Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "IT investment management"

    19 publications with a total of 171 open recommendations including 7 priority recommendations
    Director: Carol C. Harris
    Phone: (202) 512-4456

    6 open recommendations
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to update the department's IT Acquisition Review governance process to increase the number of contracts and agreements (associated with both major and non-major investments) that are reviewed by the CIO and appropriate delegates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the specific staff or positions currently within the department's IT acquisition cadre; and (2) assessing whether these staff and positions address all of the specialized skills and knowledge needed, as outlined in OMB's Office of Federal Procurement Policy's guidance for developing an IT acquisition cadre.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the department's future IT skillset needs as a result of DHS's new delivery model, (2) conducting a skills gap analysis, and (3) resolving any skills gaps identified.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update the department's acquisition policies and guidance to be consistent in identifying that the DHS CIO is to certify investments' incremental development activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update DHS headquarters', Customs and Border Protection's, and U.S. Coast Guard's processes to track, for all contracts and agreements, the IT investment with which each is associated (as applicable).

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update and implement the process DHS uses for assessing the risks of major IT investments to ensure that the CIO rating reported to the Dashboard fully reflects the CIO's assessment of each major IT investment.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Director: Valerie Melvin
    Phone: (202) 512-6304

    1 open recommendations
    Recommendation: To increase the likelihood that its IT investments develop reliable cost estimates, the Secretary of HUD should finalize, and ensure the implementation of, guidance that incorporates the best practices called for in the GAO Cost Estimating and Assessment Guide.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In April 2017, HUD reported that the department concurred with the recommendation and noted that the Office of the Chief Information Officer (OCIO) intends to establish cost estimation guidance for IT projects within its IT Management Framework Guide, incorporating appropriate best practices from the GAO Cost Estimating and Assessment Guide. HUD anticipates completing the OCIO IT Management Framework guidance that is intended to incorporate cost estimating principles for IT projects by September 1, 2017.
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    8 open recommendations
    Recommendation: To assist VA in sustaining an IT workforce with the necessary knowledge, skills, and abilities to execute its mission and goals, the Secretary of Veterans Affairs should direct the Chief Information Officer to track and review OI&T historical workforce data and projections related to leadership retirements.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that OI&T's Human Capital Management Office (HCM) had completed a succession planning project that encompassed all senior leadership and included data review and risk assessment for each position. VA also stated that OI&T tracks the gains and losses associated with its leadership positions and provided this information for fiscal year 2016. However, the department has not provided documentation that supports the assertion that historical and projected OI&T leadership retirement data was presented and discussed as part of the succession planning project and did not provide data on projected retirements for OI&T's leadership positions. Additionally, the department stated that OI&T HCM has the ability to project retirement eligibility but has not provided documentation to support this assertion. It is important that VA tracks and reviews its OI&T historical workforce data and forecasts its leadership retirements to avoid being unprepared to effectively respond to vacancies in key leadership positions.
    Recommendation: To assist VA in sustaining an IT workforce with the necessary knowledge, skills, and abilities to execute its mission and goals, the Secretary of Veterans Affairs should direct the Chief Information Officer to identify IT skills needed beyond the current fiscal year to assist in identifying future skills gaps.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that Information Technology Workforce Development (ITWD) will produce reports that identify skill gaps and will contain long-term recommendations that show the types of IT skills each organization needs to increase and which proficiency level targets need the most emphasis. As of July 2017, VA stated that ITWD reviewed, and updated where needed, the fiscal year 2017 competencies within each OI&T competency model role in order to align the models to the OI&T Transformation initiative. According to the department, the resulting updates support learning solutions that sustain and accelerate OI&T's transformation. Additionally, VA stated that 85 percent of OI&T staff completed a validated competency self-assessment and provided the OI&T fiscal year 2017 Training Gap Analysis Report which shows the strengths and gaps of OI&T by organization, trends between fiscal years 2016 and 2017, findings, next steps, and recommended actions for the next fiscal year. The department also stated that ITWD held meetings to review skill gap and learning solution reports. VA provided these reports and they present the top gaps and strengths, key findings, and next steps to address the skill gaps. While the department has taken these actions, its OI&T Training Gap Analysis Report does not identify IT skills needed beyond fiscal year 2017.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to project planning, to include (1) estimating the level of effort that will need to be expended for work products and tasks, and (2) making adjustments to the project plan to reconcile differences between estimated and available resources.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and stated that OI&T is documenting changes to processes related to project planning as it transitions from PMAS to the Veteran-Focused Integration Process (VIP). According to VA, the VIP processes will lead to better requirements elaboration and prioritization, increasing significantly the accuracy of estimates related to level of effort. Additionally, the department stated that by using short Agile sprints, the project team will be able adjust the project plan frequently to reconcile differences between estimated and available resources. As of July 2017, VA stated that all projects have transitioned to the VIP, which ensures they are incorporating the Agile methodology into the project lifecycle. According to the department, the latest version of its VIP Guide incorporates the use of daily scrum and weekly scrum of scrum meetings that can be used to frequently adjust the project plan to reconcile differences between estimated and available resources. VA stated that the project planning processes will continue to evolve beyond July and expects to complete its actions in response to this recommendation by the end of fiscal year 2017.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to requirements management, to include identifying changes to be made to plans and work products as a result of requirements baseline changes.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that OI&T is revising its documentation related to requirements management as part of the transition to the Veteran-Focused Integration Process (VIP). According to VA, requirements will be tracked using the IBM Rational Tools Suite, which will be able to provide a snapshot of the original baseline and all captured changes in the form of an audit trail that captures the history of requirement changes. As of July 2017, the department stated that all projects have transitioned to the VIP and requirements baselines and subsequent changes are tracked in the Rational Tools Suite. VA also reported that efforts in fiscal year 2017 to consolidate all mandatory architectural, design, and process methodologies into a single library of requirements were successful, which resulted in combining the full body of requirements. Additionally according to the department, versioning of the requirements will allow the office to trace specific versions of individual requirements and their evolution by time period and project inheritance. VA stated that it expects to complete its actions in response to this recommendation by the end of fiscal year 2017.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to risk management, to include (1) determining costs and benefits of implementing the risk mitigation plan for each risk and (2) collecting performance measures on risk handling activities.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that the IBM Rational Tools Suite will be used to manage risks and issues. According to VA, the tools suite will allow requirements to be linked to risks, which will provide traceability; teams will be able to track and report steps taken to mitigate risks; and an audit trail will show the history of changes made to each risk. The department also reported that the Office of Privacy and Risk will establish risk mitigation strategies for OI&T. As of July 2017, VA stated that risks data capture has been developed as a standardized process and that data on project and program risks in the Rational Tools Suite is aggregated and prepared for use to verify aggressive management, and will be included in enterprise reporting. The department stated that work is underway with the Performance Management Office and that OI&T expects to complete its actions in response to this recommendation by the end of fiscal year 2017.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to project monitoring and control, to include the 10 best practices that were missing from the guidance.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that implementation of the Veteran-Focused Integration Process (VIP) and Agile processes within OI&T will address eight of the ten best practices related to project monitoring and control that were missing from its guidance. In regard to monitoring the knowledge and skills of project staff, OI&T's IT Workforce Development (ITWD) group collects and analyzes competency assessment data, which is used in requirements gathering meetings with OI&T leaders. According to VA, during these meetings organizational needs and next steps are discussed in detail. Additionally, the department's latest version of its VIP Guide states that the product team should be cross-functional and include all skills needed to deliver a product. Further, the department reported that data management activities, issues, and impacts will be managed using VIP, Agile, and IBM Rational Tools Suite. According to its VIP Guide, OI&T expects that all products follow the Agile product management process and use the Rational Tools Suite to manage scheduled product sprints and backlog, product requirements, risks and issues, and product planning and engineering documentation, among others. Also, VA stated that Agile methodologies will require stakeholders to be involved in the daily scrum meetings, user acceptance testing, and acceptance of deliverables, which will address stakeholders being involved regularly and documenting the results of stakeholder involvement status reviews. According to the VIP Guide, the Agile development methodologies require development teams to meet often with stakeholders to ensure transparency and foster a collaborative work environment. Additionally, the department stated that critical decision events are using Rational based data assessments to report on level of satisfaction of project controls and process compliance requirements. Further, according to the VIP Guide, the Product Owner will have a key role in the decision-making process during the development of the product and will be able to regularly express concerns and/or approvals to best meet user satisfaction. The department stated that critical decision events are being held at the portfolio level, and action items from these events are being tracked. VA provided meeting minutes from critical decision events that were held in October and December 2016. The December 2016 meeting minutes identified action items and the status of those items. Although VA has taken actions to address the majority of best practices related to project monitoring and control, the department's new VIP process does not include two practices that call for (1) tracking expended effort and (2) monitoring the utilization of staff and resources. Until OI&T's documented processes for project monitoring and control fully reflect best practices, the office is at risk that its projects will not achieve expected results.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to process and product quality assurance, to include (1) documenting a description of the quality assurance reporting chain and defining how objectivity will be ensured, and (2) periodically reviewing open noncompliance issues and trends with management that is designated to receive and act on them.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that the implementation of the Veteran-Focused Integration Process (VIP), Agile processes, and the Rational Toolset within OI&T will address process and product quality assurance. According to VA, as a part of VIP, the Product Owner is engaged from intake through project completion, which will ensure that the quality of the product is maintained throughout the life cycle. Additionally the department reported that the process of periodically reviewing open non-compliance issues and trends with management that is designated to receive and act on them will be accomplished through CIOStat meetings held with OI&T senior leadership. VA also reported that the Rational Quality Manager tool is used to automate routine testing activities to identify non-compliance issues and trends. As of July 2017, the department stated that the Product Owner is beginning to have a stronger role on the project team, which enables them to assist in all types of issues, including quality assurance. VA also stated that Release Agents develop and distribute Release Readiness Reports, which provide a status of all release requirements and of traceability among requirements, deliverables, and test results. VA expects to complete its actions in response to this recommendation by the end of fiscal year 2017.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to project scheduling, to include the 9 best practices that were missing from the guidance and revise the documented processes where the guidance was contrary to best practices.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that the implementation of VIP and Agile processes within OI&T will address five of the nine best practices related to project scheduling that are missing from its guidance. According to VA, business and compliance requirements will be captured during the planning phase and maintained in the IBM Rational Tools Suite to manage scheduled project/product builds and backlog which will allow the project to more accurately maintain the schedule baseline, capture all schedule changes, and provides an audit trail of all the changes. Additionally, the department reported that the IBM Rational Tools Suite connects requirements, change orders, test cases, and test results in order to have full traceability in a closed loop system. VA also noted that the use of short development builds within Agile increases the probability of successful adherence to the schedule; and Agile provides the flexibility to make schedule changes using the backlog to prioritize requirements. As of July 2017, VA stated that Project Build Planning sessions capture and prioritize all backlog items with high level activities captured in the VIP Dashboard; and that each project task receives an estimated duration. The department also stated that the project team commits to a high level scope for each build and then the scope is solidified and committed to in detail at each Sprint Plan. According to VA, at the end of each sprint the Product Owner accepts or rejects the product of what was committed to at Sprint Planning. The department also stated that there is a high-level commitment at the Critical Decision 1 meeting; that each build gets committed to at a more granular level; and that sprint planning includes establishing a firm commitment for exactly what will be completed during the sprint. The department further stated that part of the Agile process being used by OI&T removes rigid, mandatory constraints as long as project teams follow compliance epics. Additionally, the department reported that because of the use of Agile methodology, if a task is critical today, the project team can reprioritize and address the needs of the project immediately. According to VA, Agile supports both sustainment and development projects, by allowing changes to the project backlog to address high priority functionality. VA also stated that Agile allows flexibility to shift from one build to another based on priorities and to shift backlog items based on VIP Triad priorities. Additionally, according to the department, risks are managed in the Rational Tools Suite and impediments are raised and escalated during daily scrums and scrum of scrum calls. The VIP Guide indicates that product teams are required to make timely updates to the VIP Dashboard regarding schedule and that the Rational Tools Suite will be used to manage and administer source control and baselines; manage risks and issues; and manage scheduled product sprints and backlogs. However, the VIP Guide does not include practices to (1) document that each project task should receive a duration estimate; (2)require that the project schedule be traceable horizontally and vertically; (3) sequence all activities; and (4) confirm that the critical path is valid. Until OI&T's documented processes for developing schedules fully reflect best practices, the office is at risk that schedules created for its projects will not be reliable.
    Director: David A. Powner
    Phone: (202) 512-9286

    12 open recommendations
    Recommendation: In order to improve the accuracy of IT Dashboard incremental development data, the Director of OMB should direct the Federal Chief Information Officer (CIO) to clarify existing guidance regarding what IT investments are and are not subject to requirements on the use of incremental development and how CIOs should report the status of projects that are not subject to these requirements.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) has taken initial steps to implement our recommendation. Specifically, OMB's June 2016 annual capital planning guidance for fiscal year 2018 included instructions on what types of investments were required to adhere to incremental development requirements related to the delivery of usable functionality. The guidance stated that all software development projects are required to produce usable functionality at intervals of no more than six months. Further, all major development projects within investments are required to use modular/agile principles. However, OMB's guidance still lacks direction on how CIOs are to report the status of nonsoftware projects, as we recommended. In the absence of our recommended guidance clarification, OMB is at risk of agencies continuing to be unclear about how nonsoftware development investment data are to be reported on the Dashboard, increasing the risk that data on the IT Dashboard will not always be accurate. We will continue to evaluate OMB's progress in clarifying its guidance and considering a change to provide more detailed guidance related to the reporting of nonsoftware development investment data.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) concurred with our recommendation and stated that the Enterprise Business Management Office within the Office of the Chief Information Officer will validate each investment reported on the Dashboard and work with program officials to ensure they appropriately update the data for the IT Dashboard. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education (Education) concurred with our recommendation and stated that the department will ensure that the data is kept current using their IT portfolio management process. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce (Commerce) concurred with our recommendation and stated that these changes would be incorporated into the department?s Dashboard reporting. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (Defense) partially concurred with our recommendation and stated that the department is taking action to update the Dashboard data as appropriate. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) concurred with our recommendation. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation (Transportation) concurred with our recommendation and stated the department was committed to ensuring the information on the IT Dashboard reflects up to date information. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury (Treasury) did not comment on our recommendation. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education (Education) concurred with our recommendation to establish a departmentwide certification policy. Education officials reported in March 2017 that the department will complete changes to its guidance by November 2017. However, until this guidance is finalized, Education will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate Education's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (Defense) did not concur with our recommendation, stating that its existing guidance was adequate in this area. However, in August 2016, Defense issued its fiscal year 2018 budget submission guidance which required each component CIO to certify that IT investments were adequately implementing incremental development. The component CIOs were to document the certification in a statement of compliance memorandum, using their agency's letterhead, and submit the memorandum to the Defense CIO. Defense officials report that this same guidance will be added to the Financial Management Regulations during summer 2017. Until this annual guidance has been updated and incorporated into the department's standing policies, Defense is at risk of overlooking this requirement in subsequent years. We will continue to evaluate Defense's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) concurred with our recommendation to establish a departmentwide certification policy. However, HHS officials reported in April 2017 that they did not have a timeframe for when the department's new certification guidance would be completed. Until this guidance is finalized, HHS will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate HHS's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury (Treasury) did not comment on our recommendations. Further, Treasury officials reported in March 2017 that it had no plans to revise its policies, as we recommended. Until the department establishes a CIO certification policy, Treasury will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate Treasury's progress in implementing this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    22 open recommendations
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Education
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address it. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Energy
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that the Office of the CIO will update the CIO's OMB IT Dashboard Standard Operating Procedure to include the evaluation and assessment of active risks. This effort is to be completed by the end of December 2016. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it updated its CIO evaluation methodology to measure active risks in areas such as budget variance, performance, policy and governance compliance, risk management, and contract risk. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of the Interior
    Status: Open

    Comments: The Department agreed with this recommendation and, in a written response, stated that it plans to address this recommendation with the following actions: (1) developing a method to review and assign ratings for active risks that will be incorporated into CIO ratings and (2) integrating the risk rating methodology into a new process for all major investments' CIO ratings. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it is amending its current monthly review process to ensure that risks are factored into its IT Dashboard CIO ratings. VA expects to complete this effort during the first quarter of 2017. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of State
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address the recommendation. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Office of Personnel Management
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Defense, Education, and Homeland Security; and the Commissioner of the Social Security Administration should direct their CIOs to update their CIO ratings at least as frequently as required in OMB's guidance.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) disagreed with this recommendation. In its written response, the Department noted that its semi-annual reporting is consistent with FITARA requirements and is documented in its OMB-approved FITARA Implementation Plan. After the publication of our report in June 2016, OMB issued its "Fiscal Year 2018 IT Budget-Capital Planning Guidance." This guidance removes the mandatory reporting frequency, but states that OMB expects that the CIOs would evaluate and rate their investments at specific times, including when the investment business cases are submitted to OMB in the agency budget request and when the business cases are prepared for the President's Budget release. In light of this new guidance, we analyzed the Department's update frequency for its 34 major investments (as listed on the IT Dashboard in June 2017). From June 2016 through May 2017, we found that 26 of the investments' ratings were updated once: in May 2017. The other 8 investments were not updated during this timeframe. Prior to this, the last DOD rating updates were made in March 2016, over a year beforehand. This analysis shows that DOD is not adhering to either its own semi-annual reporting requirements or to OMB's expectations. As such, we are not closing the recommendation at this time. We will continue to monitor the IT Dashboard for changes to DOD's update frequency. We maintain that frequent rating updates help ensure that the information on the Dashboard is timely and accurately reflects recent changes. Without such updates, the CIO ratings on the IT Dashboard may not reflect the current level of investment risk.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that the Office of the CIO Enterprise Business Management Office is updating its program assessment guideline. The updated guideline will include risk-based scores as the basis for its investment ratings. The Department expects to release this new guideline by the end of December 2016. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Education
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address it. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department agreed with our recommendation and, in a written response, stated that the CIO has revised the IT Dashboard assessment criteria to directly incorporate the degree of risk represented in the investments' Business Case documents. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Energy
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that the Office of the CIO will update its IT Dashboard Standard Operating Procedure to include an active risk sub-criteria comprised of probability and impact scores. This effort is to be completed by the end of December 2016. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it updated its CIO evaluation methodology to measure active risks in areas such as budget variance, performance, policy and governance compliance, risk management, and contract risk. According to HHS, these risk areas reflect both internal and external risks that affect an investment's ability to accomplish its goals. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Social Security Administration
    Status: Open

    Comments: The agency partially agreed with our recommendation and, in a written response, stated that its CIO rating criteria includes a review of the level of risk facing an investment relative to that investment's ability to accomplish its goals. The written statement also notes that the CIO receives regular updates from key stakeholders on investment risks and mitigation plans. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of the Treasury
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it plans to require investment managers to assess operational risks detailing the probability and impact of pending threats to success. VA expects to complete this effort during the first quarter of 2017. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of State
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address the recommendation. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The agency disagreed with the recommendation and has not provided an update on its actions to address the recommendation. We will continue to monitor the implementation of this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    16 open recommendations
    including 4 priority recommendations
    Recommendation: The Director of OMB should identify and publish a specific goal associated with its non-provisioned O&M spending measure.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The agency agreed with the recommendation. In April 2017, OMB indicated that it has been working with agencies on their Strategic Plans and associated performance goals and measures, but that it would be premature to say whether there would be a specific goal on its non-provisioned O&M spending measure. We will continue to monitor the implementation of this recommendation.
    Recommendation: The Director of OMB should commit to a firm date by which its draft guidance on legacy systems will be issued, and subsequently direct agencies to identify legacy systems and/or investments needing to be modernized or replaced.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The agency agreed with the recommendation. In April 2017, OMB stated that it was updating the draft guidance on legacy systems and were unable to provide a date when they would be issuing it. We will continue to monitor the implementation of this recommendation.
    Recommendation: To monitor whether existing investments are meeting the needs of their agencies, the Secretaries of Commerce and the Treasury should direct the respective agency CIO to ensure that required analyses are performed on investments in the operations and maintenance phase.

    Agency: Department of Commerce
    Status: Open

    Comments: The agency agreed with the recommendation. In a May 2017 written update, the agency stated that it had updated its Capital Planning and Investment Control handbook with instructions on conducting operational analyses. However, the agency was unable to demonstrate that operational analyses were being completed on an annual basis, as required. We will continue to monitor the implementation of this recommendation.
    Recommendation: To monitor whether existing investments are meeting the needs of their agencies, the Secretaries of Commerce and the Treasury should direct the respective agency CIO to ensure that required analyses are performed on investments in the operations and maintenance phase.

    Agency: Department of the Treasury
    Status: Open

    Comments: The agency had no comment on the recommendation. In June 2017, Treasury provided an update on the IRS's efforts to ensure that operational analyses are performed on investments in the operations and maintenance phase. However, the recommendation is intended to address issues at the department level and not just at the IRS. Treasury declined to provide an update at the department level. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The agency agreed with the recommendation and in July 2017 stated that the department has drafted a Legacy Systems Modernization Framework. DHS is waiting for OMB?s draft guidance to be issued to ensure compliance. As a result, they now estimate this will be completed by December 2017. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Agriculture
    Status: Open

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it had taken steps to improve its overall IT governance processes, and in particular, its oversight of legacy systems. These steps included, implementing its FITARA strategy, creating a Cloud Strategy and Policy Office, and two new executive oversight groups. In addition, the agency stated that it planned to complete an IT Modernization Plan in calendar year 2018. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Commerce
    Status: Open

    Comments: The agency agreed with the recommendation. In May 2017, the agency stated that it was continuously assessing its current IT portfolio for opportunities to retire or modernize its mission critical legacy systems. Specifically, Commerce stated that it had identified two candidate systems for modernization--the National Weather Service Telecommunications Gateway and the USPTO Examiner Automated Search Tool. However, it is unclear how these plans will relate to OMB's guidance. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Defense
    Status: Open

    Comments: The agency partially concurred with the recommendation, and stated that it would continue to identify, prioritize, and manage legacy systems that should be modernized or replaced, based on existing DOD policies, using existing department processes, consistent to the extent practicable with OMB's draft guidance. In June 2017, the department stated that its position has not changed; the department believes that no corrective actions are necessary or planned. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Energy
    Status: Open
    Priority recommendation

    Comments: The department partially agreed with the recommendation and in an April 2017 update stated that the department has begun an initiative to migrated corporate business IT systems to cloud service providers. The department added that they were coordinating with their program offices to identify and prioritize other IT systems for migration. The department intends to review any forthcoming OMB guidance, and will consider early implementation of such guidance, as applicable to the department, when the guidance is provided. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The agency agreed with the recommendation and in a September 2016 written update stated that the office of the CIO is working to identify and plan to modernize or replace IT systems. As of July 2017, the agency had not responded to requests for updates on the implementation of this recommendation. We will continue to monitor this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Social Security Administration
    Status: Open

    Comments: The agency agreed with the recommendation and as of May 2017, the agency stated that it was working on finishing its Information Technology Modernization Plan that outlines 5 major applications that it plans to update. However, since OMB had not yet issued its legacy system guidance, it is unknown whether this plan is consistent with OMB's guidance. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Justice
    Status: Open

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it was completing the initial steps of an assessment to provide a qualitative and definitive list of systems which meet criteria for retirement and/or decommission. This assessment is to review the complexity of work per system, and provide a rough order of magnitude cost estimate on a system-by-system basis. Further, VA is in the process of decommissioning the BDN and PAID systems mentioned in our report. The decommissioning of BDN is in the planning stage and the agency estimates the project to cost $100 million to complete. The replacement of PAID has been occurring in incremental phases, but the agency did not provide an estimated date of retirement. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Transportation
    Status: Open

    Comments: The agency agreed with the recommendation and stated that work is underway to identify systems in need of modernization and upgrade. The department anticipated being able to close the recommendation 90 days after OMB issues guidance on legacy systems. Further, in a recent update, the agency stated that it had recently started a project to create an integrated inventory of Transportation's systems. According to the agency, through this project, it has been able to identify duplication and opportunities to create efficiencies. The next phase of this project is a future state diagram and a roadmap to show planned modernizations and possible divestments of legacy systems. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of the Treasury
    Status: Open
    Priority recommendation

    Comments: The agency had no comment on the recommendation. In a June 2017, Treasury provided an update on the IRS's efforts to modernize the IRS's legacy systems. However, the recommendation is intended to address issues at the department level and not just at the IRS. Treasury declined to provide an update at the department level. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Veterans Affairs
    Status: Open
    Priority recommendation

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it was completing the initial phase of an assessment to provide a qualitative and definitive list of systems which meet criteria for retirement and/or decommission. This assessment will review the complexity of work per system, and provide a rough order of magnitude cost estimate on a system-by-system basis. Further, VA is in the process of decommissioning the BDN and PAID systems mentioned in our report. The decommissioning of BDN is in the planning stage and the agency estimates the project to cost $100 million to complete. The replacement of PAID has been occurring in incremental phases, but the agency did not provide an estimated date of retirement. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: The agency agreed with the recommendation and stated that it plans to work with OMB upon the publication of OMB's guidance to identify opportunities for modernization. In an April 2017 update, the agency stated that it had extended plans to replace the systems mentioned in the report by several years. As of August 2017, the agency stated that it had finalized a new capital planning guide which includes investment review policy to identify opportunities for modernization and away from legacy systems. However, it is too soon to tell if it is in line with OMB's forthcoming guidance. We will continue to monitor the implementation of this recommendation.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    5 open recommendations
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to define the scope, implementation strategy, and schedule of the agency's overall modernization approach, with related goals and measures for effectively overseeing the effort. At a minimum, the agency should update its IT strategic plan and complete its modernization plan.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with this recommendation, and reported on actions taken to update its IT Modernization Plan such as conducting cross-functional work sessions to establish an actionable implementation roadmap in line with agency priorities. However, as of April 2017, we have not yet obtained evidence that FEMA has fully updated its IT strategic plan and completed its modernization plan to address the weaknesses identified in our report. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to establish time frames for current and future IT workforce planning during its modernization efforts and ensure all regions and offices are included in these initiatives.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department stated that FEMA completed the assessment of skills gap and identified and prioritized the skills required to staff and sustain the core competencies required to successfully implement FEMA's IT modernization efforts. However, we have not yet validated the agency actions to establish time frames for current and future IT workforce planning during its modernization efforts. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA adequately manages the selected emergency management systems, the FEMA Administrator should direct the DAIP, EMMIE, and IPAWS program offices, in conjunction with the FEMA CIO, to implement complete program plans that define overall budget and schedule, key deliverables and milestones, assumptions and constraints, description and assignment of roles and responsibilities, staffing and training plans, and an approach for maintaining these plans.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with our recommendation and in response updated its program management plans that support the program offices of the Disaster Assistance Improvement Plan, Emergency Management Mission Integrated Environment, and Integrated Public Alert and Warning System. The program plans addressed some of the weaknesses we identified in our report. For example, the program management plans identified and described the overall program management processes and methods to be used during all phases of projects and defined key deliverables and milestones, roles and responsibilities, staffing and training and an approach for maintaining the plans. However, the plans did not clearly define the knowledge and skills needed to carry out the program or provide sufficient details on the budget and scheduling for the programs under review. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA adequately manages the selected emergency management systems, the FEMA Administrator should direct the DAIP, EMMIE, and IPAWS program offices, in conjunction with the FEMA CIO, to implement a system integration plan that include all systems to be integrated with the system, roles and responsibilities for all relevant participants, the sequence and schedule for every integration step, and how integration problems are to be documented and resolved.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department reported that the system owner for DAIP, EMMIE, and IPAWS programs have updated their respective system integration plans to address the risks identified within the recommendation. In addition, the agency provided documentation such as the IPAWS Integrated Logistics Support Plan, as well as the quality control plan, and test execution plans for both the DAIP and EMMIE programs. However, we have not yet completed our analysis and validated the agency actions on this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As part of the effort of improving IT management at the three programs, the FEMA Administrator should direct the CIO to ensure that FEMA policy for managing IT programs includes guidance for implementing the key management practices.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with the recommendation. In its November 2016 update, FEMA reported that the System Owner for DAIP, EMMIE, and IPAWS have updated their respective IT management program and plans and coordinated with the FEMA CIO to address the risks identified within the recommendation. However, we have not yet validated the agency actions on this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    6 open recommendations
    Recommendation: To help improve the management of MAIS programs, the Secretary of the Army should direct the Tactical Mission Command program manager to develop a requirements management plan to document and manage its requirements process.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: The Department of Defense concurred with our recommendation. We have requested documentation regarding the status of implementing this recommendation. As of April 2017, we have not received a response from the department to our request. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To help improve the management of MAIS programs, the Secretary of the Navy should direct the Common Aviation Command and Control System program manager to identify weaknesses in the requirements traceability process and take corrective actions to manage the traceability of requirements to the respective lower-level requirements, and periodically evaluate work products, including the requirements management plan, and update them in accordance with the requirements guidance.

    Agency: Department of Defense: Department of the Navy
    Status: Open

    Comments: The Department of Defense concurred with our recommendation. We have requested documentation regarding the status of implementing this recommendation. As of April 2017, we have not received a response from the department to our request. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To help improve the management of MAIS programs, the Secretary of the Air Force should direct the Defense Enterprise Accounting and Management System program manager to address weaknesses in its controls for ensuring that all software requirements are tested and validated before deployment of new software releases.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: The Department of Defense concurred with our recommendation. We have requested documentation regarding the status of implementing this recommendation. As of April 2017, we have not received a response from the department to our request. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To help improve the management of MAIS programs, the Director of OMB should instruct the Federal Chief Information Officer (CIO) to add the Under Secretary of Defense for AT&L as a responsible party to DOD's MAIS entries on the Federal IT Dashboard website, alongside the CIO, to publicly disclose the responsible party for the acquisition performance management of MAIS programs.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget did not agree with the recommendation, but stated it would work with the Department of Defense to address it. In April 2017, the Department of Defense stated that it is reorganizing the office of the Under Secretary of Defense for AT&L and its responsibilities. We will continue to follow up with the department subsequent to the reorganization in an effort to determine the party responsible for the acquisition performance management of MAIS programs and OMB's efforts to disclose the responsible party on the Federal IT Dashboard.
    Recommendation: To help improve the management of MAIS programs, the Secretary of Defense should examine the MAIS critical change reporting process to identify root causes for delays and implement corrective actions for the timely delivery of critical change reports.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense concurred with our recommendation. We have requested documentation regarding the status of implementing this recommendation. As of April 2017, we have not received a response from the department to our request. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To help improve the management of MAIS programs, the Secretary of Defense should develop a mechanism for monitoring whether MAIS programs with late reports are restricted from obligating funds and in turn ensuring compliance with the Antideficiency Act.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense concurred with our recommendation. We have requested documentation regarding the status of implementing this recommendation. As of April 2017, we have not received a response from the department to our request. We will continue to monitor the department's progress in implementing this recommendation.
    Director: William Shear
    Phone: (202) 512-8678

    6 open recommendations
    including 1 priority recommendation
    Recommendation: To improve management of the Small Business Administration and to ensure that SBA assesses the effectiveness of its programs, the SBA Administrator should prioritize resources to conduct additional program evaluations.

    Agency: Small Business Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management of the Small Business Administration and to ensure that SBA fully meets GPRAMA requirements, the SBA Administrator should use the results of additional evaluations it conducts in its strategic planning process and ensure the agency's next strategic plan includes required information on program evaluations, including a schedule of future evaluations.

    Agency: Small Business Administration
    Status: Open
    Priority recommendation

    Comments: SBA officials stated that, as of October 2016, the agency had taken several steps to prioritize resources and establish an implementation plan for future evaluations, including hiring its first lead program evaluator to develop a long-term evaluation agenda and initiating four program evaluations. They stated that once completed, the evaluations would be incorporated into the agency's fiscal year 2018-2022 strategic plan. As of May 2017, SBA had started reviewing guidance on drafting this plan, which is due in February 2018.
    Recommendation: To improve management of the Small Business Administration and to improve SBA's human capital management, the SBA Administrator should incorporate into its next training plan key principles such as goals and measures for its training programs and input on employee development goals.

    Agency: Small Business Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management of the Small Business Administration and to ensure that SBA's organizational structure helps the agency meet its mission, the SBA Administrator should document the assessment of the agency's organizational structure, including any necessary changes to, for example, better ensure areas of authority, responsibility, and lines of reporting are clear and defined.

    Agency: Small Business Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management of the Small Business Administration and to improve SBA's program and management guidance, the SBA Administrator should set time frames for periodically reviewing and updating its SOPs as appropriate.

    Agency: Small Business Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management of the Small Business Administration and to help ensure that SBA's IT operations and maintenance investments are continuing to meet business and customer needs and the agency's strategic goals, the SBA Administrator should direct the appropriate officials to perform an annual operational analysis on all SBA investments in accordance with OMB guidance.

    Agency: Small Business Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David Powner
    Phone: (202) 512-9286

    17 open recommendations
    Recommendation: To better ensure that agencies' IT savings are being reinvested in the most efficient and effective manner possible, the Director of OMB should direct the Federal CIO to ensure that agencies complete their reinvestment plans, in accordance with established requirements, and maintain those plans on an ongoing basis.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) generally agreed with, and has taken initial steps to implement, our recommendation. In May 2016, OMB released updated guidance for agency's quarterly data submissions that noted the importance of providing savings reinvestment information. Specifically, OMB strongly encouraged agencies to provide reinvestment information where feasible, including a description of the activities that were funded using any savings achieved. OMB further noted that failing to provide such information might result in an agency being unable to accurately track its reinvestments. However, the May 2016 guidance notes that providing this reinvestment information is not required. As of May 2017, OMB had not yet updated its guidance for agencies quarterly data submissions to require reinvestment information. We will continue to evaluate OMB's progress in implementing this recommendation.
    Recommendation: To better ensure that agencies' IT savings are being reinvested in the most efficient and effective manner possible, the Director of OMB should direct the Federal CIO to require agencies to track actual reinvestment performance and define performance targets for agencies' reinvestments, as done previously.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) generally agreed with our recommendation, but has not yet taken steps to implement it. Specifically, as of May 2017, OMB had not issued additional guidance to require agencies to track actual reinvestment performance or defined performance targets for agencies' reinvestments. We will continue to evaluate OMB's progress in implementing this recommendation.
    Recommendation: To improve the department's IT savings reinvestment plans, the Secretary of Agriculture should direct the CIO to ensure that the department's integrated data collection submission to OMB includes, for all reported initiatives, complete plans to reinvest any resulting cost savings and avoidances from OMB-directed IT reform-related efforts.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Department of Agriculture agreed with our recommendation, but has not yet taken steps to implement it. Specifically, as of May 2017, the department's integrated data collection submission to the Office of Management and Budget had not been updated to include reinvestment plans for all reported cost savings and avoidance initiatives. For example, the department reported about $25 million in cost savings and avoidances related to its data center consolidation efforts, but did not include plans regarding how these savings would be reinvested. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: To improve the department's IT savings reinvestment plans, as part of any future update to the department's information resource management strategic plan or equivalent document, the Secretary of Commerce should direct the CIO to include information regarding the approach to reinvesting savings from the consolidation of commodity IT resources (including data centers) in accordance with OMB's guidance.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation, but has not yet taken steps to implement it. Specifically, as of May 2017, the department had not updated its IT Resource Management Strategic plan to include the approach to reinvesting savings from the consolidation of commodity IT resources. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: To improve the department's IT savings reinvestment plans, the Secretary of Commerce should direct the CIO to ensure that the department's integrated data collection submission to OMB includes, for all reported initiatives, complete plans to reinvest any resulting cost savings and avoidances from OMB-directed IT reform-related efforts.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation, but has not yet taken steps to implement it. Specifically, as of May 2017, the department's integrated data collection submission to the Office of Management and Budget had not been updated to include reinvestment plans for all reported cost savings and avoidance initiatives. For example, the department reported about $26 million in cost savings and avoidances related to its server virtualization efforts, but did not include plans regarding how these savings would be reinvested. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: To improve the department's IT savings reinvestment plans, the Secretary of Defense should direct the Defense CIO to ensure that the department's integrated data collection submission to OMB includes, for all reported initiatives, complete plans to reinvest any resulting cost savings and avoidances from OMB-directed IT reform-related efforts.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense partially agreed with our recommendation and has taken initial steps to implement it. Specifically, as of May 2017, the department reported approximately $331.4 million in data center consolidation cost savings in its quarterly integrated data collection submission to the Office of Management and Budget. Although the department's submission notes that it plans to reinvest these savings in the agency's core mission, it did not provide any further detail regarding these reinvestment plans. In addition, the department did not report any information technology cost savings and avoidance initiatives related to its business system modernization efforts, which it had previously reported to GAO as an area with substantial savings. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: In addition, to improve the U.S. Army Corps of Engineers' IT savings reinvestment plans, the Secretary of Defense should direct the Secretary of the Army, as part of any future update to the U.S. Army Corps of Engineers' IRM strategic plan or equivalent document, to include information regarding the approach to reinvesting savings from the consolidation of commodity IT resources (including data centers) in accordance with OMB's guidance.

    Agency: Department of Defense
    Status: Open

    Comments: The U.S. Army Corps of Engineers agreed with our recommendation, but has not yet taken steps to implement it. Specifically, as of May 2017, the agency had not yet updated its Information Resources Management Strategic Plan to include information regarding the approach to reinvesting savings from the consolidation of commodity IT resources. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To improve the department's IT savings reinvestment plans, the Secretary of Health and Human Services should direct the CIO, as part of any future update to the department's IRM strategic plan or equivalent document, to include information regarding the approach to reinvesting savings from the consolidation of commodity IT resources (including data centers) in accordance with OMB's guidance.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) agreed with, and has taken initial steps to implement, our recommendation. Specifically, in November 2015, the department stated that its Office of the Chief Information Officer will include reinvestment strategies in its next update of the HHS Information Resource Management Strategic Plan. According to the department, the updated strategic plan was expected to be completed by the end of September 2016. However, as of May 2017, the agency had not yet updated its Information Resources Management Strategic Plan to include information regarding the approach to reinvesting savings from the consolidation of commodity IT resources. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: To improve the department's IT savings reinvestment plans, the Secretary of Homeland Security should direct the CIO to ensure that the department's integrated data collection submission to OMB includes, for all reported initiatives, complete plans to reinvest any resulting cost savings and avoidances from OMB-directed IT reform-related efforts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security agreed with our recommendation, but has not yet taken steps to implement it. Specifically, as of May 2017, the department's integrated data collection submission to the Office of Management and Budget had not been updated to include reinvestment plans for all reported cost savings and avoidance initiatives. For example, the department did not include reinvestment plans for two cost avoidances strategies related to the Office of Management and Budget's PortfolioStat initiative that have resulted approximately $96 million in cost avoidances. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: To improve the department's IT savings reinvestment plans, the Secretary of Housing and Urban Development should direct the CIO to ensure that the department's integrated data collection submission to OMB includes, for all reported initiatives, complete plans to reinvest any resulting cost savings and avoidances from OMB-directed IT reform-related efforts.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: The Department of Housing and Urban Development agreed with, and has taken initial steps to implement, our recommendation. Specifically, as of May 2017, the department updated its integrated data collection submission to include reinvestment plans for one of the seven cost savings and avoidance initiatives reported. However, the six remaining initiatives, with savings and avoidances totaling approximately $6 million, did not include reinvestment plans. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: To improve the department's tracking of reinvestments, the Secretary of Labor should direct the CIO to use existing governance mechanisms and any improvements resulting from the implementation of FITARA to improve tracking of how savings have been reinvested.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor has taken initial steps to implement our recommendation. As of November 2015, the department stated that it was planning improvements in the area of information technology (IT) investment management in accordance with the Office of Management and Budget's June 2015 guidance for implementing the December 2014 IT reform law (commonly referred to as the Federal Information Technology Acquisition Reform Act or FITARA). The department added that these improvements would include the tracking of how savings have been reinvested. Subsequently, in May 2016, the department finalized its FITARA Implementation Plan. While the implementation plan discusses planned actions to improve the Chief Information Officer's involvement in agency IT budget requests, acquisition requests, and program management, it did not specifically discuss planned actions to improve the tracking of how information technology savings have been reinvested. In addition, as of May 2017, the department had not documented any FITARA implementation milestones that discussed making improvements in the tracking of how savings are reinvested. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: To improve the department's IT savings reinvestment plans, the Secretary of State should direct the CIO, as part of any future update to the department's IRM strategic plan or equivalent document, to include information regarding the approach to reinvesting savings from the consolidation of commodity IT resources (including data centers) in accordance with OMB's guidance.

    Agency: Department of State
    Status: Open

    Comments: The Department of State has not yet taken steps to implement our recommendation. Specifically, as of May 2017, the agency had not yet updated its Information Technology Strategic Plan to include information regarding the approach to reinvesting savings from the consolidation of commodity IT resources. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: To improve the department's IT savings reinvestment plans, the Secretary of the Treasury should direct the CIO, as part of any future update to the department's IRM strategic plan or equivalent document, to include information regarding the approach to reinvesting savings from the consolidation of commodity IT resources (including data centers) in accordance with OMB's guidance.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury has not yet taken steps to implement our recommendation. Specifically, as of May 2017, the agency had not yet updated its Information Resources Management Strategic Plan to include information regarding the approach to reinvesting savings from the consolidation of commodity IT resources. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: To improve the department's IT savings reinvestment plans, the Secretary of the Treasury should direct the CIO to ensure that the department's integrated data collection submission to OMB includes, for all reported initiatives, complete plans to use any resulting cost savings and avoidances from OMB-directed IT reform-related efforts.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury has not yet taken steps to implement our recommendation. Specifically, as of May 2017, the department's integrated data collection submission did not include reinvestment plans for all reported cost savings and avoidance initiatives. For example, the department reported about $1.07 billion in cost savings and avoidances from its information technology infrastructure efficiency initiatives, but did not provide information regarding how it plans to reinvest these savings and avoidances. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: To improve the department's IT savings reinvestment plans, the Secretary of Veterans Affairs should direct the CIO to ensure that the department's integrated data collection submission to OMB includes, for all reported initiatives, complete plans to reinvest any resulting cost savings and avoidances from OMB-directed IT reform-related efforts.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department of Veterans Affairs agreed with, and has taken initial steps to implement, our recommendation. Specifically, in November 2015, the department's Chief of Staff stated that the Office of Information and Technology was working to establish an office to closely monitor program performance, schedule, return on investment, and total cost of ownership, which will enable reinvestment opportunities. However, as of May 2017, the department's integrated data collection submission did not include reinvestment plans for all of the reported cost savings and avoidance initiatives. For example, the department reported about $177 million in cost savings and avoidances from the renegotiation of an enterprise agreement for software licenses, but did not provide information regarding how it plans to reinvest these savings and avoidances. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: To improve the agency's IT savings reinvestment plans, the Administrator of the Environmental Protection Agency should direct the CIO to ensure that the agency's integrated data collection submission to OMB includes, for all reported initiatives, complete plans to reinvest any resulting cost savings and avoidances from OMB-directed IT reform-related efforts.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency agreed with our recommendation, but has not yet taken steps to implement it. Specifically, as of May 2017, the agency's integrated data collection submission did not include reinvestment plans for all of the reported cost savings and avoidance initiatives. For example, the agency reported about $3 million in cost savings and avoidances related to two shared services initiatives, but did not provide information regarding how it plans to reinvest these savings and avoidances. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To improve the agency's IT savings reinvestment plans, the Director of the Office of Personnel Management should direct the CIO, as part of any future update to the agency's IRM strategic plan or equivalent document, to include information regarding the approach to reinvesting savings from the consolidation of commodity IT resources (including data centers) in accordance with OMB's guidance.

    Agency: Office of Personnel Management
    Status: Open

    Comments: The Office of Personnel Management (OPM) agreed with our recommendation, but has not yet taken action to implement it. Specifically, in November 2015, OPM's Acting Director stated that information regarding the approach to reinvesting savings from the consolidation of commodity IT resources (including data centers) would be included in future updates to OPM's Strategic IT Plan. However, as of May 2017, the agency had not yet updated its strategic plan to include this information. We will continue to evaluate the OPM's progress in implementing this recommendation.
    Director: Joel Willemssen
    Phone: (202) 512-6253

    2 open recommendations
    Recommendation: To help ensure that the Copyright Office makes improvements to its current IT environment, the Librarian of Congress should direct the Register of Copyrights to, for current and proposed initiatives to improve the IT environment at the Copyright Office, develop plans including investment proposals that identify the business problem, a proposed solution, the expected benefits, how the solution aligns with the Library's strategic plan, an initial 3-year cost estimate, and expected funding sources, and bring those to the Library's IT Steering Committee for review, as required by Library policy.

    Agency: Library of Congress
    Status: Open

    Comments: In commenting on our draft report, the Copyright Office neither agreed nor disagreed with our recommendation. Subsequently, the Copyright Office has begun to take steps to address this recommendation. For example, in November 2015 Copyright submitted to the Library's IT Steering Committee plans for three new fiscal year 2017 IT initiatives aimed at improving current systems, such as technical upgrades to the electronic (eCO) registration system. For each initiative, the office developed plans that identified the business problems, proposed solutions, expected benefits, alignment with the Library's strategic plan, initial 3-year cost estimates, and expected funding sources. In November 2016, the Librarian of Congress directed all top-level IT staff in the Library's various service units, including the Copyright CIO, to be detailed to the Library's OCIO. Subsequently, in April 2017 Library and Copyright Office officials stated that the Copyright Office, in coordination with the Library OCIO, will develop IT investment proposals for fiscal year 2018, including proposals for modernizing the Copyright Office's IT systems. We will continue to evaluate the Copyright Office's efforts to address our recommendation.
    Recommendation: To help ensure that the Copyright Office makes improvements to its current IT environment, the Librarian of Congress should direct the Register of Copyrights to develop an IT strategic plan that includes the office's prioritized IT goals, measures, and timelines, and is aligned with the Library's ongoing strategic planning efforts.

    Agency: Library of Congress
    Status: Open

    Comments: In commenting on our draft report, the Copyright Office neither agreed nor disagreed with our recommendation. In November 2016, the Librarian of Congress directed all top-level IT staff in the Library's various service units, including the Copyright Chief Information Officer (CIO), to be detailed to the Library's Office of the CIO. In light of this organizational realignment, in May 2017 the Library's Office of the CIO and the Copyright Office stated that they will be working in coordination to address our recommendation. We will continue to evaluate the Library and Copyright's efforts to address our recommendation.
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    5 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that HUD fully implements and sustains effective IT governance practices, the Secretary of Housing and Urban Development should direct the Deputy Secretary and the department's Chief Information Officer to place a high priority and ensure that the executive-level investment review board meets as outlined in its charter, documents criteria for use by the other boards, and distributes its decisions to appropriate stakeholders.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: As of April 2017, HUD had not provided information demonstrating that the department has addressed this recommendation. HUD reported that it established a new executive-level investment review board (i.e. the Executive Operations Committee) that replaced the board discussed in our report. However, as of April 2017, the department had not yet documented criteria the Committee had established for use by other boards or provided evidence of how this new committee would distribute decisions made to appropriate stakeholders.
    Recommendation: To ensure that HUD fully implements and sustains effective IT governance practices, the Secretary of Housing and Urban Development should direct the Deputy Secretary and the department's Chief Information Officer to place a high priority and fully establish and maintain a complete set of governance policies, establish time frames for establishing policies planned but not yet developed, and update key governance documents to reflect changes made to established practices.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: As of April 2017, the department had taken steps to address this recommendation. In 2015, HUD updated its Project Planning and Management policy and confirmed that the remaining policies to be developed were the IT Risk Policy and the IT Performance Management Policy. HUD also reported that the department planned to revise additional existing policies, including the IT Management Framework Policy, IT Capital Management Policy, IT Project Planning & Management Policy, IT Governance Policy, and IT Strategic Planning Policy. As of April 2017, the department had finalized a Risk Policy but reported it was still working on additional policy updates anticipated to be finalized during 2017.
    Recommendation: To ensure that HUD fully implements and sustains effective IT governance practices, the Secretary of Housing and Urban Development should direct the Deputy Secretary and the department's Chief Information Officer to place a high priority and fully establish an IT investment selection process that includes (1) articulating how reviews of project proposals are to be conducted; (2) planning how data (including cost estimates) are to be developed and verified and validated; (3) establishing criteria for how cost, schedule, and project risk are to be analyzed; (4) developing procedures for how proposed projects are to be compared to one another in terms of investment size (cost), project longevity (schedule), technical difficulty, project risk, and cost-benefit analysis; and (5) ensuring that final selection decisions made by senior decision makers and governance boards are supported by analysis, consider predefined quantitative measures, and are consistently documented.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: As of April 2017, HUD had not provided information demonstrating that the department has addressed this recommendation. In 2015, HUD reported that it had begun using a new tool to support its IT selection process. As of April 2017, the department had reported on improvements to its investment process but had not yet provided evidence of specific actions or plans aimed at ensuring the five IT selection processes highlighted in this recommendation would be addressed.
    Recommendation: To ensure that HUD fully implements and sustains effective IT governance practices, the Secretary of Housing and Urban Development should direct the Deputy Secretary and the department's Chief Information Officer to place a high priority and fully establish a well-defined process that incorporates key practices for overseeing investments, including (1) monitoring actual project performance against expected outcomes for project cost, schedule, benefit, and risk; (2) establishing and documenting cost-, schedule-, and performance-based thresholds for triggering remedial actions or elevating project review to higher-level investment boards; and (3) conducting post-implementation reviews to evaluate results of projects after they are completed.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: As of April 2017, the department had taken steps to address this recommendation. Specifically, in April 2016, HUD provided evidence of actions taken toward developing new processes for investment oversight practices. Specifically, the department created processes for conducting project health assessments and weekly project management meetings intended to monitor, among other things, actual performance against expected outcomes, and to establish thresholds for triggering remedial actions or elevating projects for additional review. As of April 2017, the department had not provided evidence that these new processes were fully established and institutionalized.
    Recommendation: To establish an enterprise-wide view of cost savings and operational efficiencies generated by investments and governance processes, the Secretary of Housing and Urban Development should direct the Deputy Secretary and Chief Information Officer to place a higher priority on identifying governance-related cost savings and efficiencies and establish and institutionalize a process for identifying and tracking comprehensive, high-quality data on savings and efficiencies resulting from IT investments and the IT governance process.

    Agency: Department of Housing and Urban Development
    Status: Open
    Priority recommendation

    Comments: As of April 2017, the department had taken steps to address this recommendation. Specifically, in April 2016, HUD provided examples of cost savings that the department had identified by "scrubbing" existing contracts during the fiscal year 2015 budget formulation process, along with copies of a template that it designed and used to help identify such savings. As of April 2017, the department had not yet provided evidence that it had formally established policies and procedures or taken other actions to institutionalize a process for identifying and providing an enterprise-wide view of IT-related cost savings and operational efficiencies.
    Director: David Powner
    Phone: (202) 512-9286

    8 open recommendations
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to ensure that all IT investments are assessed for suitability for migration to a cloud computing service.

    Agency: Department of Agriculture
    Status: Open

    Comments: We are in the process of reviewing agency documentation and waiting for additional supporting documentation.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to ensure that all IT investments are assessed for suitability for migration to a cloud computing service.

    Agency: Department of the Treasury
    Status: Open

    Comments: We contacted the agency and are awaiting its response on the status of efforts to implement this recommendation.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to ensure that all IT investments are assessed for suitability for migration to a cloud computing service.

    Agency: Department of State
    Status: Open

    Comments: The Department of State established a requirement for completing a cloud computing service alternatives analysis for all new projects, and that existing IT projects be evaluated for the viability to migrate to a cloud computing environment. Further, the department established key factors for consideration when selecting applications for migration to a cloud environment. However, State has not yet evaluated a majority of its IT investments for cloud alternatives. The department said it plans to complete evaluations for some of these investments by the end of FY2017, but has not yet established plans to evaluate over a third of its investments.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to ensure that all IT investments are assessed for suitability for migration to a cloud computing service.

    Agency: Small Business Administration
    Status: Open

    Comments: We are waiting for a response from SBA on the status of efforts to implement this recommendation.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to establish evaluation dates for those investments identified in this report that have not been assessed for migration to the cloud.

    Agency: Department of Agriculture
    Status: Open

    Comments: We are in the process of waiting for additional department documentation.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to establish evaluation dates for those investments identified in this report that have not been assessed for migration to the cloud.

    Agency: Department of the Treasury
    Status: Open

    Comments: We are waiting for a response from the department on the status of efforts to implement this recommendation.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to establish evaluation dates for those investments identified in this report that have not been assessed for migration to the cloud.

    Agency: Department of State
    Status: Open

    Comments: The Department of State established a requirement for completing a cloud computing service alternatives analysis for all new projects, and that existing IT projects be evaluated for viability to migrate to a cloud computing environment. Further, the department established key factors for consideration when selecting applications for migration to a cloud environment. However, the department has not yet established evaluation dates for the vast majority of the investments that have not been assessed for migration to the cloud. Specifically, the department plans to complete evaluations for some of these investments by the end of fiscal year 2017, but does not plan to do so for most of them.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to establish evaluation dates for those investments identified in this report that have not been assessed for migration to the cloud.

    Agency: Small Business Administration
    Status: Open

    Comments: We are waiting for a response from the department on the status of efforts to implement this recommendation.
    Director: Powner, David A
    Phone: (202) 512-9286

    3 open recommendations
    Recommendation: To better ensure that the Dashboard provides meaningful ratings and reliable investment data, the Director of OMB should direct the Federal CIO to make accessible regularly updated portions of the public version of the Dashboard (such as CIO ratings) independent of the annual budget process.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: Although the Federal CIO did not agree or disagree with our recommendation, OMB has taken initial steps to implement it. Specifically, OMB recently updated the Dashboard with a number of changes, and OMB officials stated in 2015 that they intended for the Dashboard to be able to show updates throughout the year. That said, OMB has yet to implement this recommendation. Specifically, OMB did not publish updates to the public version of the Dashboard during the fiscal year 2018 budget formulation process, starting at the end of August 2016. We will continue to monitor the Dashboard to determine if portions of the public version of the Dashboard (such as CIO ratings) are available throughout the year. Maintaining the availability of these data is important for increasing the utility of the Dashboard as a tool for greater IT investment oversight and transparency.
    Recommendation: To better ensure that the Dashboard provides accurate ratings, the Secretary of Commerce should direct the department CIO to ensure that the department's investments are appropriately categorized in accordance with existing statutes and that major IT investments are included on the Dashboard.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce disagreed with this recommendation. In written correspondence, the Department noted that, although it is no longer reporting three of the 10 investments reviewed for this engagement on the IT Dashboard, it is maintaining oversight through monthly Dashboard-like assessments. As of July 28, 2016, the Department stated that it did not have plans to re-categorize these three particular investments as IT and report the data on the IT Dashboard. We continue to believe that this recommendation has merit and will monitor the Department's efforts to maintain oversight for these investments.
    Recommendation: To better ensure that the Dashboard provides accurate ratings, the Secretary of Energy should direct the department CIO to ensure that the department's investments are appropriately categorized in accordance with existing statutes and that major IT investments are included on the Dashboard.

    Agency: Department of Energy
    Status: Open

    Comments: While the Department of Energy had agreed with this recommendation, in subsequent written correspondence, it explained that five of the eight investments noted by GAO as being IT were no longer being reported in the IT Portfolio on the Dashboard. Instead, the Department was reporting these data to OMB via an alternative reporting mechanism specific to high performance computing. In addition, the Department noted that the remaining three investments were deconsolidated or downgraded into non-major investments, or eliminated by funding and, as such, these investments will not be included on the Dashboard. However, we continue to believe that this recommendation has merit and that the remaining investments are more properly classified as IT. We will continue to monitor the Department's efforts to maintain oversight for these investments.
    Director: Powner, David A
    Phone: (202)512-9286

    48 open recommendations
    including 1 priority recommendation
    Recommendation: To help ensure the success of PortfolioStat, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to disclose the limitations of any data reported (or disclose the parameters and assumptions of these data) on the agencies' consolidation efforts and associated savings and cost avoidance.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In its comments on GAO's November 2013 report, OMB disagreed with this recommended action, stating that it had disclosed limitations on data reported and cited three instances of these efforts. However, GAO maintained that, while OMB reported limitations of data regarding commodity information technology (IT) consolidation efforts in these cases, the information reported did not provide stakeholders and the public with a complete understanding of the data presented. For example, OMB did not disclose that information from the Departments of Defense (DOD) and Justice was not included in the consolidation estimates reported, which, considering the scope of DOD's efforts in this area (at least $3.2 billion), was a major gap. As of March 2017, OMB still had not addressed this recommendation. During that month, the agency told GAO that improving the quality of the data agencies submit through the integrated data collections (which include data on agencies' consolidation efforts and associated savings and cost avoidance) is a priority and that Office of the Federal Chief Information Officer staff follow up with agencies when they detect anomalies in the data reported. OMB, however, did not address actions to disclose the limitations of data reported or disclose the parameters and assumptions of these data. Such disclosure would provide the public and other stakeholders with crucial information needed to understand the status of PortfolioStat and agency progress in meeting the goals of the initiative.
    Recommendation: To help ensure the success of PortfolioStat, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to require that agencies report on efforts to address action plan items as part of future PortfolioStat reporting.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: OMB's June 2015 memorandum on the management and oversight of federal information technology (M-15-14) established quarterly PortfolioStat sessions between OMB and agency Chief Information Officers. This represented a change from the previously required annual action item memos. In November 2016, OMB stated that it informally tracks action items resulting from PortfolioStat but no formal documentation is kept. We will continue to follow up on how OMB ensures that agencies report on efforts to address action items as part of future PortfolioStat reporting.
    Recommendation: To help ensure the success of PortfolioStat, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to improve transparency of and accountability for PortfolioStat by publicly disclosing planned and actual data consolidation efforts and related cost savings by agency.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In October 2015, OMB started displaying actual data consolidation savings data on the federal information technology (IT) dashboard, consistent with provisions of the IT reform legislation commonly referred to as the Federal Information Technology Acquisition Reform Act. However, in November 2016, and again in March 2017, OMB stated that it does not track planned cost savings and cost avoidance figures and did not provide any plans to do so. Improving the transparency and accountability for PortfolioStat by publicly disclosing both planned and actual data consolidation efforts and related cost savings by agency would provide stakeholders, including Congress and the public, a means to monitor agencies' progress and hold them accountable for reducing duplication and achieving cost savings.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Agriculture should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture (USDA) provided information on its efforts to ensure the quality of its commodity IT baseline data. Specifically, USDA reported having (1) developed a central repository for agencies and staff offices to populate commodity IT data and (2) provided training on the use of the repository, and (3)established an addtional level of oversight to monitor data quality. We are reviewing supporting documentation obtained from the department to determine whether the recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Agriculture should direct the CIO to fully describe the following PortfolioStat Action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for wasteful, low-value, or duplicative investments.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture provided information on the elements identified in the recommendation. We are reviewing additional supporting documentation obtained from the department to determine whether the recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, as the department finalizes and matures its valuation methodology, the Secretary of Agriculture should direct the CIO to utilize this process to identify whether there are additional opportunities to reduce duplicative, low-value, or wasteful investments.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture stated that its Chief Information Officer will formalize and implement a value-based measurement model to help determine which IT investments should be included in the USDA IT portfolio. We are reviewing supporting documentation obtained from the department to determine whether this recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Agriculture should direct the CIO to develop support for the estimated savings for fiscal years 2013 through 2015 for the Cellular Phone Contract Consolidation, IT Infrastructure Consolidation/Enterprise Data Center Consolidation, and Geospatial Consolidation initiatives.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture stated that its CIO has developed supporting documentation for the cost savings/avoidance associated with the efforts identified in the recommendation. We are reviewing supporting documentation obtained from the department to determine whether this recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Commerce should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

    Agency: Department of Commerce
    Status: Open

    Comments: In its January 2014 statement of actions to address our recommendations, the Department of Commerce stated that the majority of its IT investments were made at the operating unit level and it was therefore planning on issuing policy to require consistency between the operating units' enterprise architecture and the totality of IT investments as reflected in the annual capital asset plan and business case summary submission. The department noted it would also require that consistency between the department's enterprise architecture and the IT investment portfolio is confirmed before submission of either of these artifacts. We are following up with the department to determine the status of these planned actions.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Commerce should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of Commerce
    Status: Open

    Comments: In its January 2014 statement of actions to address our recommendations, the Department of Commerce stated it had submitted two iterations of its commodity IT baseline to OMB since we made our recommendation. The department noted the PortfolioStat process and requirement to submit the baseline through the integrated data collection tool helped ensure the baseline was complete. We plan to follow up with Commerce officials.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Defense should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of Defense
    Status: Open

    Comments: In its December 2013 statement of actions to address our recommendations, the Department of Defense stated that it had efforts underway, including an initiative known as the Joint Information Environment, to further refine the Department's commodity IT baseline. As of August 2016, we found that the department's DOD IT Portfolio Repository included business and enterprise IT systems--two of three commodity IT areas defined by OMB--as part of an ongoing engagement. We are following up with the department to find out about actions to develop an inventory of assets associated with IT infrastructure--the third category of commodity IT defined by OMB.
    Recommendation: To improve the department's implementation of PortfolioStat, in the future reporting to OMB, the Secretary of Defense should direct the CIO to fully describe the following PortfolioStat action plan element: consolidate commodity IT spending under the agency CIO.

    Agency: Department of Defense
    Status: Open

    Comments: As of December 2013, the department did not concur with this recommendation stating that the commodity IT construct implemented in the PortfolioStat initiative did not work well within the department's federated processes. The department agreed, however, that a strategy, consistent with the intent of achieving better buying power and control of commodity IT items, should be developed and implemented within the department using existing authorities, and noted that it was in the process of implementing such a strategy. In August 2016, we followed up with the department to obtain an update on the status of this strategy and determine the associated reporting to OMB. As of the end of October, we were still waiting for a response.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Defense should direct the CIO to obtain support from the relevant component agencies for the estimated savings for fiscal years 2013 to 2015 for the data center consolidation, enterprise software purchasing, and General Fund Enterprise Business System initiatives.

    Agency: Department of Defense
    Status: Open

    Comments: In its statement of actions to address our recommendations, the Department of Defense stated that it already reports data center consolidation savings to both OMB and Congress and will continue to realize savings from the Enterprise Software Initiative, other strategic sourcing efforts, and the continuing implementation of General Fund Enterprise Business System initiatives. As of August 2016, we had collected support for data center consolidation as part of our ongoing data center consolidation work, and were waiting to receive support for the Enterprise Software Initiative savings for fiscal years 2013 to 2015 through recommendation follow-up for a prior software licensing review (GAO-14-413). We are following up with the department to obtain support for savings for the General Fund Enterprise Business System.
    Recommendation: To improve the U.S. Army Corps of Engineers' implementation of PortfolioStat, in future reporting to OMB, the Secretary of Defense should direct the Secretary of the Army to the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) target duplicative systems or contracts that support common business functions for consolidation; (3) establish criteria for identifying wasteful, low-value, or duplicative investments; and (4) establish a process to identify these potential investments and a schedule for eliminating them from the portfolio.

    Agency: Department of Defense
    Status: Open

    Comments: In its statement of actions to address our recommendations, the Department of Defense stated that the U.S. Army Corps of Engineers would fully describe the four action plan elements identified in this recommendation in future OMB reporting. We are following up with the department to determine the status of these efforts and obtain the associated supporting documentation.
    Recommendation: To improve the U.S. Army Corps of Engineers' implementation of PortfolioStat, the Secretary of Defense should direct the Secretary of the Army to report on the agency's progress in consolidating eCPIC to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Defense
    Status: Open

    Comments: In October 2016, the Department of Defense provided a report stating it had completed the consolidation of eCPIC to a shared service in August 2014. We are following up with the department to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Energy should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Department of Energy
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Energy stated that it will update its policy orders as necessary to implement the OMB policy for consolidating commodity IT under the Chief Information Officer and include a description in future OMB reporting. The department also noted that it will work to establish additional value criteria to idenitfy low-value or duplicative federal commodity IT investments, and these criteria will be described in future OMB reporting. We are reviewing the department's reporting to OMB to determine the extent to which this recommendation has been addressed.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the Environmental Protection Agency should direct the CIO to develop a complete commodity IT baseline.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In August 2014, the Environmental Protection Agency reported that it uses OMB's quarterly integrated data collection submission process to continually update the information in its baseline. We are following up with the agency to determine whether it has any process to ensure the completeness of the information that is submitted.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Administrator of the Environmental Protection Agency should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets; and (3) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In August 2014, the Environmental Protection Agency stated that, in its August 2014 PortfolioStat update, it had reported to OMB on the status of actions to consolidate commodity IT spending under the agency CIO and to establish targets for commodity IT spending reductions. The agency also stated that it was working to develop criteria for identifying wasteful, low-value, and duplicative investments. We are reviewing the August 2014 PortfolioStat update to verify the agency's claims. We plan to also follow up on efforts to develop the aforementioned criteria and any associated reporting to OMB.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the Environmental Protection Agency should direct the CIO to report on the agency's progress in consolidating the managed print services and strategic sourcing of end user computing to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Environmental Protection Agency stated that it expected its print services to take on additional devices and locations beginning in April 2014 and that a contract vehicle for the purchasing and leasing of end user computing equipment was expected to be awarded by the end of the month. We are reviewing the agency's quarterly reporting to OMB to determine whether progress on the two initiatives was reported to OMB as we recommended.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of the Interior should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of the Interior
    Status: Open

    Comments: In August 2014, the Department reported that it was planning to undertake a series of activities spanning a 15-month timeframe to create a complete commodity IT baseline, including embarking upon a statistical analysis and cost projection initiative that is intended to identify the degree of confidence in the commodity IT baseline, and develop mechanisms that will enable validation and verification in the future. We will follow up with the department on the results of its activities.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of the Interior should direct the CIO to fully describe the following PortfolioStat action plan element: establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Department of the Interior
    Status: Open

    Comments: In its January 2014 comments on our report, the Department of the Interior stated that it was undertaking a business-driven approach that will involve working wtih its governance boards to establish criteria for identifying wasteful, low-value, or duplicative investments. The department stated it would establish the criteria by December 2014. However, the department did not address whether it would be reporting its plans to OMB, which was the focus of our recomnendation. We will follow up with officials on this.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of the Interior should direct the CIO to report on the department's progress in consolidating the Electronic Forms System component of the eMail Enterprise Records & Document Management System deployment 8 to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of the Interior
    Status: Open

    Comments: In its January 2014 comments on our report, the Department of the Interior provided information on the status of its efforts to consolidate the Enterprise Forms System to a shared service and established a December 2014 target date for completion. In addition, the department stated that it would report on the status of the initiative quarterly until completion. We will follow up with the department to monitor its progress in completing the initiative and reporting on it to OMB.
    Recommendation: To improve the department's implementation of PortfolioStat, the Attorney General should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

    Agency: Department of Justice
    Status: Open

    Comments: In its December 2013 response to this recommendation, the Department of Justice stated that it had updated its enterprise architecture to include 100 percent of the information technology investments. However, it did not provide evidence of this action.We will follow up with the department to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Attorney General should direct the CIO to fully describe the following PortfolioStat action plan element: establish targets for commodity IT spending reductions and deadlines for meeting those targets.

    Agency: Department of Justice
    Status: Open

    Comments: In its December 2013 response to this recommendation, the Department of Justice (DOJ) stated that its Email and Collaboration Working Group established consolidation targets, and began Phase One of its email consolidation effort. In addition, DOJ provided information on the status of its efforts to establish additional targets. We are reviewing the information provided, as well as DOJ's reporting to OMB, to determine the extent to which this recommendation has been addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Labor should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets.

    Agency: Department of Labor
    Status: Open

    Comments: In its December 2013 response to this recommendation, the Department of Labor stated that the Chief Information Officer participates in discussions to identify and eliminate duplication and facilitate the use of commodity IT and shared services through the IT governance committees. We are reviewing documentation we recently obtained from the department to determine the current status of action to address this recommendation.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Labor should direct the CIO to report on the department's progress in consolidating the cloud e-mail services to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor completed the consolidation of DOL agency e-mail systems into a shared cloud-based e-mail service in September 2014. In July 2015, the department provided evidence of a status report on the Office of Management and Budget IT dashboard showing completion of the initiative.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the National Aeronautics and Space Administration should direct the CIO to reflect 100 percent of information technology investments in the agency's enterprise architecture.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: in July 2015, NASA reported that it had initiated an effort referred to as Business Service Assessment (BSA) for IT to establish a more efficient IT operating model that maintains a minimum set of capabilities and meets current and future mission needs. The agency stated that one objective of the BSA is to guide technical, services, and investment decisions, create enterprise architecture and enterprise services methodologies for each IT domain that feeds into the overarching enterprise architecture for the full IT portfolio. In March 2016, the agency reported that final recommendations regarding the BSA were expected to be submitted to the Agency Mission Support Council at the end of the month. We are following up with NASA on the status of this recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Administrator of the National Aeronautics and Space Administration should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) target duplicative systems or contracts that support common business functions for consolidation; (3) establish criteria for identifying wasteful, low-value, or duplicative investments; and (4) establish a process to identify these potential investments and a schedule for eliminating them from the portfolio.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: In May 2015, NASA reported that OMB published new action items that resulted in a shift in tracking of the previous action items identified in our recommendation. In July 2015, the agency provided evidence of a July 2015 report updating OMB of the status of these items.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Archivist of the United States should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) target duplicative systems or contracts that support common business functions for consolidation; (3) establish criteria for identifying wasteful, low-value, or duplicative investments; and (4) establish a process to identify these potential investments and a schedule for eliminating them from the portfolio.

    Agency: National Archives and Records Administration
    Status: Open

    Comments: In its February 2014 statement of actions to address our recommendations, the National Archives and Records Administration reported that the four action plan elements identified in the recommendation had been included in the latest information resources management strategic plan submitted to OMB. We will review the plan to confirm whether the elements were included.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Director of the National Science Foundation should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: National Science Foundation
    Status: Open

    Comments: The National Science Foundation (NSF) reported that while OMB had not requested that the agency provide updates to the 2012 PortfolioStat action plan, NSF had provided different, OMB-requested documentation in support of annual PortfolioStat activities. We plan to follow up with the agency to determine the extent to which the documentation provided to OMB addresses our recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Director of the Office of Personnel Management should direct the CIO to develop a complete commodity IT baseline.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In August 2014, the Office of Personnel Management stated that it would be generating a policy requiring the baselines to be updated quarterly and established a target of May 2015 for fully implementing this recommendation. In March 2015, the agency stated that it was continuing to make progress toward the completion of its commodity IT baseline.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Director of the Office of Personnel Management should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) move at least two commodity IT areas to shared services and (2) target duplicative systems or contracts that support common business functions for consolidation.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In August 2014, the Office of Personnel Management stated that the initial program office responses to our recommendation represented the vision of the former Chief Information Officer (CIO). The agency stated that the new CIO's strategic plan would address duplicative systems and contracts as part of the CIO re-organization project that was underway, with the intent of bringing the different job functions under one group in order to utilize resources and common business functions more effectively. The agency established May 2015 as a target for fully implementing the recommendation. However, we have not yet received evidence of this action. We plan to follow up on the status of actions taken.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Director of the Office of Personnel Management should direct the CIO to report on the agency's progress in consolidating the help desk consolidation and IT asset inventory to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In August 2014, the Office of Personal Management (OPM) stated that a project initiated under the former Chief Information Officer's guidance deals specifically with help desk consolidation. OPM also stated it had leveraged the Remedy tool to integrate the IT asset inventory function as part of the help desk and that many of the IT asset inventory functions were now automated as part of this effort. The agency established May 2015 as a target for fully implementing the recommendation. We plan to follow up with OPM to find out about the status of actions taken to address this recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the Small Business Administration should direct the CIO to develop a complete commodity IT baseline.

    Agency: Small Business Administration
    Status: Open
    Priority recommendation

    Comments: In a recent GAO review examining whether agencies have complete inventories of business and enterprise IT systems (which represent 2 of the 3 categories of assets called for in the commodity IT baseline), SBA provided an inventory which it acknowledged did not include all systems or represent all offices. (Note: the review was summarized in GAO-16-511 issued in September 2016.) The agency noted that it was working with its offices to complete the inventory and hoped to finalize it and establish processes for updating the inventory, including possibly automating its data gathering abilities. In May 2017, SBA provided an update on the status of actions to address the recommendation. We are currently reviewing the documentation provided to determine whether SBA has fully addressed the recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Administrator of the Small Business Administration should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets; (3) target duplicative systems or contracts that support common business functions for consolidation; and (4) establish a process to identify those potential investments and a schedule for eliminating them from the portfolio.

    Agency: Small Business Administration
    Status: Open

    Comments: In June 2015, SBA stated it believed the action items would be addressed as part of its actions to implement the provisions of the Federal Information Technology Acquisition Reform Act. We reviewed the agency's December 2015 plan for implementing the law and an April 2016 update but did not find evidence of actions to address the items in the recommendation. In May 2017, SBA provided an update on the status of actions to address the recommendation. We are currently reviewing the documentation provided to determine whether SBA has fully addressed the recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Commissioner of the Social Security Administration should direct the CIO to develop a complete commodity IT baseline.

    Agency: Social Security Administration
    Status: Open

    Comments: In September 2014, the Social Security Administration (SSA) reported that the instruction set for its Special Expense Item process through which all non-labor IT dollars go now includes the definition of commodity IT baseline, and the requirement to identify all commodity IT baseline funds requested. SSA also stated it will report the commodity IT baseline results for fiscal year 2015 in its November integrated data collection report. We are reviewing the instruction set for the Special Expense Item process and SSA's November integrated data collection report to verify SSA's reported actions.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Commissioner of the Social Security Administration should direct the CIO to report on the agency's progress in consolidating the geospatial architecture to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Social Security Administration
    Status: Open

    Comments: In August 2015, the Social Security Administration (SSA) reported that it had migrated its geospatial architecture to a shared service in September 2014 and was complying with OMB reporting requirements. In July 2016, the agency provided e-mail messages and meeting minutes documenting various stages of the migration as evidence that it was completed as planned. However, SSA did not provide evidence of reporting to OMB. We are following up with SSA to obtain this evidence.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of State should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

    Agency: Department of State
    Status: Open

    Comments: According to the Department of State, since August 2014 all major and non-major IT investments and corresponding assets have been captured in enterprise architecture artifacts. We will follow up with the department to obtain documentation supporting this claim.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of State should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets; (3) move at least two commodity IT areas to shared services; (4) target duplicative systems or contracts that support common business functions for consolidation; and (5) establish a process to identify those potential investments and a schedule for eliminating them from the portfolio.

    Agency: Department of State
    Status: Open

    Comments: In August 2014, the Department of State reported taking several actions to address the action plan elements we determined had not been fully described in our review. For example, it provided the Integrated Logistics Management System and the Global IT Modernization program as examples of two commodity IT investments it had moved to shared services and reported that it instituted review processes to identify duplicative efforts within the IT portfolio. The department, however, did not state whether it had reported these actions to OMB, which was the focus of our recommendation. We will follow up with the department on this.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of State should direct the CIO to report on the department's progress in consolidating the Foreign Affairs Network and content publishing and delivery services to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of State
    Status: Open

    Comments: In August 2014, the Department of State reported that it had completed the content publishing and delivery services initiative and was reporting on its progress in consolidating the Foreign Affairs Network initiative to shared services through the OMB budget process. We plan to follow up with the agency to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Transportation should direct the CIO to report on the department's progress in consolidating the Enterprise Messaging to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Transportation
    Status: Open

    Comments: In September 2015, the department reported that it had discontinued its effort to migrate the Enterprise Messaging program to shared services because it was no longer cost-effective. We plan to follow up with the department on this matter.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of the Treasury should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Department of the Treasury
    Status: Open

    Comments: In September 2014, the Departmnent of the Treasury provided information on its efforts to address its action plan elements, including (1) establishing a general approach to reviewing new investment requests that considers risk, value, and cost; and (2) driving Treasury's IT investment portfolio toward common platforms whenever possible. However, the department did not address whether it was reporting on these efforts to OMB, which was the focus of our recommendation. We will follow up with the department on this.
    Recommendation: To improve the department's implementation of PortfolioStat, as the department finalizes and matures its enterprise architecture and valuation methodology, the Secretary of the Treasury should direct the CIO to utilize these processes to identify whether there are additional opportunities to reduce duplicative, low-value, or wasteful investments.

    Agency: Department of the Treasury
    Status: Open

    Comments: The department described several examples of processes it had in place to identify opportunities to reduce duplicative, low-value or wasteful investments, including annual reviews of each major IT investment and monthly portfolio reviews. We plan to follow up with the department to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of the Treasury should direct the CIO to develop support for the estimated savings for fiscal years 2013 to 2015 for the DoNotPay Business Center, Fiscal IT Data Center Consolidation and Business Process Management Status initiatives.

    Agency: Department of the Treasury
    Status: Open

    Comments: The department provided documentation related to its DoNotPay Business Center, Fiscal IT Data Center Consolidation, and Business Process Management Status initiatives. We are reviewing the information provided and plan to follow up with the department as appropriate.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the U.S. Agency for International Development should direct the CIO to reflect 100 percent of information technology investments in the agency's enterprise architecture.

    Agency: United States Agency for International Development
    Status: Open

    Comments: In response to this recommendation, in September 2014, USAID provided GAO its guidance for establishing an IT asset inventory consistent with Federal Information Systems Management Act requirements and its guidance for purchasing equipment and services which are compliant with agency standards. In October 2015, USAID also stated that it regularly updates its enterprise architecture through maintenance of its information systems inventory and evaluation of future investments. In March 2017, the agency provided GAO documentation supporting its efforts to maintain its information systems inventory and evaluate future investments. However, USAID did not show how these activities help ensure that investments are all included in the enterprise architecture. GAO is following up with the agency on this matter.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Veterans Affairs should direct the CIO to fully describe the following PortfolioStat action plan element: target duplicative systems or contracts that support common business functions for consolidation.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In a December 2015 update to the status of this recommendation, the department stated it was changing its governance processes and organizational structures for IT portfolio, system, project and requirements management to strengthen its ability to identify and eliminate/consolidate duplicative systems or contracts. The department recently reported that these new processes and organizations were established in the Spring of 2016, including a new strategic sourcing approach which should assist in addressing our recommendation. We are following up with the department to obtain evidence of this approach.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Veterans Affairs should direct the CIO to report on the department's progress in consolidating the dedicated fax servers to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In December 2015, the department reported that it would no longer pursue the initiative because an analysis performed in fiscal year 2014 indicated very little, if any cost savings to be achieved. The agency, however, did not provide evidence regarding any related reporting to OMB. We are following up with the department to obtain this evidence.
    Recommendation: To improve the department's implementation of PortfolioStat, as the department matures its enterprise architecture process, the Secretary of Veterans Affairs should direct the CIO to make use of it, as well as the valuation model, to identify whether there are additional opportunities to reduce duplicative, low-value, or wasteful investments.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In December 2015, the department stated it was changing its governance processes and organizational structures for IT portfolio, system, project and requirements management to strengthen its ability to identify and eliminate/consolidate duplicative systems or contracts. The department recently reported that these new processes and organizations were established in the Spring of 2016. We are following up with the department to find out how they are incorporating the use of the enterprise architecture and value model to identify opportunities to reduce duplicative, low-value, or wasteful investments.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Veterans Affairs should direct the CIO to develop detailed support for the estimated savings for fiscal years 2013 to 2015 for the Server Virtualization, Eliminate Dedicated Fax Servers Consolidation, Renegotiate Microsoft Enterprise License Agreement, and one CPU policy initiatives.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In December 2015, the department reported that the scope of the Server Virtualization initiative was increased and that the cost avoidance estimates were being revised accordingly. It also reported that the Elimination of Analog Fax Lines initiative was no longer being pursued because an analysis found that it would result in very little, if any, cost savings. In regards to the Renegotiate Microsoft Enterprise License Agreement initiative, the department reported that total savings over a 5-year period were renegotiated but did not provide supporting documentation. Lastly, the department reported that a new economic justification for the One CPU Policy initiative was being developed based on a consolidation strategy, and would be provided when completed. We are following up with the department to obtain documentation supporting its reported actions.
    Director: Powner, David A
    Phone: (202)512-9286

    1 open recommendations
    Recommendation: The Secretaries of Agriculture and Commerce should address the weaknesses in agency- and bureau-led TechStat processes and management outlined in this report.

    Agency: Department of Agriculture
    Status: Open

    Comments: The agency partially agreed with our assessment of the agency's TechStat process, but has not yet implemented our recommendation. At the time of our review, we identified several weaknesses in the agency's TechStat processes and management, including holding bureau-led TechStats, incorporating TechStats in its capital planning and governance structure, providing training on TechStats, and consistently capturing action steps, deadlines, and responsibilities in its TechStat memorandums. In an April 2017 update, the agency stated that it had not held any TechStats in 2016, but had identified several candidates for TechStats within the next 6 months. In addition, the agency plans to update its capital planning documents to include the TechStat program in late summer 2017. In addition, it has not finalized its TechStat training documentation, but plans to complete the documentation in late summer 2017. We will continue to monitor the implementation of this recommendation.
    Director: Powner, David A
    Phone: (202)512-9286

    3 open recommendations
    Recommendation: To improve the reliability of reported cost and schedule variance information for the seven major investments we reviewed, the Acting Commissioner of IRS should direct the Chief Technology Officer to improve the reliability of cost estimates by addressing the weaknesses we identified in this report so that each investment at least substantially meets each of the characteristics of a reliable cost estimate.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: We followed up on the status of IRS's actions to address this recommendation for the Customer Account Data Engine (CADE) 2, the Return Review Program (RRP), and IRS.gov, the three investments with significant planned expenditures for development in fiscal year 2017, according to data reported on the Federal IT dashboard (the remaining four investments in our 2013 review are primarily in operations and maintenance based on the same IT dashboard data). We selected CADE 2, RRP, and IRS.gov because they would benefit most from improvements to cost estimates given their life cycle stage. In the Summer of 2017, IRS provided documentation to demonstrate actions taken to address the weaknesses we had identified with the CADE 2, and RRP cost estimates. We are currently analyzing this information. For IRS.gov, IRS told us the investment had been in operations and maintenance for several years and was therefore not producing the cost documentation that is typically associated with development efforts. We requested documentation supporting this claim and as of September 2017 were waiting to receive it.
    Recommendation: To improve the reliability of reported cost and schedule variance information for the seven major investments we reviewed, the Acting Commissioner of IRS should direct the Chief Technology Officer to improve the extent to which schedules are well-constructed and controlled by addressing the weaknesses we identified in this report so that each investment at least substantially meets each of these characteristics.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: We followed up on the status of IRS's actions to address this recommendation for the Customer Account Data Engine (CADE) 2, the Return Review Program (RRP), and IRS.gov, the three investments with significant expenditures planned for development in fiscal year 2017, according to data reported on the Federal IT dashboard (the remaining four investments in our 2013 review are primarily in operations and maintenance based on the same IT dashboard data). We selected CADE 2, RRP, and IRS.gov because they would benefit most from improvements to schedule estimates given their life cycle stage. In the Summer of 2017, IRS provided documentation to demonstrate actions taken to address the weaknesses we had identified with the CADE 2, and RRP schedule estimates. We are currently analyzing this documentation. For IRS.gov, IRS told us the investment had been in operations and maintenance for several years and was therefore not producing the schedule estimates that are typically associated with development efforts. We requested documentation supporting this claim and as of September 2017 were waiting to receive it.
    Recommendation: To improve the reliability of reported cost and schedule variance information for the seven major investments we reviewed, the Acting Commissioner of IRS should direct the Chief Technology Officer to develop and implement guidance that specifies best practices--such as including evaluating critical path (for projected schedule), using earned value management data, evaluating the performance of completed work and comparing it to the remaining budget, assessing commitment values for material needed to complete remaining work, and estimating future conditions--to consider when determining projected cost and schedule amounts.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In June 2016, we reported on IRS's development and implementation of its Investment Performance Tool for tracking cost, schedule and scope metrics for its IT investments. At the time, IRS was using the tool for two investments. As of September 2017, we were reviewing the agency?s use of the tool as part of an ongoing review. We plan to further examine the use of the tool and the supporting guidance to determine the extent to which they address this recommendation.
    Director: Melvin, Valerie C
    Phone: (202)512-6304

    1 open recommendations
    Recommendation: To ensure that DOD continues to implement the full range of institutional management controls needed to address its business systems modernization high-risk area, the Secretary of Defense should ensure that the Deputy Secretary of Defense, as the department's Chief Management Officer, establish a policy that clarifies the roles, responsibilities, and relationships among the Chief Management Officer, Deputy Chief Management Officer, DOD and military department Chief Information Officers, Principal Staff Assistants, military department Chief Management Officers, and the heads of the military departments and defense agencies, associated with the development of a federated business enterprise architecture (BEA). Among other things, the policy should address the development and implementation of an overarching taxonomy and associated ontologies to help ensure that each of the respective portions of the architecture will be properly linked and aligned. In addition, the policy should address alignment and coordination of business process areas, military department and defense agency activities associated with developing and implementing each of the various components of the BEA, and relationships among these entities.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2017, the Department of Defense had taken steps to address the intent of our recommendation, but had not issued a policy that addresses the various elements called for in our recommendation. For example, in January 2017, the department issued a business enterprise architecture improvement plan, which included providing, among other capabilities, the ability to conduct process and system reviews within and across domains by January 2017. The plan also included delivering a federated ontology for business enterprise architecture data structures by June 2016. However, as of September 2017, the Office of the Deputy Chief Management Officer stated that work to develop the federated ontology was ongoing. In addition, the delivery date of the capability for conducting process and system reviews within and across domains had changed to June 2018. Further, the office stated that date was subject to a contract being awarded. In addition, as of September 2017, the department had not established policy that clarified the roles, responsibilities, authorities, and relationships between the Deputy Chief Management Officer and military department officials responsible for the business enterprise architecture and its federation or provided details of an overarching taxonomy to be used across the enterprise. We will continue to monitor the department's efforts to implement the recommendation.
    Director: Powner, David A
    Phone: (202)512-9286

    1 open recommendations
    Recommendation: The Commissioner of Internal Revenue should direct the appropriate officials to define and implement a process, including defined criteria, for reselecting ongoing projects.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: Since we made the recommendation, IRS has been working to redesign its investment management process. In June 2016, we reported that the agency had defined and implemented a repeatable process for selecting (and reselecting) operations support activities, though it had not fully documented the process, but did not have a similar process for its business systems modernization activities (GAO-16-545). We recommended that IRS document its process for operations support activities and establish, document, and implement policies and procedures for selecting new and reselecting ongoing business systems modernization activities. IRS agreed with our recommendations and, in January 2017, stated it expected to have an internal draft document of the operations support activities process completed by the end of February 2017 with a draft ready to share with GAO a month later. In addition, for the business systems modernization process, IRS noted several improvements underway and stated it would document the process as it improved by December 2017. We will continue to monitor IRS's efforts to define and implement processes, including criteria, for reselecting ongoing projects.