Skip to Highlights
Highlights

What GAO Found

The departments GAO reviewed—the Departments of Energy (DOE), Health and Human Services (HHS), Justice (DOJ), and the Treasury (Treasury)—took steps to establish policies and procedures that align with eight selected Office of Management and Budget (OMB) requirements intended to implement information technology (IT) acquisition reform legislation (commonly referred to as the Federal Information Technology Acquisition Reform Act, or FITARA) and to provide the chief information officer (CIO) visibility into and oversight over the IT budget. For example, of the eight OMB requirements, all four departments had established policies and procedures related to the level of detail with which IT resources are to be described in order to inform the CIO during the planning and budgeting processes. Agencies varied, however, as to how fully they had established policies and procedures related to some other OMB requirements, and none of the four departments had yet established procedures for ensuring that the CIO had reviewed whether the IT portfolio includes appropriate estimates of all IT resources included in the budget request. (See table.)

Evaluation of Selected Departments' Policies and Procedures for Key Information Technology (IT) Budgeting Requirements

Selected Office of Management and Budget (OMB) requirement

DOE

HHS

DOJ

Treasury

1. Establish the level of detail with which IT resources are to be described in order to inform the Chief Information Officer (CIO) during the planning and budgeting processes.

2. Establish agency-wide policy for the level of detail with which planned expenditures for all transactions that include IT resources are to be reported to the CIO.

3. Include the CIO in the planning and budgeting stages for programs that are supported with IT resources.

4. Include the CIO as a member of governance boards that inform decisions regarding all IT resources, including component-level governance boards.

5. Document the processes by which program leadership works with the CIO to plan an overall portfolio of IT resources.

6. Ensure the CIO has reviewed and approved the major IT investments portion of the budget request.

7. Ensure the CIO has reviewed IT resources that are to support major program objectives and significant increases and decreases in IT resources.

8. Ensure the CIO has reviewed whether the IT portfolio includes appropriate estimates of all IT resources included in the budget request.

●= The department provided documentation that satisfied all of the OMB requirement. ◑= The department provided documentation that satisfied most, but not all of the OMB requirement. ○= The department could not provide documentation that satisfied any of the OMB requirement.

Departments: DOE = Department of Energy, HHS = Department of Health and Human Services, DOJ = Department of Justice, Treasury = Department of the Treasury

Source: GAO analysis of department data. | GAO-19-49

Where the departments had not fully established policies and procedures, it was due, in part, to having not addressed in their FITARA implementation and delegation plans how they intended to implement the OMB requirements. Until departments develop comprehensive policies and procedures that address IT budgeting requirements established by OMB, they risk inconsistently applying requirements that are intended to facilitate the CIO's oversight and approval of the IT budget.

Departments varied in the extent to which they could demonstrate implementation of key IT budgeting requirements when developing fiscal year 2017 funding requests for sampled investments. Specifically, while DOJ demonstrated that it had fully implemented the selected requirements for the majority of the investments GAO sampled, HHS and Treasury partially demonstrated implementation for a majority of the sampled investments, and DOE could not demonstrate implementation for the majority of the sampled investments. For example, DOE, HHS, and Treasury were not able to fully show that their CIOs had reviewed whether estimates of IT resources included in the budget request were appropriate for two of their respective departments' largest fiscal year 2017 IT investments. Departments often could not demonstrate that they had implemented selected IT budgeting requirements at the investment level because they had not established comprehensive policies and procedures that required them to do so. As a result, departments could not show that CIOs were sufficiently involved in planning fiscal year 2017 IT expenditures at the individual investment level.

All four selected departments lacked quality assurance processes for ensuring their IT budgets were informed by reliable cost information. Specifically, the selected departments did not have IT capital planning processes for (1) ensuring government labor costs have been accurately reported, (2) aligning contract costs with IT investments, and (3) utilizing budget object class data to capture all IT programs. This resulted in billions of dollars in requested IT expenditures without departments having comprehensive information to support those requests, and nearly $4.6 billion in IT contract spending that was not explicitly aligned with investments in selected departments' IT portfolios. This was due to a lack of processes for periodically reviewing data quality and estimation methods for government labor estimates, as well as a lack of mechanisms to cross-walk IT spending data in their procurement and accounting systems with investment data in their IT portfolio management systems. In August 2017, OMB developed a new approach of using a standard set of categories to group IT spending that, if properly implemented, has the potential to provide departments and CIOs enhanced visibility into IT costs across the portfolio. Nevertheless, until departments establish processes for assessing or otherwise ensuring the quality of relevant IT cost data used to inform their IT budgets, department CIOs will have less assurance that their budget includes appropriate and comprehensive estimates of IT resources.

Why GAO Did This Study

In December 2014, Congress enacted FITARA, which was intended to improve covered agencies' acquisitions of IT. FITARA also provided an opportunity to strengthen the authority of CIOs to provide needed direction and oversight of agencies' IT budgets.

GAO was asked to review whether CIOs' IT budgeting practices are consistent with FITARA and OMB's implementing guidance. This report addresses the extent to which selected federal agencies (1) established policies and procedures that address IT budgeting requirements, (2) could demonstrate that they had developed fiscal year 2017 IT budgets for sampled investments consistent with FITARA and OMB guidance, and (3) implemented processes to ensure that annual IT budgets are informed by reliable cost information.

GAO selected four departments to review. These departments had the two highest and the two lowest average initial selfassessments scores of compliance with OMB's FITARA guidance, as well as a fiscal year 2017 IT budget of at least $1 billion. Within each of the departments, GAO also selected the component agencies with the largest fiscal year 2017 IT budget. For each selected department and component agency, GAO reviewed relevant IT budget policies and procedures, analyzed a sample of major and non-major investment proposals against key OMB requirements, and determined whether selected departments captured government labor costs, among other things.

Skip to Recommendations

Recommendations

GAO is making 43 recommendations to the eight selected departments and component agencies to address gaps in their IT budgeting policies and procedures, demonstrate implementation of OMB requirements, and establish procedures to ensure IT budgets are informed by reliable cost information. HHS, the Centers for Medicare and Medicaid Services, DOJ, the Federal Bureau of Investigation, and the Internal Revenue Service agreed with our recommendations. DOE partially agreed with one recommendation and agreed with the other recommendations made to it, as well as with the recommendations made to its component agency—the National Nuclear Security Administration. Treasury neither agreed nor disagreed with the recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Energy The Secretary of Energy should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that establish department-wide policy for the level of detail of planned expenditure reporting to the CIO for all transactions that include IT resources. (Recommendation 1)
Open

Recommendation status is Open.

DOE agreed with our recommendation. The department has provided documentation regarding its IT budget procedures. However, DOE has not yet developed procedures that explicitly require that all transactions with an IT component be included in the expenditure reporting to the CIO. We will continue to monitor the department's progress in implementing our recommendation.
Department of Energy The Secretary of Energy should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that include the CIO in the planning and budgeting stages for all programs that are fully or partially supported with IT resources. (Recommendation 2)
Open

Recommendation status is Open.

DOE agreed with our recommendation. The department has provided documentation regarding its IT budget procedures. However, DOE has not yet documented procedures for ensuring the CIO is included in budget decisions for all programs with IT resources, including those within NNSA and the national laboratories. We will continue to monitor the agency's progress in implementing our recommendation.
Department of Energy The Secretary of Energy should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that include the CIO as a member of governance boards that inform decisions regarding all IT resources, including component-level boards. (Recommendation 3)
Open

Recommendation status is Open.

DOE agreed with our recommendation. The department has provided charters that included the CIO as a member of department-level governance boards that inform IT decisions. However, DOE has not provided charters that include the CIO as a member of component-level IT governance boards. We will continue to monitor the department's progress in implementing our recommendation.
Department of Energy The Secretary of Energy should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that document the processes by which program leadership works with the CIO to plan an overall portfolio of IT resources. (Recommendation 4)
Open

Recommendation status is Open.

DOE agreed with our recommendation. The department has provided IT governance board and budget procedures. However, DOE has not documented procedures by which the CIO is to work with program leadership in planning IT resources for all programs, including those within NNSA and the national laboratories. We will continue to monitor the department's progress in implementing our recommendation.
Department of Energy The Secretary of Energy should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that document the process for the CIO's review and approval of the major IT investments portion of the budget request. (Recommendation 5)
Open

Recommendation status is Open.

The department has provided IT budget procedures. However, DOE has not documented procedures by which the CIO is to review and approve all major IT investments, including those within NNSA and the national laboratories. We will continue to monitor the department's progress in implementing our recommendation.
Department of Energy The Secretary of Energy should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that document the CIO's role in reviewing IT resources that are to support major program objectives and significant increases and decreases in IT resources. (Recommendation 6)
Open

Recommendation status is Open.

DOE agreed with our recommendation. The department has provided IT budget procedures. However, DOE has not documented procedures for the CIO's review of IT resources that are to support major program objectives and significant increases and decreases in IT resources for department and component agency budget requests. We will continue to monitor the department's progress in implementing our recommendation.
Department of Energy The Secretary of Energy should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that document the steps the CIO is to take to ensure whether the IT portfolio includes appropriate estimates of all IT resources included in the budget request. (Recommendation 7)
Open

Recommendation status is Open.

DOE agreed with our recommendation. The department has provided IT budget procedures. However, DOE has not developed procedures for documenting steps the CIO is to take to ensure that the IT portfolio includes appropriate estimates of all IT resources. We will continue to monitor the department's progress in implementing our recommendation.
Department of Energy The Secretary of Energy should direct the Office of the CIO and other offices, as appropriate, to take steps to ensure that the actions taken to comply with OMB's common baseline for implementing FITARA on individual investments are adequately documented. (Recommendation 8)
Open

Recommendation status is Open.

DOE agreed with our recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Energy The Secretary of Energy should ensure that the Office of the CIO and other offices, as appropriate, establish quality assurance processes--such as data quality checks, reviews of estimation methods, linkages between the IT portfolio and procurement system data, and linkages between the IT portfolio and financial system data--for ensuring the annual IT budget is informed by complete and reliable information on anticipated government labor, contract, and other relevant IT expenditures. (Recommendation 9)
Open

Recommendation status is Open.

DOE agreed with our recommendation and is planning to take steps towards implementing it. Specifically, DOE plans to implement the Technology Business Management Framework by December 2021. Additionally, the department is coordinating internally to update its financial and procurement systems to better identify IT spending. DOE anticipates that its updates will allow the agency to compare actual IT spending against estimates in the portfolio. We will continue to monitor the department's progress in implementing our recommendation.
National Nuclear Security Administration The Administrator of NNSA should ensure that the Office of the CIO and other offices, as appropriate, develop and implement policies and procedures that establish agency-wide policy for the level of detail with which planned expenditures for all transactions that include IT resources are to be reported to the CIO. (Recommendation 10)
Open

Recommendation status is Open.

NNSA agreed with this recommendation and plans to develop relevant policies and procedures by June 2020. We will continue to monitor the agency's progress towards implementing our recommendation.
National Nuclear Security Administration The Administrator of NNSA should ensure that the Office of the CIO and other offices, as appropriate, develop and implement policies and procedures that include the CIO in the planning and budgeting stages for all programs that are fully or partially supported with IT resources. (Recommendation 11)
Open

Recommendation status is Open.

NNSA agreed with this recommendation and plans to develop relevant policies and procedures by June 2020. We will continue to monitor the agency's progress towards implementing our recommendation.
National Nuclear Security Administration The Administrator of NNSA should ensure that the Office of the CIO and other offices, as appropriate, develop and implement policies and procedures that include the CIO as a member of governance boards that inform decisions regarding all IT resources. (Recommendation 12)
Open

Recommendation status is Open.

NNSA agreed with this recommendation and plans to develop relevant policies and procedures by June 2020. We will continue to monitor the agency's progress towards implementing our recommendation.
National Nuclear Security Administration The Administrator of NNSA should ensure that the Office of the CIO and other offices, as appropriate, develop and implement policies and procedures that document the process for the CIO's review and approval of the major IT investments portion of the budget request. (Recommendation 13)
Open

Recommendation status is Open.

NNSA agreed with this recommendation and plans to develop relevant policies and procedures by June 2020. We will continue to monitor the agency's progress towards implementing our recommendation.
National Nuclear Security Administration The Administrator of NNSA should ensure that the Office of the CIO and other offices, as appropriate, develop and implement policies and procedures that document the CIO's role in reviewing IT resources that are to support major program objectives and significant increases and decreases in IT resources. (Recommendation 14)
Open

Recommendation status is Open.

NNSA agreed with this recommendation and plans to develop relevant policies and procedures by June 2020. We will continue to monitor the agency's progress towards implementing our recommendation.
National Nuclear Security Administration The Administrator of NNSA should direct the Office of the CIO and other offices, as appropriate, to take steps to ensure that the actions taken to comply with OMB's common baseline for implementing FITARA on individual investments are adequately documented. (Recommendation 15)
Open

Recommendation status is Open.

NNSA agreed with this recommendation and plans to develop relevant policies and procedures by June 2020. We will continue to monitor the agency's progress towards implementing our recommendation.
Department of Health and Human Services The Secretary of Health and Human Services should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that establish department-wide policy for the level of detail of planned expenditure reporting to the CIO for all transactions that include IT resources. (Recommendation 16)
Open

Recommendation status is Open.

HHS agreed with this recommendation and is planning to take steps to implement it. Specifically, the agency intends to update its IT investment planning policy to include requirements for reporting expenditures that apply to all transactions with an IT component. We will continue to monitor the department's progress towards implementing our recommendation.
Department of Health and Human Services The Secretary of Health and Human Services should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that include the CIO in the planning and budgeting stages for all programs that are fully or partially supported with IT resources. (Recommendation 17)
Open

Recommendation status is Open.

HHS agreed with the recommendation and is planning to take steps to implement it. Specifically, the agency intends to update its IT investment planning policy to amplify the CIO's role in the planning and budgeting stages for all programs with IT resources. Also, HHS intends to document procedures for ensuring that all delegated authorities are carried out. We will continue to monitor the department's progress towards implementing our recommendation.
Department of Health and Human Services The Secretary of Health and Human Services should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that include the CIO as a member of governance boards that inform decisions regarding all IT resources, including component-level boards. (Recommendation 18)
Open

Recommendation status is Open.

HHS agreed with the recommendation. The department has provided charters that included the CIO as a member of department-level governance boards that inform IT decisions. However, HHS has not provided charters that include the CIO as a member of component-level IT governance boards. We will continue to monitor the department's progress in implementing our recommendation.
Department of Health and Human Services The Secretary of Health and Human Services should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that document the processes by which program leadership works with the CIO to plan an overall portfolio of IT resources. (Recommendation 19)
Open

Recommendation status is Open.

HHS agreed with the recommendation and is planning to take steps to implement it. For example, HHS plans to develop an asset management policy and introduce a pilot program to manage inventories across the agency. However, the department has not developed policies and procedures that incorporate the processes by which the program leadership are planning the IT portfolio with the CIO for existing investments greater than or equal to $20 million annually and for investments delegated to components. We will continue to monitor the department's progress in implementing our recommendation.
Department of Health and Human Services The Secretary of Health and Human Services should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that document the process for the CIO's review and approval of the major IT investments portion of the budget request. (Recommendation 20)
Open

Recommendation status is Open.

HHS agreed with the recommendation and is planning to take steps to implement it. Specifically, the department intends to update its IT investment planning policy to amplify the CIO's role in reviewing major investments. We will continue to monitor the department's progress in implementing our recommendation.
Department of Health and Human Services The Secretary of Health and Human Services should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that document the CIO's role in reviewing IT resources that are to support major program objectives and significant increases and decreases in IT resources. (Recommendation 21)
Open

Recommendation status is Open.

HHS agreed with this recommendation and has taken steps towards implementing it. Specifically, HHS documented procedures that require the CIO to hold annual IT investment review meetings with components to review changes in IT resources. However, HHS has not documented procedures for the CIO's role in reviewing major program objectives. We will continue to monitor the department's progress toward implementing our recommendation.
Department of Health and Human Services The Secretary of Health and Human Services should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that document the steps the CIO is to take to ensure whether the IT portfolio includes appropriate estimates of all IT resources included in the budget request. (Recommendation 22)
Open

Recommendation status is Open.

HHS agreed with the recommendation and is planning to take steps to implement it. Specifically, the department intends to assess and update its existing policies and procedures to document the steps the CIO is to take to review the IT portfolio for appropriate estimates of all IT resources. We will continue to monitor the department's progress toward implementing our recommendation.
Department of Health and Human Services The Secretary of Health and Human Services should direct the department CIO to establish, for any OMB common baseline requirements that are related to IT budgeting that have been delegated, a plan that specifies the requirement being delegated, demonstrates how the CIO intends to retain accountability for the requirement, and ensures through quality assurance processes that the delegated official will execute such responsibilities with the appropriate level of rigor. (Recommendation 23)
Open

Recommendation status is Open.

HHS agreed with the recommendation and is planning to take steps to implement it. Specifically, the department intends to develop an IT governance policy to define the accountability of the CIO over all IT projects and establish processes detailing quality reviews and the level of rigor that should be applied by its IT governance board. We will continue to monitor the department's progress towards implementing our recommendation.
Department of Health and Human Services The Secretary of Health and Human Services should direct the Office of the CIO and other offices, as appropriate, to take steps to ensure that the actions taken to comply with OMB's common baseline for implementing FITARA on individual investments are adequately documented. (Recommendation 24)
Open

Recommendation status is Open.

HHS agreed with the recommendation and is planning to take steps to implement it. Specifically, the agency intends to update its IT acquisition program policy and related processes. HHS also plans to document standard operating procedures for agency wide dissemination to ensure the effectiveness and efficiency of IT investment governance through transparent and repeatable procedures. We will continue to monitor the agency's progress in implementing our recommendation.
Department of Health and Human Services The Secretary of Health and Human Services should ensure that the Office of the CIO and other offices, as appropriate, establish quality assurance processes--such as data quality checks, reviews of estimation methods, linkages between the IT portfolio and procurement system data, and linkages between the IT portfolio and financial system data--for ensuring the annual IT budget is informed by complete and reliable information on anticipated government labor, contract, and other relevant IT expenditures. (Recommendation 25)
Open

Recommendation status is Open.

HHS agreed with the recommendation and are planning to take steps towards implementing it. Specifically, HHS established a working group and developed a roadmap for implementing the Technology Business Management Framework by fiscal year 2022. The agency anticipates that its strategy and approach will enable HHS to, among other things, link IT portfolio data, procurement system data, and financial system data. We will continue to monitor the department's progress towards implementing our recommendation.
Centers for Medicare and Medicaid Services The Administrator of CMS should ensure that the Office of the CIO and other offices, as appropriate, develop and implement policies and procedures that include the CIO in the planning and budgeting stages for all programs that are fully or partially supported with IT resources. (Recommendation 26)
Open

Recommendation status is Open.

CMS agreed with our recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Centers for Medicare and Medicaid Services The Administrator of CMS should ensure that the Office of the CIO and other offices, as appropriate, develop and implement policies and procedures that document the processes by which program leadership works with the CIO to plan an overall portfolio of IT resources. (Recommendation 27)
Open

Recommendation status is Open.

CMS agreed with our recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Centers for Medicare and Medicaid Services The Administrator of CMS should ensure that the Office of the CIO and other offices, as appropriate, develop and implement policies and procedures that document the CIO's role in reviewing IT resources that are to support major program objectives and significant increases and decreases in IT resources. (Recommendation 28)
Open

Recommendation status is Open.

CMS agreed with our recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Centers for Medicare and Medicaid Services The Administrator of CMS should direct the Office of the CIO and other offices, as appropriate, to take steps to ensure that the actions taken to comply with OMB's common baseline for implementing FITARA on individual investments are adequately documented. (Recommendation 29)
Open

Recommendation status is Open.

CMS agreed with our recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Justice The Attorney General should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that establish department-wide policy for the level of detail of planned expenditure reporting to the CIO for all transactions that include IT resources. (Recommendation 30)
Closed - Implemented

Recommendation status is Closed - Implemented.

The department developed IT budget procedures in April 2019 for reporting planned expenditures to the CIO for all transactions that include IT resources. Specifically, as part of the department's annual budgeting process, the DOJ CIO and Chief Financial Officer are to collaborate on the level of detail that program offices are required to report in their cost estimates for enhancement requests across IT spending categories. By taking these steps, DOJ is better positioned to ensure that budget requests contain complete and accurate resource estimates with the appropriate level of detail to inform the department's annual IT budget.
Department of Justice The Attorney General should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that include the CIO as a member of governance boards that inform decisions regarding all IT resources, including component-level boards. (Recommendation 31)
Open

Recommendation status is Open.

The department agreed with the recommendation and has taken steps towards implementing it. Specifically, in October 2019, the DOJ CIO issued a memorandum requiring component CIOs to establish a process for providing IT investment information to the DOJ CIO. The component CIO's process is to either include the DOJ CIO as a member of component investment review boards or provide an alternative mechanism for obtaining the DOJ CIO's input on component IT investments. We will continue to monitor the department's progress in implementing our recommendation.
Department of Justice The Attorney General should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that document the steps the CIO is to take to ensure whether the IT portfolio includes appropriate estimates of all IT resources included in the budget request. (Recommendation 32)
Closed - Implemented

Recommendation status is Closed - Implemented.

The department developed IT budget procedures in April 2019 that document the steps the CIO is to take to ensure whether the IT portfolio includes appropriate estimates of all IT resources included in the budget request. Specifically, DOJ's procedures include quality assurance steps that the CIO's budget manager is to carry out on component IT budget requests prior to the CIO's review. This includes quality assurance steps such as reviewing prior year expenditures for significant variances; identifying missing expenditures in acquisition forecasts; comparing financial system data to the budget; and validating data across various IT spending and cost categories, including government labor expenditures. By taking these steps, DOJ has improved its ability to ensure that its CIO is effectively positioned to consistently and adequately review and approve the IT budget request.
Department of Justice The Attorney General should ensure that the Office of the CIO and other offices, as appropriate, establish quality assurance processes--such as data quality checks, reviews of estimation methods, linkages between the IT portfolio and procurement system data, and linkages between the IT portfolio and financial system data--for ensuring the annual IT budget is informed by complete and reliable information on anticipated government labor, contract, and other relevant IT expenditures. (Recommendation 33)
Closed - Implemented

Recommendation status is Closed - Implemented.

The department developed IT budget standards in April 2019 that establish quality assurance processes for ensuring the annual IT budget is informed by complete and reliable information on anticipated government labor, contract, and other relevant IT expenditures. Specifically, DOJ's procedures include quality assurance steps that the CIO's budget manager is to carry out on component IT budget requests prior to the CIO's review. This includes quality assurance steps such as reviewing prior year expenditures for significant variances; identifying missing expenditures in acquisition forecasts; comparing financial system data to the budget; and validating data across various IT spending and cost categories, including government labor expenditures. By taking these steps, the DOJ CIO is better positioned to have increased transparency into IT spending, capture relevant costs in the IT budget, and make informed budget decisions.
Federal Bureau of Investigation The FBI Director should direct the Office of the CIO and other offices, as appropriate, to take steps to ensure that the actions taken to comply with OMB's common baseline for implementing FITARA on individual investments are adequately documented. (Recommendation 34)
Open

Recommendation status is Open.

FBI agreed with our recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of the Treasury The Secretary of the Treasury should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that establish department-wide policy for the level of detail of planned expenditure reporting to the CIO for all transactions that include IT resources. (Recommendation 35)
Open

Recommendation status is Open.

When we confirm what actions the department has taken in response to this recommendation, we will provide updated information.
Department of the Treasury The Secretary of the Treasury should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that include the CIO in the planning and budgeting stages for all programs that are fully or partially supported with IT resources. (Recommendation 36)
Open

Recommendation status is Open.

When we confirm what actions the department has taken in response to this recommendation, we will provide updated information.
Department of the Treasury The Secretary of the Treasury should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that include the CIO as a member of governance boards that inform decisions regarding all IT resources, including component-level boards. (Recommendation 37)
Open

Recommendation status is Open.

When we confirm what actions the department has taken in response to this recommendation, we will provide updated information.
Department of the Treasury The Secretary of the Treasury should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that document the process for the CIO's review and approval of the major IT investments portion of the budget request. (Recommendation 38)
Open

Recommendation status is Open.

When we confirm what actions the department has taken in response to this recommendation, we will provide updated information.
Department of the Treasury The Secretary of the Treasury should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that document the steps the CIO is to take to ensure whether the IT portfolio includes appropriate estimates of all IT resources included in the budget request. (Recommendation 39)
Open

Recommendation status is Open.

When we confirm what actions the department has taken in response to this recommendation, we will provide updated information.
Department of the Treasury The Secretary of the Treasury should direct the department CIO to establish, for any OMB common baseline requirements that are related to IT budgeting that have been delegated, a plan that specifies the requirement being delegated, demonstrates how the CIO intends to retain accountability for the requirement, and ensures through quality assurance processes that the delegated official will execute such responsibilities with the appropriate level of rigor. (Recommendation 40)
Open

Recommendation status is Open.

When we confirm what actions the department has taken in response to this recommendation, we will provide updated information.
Department of the Treasury The Secretary of the Treasury should direct the Office of the CIO and other offices, as appropriate, to take steps to ensure that the actions taken to comply with OMB's common baseline for implementing FITARA on individual investments are adequately documented. (Recommendation 41)
Open

Recommendation status is Open.

When we confirm what actions the department has taken in response to this recommendation, we will provide updated information.
Department of the Treasury The Secretary of the Treasury should ensure that the Office of the CIO and other offices, as appropriate, establish quality assurance processes--such as data quality checks, reviews of estimation methods, linkages between the IT portfolio and procurement system data, and linkages between the IT portfolio and financial system data--for ensuring the annual IT budget is informed by complete and reliable information on anticipated government labor, contract, and other relevant IT expenditures. (Recommendation 42)
Open

Recommendation status is Open.

When we confirm what actions the department has taken in response to this recommendation, we will provide updated information.
Internal Revenue Service The IRS Commissioner should direct the Office of the CIO and other offices, as appropriate, to take steps to ensure that the actions taken to comply with OMB's common baseline for implementing FITARA on individual investments are adequately documented. (Recommendation 43)
Open

Recommendation status is Open.

IRS agreed with our recommendation and has taken steps towards implementing it. For example, the agency CIO and associate CIOs are taking steps through the IRS's annual IT investment planning process to work with program leadership to develop budgets for individual investments. In addition, IRS demonstrated how the CIO and associated CIOs review and approve major program objectives and changes in IT resources for major and non-major investments. However, IRS has not yet documented steps that the CIO is taking to ensure that individual investments' estimates of IT resources in the portfolio and budget request are appropriate. We will continue to monitor the agency's progress in implementing our recommendation.

Full Report