Financial Management Systems:

Lack of Disciplined Processes Puts Implementation of HHS' Financial System at Risk

GAO-04-1008: Published: Sep 23, 2004. Publicly Released: Sep 30, 2004.

Additional Materials:

Contact:

Kay L. Daly
(202) 512-9450
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

In June 2001, the Secretary of HHS directed the department to establish a unified accounting system that, when fully implemented, would replace five outdated accounting systems. GAO was asked to review HHS' ongoing effort to develop and implement the Unified Financial Management System (UFMS) and to focus on whether the agency has (1) effectively implemented disciplined processes; (2) implemented effective information technology (IT) investment management, enterprise architecture, and information security management; and (3) taken actions to ensure that the agency has the human capital needed to successfully design, implement, and operate UFMS.

HHS has not followed key disciplined processes necessary to reduce the risks associated with implementing UFMS to acceptable levels. While development of a core financial system can never be risk free, effective implementation of disciplined processes can reduce those risks to acceptable levels. The problems that have been identified in such key areas as requirements management, including developing a concept of operations, testing, data conversion, systems interfaces, and risk management, compounded by incomplete IT management practices, information security weaknesses, and problematic human capital practices, significantly increase the risks that UFMS will not fully meet one or more of its cost, schedule, and performance objectives. With initial deployment of UFMS at the Centers for Disease Control and Prevention (CDC) scheduled for October 2004, HHS has not developed sufficient quantitative measures for determining the impact of the many process weaknesses identified by GAO and others to evaluate its project efforts. Without well-defined requirements that are traceable from origin to implementation, HHS cannot be assured that the system will provide the functionality needed and that testing will identify significant defects in a timely manner prior to rollout when they are less costly to correct. The agency has not developed the necessary framework for testing requirements, and its schedule leaves little time for correcting process weaknesses and identified defects. HHS has focused on meeting its predetermined milestones in the project schedule to the detriment of disciplined processes. If HHS continues on this path, it risks not achieving its goal of a common accounting system that produces data for management decision making and financial reporting and risks perpetuating its long-standing accounting system weaknesses with substantial workarounds to address needed capabilities that have not been built into the system. Accordingly, GAO believes these issues need to be addressed prior to deployment at CDC. Beyond the risks associated with this specific system development, HHS has departmental weaknesses in IT investment management, enterprise architecture, and information security. Because of the risks related to operating UFMS in an environment with flawed information security controls, HHS needs to take action to ensure that UFMS benefits from strong information security controls. HHS is modifying its IT investment management policies, developing an enterprise architecture, and responding to security weaknesses with several ongoing activities, but substantial progress in these areas is needed to prevent increased risks to cost, schedule, and performance objectives for UFMS. In human capital, many positions were not filled as planned and strategic workforce planning was not timely. HHS has taken the first steps to address these issues; however, ongoing staff shortages have played a role in several key deliverables being significantly behind schedule.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: To help improve the human capital initiatives associated with the UFMS project, the Secretary of Health and Human Services direct the Assistant Secretary for Budget, Technology, and Finance to require that UFMS program management staff finalize critical human capital strategies and plans related to UFMS such as the training plans.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS has taken action to finalize training plans to address human capital strategies related to UFMS.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff confirm that requirements are effectively used for implementing the required functionality.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS used a Requirements Traceability Verification Matrix to confirm that requirements were utilized for implementing the desired functionality for each release.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff confirm that requirements are effectively used for determining the functionality that will be available in UFMS at a given location.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: Requirements were identified for the capabilities and functionality needed for each release.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff maintain traceability of requirements among the various implementation phases from origin through implementation.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: A release specific requirements traceability verification matrix was built to verify that all requirements were met by the system deliverable and to demonstrate to HHS and outside parties that HHS has satisfied the system requirements allocated to the release.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff implement a requirements management process that develops requirements that are consistent with the concept of operations and calls for each of the resulting requirements to have the attributes associated with good requirements: (1) fully describing the functionality to be delivered, (2) including the source of the requirement, and (3) stating the requirement in unambiguous terms that allows for quantitative evaluation.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Not Implemented

    Comments: According to HHS's fiscal year 2009 Performance and Accountability Report, the implementation of UFMS was completed during fiscal year 2008 at all operating divisions. Therefore, this recommendation is no longer applicable.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff develop a concept of operations in accordance with recognized industry standards such as those promulgated by IEEE. The concept of operations should apply to all HHS entities that will be required to use UFMS. This concept of operations should contain a high-level description of the operations that must be performed, who must perform them, and where and how the operations will be carried out, and be consistent with the current vision for the HHS information system enterprise architecture.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Not Implemented

    Comments: According to HHS's fiscal year 2009 Performance and Accountability Report, the implementation of UFMS was completed during fiscal year 2008 at all operating divisions. Therefore, this recommendation is no longer applicable.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff develop and effectively implement a plan on how HHS will implement the disciplined processes necessary to reduce the risks associated with this effort to acceptable levels. This plan should include the processes, such as those identified by SEI and IEEE, that will be implemented and the resources, such as staffing and funding, needed to implement the necessary processes.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Not Implemented

    Comments: According to HHS's fiscal year 2009 Performance and Accountability Report, UFMS was completely implemented during fiscal year 2008 at all operating divisions. Consequently, GAO's recommendation is no longer applicable.

    Recommendation: To help reduce risks associated with deployment of UFMS at CDC to acceptable levels, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff delay deployment of UFMS at CDC if these actions are not completed.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: In a September 2004 statement and related UFMS Release Implementation Strategy, HHS announced that it was going to deploy certain capabilities (general ledger and payroll) in October 2004 at CDC and delay deployment of the remaining functionalities until April 2005.

    Recommendation: To help reduce risks associated with deployment of UFMS at CDC to acceptable levels, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff measure progress based on quantitative data rather than the occurrence of events.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS has implemented several measures (i.e. percent of release requirements tested, number of requirement change requests, and number of defects detected) related to its defect-tracking processes and earned value metrics that capture requirements related defects and track the UFMS project status with respect to cost and schedule performance.

    Recommendation: To help reduce risks associated with deployment of UFMS at CDC to acceptable levels, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff verify that systems interfaces function properly so that data exchanges between systems are adequate to satisfy system needs.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS verified system interfaces through pre-deployment system-level test efforts that were focused on verifying the reliability of code developed for HHS specific interfaces.

    Recommendation: To help reduce risks associated with deployment of UFMS at CDC to acceptable levels, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff validate that data conversion efforts produce reliable data for use in UFMS.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: While HHS originally planned to conduct only two mock data conversions prior to implementation at CDC, they conducted seven mock data conversions based on our recommendation. These conversion validation efforts provided reasonable assurance that the data used in the UFMS deployment were reliable.

    Recommendation: To help reduce risks associated with deployment of UFMS at CDC to acceptable levels, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff use a testing process that employs effective requirements to obtain the quantitative measures necessary to understand the assumed risks.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS described and provided several measures related to its defect-tracking processes that are associated with its system testing efforts and confirm that requirements are met.

    Recommendation: To help reduce risks associated with deployment of UFMS at CDC to acceptable levels, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff maintain traceability of the CDC-related requirements from their origin through implementation.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: A release-specific requirements traceability verification matrix was built to verify that all requirements were met by the system deliverable and to demonstrate to HHS and outside parties that HHS has satisfied the system requirements allocated to the release (e.g. the CDC deployment).

    Recommendation: To help reduce risks associated with deployment of UFMS at CDC to acceptable levels, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff clarify, where necessary, any requirements to ensure they (1) fully describe the capability to be delivered, (2) include the source of the requirement, and (3) are unambiguously stated to allow for quantitative evaluation.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Not Implemented

    Comments: The independent verification and validation (IV&V) contractor "closed" the "Incomplete Specification of Requirements" issue saying that the implementation activities at CDC were already beyond the requirements definition phase and as such the issue was irreversible. The IV&V acknowledged that risks associated with incomplete or ambiguous requirements were still a concern and the IV&V will continue to monitor requirements activities for subsequent releases.

    Recommendation: To help reduce risks associated with deployment of UFMS at CDC to acceptable levels, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff identify the relevant requirements related to the desired system capabilities for the CDC deployment.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: Requirements were identified for the capabilities and functionality needed for each release. HHS used a Requirements Traceability Verification Matrix for Release 3 on August 1, 2006, to track all UFMS requirements and design constraints, which were identified in a central information repository, and to verify that all system requirements are met by the system deliverable. This results in requirements that can be traced to the appropriate testable area of Oracle and verifies that system requirements for CDC deployment have been satisfied.

    Recommendation: To help reduce risks associated with deployment of UFMS at CDC to acceptable levels, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff determine the system capabilities that are necessary for the CDC deployment.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: In a September 2004 statement and related UFMS Release Implementation Strategy, HHS announced that it was going to deploy certain capabilities (general ledger and payroll) in October 2004 at CDC and delay deployment of the remaining functionalities until April 2005.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff confirm that requirements are effectively used for supporting an effective testing process to evaluate whether UFMS is ready for deployment.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS provided several measures related to confirming that system requirements are met as part of its defect-tracking processes that are associated with its system testing efforts.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff confirm that requirements are effectively used for validating that data conversion efforts produce reliable data for use in UFMS.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS has taken action to confirm practices related to data conversion in order to help ensure that their efforts produce reliable data for use in meeting UFMS requirements.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff confirm that requirements are effectively used for verifying that systems interfaces function properly so that data exchanges between systems are adequate to satisfy each system's needs.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS verified system interfaces through system-level test efforts that focused on code developed for HHS specific extensions and interfaces to verify that data exchanges were adequate to interfaced systems user needs.

    Recommendation: To help improve the human capital initiatives associated with the UFMS project, the Secretary of Health and Human Services direct the Assistant Secretary for Budget, Technology, and Finance to require that UFMS program management staff finalize critical human capital strategies and plans related to UFMS such as the workforce transition strategy.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS has taken action to develop a workforce transition strategy and the operating divisions developed workforce transition plans in accordance with that strategy.

    Recommendation: To help improve the human capital initiatives associated with the UFMS project, the Secretary of Health and Human Services direct the Assistant Secretary for Budget, Technology, and Finance to require that UFMS program management staff finalize critical human capital strategies and plans related to UFMS such as the skills gap analysis.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS developed and finalized human capital strategies and plans related to UFMS, including plans to identify and address any skills gaps. Specifically, HHS developed a skills gap analysis for CDC. For FDA and PSC, HHS performed an organizational impact analysis to identify workforce and training implications associated with the major changes that will occur as part of the UFMS implementation, and consistent with the intent of our recommendation, conducted an analysis of the skills, roles and responsibilities needed.

    Recommendation: To help improve the human capital initiatives associated with the UFMS project, the Secretary of Health and Human Services direct the Assistant Secretary for Budget, Technology, and Finance to require that UFMS program management staff assess the key positions needed for effective project management and confirm that those positions have the human resources needed. If needed, solicit the assistance of the Assistant Secretary for Budget, Technology, and Finance to fill key positions in a timely manner.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: Although staffing shortfalls have been a recurring issue on the UFMS implementation for federal and systems integrator personnel, the UFMS PMO and systems integrator conducts bi-weekly meetings with the ASBTF to address human resource concerns, such as staffing shortages and potential turnover, and to ensure that pertinent positions are filled.

    Recommendation: To help ensure that HHS reduces risks in the agencywide IT environment associated with its implementation of UFMS, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that IT program management staff, as appropriate verify that the UFMS project management staff has all applicable information needed to fully ensure a comprehensive security management program for UFMS. Specifically, this would include identifying and assessing the reported concerns for all HHS entities regarding key general control areas of the information security management process, including application development and change controls.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: UFMS project management staff have taken action to identify and assess reported concerns from HHS entities over general control areas. The project management staff keeps apprised of security concerns before connecting UFMS to an operating divisions' systems by reviewing the certification and accreditation (C&A) and the plan of action and milestones (POA&M) for the particular operating division. The C&As and POA&Ms provide project management staff with the ability to identify and assess reported concerns for HHS entities regarding key general control areas such as: entity-wide security planning, access controls, systems software controls, segregation of duties and application development and change controls. Also, interviews with the UFMS Project Management Office provided verification of compliance with GAO recommendations.

    Recommendation: To help ensure that HHS reduces risks in the agencywide IT environment associated with its implementation of UFMS, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that IT program management staff, as appropriate verify that the UFMS project management staff has all applicable information needed to fully ensure a comprehensive security management program for UFMS. Specifically, this would include identifying and assessing the reported concerns for all HHS entities regarding key general control areas of the information security management process, including segregation of duties.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: UFMS project management staff have taken action to identify and assess reported concerns from HHS entities over general control areas. The project management staff keeps apprised of security concerns before connecting UFMS to an operating divisions' systems by reviewing the certification and accreditation (C&A) and the plan of action and milestones (POA&M) for the particular operating division. The C&As and POA&Ms provide project management staff with the ability to identify and assess reported concerns for HHS entities regarding key general control areas such as: entity-wide security planning, access controls, systems software controls, segregation of duties and application development and change controls. Also, interviews with the UFMS Project Management Office provided verification of compliance with GAO recommendations.

    Recommendation: To help ensure that HHS reduces risks in the agencywide IT environment associated with its implementation of UFMS, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that IT program management staff, as appropriate, verify that the UFMS project management staff has all applicable information needed to fully ensure a comprehensive security management program for UFMS. Specifically, this would include identifying and assessing the reported concerns for all HHS entities regarding key general control areas of the information security management process, including system software controls.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: UFMS project management staff have taken action to identify and assess reported concerns from HHS entities over general control areas. The project management staff keeps apprised of security concerns before connecting UFMS to an operating divisions' systems by reviewing the certification and accreditation (C&A) and the plan of action and milestones (POA&M) for the particular operating division. The C&As and POA&Ms provide project management staff with the ability to identify and assess reported concerns for HHS entities regarding key general control areas such as: entity-wide security planning, access controls, systems software controls, segregation of duties and application development and change controls. Also, interviews with the UFMS Project Management Office provided verification of compliance with GAO recommendations.

    Recommendation: To help ensure that HHS reduces risks in the agencywide IT environment associated with its implementation of UFMS, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that IT program management staff, as appropriate, verify that the UFMS project management staff has all applicable information needed to fully ensure a comprehensive security management program for UFMS. Specifically, this would include identifying and assessing the reported concerns for all HHS entities regarding key general control areas of the information security management process, including access controls.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: UFMS project management staff have taken action to identify and assess reported concerns from HHS entities over general control areas. The project management staff keeps apprised of security concerns before connecting UFMS to an operating divisions' systems by reviewing the certification and accreditation (C&A) and the plan of action and milestones (POA&M) for the particular operating division. The C&As and POA&Ms provide project management staff with the ability to identify and assess reported concerns for HHS entities regarding key general control areas such as: entity-wide security planning, access controls, systems software controls, segregation of duties and application development and change controls. Also, interviews with the UFMS Project Management Office provided verification of compliance with GAO recommendations.

    Recommendation: To help ensure that HHS reduces risks in the agencywide IT environment associated with its implementation of UFMS, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that IT program management staff, as appropriate, verify that the UFMS project management staff has all applicable information needed to fully ensure a comprehensive security management program for UFMS. Specifically, this would include identifying and assessing the reported concerns for all HHS entities regarding key general control areas of the information security management process, including entitywide security planning.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: UFMS project management staff have taken action to identify and assess reported concerns from HHS entities over general control areas. Specifically, the project management staff keeps apprised of security concerns before connecting UFMS to an operating divisions' systems by reviewing the certification and accreditation (C&A) and the plan of action and milestones (POA&M) for the particular operating division. The C&As and POA&Ms provide project management staff with the ability to identify and assess reported concerns for HHS entities regarding key general control areas such as: entity-wide security planning, access controls, systems software controls, segregation of duties and application development and change controls. Also, interviews with the UFMS Project Management Office provided verification of compliance with GAO recommendations.

    Recommendation: To help ensure that HHS reduces risks in the agencywide IT environment associated with its implementation of UFMS, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that IT program management staff, as appropriate, establish a comprehensive program to monitor access to the network, including controls over access to the mainframe and the network.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: IT program management has taken action to establish a comprehensive program to monitor access to the network and monitoring controls over access to the mainframe and the network. Controlling access to the mainframe is no longer an issue because the network environment has changed from mainframe based to server based. This network is now located at the Center for Information Technology (CIT) within NIH. GAO's 2005 report on HHS Information Programs confirmed network monitoring and controls over access to the network were appropriate.

    Recommendation: To help ensure that HHS reduces risks in the agencywide IT environment associated with its implementation of UFMS, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that IT program management staff, as appropriate, conduct assessments of operating divisions' information security general controls that have not been recently assessed.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: All of the operating divisions' information security general controls have been assessed based on the completion of related steps detailed, the UFMS Risk Assessment and Mitigation Plan, and interviews with cognizant UFMS Project Management Office staff.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff use quantitative measures to assess progress and compliance with disciplined processes.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS has several measures related to its defect-tracking processes, earned value metrics, and critical path analysis that tracks the extent to which requirements related defects have been addressed and tracks cost and schedule performance.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff develop and implement a program that will identify the quantitative metrics needed to evaluate project performance and risks.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS developed and implemented a Performance Measurement Plan that includes various quantitative metrics used to evaluate project performance and risks.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff formalize risk management procedures to consider that a risk is only closed after the risk is no longer applicable rather than once management has developed a mitigation strategy.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS agreed with our recommendation and revised its risk management processes to keep all risks open until the risks are actually materialized or an appropriate mitigation has been successful.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff formalize risk management procedures to consider that all risks currently applicable to the UFMS project are identified.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: HHS agreed with our recommendation and revised its risk management processes to identify all risks currently applicable and established appropriate related risk management procedures.

    Recommendation: Before proceeding with further implementation of UFMS after deployment at CDC, the Secretary of Health and Human Services should direct the Assistant Secretary for Budget, Technology, and Finance to require that the UFMS program staff develop and implement a testing process that uses adequate requirements as a basis for testing a given system function.

    Agency Affected: Department of Health and Human Services

    Status: Closed - Implemented

    Comments: A testing process was developed and implemented for each testing phase that uses requirements as a basis for testing a given system function (e.g., integration testing, performance testing, and user acceptance testing) and to evaluate whether UFMS is ready for deployment.

    Mar 27, 2014

    Mar 13, 2014

    Mar 12, 2014

    Feb 27, 2014

    Dec 23, 2013

    Dec 16, 2013

    Dec 12, 2013

    Dec 11, 2013

    Looking for more? Browse all our products here