Information Technology: Implementation of Reform Legislation Needed to Improve Acquisitions and Operations

What GAO Found

The law commonly known as the Federal Information Technology Acquisition Reform Act (FITARA) was enacted in December 2014 and aims to improve federal information technology (IT) acquisition and operations. The law includes specific requirements related to seven areas. For example, it addresses

Agency Chief Information Officer (CIO) authority enhancements . Among other things, agency CIOs are required to approve the IT budget requests of their respective agencies and certify that IT investments are adequately implementing the Office of Management and Budget's (OMB) incremental development guidance.

Enhanced transparency and improved risk management . OMB and agencies are to make publicly available detailed information on federal IT investments, and agency CIOs are to categorize IT investments by risk. Additionally, if major IT investments are rated as high risk for 4 consecutive quarters, the agencies are to conduct a review of the investment.

Portfolio review. Agencies are to annually review IT investment portfolios in order to, among other things, increase efficiency and effectiveness, and identify potential waste and duplication. OMB is required to develop standardized performance metrics, to include cost savings, and to submit quarterly reports to Congress on cost savings.

Federal data center consolidation initiative. Agencies are required to provide OMB with a data center inventory, a strategy for consolidating and optimizing the data centers (to include planned cost savings), and quarterly updates on progress made. OMB is required to develop a goal of how much is to be saved through this initiative, and report on progress annually.

Maximizing the benefit of the federal strategic sourcing initiative . Federal agencies are required to compare their purchases of services and supplies to what is offered under the Federal Strategic Sourcing initiative.

OMB has released guidance for agencies to implement provisions of FITARA, which includes actions agencies are to take regarding responsibilities for CIOs. The guidance also reiterates OMB's existing guidance on IT portfolio management, a key transparency website, and the federal data center consolidation initiative; and expands its existing guidance on reviews of at-risk investments. Agencies were to conduct a self-assessment and submit a plan to OMB by August 2015 describing the changes they will make to ensure that responsibilities are implemented. Further, portions of these plans are required to be made publicly available 30 days after OMB's approval; as of October 30, 2015, none of the 24 Chief Financial Officers Act agencies had done so.

Further, FITARA's provisions are similar to areas covered by GAO's high-risk area to improve the management of IT acquisitions and operations. For example, GAO has noted that improvements are needed in federal efforts to enhance transparency, consolidate data centers, and streamline agencies' IT investment portfolios. To demonstrate progress in addressing this high-risk area, agencies will need to implement the legislation's provisions and GAO's outstanding recommendations.

Why GAO Did This Study

The federal government invests more than $80 billion annually in IT. However, these investments frequently fail, incur cost overruns and schedule slippages, or contribute little to mission-related outcomes. As GAO has previously reported, this underperformance of federal IT projects can be traced to a lack of disciplined and effective management and inadequate executive-level oversight. Accordingly, in December 2014, IT reform legislation was enacted, aimed at improving agencies' acquisition of IT. Further, earlier this year GAO added improving the management of IT acquisitions and operations to its high-risk list—a list of agencies and program areas that are high risk due to their vulnerabilities to fraud, waste, abuse, and mismanagement, or are most in need of transformation.

This statement provides information on FITARA and GAO's designation of IT acquisitions and operations as a high-risk area. In preparing this statement, GAO relied on its previously published work in these areas.