Information Technology:

Better Management of Interdependencies between Programs Supporting 2020 Census Is Needed

GAO-16-623: Published: Aug 9, 2016. Publicly Released: Sep 8, 2016.

Additional Materials:

Contact:

Carol C. Harris
(202) 512-4456
chac@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The three selected Census Enterprise Data Collection and Processing (CEDCAP) projects (of 12 total) in GAO's review partially met best practices for monitoring and controlling. For example, the projects fully met the best practice of establishing a process for taking corrective actions if issues are identified, but they did not fully meet the practice of identifying significant performance deviations. Until project officials implement missing practices, they will be limited in their abilities to monitor and control costs, schedules, and performance.

The 2020 Census program is heavily dependent upon CEDCAP to deliver the key systems needed to support the 2020 Census redesign. However, while the two programs have taken steps to coordinate their schedules, risks, and requirements, they lacked effective processes for managing their interdependencies. Specifically:

  • Among tens of thousands of schedule activities, the two programs are expected to manually identify activities that are dependent on each other, and rather than establishing one integrated dependency schedule, the programs maintain two separate dependency schedules. This has contributed to misalignment in milestones between the programs.
  • The programs do not have an integrated list of interdependent program risks, and thus they do not always recognize the same risks that impact both programs.
  • Among other things, key requirements have not been defined for validating responses from individuals who respond to the census using an address instead of a Bureau-assigned identification number, because of the Bureau's limited knowledge and experience in this area. The lack of knowledge and specific requirements related to this critical function is concerning, given that there is about a year remaining before the Census end-to-end test begins in August 2017 (which is intended to test all key systems and operations to ensure readiness for the 2020 Census).

Officials have acknowledged these weaknesses and reported that they are taking, or plan to take, steps to address the issues. However, until these interdependencies are managed more effectively, the Bureau will be limited in understanding the work needed by both programs to meet milestones, mitigate major risks, and ensure that requirements are appropriately identified.

While the large-scale technological changes for the 2020 Decennial Census introduce great potential for efficiency and effectiveness gains, they also introduce many information security challenges. For example, the introduction of an option for households to respond using the Internet puts respondents at greater risk for phishing attacks (requests for information from authentic-looking, but fake, e-mails and websites). In addition, because the Bureau plans to allow its enumerators to use mobile devices to collect information from households that did not self-respond to the survey, it is important that the Bureau ensures that these devices are adequately protected. The Bureau has begun efforts to address many of these challenges; as it begins implementing the 2020 Census design, continued focus on these considerable security challenges will be critical.

Why GAO Did This Study

The Department of Commerce's U.S. Census Bureau plans to significantly change the methods and technology it uses to count the population with the 2020 Decennial Census. The Bureau's redesign of the census relies on the acquisition and development of many new and modified systems. Several of the key systems are to be provided by an enterprise-wide initiative called CEDCAP, which is a large and complex modernization program intended to deliver a system-of-systems for all survey data collection and processing functions.

GAO's objectives for this review included (1) evaluating the extent to which the Bureau is implementing best practices in monitoring and controlling three selected CEDCAP projects, (2) determining the extent to which the Bureau is adequately managing the interdependencies between the CEDCAP and 2020 Census programs, and (3) describing key information security challenges the Bureau faces in implementing the 2020 Census design. GAO selected the three high-priority projects planned for the 2020 design; reviewed Bureau documentation such as project plans and schedules and compared them against relevant guidance; and analyzed information security reports and documents.

What GAO Recommends

GAO is making eight recommendations to the Department of Commerce in the areas of project monitoring and control and in managing interdependencies related to schedule, risk, and requirements. The department agreed with all eight recommendations and indicated that it will be taking actions to address them.

For more information, contact Carol C. Harris at (202) 512-4456 or chac@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: The Department of Commerce agreed with our recommendation and has taken initial steps to implement it. In May 2017, the Census Bureau provided summary documentation that included the fiscal year 2015 through 2021 estimated lifecycle costs for the Census Enterprise Data Collection and Processing (CEDCAP) program; however, this information lacked the level of detail needed to determine whether the cost estimate reflects the current status of the program. In addition, in June 2017, the Bureau developed a draft version of the CEDCAP Cost Analysis Requirements Description (CARD), which included descriptions of technical and programmatic features of the program and is intended to serve as the basis for preparing the Program Office Estimate and the Independent Cost Estimate. However, as of August 2017, the CARD had not yet been finalized. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.

    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to update the CEDCAP program office cost estimate to reflect the current status of the program as soon as appropriate information becomes available.

    Agency Affected: Department of Commerce

  2. Status: Open

    Comments: The Department of Commerce agreed with our recommendation and has taken initial steps to implement it. In August 2017, the Census Bureau provided risk management documentation, including a risk management plan and risk review board meeting minutes. However, this information did not include updated risk registers that documented risk status for the Census Enterprise Data Collection and Processing (CEDCAP) Internet and Mobile Data Collection and Survey (and Listing) Interview Operational Control projects. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.

    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to ensure that updates to the status of risks are consistently documented for CEDCAP's Internet and Mobile Data Collection and Survey (and Listing) Interview Operational Control projects.

    Agency Affected: Department of Commerce

  3. Status: Open

    Comments: The Department of Commerce agreed with our recommendation and has taken initial steps to implement it. In August 2017, the Census Bureau provided risk management documentation, including a risk management plan and risk review board meeting minutes. However, this documentation did not include detailed risk mitigation plans for risks related to the Census Enterprise Data Collection and Processing (CEDCAP) Internet and Mobile Data Collection, Survey (and Listing) Interview Operational Control, and Centralized Operational Analysis and Control projects. The Bureau's risk management documentation also did not include trigger events for all relevant risks for the Internet and Mobile Data Collection and Centralized Operational Analysis and Control projects. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.

    Recommendation: TTo ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to ensure that CEDCAP's Internet and Mobile Data Collection, Survey (and Listing) Interview Operational Control, and Centralized Operational Analysis and Control projects establish detailed risk mitigation plans on a consistent basis and that the Internet and Mobile Data Collection and Centralized Operational Analysis and Control projects establish trigger events for all relevant risks.

    Agency Affected: Department of Commerce

  4. Status: Open

    Comments: The Department of Commerce agreed with our recommendation, but has not yet taken steps to implement it. In August 2016, we reported that several issues can result from the lack of a single dependency schedule, including the need to manually identify activities, the inability to be dynamically responsive to change, and a limited ability to ensure that both the Census Enterprise Data Collection and Processing (CEDCAP) and 2020 Census program are planning and measuring their activities according to the same agreed upon timeframe. However, as of August 2017, the Bureau had not yet established a single dependency schedule to ensure complete alignment between the CEDCAP and 2020 Census programs. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.

    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to define, document, and implement a repeatable process to establish complete alignment between CEDCAP and 2020 Census programs by, for example, maintaining a single dependency schedule.

    Agency Affected: Department of Commerce

  5. Status: Open

    Comments: The Department of Commerce agreed with our recommendation, but has not yet taken steps to implement it. In August 2016, we reported that several issues can result from the lack of an integrated risk register, including inconsistencies in tracking and managing interdependent risks, redundant efforts to manage risks, and potentially conflicting risk mitigation efforts. As of August 2017, the Census Bureau had not yet developed an integrated risk register for the Census Enterprise Data Collection and Processing (CEDCAP) and 2020 Census programs or documented the roles for managing it. Instead, Bureau officials stated that they flag risks in the risk register that affect both programs. However, as of August 2017, the Bureau had not provided evidence that relevant risks for both programs are flagged in the risk registers. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.

    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to establish a comprehensive and integrated list of all interdependent risks facing the CEDCAP and 2020 Census programs, and clearly identify roles and responsibilities for managing this list.

    Agency Affected: Department of Commerce

  6. Status: Closed - Implemented

    Comments: The Department of Commerce agreed with our recommendation and has taken steps to implement it. In November 2016, the Census Bureau finalized its Enterprise Requirements Management Plan, which documented the process for managing the requirements for its Census Enterprise Data Collection and Processing (CEDCAP) program. As a result, the Bureau is better positioned to ensure that CEDCAP program requirements are managed to support the planning and execution needs of the program.

    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to finalize documentation of processes for managing requirements for CEDCAP.

    Agency Affected: Department of Commerce

  7. Status: Open

    Comments: The Department of Commerce agreed with our recommendation and has taken initial steps to implement it. In June 2017, Census Bureau officials stated that, as part of the 2018 End-to-End Census Test, program-level integration testing of the requirements related to the redistricting program and the data products and dissemination are planned to occur from April 3, 2018, to August 1, 2018. However, as of August 2017, the Bureau had not provided supporting documentation for its plans for program-level integration testing of the requirements related to the redistricting program and data products and dissemination. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.

    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to identify when the 74 requirements related to redistricting data program and data products and dissemination will be tested.

    Agency Affected: Department of Commerce

  8. Status: Open

    Comments: The Department of Commerce agreed with our recommendation and has taken initial steps to implement it. In April 2017, the Census Bureau documented high-level milestones related to implementing a fraud detection process in an initial effort to better understand non-ID response validation. However, as of August 2017, the Bureau had not finalized the fraud detection process or documented milestones for implementing the non-ID response validation process. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.

    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to make developing a better understanding of and identifying requirements related to non-ID response validation a high and immediate priority, or consider alternatives to avoid late definition of such requirements.

    Agency Affected: Department of Commerce

 

Explore the full database of GAO's Open Recommendations »

Oct 4, 2017

Sep 18, 2017

Sep 6, 2017

Jul 13, 2017

Jun 21, 2017

Jun 13, 2017

May 18, 2017

May 15, 2017

Apr 11, 2017

Looking for more? Browse all our products here