Information Technology:

Agencies Need to Improve Their Application Inventories to Achieve Additional Savings

GAO-16-511: Published: Sep 29, 2016. Publicly Released: Sep 29, 2016.

Additional Materials:

Contact:

David Powner
(202) 512-9286
pownerd@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

Most of the 24 Chief Financial Officers (CFO) Act of 1990 agencies in the review fully met at least three of the four practices GAO identified to determine if agencies had complete software application inventories. To be considered complete, an inventory should (1) include business and enterprise information technology (IT) systems as defined by the Office of Management and Budget (OMB); (2) include these systems from all organizational components; (3) specify application name, description, owner, and function supported; and (4) be regularly updated. Of the 24 agencies, 4 (the Departments of Defense, Homeland Security, and Justice, and the General Services Administration) fully met all four practices, 9 fully met three practices, 6 fully met two practices, 2 fully met one practice, and 3 did not fully meet any practice (see figure).

Assessment of Whether Agencies Fully Met Practices for Establishing Complete Software Application Inventories

Assessment of Whether Agencies Fully Met Practices for Establishing Complete Software Application Inventories

A January 2016 OMB requirement to complete an IT asset inventory by the end of May 2016 contributed to most of the agencies fully meeting the first three practices. Agencies that did not fully address these practices stated, among other things, their focus on major and high risk investments as a reason for not having complete inventories. However, not accounting for all applications may result in missed opportunities to identify savings and efficiencies. It is also inconsistent with OMB guidance regarding implementation of IT acquisition reform law, referred to as the Federal Information Technology Acquisition Reform Act, which requires that Chief Information Officers at covered agencies have increased visibility into all IT resources. Not accounting for all applications also presents a security risk since agencies can only secure assets if they are aware of them.

Each of the six selected agencies relied on their investment management processes and, in some cases, supplemental processes to rationalize their applications to varying degrees. However, five of the six agencies acknowledged that their processes did not always allow for collecting or reviewing the information needed to effectively rationalize all their applications. The sixth agency, the National Science Foundation (NSF), stated its processes allow it to effectively rationalize its applications, but agency documentation supporting this assertion was incomplete. Only one agency—the National Aeronautics and Space Administration (NASA)—had plans to address shortcomings. Taking action to address identified weaknesses with agencies' existing processes for rationalizing applications would assist with identifying additional opportunities to reduce duplication and achieve savings.

Why GAO Did This Study

The federal government is expected to spend more than $90 billion on IT in fiscal year 2017. This includes a variety of software applications supporting agencies' enterprise needs. Since 2013, OMB has advocated the use of application rationalization. This is a process by which an agency streamlines its portfolio of software applications with the goal of improving efficiency, reducing complexity and redundancy, and lowering the cost of ownership.

GAO's objectives were to determine (1) whether agencies have established complete application inventories and (2) to what extent selected agencies have developed and implemented processes for rationalizing their portfolio of applications. To do this, GAO assessed the inventories of the 24 CFO Act agencies against four key practices and selected six agencies—the Departments of Defense, Homeland Security, the Interior, Labor, and NASA and NSF—due to their IT spending, among other factors, to determine whether they had processes addressing applications.

What GAO Recommends

GAO is recommending that 20 agencies improve their inventories and five of the selected agencies take actions to improve their processes to rationalize their applications more completely. The Department of Defense disagreed with both recommendations made to it. After reviewing additional evidence, GAO removed the recommendation associated with improving the inventory but maintained the other. The other agencies agreed to or had no comments on the draft report.

For more information, contact David Powner at (202) 512-9286 or pownerd@gao.gov.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: We reported that the U.S. Agency for International Development (USAID) had partially met the following two practices for establishing a complete software application inventory, (1) includes systems from all organizational components, and (2) is regularly updated with quality controls to ensure reliability. In March 2018, the agency provided its updated application inventory, which includes enterprise IT and business systems from all organizational components, and basic application attributes for each system, including the system's name, description, and owner. USAID also provided documentation showing how it maps the applications to business domains, business capabilities, and business services. In addition, USAID officials provided documentation showing that the agency regularly updates the inventory, and documentation of controls to ensure the reliability of the data. As a result of these actions, the agency is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: United States Agency for International Development

  2. Status: Closed - Implemented

    Comments: We reported that the Department of Agriculture (USDA) partially met the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, we reported that the agency planned to complete a crosswalk of the data in the IT Asset Inventory, Cyber Security Administration and Management system, and Capital Planning and Investment Control inventories. Further, we reported that the department had not regularly reconciled and verified the data in its Enterprise Architecture Repository, which maintains the IT Asset Inventory, against data in the Cyber Security and Administration system to ensure the accuracy of the data. In response to our recommendation, in September 2016, the department completed a crosswalk of the IT asset information in the Enterprise Architecture Repository, Cyber Security Administration and Management system, and Capital Planning and Investment Control system, which resulted in the identification of opportunities to better synchronize the IT Asset Inventory data contained in the department's systems. In addition, in March 2017, the agency's Enterprise Architecture Division completed a quality review of the agency's application inventory. Specifically, the division reviewed and normalized IT asset information held in multiple systems, including the Enterprise Architecture Repository, Cyber Security Administration and Management system, and the Capital Planning and Investment Control system. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Agriculture

  3. Status: Open

    Comments: We reported that the Department of Education partially met the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, we reported that the department had not yet established a policy for updating its inventory. In May 2017, the department issued an updated Lifecycle Management Framework directive, which requires system program managers to update the IT asset management information, including for software applications, in the department's Cyber Security Assessment and Management (CSAM) tool. In addition, in June 2017, the department updated its System Inventory Methodology and Guidance Document to ensure that the inventories within CSAM accurately reflect the system's software and operating system, and that all software utilized on the system is appropriately licensed and approved for use by the department's Enterprise Architecture Review Board. In March 2018, the department reported that it is adhering to the updated software application inventory policies and processes detailed within the current Lifecycle Management Framework. However, the department did not provide documentation showing that it is implementing the policies. We will follow up with the department to determine whether it is using its updated policies to regularly update the inventory with quality controls to ensure reliability.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Education

  4. Status: Open

    Comments: We reported that the Department of Commerce did not meet the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, the department did not provide evidence of a process to regularly update its inventory or quality controls to ensure the reliability of the data collected. In October 2017, the department reported that application inventory information will be captured through the Department of Commerce Capital Planning and Investment Control (CPIC) system, as part of its regular updating of investment information. Further, the department stated that it will update its CPIC handbook to provide guidance on quality control to ensure reliability of the data collected. In November 2018 we followed-up with Commerce on the status of their efforts; however, as of January 2019, we had not received an update. We plan to continue to follow up with Commerce to monitor the status of these planned actions.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Commerce

  5. Status: Open

    Comments: We reported that the Department of Energy partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In May 2017, the department reported that it plans to implement automated monitoring and inventory tools by the end of fiscal year 2020, which it expects will address the key practices. We plan to monitor the department's efforts to implement the tools.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Energy

  6. Status: Open

    Comments: We reported that the Department of Housing and Urban Development partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In June 2017, the department reported that it is working to identify applications in field offices, and planned for this effort to be completed in fiscal year 2018. In addition, the department stated it planned to update the inventory to include business functions for each system by the end of fiscal year 2017. Further, department officials stated that to ensure the accuracy and reliability of the application inventory, the department planned to conduct quarterly portfolio reviews starting in fiscal year 2018. In October 2018, HUD officials reported that CTO performed a technical assessment of HUD's IT assets, which resulted in identifying systems in the inventory that had been decommissioned and will be decommissioned. In addition, the department provided its strategy for performing the assessment. However, as of January 2019, HUD had not yet provided an updated inventory or the results of quality reviews it reported that it had completed in fiscal year 2018. We plan to continue to monitor the department's efforts to address the recommendation.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Housing and Urban Development

  7. Status: Open

    Comments: We reported that the Department of Health and Human Services (HHS) partially met the following software application inventory practice: is regularly updated with quality controls to ensure reliability. Specifically, we reported that while HHS provided its policies and guidelines establishing requirements for systems to be entered into the inventory, it did not provide any evidence showing that it has implemented them. In addition, we reported that HHS did not provide any evidence that it has implemented quality control processes to ensure the reliability of the data in the inventory. In December 2018, HHS officials stated that they have developed a policy on how they govern the annual IT system inventory. In addition, HHS officials stated that the Enterprise Architecture Review Board performs reviews to ensure reliability. However, as of January 2019, we have not received supporting documentation. We will follow-up with the department to obtain documentation of its efforts to update its inventory with quality controls.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Health and Human Services

  8. Status: Open

    Comments: We reported that the Social Security Administration (SSA) partially met the following two software application inventory practices, (1) includes systems from all organization components, and (2) regularly updates the inventory with quality controls to ensure reliability. In March 2017, SSA officials reported that the agency's Office of Systems and Office of Operations continue to collaborate on integrating application information into the Enterprise Application Inventory. The officials reported that regionally developed applications that have been granted authority to operate have been imported into the enterprise application inventory. In addition, the officials stated that the Office of Operations is in the process of redesigning their repository to accommodate requirements to support the Enterprise Application Inventory, including the ability to update and maintain application information in the enterprise repository. Lastly, SSA officials reported that its Office of Information Security and Office of Systems continue to work to identify additional headquarters applications and develop process and automation to include applications in the inventory. In December 2018, the SSA officials reported that they continue to make progress in implementing the efforts to address the recommendation. We will continue to monitor SSA's efforts to develop a complete application inventory.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Social Security Administration

  9. Status: Open

    Comments: We reported that the Department of Interior did not meet the software application inventory practice of regularly updating the inventory with quality controls to ensure reliability, and partially met the practice of including systems from all organization components. In June 2017, the department reported that it plans to review the application inventory for quality and completeness as a part of its annual update. Further, the department reported that it included applications and systems related to infrastructure investments in the IT portfolio as part of the fiscal year 2017 annual update to the department's application inventory. However, the department did not provide supporting documentation. In December 2018, we received additional documentation from the department. As of January 2019, we are reviewing it to determine if the department has addressed the recommendation.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of the Interior

  10. Status: Open

    Comments: We reported that the Department of Transportation partially met all four practices to establish a complete inventory. Specifically, we reported that, while the department's inventory for the common operating environment includes all business and enterprise IT systems and its inventory of applications includes business systems, the inventory of applications does not include all enterprise IT systems. Furthermore, both of its inventories do not include applications used by all of its components. In addition, it did not have processes in place to ensure the reliability and accuracy of the reported information. In March 2018, the department provided evidence showing that it updates its inventory regularly, to include a quality control process. However, the department did not provide the full updated application inventory; therefore, we are not able to determine whether it addresses all the key practices. We will continue to monitor the department's efforts.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Transportation

  11. Status: Open

    Comments: We reported that the Department of Labor did not meet one software application inventory practice, and partially met three practices. Specifically, we reported that the department did not meet the practice to ensure that the inventory is regularly updated with quality controls to ensure reliability, and partially met the practices to (1) include business and enterprise IT systems, (2) include systems from all organizational components, and (3) specify basic application attributes. In March 2018, department officials provided an updated inventory, which included business and enterprise IT systems from all organizational components, and specified basic attributes, including the name, owner, and business function. In addition, officials stated that they plan to update the inventory on a periodic basis as necessary, at minimum annually, as part of the department's IT budgeting process. Further, officials stated that the department implemented an initiative in fiscal year 2016 to improve the quality of data their agencies are reporting on their IT systems as part of the department's IT Capital Planning and Investment Control process. In addition, in May 2018, officials reported that the department performs biannual reviews of all IT investments and associated systems and applications to verify reported data. The officials also reported that the department uses quality control processes and procedures to ensure consistent, standard, and complete reporting to align with all investment artifacts. However, the department did not provide evidence of these data quality efforts. Further, the department officials reported that they plan to implement a solution to fully automate an inventory of IT assets, and they expect to complete the effort by the second quarter of fiscal year 2019. We will continue to monitor the department's efforts.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Labor

  12. Status: Open

    Comments: We reported that the Department of the Treasury had partially met the following two practices for establishing a complete software application inventory, (1) specifies basic application attributes, and (2) is regularly updated with quality controls to ensure reliability. In September 2017, the department provided evidence showing that it had taken steps to address these practices. Specifically, the department provided an export of its inventory, which showed that most of the systems listed contained a system description. According to department officials, some systems do not have a system description because the department's inventory policy allows bureaus to attach documents to the inventory, which include the system description, instead of populating the system description field. Further, the policy does not require a system description for systems in the disposal state. Moreover, the inventory did not include the business segment or function that the system supports. According to Treasury officials, the Bureau and Functional Unit fields within the inventory allow the department to map the systems to the business segments that they support. However, as of January 2019, the department had not provided documentation showing this mapping. We are following up with the Treasury to obtain supporting documentation, including its inventory policy. Further, we will continue to monitor its efforts to ensure that the inventory is regularly updated with quality controls to ensure its reliability.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of the Treasury

  13. Status: Closed - Implemented

    Comments: We reported that the Department of Veterans Affairs (VA) had partially met the following practice for establishing a complete software application inventory: is regularly updated with quality controls to ensure reliability. We determined that VA partially met this practice because, while officials stated that their repository of systems was viewed as complete, the information within the repository was still maturing and work was being done to automate data capture and integration of the inventory with other sources. The department has since taken action to address the practice. Specifically, in February 2018, VA officials provided documentation showing that the department integrated its inventory with multiple repositories of IT system and application information and relied on this integration to more completely and accurately update and maintain the inventory. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of Veterans Affairs

  14. Status: Open

    Comments: We reported that the Department of State partially met the following software application inventory practices: (1) specifies basic application attributes; and (2) is regularly updated with quality controls to ensure reliability. Specifically, we reported that while the inventory included basic application attributes (e.g. name, description), it did not include the business function for the majority of inventory entries. Further, we reported that the agency did not provide evidence that quality control processes were in place to ensure the reliability of the data in the inventory. In July 2017, department officials stated that the department recently began a department-wide data call to obtain information on all IT assets and applications from each bureau, including aligning the assets and applications to a business function. Further, officials stated that they plan to analyze the results against their current data to ensure the accuracy and reliability of the IT asset inventory. Officials stated that they expect to complete this effort in early 2018. As of January 2019, the department has not provided documentation showing that it has addressed the key practices. We plan to continue to monitor the department's efforts to address the recommendation.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Department of State

  15. Status: Open

    Comments: We reported that the Environmental Protection Agency had fully met three of the four practices to establish a complete application inventory, and partially met one. Specifically, the agency partially met the practice for including application attributes in the inventory, as although EPA did not identify the business function for every application. In March 2018, Environmental Protection Agency officials stated that while they have made progress in addressing the key practice, their efforts are not yet completed. We will continue to monitor the agency's efforts.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Environmental Protection Agency

  16. Status: Open

    Comments: We reported that the National Aeronautics and Space Administration had partially met the following two practices for establishing a complete software application inventory, (1) includes these systems from all organizational components, and (2) is regularly updated with quality controls to ensure reliability. In December 2018, agency officials stated that the NASA Applications Program has implemented Application Portfolio Management Boards for seven of the eight subportfolio areas, which is intended to ensure that the inventory includes information for all applications from all agency components. The officials reported that the boards have reviewed, or are in the process of reviewing, the applications within their portfolios, to ensure completeness of the listings and the key information. In addition, the officials reported that various inventory tools were consolidated into one agency tool--the Agency Application Rationalization Tool--in September 2018. The officials further stated that, to ensure the reliability of the inventory, the agency's Applications Program conducts weekly teleconferences with a cross-agency team. Finally, agency officials stated that they use automated and manual checks to check data quality. However, the agency did not provide documentation of its updated inventory or of the quality control processes used. We plan to follow-up with the agency to obtain this documentation.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: National Aeronautics and Space Administration

  17. Status: Closed - Implemented

    Comments: We reported that the National Science Foundation had partially met the following practice for establishing a complete software application inventory: is regularly updated with quality controls to ensure reliability. In March 2018, NSF provided documentation that it has implemented its annual inventory validation review process as part of its efforts to regularly update the agency's FISMA inventory.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: National Science Foundation

  18. Status: Open

    Comments: We reported that the Small Business Administration (SBA) did not meet one software application inventory practice, and partially met three practices. Specifically, the SBA did not regularly update the application inventory with quality controls to ensure reliability, and partially met (1) includes enterprise IT and business systems, (2) includes systems from all organizational components, and (3) specifies basic application attributes. In July 2017, SBA reported that its draft Software Asset Policy was being vetted throughout the agency for concurrence. SBA officials stated that the Software Asset Policy will determine the required basic application attributes, and provide adequate controls to ensure reliability of the inventory. Although SBA officials stated they are developing the planned milestones and a roadmap to implement the policy, they did not provide a formal release timeframe. November 2018 we followed-up with SBA regarding the status of their efforts; however, as of January 2019, we had not received an update. We will continue to monitor the SBA's efforts to develop a complete application inventory.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Small Business Administration

  19. Status: Open

    Comments: We reported that the Nuclear Regulatory Commission partially met the following software application inventory practice: is regularly updated with quality controls to ensure reliability. In November 2018, agency officials stated that they plan to finalize procedures to routinely update the agency's inventory in December 2018. We plan to continue to monitor the department's efforts to address our recommendation.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Nuclear Regulatory Commission

  20. Status: Open

    Comments: We reported that the Office of Personnel Management (OPM) partially met the software application inventory practice to regularly update the inventory with quality controls to ensure reliability. In November 2016, OPM officials stated that they were validating the data in the application inventory. In addition, officials stated that they were making progress in using automated scanning tools to update the inventory, including coordinating with the General Services Administration's Software Management Group which is working to standardize the use of automated inventory tools across the government. In June 2017 and in November 2018, we followed up with OPM to obtain documentation of these reported actions; however, as of January 2019, the agency had not yet provided supporting documentation. We are continuing to follow up with OPM to obtain documentation of its reported actions.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency Affected: Office of Personnel Management

  21. Status: Open

    Comments: The Department of Defense did not concur with our recommendation, noting, among other things, in its written response to our draft report, that a majority of the Enterprise Information Environment Mission Area systems are IT infrastructure, and not applications. However, we reported that the mission area nevertheless included a large number of enterprise and business IT applications which could benefit from rationalization, and we therefore believed our recommendation was still warranted. In June 2017, department officials reported that their position had not changed. In July 2018, we requested an update from the department; however, as of August 2018, we have not received a response. We will continue to monitor the department's efforts.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Defense should direct the responsible official to modify the department's existing processes to collect and review cost, technical, and business information for the enterprise and business IT systems within the Enterprise Information Environment Mission Area applications which are currently not reviewed as part of the department's process for business systems.

    Agency Affected: Department of Defense

  22. Status: Open

    Comments: In April 2018, DHS officials stated that they identified FOIA systems as a high cost function, and will modify existing processes to collect and review the cost, technical, and business information. We plan to continue to monitor the department's efforts.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Homeland Security should direct the department's CIO to identify one high-cost function it could collect detailed cost, technical, and business information for and modify existing processes to collect and review this information.

    Agency Affected: Department of Homeland Security

  23. Status: Open

    Comments: We recommended that the Department of Interior document and implement a plan for establishing policy that would define a standard analytical technique for rationalizing the investment portfolio. In June 2017, the department reported that it had developed a comprehensive strategy and approach to implement application rationalization and portfolio management practices. However, the department did not provide supporting documentation. In addition, the department reported that its Office of the Chief Information Officer (OCIO) is currently drafting an application rationalization policy and supporting guidance that will establish a standard analytical approach for rationalization bureau office portfolios in a consistent manner across the department, and that its OCIO will collaborate with bureaus and offices to develop an application rationalization analytical framework. However, the department did not provide a timeframe for completing these efforts. We plan to continue to monitor the department's efforts to develop a rationalization policy and standard analytical techniques.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of the Interior should direct the department's CIO to document and implement a plan for establishing policy that would define a standard analytical technique for rationalizing the investment portfolio.

    Agency Affected: Department of the Interior

  24. Status: Open

    Comments: In February 2017, department officials stated that the department's portfolio of IT investments, which includes the systems, sub-systems, and applications in the IT Asset inventory, are rationalized bi-annually as part of the Office of the Chief Information Officer's IT Capital Planning and Investment Control (CPIC) review processes. Further, officials stated that the systems and applications are also being rationalized as part of the process for updating the IT asset inventory in 2018. Officials stated that the department plans to review and update the department's CPIC guide to describe the IT asset inventory management process including the basic quality controls before the end of fiscal year 2018. As of January 2019, the department had not provided documentation supporting these efforts. We plan to follow-up with the department to obtain documentation of its efforts to address the recommendation.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Labor should direct the department's CIO to consider a segmented approach to further rationalize and identify a function for which it would modify existing processes to collect and review application-specific cost, technical, and business value information.

    Agency Affected: Department of Labor

  25. Status: Open

    Comments: In February 2018, agency officials provided documentation showing that the agency documents cost information for all of its applications in its Federal Information Security Modernization Act system inventory. In addition, in April 2018, the agency provided documentation showing that 9 of the 13 applications included in the agency's FISMA inventory were described in NSF's Enterprise Modernization Roadmap for 2015, as it reported during the audit. However, the agency did not provide documentation showing that it performs evaluations for all applications. We plan to continue to monitor the agency's efforts to document evaluations for all applications.

    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Director of the National Science Foundation should direct the CIO to consistently document evaluations for all applications and report cost information for them in the roadmap or other documentation.

    Agency Affected: National Science Foundation

 

Explore the full database of GAO's Open Recommendations »

Jun 11, 2019

May 6, 2019

Apr 29, 2019

Apr 11, 2019

Apr 9, 2019

Dec 13, 2018

Dec 12, 2018

Dec 11, 2018

Nov 13, 2018

Sep 27, 2018

Looking for more? Browse all our products here