Information Technology:

FDA Has Taken Steps to Address Challenges but Needs a Comprehensive Strategic Plan

GAO-16-182: Published: Dec 17, 2015. Publicly Released: Dec 17, 2015.

Additional Materials:

Contact:

Valerie Melvin
(202) 512-6304
melvinv@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

As of September 2015, the Food and Drug Administration (FDA), an agency within the Department of Health and Human Services (HHS), had developed and released a new information technology (IT) strategic plan, entitled Information Technology Strategic Plan, Version 1.0 . The plan, according to the agency's Chief Information Officer (CIO), was developed to help FDA's Office of Information Management and Technology (OIMT) address business challenges facing the agency through the implementation of IT. The plan describes the current state of the agency's IT environment, along with OIMT's mission, vision, and the objectives of three strategic themes—quality service, security, and efficiency. The plan also defines performance measures and initiatives intended to support the office's strategic themes.

Nevertheless, the plan lacks key elements that GAO previously recommended be included in a comprehensive strategy to align with the agency-wide mission and goals, and allow the plan to be used for managing IT investments to more effectively address business challenges. For example, FDA's IT strategic plan does not align with strategic priorities and goals that the agency defined for 2014 through 2018. Further, it does not identify results-oriented goals and performance measures and milestones, or targets for measuring the extent to which outcomes of IT initiatives support FDA's ability to achieve agency-wide goals and objectives; strategies that the governing IT organization will use to support agency-wide goals and objectives; and key IT initiatives and interdependencies to be managed. The agency's CIO stated that this version of the strategic plan was developed to address challenges related to processes, technologies, roles, functions, and capabilities for improving the operations of OIMT, which has the responsibility for managing IT. However, FDA has not yet defined schedules or milestones for managing and completing the development and implementation of future versions of the plan that would reflect actions intended to address the agency-wide mission and goals. Until FDA incorporates these key elements of comprehensive IT strategic planning into its plan and fully implements the plan, it will lack critical information needed to align information resources with business strategies and investment decisions, and be hindered in determining whether outcomes of its IT initiatives are succeeding in supporting agency-wide goals.

FDA has made progress in implementing GAO's prior IT-related recommendations. Although it has not yet developed a comprehensive IT strategic plan, the agency has improved enterprise architecture development and IT human capital planning by implementing four of nine prior recommendations. FDA implemented two recommendations to develop an IT systems inventory that can be used to help manage IT investments and to improve information-sharing capabilities of one of its centers, and took steps toward implementing the remaining two recommendations related to improvements in scheduling and monitoring progress of a key IT modernization initiative. However, the agency did not complete all actions needed to implement these two recommendations. Specifically, it did not develop project schedules or conduct IT project monitoring in accordance with best practices. FDA's continued efforts to implement the remaining recommendations are critical to assuring that the agency's ability to manage IT investments and resources will meet its overall mission and goals.

Why GAO Did This Study

IT systems are critical to FDA's ability to achieve its mission. GAO previously reported on limitations in a number of FDA's key IT areas, including data availability and quality, information infrastructure, the ability to use technology to improve regulatory effectiveness, and investment management. GAO recommended FDA take actions to address these limitations, including the development of a comprehensive IT strategic plan to provide direction for modernizing the agency's IT environment.

The Food and Drug Administration Safety and Innovation Act of 2012 included a provision for GAO to report on FDA's progress regarding an IT strategic plan and implementation of GAO's prior recommendations. This report provides an assessment of the (1) status of FDA's efforts to develop and implement an IT strategic plan that includes results-oriented goals, activities, milestones, and performance measures; and (2) extent to which FDA has addressed GAO's prior IT-related recommendations.

To do so, GAO assessed the agency's 2015 IT strategic plan against best practices for IT management. GAO also reviewed supporting documents regarding FDA's actions on prior recommendations.

What GAO Recommends

GAO recommends that FDA define schedules and milestones for incorporating into its IT strategic plan elements that align with the agency's mission and business strategies, and fully implement the plan. HHS agreed with the recommendations.

For more information, contact Valerie Melvin at (202) 512-6304 or melvinv@gao.gov.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: In December 2015, we reported that the Food and Drug Administration (FDA) within the Department of Health and Human Services (HHS) had developed and released a new information technology (IT) strategic plan. The plan, according to the agency's Chief Information Officer (CIO), was developed to help FDA's Office of Information Management and Technology (OIMT) address business challenges facing the agency through the implementation of IT. However, the plan lacked key elements that GAO previously recommended be included in a comprehensive strategy to align with the agency-wide mission and goals, and allow the plan to be used for managing IT investments to more effectively address business challenges. For example, FDA's IT strategic plan did not align with strategic priorities and goals that the agency defined for 2014 through 2018. In addition, it did not identify results-oriented goals and performance measures and milestones, or targets for measuring the extent to which outcomes of IT initiatives support FDA's ability to achieve agency-wide goals and objectives; strategies that the governing IT organization would use to support agency-wide goals and objectives; and key IT initiatives and interdependencies to be managed. Further, we reported that FDA had not defined schedules or milestones for managing and completing the development and implementation of future versions of the plan that would reflect actions intended to address the agency-wide mission and goals. To help ensure that FDA's IT strategic planning activities are successful in supporting the agency's mission, we recommended that the Commissioner of FDA require the CIO to define schedules and milestones for incorporating into its IT strategic plan elements that align with the agency's mission and business strategies, and fully implement the plan. In response to our recommendation, FDA's CIO updated its IT strategic plan in 2016 and incorporated elements to align the plan's strategies with agency-wide priorities to be achieved through 2018. Specifically, the plan included result-oriented goals and performance measures that supported the agency's mission. For example, in order to support FDA's mission of promoting and protecting the public health more securely and efficiently, one of the result-oriented goals defined in the IT strategic plan was to ensure that the security, reliability, and accuracy of the agency's systems. To measure progress toward achieving this goal, FDA targeted outcomes of IT initiatives to meet 100% compliance of key regulations and mandates by the end of fiscal year 2018. The plan also identifies key IT initiatives that support the agency's goals and describes the interdependencies among these initiatives. For example, the plan includes a matrix that identifies the initiatives and maps them to FDA goals and objectives. For example, FDA's IT initiative, "enhancing cybersecurity compliance and oversight by strengthening the FDA's Cybersecurity Program to conduct highly effective incident response and decrease the overall security risks to sensitive FDA information" is aligned with FDA's goal to "reduce the risks in the manufacturing, production, and distribution of FDA-regulated products." In another example, FDA's IT initiative "improving the delivery of service by developing a master data management strategy to handle business data and data requirements" is aligned with FDA's goal for "promoting better informed decisions about the use of FDA-regulated products by improving patient and providers access to benefit risk information about the products". By incorporating such elements into its IT strategic plan, the agency will be in a position to better align information resources with business strategies and investment decisions, and ensure that outcomes of its IT initiatives support agency-wide goals.

    Recommendation: To help ensure that FDA's IT strategic planning activities are successful in supporting the agency's mission, goals, and objectives, the Commissioner of FDA should require the CIO to establish schedules and milestones for completing a version of an IT strategic plan that incorporates elements to align the plan's strategies with agency-wide priorities; includes results-oriented goals and performance measures that support the agency's mission, along with targets for measuring the extent to which outcomes of IT initiatives support FDA's ability to achieve agency-wide goals and objectives; identifies key IT initiatives that support the agency's goals; and describes interdependencies among the initiatives.

    Agency Affected: Department of Health and Human Services: Food and Drug Administration

  2. Status: Open

    Comments: According to agency officials, FDA's CIO met with the FDA Commissioner in 2016 where the updated IT strategic plan was reviewed and approved. The Commissioner identified key IT initiatives to be implemented within FY2017 and incorporated them into the CIO's performance management appraisal program. According to officials, the Commissioner requires the CIO to implement a plan to ensure that expected outcomes of the agency's key IT initiatives are achieved. FDA provided us with an excel spreadsheet that tracks the status of its IT initiatives at the agency's weekly FDA project meeting. We are in the process of evaluating the supporting documentation and will update the recommendation after we complete our evaluation.

    Recommendation: To help ensure that FDA's IT strategic planning activities are successful in supporting the agency's mission, goals, and objectives, the Commissioner of FDA should require the CIO to implement the plan to ensure that expected outcomes of the agency's key IT initiatives are achieved.

    Agency Affected: Department of Health and Human Services: Food and Drug Administration

 

Explore the full database of GAO's Open Recommendations »

Nov 13, 2018

Sep 27, 2018

Aug 2, 2018

Jun 13, 2018

May 24, 2018

May 23, 2018

May 22, 2018

Mar 14, 2018

Jan 30, 2018

Looking for more? Browse all our products here