. To effectively manage IT acquisitions, the plan identified key actions such as improving accountability and governance and aligning acquisition processes with the technology cycle. To achieve operational efficiencies, the plan outlined actions required to adopt cloud solutions and leverage shared services. One of these actions was the consolidation of data centers as described in OMB's FDCCI, which was announced in February 2010 and included a high-level goal to reduce the cost of data center hardware, software, and operations. Another action that was identified was related to cloud computing. OMB developed a "Cloud First" policy that required each agency CIO to fully migrate three services to a cloud solution by June 2012, and implement cloud-based solutions whenever a secure, reliable, and cost-effective cloud option exists. As part of the IT Reform Plan, in 2011 the Federal CIO Council launched an initial Best Practices platform on [hyperlink, http://www.CIO.gov] to provide agency case studies that demonstrate best practices in managing federal IT systems.[Footnote 16] According to OMB, agencies have been encouraged to develop practices that focus on early, frequent, and constructive communication during the acquisition process so that the government clearly understands the marketplace and can obtain an effective solution at a reasonable price. Further, since June 2010, OMB has required agencies to develop and carry out an operational analysis (OA) policy for examining the ongoing performance of existing operational IT investments to measure, among other things, whether the investment is continuing to meet business and customer needs and is contributing to meeting the agency's strategic goals. OMB's guidance calls for the policy to provide for an annual OA of each investment that addresses the following: cost, schedule, customer satisfaction, strategic and business results, financial goals, and innovation. More recently, the Federal CIO initiated the PortfolioStat effort for commodity IT in March 2012. OMB requires agency Deputy Secretaries or Chief Operating Officers to lead PortfolioStats--IT portfolio reviews- -working in coordination with CIOs, Chief Financial Officers, and Chief Acquisition Officers. Such an effort, as planned, is appropriate given the numerous investments performing the same function, as we reported in February 2012.[Footnote 17] For example, 27 major federal agencies planned to spend $2.7 billion on 580 financial management systems in 2011. See figure 3 for the total number of investments within the 27 federal agencies, by function. Figure 3: Number of Government IT Investments by Primary Function, as of July 2011: [Refer to PDF for image: horizontal bar graph] Primary function: Information and Technology Management; Number of IT investments: 1,536; $35.5 billion; Primary function: Supply Chain Management; Number of IT investments: 777; $3.3 billion; Primary function: Human Resource Management; Number of IT investments: 622; $2.4 billion; Primary function: Financial Management; Number of IT investments: 580; $2.7 billion; Primary function: Health; Number of IT investments: 444; $5.0 billion; Primary function: General Science and Innovation; Number of IT investments: 372; $1.6 billion; Primary function: Defense and National Security; Number of IT investments: 358; $9.3 billion; Primary function: Administrative Management; Number of IT investments: 301; $0.8 billion; Primary function: Planning and Budgeting; Number of IT investments: 292; $0.7 billion; Primary function: Environmental Management; Number of IT investments: 177; $1.2 billion; Primary function: All other functions; Number of IT investments: 1,789; $16.2 billion. Source: GAO analysis of exhibit 53 data. [End of figure] OMB believes that the PortfolioStat effort has the potential to save the government $2.5 billion over the next 3 years by, for example, consolidating duplicative systems. We previously reported and testified on the issue of duplicative IT investments at DOD and the Department of Energy.[Footnote 18] Specifically, we found 37 potentially duplicative investments, accounting for about $1.2 billion in total IT spending for fiscal years 2007 through 2012. We made recommendations to those agencies to report on the progress of efforts to identify and eliminate duplication, where appropriate. Opportunities Exist to Improve Acquisitions and Operations of IT Investments: Over the past several years, we have highlighted OMB efforts to enhance oversight of IT acquisition. Most notably, we issued a series of reports on the IT Dashboard. In addition, we identified common factors critical to successful IT investments. IT Dashboard: OMB has taken significant steps to enhance the oversight, transparency, and accountability of federal IT investments by creating its IT Dashboard, and by improving the accuracy of investment ratings. However, there were issues with the accuracy and reliability of cost and schedule data, and we recommended steps that OMB should take to improve these data. * Our July 2010 report[Footnote 19] found that the cost and schedule ratings on OMB's Dashboard were not always accurate for the investments we reviewed, because these ratings did not take into consideration current performance. As a result, the ratings were based on outdated information. We recommended that OMB report on its planned changes to the Dashboard to improve the accuracy of performance information and provide guidance to agencies to standardize milestone reporting. OMB agreed with our recommendations and, as a result, updated the Dashboard's cost and schedule calculations to include both ongoing and completed activities. Similarly, in March 2011, OMB had initiated several efforts to increase the Dashboard's value as an oversight tool, and had used its data to improve federal IT management.[Footnote 20] However, agency practices and the Dashboard's calculations contributed to inaccuracies in the reported investment performance data. These included, for instance, missing data submissions or erroneous data at each of the five agencies we reviewed, along with instances of inconsistent program baselines and unreliable source data. As a result, we recommended that the agencies take steps to improve the accuracy and reliability of their Dashboard information, and that OMB improve how it rates investments relative to current performance and schedule variance. Most agencies generally concurred with our recommendations; OMB agreed with our recommendation for improving ratings for schedule variance. It disagreed with our recommendation to improve how it reflects current performance in cost and schedule ratings, but more recently made changes to Dashboard calculations to address this while also noting challenges in comprehensively evaluating cost and schedule data for these investments. * Our subsequent report[Footnote 21] noted that the accuracy of investment cost and schedule ratings had improved since our July 2010 report because OMB had refined the Dashboard's cost and schedule calculations. Most of the ratings for the eight investments we reviewed were accurate, although more could be done to inform oversight and decision making by emphasizing recent performance in the ratings. We recommended that the General Services Administration comply with OMB's guidance for updating its ratings when new information becomes available (including when investments are rebaselined) and the agency concurred. Since we previously recommended that OMB improve how it rates investments, we did not make any further recommendations. * More recently, in October 2012 we found that opportunities existed to improve transparency and oversight of investment risk at our selected agencies.[Footnote 22] Specifically, CIOs at six federal agencies consistently rated the majority of their IT investments as low risk. These agencies rated no more than 12 percent of their investments as high or moderately high risk, and two agencies (DOD and the National Science Foundation) rated no investments at these risk levels. Over time, about 47 percent of the agencies' Dashboard investments received the same rating in every rating period. For ratings that changed, DHS and Office of Personnel Management reported more investments with reduced risk when initial ratings were compared with those in March 2012; the other four agencies reported more investments with increased risk. In the past, OMB reported trends for risky IT investments needing management attention as part of its annual budget submission, but discontinued this reporting in fiscal year 2010. Accordingly, we recommended OMB analyze agencies' investment risk over time as reflected in the Dashboard's CIO ratings and present its analysis with the President's annual budget submission, with which OMB concurred. Further, agencies generally followed OMB's instructions for assigning CIO ratings, which included considering stakeholder input, updating ratings when new data become available, and applying OMB's six evaluation factors. DOD's ratings were unique in reflecting additional considerations, such as the likelihood of OMB review, and consequently DOD did not rate any of its investments as high risk. However, in selected cases, these ratings did not appropriately reflect significant cost, schedule, and performance issues reported by GAO and others. Although three DOD investments experienced significant performance problems and were part of a GAO high-risk area (business systems modernization), they were all rated low risk or moderately low risk by the DOD CIO. For example, in early 2012, we reported that Air Force's Defense Enterprise Accounting and Management System (DEAMS) faced a 2-year deployment delay and an estimated cost increase of about $500 million from an original life-cycle cost estimate of $1.1 billion (an increase of approximately 45 percent), and that assessments by DOD users had identified operational problems with the system, such as data accuracy issues, an inability to generate auditable financial reports, and the need for manual workarounds. [Footnote 23] In July 2012, the DOD Inspector General reported that the DEAMS's schedule delays were likely to diminish the cost savings it was to provide, and would jeopardize the department's goals for attaining an auditable financial statement. DOD's CIO rated DEAMS low risk or moderately low risk from July 2009 through March 2012. Moreover, DOD did not apply its own risk management guidance to the ratings, which reduces their value for investment management and oversight. Therefore, we recommended that DOD ensure that its CIO ratings reflect available investment performance assessments and its risk management guidance. DOD concurred with our recommendation. Critical Factors Underlying Successful Major Acquisitions: To help the federal agencies address the well-documented acquisition challenges they face, we identified seven successful investment acquisitions and nine common factors critical to their success in 2011.[Footnote 24] Specifically, we reported that department officials identified seven successful investment acquisitions, in that they best achieved their respective cost, schedule, scope, and performance goals.[Footnote 25] The nine common factors critical to the success of three or more of the seven investments were: (1) program officials were actively engaged with stakeholders; (2) program staff had the necessary knowledge and skills; (3) senior department and agency executives supported the programs; (4) end users and stakeholders were involved in the development of requirements; (5) end users participated in testing of system functionality prior to formal end user acceptance testing; (6) government and contractor staff were stable and consistent; (7) program staff prioritized requirements; (8) program officials maintained regular communication with the prime contractor; and (9) programs received sufficient funding. Further, officials from all seven investments cited active engagement with program stakeholders as a critical factor to the success of those investments. These critical factors support OMB's objective of improving the management of large-scale IT acquisitions across the federal government, and wide dissemination of these factors could complement OMB's efforts. In addition to efficiently acquiring IT investments, it is also important for the federal government to efficiently manage operational investments, especially since agencies are planning to spend about $54 billion in fiscal year 2013 on operational systems. Accordingly, we issued key reports on the federal government's oversight of IT investments in O&M, progress toward meeting OMB data center consolidation goals, and progress toward cloud computing as specified in the "Cloud First" policy. Oversight of Investments in O&M: While agencies spend billions on operational investments, they have not always provided adequate oversight of these investments. Specifically, assessments of the performance of such investments-- commonly referred to as OAs--varied significantly, as we reported in October 2012.[Footnote 26] OMB guidance calls for agencies to develop an OA policy and perform such analyses annually to ensure O&M investments continue to meet agency needs. The guidance also includes 17 key factors (addressing areas such as cost, schedule, customer satisfaction, and innovation) that are to be assessed. We reviewed five agencies[Footnote 27] and found that they varied in the extent to which they followed OMB guidance. For example, DHS and HHS developed a policy which included all OMB assessment factors and performed OAs. However, they did not include all investments and key factors. In particular, DHS analyzed 16 of its 44 steady state investments, meaning 28 investments with annual budgets totaling $1 billion were not analyzed; HHS analyzed 7 of its 8 steady state investments. For OAs performed by DHS and HHS, both fully addressed approximately half of the key factors. In contrast, DOD, Treasury, and VA did not develop a policy and did not perform analyses on their 23 major steady state investments with annual budgets totaling $2.1 billion. Overall, these five agencies have steady state investments with a fiscal year 2011 budget of over $3 billion that had not undergone needed analyses, and while OMB called for agencies to perform OAs, its existing guidance did not provide mechanisms that ensure the OAs are completed and allow public transparency into the results of the assessments. As a result, we recommended that DOD, Treasury, and VA develop an OA policy and conduct annual OAs; DHS and HHS ensure OAs are being performed for all investments and that all factors are fully assessed; and OMB revise its guidance to include directing agencies to report on the IT Dashboard the results from the OAs. The five agencies and OMB agreed with our recommendations. Data Center Consolidation: Agencies have developed plans to consolidate data centers; however, these plans were incomplete and did not include best practices. We issued two reports on the federal government's effort to consolidate data centers and made several recommendations for improvements. * Our July 2011 report found that agency consolidation plans indicated that agencies anticipated closing about 650 data centers by fiscal year 2015 and saving about $700 million in doing so.[Footnote 28] However, only one of the 24 agencies submitted a complete inventory and no agency submitted complete plans. Further, OMB did not require agencies to document the steps they took, if any, to verify the inventory data. We noted the importance of having assurance as to the accuracy of collected data and, specifically, the need for agencies to provide OMB with complete and accurate data and the possible negative impact of that data being missing or incomplete. We concluded that until these inventories and plans were completed, agencies would not be able to implement their consolidation activities and realize expected cost savings. Moreover, without an understanding of the validity of agencies' consolidation data, OMB could not be assured that agencies were providing a sound baseline for estimating consolidation savings and measuring progress against those goals. Accordingly, we made several recommendations to OMB, including that the Federal CIO require that agencies, when updating their data center inventories, state what actions have been taken to verify the inventories and to identify any associated limitations on the data. * In a subsequent report[Footnote 29] we noted that agencies updated their inventories and plans, but key elements were still missing. Specifically, as of September 2011, 24 agencies identified almost 2,900 total centers, established plans to close 1,186 of them by 2015, and estimated they would realize over $2.4 billion in cost savings in doing so. OMB noted that the savings would be even greater and estimated that FDCCI would realize $3 billion in savings by 2015. [Footnote 30] However, while OMB required agencies to complete missing elements in their data center inventories and plans by the end of September 2011, only 3 agencies submitted complete inventories, and only 1 agency submitted a complete plan. Further, in their consolidation plans, 13 agencies did not provide a full master program schedule, and 21 agencies did not fully report their expected cost savings. Our report noted that until these inventories and plans were complete, agencies would continue to be at risk of not realizing anticipated savings, improved infrastructure utilization, or energy efficiency. We also reiterated our recommendation that the agencies complete the missing elements of their inventories and plans. In addition, while OMB required a master program schedule and a cost- benefit analysis (a type of cost estimate) as key requirements of agencies' consolidation plans, none of the five agencies we reviewed had a schedule or cost estimate that was fully consistent with the four selected attributes of a properly sequenced schedule (such as having identified dependencies) or the four characteristics that form the basis of a reliable cost estimate (such as being comprehensive and well-documented). OMB had established a standardized cost model to aid agencies in their consolidation planning efforts, but use of the model was voluntary. As a result, we recommended that the five selected agencies should implement recognized best practices when establishing schedules and cost estimates for their consolidation efforts and that OMB ensure agencies utilize its standardized cost model across the consolidation initiative. OMB and three agencies agreed with our recommendation, and two did not agree or disagree with it. Finally, we highlighted consolidation successes, such as the benefits of focusing on key technologies and the benefits of working with other agencies and components to identify consolidation opportunities. However, agencies continued to report a number of the same challenges that we first described in 2011, while other challenges were evolving. For example, 15 agencies reported continued issues with obtaining power usage information, and 9 agencies reported that their organization continued to struggle with acquiring the funding required for consolidation. In light of these successes and challenges, we noted that it was important for OMB to continue to provide leadership and guidance, such as--as we previously recommended--using the consolidation task force to monitor agencies' consolidation efforts. Therefore, we recommended that OMB ensure that all future revisions to the guidance on data center consolidation inventories and plans are defined in an OMB memorandum and posted to the FDCCI public website in a manner consistent with the guidance published in 2010. OMB agreed with our recommendation. Cloud Computing: Implementing cloud computing has security implications, which federal agencies began addressing. Further, agencies made progress implementing OMB's "Cloud First" policy. We reported on these two issues and made recommendations. * In May 2010, we reported that cloud computing can both increase and decrease the security of information systems in federal agencies. [Footnote 31] Risks included dependence on the security practices and assurances of a vendor, dependency on the vendor, and concerns related to sharing of computing resources. Federal agencies had begun efforts to address information security issues for cloud computing, but key guidance was lacking and efforts remained incomplete. Although individual agencies had identified security measures needed when using cloud computing, they had not always developed corresponding guidance. For example, only nine agencies reported having approved and documented policies and procedures for writing comprehensive agreements with vendors when using cloud computing. Agencies had also identified challenges in implementing existing federal information security guidance and the need to streamline and automate the process of implementing this guidance. These concerns included having a process to assess vendor compliance with government information security requirements and the division of information security responsibilities between the customer and vendor. Among other things, we recommended that OMB establish milestones for completing a strategy for implementing the federal cloud computing initiative. * Federal agencies made progress in implementing OMB's "Cloud First" policy, as we reported in July 2012.[Footnote 32] Consistent with this policy, each of the seven agencies in our review incorporated cloud computing requirements into their policies and processes. Further, each of the seven agencies met the OMB deadlines to identify three cloud implementations by February 2011 and to implement at least one service by December 2011. However, two agencies did not plan to meet OMB's deadline to implement three services by June 2012, but planned to do so by calendar year's end. Each of the seven agencies also identified opportunities for future cloud implementations, such as moving storage and help desk services to a cloud environment. While each of the seven agencies submitted plans to OMB for implementing the cloud solutions, all but one plan were missing key required elements. As a result, we recommended that the seven agencies develop key planning information, such as estimated costs and legacy IT systems' retirement plans, for existing and planned services. The agencies generally agreed with these recommendations. IT Reform Plan: OMB's IT Reform Plan acknowledged many of these acquisition and operation issues by requiring 25 actions to be completed by 2012. For example, it required agencies to launch a best practices collaboration platform and shift to a "Cloud First" policy. We reported on the federal government's progress toward implementing these actions in April 2012.[Footnote 33] OMB and key federal agencies had made progress on action items in the IT Reform Plan, but there were several areas where more remained to be done. Specifically, we reviewed 10 actions and found that 3 were complete: * stand-up contract vehicle for infrastructure, * reform and strengthen investment review boards, and: * design a cadre of specialized IT acquisition professionals. Additionally, 7 items were partially completed: * complete plans for data center consolidation, * issue guidance on modular development, * shift to a "Cloud First" policy, * work with Congress to create budget models for modular development, * work with Congress to consolidate routine IT purchases under agency CIO, * launch a best practices platform, and: * redefine the role of agency CIO and CIO Council. OMB reported greater progress than we determined. While OMB officials acknowledged that there is more to do in each of the topic areas, they considered the key action items to be completed because the IT Reform Plan has served its purpose as a catalyst for a set of broader initiatives. They explained that work will continue on all of the initiatives even after OMB declares that the related action items are completed under the IT Reform Plan. We disagreed with this approach and noted that in prematurely declaring the action items to be completed, OMB risked losing momentum on the progress it has made to date. We recommended that three agencies complete key IT Reform action items. We also recommended that OMB accurately characterize the status of the IT Reform Plan action items in the upcoming progress report in order to keep momentum going on action items that are not yet completed. Further, OMB and key agencies planned to continue efforts to address the seven items that we identified as behind schedule, but lacked time frames for completing most of them. For example, OMB had planned to work with congressional committees during the fiscal year 2013 budget process to assist in exploring legislative proposals to establish flexible budget models and to consolidate certain routine IT purchases under agency CIOs. However, OMB had not established time frames for completing five of the seven IT Reform Plan action items that were behind schedule. Accordingly, we recommended that OMB ensure that the action items called for in the IT Reform Plan be completed by the responsible parties prior to the completion of the IT Reform Plan's 18- month deadline of June 2012, or if the June 2012 deadline could not be met, by another clearly defined deadline; and provide clear time frames for addressing the shortfalls associated with the action items. Last, OMB had not established performance measures for evaluating the results of most of the IT reform initiatives we reviewed. Specifically, OMB established performance measures for 4 of the 10 action items, including data center consolidation and cloud computing. However, no performance measures existed for 6 other action items, including establishing the best practices collaboration platform and developing a cadre of IT acquisition professionals. Thus, we recommended that OMB establish outcome-oriented measures for each applicable action item. In summary, OMB's and agencies' recent efforts have resulted in greater transparency and oversight of federal spending, but continued leadership and attention is necessary to build on the progress that has been made. For example, federal agencies need to continue to improve the accuracy of information on the Dashboard to provide greater transparency and even more attention to the billions of dollars invested in troubled projects. Further, the expanded use of the common factors critical to the successful management of large- scale IT acquisitions should result in the more effective delivery of mission-critical systems. In addition, the federal government can more efficiently manage operational systems by ensuring the $54 billion in O&M is continuing to improve mission performance, in particular the $3 billion which had not undergone required analyses. The federal government can also build on the momentum of the $2.4 billion in estimated savings as a result of data center consolidation efforts. Overall, implementation of outstanding GAO recommendations can help further reduce wasteful spending on poorly managed, unnecessary, and duplicative investments. Chairman Issa, Ranking Member Cummings, and Members of the Committee, this concludes my statement. I would be pleased to answer any questions at this time. GAO Contact and Staff Acknowledgments: If you should have any questions about this testimony, please contact me at (202) 512-9286 or by e-mail at pownerd@gao.gov. Individuals who made key contributions to this testimony are Dave Hinchman, Assistant Director; Gary Mountjoy, Assistant Director; Rebecca Eyler; Kevin Walsh; and Shawn Ward. [End of section] Footnotes: [1] See, for example, GAO, Information Technology: Better Informed Decision Making Needed on Navy's Next Generation Enterprise Network Acquisition, [hyperlink, http://www.gao.gov/products/GAO-11-150] (Washington, D.C.: Mar. 11, 2011); and Border Security: Preliminary Observations on the Status of Key Southwest Border Technology Programs, [hyperlink, http://www.gao.gov/products/GAO-11-448T] (Washington, D.C.: Mar. 15, 2011). [2] GAO, Information Technology Dashboard: Opportunities Exist to Improve Transparency and Oversight of Investment Risk at Select Agencies, [hyperlink, http://www.gao.gov/products/GAO-13-98] (Washington, D.C.: Oct. 16, 2012); Information Technology: Agencies Need to Strengthen Oversight of Billions of Dollars in Operations and Maintenance Investments, [hyperlink, http://www.gao.gov/products/GAO-13-87] (Washington, D.C.: Oct. 16, 2012); Data Center Consolidation: Agencies Making Progress on Efforts, but Inventories and Plans Need to Be Completed, [hyperlink, http://www.gao.gov/products/GAO-12-742] (Washington, D.C.: July 19, 2012); Information Technology: Critical Factors Underlying Successful Major Acquisitions, [hyperlink, http://www.gao.gov/products/GAO-12-7] (Washington, D.C.: Oct. 21, 2011); Information Technology: Continued Attention Needed to Accurately Report Federal Spending and Improve Management, [hyperlink, http://www.gao.gov/products/GAO-11-831T] (Washington, D.C.: July 14, 2011); and Information Technology: Investment Oversight and Management Have Improved but Continued Attention Is Needed, [hyperlink, http://www.gao.gov/products/GAO-11-454T] (Washington, D.C.: Mar. 17, 2011). [3] A major IT Investment is a system or an acquisition requiring special management attention because it: has significant importance to the mission or function of the agency, a component of the agency, or another organization; is for financial management and obligates more than $500,000 annually; has significant program or policy implications; has high executive visibility; has high development, operating, or maintenance costs; is funded through other than direct appropriations; or is defined as major by the agency's capital planning and investment control process. [4] Cloud computing is an emerging form of delivering computing services via networks with the potential to provide IT services more quickly and at a lower cost. Cloud computing provides users with on- demand access to a shared and scalable pool of computing resources with minimal management effort or service provider interaction. It reportedly has several potential benefits, including faster deployment of computing resources, a decreased need to buy hardware or to build data centers, and more robust collaboration capabilities. [5] PortfolioStat is intended to be a tool for agencies to use to assess the current maturity of their IT portfolio management process and make decisions on eliminating duplication across their organizations. Agencies are to use data from PortfolioStats to establish targets for commodity IT spending reductions and deadlines for meeting those targets. [6] [hyperlink, http://www.gao.gov/products/GAO-13-98]; [hyperlink, http://www.gao.gov/products/GAO-13-87]; [hyperlink, http://www.gao.gov/products/GAO-12-742]; [hyperlink, http://www.gao.gov/products/GAO-12-7]; and GAO, Information Technology Reform: Progress Made; More Needs to Be Done to Complete Actions and Measure Results, [hyperlink, http://www.gao.gov/products/GAO-12-461] (Washington, D.C.: Apr. 26, 2012). [7] See GAO, Information Technology: OMB Needs to Improve Its Guidance on IT Investments, [hyperlink, http://www.gao.gov/products/GAO-11-826] (Washington, D.C.: Sept. 29, 2011). [8] 40 U.S.C. § 11302(c). [9] See, for example, GAO, Electronic Records Archive: Status Update on the National Archives and Records Administration's Fiscal Year 2010 Expenditure Plan, [hyperlink, http://www.gao.gov/products/GAO-10-657] (Washington, D.C.: June 11, 2010); Electronic Records Archive: The National Archives and Records Administration's Fiscal Year 2009 Expenditure Plan, [hyperlink, http://www.gao.gov/products/GAO-09-733] (Washington, D.C.: July 24, 2009); and National Archives: Progress and Risks in Implementing its Electronic Records Archive Initiative, [hyperlink, http://www.gao.gov/products/GAO-10-222T] (Washington, D.C.: Nov. 5, 2009). [10] See, for example, GAO, Secure Border Initiative: DHS Needs to Strengthen Management and Oversight of Its Prime Contractor, [hyperlink, http://www.gao.gov/products/GAO-11-6] (Washington, D.C.: Oct. 18, 2010); Secure Border Initiative: DHS Needs to Reconsider Its Proposed Investment in Key Technology Program, [hyperlink, http://www.gao.gov/products/GAO-10-340] (Washington, D.C.: May 5, 2010); Secure Border Initiative: DHS Needs to Address Testing and Performance Limitations That Place Key Technology Program at Risk, [hyperlink, http://www.gao.gov/products/GAO-10-158] (Washington, D.C.: Jan. 29, 2010); Secure Border Initiative: DHS Needs to Address Significant Risks in Delivering Key Technology Investment, [hyperlink, http://www.gao.gov/products/GAO-08-1086] (Washington, D.C.: Sept. 22, 2008); and Secure Border Initiative: SBInet Expenditure Plan Needs to Better Support Oversight and Accountability, [hyperlink, http://www.gao.gov/products/GAO-07-309] (Washington, D.C.: Feb. 15, 2007). [11] GAO, Secure Border Initiative: DHS Needs to Reconsider Its Proposed Investment in Key Technology Program, [hyperlink, http://www.gao.gov/products/GAO-10-340] (Washington, D.C.: May 5, 2010). [12] GAO, OPM Retirement Modernization: Longstanding Information Technology Management Weaknesses Need to Be Addressed, [hyperlink, http://www.gao.gov/products/GAO-12-226T] (Washington, D.C.: Nov. 15, 2011). [13] GAO, Office of Personnel Management: Retirement Modernization Planning and Management Shortcomings Need to Be Addressed, [hyperlink, http://www.gao.gov/products/GAO-09-529] (Washington, D.C.: Apr 21, 2009); Office of Personnel Management: Improvements Needed to Ensure Successful Retirement Systems Modernization, [hyperlink, http://www.gao.gov/products/GAO-08-345] (Washington, D.C.: Jan 31, 2008); Comments on the Office of Personnel Management's February 20, 2008 Report to Congress Regarding the Retirement Systems Modernization, [hyperlink, http://www.gao.gov/products/GAO-08-576R] (Washington, D.C.: Mar 28, 2008); and Office of Personnel Management: Retirement Systems Modernization Program Faces Numerous Challenges, [hyperlink, http://www.gao.gov/products/GAO-05-237] (Washington, D.C.: Feb 28, 2005). [14] [hyperlink, http://www.gao.gov/products/GAO-11-150]. [15] GAO, DOD Business Transformation: Improved Management Oversight of Business System Modernization Efforts Needed, [hyperlink, http://www.gao.gov/products/GAO-11-53] (Washington, D.C.: Oct. 7, 2010) and DOD Financial Management: Implementation Weaknesses in Army and Air Force Business Systems Could Jeopardize DOD's Auditability Goals, [hyperlink, http://www.gao.gov/products/GAO-12-134] (Washington, D.C.: Feb. 28, 2012). [16] Federal CIO Council, [hyperlink, http://cio.gov/category/best-practices/]. [17] GAO, Information Technology: Departments of Defense and Energy Need to Address Potentially Duplicative Investments, [hyperlink, http://www.gao.gov/products/GAO-12-241] (Washington, D.C.: Feb. 17, 2012). [18] [hyperlink, http://www.gao.gov/products/GAO-12-241] and GAO, Information Technology: Potentially Duplicative Investments Exist at the Departments of Defense and Energy, [hyperlink, http://www.gao.gov/products/GAO-12-462T] (Washington, D.C.: Feb. 17, 2012). [19] GAO, Information Technology: OMB's Dashboard Has Increased Transparency and Oversight, but Improvements Needed, [hyperlink, http://www.gao.gov/products/GAO-10-701] (Washington, D.C.: July 16, 2010). [20] GAO, Information Technology: OMB Has Made Improvements to Its Dashboard, but Further Work Is Needed by Agencies and OMB to Ensure Data Accuracy, [hyperlink, http://www.gao.gov/products/GAO-11-262] (Washington, D.C.: Mar. 15, 2011). [21] GAO, IT Dashboard: Accuracy Has Improved, and Additional Efforts Are Under Way to Better Inform Decision Making, [hyperlink, http://www.gao.gov/products/GAO-12-210] (Washington, D.C.: Nov. 7, 2011). [22] [hyperlink, http://www.gao.gov/products/GAO-13-98]. [23] GAO, DOD Financial Management: Reported Status of Department of Defense's Enterprise Resource Planning Systems, [hyperlink, http://www.gao.gov/products/GAO-12-565R] (Washington, D.C.: Mar. 30, 2012) and [hyperlink, http://www.gao.gov/products/GAO-12-134]. [24] [hyperlink, http://www.gao.gov/products/GAO-12-7]. [25] The seven investments were (1) Commerce's Decennial Response Integration System, (2) DOD's Defense Global Combat Support System- Joint (Increment 7), (3) Department of Energy's Manufacturing Operations Management Project, (4) DHS's Western Hemisphere Travel Initiative, (5) Department of Transportation's Integrated Terminal Weather System, (6) Internal Revenue Service's Customer Account Data Engine 2, and (7) Veterans Affairs Occupational Health Record-keeping System. [26] [hyperlink, http://www.gao.gov/products/GAO-13-87]. [27] The agencies in our review were DHS, DOD, the Departments of Health and Human Services (HHS), the Treasury, and Veterans Affairs (VA). [28] GAO, Data Center Consolidation: Agencies Need to Complete Inventories and Plans to Achieve Expected Savings, [hyperlink, http://www.gao.gov/products/GAO-11-565] (Washington, D.C.: July 19, 2011). [29] [hyperlink, http://www.gao.gov/products/GAO-12-742]. [30] OMB, Analytical Perspectives, Budget of the U.S. Government, Fiscal Year 2013. [31] GAO, Information Security: Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing, [hyperlink, http://www.gao.gov/products/GAO-10-513] (Washington, D.C.: May 27, 2010). [32] GAO, Information Technology Reform: Progress Made but Future Cloud Computing Efforts Should be Better Planned, [hyperlink, http://www.gao.gov/products/GAO-12-756] (Washington, D.C.: July 11, 2012). [33] [hyperlink, http://www.gao.gov/products/GAO-12-461]. [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E-mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]