Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Business systems modernization"

    19 publications with a total of 80 open recommendations including 6 priority recommendations
    Director: Asif A. Khan
    Phone: (202) 512-9869

    2 open recommendations
    Recommendation: The DHS Under Secretary for Management should develop and implement effective processes and improve guidance to reasonably assure that future AAs fully follow AOA process best practices and reflect the four characteristics of a reliable, high-quality AOA process. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The DHS Under Secretary for Management should improve the Risk Management Planning Handbook and other relevant guidance for managing risks associated with financial management system modernization projects to fully incorporate risk management best practices, including (1) defining thresholds to facilitate review of performance metrics to determine when risks become unacceptable; (2) identifying and analyzing risks to include periodically reconsidering risk sources, documenting risks specifically related to the lack of sufficient, reliable cost and schedule information needed to help properly manage and oversee the project, and timely disposition of IV&V contractor-identified risks; (3) developing risk mitigation plans with specific risk-handling activities, the costs and benefits of implementing them, and contingency plans for selected critical risks; and (4) implementing risk mitigation plans to include establishing periods of performance for risk-handling activities and defining time intervals for updating and certifying the accuracy and completeness of information on risks in DHS's risk register. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    3 open recommendations
    Recommendation: The Chief Executive Officer should direct the Chief Information Officer to take steps needed to ensure that system requirements are defined to align with the business needs of CNCS's future risk-based grants monitoring process (Recommendation 1).

    Agency: Corporation for National and Community Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Chief Executive Officer should direct the Chief Information Officer to ensure that the system development project schedule identifies in the baseline both planned and actual dates for completing all project-level activities, and can be used to monitor and measure progress of the grant monitoring system project (Recommendation 2).

    Agency: Corporation for National and Community Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Chief Executive Officer should direct the Chief Information Officer to ensure that test plans are defined and implemented to include the second version of the grant monitoring system in all stages of testing during development, and results of initial stages are approved before conducting subsequent test stages (Recommendation 3).

    Agency: Corporation for National and Community Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    5 open recommendations
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to update FMCSA's IT strategic plan to include well-defined goals, strategies, measures, and timelines for modernizing its systems.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to ensure that the IT investment process guidance lays out the roles and responsibilities of all working groups and individuals involved in the agency's governance process.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to finalize the restructure of the Office of Information Technology, including fully defining the roles and responsibilities of the CIO.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to ensure that appropriate governance bodies review all IT investments and track corrective actions to closure.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to ensure that required operational analyses are performed for Aspen, Motor Carrier Management Information System, Sentri 2.0, and Unified Registration System on an annual basis.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Valerie Melvin
    Phone: (202) 512-6304

    1 open recommendations
    Recommendation: To increase the likelihood that its IT investments develop reliable cost estimates, the Secretary of HUD should finalize, and ensure the implementation of, guidance that incorporates the best practices called for in the GAO Cost Estimating and Assessment Guide.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In April 2017, HUD reported that the department concurred with the recommendation and noted that the Office of the Chief Information Officer (OCIO) intends to establish cost estimation guidance for IT projects within its IT Management Framework Guide, incorporating appropriate best practices from the GAO Cost Estimating and Assessment Guide. HUD anticipates completing the OCIO IT Management Framework guidance that is intended to incorporate cost estimating principles for IT projects by September 1, 2017.
    Director: Farrell, Brenda S
    Phone: (202) 512-3604

    6 open recommendations
    Recommendation: To fully assess the size and composition of the medical force, the Secretary of Defense should direct the Assistant Secretary of Defense (Health Affairs) to conduct a new analysis of the required number of active-duty and civilian medical personnel that mitigates known limitations.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To strengthen ongoing efforts to analyze the costs of medical force readiness and establish clinical currency standards, the Secretary of Defense should direct the Assistant Secretary of Defense (Health Affairs) to take steps to identify and mitigate limitations regarding the standard for maintaining providers' clinical skills, including improving the accuracy of information concerning providers' workload and conducting an analytically rigorous calculation of active-duty providers' time devoted to military-specific responsibilities.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help achieve DOD's goals for transferring health care into its own facilities and increasing the productivity of active-duty medical providers, the Secretary of Defense should direct the Assistant Secretary of Defense (Health Affairs) to develop a strategy for achieving these goals that reflects the leading practices of effective federal strategic planning.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To strengthen ongoing efforts within DOD to address the Study's recommendations to use the provider model outputs to inform execution of health care delivery and to refine the model for future use, the Secretary of Defense should direct the Assistant Secretary of Defense (Health Affairs) to modify DOD's model to reflect the military service of the physicians and military treatment facilities included in the model.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To strengthen any future assessments of additional changes to DOD's network of military treatment facilities, the Secretary of Defense should direct the Assistant Secretary of Defense (Health Affairs) to describe steps taken to assess the reliability of data supporting the assessment, including, at a minimum, the sources of data, data limitations, and efforts to test data reliability.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To strengthen any future assessments of additional changes to DOD's network of military treatment facilities, the Secretary of Defense should direct the Assistant Secretary of Defense (Health Affairs) to include in any accompanying cost estimates an appropriate level of detail, all significant costs, and an assessment of the reliability of the data supporting the cost estimate.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Valerie Melvin
    Phone: (202) 512-6304

    4 open recommendations
    Recommendation: To address weaknesses in the department's financial management systems modernization efforts, the Secretary of HUD should direct the Chief Financial Officer to work with the Chief Information Officer in managing subsequent initiatives to define a high-level depiction of the IT systems anticipated in the future state, a description of the operations that must be performed and who must perform them, and an explanation of where and how the operations are to be carried out.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In its comments on our draft report, HUD neither agreed nor disagreed with our recommendations, but noted that it planned to improve management practices and IT governance for future modernization efforts. In May 2017, HUD's Deputy Chief Information Officer reported that that the office was managing multiple enterprise-level initiatives no longer classified as financial management modernization efforts, but which are intended to address certain previously reported financial systems modernization needs. The department provided early high-level requirements and a solution architecture for one such initiative, including a future requirement to support data required for HUD's financial reporting needs from Treasury. However, HUD does not yet have a plan to develop a high-level concept of operations for IT systems anticipated in the future state. We intend to follow up on HUD's actions.
    Recommendation: To address weaknesses in the department's financial management systems modernization efforts, the Secretary of HUD should direct the Chief Financial Officer to work with the Chief Information Officer in managing subsequent initiatives to develop comprehensive plans for scope, schedule and cost.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In its comments on our draft report, HUD neither agreed nor disagreed with our recommendations, but noted that it planned to improve management practices and IT governance for future modernization efforts. In May 2017, the department provided an early project oversight plan and critical task schedule for one initiative related to enterprise data management, but these plans are not comprehensive and do not include, among other things, detailed cost estimates. We intend to follow up on HUD's actions.
    Recommendation: To address weaknesses in the department's financial management systems modernization efforts, the Secretary of HUD should direct the Chief Financial Officer to work with the Chief Information Officer in managing subsequent initiatives to ensure requirements are fully documented and traceable.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In its comments on our draft report, HUD neither agreed nor disagreed with our recommendations, but noted that it planned to improve management practices and IT governance for future modernization efforts. In March 2017, the department reported that the Chief Financial Officer and the Chief Information Officer intend to partner on future departmental financial management systems modernization efforts to fully document requirements and trace requirements to the functionality in the modernized system. In May 2017, department officials reported that the subsequent initiatives underway were following an Agile process yielding product-release backlogs as documentation of requirements for ongoing initiatives. They provided the initial backlog for an enterprise data management initiative. However, HUD could not demonstrate that these requirements were complete and traceable to mission needs. We intend to follow up on HUD's actions.
    Recommendation: The Secretary of HUD should also direct the Deputy Secretary to ensure that the Chief Information Officer takes action to improve IT governance control activities used for monitoring programs and identifying needed corrective actions, and strengthen investment oversight by improving coordination with stakeholders and alignment among IT modernization efforts.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In its comments on our draft report, HUD neither agreed nor disagreed with our recommendations, but noted that it planned to improve management practices and IT governance for future modernization efforts. In March 2017, the department reported on its fiscal year 2016 updates to charters of its IT governance boards, which provide oversight of all its IT investments, including financial management initiatives, and noted that business cases for proposed development and modernization initiatives had been discussed at governance meetings. HUD also reported that it had set up steering committees to supplement board governance and monitoring two enterprise-level modernization efforts and planned to apply mechanisms, such as project health assessments, intended to establish effective investment oversight. However, HUD has not yet demonstrated that the updated governance control activities have improved program monitoring and identified any needed corrective actions or that planned oversight mechanisms have improved coordination with stakeholders or alignment of modernization efforts. We intend to follow up on HUD's actions to ensure that planned improvements to governance and oversight mechanisms are effectively implemented and institutionalized.
    Director: Garcia-diaz, Daniel
    Phone: (202) 512-8678

    5 open recommendations
    Recommendation: In order to more fully implement key practices and meet requirements and to better institutionalize standards and practices, the Secretary of HUD should clearly link HUD's strategic goals and objectives with federal priority goals in the next annual performance plan.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information
    Recommendation: In order to more fully implement key practices and meet requirements and to better institutionalize standards and practices, the Secretary of HUD should describe the reasons that goals were not met and HUD's plans for achieving them in the next annual performance report.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information
    Recommendation: In order to more fully implement key practices and meet requirements and to better institutionalize standards and practices, the Secretary of HUD should establish a process and schedule for regularly reviewing, revising, and updating HUD's human capital strategic plan, strategic workforce plan, and succession plan.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information
    Recommendation: In order to more fully implement key practices and meet requirements and to better institutionalize standards and practices, the Secretary of HUD should establish a process and schedule for reviewing and updating policies and procedures to help ensure that policies and procedures for key management functions remain current and complete.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information
    Recommendation: In order to more fully implement key practices and meet requirements and to better institutionalize standards and practices, the Secretary of HUD should formalize lines of communication between the Chief Information Officer and the agency head, consistent with OMB guidance and internal control standards.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information
    Director: David A. Powner
    Phone: (202) 512-9286

    4 open recommendations
    Recommendation: To help IRS improve its process for determining IT funding priorities and to provide timely information on the progress of its investments, the Commissioner of IRS should direct the Chief Technology Officer to document IRS's process for selecting and prioritizing operations support activities.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In its August 2016 statement of actions to address our recommendations, IRS reported that it was documenting the process for selecting and prioritizing all non-Business Systems Modernization activities, and noted that it expects to have draft documentation by September 2016, and finalized documentation no later than April 2017. We will be following-up with the agency to obtain documentation of actions taken to address this recommendation, and will update this status accordingly.
    Recommendation: To help IRS improve its process for determining IT funding priorities and to provide timely information on the progress of its investments, the Commissioner of IRS should direct the Chief Technology Officer to establish, document, and implement policies and procedures for selecting new and reselecting ongoing business systems modernization activities, consistent with IRS's process for prioritizing operations support priorities, which addresses (1) prioritization and comparison of IT assets against each other, (2) criteria for making selection and prioritization decisions, and (3) ensuring IRS executives' final funding decisions on IT proposals are based on IRS's prioritization process.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In its August 2016 statement of actions to address our recommendations, IRS highlighted process improvements, which it noted would influence its efforts to address this recommendation. IRS committed to documenting the prioritization policies and procedures for its Business Systems Modernization activities as these new process improvements stabilize. We will be following-up with IRS to obtain documentation of actions taken to address this recommendation, and will update this status accordingly.
    Recommendation: To help IRS improve its process for determining IT funding priorities and to provide timely information on the progress of its investments, the Commissioner of IRS should direct the Chief Technology Officer to modify existing processes for Foreign Account Tax Compliance Act (FATCA) and Return Review Program (RRP) for measuring work performed by IRS staff to incorporate best practices, including accounting for actual work performed and using the level of effort measure sparingly.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In its August 2016 statement of actions to address our recommendations, IRS stated it would evaluate the use of a more quantitative measure for work performed and thereby use the level of effort measure sparingly. IRS stated that it would meet with GAO to discuss the results of this evaluation by the end of January 2017. We plan to meet with IRS in the near future to discuss this recommendation, and will update this status accordingly.
    Recommendation: To help IRS improve its process for determining IT funding priorities and to provide timely information on the progress of its investments, the Commissioner of IRS should direct the Chief Technology Officer to report on actual costs and scope delivery at least quarterly for the Customer Account Data Engine 2 and the Affordable Care Act Administration. For these investments, IRS should develop metrics similar to FATCA and RRP.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In its August 2016 statement of actions to address our recommendations, IRS stated that the Customer Account Data Engine 2 program management office is currently standing up processes to report on planned versus actual costs and scope delivery on a monthly basis. Additionally, IRS stated that it would consider the approach currently being used by the Foreign Account Tax Compliance Act and Return Review Program investments. The agency stated that development work for the Affordable Care Act Administration investment was minimal, and as a result, application of this recommendation would not be beneficial. We will be following-up with IRS to obtain documentation of actions taken to address this recommendation, and will update this status accordingly.
    Director: David A. Powner
    Phone: (202) 512-9286

    16 open recommendations
    including 4 priority recommendations
    Recommendation: The Director of OMB should identify and publish a specific goal associated with its non-provisioned O&M spending measure.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The agency agreed with the recommendation. In April 2017, OMB indicated that it has been working with agencies on their Strategic Plans and associated performance goals and measures, but that it would be premature to say whether there would be a specific goal on its non-provisioned O&M spending measure. We will continue to monitor the implementation of this recommendation.
    Recommendation: The Director of OMB should commit to a firm date by which its draft guidance on legacy systems will be issued, and subsequently direct agencies to identify legacy systems and/or investments needing to be modernized or replaced.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The agency agreed with the recommendation. In April 2017, OMB stated that it was updating the draft guidance on legacy systems and were unable to provide a date when they would be issuing it. We will continue to monitor the implementation of this recommendation.
    Recommendation: To monitor whether existing investments are meeting the needs of their agencies, the Secretaries of Commerce and the Treasury should direct the respective agency CIO to ensure that required analyses are performed on investments in the operations and maintenance phase.

    Agency: Department of Commerce
    Status: Open

    Comments: The agency agreed with the recommendation. In a May 2017 written update, the agency stated that it had updated its Capital Planning and Investment Control handbook with instructions on conducting operational analyses. However, the agency was unable to demonstrate that operational analyses were being completed on an annual basis, as required. We will continue to monitor the implementation of this recommendation.
    Recommendation: To monitor whether existing investments are meeting the needs of their agencies, the Secretaries of Commerce and the Treasury should direct the respective agency CIO to ensure that required analyses are performed on investments in the operations and maintenance phase.

    Agency: Department of the Treasury
    Status: Open

    Comments: The agency had no comment on the recommendation. In June 2017, Treasury provided an update on the IRS's efforts to ensure that operational analyses are performed on investments in the operations and maintenance phase. However, the recommendation is intended to address issues at the department level and not just at the IRS. Treasury declined to provide an update at the department level. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The agency agreed with the recommendation and in July 2017 stated that the department has drafted a Legacy Systems Modernization Framework. DHS is waiting for OMB?s draft guidance to be issued to ensure compliance. As a result, they now estimate this will be completed by December 2017. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Agriculture
    Status: Open

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it had taken steps to improve its overall IT governance processes, and in particular, its oversight of legacy systems. These steps included, implementing its FITARA strategy, creating a Cloud Strategy and Policy Office, and two new executive oversight groups. In addition, the agency stated that it planned to complete an IT Modernization Plan in calendar year 2018. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Commerce
    Status: Open

    Comments: The agency agreed with the recommendation. In May 2017, the agency stated that it was continuously assessing its current IT portfolio for opportunities to retire or modernize its mission critical legacy systems. Specifically, Commerce stated that it had identified two candidate systems for modernization--the National Weather Service Telecommunications Gateway and the USPTO Examiner Automated Search Tool. However, it is unclear how these plans will relate to OMB's guidance. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Defense
    Status: Open

    Comments: The agency partially concurred with the recommendation, and stated that it would continue to identify, prioritize, and manage legacy systems that should be modernized or replaced, based on existing DOD policies, using existing department processes, consistent to the extent practicable with OMB's draft guidance. In June 2017, the department stated that its position has not changed; the department believes that no corrective actions are necessary or planned. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Energy
    Status: Open
    Priority recommendation

    Comments: The department partially agreed with the recommendation and in an April 2017 update stated that the department has begun an initiative to migrated corporate business IT systems to cloud service providers. The department added that they were coordinating with their program offices to identify and prioritize other IT systems for migration. The department intends to review any forthcoming OMB guidance, and will consider early implementation of such guidance, as applicable to the department, when the guidance is provided. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The agency agreed with the recommendation and in a September 2016 written update stated that the office of the CIO is working to identify and plan to modernize or replace IT systems. As of July 2017, the agency had not responded to requests for updates on the implementation of this recommendation. We will continue to monitor this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Social Security Administration
    Status: Open

    Comments: The agency agreed with the recommendation and as of May 2017, the agency stated that it was working on finishing its Information Technology Modernization Plan that outlines 5 major applications that it plans to update. However, since OMB had not yet issued its legacy system guidance, it is unknown whether this plan is consistent with OMB's guidance. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Justice
    Status: Open

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it was completing the initial steps of an assessment to provide a qualitative and definitive list of systems which meet criteria for retirement and/or decommission. This assessment is to review the complexity of work per system, and provide a rough order of magnitude cost estimate on a system-by-system basis. Further, VA is in the process of decommissioning the BDN and PAID systems mentioned in our report. The decommissioning of BDN is in the planning stage and the agency estimates the project to cost $100 million to complete. The replacement of PAID has been occurring in incremental phases, but the agency did not provide an estimated date of retirement. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Transportation
    Status: Open

    Comments: The agency agreed with the recommendation and stated that work is underway to identify systems in need of modernization and upgrade. The department anticipated being able to close the recommendation 90 days after OMB issues guidance on legacy systems. Further, in a recent update, the agency stated that it had recently started a project to create an integrated inventory of Transportation's systems. According to the agency, through this project, it has been able to identify duplication and opportunities to create efficiencies. The next phase of this project is a future state diagram and a roadmap to show planned modernizations and possible divestments of legacy systems. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of the Treasury
    Status: Open
    Priority recommendation

    Comments: The agency had no comment on the recommendation. In a June 2017, Treasury provided an update on the IRS's efforts to modernize the IRS's legacy systems. However, the recommendation is intended to address issues at the department level and not just at the IRS. Treasury declined to provide an update at the department level. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Veterans Affairs
    Status: Open
    Priority recommendation

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it was completing the initial phase of an assessment to provide a qualitative and definitive list of systems which meet criteria for retirement and/or decommission. This assessment will review the complexity of work per system, and provide a rough order of magnitude cost estimate on a system-by-system basis. Further, VA is in the process of decommissioning the BDN and PAID systems mentioned in our report. The decommissioning of BDN is in the planning stage and the agency estimates the project to cost $100 million to complete. The replacement of PAID has been occurring in incremental phases, but the agency did not provide an estimated date of retirement. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: The agency agreed with the recommendation and stated that it plans to work with OMB upon the publication of OMB's guidance to identify opportunities for modernization. In an April 2017 update, the agency stated that it had extended plans to replace the systems mentioned in the report by several years. As of August 2017, the agency stated that it had finalized a new capital planning guide which includes investment review policy to identify opportunities for modernization and away from legacy systems. However, it is too soon to tell if it is in line with OMB's forthcoming guidance. We will continue to monitor the implementation of this recommendation.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    5 open recommendations
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to define the scope, implementation strategy, and schedule of the agency's overall modernization approach, with related goals and measures for effectively overseeing the effort. At a minimum, the agency should update its IT strategic plan and complete its modernization plan.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with this recommendation, and reported on actions taken to update its IT Modernization Plan such as conducting cross-functional work sessions to establish an actionable implementation roadmap in line with agency priorities. However, as of April 2017, we have not yet obtained evidence that FEMA has fully updated its IT strategic plan and completed its modernization plan to address the weaknesses identified in our report. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to establish time frames for current and future IT workforce planning during its modernization efforts and ensure all regions and offices are included in these initiatives.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department stated that FEMA completed the assessment of skills gap and identified and prioritized the skills required to staff and sustain the core competencies required to successfully implement FEMA's IT modernization efforts. However, we have not yet validated the agency actions to establish time frames for current and future IT workforce planning during its modernization efforts. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA adequately manages the selected emergency management systems, the FEMA Administrator should direct the DAIP, EMMIE, and IPAWS program offices, in conjunction with the FEMA CIO, to implement complete program plans that define overall budget and schedule, key deliverables and milestones, assumptions and constraints, description and assignment of roles and responsibilities, staffing and training plans, and an approach for maintaining these plans.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with our recommendation and in response updated its program management plans that support the program offices of the Disaster Assistance Improvement Plan, Emergency Management Mission Integrated Environment, and Integrated Public Alert and Warning System. The program plans addressed some of the weaknesses we identified in our report. For example, the program management plans identified and described the overall program management processes and methods to be used during all phases of projects and defined key deliverables and milestones, roles and responsibilities, staffing and training and an approach for maintaining the plans. However, the plans did not clearly define the knowledge and skills needed to carry out the program or provide sufficient details on the budget and scheduling for the programs under review. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA adequately manages the selected emergency management systems, the FEMA Administrator should direct the DAIP, EMMIE, and IPAWS program offices, in conjunction with the FEMA CIO, to implement a system integration plan that include all systems to be integrated with the system, roles and responsibilities for all relevant participants, the sequence and schedule for every integration step, and how integration problems are to be documented and resolved.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department reported that the system owner for DAIP, EMMIE, and IPAWS programs have updated their respective system integration plans to address the risks identified within the recommendation. In addition, the agency provided documentation such as the IPAWS Integrated Logistics Support Plan, as well as the quality control plan, and test execution plans for both the DAIP and EMMIE programs. However, we have not yet completed our analysis and validated the agency actions on this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As part of the effort of improving IT management at the three programs, the FEMA Administrator should direct the CIO to ensure that FEMA policy for managing IT programs includes guidance for implementing the key management practices.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with the recommendation. In its November 2016 update, FEMA reported that the System Owner for DAIP, EMMIE, and IPAWS have updated their respective IT management program and plans and coordinated with the FEMA CIO to address the risks identified within the recommendation. However, we have not yet validated the agency actions on this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    11 open recommendations
    Recommendation: To ensure that the HRIT investment receives necessary oversight and attention, the Secretary of Homeland Security should direct the Under Secretary of Management to ensure that the HRIT executive steering committee is consistently involved in overseeing and advising HRIT, including approving key program management documents, such as HRIT's operational plan, schedule, and planned cost estimate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS provided documentation demonstrating that the HRIT executive steering committee is consistently involved in overseeing and advising HRIT in response to our recommendation. DHS also provided documentation demonstrating that the Executive Steering Committee approved HRIT's operational plan for fiscal years 2016-2018. However, DHS still needs to demonstrate that the HRIT ESC has approved the schedule and cost estimate for HRIT.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to update and maintain a schedule estimate for when DHS plans to implement each of the strategic improvement opportunities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to HRIT officials, in response to our recommendation, DHS has developed an implementation plan, including a schedule estimate, for addressing HRIT's strategic improvement opportunities. We will continue to follow-up with them for documentation of this implementation plan.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to develop a complete life-cycle cost estimate for the implementation of HRIT.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS prepared an independent cost estimate for the HRIT investment. When developing this estimate, the cost estimators made many assumptions about HRIT's strategic improvement opportunities that had not yet been defined, such as the scope and the preliminary acquisition strategies for each. We will continue to follow-up with DHS for supporting documentation for this estimate in order to better understand it.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to document and track all costs, including components' costs, associated with HRIT.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with the recommendation and is working to implement it. While DHS provided certain cost tracking information for HRIT, this information was incomplete and did not demonstrate ongoing tracking of all costs. We will continue to follow-up with DHS to obtain additional documentation.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to update and maintain the department's human resources system inventory.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS provided its updated human resources systems inventory that it developed in response to our recommendation. According to officials, the list is reviewed and updated on an annual basis or as-needed when a system is deployed or retired. We will continue to monitor this recommendation to ensure that DHS is maintaining this inventory.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to establish a time frame for deciding whether PALMS will be fully deployed at the Federal Emergency Management Agency (FEMA) and the U.S. Coast Guard (USCG), and determine an alternative approach if the learning and/or performance management capabilities of PALMS are deemed not feasible for the U.S. Immigration and Customs Enforcement, FEMA, the Transportation Security Administration, or USCG.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials stated that PALMS will not be fully deployed at FEMA, USCG, ICE, or TSA. The officials stated that future Human Resources Information Technology (HRIT) programs will include enhancing learning management and performance management capabilities. Officials stated that the details related to these efforts are to be discussed in the HRIT strategic improvement opportunity implementation plan. We will continue to follow-up with DHS for documentation of this plan.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to develop a comprehensive life-cycle cost estimate, including all government and contractor costs, for the PALMS program.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials stated that the PALMS program will move into an operations and maintenance phase once the PALMS learning management capabilities are deployed to U.S. Secret Service. As such, DHS does not plan to develop an updated life-cycle cost estimate (LCCE) for PALMS. We will continue to follow-up with DHS for documentation of PALMS's actual costs, including government costs.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to develop and maintain a single comprehensive schedule that includes all government and contractor activities, and includes all planned deployment milestones related to performance management.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, the PALMS program office updated its integrated master schedule. However, this schedule has not been appropriately maintained. We will continue to follow-up with DHS officials on this recommendation.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to track and monitor all costs associated with the PALMS program.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with the recommendation and is working to implement it. DHS provided certain cost tracking information for PALMS, but this information did not include government costs or certain past PALMS costs, such as 2017 costs for the Federal Law Enforcement Training Centers' ongoing use of PALMS. We will continue to follow-up with DHS officials on this recommendation.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to document PALMS's progress and milestone reviews, including all issues and corrective actions discussed.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS is documenting certain PALMS progress reviews. We have requested documentation related to U.S. Secret Service's deployment of PALMS, to determine whether the Service conducted and documented a milestone review prior to deploying the system.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to establish a comprehensive risk log that maintains an aggregation of all up-to-date risks (including both government- and vendor-identified)and associated mitigation plans. Additionally, within the comprehensive risk log, the PALMS program office should (1) identify and document planned completion dates for each risk mitigation step (where appropriate), and (2) prioritize the risks by determining each risk's relative priority and overall risk level.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS updated its PALMS risk register. However, this register was not comprehensive. We will continue to follow-up with DHS officials on this recommendation.
    Director: Valerie Melvin
    Phone: (202) 512-6304

    2 open recommendations
    Recommendation: To help ensure that FDA's IT strategic planning activities are successful in supporting the agency's mission, goals, and objectives, the Commissioner of FDA should require the CIO to establish schedules and milestones for completing a version of an IT strategic plan that incorporates elements to align the plan's strategies with agency-wide priorities; includes results-oriented goals and performance measures that support the agency's mission, along with targets for measuring the extent to which outcomes of IT initiatives support FDA's ability to achieve agency-wide goals and objectives; identifies key IT initiatives that support the agency's goals; and describes interdependencies among the initiatives.

    Agency: Department of Health and Human Services: Food and Drug Administration
    Status: Open

    Comments: FDA concurred with the recommendation and stated that the agency plans to implement it. We contacted the agency in March 2017 and have requested documents regarding FDA's actions to address the recommendation. We are waiting to receive the documents. We will update the status of the agency's actions after we receive and evaluate their response.
    Recommendation: To help ensure that FDA's IT strategic planning activities are successful in supporting the agency's mission, goals, and objectives, the Commissioner of FDA should require the CIO to implement the plan to ensure that expected outcomes of the agency's key IT initiatives are achieved.

    Agency: Department of Health and Human Services: Food and Drug Administration
    Status: Open

    Comments: FDA concurred with the recommendation and stated that the agency plans to implement it. We contacted the agency in March 2017 and have requested documents regarding FDA's actions to address the recommendation. We are waiting to receive the documents. We will update the status of the agency's actions after we receive and evaluate their response.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    1 open recommendations
    Recommendation: To help ensure that the department can better achieve business process reengineering and enterprise architecture outcomes and benefits, the Secretary of Defense should utilize the results of our portfolio manager survey to determine additional actions that can improve the department's management of its business process reengineering and enterprise architecture activities.

    Agency: Department of Defense
    Status: Open

    Comments: DOD developed a plan, using the results of our survey, to improve the department's management of its business process reengineering and enterprise architecture activities; however, key milestones have not yet been completed. Specifically, in January 2017, the department issued a business enterprise architecture (BEA) improvement plan. The plan was intended to address BEA usability and deficiencies in information supporting the investment management process. As part of the plan, the department identified opportunities to address the results of our survey. For example, according to the plan, our survey results were utilized to identify opportunities for improving management and integration of existing enterprise business processes and investments; assessing duplication early in the analysis phase and finding process and capability reuse across the department; and providing a federated BEA information environment and capabilities to discover and exchange information from other sources. The plan included delivering three major capabilities. As of September 2017, the Office of the Deputy Chief Management Officer stated that the delivery dates for the three capabilities were as follows: Business Capability Acquisition Cycle content ingest and investment reviews by June 2018; process and system reviews within and across domains by June 2018; and development and integration of functional strategies by December 2018. Further, the office stated that dates were subject to a contract being awarded. We will continue to monitor the department's efforts to implement the recommendation.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To help ensure that it receives accurate information on the full effect of funding decisions on acquisition programs, Congress should consider amending the law that governs the 5-year Capital Investment Plan to require the Coast Guard to submit cost and schedule information that reflects the impact of the annual President's budget request on each acquisition across the portfolio--in addition to the current practice of reporting the cost and schedule estimates in current program baselines.

    Agency: Congress
    Status: Open

    Comments: Thus far no congressional action has been taken on this Matter. We will continue to follow up with relevant congressional committees.
    Recommendation: To help the Coast Guard improve the long-term outlook of its portfolio, the Commandant of the Coast Guard should develop a 20-year fleet modernization plan that identifies all acquisitions needed to maintain the current level of service and the fiscal resources necessary to build the identified assets. The plan should also consider trade-offs if the fiscal resources needed to execute the plan are not consistent with annual budgets.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: Based on this recommendation, Congress has requested that the Coast Guard develop a 20-year plan that identifies all acquisitions needed to maintain the Coast Guard's current level of service and the financial commitment necessary to achieve this plan. As a part of a series of testimonies in June and July 2017, we found that Coast Guard officials stated they are developing a 20-year Capital Investment Plan (CIP), but the timeframe for completion is unknown. The Coast Guard does, however, submit a 5-year CIP annually to Congress that projects acquisition funding needs for the upcoming 5 years. GAO found the CIPs do not match budget realities in that tradeoffs are not included. In the 20-year CIP, GAO would expect to see all acquisitions needed to maintain current service levels and the fiscal resources to build the identified assets as well as tradeoffs in light of funding constraints.
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    2 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure effective management and modernization of HUD's IT environment, the Secretary of Housing and Urban Development should direct the department's Chief Information Officer to establish a means for evaluating progress toward institutionalizing management controls and commit to time lines for activities and next steps.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: As of April 2017, HUD had not yet established a means for evaluating progress toward institutionalizing IT management controls. According to HUD officials, the department expects to evaluate the controls through an update to its IT Management Framework scheduled to be completed during fiscal year 2017.
    Recommendation: To ensure effective management and modernization of HUD's IT environment, the Secretary of Housing and Urban Development should direct the department's Chief Information Officer to define the scope, implementation strategy, and schedule of its overall modernization approach, with related goals and measures for effectively overseeing the effort.

    Agency: Department of Housing and Urban Development
    Status: Open
    Priority recommendation

    Comments: In August 2016, HUD officials reported that the department was taking actions intended to establish a new, stronger enterprise approach for IT development and operations. As of April 2017, the department reported that it was in phase 2 of a 4-phase application assessment initiative expected to address this recommendation. However, HUD has not yet provided evidence of how the new approach is expected to define the scope, implementation strategy, and schedule for modernizing the department's IT.
    Director: Pendleton, John H
    Phone: 202) 512-3489

    2 open recommendations
    Recommendation: To assist DOD and DOE in synchronizing plans for modernizing the nuclear weapons enterprise and for assessing the feasibility of the interoperable warhead concept, and to ensure that DOD and NNSA are able to consider the possibilities of potentially designing and developing an interoperable warhead as directed by the Nuclear Weapons Council during the W78/88-1 life-extension program, the Secretary of Defense should direct the Secretary of the Navy to identify the long-term resources needed to implement the W78/88-1 life-extension program once the warhead feasibility study is completed, should the Nuclear Weapons Council approve of an interoperable warhead design.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with the recommendation. In September 2014, agency officials stated that the Nuclear Weapons Council formally delayed the W78/88-1 Life Extension Program first production unit 5 years to Fiscal Year 2030. As a result, officials stated that the warhead feasibility study has been delayed. The recommendation remains open. As of September 2017, the status of this recommendation has not changed.
    Recommendation: To assist DOD and DOE in synchronizing plans for modernizing the nuclear weapons enterprise and for assessing the feasibility of the interoperable warhead concept, and to ensure that the services are able to support the consideration of interoperable warhead concepts during future life-extension programs, the Secretary of Defense should issue or revise existing guidance to require the services to align their programs and resources before beginning concept or feasibility studies jointly with another service.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with the recommendation. In December 2015, DOD and DOE published the revised Guideline for the Phase 6.X Process and is in the process of updating the DOD implementing instructions. In August 2016, DOD officials told us that the updated instruction will include a provision to require the services to align their programs and resources before beginning concept or feasibility studies jointly with another service. Officials expect the revised instruction to be finalized and published in mid-2017. As of September 2017, the updated DOD manual (DODM 5030.55) is undergoing final coordination within the department. This recommendation remains open pending the approval and issuance of the revised instruction.
    Director: Melvin, Valerie C
    Phone: (202)512-6304

    2 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that HUD effectively and efficiently manages its modernization efforts aimed at improving its IT environment to support mission needs, the Secretary of Housing and Urban Development should direct the Deputy Secretary to establish a plan of action that identifies specific time frames for correcting the deficiencies highlighted in this report for both its ongoing projects, as applicable, and its planned projects, to include (1) developing charters that define what constitutes project success and establish accountability, (2) finalizing deliverable-oriented work breakdown structures and associated dictionaries that define the detailed work needed to accomplish project objectives, (3) completing comprehensive project management plans that reflect cost and schedule baselines and fully incorporate subsidiary management plans, (4) establishing requirements management plans that include prioritization methods to be applied and metrics for determining how products address requirements, (5) completing matrixes to include requirements traceability from mission needs through implementation, and (6) establishing strategies to guide how acquisitions are managed in accordance with other processes and that performance metrics are established.

    Agency: Department of Housing and Urban Development
    Status: Open
    Priority recommendation

    Comments: HUD did not agree or disagree with, but stated it had planned actions intended to address, our recommendation. As of April 2017, HUD provided evidence of its updated project planning and management process, including requirements for improvements to project charters and management plans, but we have not yet seen evidence that HUD's actions have fully addressed deficiencies in other project management documentation.
    Recommendation: To improve development and use of the department's project management framework, the Secretary should direct the Customer Care Committee to review the role and responsibilities of the Technical Review Subcommittee and ensure that the department's governance structure operates as intended and adequately oversees the management of all of its modernization efforts.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: HUD agreed with our recommendation and reported plans for the Customer Care Committee to review the roles and responsibilities of the Technical Review Subcommittee. As of March 2017, HUD had finalized an updated Subcommittee charter. We are reviewing changes made to the charter and plan to observe the Subcommittee's operation under the revised guidance.
    Director: Melvin, Valerie C
    Phone: (202) 512-6304

    6 open recommendations
    Recommendation: To effectively implement key components of DOD's business systems modernization program, the Secretary of Defense should direct the Deputy Chief Management Officer to define by when and how the department plans to develop an architecture that would extend to all defense components and include, among other things, (a) information about the specific business systems that support business enterprise architecture (BEA) business activities and related system functions; (b) business capabilities for the Hire-to-Retire and Procure-to-Pay business processes; and (c) sufficient information about business activities to allow for more effective identification of potential overlap and duplication.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2017, the Department of Defense (DOD) had taken steps to address the recommendation; however, more steps are needed to meet its intent. For example, as of July 2015, the department had taken steps to improve the integration of business enterprise architecture (BEA) information with other existing information. This integration was intended to allow DOD to identify information such as mapping of existing business systems to individual BEA system functions. In addition, in January 2017, the department issued a plan to improve the usefulness of the architecture by delivering three major capabilities, including the ability to conduct process and system reviews within and across domains, which can help better identify potential duplication and overlap, by January 2017. The plan also included other activities that may help support the identification of duplication and overlap, such as developing a federated ontology for BEA data structures, migrating legacy architecture data into the federated ontology, and defining requirements to enable extensible data structures for future updates, by June 2016. However, the department has not developed the ontology or delivered the capability to conduct process and system reviews within and across domains. An official from the Office of the Deputy Chief Management Officer stated in September 2017 that the BEA ontology work is ongoing and that a plan for moving the existing BEA content to the new framework is in development. The official also stated that delivery of the capability to conduct process and system reviews within and across domains is now planned for June 2018, depending on contract award. However, DOD has not updated its BEA improvement plan to reflect the revised delivery dates. In addition, the department also has not identified the business capabilities associated with the Hire-to-Retire and Procure-to-Pay business processes. The department continues to update its business architecture, but it has not demonstrated that it has defined by when and how it plans to develop an architecture that would extend to all defense components and include business capabilities for the Hire-to-Retire and Procure-to-Pay business processes.
    Recommendation: To effectively implement key components of DOD's business systems modernization program, the Secretary of Defense should direct the Deputy Chief Management Officer to ensure that the functional strategies include all of the critical elements identified in DOD investment management guidance, including performance measures to determine progress toward achieving the goals that incorporate all of the attributes called for in the department's guidance.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2017, the Department of Defense (DOD) had taken some steps to address the intent of this recommendation. However, more remains to be done to fully address the intent of the recommendation. For example, we reported in July 2015 that the department established performance measures in its functional strategies that addressed at least some of the five attributes called for in DOD guidance. In particular, all of the fiscal year 2015 functional strategies identified examples of quantitative metrics. However, not all functional strategies identified metrics that addressed the other attributes. As of August 2017, this continues to be the case. For example, the fiscal year 2017 human resources management functional strategy did not address prior year business outcomes and initiatives progress, as required by the February 2015 investment management guidance.
    Recommendation: To effectively implement key components of DOD's business systems modernization program, the Secretary of Defense should direct the Deputy Chief Management Officer to select and control its mix of investments in a manner that best supports mission needs by (a) documenting a process for evaluating portfolio performance that includes the use of actual versus expected performance data and predetermined thresholds; (b) ensuring that portfolio assessments are conducted in key areas identified in our IT investment management framework: benefits attained; current schedule; accuracy of project reporting; and risks that have been mitigated, eliminated, or accepted to date; and (c) ensuring that the documents provided to the Defense Business Council as part of the investment management process include critical information for conducting all assessments.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2017, the Department of Defense had not addressed the recommendation. In February 2017, the department issued DOD Instruction 5000.75, Business Systems Requirements and Acquisition, to assist in managing defense business systems. Further, in April 2017, the department updated its investment management guidance. However, neither the instruction nor the revised guidance call for a process for evaluating portfolio performance that includes the use of actual versus expected performance data and predetermined thresholds. The instruction and the revised guidance also do not specify a process for ensuring that portfolio assessments are conducted in key areas identified in our information technology investment management framework: benefits attained; current schedule; accuracy of project reporting; and risks that have been mitigated, eliminated, or accepted to date. Further, the department has not demonstrated that it has ensured that documents provided to the Defense Business Council (i.e., the investment review board) include critical information for conducting assessments, such as information about system scalability to support additional users or new features in the future and cost in relationship to return on investment.
    Recommendation: To effectively implement key components of DOD's business systems modernization program, the Secretary of Defense should direct the Deputy Chief Management Officer to implement and use the BEA and business process reengineering compliance assessments more effectively to support organizational transformation efforts by (a) disclosing relevant information about known weaknesses, such as BEA and business process reengineering compliance weaknesses for systems that were not certified or certified with qualifications in annual reports to Congress; (b) establishing milestones by which selected validations of BEA compliance assertions are to be completed; and (c) ensuring that appropriate business process reengineering assertions have been completed on all investments submitted for the fiscal year 2014 certification reviews prior to the certification of funds.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2017, the Department of Defense (DOD) has taken steps to address the intent of the recommendation; however, more remains to be done. For example, the 2015 Congressional Report on Defense Business Operations included some information consistent with our recommendation. In particular, it contained information about weaknesses for systems that were certified with qualifications. The report stated that the department conditionally approved 29 military department and 30 defense agency requests pending Defense Business Council (DBC) approval of their problem statements. The report also cited the specific systems that were conditionally approved pending approval of their problem statements. In addition, in February 2017, the department issued an instruction (DOD Instruction 5000.75, Business Systems Requirements and Acquisition). The instruction requires that the certifying official verify that a capability is aligned with the business enterprise architecture (BEA) prior to a decision to proceed with a solutions analysis phase. The instruction also requires the certifying official to validate that sufficient business process reengineering (BPR) has been conducted to determine that a business system is required. The Office of the Deputy Chief Management Officer (DCMO) explained in August 2017 that the office reviews BEA compliance assertions in BEA compliance reporting tools, and if any issues are found with the assertions they are documented in investment decision memos. In addition, for BPR assertions, the office stated that DCMO portfolio leads review the assertions to determine if a system has required documentation. For those that have no plan of action or BPR assertions, according to the office, the DCMO team works with the domain or portfolio owners to ensure that a plan of action is documented. However, the department did not provide evidence to demonstrate that BEA assertions have been validated for selected investments or that BPR assertions have been validated for all its investments as part of its last annual certification process.
    Recommendation: To effectively implement key components of DOD's business systems modernization program, the Secretary of Defense should direct the Deputy Chief Management Officer to develop a skills inventory, needs assessment, gap analysis, and plan to address identified gaps as part of a strategic approach to human capital planning for the Office of the Deputy Chief Management Officer.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2017, the Department of Defense (DOD) had not addressed this recommendation; and the Office of the Deputy Chief Management Officer (DCMO) stated that it does not plan to address it. Specifically, it said that the department did not concur with the recommendation, and that, further, it had been overcome by other events. According to DOD officials, the recommendation has been overcome by several reorganizational changes, including one based on reviews of the department's business processes and systems. The Office of the DCMO stated that the department used a skills inventory, needs assessment, and gap analysis to do these reorganizations, and there are no open positions beyond those occurring from normal attrition. However, the Office of the DCMO did not provide evidence of the skills inventory, needs assessment and gap analysis that it said it used in its reorganizations. We still consider the recommendation to be valid and will continue to monitor its implementation as part of our periodic assessments of DOD efforts to manage its defense business systems.
    Recommendation: The Secretary of Defense should direct the appropriate authority to ensure that complete documentation, such as root cause analyses, assessments of existing interfaces for reuse opportunities, and performance metrics related to the reengineering efforts, is provided as part of the fiscal year 2014 certification and approval process for the Integrated Personnel and Pay System - Army (IPPS-A), Integrated Personnel and Pay System - Navy (IPPS-N), Air Force Integrated Personnel and Pay System (AF-IPPS), and Integrated Electronic Health Record (iEHR) investments.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2017, the Department of Defense (DOD) had taken some steps to address the intent of this recommendation, and other aspects of the recommendation have been overcome by events. However, more work is needed to demonstrate that the department has more fully addressed the intent of our recommendation. For example, in July 2015, we reported that the department demonstrated that it had completed documentation, such as root cause analyses, assessments of existing interfaces for reuse opportunities, and performance metrics related to the reengineering efforts, and that the documentation was provided as part of the certification and approval process for the Air Force Integrated Personnel and Pay System investment. However, since we made the recommendation, the department has changed its approach to evaluating business process reengineering for its defense business systems. As a result of this change, the department requires different documentation than the documentation required when we prepared our report. The department now requires business process reengineering to be documented in a problem statement. In particular, the December 2014 DOD problem statement guidance requires a description of and validation that a thorough review of the business process reengineering was conducted, and no longer specifically requires root cause analyses, assessments of existing interfaces for re-use opportunities, or performance metrics related to reengineering efforts. Regarding the Integrated Personnel and Pay System - Army, in September 2017, the department demonstrated that it had completed a March 2016 description of its business process reengineering efforts and provided supporting documentation as part of its review and certification process. However, as of September 2017, the department had not demonstrated that complete documentation related to reengineering efforts has been submitted as part of its annual certification and approval process for the Integrated Personnel and Pay System-Navy (IPPS-N) investment. According to an Official from the Office of the Deputy Under Secretary of the Navy (Management), the department expects the IPPS-N problem statement to be complete by the end of September 2017. Regarding the Integrated Electronic Health Record investment, the Office of the Deputy Chief Management Officer stated that the department does not plan to conduct business process reengineering because the investment is now in sustainment, and the department does not require business process reengineering for systems in sustainment.
    Director: Melvin, Valerie C
    Phone: (202)512-6304

    1 open recommendations
    Recommendation: To ensure that DOD continues to implement the full range of institutional management controls needed to address its business systems modernization high-risk area, the Secretary of Defense should ensure that the Deputy Secretary of Defense, as the department's Chief Management Officer, establish a policy that clarifies the roles, responsibilities, and relationships among the Chief Management Officer, Deputy Chief Management Officer, DOD and military department Chief Information Officers, Principal Staff Assistants, military department Chief Management Officers, and the heads of the military departments and defense agencies, associated with the development of a federated business enterprise architecture (BEA). Among other things, the policy should address the development and implementation of an overarching taxonomy and associated ontologies to help ensure that each of the respective portions of the architecture will be properly linked and aligned. In addition, the policy should address alignment and coordination of business process areas, military department and defense agency activities associated with developing and implementing each of the various components of the BEA, and relationships among these entities.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2017, the Department of Defense had taken steps to address the intent of our recommendation, but had not issued a policy that addresses the various elements called for in our recommendation. For example, in January 2017, the department issued a business enterprise architecture improvement plan, which included providing, among other capabilities, the ability to conduct process and system reviews within and across domains by January 2017. The plan also included delivering a federated ontology for business enterprise architecture data structures by June 2016. However, as of September 2017, the Office of the Deputy Chief Management Officer stated that work to develop the federated ontology was ongoing. In addition, the delivery date of the capability for conducting process and system reviews within and across domains had changed to June 2018. Further, the office stated that date was subject to a contract being awarded. In addition, as of September 2017, the department had not established policy that clarified the roles, responsibilities, authorities, and relationships between the Deputy Chief Management Officer and military department officials responsible for the business enterprise architecture and its federation or provided details of an overarching taxonomy to be used across the enterprise. We will continue to monitor the department's efforts to implement the recommendation.