What GAO Found
The Federal Information Technology Acquisition Reform Act (FITARA) was enacted in December 2014 to improve federal information technology (IT) acquisitions and can help federal agencies reduce duplication and achieve cost savings. Successful implementation of FITARA will require the Office of Management and Budget (OMB) and federal agencies to take action in a number of areas identified in the law and as previously recommended by GAO.
- IT workforce planning. GAO identified eight key IT workforce planning practices in November 2016 that are critical to ensuring that agencies have the knowledge and skills to successfully acquire IT, such as analyzing the workforce to identify gaps in competencies and staffing. However, GAO reported that the five selected federal agencies it reviewed had not fully implemented these practices. For example, none of these agencies had fully assessed their competency and staffing needs regularly or established strategies and plans to address gaps in these areas. These weaknesses were due, in part, to agencies lacking comprehensive policies that required these practices. Accordingly, GAO made specific recommendations to the five agencies to address the practices that were not fully implemented. Four agencies agreed and one partially agreed with GAO's recommendations.
- IT Dashboard. To facilitate transparency into the government's acquisition of IT, OMB's IT Dashboard provides detailed information on major investments at federal agencies, including ratings from Chief Information Officers (CIO) that should reflect the level of risk facing an investment. GAO reported in June 2016 that 13 of the 15 agencies selected for in-depth review had not fully considered risks when rating their investments on the IT Dashboard. In particular, of the 95 investments reviewed, GAO's assessments of risks matched the CIO ratings 22 times, showed more risk 60 times, and showed less risk 13 times. Several factors contributed to these differences, such as CIO ratings not being updated frequently and using outdated risk data. GAO recommended that agencies improve the quality and frequency of their ratings. Most agencies agreed with GAO's recommendations.
Incremental development. An additional reform initiated by OMB has emphasized the need for federal agencies to deliver investments in smaller parts, or increments, in order to reduce risk and deliver capabilities more quickly. Specifically, since 2012, OMB has required investments to deliver functionality every 6 months. In August 2016, GAO determined that, for fiscal year 2016, 22 agencies had reported on the IT Dashboard that 64 percent of their software development projects would deliver useable functionality every 6 months. However, GAO determined that only three of seven agencies selected for in-depth review had policies regarding the CIO certifying IT investments' adequate implementation of incremental development, as required by OMB. GAO recommended, among other things, that four agencies improve their policies for CIO certification of incremental development. Most of these agencies agreed with the recommendations.
Why GAO Did This Study
The federal government is projected to invest more than $89 billion on IT in fiscal year 2017. Historically, these investments have frequently failed, incurred cost overruns and schedule slippages, or contributed little to mission-related outcomes. Accordingly, in December 2014, IT reform legislation was enacted, aimed at improving agencies' acquisitions of IT. Further, in February 2015, GAO added improving the management of IT acquisitions and operations to its high-risk list.
This statement focuses on the status of federal efforts in improving the acquisition of IT. Specifically, this statement summarizes GAO's prior work primarily published between June 2013 and February 2017 on (1) key IT workforce planning activities, (2) risk levels of major investments as reported on OMB's IT Dashboard, and (3) implementation of incremental development practices, among other issues.
Between fiscal years 2010 and 2015, GAO made 803 recommendations to OMB and federal agencies to address shortcomings in IT acquisitions and operations. The significance of these recommendations contributed to the addition of this area to GAO's high-risk list. As of December 2016, OMB and the agencies had fully implemented 366 (or about 46 percent) of the 803 recommendations. In fiscal year 2016, GAO made 202 new recommendations, thus further reinforcing the need for OMB and agencies to address the shortcomings GAO has identified.