Information Technology Reform:

Agencies Need to Improve Certification of Incremental Development

GAO-18-148: Published: Nov 7, 2017. Publicly Released: Nov 7, 2017.

Additional Materials:

Contact:

David A. Powner
(202) 512-9286
pownerd@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

Agencies reported that 62 percent of major information technology (IT) software development investments were certified by the agency Chief Information Officer (CIO) for implementing adequate incremental development in fiscal year 2017, as required by the Federal IT Acquisition Reform Act (FITARA) as of August 2016. However, a number of responses for the remaining investments were incorrectly reported due to agency error. Officials from 21 of the 24 agencies in GAO's review reported that challenges hindered their ability to implement incremental development, which included: (1) inefficient governance processes; (2) procurement delays; and (3) organizational changes associated with transitioning from a traditional software methodology that takes years to deliver a product, to incremental development, which delivers products in shorter time frames. Nevertheless, agencies reported that the certification process was beneficial because they used the information from the process to assist with identifying investments that could more effectively use an incremental approach, and using lessons learned to improve the agencies' incremental processes.

As of August 2017, only 4 of the 24 agencies had clearly defined CIO incremental development certification policies and processes that contained: descriptions of the role of the CIO in the process; how the CIO's certification will be documented; and included definitions of incremental development and time frames for delivering functionality consistent with Office of Management and Budget (OMB) guidance (see figure).

Figure: Analysis of Agencies' Policies for Chief Information Officer Certification of the Adequate Use of Incremental Development in Information Technology Investments

Figure: Analysis of Agencies' Policies for Chief Information Officer Certification of the Adequate Use of Incremental Development in Information Technology Investments

In addition, OMB's fiscal year 2018 capital planning guidance did not establish how agency CIOs are to make explicit statements to demonstrate compliance with FITARA's incremental provisions, while the 2017 guidance did. However, OMB's fiscal year 2019 guidance provides clear direction on reporting incremental certification and is a positive step in addressing this issue.

Why GAO Did This Study

Investments in federal IT too often result in failed projects that incur cost overruns and schedule slippages. Recognizing the severity of issues related to government-wide IT management, Congress enacted federal IT acquisition reform legislation in December 2014. Among other things, the law states that OMB require in its annual IT capital planning guidance that CIOs certify that IT investments are adequately implementing incremental development.

GAO was asked to review agencies' use of incremental development. This report addresses the number of investments certified by agency CIOs as implementing adequate incremental development and any reported challenges, and whether agencies' CIO certification policies and processes were in accordance with FITARA. GAO analyzed data for major IT investments in development, as reported by 24 agencies, and identified their reported challenges and use of certification information. GAO also reviewed the 24 agencies' policies and processes for the CIO certification of incremental development and interviewed OMB staff.

What GAO Recommends

GAO is making 19 recommendations to 17 agencies, including 3 to improve reporting accuracy and 16 to update or establish certification policies. Eleven agencies agreed with GAO's recommendations, 1 partially agreed, and 5 did not state whether they agreed or disagreed. OMB disagreed with several of GAO's conclusions, which GAO continues to believe are valid, as discussed in the report.

For more information, contact David A. Powner at (202) 512-9286 or pownerd@gao.gov.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: The Department of Energy (Energy) concurred with, and has taken steps to address, our recommendation. In July 2018, a review of the IT Dashboard found that the department had updated its major IT investment information related to incremental development in accordance with OMB guidance. Current IT projects on the IT Dashboard now include whether the project is a software development project and provide information on the status of the project's delivery of incremental functionality. By implementing our recommendation, Energy has helped to ensure that OMB and other key stakeholders have the most accurate and current information about the department's investments in order to make decisions and also helped to ensure the department's efforts to improve the use of incremental development are successful.

    Recommendation: The Secretary of Energy should ensure that the CIO of Energy reports major IT investment information related to incremental development accurately in accordance with OMB guidance. (Recommendation 1)

    Agency Affected: Department of Energy

  2. Status: Open

    Comments: The U.S. Department of Agriculture (USDA) has not yet taken any actions to implement our recommendation. We will continue to monitor USDA's progress in implementing this recommendation.

    Recommendation: The Secretary of Agriculture should ensure that the CIO of U.S. Department of Agriculture (USDA) reports major IT investment information related to incremental development accurately in accordance with OMB guidance. (Recommendation 2)

    Agency Affected: Department of Agriculture

  3. Status: Closed - Implemented

    Comments: The Social Security Administration (SSA) concurred with and has taken steps to address, our recommendation. Specifically, in May 2018, SSA updated its guidance, Systematic, Disciplined IT Capital Planning Process at Social Security Administration, to include a description of the agency's process for reviewing project information on a quarterly basis in order to confirm the use of incremental development prior to reporting this information to OMB. In addition, a review of SSA's incremental project data on the IT Dashboard in July 2018 found that the agency had updated this information to include whether the project is a software development project and provide information on the status of the project's delivery of incremental functionality. By implementing our recommendation, SSA has helped to ensure that OMB and other key stakeholders have the most accurate and current information about the agency's investments in order to make decisions and also helped to ensure the agency's efforts to improve the use of incremental development are successful.

    Recommendation: The Commissioner of the Social Security Administration (SSA) should ensure that the CIO of SSA reports major IT investment information related to incremental development accurately in accordance with OMB guidance. (Recommendation 3)

    Agency Affected: Social Security Administration

  4. Status: Open

    Comments: In comments on our report, the Department of Housing and Urban Development (HUD) concurred with our recommendation and stated that it planned to develop more definitive timelines on how to address our recommendation. We will follow up with HUD to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been established during fiscal year 2018.

    Recommendation: The Secretary of Housing and Urban Development (HUD) should ensure that the CIO of HUD establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 4)

    Agency Affected: Department of Housing and Urban Development

  5. Status: Closed - Implemented

    Comments: The Department of the Interior (Interior) concurred with, and has taken steps to address, our recommendation. Specifically, in January 2018, Interior updated its guidance, Fiscal Year 2018 Information Technology Capital Planning & Investment Control Annual Requirements, which includes a description of CIO's role in the certification process and how CIO certification will be documented, and a definition of incremental development, consistent with OMB guidance. By updating its policy for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, Interior will be able to help ensure that the department is adequately implementing and benefiting from incremental development practices.

    Recommendation: The Secretary of the Interior should ensure that the CIO of Interior updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development, consistent with OMB guidance. (Recommendation 5)

    Agency Affected: Department of the Interior

  6. Status: Open

    Comments: In comments on our report, the Department of Justice (Justice) concurred with our recommendation and stated that it planned to amend existing policy to implement this recommendation. We will follow up with Justice to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been updated during fiscal year 2018.

    Recommendation: The Attorney General of the United States should ensure that the CIO of Justice establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 6)

    Agency Affected: Department of Justice

  7. Status: Open

    Comments: The Department of Labor (Labor) has not yet taken any actions to implement our recommendation. We will continue to monitor Labor's progress in implementing this recommendation.

    Recommendation: The Secretary of Labor should ensure that the CIO of Labor updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 7)

    Agency Affected: Department of Labor

  8. Status: Closed - Implemented

    Comments: The Department of State (State) has taken steps to address our recommendation. Specifically, in November 2017, State updated its guidance, 5 Foreign Affairs Manual 690 Incremental Development Policy, to include a description of the CIO's role in the certification process and a definition of incremental development and timeframes for delivering functionality, consistent with OMB guidance. In addition, State updated its guidance, 5 Foreign Affairs Manual 914 Responsibilities to include a description of how CIO certification will be documented. By updating its policy for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, State will be able to help ensure that the department is adequately implementing and benefiting from incremental development practices.

    Recommendation: The Secretary of State should ensure that the CIO of State updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 8)

    Agency Affected: Department of State

  9. Status: Open

    Comments: The U.S. Department of Agriculture (USDA) has not yet taken any actions to implement our recommendation. We will continue to monitor USDA's progress in implementing this recommendation.

    Recommendation: The Secretary of Agriculture should ensure that the CIO of USDA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 9)

    Agency Affected: Department of Agriculture

  10. Status: Open

    Comments: In comments on our report, the Department of Veterans Affairs (VA) partially concurred with our recommendation and stated that it would draft a policy to address our recommendation. We will follow up with VA to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been developed during fiscal year 2018.

    Recommendation: The Secretary of Veterans Affairs (VA) should ensure that the CIO of VA updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 10)

    Agency Affected: Department of Veterans Affairs

  11. Status: Open

    Comments: In comments on our report, the Environmental Protection Agency (EPA) concurred with our recommendation and stated that it planned to develop a policy to implement this recommendation and other FITARA issues. We will follow up with EPA to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been developed during fiscal year 2018.

    Recommendation: The Administrator of the Environmental Protection Agency (EPA) should ensure that the CIO of EPA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 11)

    Agency Affected: Environmental Protection Agency

  12. Status: Closed - Implemented

    Comments: The General Services Administration (GSA) concurred, and has taken steps to address, our recommendation. Specifically, in June 2018, GSA updated its guidance, GSA IT Guide to Capital Planning and Investment Control, to include a description of CIO's role in the certification process and how CIO certification will be documented. By updating its policy for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, GSA will be able to help ensure that the agency is adequately implementing and benefiting from incremental development practices.

    Recommendation: The Administrator of the General Services Administration (GSA) should ensure that the CIO of GSA updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 12)

    Agency Affected: General Services Administration

  13. Status: Open

    Comments: The National Aeronautics and Space Administration (NASA) concurred with our recommendation and reported that the agency was in the process of addressing it. Specifically, NASA officials reported in July 2018 that its guidance is currently being updated to include the information noted in our recommendation and will be finalized in December 2018. We will continue to monitor NASA's progress on these efforts.

    Recommendation: The Administrator of the National Aeronautics and Space Administration (NASA) should ensure that the CIO of NASA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 13)

    Agency Affected: National Aeronautics and Space Administration

  14. Status: Open

    Comments: The National Science Foundation (NSF) has not yet taken any actions to implement our recommendation. We will continue to monitor NSF's progress in implementing this recommendation.

    Recommendation: The Director of the National Science Foundation (NSF) should ensure that the CIO of NSF updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 14)

    Agency Affected: National Science Foundation

  15. Status: Closed - Implemented

    Comments: The U.S. Nuclear Regulatory Commission (NRC) has taken steps to address our recommendation. Specifically, in December 2017, NRC updated its guidance, Capital Planning and Investment Control Policy and Overview, to include a description of the CIO's role in the certification process and how CIO certification will be documented. By updating its policy for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, NRC will be able to help ensure that the agency is adequately implementing and benefiting from incremental development practices.

    Recommendation: The Chairman of the Nuclear Regulatory Commission (NRC) should ensure that the CIO of NRC establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 15)

    Agency Affected: Nuclear Regulatory Commission

  16. Status: Open

    Comments: In comments on our report, the Office of Personnel Management (OPM) concurred with our recommendation and stated that it would update its policies and processes to include the elements we recommended. We will follow up with OPM to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been updated during fiscal year 2018.

    Recommendation: The Director of the Office of Personnel Management (OPM) should ensure that the CIO of OPM updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 16)

    Agency Affected: Office of Personnel Management

  17. Status: Open

    Comments: The Small Business Administration (SBA) has not yet taken any actions to implement our recommendation. We will continue to monitor SBA's progress in implementing this recommendation.

    Recommendation: The Administrator of the Small Business Administration (SBA) should ensure that the CIO of SBA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 17)

    Agency Affected: Small Business Administration

  18. Status: Closed - Implemented

    Comments: The Social Security Administration (SSA) concurred with and has taken steps to address, our recommendation. Specifically, in May 2018, SSA updated its guidance, Systematic, Disciplined IT Capital Planning Process at Social Security Administration, to include a description of the CIO's role in the certification process and how CIO certification will be documented. By updating its policy for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, SSA will be able to help ensure that the agency is adequately implementing and benefiting from incremental development practices.

    Recommendation: The Commissioner of the Social Security Administration should ensure that the CIO of SSA updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 18)

    Agency Affected: Social Security Administration

  19. Status: Open

    Comments: In comments on our report, the U.S. Agency for International Development (USAID) reported that it is in the process of establishing an agency-wide policy and process for the CIO's certification of adequate incremental development. It estimates that this policy will be implemented by August 31, 2018. We will continue to monitor USAID's progress in this effort.

    Recommendation: The Administrator of the U.S. Agency for International Development (USAID) should ensure that the CIO of USAID establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 19)

    Agency Affected: United States Agency for International Development

 

Explore the full database of GAO's Open Recommendations »

Nov 13, 2018

Sep 27, 2018

Aug 2, 2018

Jun 13, 2018

May 24, 2018

May 23, 2018

May 22, 2018

Mar 14, 2018

Jan 30, 2018

Looking for more? Browse all our products here