Skip to main content

Information Technology: OMB Needs to Report On and Improve Its Oversight of the Highest Priority Programs

GAO-18-51 Published: Nov 21, 2017. Publicly Released: Nov 21, 2017.
Jump To:
Skip to Highlights

Highlights

What GAO Found

The Office of Management and Budget's (OMB) Office of E-Government and Information Technology (E-Gov) reported that it undertook a structured approach to identify the top 10 high priority IT programs in reports to Congress in June 2015 and June 2016. Specifically, OMB staff stated that they chose the top 10 programs from a longer list of agency programs requiring additional oversight (referred to as high impact programs). E-Gov staff reported that the high priority programs were already receiving greater oversight than what was provided to the other major programs due to their high impact designation. This additional oversight included frequent meetings with agency Chief Information Officer (CIO) leadership and quarterly meetings with OMB staff. However, the Federal CIO was not directly involved in this oversight. According to E-Gov staff, the Federal CIO does not typically get involved in individual programs due to the large number of programs. However, past experience has shown that Federal CIO involvement has had a significant impact. For example, Federal CIO-led reviews of troubled projects, known as TechStat reviews, resulted in $3 billion in savings in 2010. Until OMB ensures that the Federal CIO is more directly involved in the oversight of these high priority programs, it may be missing a key opportunity to improve accountability and achieve positive results.

OMB's 2015 and 2016 reports to Congress on the top 10 high priority programs identified the status of the programs and major milestones. However, the reports were not issued on a quarterly basis, as directed. E-Gov staff stated that they were unable to do so because of other competing reporting requirements and the limited resources available to draft and fully review the report on a quarterly basis. In addition, OMB stopped issuing the reports on the top 10 high priority IT programs after June 2016. OMB stated that Congress' 2016 direction to the U.S. Digital Service (USDS)—an OMB component—to provide a quarterly report that described the status of USDS teams and projects, including the top 10 high priority programs, meant that OMB should only report on USDS projects considered to be high priority. However, continued identification and reporting on the top 10 high priority programs, and not just USDS projects, would further enhance congressional oversight by providing congressional stakeholders information that is not readily available on those programs in the greatest need of attention.

USDS issued reports to Congress on the status of its key projects in December 2016 and July 2017; however, the reports did not address the top 10 high priority programs as directed by Congress, according to OMB staff, because of OMB's interpretation of Congress's direction. In addition, the reports were not issued quarterly, as directed. USDS staff attributed this to the time and effort needed to review and prepare the report. However, continuing to identify and report on the top 10 high priority programs while also reporting on USDS's projects would help to enhance congressional oversight and current administration IT governance entities' efforts by providing stakeholders with information that is not readily available.

Why GAO Did This Study

The federal government plans to spend almost $96 billion on IT investments in fiscal year 2018; however, as GAO has previously found, too often these investments have cost overruns and schedule delays. To enhance oversight of IT programs, for 2015, Congress directed OMB to identify the 10 highest priority IT programs that are under development across federal agencies and report on their status each quarter. Further, for 2016, Congress directed USDS to provide a quarterly report of current USDS projects, including the top 10 high priority programs.

GAO was asked to review OMB's oversight of high priority programs. This review evaluated (1) OMB's process for identifying, overseeing, and reporting on the high priority IT investment programs and (2) USDS's process for identifying and prioritizing its projects, including its consideration of the high priority programs, and its reporting on the projects. GAO analyzed OMB memorandums and reports to Congress and interviewed OMB staff, including from USDS. In addition, GAO compared USDS's processes with IT management best practices.

Recommendations

GAO is making three recommendations to OMB for enhancing the oversight of high priority programs and continuing to report on both these programs and USDS projects. OMB neither agreed nor disagreed with the recommendations but disagreed with several of GAO's conclusions, which GAO continues to believe are valid as discussed in the report.

Recommendations for Executive Action

Agency Affected Recommendation Status
Office of Management and Budget The Director of OMB should continue to identify and report to Congress on the status of the top 10 high priority information technology programs and the extent to which USDS is involved in the programs, as was done in June 2015 and June 2016. In doing so, the Director should ensure that these reports are issued quarterly. (Recommendation 1)
Open – Partially Addressed
In May 2020, OMB told us that its process for identifying high priority IT programs had evolved and been superseded by the identification of high value assets over the past several years. The agency stated that with the release of key memos (notably M-19-03, Strengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program), the federal government had taken an important step toward the identification of its most critical assets. While we recognize the importance of ensuring the security of high value assets, they do not represent the full range of "high priority programs under development across the federal government" that was intended by our recommendation. In December 2022, OMB stated that it planned to compare the recommendation to recent actions, guidance and policy memoranda to determine if an update to its response was warranted. We will continue to monitor OMB's actions to address the recommendation.
Office of Management and Budget
Priority Rec.
The Director of OMB should ensure that the Federal CIO is directly involved in the oversight of high priority programs. (Recommendation 2)
Open – Partially Addressed
OMB neither agreed nor disagreed with this recommendation. In May 2020, OMB told us that its process for identifying high priority programs had evolved and been superseded by a process for identifying and securing high value assets. It also told us that the Federal CIO and Federal Chief Information Security Officer were engaged in overseeing these assets through their involvement on the CIO and Chief Information Security Officer Councils. Further, in March 2022, OMB stated that the Federal CIO and Federal Chief Information Security Officer had been involved in the oversight of the high-priority IT projects identified in our report. We recognize the importance of ensuring the security of high value assets and continuing to oversee the programs identified in our report. However, these programs do not comprise the full range of high priority programs currently under development across the federal government that was intended by our recommendation. In December 2022, OMB stated that it planned to compare the recommendation to recent actions, guidance and policy memoranda to determine if an update to its response was warranted. To fully implement this recommendation, OMB needs to ensure that the Federal CIO is involved in the full range of high-priority programs. In addition, OMB should provide evidence of its oversight of high-value assets and programs identified in our report to substantiate its claims. As we reported, such oversight would improve accountability and achieve positive results for the federal government's investments.
Office of Management and Budget The Director of OMB should continue to report on the status of USDS projects. In doing so, the Director should ensure that the reports are issued quarterly. (Recommendation 3)
Closed – Implemented
Following the December 2016 and July 2017 reports to Congress that we highlighted in our report, USDS issued a Fall 2017 report on the status of its programs. However, according to OMB, USDS has not issued any reports since Fall 2017 because appropriations language has not included any requirement to continue providing these reports. In the absence of such a reporting requirement, USDS continues to make the status of its projects publically available on its website (www. usds.gov). In doing so, USDS has met the intent of our recommendation, which was to enhance congressional oversight by providing congressional stakeholders with information on high priority programs that was previously not readily available.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Chief information officersE-governmentEmployeesInformation technologyIT acquisitionsIT investment managementPrioritizingProgram evaluationIT investmentsBusiness systems modernization