Information Technology:

Agencies Need to Improve Their Application Inventories to Achieve Additional Savings

GAO-16-511: Published: Sep 29, 2016. Publicly Released: Sep 29, 2016.

Additional Materials:

Contact:

David Powner
(202) 512-9286
pownerd@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

Most of the 24 Chief Financial Officers (CFO) Act of 1990 agencies in the review fully met at least three of the four practices GAO identified to determine if agencies had complete software application inventories. To be considered complete, an inventory should (1) include business and enterprise information technology (IT) systems as defined by the Office of Management and Budget (OMB); (2) include these systems from all organizational components; (3) specify application name, description, owner, and function supported; and (4) be regularly updated. Of the 24 agencies, 4 (the Departments of Defense, Homeland Security, and Justice, and the General Services Administration) fully met all four practices, 9 fully met three practices, 6 fully met two practices, 2 fully met one practice, and 3 did not fully meet any practice (see figure).

Assessment of Whether Agencies Fully Met Practices for Establishing Complete Software Application Inventories

Assessment of Whether Agencies Fully Met Practices for Establishing Complete Software Application Inventories

A January 2016 OMB requirement to complete an IT asset inventory by the end of May 2016 contributed to most of the agencies fully meeting the first three practices. Agencies that did not fully address these practices stated, among other things, their focus on major and high risk investments as a reason for not having complete inventories. However, not accounting for all applications may result in missed opportunities to identify savings and efficiencies. It is also inconsistent with OMB guidance regarding implementation of IT acquisition reform law, referred to as the Federal Information Technology Acquisition Reform Act, which requires that Chief Information Officers at covered agencies have increased visibility into all IT resources. Not accounting for all applications also presents a security risk since agencies can only secure assets if they are aware of them.

Each of the six selected agencies relied on their investment management processes and, in some cases, supplemental processes to rationalize their applications to varying degrees. However, five of the six agencies acknowledged that their processes did not always allow for collecting or reviewing the information needed to effectively rationalize all their applications. The sixth agency, the National Science Foundation (NSF), stated its processes allow it to effectively rationalize its applications, but agency documentation supporting this assertion was incomplete. Only one agency—the National Aeronautics and Space Administration (NASA)—had plans to address shortcomings. Taking action to address identified weaknesses with agencies' existing processes for rationalizing applications would assist with identifying additional opportunities to reduce duplication and achieve savings.

Why GAO Did This Study

The federal government is expected to spend more than $90 billion on IT in fiscal year 2017. This includes a variety of software applications supporting agencies' enterprise needs. Since 2013, OMB has advocated the use of application rationalization. This is a process by which an agency streamlines its portfolio of software applications with the goal of improving efficiency, reducing complexity and redundancy, and lowering the cost of ownership.

GAO's objectives were to determine (1) whether agencies have established complete application inventories and (2) to what extent selected agencies have developed and implemented processes for rationalizing their portfolio of applications. To do this, GAO assessed the inventories of the 24 CFO Act agencies against four key practices and selected six agencies—the Departments of Defense, Homeland Security, the Interior, Labor, and NASA and NSF—due to their IT spending, among other factors, to determine whether they had processes addressing applications.

What GAO Recommends

GAO is recommending that 20 agencies improve their inventories and five of the selected agencies take actions to improve their processes to rationalize their applications more completely. The Department of Defense disagreed with both recommendations made to it. After reviewing additional evidence, GAO removed the recommendation associated with improving the inventory but maintained the other. The other agencies agreed to or had no comments on the draft report.

For more information, contact David Powner at (202) 512-9286 or pownerd@gao.gov.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: We reported that the U.S. Agency for International Development (USAID) had partially met the following two practices for establishing a complete software application inventory, (1) includes systems from all organizational components, and (2) is regularly updated with quality controls to ensure reliability. In March 2018, the agency provided its updated application inventory, which includes enterprise IT and business systems from all organizational components, and basic application attributes for each system, including the system's name, description, and owner. USAID also provided documentation showing how it maps the applications to business domains, business capabilities, and business services. In addition, USAID officials provided documentation showing that the agency regularly updates the inventory, and documentation of controls to ensure the reliability of the data. As a result of these actions, the agency is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: United States Agency for International Development

  2. Status: Closed - Implemented

    Comments: We reported that the Department of Agriculture (USDA) partially met the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, we reported that the agency planned to complete a crosswalk of the data in the IT Asset Inventory, Cyber Security Administration and Management system, and Capital Planning and Investment Control inventories. Further, we reported that the department had not regularly reconciled and verified the data in its Enterprise Architecture Repository, which maintains the IT Asset Inventory, against data in the Cyber Security and Administration system to ensure the accuracy of the data. In response to our recommendation, in September 2016, the department completed a crosswalk of the IT asset information in the Enterprise Architecture Repository, Cyber Security Administration and Management system, and Capital Planning and Investment Control system, which resulted in the identification of opportunities to better synchronize the IT Asset Inventory data contained in the department's systems. In addition, in March 2017, the agency's Enterprise Architecture Division completed a quality review of the agency's application inventory. Specifically, the division reviewed and normalized IT asset information held in multiple systems, including the Enterprise Architecture Repository, Cyber Security Administration and Management system, and the Capital Planning and Investment Control system. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Agriculture

  3. Status: Open

    Comments: We reported that the Department of Education partially met the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, we reported that the department had not yet established a policy for updating its inventory. In May 2017, the department issued an updated Lifecycle Management Framework directive, which requires system program managers to update the IT asset management information, including for software applications, in the department's Cyber Security Assessment and Management (CSAM) tool. In addition, in June 2017, the department updated its System Inventory Methodology and Guidance Document to ensure that the inventories within CSAM accurately reflect the system's software and operating system, and that all software utilized on the system is appropriately licensed and approved for use by the department's Enterprise Architecture Review Board. We will follow up with the department to determine whether it is using its updated policies.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Education

  4. Status: Open

    Comments: We reported that the Department of Commerce did not meet the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, the department did not provide evidence of a process to regularly update its inventory or quality controls to ensure the reliability of the data collected. In October 2017, the department reported that application inventory information will be captured through the Department of Commerce Capital Planning and Investment Control (CPIC) system, as part of its regular updating of investment information. Further, the department stated that it will update its CPIC handbook to provide guidance on quality control to ensure reliability of the data collected. We plan to continue to follow up with Commerce to monitor the status of these planned actions.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Commerce

  5. Status: Open

    Comments: We reported that the Department of Energy partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In May 2017, the department reported that it plans to implement automated monitoring and inventory tools by the end of fiscal year 2018, which it expects will address the key practices. We plan to monitor the department's efforts to implement the tools.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Energy

  6. Status: Open

    Comments: We reported that the Department of Housing and Urban Development partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In June 2017, the department reported that is working to identify applications in field offices, and plan for this effort to be completed in fiscal year 2018. In addition, the department stated it plans to update the inventory to include business functions for each system by the end of fiscal year 2017. Further, department officials stated that to ensure the accuracy and reliability of the application inventory, the department plans to conduct quarterly portfolio reviews starting in fiscal year 2018. We plan to continue to monitor the department's efforts.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Housing and Urban Development

  7. Status: Open

    Comments: We reported that the Department of Health and Human Services (HHS) partially met the following software application inventory practice: is regularly updated with quality controls to ensure reliability. In June 2017 we followed up with HHS to obtain a status of actions to address our recommendation. As of November 2017, we were still waiting for a response.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Health and Human Services

  8. Status: Open

    Comments: We reported that the Social Security Administration (SSA) partially met the following two software application inventory practices, (1) includes systems from all organization components, and (2) regularly updates the inventory with quality controls to ensure reliability. In March 2017, SSA officials reported that the agency's Office of Systems and Office of Operations continue to collaborate on integrating application information into the Enterprise Application Inventory. The officials reported that regionally developed applications that have been granted authority to operate have been imported into the enterprise application inventory. In addition, the officials stated that the Office of Operations is in the process of redesigning their repository to accommodate requirements to support the Enterprise Application Inventory, including the ability to update and maintain application information in the enterprise repository. Lastly, SSA officials reported that its Office of Information Security and Office of Systems continue to work to identify additional headquarters applications and develop process and automation to include applications in the inventory. However, the agency did not provide documentation that supports the efforts taken. We are following up with the agency to obtain documentation.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Social Security Administration

  9. Status: Open

    Comments: We reported that the Department of Interior did not meet the software application inventory practice of regularly updating the inventory with quality controls to ensure reliability, and partially met the practice of including systems from all organization components. In June 2017, the department reported that it plans to review the application inventory for quality and completeness as a part of its annual update. Further, the department reported that it included applications and systems related to infrastructure investments in the IT portfolio as part of the fiscal year 2017 annual update to the department's application inventory. However, the department did not provide supporting documentation. We plan to monitor the department's efforts to ensure the accuracy and completeness of the inventory, as well as its efforts to include all its business systems in the inventory.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of the Interior

  10. Status: Open

    Comments: In June 2017, the department reported that it had updated its application inventory to, among other things, address the key practices it had not fully met. We are following up with the department to obtain supporting documentation.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Transportation

  11. Status: Open

    Comments: We reported that the Department of Labor did not meet one software application inventory practice, and partially met three practices. Specifically, we reported that the department did not meet the practice to ensure that the inventory is regularly updated with quality controls to ensure reliability, and partially met the practices to (1) include business and enterprise IT systems, (2) include systems from all organizational components, and (3) specify basic application attributes. In March 2018, department officials provided an updated inventory, which included business and enterprise IT systems from all organizational components, and specified basic attributes, including the name, owner, and business function. In addition, officials stated that they plan to update the inventory on a periodic basis as necessary, at minimum annually, as part of the department's IT budgeting process. Further, officials stated that the department implemented an initiative in fiscal year 2016 to improve the quality of data their agencies are reporting on their IT systems as part of the department's IT Capital Planning and Investment Control process. However, the department did not provide evidence of this data quality initiative.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Labor

  12. Status: Open

    Comments: We reported that the Department of the Treasury had partially met the following two practices for establishing a complete software application inventory, (1) specifies basic application attributes, and (2) is regularly updated with quality controls to ensure reliability. In September 2017, the department provided evidence showing that it had taken steps to address these practices. Specifically, the department provided an export of its inventory, which showed that most of the systems listed contained a system description. According to department officials, some systems do not have a system description because the department's inventory policy allows bureaus to attach documents to the inventory, which include the system description, instead of populating the system description field. Further, the policy does not require a system description for systems in the disposal state. Moreover, the inventory did not include the business segment or function that the system supports. According to Treasury officials, the Bureau and Functional Unit fields within the inventory allow the department to map the systems to the business segments that they support; however, they did not provide documentation showing this mapping. We are following up with the Treasury to obtain supporting documentation, including its inventory policy. Further, we will continue to monitor its efforts to ensure that the inventory is regularly updated with quality controls to ensure its reliability.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of the Treasury

  13. Status: Closed - Implemented

    Comments: We reported that the Department of Veterans Affairs (VA) had partially met the following practice for establishing a complete software application inventory: is regularly updated with quality controls to ensure reliability. We determined that VA partially met this practice because, while officials stated that their repository of systems was viewed as complete, the information within the repository was still maturing and work was being done to automate data capture and integration of the inventory with other sources. The department has since taken action to address the practice. Specifically, in February 2018, VA officials provided documentation showing that the department integrated its inventory with multiple repositories of IT system and application information and relied on this integration to more completely and accurately update and maintain the inventory. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Veterans Affairs

  14. Status: Open

    Comments: We reported that the Department of State partially met the following software application inventory practices: (1) specifies basic application attributes; and (2) is regularly updated with quality controls to ensure reliability. Specifically, we reported that while the inventory included basic application attributes (e.g. name, description), it did not include the business function for the majority of inventory entries. Further, we reported that the agency did not provide evidence that quality control processes were in place to ensure the reliability of the data in the inventory. In July 2017, department officials stated that the department recently began a department-wide data call to obtain information on all IT assets and applications from each bureau, including aligning the assets and applications to a business function. Further, officials stated that they plan to analyze the results against their current data to ensure the accuracy and reliability of the IT asset inventory. Officials stated that they expect to complete this effort in early 2018. We plan to continue to monitor the department's efforts.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of State

  15. Status: Open

    Comments: In April 2017, we followed up with the Environmental Protection Agency to obtain a status of actions to address our recommendation. As of November 2017, we were still waiting for a response from the agency.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Environmental Protection Agency

  16. Status: Open

    Comments: We reported that the National Aeronautics and Space Administration had partially met the following two practices for establishing a complete software application inventory, (1) includes these systems from all organizational components, and (2) is regularly updated with quality controls to ensure reliability. In June 2017, agency officials stated that they plan to improve the application inventory using an investment review process, which they expect to complete in 2019. Specifically, the agency intends that the process will lead to an annual review of the application inventory and an improved process for updating the inventory. According to agency officials, the process will incorporate quality control processes into the overall portfolio management and rationalization approach. We plan to continue to monitor the agency's efforts to implement the new review process.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: National Aeronautics and Space Administration

  17. Status: Open

    Comments: We reported that the National Science Foundation had partially met the following practice for establishing a complete software application inventory: is regularly updated with quality controls to ensure reliability. In February 2018, the agency provided documentation of its process to develop an inventory to meet Federal Information Security Modernization Act requirements, including steps to validate the inventory. In addition, agency officials provided an updated application inventory. However, the officials did not provide evidence showing that the inventory had been validated. the validation process. We are following up with the agency to obtain this evidence.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: National Science Foundation

  18. Status: Open

    Comments: We reported that the Small Business Administration (SBA) did not meet one software application inventory practice, and partially met three practices. Specifically, the SBA did not regularly update the application inventory with quality controls to ensure reliability, and partially met (1) includes enterprise IT and business systems, (2) includes systems from all organizational components, and (3) specifies basic application attributes. In July 2017, SBA reported that its draft Software Asset Policy was being vetted throughout the agency for concurrence. SBA officials stated that the Software Asset Policy will determine the required basic application attributes, and provide adequate controls to ensure reliability of the inventory. Although SBA officials stated they are developing the planned milestones and a roadmap to implement the policy, they did not provide a formal release timeframe. We will continue to monitor the SBA's efforts to develop a complete application inventory.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Small Business Administration

  19. Status: Open

    Comments: We reported that the Nuclear Regulatory Commission partially met the following software application inventory practice: is regularly updated with quality controls to ensure reliability. In July 2017, agency officials stated that they plan to finalize procedures to routinely update the agency's inventory in December 2017. We plan to continue to monitor the department's efforts to address our recommendation.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Nuclear Regulatory Commission

  20. Status: Open

    Comments: We reported that the Office of Personnel Management (OPM) partially met the software application inventory practice to regularly update the inventory with quality controls to ensure reliability. In November 2016, OPM officials stated that they were validating the data in the application inventory. In addition, officials stated that they were making progress in using automated scanning tools to update the inventory, including coordinating with the General Services Administration's Software Management Group which is working to standardize the use of automated inventory tools across the government. In June 2017, we followed up with OPM to obtain documentation of these reported actions; however, as of November 2017, the agency had not yet provided supporting documentation. We are continuing to follow up with OPM to obtain documentation of its reported actions.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Office of Personnel Management

  21. Status: Open

    Comments: The Department of Defense did not concur with our recommendation, noting, among other things, in its written response to our draft report, that a majority of the Enterprise Information Environment Mission Area systems are IT infrastructure, and not applications. However, we reported that the mission area nevertheless included a large number of enterprise and business IT applications which could benefit from rationalization, and we therefore believed our recommendation was still warranted. In June 2017, department officials reported that their position had not changed. In July 2018, we requested an update from the department; however, as of August 2018, we have not received a response. We will continue to monitor the department's efforts.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Defense should direct the responsible official to modify the department's existing processes to collect and review cost, technical, and business information for the enterprise and business IT systems within the Enterprise Information Environment Mission Area applications which are currently not reviewed as part of the department's process for business systems.

    Agency Affected: Department of Defense

  22. Status: Open

    Comments: In June 2017, the department reported that it had identified e-mail as a high cost function, and that it would begin modifying existing processes to collect and review cost, technical, and business information. The agency expects to complete the effort in 2017. We plan to continue to monitor the department's efforts.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Homeland Security should direct the department's CIO to identify one high-cost function it could collect detailed cost, technical, and business information for and modify existing processes to collect and review this information.

    Agency Affected: Department of Homeland Security

  23. Status: Open

    Comments: We recommended that the Department of Interior document and implement a plan for establishing policy that would define a standard analytical technique for rationalizing the investment portfolio. In June 2017, the department reported that it had developed a comprehensive strategy and approach to implement application rationalization and portfolio management practices. However, the department did not provide supporting documentation. In addition, the department reported that its Office of the Chief Information Officer (OCIO) is currently drafting an application rationalization policy and supporting guidance that will establish a standard analytical approach for rationalization bureau office portfolios in a consistent manner across the department, and that its OCIO will collaborate with bureaus and offices to develop an application rationalization analytical framework. However, the department did not provide a timeframe for completing these efforts. We plan to continue to monitor the department'?s efforts to develop a rationalization policy and standard analytical techniques.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of the Interior should direct the department's CIO to document and implement a plan for establishing policy that would define a standard analytical technique for rationalizing the investment portfolio.

    Agency Affected: Department of the Interior

  24. Status: Open

    Comments: In June 2017, department officials stated that they plan to associate applications to specific IT investments, and to use this information to identify potential cost savings and avoidance. Further, officials stated that they plan to develop a segmented approach to rationalizing the portfolio of IT investments, including systems and applications. We plan to follow up with the department to determine the expected time frame for completing these actions.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Labor should direct the department's CIO to consider a segmented approach to further rationalize and identify a function for which it would modify existing processes to collect and review application-specific cost, technical, and business value information.

    Agency Affected: Department of Labor

  25. Status: Open

    Comments: In February 2018, agency officials provided documentation showing that the agency documents cost information for all of its applications in its Federal Information Security Modernization Act system inventory. However, the agency did not provide documentation showing that it performs evaluations for all applications. We plan to continue to monitor the agency's efforts to document evaluations for all applications.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Director of the National Science Foundation should direct the CIO to consistently document evaluations for all applications and report cost information for them in the roadmap or other documentation.

    Agency Affected: National Science Foundation

 

Explore the full database of GAO's Open Recommendations »

Aug 2, 2018

Jun 13, 2018

May 24, 2018

May 23, 2018

May 22, 2018

Mar 14, 2018

Jan 30, 2018

Jan 10, 2018

Nov 21, 2017

Looking for more? Browse all our products here