IT Dashboard:

Agencies Need to Fully Consider Risks When Rating Their Major Investments

GAO-16-494: Published: Jun 2, 2016. Publicly Released: Jun 2, 2016.

Additional Materials:

Contact:

David A. Powner
(202) 512-9286
pownerd@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

Agencies determined investments' Chief Information Officer (CIO) ratings using a variety of processes, which included the Office of Management and Budget's (OMB) six suggested factors (including risk management, requirements management, and historical performance). Specifically, all 17 selected agencies incorporated at least two of OMB's factors into their risk rating processes and 9 used all of the factors. However, agencies' interpretations of these factors varied. For example, most agencies considered active risks, such as funding cuts or staffing changes, when rating investments, but others only evaluated compliance with the agency's risk management processes. Further, 13 agencies required monthly updates to CIO ratings as does OMB (as of June 2015), 1 agency scheduled its reviews based on risk, and 3 agencies required updates less often than on a monthly basis.

GAO's assessments generally showed more risk than the associated CIO ratings. In particular, of the 95 investments assessed, GAO's assessments matched the CIO ratings 22 times, showed more risk 60 times, and showed less risk 13 times (see graphic).

Comparison of Selected Investments' Chief Information Officer Ratings to GAO Assessments

Comparison of Selected Investments' Chief Information Officer Ratings to GAO Assessments img  data-cke-saved-src=

Aside from the inherent judgmental nature of risk ratings, three issues contributed to these differences:

Forty of the 95 CIO ratings were not updated during the month GAO reviewed, which led to more differences between GAO's assessments and the CIOs' ratings. This underscores the importance of frequent rating updates, which help to ensure that the information on the Dashboard is timely and accurately reflects recent changes to investment status.

Three agencies' rating processes span longer than 1 month. Longer processes mean that CIO ratings are based upon older data and may not reflect the current level of investment risk.

Seven agencies' rating processes did not focus on active risks. According to OMB's guidance, CIO ratings should reflect the CIO's assessment of the risk and the investment's ability to accomplish its goals. CIO ratings that do not incorporate active risks increase the chance that ratings overstate the likelihood of investment success.

 

Why GAO Did This Study

Although the government spends more than $80 billion in information technology (IT) annually, many of the investments have failed or have been troubled. In December 2014, provisions commonly referred to as the Federal Information Technology Acquisition Reform Act (FITARA) were enacted. Among other things, FITARA states that OMB shall make available to the public a list of each major IT investment including data on cost, schedule, and performance. OMB does so via the Federal IT Dashboard—its public website that reports on major IT investments, including ratings from CIOs which should reflect the level of risk facing an investment.

GAO's objectives were to (1) describe agencies' processes for determining CIO risk ratings for major federal IT investments primarily in development and (2) assess the risk of federal IT investments and analyze any differences with the investments' CIO risk ratings. To do so, GAO selected major IT investments with at least 80 percent of their fiscal year 2015 budget allocated to development (resulting in 95 investments across 15 agencies) and compared CIO rating processes to OMB guidance. GAO also analyzed data on those investments to create its own risk assessments.

What GAO Recommends

GAO is making 25 recommendations to 15 agencies to improve the quality and frequency of CIO ratings. Twelve agencies generally agreed with or did not comment on the recommendations and three agencies disagreed, stating their CIO ratings were adequate. GAO continues to believe these recommendations are valid.

For more information, contact David A. Powner at (202) 512-9286 or pownerd@gao.gov.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: The Department of Agriculture (Agriculture) agreed with the recommendation and, subsequently, in November 2017, implemented new CIO rating scoring criteria that incorporate active risks. Specifically, Agriculture's updated scoring criteria include an evaluation of the management and risk exposure scores of active risks. As a result, Agriculture's CIO ratings on the Dashboard should better reflect its investments' true likelihood of success to OMB, other oversight bodies, and the public.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency Affected: Department of Agriculture

  2. Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address it. We will update the status when we confirm what actions have been taken.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency Affected: Department of Education

  3. Status: Closed - Implemented

    Comments: The Department of Energy (Energy) agreed with the recommendation and, subsequently, updated its OMB IT Dashboard Standard Operating Procedure in December 2016 to incorporate active risks. Specifically, this updated procedure revised the Department's CIO rating criteria to include evaluations of the management and the risk exposure scores of active risks. As a result, Energy's CIO ratings on the Dashboard should better reflect its investments' true likelihood of success to OMB, other oversight bodies, and the public.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency Affected: Department of Energy

  4. Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it updated its CIO evaluation methodology to measure active risks in areas such as budget variance, performance, policy and governance compliance, risk management, and contract risk. When we receive the finalized version of this methodology, we will update the recommendation status.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency Affected: Department of Health and Human Services

  5. Status: Closed - Implemented

    Comments: The Department of the Interior (Interior) agreed with our recommendation and, subsequently, in March 2017, implemented an updated CIO risk process that standardizes ratings criteria and incorporates active risks. Specifically, the process calls for the Office of the CIO to consider the probability and impact of investment risks and factor those calculations into CIO ratings. As a result, Interior's CIO ratings on the Dashboard should better reflect its investments' true likelihood of success to OMB, other oversight bodies, and the public.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency Affected: Department of the Interior

  6. Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it is amending its current monthly review process to ensure that active risks are factored into its IT Dashboard CIO ratings. As of November 2017, VA planned to put this updated process into action by the end of March 2018. We will continue to monitor the implementation of this recommendation.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency Affected: Department of Veterans Affairs

  7. Status: Open

    Comments: The Department agreed with the recommendation, and, in an October 2017 response, stated that it currently evaluates risk as part of its IT governance activities. However, the department has not yet provided supporting documentation. When we confirm what actions have been taken, we will update the status.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency Affected: Department of State

  8. Status: Closed - Implemented

    Comments: The Office of Personnel Management (OPM) agreed with our recommendation and, in response to our report, implemented a risk rating process that incorporates active risks. Specifically, this process, which OPM implemented in May 2016, factors both the severity of the active risks and whether they are monitored by the investment team. As a result, OPM's CIO ratings on the Dashboard should better reflect its investments' true likelihood of success to OMB, other oversight bodies, and the public.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency Affected: Office of Personnel Management

  9. Status: Closed - Implemented

    Comments: The Department of Homeland Security (DHS) disagreed with this recommendation. In its written responses, the department stated that its risk-based process complied with OMB's "Fiscal Year 2017 IT Budget-Capital Planning Guidance" with regard to the frequency of its CIO rating updates. However, as noted in the report, we maintained that the guidance required at least monthly updates, and DHS rated its investments either monthly, quarterly, or semi-annually, depending on investment risk. DHS also noted that its process would be supported by the release of subsequent OMB guidance. After the publication of our report in June 2016, OMB issued its "Fiscal Year 2018 IT Budget-Capital Planning Guidance." This guidance removed the mandatory reporting frequency, but stated that OMB expected that the CIOs would evaluate and rate their investments at specific times, including when the investment business cases were submitted to OMB in the agency budget request and when the business cases were prepared for the President's Budget release. In light of this new guidance, we analyzed the department's update frequency for its 97 investments (as listed on the IT Dashboard in June 2017). From June 2016 through May 2017, we found that 82 investments had updates posted during at least two separate months. For the other 15 investments, 11 were updated during one month, and 4 investments were not updated at all. This analysis shows that, for the majority of its investments, DHS is meeting OMB's expectations for at least semi-annual updates. By meeting these expectations, the department will help ensure that the information on the Dashboard is timely and accurately reflects recent changes.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Defense, Education, and Homeland Security; and the Commissioner of the Social Security Administration should direct their CIOs to update their CIO ratings at least as frequently as required in OMB's guidance.

    Agency Affected: Department of Homeland Security

  10. Status: Closed - Implemented

    Comments: The Department of Education (Education) initially partially concurred with the recommendation. In its comments published in the report, Education stated that OMB's "Fiscal Year 2017 IT Budget-Capital Planning Guidance" addressed the required frequency of updates in several places and that the section specific to CIO evaluations only required agencies to update their ratings as soon as new information became available. In response, we maintained that the requirement for monthly updates was explicitly stated in the guidance and was confirmed by OMB staff. In comments from July 2016, Education stated that it agreed with the recommendation to update its CIO ratings at least as frequently as required in OMB's guidance. It also noted that its process complied with current OMB guidance. Indeed, OMB issued its "Fiscal Year 2018 IT Budget-Capital Planning Guidance" after our report was issued in June 2016. This guidance removed the mandatory reporting frequency, but stated that OMB expected that the CIOs would evaluate and rate their investments at specific times, including when the investment business cases were submitted to OMB in the agency budget request and when the business cases were prepared for the President's Budget release. In light of this new guidance, we analyzed Education's update frequency for its 30 investments (as listed on the IT Dashboard in June 2017). From June 2016 through May 2017, we found that 29 investments had updates posted during at least two separate months. The remaining investment was updated during one month. This analysis shows that, for the majority of its investments, Education is meeting OMB's expectations for at least semi-annual updates. By meeting these expectations, the Department will help ensure that the information on the Dashboard is timely and accurately reflects recent changes.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Defense, Education, and Homeland Security; and the Commissioner of the Social Security Administration should direct their CIOs to update their CIO ratings at least as frequently as required in OMB's guidance.

    Agency Affected: Department of Education

  11. Status: Closed - Implemented

    Comments: The Department of Defense (DOD) did not concur with this recommendation. In its written response, the Department noted that its semi-annual reporting is consistent with FITARA requirements and is documented in its OMB-approved FITARA Implementation Plan. After the publication of our report in June 2016, OMB issued its "Fiscal Year 2018 IT Budget-Capital Planning Guidance." This guidance removes the mandatory reporting frequency, but states that OMB expects that the CIOs would evaluate and rate their investments at specific times, including when the investment business cases are submitted to OMB in the agency budget request and when the business cases are prepared for the President's Budget release. In light of this guidance, we analyzed how frequently the Department updated the CIO ratings for its 26 major investments listed on the IT Dashboard in May 2018. From May 2017 through April 2018, we found that 21 of the 26 investments' ratings were updated in at least two separate months. Of the remaining 5 investments, 2 were updated in one month and 3 were not updated at all. This analysis shows that, for the majority of its investments, DOD is meeting OMB's expectations for at least semi-annual updates. By meeting these expectations, the Department will help ensure that the information on the Dashboard is timely and accurately reflects recent changes.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Defense, Education, and Homeland Security; and the Commissioner of the Social Security Administration should direct their CIOs to update their CIO ratings at least as frequently as required in OMB's guidance.

    Agency Affected: Department of Defense

  12. Status: Closed - Implemented

    Comments: The Social Security Administration (SSA) agreed with the recommendation. In its written comments, SSA stated that its investment evaluations now occur on a more frequent basis, consistent with OMB's "Fiscal Year 2018 IT Budget-Capital Planning Guidance." OMB released this new version of their Capital Planning Guidance following the publication of our report in June 2016. This guidance removed the mandatory reporting frequency, but stated that OMB expected that the CIOs would evaluate and rate their investments at specific times, including when the investment business cases were submitted to OMB in the agency budget request and when the business cases were prepared for the President's Budget release. In light of this new guidance, we analyzed SSA's update frequency for its 11 investments (as listed on the IT Dashboard in June 2017). From June 2016 through May 2017, we found that all 11 investments had CIO rating updates posted during at least two separate months. This analysis shows that SSA is meeting OMB's expectations for at least semi-annual updates. By meeting these expectations, SSA will help ensure that the information on the Dashboard is timely and accurately reflects recent changes.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Defense, Education, and Homeland Security; and the Commissioner of the Social Security Administration should direct their CIOs to update their CIO ratings at least as frequently as required in OMB's guidance.

    Agency Affected: Social Security Administration

  13. Status: Closed - Implemented

    Comments: The Department of Homeland Security (DHS) agreed with our recommendation, and, subsequently, in April 2017, implemented updated guidelines for scoring CIO risk ratings. Specifically, these updated guidelines increase the focus on investment risk and call for the consideration of risk exposure calculations when determining CIO ratings. As a result, DHS's CIO ratings on the Dashboard should better reflect the level of risk facing its investments, thereby helping to ensure that the Department's IT investments receive appropriate levels of oversight.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Department of Homeland Security

  14. Status: Closed - Implemented

    Comments: The Department of Agriculture (Agriculture) agreed with our recommendation and, subsequently, issued updated rating criteria in November 2017 that change how Agriculture assesses investment risk during its CIO rating process. Specifically, these updated rating criteria require an evaluation of investment risk registers and the adequacy of the mitigation strategy for each risk. As a result, Agriculture's CIO ratings on the Dashboard should better reflect the level of risk facing its investments, thereby helping to ensure that the Department's IT investments receive appropriate levels of oversight.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Department of Agriculture

  15. Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address it. According to the agency, it is currently being reviewed for closure. When we confirm what actions have been taken, we will update the status.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Department of Education

  16. Status: Open

    Comments: The Department agreed with our recommendation and, in a written response, stated that the CIO has revised the IT Dashboard risk rating criteria to incorporate the risk represented in the investments' documentation. However, as of November 2017, Commerce has yet to provide evidence of this change. We will continue to monitor the implementation of this recommendation.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Department of Commerce

  17. Status: Closed - Implemented

    Comments: The Department of Defense (DOD) partially concurred with this recommendation. While DOD agreed that CIO ratings need to reflect risk, the Department stated that its then-current CIO rating process already fulfilled this recommendation. Nevertheless, DOD subsequently implemented an updated CIO rating process in November 2016 that requires the DOD CIO to review additional sources of risk information before making CIO rating determinations. These additional sources include the Defense Acquisition Executive Summary (DAES), a primary source for identifying acquisition program risks. As a result, DOD's CIO ratings on the Dashboard should better reflect the level of risk facing its investments, thereby helping to ensure that the Department's IT investments receive appropriate levels of oversight.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Department of Defense

  18. Status: Closed - Implemented

    Comments: The Department of Energy (Energy) agreed with our recommendation and, subsequently, updated its OMB IT Dashboard Standard Operating Procedure in December 2016. Specifically, this updated procedure revised the Department?s CIO rating criteria to increase the focus on investment risk and provide additional guidance on the assessment of CIO evaluation factors such as risk management, requirements management, and contractor oversight. As a result, Energy's CIO ratings on the Dashboard should better reflect the level of risk facing its investments, thereby helping to ensure that the Department's IT investments receive appropriate levels of oversight.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Department of Energy

  19. Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it updated its CIO evaluation methodology to measure active risks in areas such as budget variance, performance, policy and governance compliance, risk management, and contract risk. According to HHS, these risk areas reflect both internal and external risks that affect an investment's ability to accomplish its goals. When we receive the finalized version of this methodology, we will update the recommendation status.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Department of Health and Human Services

  20. Status: Open

    Comments: SSA partially agreed with our recommendation and, in a written response, stated that its CIO rating criteria includes a review of the level of risk facing an investment relative to that investment's ability to accomplish its goals. The written statement also notes that the CIO receives regular updates from key stakeholders on investment risks and mitigation plans. However, as of November 2017, we have yet to receive documentation showing any revisions to SSA's CIO rating process. When we confirm what actions have been taken, we will update the status of this recommendation.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Social Security Administration

  21. Status: Closed - Implemented

    Comments: The Department of Transportation (Transportation) agreed with our recommendation and, subsequently, updated its CIO rating process in its June 2016 Investment Management Process Guidance. This guidance specifies that IT Dashboard rating recommendations should be based on risks associated with cost, schedule, and performance against planned goals and objectives. As a result, Transportation's CIO ratings should better reflect the level of risk facing its investments, thereby helping to ensure that the Department's IT investments receive appropriate levels of oversight.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Department of Transportation

  22. Status: Closed - Implemented

    Comments: The Department of the Treasury (Treasury) did not comment on this recommendation. Nevertheless, Treasury subsequently updated its CIO rating process in July 2016 to focus more on investment risk. Specifically, the new process includes separate risk calculations for project and operational risks that, when combined, account for half of the final CIO rating. As a result, Treasury's CIO ratings on the Dashboard should better reflect the level of risk facing its investments, thereby helping to ensure that the Department's IT investments receive appropriate levels of oversight.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Department of the Treasury

  23. Status: Open

    Comments: VA agreed with the recommendation and, in a written response, stated that it will ensure that CIO ratings reflect the level of risk facing its investments. To accomplish this, the Department planned to require investment managers to assess operational risks detailing the probability and impact of pending threats to success. As of November 2017, VA planned to implement this process by the end of March 2018. We will continue to monitor the status of this recommendation.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Department of Veterans Affairs

  24. Status: Open

    Comments: The Department agreed with the recommendation, but has not yet provided supporting documentation. When we confirm what actions have been taken, we will update the status.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Department of State

  25. Status: Open

    Comments: The agency disagreed with the recommendation and, as of November 2017, has not provided an update on its actions to address the recommendation. We will continue to monitor the implementation of this recommendation.

    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency Affected: Environmental Protection Agency

 

Explore the full database of GAO's Open Recommendations »

Jun 13, 2018

May 24, 2018

May 23, 2018

May 22, 2018

Mar 14, 2018

Jan 30, 2018

Jan 10, 2018

Nov 21, 2017

Nov 15, 2017

Looking for more? Browse all our products here