Improving the Management of IT Acquisitions and Operations
Although the executive branch has undertaken numerous initiatives to better manage the more than $80 billion that is annually invested in information technology (IT), federal IT investments too frequently fail or incur cost overruns and schedule slippages while contributing little to mission-related outcomes. We have previously testified that the federal government has spent billions of dollars on failed IT investments.1 These investments often suffered from a lack of disciplined and effective management, such as project planning, requirements definition, and program oversight and governance. In many instances, agencies have not consistently applied best practices that are critical to successfully acquiring IT. In this regard, we have identified nine critical factors underlying successful major acquisitions, such as program officials actively engaging with stakeholders and staff having the necessary knowledge and skills.2
Nonetheless, agencies continue to have IT projects that perform poorly. Such projects have often used a “big bang” approach—that is, projects are broadly scoped and aim to deliver functionality several years after initiation. According to the Defense Science Board, this approach is often too long, ineffective, and unaccommodating of the rapid evolution of IT. Further, it is inconsistent with Office of Management and Budget (OMB) guidance directing that IT investments deliver functionality in 6-month increments.3 In August 2016, we reported that approximately half of the software projects across selected agencies were following this guidance.4
Federal IT projects have also failed due to a lack of oversight and governance. Executive-level governance and oversight across the government has often been ineffective, specifically from chief information officers (CIO). However, we have reported that some CIOs" authority is limited in that not all CIOs have the authority to review and approve the entire agency IT portfolio.5
Recognizing the severity of issues related to the government-wide management of IT, in December 2014, Congress enacted IT acquisition reform provisions (commonly referred to as the Federal Information Technology Acquisition Reform Act or FITARA) as part of the Carl Levin and Howard P. "Buck" McKeon National Defense Authorization Act for Fiscal Year 2015.6 Among other things, the law requires action to: (1) consolidate federal data centers, (2) enhance transparency and improve risk management, (3) enhance agency CIO authority, (4) review IT investment portfolios, (5) expand training and use of IT acquisition cadres, (6) purchase software government-wide, and (7) maximize the benefit of federal strategic sourcing.
 GAO, Information Technology: OMB and Agencies Need to More Effectively Implement Major Initiatives to Save Billions of Dollars, GAO-13-796T (Washington, D.C.: July 25, 2013).
 GAO, Information Technology: Critical Factors Underlying Successful Major Acquisitions, GAO-12-7 (Washington, D.C.: Oct. 21, 2011).
 In May 2014, we recommended that OMB require projects to deliver functionality at least every 12 months (instead of every 6 months). This recommendation was based, in part, on OMB staff reporting to us that they did not expect that many investments would meet the 6-month requirement, thus raising questions as to whether a 6-month delivery requirement was an appropriate government-wide goal. While OMB disagreed with our recommendation, we continue to believe that delivering functionality every 6 months is not an appropriate requirement for all agencies and that requiring the delivery of functionality every 12 months is a more appropriate initial target. For more information, see GAO, Information Technology: Agencies Need to Establish and Implement Incremental Development Policies, GAO-14-361 (Washington, D.C.: May 1, 2014).
 GAO, Information Technology Reform: Agencies Need to Increase Their Use of Incremental Development Practices, GAO-16-469 (Washington, D.C.: Aug. 16, 2016).
 GAO, Federal Chief Information Officers: Opportunities Exist to Improve Role in Information Technology Management, GAO-11-634 (Washington, D.C.: Sept. 15, 2011).
OMB and federal agencies’ efforts to improve the management of IT acquisitions and operations have resulted in meeting one of the five criteria for removal from our High-Risk List—leadership commitment—and partially meeting the remaining four criteria—capacity, action plan, monitoring, and demonstrated progress. Specifically, OMB, in its leadership role in addressing this high-risk area, has demonstrated its commitment by issuing guidance for agencies implementing FITARA, optimizing federal data centers, and acquiring and managing software licenses.
However, while OMB and agencies have taken initial steps to improve their capacity, establish action plans, increase monitoring, and demonstrate progress in addressing our high-risk area by, for example, implementing 366 (or about 46 percent) of the 803 open recommendations from fiscal years 2010 through 2015 related to IT acquisitions and operations, additional actions are needed. Specifically, agencies need to improve their capacity to successfully manage IT investments by fully implementing the CIO authorities described in FITARA and ensuring that program staff have the necessary knowledge and skills to acquire IT. Further work is also needed to establish action plans to modernize or replace obsolete IT investments. Regarding monitoring of IT investments, agencies need to improve how their CIOs assess investment risk and how they report incremental development status. Finally, additional demonstrated progress is needed by OMB and agencies to (1) address our open recommendations related to IT acquisitions and operations, (2) deliver functionality every 12 months on major acquisitions, and (3) achieve planned IT portfolio and data center consolidation savings.
To help address the management of IT investments, OMB and federal agencies should continue to expeditiously implement the requirements of FITARA. While OMB's June 2015 FITARA implementation guidance1 provides a solid foundation for implementing the law and addresses the actions agencies are to take in regard to several initiatives that we have identified as high risk, OMB will need to provide consistent oversight to ensure that agency actions are completed and the desired results are achieved. Doing so should continue to improve the transparency and management of IT acquisitions and operations, as well as increase the authority of CIOs to provide needed direction and oversight.
Beyond implementing FITARA and OMB's guidance to improve the capacity to address our high-risk area, selected agencies will also need to implement our recent recommendations related to improving their IT workforce planning practices.2 When fully implemented, these key practices should better position agencies to efficiently make decisions that cross lines of expertise and improve their ability to assess and address gaps in knowledge and skills that are critical to the success of major IT acquisitions.
Further, agencies will need to establish action plans to modernize or replace obsolete IT investments.3 By establishing such plans, agencies can reduce the risk of continuing to maintain investments that have outlived their effectiveness and are consuming resources that outweigh their benefits.
To improve how they monitor the acquisition and operations of IT investments, federal agencies will need to implement our recommendations to address weaknesses in their reporting of investment risk and incremental development implementation on the IT Dashboard.4 Doing so will provide OMB and agencies with increased transparency and oversight of the government's billions of dollars in IT investments.
Finally, initial progress has been made in addressing this high-risk area, including implementation of 46 percent of our prior recommendations. However, the remaining recommendations include 17 priority recommendations to agencies to, among other things, report all data center consolidation cost savings to OMB, address weaknesses in their management of software licenses, and improve their implementation of PortfolioStat.5 OMB and agencies need to take additional actions to (1) implement at least 80 percent of our recommendations related to the management of IT acquisitions and operations, (2) ensure that a minimum of 80 percent of the government's major acquisitions deliver functionality every 12 months, and (3) achieve at least 80 percent of the over $6 billion in planned PortfolioStat savings and 80 percent of the more than $5 billion in savings planned for data center consolidation. It will be important for OMB and agencies to continue to make demonstrated progress against these metrics in order to more effectively and efficiently invest in IT, reduce the risk of major acquisitions, and achieve additional cost savings.
 GAO, IT Workforce: Key Practices Help Ensure Strong Integrated Program Teams; Selected Departments Need to Assess Skill Gaps, GAO-17-8 (Washington, D.C.: Nov. 30, 2016).
 GAO, Information Technology: Federal Agencies Need to Address Aging Legacy Systems, GAO-16-468 (Washington, D.C.: May 25, 2016).
GAO-17-8: Published: Nov 30, 2016. Publicly Released: Nov 30, 2016.
GAO-16-511: Published: Sep 29, 2016. Publicly Released: Sep 29, 2016.
GAO-16-469: Published: Aug 16, 2016. Publicly Released: Sep 15, 2016.
GAO-16-602: Published: Aug 15, 2016. Publicly Released: Sep 14, 2016.
GAO-16-623: Published: Aug 9, 2016. Publicly Released: Sep 8, 2016.
GAO-16-494: Published: Jun 2, 2016. Publicly Released: Jun 2, 2016.
GAO-16-468: Published: May 25, 2016. Publicly Released: May 25, 2016.
GAO-16-336: Published: Mar 30, 2016. Publicly Released: Mar 30, 2016.
GAO-16-323: Published: Mar 3, 2016. Publicly Released: Mar 3, 2016.
GAO-15-617: Published: Sep 15, 2015. Publicly Released: Sep 15, 2015.