Improving the Management of IT Acquisitions and Operations
Although the executive branch has undertaken numerous initiatives to better manage the more than $80 billion that is annually invested in information technology (IT), federal IT investments too frequently fail or incur cost overruns and schedule slippages while contributing little to mission-related outcomes. We have previously testified that the federal government has spent billions of dollars on failed IT investments.1 These investments often suffered from a lack of disciplined and effective management, such as project planning, requirements definition, and program oversight and governance. In many instances, agencies have not consistently applied best practices that are critical to successfully acquiring IT. In this regard, we have identified nine critical factors underlying successful major acquisitions, such as program officials actively engaging with stakeholders and staff having the necessary knowledge and skills.2
Nonetheless, agencies continue to have IT projects that perform poorly. Such projects have often used a “big bang” approach—that is, projects are broadly scoped and aim to deliver functionality several years after initiation. According to the Defense Science Board, this approach is often too long, ineffective, and unaccommodating of the rapid evolution of IT. Further, it is inconsistent with Office of Management and Budget (OMB) guidance directing that IT investments deliver functionality in 6-month increments.3 In August 2016, we reported that approximately half of the software projects across selected agencies were following this guidance.4
Federal IT projects have also failed due to a lack of oversight and governance. Executive-level governance and oversight across the government has often been ineffective, specifically from chief information officers (CIO). However, we have reported that some CIOs" authority is limited in that not all CIOs have the authority to review and approve the entire agency IT portfolio.5
Recognizing the severity of issues related to the government-wide management of IT, in December 2014, Congress enacted IT acquisition reform provisions (commonly referred to as the Federal Information Technology Acquisition Reform Act or FITARA) as part of the Carl Levin and Howard P. "Buck" McKeon National Defense Authorization Act for Fiscal Year 2015.6 Among other things, the law requires action to: (1) consolidate federal data centers, (2) enhance transparency and improve risk management, (3) enhance agency CIO authority, (4) review IT investment portfolios, (5) expand training and use of IT acquisition cadres, (6) purchase software government-wide, and (7) maximize the benefit of federal strategic sourcing.
 GAO, Information Technology: OMB and Agencies Need to More Effectively Implement Major Initiatives to Save Billions of Dollars, GAO-13-796T (Washington, D.C.: July 25, 2013).
 GAO, Information Technology: Critical Factors Underlying Successful Major Acquisitions, GAO-12-7 (Washington, D.C.: Oct. 21, 2011).
 In May 2014, we recommended that OMB require projects to deliver functionality at least every 12 months (instead of every 6 months). This recommendation was based, in part, on OMB staff reporting to us that they did not expect that many investments would meet the 6-month requirement, thus raising questions as to whether a 6-month delivery requirement was an appropriate government-wide goal. While OMB disagreed with our recommendation, we continue to believe that delivering functionality every 6 months is not an appropriate requirement for all agencies and that requiring the delivery of functionality every 12 months is a more appropriate initial target. For more information, see GAO, Information Technology: Agencies Need to Establish and Implement Incremental Development Policies, GAO-14-361 (Washington, D.C.: May 1, 2014).
 GAO, Information Technology Reform: Agencies Need to Increase Their Use of Incremental Development Practices, GAO-16-469 (Washington, D.C.: Aug. 16, 2016).
 GAO, Federal Chief Information Officers: Opportunities Exist to Improve Role in Information Technology Management, GAO-11-634 (Washington, D.C.: Sept. 15, 2011).
OMB and federal agencies’ efforts to improve the management of IT acquisitions and operations have resulted in meeting one of the five criteria for removal from our High-Risk List—leadership commitment—and partially meeting the remaining four criteria—capacity, action plan, monitoring, and demonstrated progress. Specifically, OMB, in its leadership role in addressing this high-risk area, has demonstrated its commitment by issuing guidance for agencies implementing FITARA, optimizing federal data centers, and acquiring and managing software licenses.
However, while OMB and agencies have taken initial steps to improve their capacity, establish action plans, increase monitoring, and demonstrate progress in addressing our high-risk area by, for example, implementing 366 (or about 46 percent) of the 803 open recommendations from fiscal years 2010 through 2015 related to IT acquisitions and operations, additional actions are needed. Specifically, agencies need to improve their capacity to successfully manage IT investments by fully implementing the CIO authorities described in FITARA and ensuring that program staff have the necessary knowledge and skills to acquire IT. Further work is also needed to establish action plans to modernize or replace obsolete IT investments. Regarding monitoring of IT investments, agencies need to improve how their CIOs assess investment risk and how they report incremental development status. Finally, additional demonstrated progress is needed by OMB and agencies to (1) address our open recommendations related to IT acquisitions and operations, (2) deliver functionality every 12 months on major acquisitions, and (3) achieve planned IT portfolio and data center consolidation savings.
To help address the management of IT investments, OMB and federal agencies should continue to expeditiously implement the requirements of FITARA. While OMB's June 2015 FITARA implementation guidance1 provides a solid foundation for implementing the law and addresses the actions agencies are to take in regard to several initiatives that we have identified as high risk, OMB will need to provide consistent oversight to ensure that agency actions are completed and the desired results are achieved. Doing so should continue to improve the transparency and management of IT acquisitions and operations, as well as increase the authority of CIOs to provide needed direction and oversight.
Beyond implementing FITARA and OMB's guidance to improve the capacity to address our high-risk area, selected agencies will also need to implement our recent recommendations related to improving their IT workforce planning practices.2 When fully implemented, these key practices should better position agencies to efficiently make decisions that cross lines of expertise and improve their ability to assess and address gaps in knowledge and skills that are critical to the success of major IT acquisitions.
Further, agencies will need to establish action plans to modernize or replace obsolete IT investments.3 By establishing such plans, agencies can reduce the risk of continuing to maintain investments that have outlived their effectiveness and are consuming resources that outweigh their benefits.
To improve how they monitor the acquisition and operations of IT investments, federal agencies will need to implement our recommendations to address weaknesses in their reporting of investment risk and incremental development implementation on the IT Dashboard.4 Doing so will provide OMB and agencies with increased transparency and oversight of the government's billions of dollars in IT investments.
Finally, initial progress has been made in addressing this high-risk area, including implementation of 46 percent of our prior recommendations. However, the remaining recommendations include 17 priority recommendations to agencies to, among other things, report all data center consolidation cost savings to OMB, address weaknesses in their management of software licenses, and improve their implementation of PortfolioStat.5 OMB and agencies need to take additional actions to (1) implement at least 80 percent of our recommendations related to the management of IT acquisitions and operations, (2) ensure that a minimum of 80 percent of the government's major acquisitions deliver functionality every 12 months, and (3) achieve at least 80 percent of the over $6 billion in planned PortfolioStat savings and 80 percent of the more than $5 billion in savings planned for data center consolidation. It will be important for OMB and agencies to continue to make demonstrated progress against these metrics in order to more effectively and efficiently invest in IT, reduce the risk of major acquisitions, and achieve additional cost savings.
 GAO, IT Workforce: Key Practices Help Ensure Strong Integrated Program Teams; Selected Departments Need to Assess Skill Gaps, GAO-17-8 (Washington, D.C.: Nov. 30, 2016).
 GAO, Information Technology: Federal Agencies Need to Address Aging Legacy Systems, GAO-16-468 (Washington, D.C.: May 25, 2016).
GAO-17-8: Published: Nov 30, 2016. Publicly Released: Nov 30, 2016.
Integrated program teams (IPT) are cross-functional or multidisciplinary groups of individuals that are organized and collectively responsible for delivering a product to an external or internal customer. GAO identified three characteristics that contribute to the creation and operation of a comprehensive IPT: (1) executive leadership through team support, empowerment, and oversight; (2) team comp...
GAO-16-511: Published: Sep 29, 2016. Publicly Released: Sep 29, 2016.
Most of the 24 Chief Financial Officers (CFO) Act of 1990 agencies in the review fully met at least three of the four practices GAO identified to determine if agencies had complete software application inventories. To be considered complete, an inventory should (1) include business and enterprise information technology (IT) systems as defined by the Office of Management and Budget (OMB); (2) inclu...
GAO-16-469: Published: Aug 16, 2016. Publicly Released: Sep 15, 2016.
For fiscal year 2016, 22 agencies reported 64 percent of their software development projects would deliver useable functionality every 6 months on the Information Technology (IT) Dashboard, as required by the Office of Management and Budget (OMB). However, shortcomings with OMB's guidance—the lack of clarity regarding the types of projects where incremental development would not apply and how th...
GAO-16-602: Published: Aug 15, 2016. Publicly Released: Sep 14, 2016.
The General Service Administration's (GSA) 18F and Office of Management and Budget's (OMB) U.S. Digital Service (USDS) have provided a variety of services to agencies supporting their information technology (IT) efforts. Specifically, 18F staff helped 18 agencies with 32 projects and generally provided development and consulting services, including software development solutions and acquisition co...
GAO-16-623: Published: Aug 9, 2016. Publicly Released: Sep 8, 2016.
The three selected Census Enterprise Data Collection and Processing (CEDCAP) projects (of 12 total) in GAO's review partially met best practices for monitoring and controlling. For example, the projects fully met the best practice of establishing a process for taking corrective actions if issues are identified, but they did not fully meet the practice of identifying significant performance deviati...
GAO-16-494: Published: Jun 2, 2016. Publicly Released: Jun 2, 2016.
Agencies determined investments' Chief Information Officer (CIO) ratings using a variety of processes, which included the Office of Management and Budget's (OMB) six suggested factors (including risk management, requirements management, and historical performance). Specifically, all 17 selected agencies incorporated at least two of OMB's factors into their risk rating processes and 9 used all of t...
GAO-16-468: Published: May 25, 2016. Publicly Released: May 25, 2016.
The federal government spent about 75 percent of the total amount budgeted for information technology (IT) for fiscal year 2015 on operations and maintenance (O&M) investments. Such spending has increased over the past 7 fiscal years, which has resulted in a $7.3 billion decline from fiscal years 2010 to 2017 in development, modernization, and enhancement activities.Total Federal IT Spending by Ty...
GAO-16-336: Published: Mar 30, 2016. Publicly Released: Mar 30, 2016.
All 18 major automated information system (MAIS) programs that experienced a critical change to program cost, schedule, or system performance targets submitted complete reports to Congress that contained all four statutory elements, but 16 programs did not meet the requirement to report to Congress within 60 days of the program manager's submission to the senior Department of Defense (DOD) officia...
GAO-16-323: Published: Mar 3, 2016. Publicly Released: Mar 3, 2016.
The 24 agencies participating in the Federal Data Center Consolidation Initiative have collectively made progress on their data center closures efforts. As of November 2015, agencies identified a total of 10,584 data centers, of which they reported closing 3,125 through fiscal year 2015. Notably, the Departments of Agriculture, Defense, the Interior, and the Treasury accounted for 84 percent of th...
GAO-15-617: Published: Sep 15, 2015. Publicly Released: Sep 15, 2015.
Twenty-four of the 26 federal agencies participating in the Office of Management and Budget's (OMB) information technology (IT) reform initiatives reported achieving an estimated total of $3.6 billion dollars in cost savings and avoidances between fiscal years 2011 and 2014. Slightly more than half (or about $2.0 billion) of the savings and avoidances were from data center consolidation and optimi...