Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "IT acquisitions"

    18 publications with a total of 156 open recommendations including 9 priority recommendations
    Director: David A. Powner
    Phone: (202) 512-9286

    39 open recommendations
    Recommendation: The Secretary of Agriculture should ensure that the office of the chief acquisition officer (CAO) is involved in the process to identify IT acquisitions. (Recommendation 1)

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Agriculture should direct the CAO and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 2)

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Agriculture should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 3)

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Commerce should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 4)

    Agency: Department of Commerce
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Commerce should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 5)

    Agency: Department of Commerce
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Education should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 6)

    Agency: Department of Education
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Education should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 7)

    Agency: Department of Education
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Energy should direct the CAO and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 8)

    Agency: Department of Energy
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Energy should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 9)

    Agency: Department of Energy
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of HHS should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 10)

    Agency: Department of Health and Human Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Housing and Urban Development should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 11)

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Housing and Urban Development should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 12)

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Interior should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 13)

    Agency: Department of the Interior
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Interior should direct the CAO and CIO to finalize and issue guidance on identifying IT acquisitions in order to ensure the CIO review and approval of those acquisitions. (Recommendation 14)

    Agency: Department of the Interior
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Interior should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 15)

    Agency: Department of the Interior
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Attorney General should direct the senior procurement executive and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 16)

    Agency: Department of Justice
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Attorney General should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 17)

    Agency: Department of Justice
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Labor should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 18)

    Agency: Department of Labor
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Labor should direct the CAO and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 19)

    Agency: Department of Labor
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Labor should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 20)

    Agency: Department of Labor
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of State should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 21)

    Agency: Department of State
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of State should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 22)

    Agency: Department of State
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Treasury should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 23)

    Agency: Department of the Treasury
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Transportation should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 24)

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Transportation should direct the CAO and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 25)

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Transportation should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 26)

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Veterans Affairs (VA) should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 27)

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of VA should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 28)

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of the Environmental Protection Agency should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 29)

    Agency: Environmental Protection Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of the National Aeronautics and Space Administration (NASA) should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 30)

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of NASA should direct the CAO and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 31)

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of NASA should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 32)

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Chairman of the Nuclear Regulatory Commission should ensure that the office of the senior procurement executive is involved in the process to identify IT acquisitions. (Recommendation 33)

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the Office of Personnel Management should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 34)

    Agency: Office of Personnel Management
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of the Small Business Administration should ensure that the office of the senior procurement executive is involved in the process to identify IT acquisitions. (Recommendation 35)

    Agency: Small Business Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commissioner of the Social Security Administration (SSA) should ensure that the office of the senior procurement executive is involved in the process to identify IT acquisitions. (Recommendation 36)

    Agency: Social Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commissioner of SSA should direct the senior procurement executive and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 37)

    Agency: Social Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commissioner of SSA should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 38)

    Agency: Social Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of the United States Agency for International Development should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 39)

    Agency: United States Agency for International Development
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    3 open recommendations
    Recommendation: The Director of OMB should continue to identify and report to Congress on the status of the top 10 high priority information technology programs and the extent to which USDS is involved in the programs, as was done in June 2015 and June 2016. In doing so, the Director should ensure that these reports are issued quarterly. (Recommendation 1)

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of OMB should ensure that the Federal CIO is directly involved in the oversight of high priority programs. (Recommendation 2)

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of OMB should continue to report on the status of USDS projects. In doing so, the Director should ensure that the reports are issued quarterly. (Recommendation 3)

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    19 open recommendations
    Recommendation: The Secretary of Energy should ensure that the CIO of Energy reports major IT investment information related to incremental development accurately in accordance with OMB guidance. (Recommendation 1)

    Agency: Department of Energy
    Status: Open

    Comments: In comments on our report, the Department of Energy (Energy) concurred with our recommendation. The department described actions by the Office of the Chief Information Officer to review the accuracy of Energy's major IT investment project reporting related to incremental development as part of monthly IT Dashboard and Investment Review Board meetings. We will continue to monitor Energy's reporting of its incremental data on the IT Dashboard.
    Recommendation: The Secretary of Agriculture should ensure that the CIO of U.S. Department of Agriculture (USDA) reports major IT investment information related to incremental development accurately in accordance with OMB guidance. (Recommendation 2)

    Agency: Department of Agriculture
    Status: Open

    Comments: The U.S. Department of Agriculture (USDA) has not yet taken any actions to implement our recommendation. We will continue to monitor USDA's progress in implementing this recommendation.
    Recommendation: The Commissioner of the Social Security Administration (SSA) should ensure that the CIO of SSA reports major IT investment information related to incremental development accurately in accordance with OMB guidance. (Recommendation 3)

    Agency: Social Security Administration
    Status: Open

    Comments: In comments on our report, the Social Security Administration (SSA) concurred with our recommendation and stated that it had implemented two new processes related to incremental certification, which would be included in the agency's upcoming revision to its Capital Planning and Investment Control Guide. We will follow up with SSA to ascertain whether the guide has been updated during fiscal year 2018.
    Recommendation: The Secretary of Housing and Urban Development (HUD) should ensure that the CIO of HUD establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 4)

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In comments on our report, the Department of Housing and Urban Development (HUD) concurred with our recommendation and stated that it planned to develop more definitive timelines on how to address our recommendation. We will follow up with HUD to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been established during fiscal year 2018.
    Recommendation: The Secretary of the Interior should ensure that the CIO of Interior updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development, consistent with OMB guidance. (Recommendation 5)

    Agency: Department of the Interior
    Status: Open

    Comments: In comments on our report, the Department of the Interior (Interior) concurred with our recommendation and stated that it planned to update its existing policy to include the elements we recommended. We will follow up with Interior to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been updated during fiscal year 2018.
    Recommendation: The Attorney General of the United States should ensure that the CIO of Justice establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 6)

    Agency: Department of Justice
    Status: Open

    Comments: In comments on our report, the Department of Justice (Justice) concurred with our recommendation and stated that it planned to amend existing policy to implement this recommendation. We will follow up with Justice to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been updated during fiscal year 2018.
    Recommendation: The Secretary of Labor should ensure that the CIO of Labor updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 7)

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor (Labor) has not yet taken any actions to implement our recommendation. We will continue to monitor Labor's progress in implementing this recommendation.
    Recommendation: The Secretary of State should ensure that the CIO of State updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 8)

    Agency: Department of State
    Status: Open

    Comments: In comments on our report, the Department of State (State) reported that it has developed an incremental development policy that addresses our recommendation and it is currently in the process of being approved. We will follow up with State to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been developed during fiscal year 2018.
    Recommendation: The Secretary of Agriculture should ensure that the CIO of USDA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 9)

    Agency: Department of Agriculture
    Status: Open

    Comments: The U.S. Department of Agriculture (USDA) has not yet taken any actions to implement our recommendation. We will continue to monitor USDA's progress in implementing this recommendation.
    Recommendation: The Secretary of Veterans Affairs (VA) should ensure that the CIO of VA updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 10)

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, the Department of Veterans Affairs (VA) partially concurred with our recommendation and stated that it would draft a policy to address our recommendation. We will follow up with VA to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been developed during fiscal year 2018.
    Recommendation: The Administrator of the Environmental Protection Agency (EPA) should ensure that the CIO of EPA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 11)

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In comments on our report, the Environmental Protection Agency (EPA) concurred with our recommendation and stated that it planned to develop a policy to implement this recommendation and other FITARA issues. We will follow up with EPA to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been developed during fiscal year 2018.
    Recommendation: The Administrator of the General Services Administration (GSA) should ensure that the CIO of GSA updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 12)

    Agency: General Services Administration
    Status: Open

    Comments: In comments on our report, the General Services Administration (GSA) concurred with our recommendation and stated that it would develop and implement a plan to address it. We will follow up with GSA to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been updated during fiscal year 2018.
    Recommendation: The Administrator of the National Aeronautics and Space Administration (NASA) should ensure that the CIO of NASA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 13)

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: In comments on our report, the National Aeronautics and Space Administration (NASA) concurred with our recommendation and stated that it is currently updating its policies to address it, which will be completed by March 2018. We will continue to monitor NASA's progress on these efforts.
    Recommendation: The Director of the National Science Foundation (NSF) should ensure that the CIO of NSF updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 14)

    Agency: National Science Foundation
    Status: Open

    Comments: The National Science Foundation (NSF) has not yet taken any actions to implement our recommendation. We will continue to monitor NSF's progress in implementing this recommendation.
    Recommendation: The Chairman of the Nuclear Regulatory Commission (NRC) should ensure that the CIO of NRC establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 15)

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: In comments on our report, the Nuclear Regulatory Commission (NRC) reported that it plans to establish agency-wide, formalized processes and procedures for the CIO to approve the incremental development of major IT investments by December 31, 2017. We will continue to monitor NRC's progress on this effort.
    Recommendation: The Director of the Office of Personnel Management (OPM) should ensure that the CIO of OPM updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 16)

    Agency: Office of Personnel Management
    Status: Open

    Comments: In comments on our report, the Office of Personnel Management (OPM) concurred with our recommendation and stated that it would update its policies and processes to include the elements we recommended. We will follow up with OPM to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been updated during fiscal year 2018.
    Recommendation: The Administrator of the Small Business Administration (SBA) should ensure that the CIO of SBA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 17)

    Agency: Small Business Administration
    Status: Open

    Comments: The Small Business Administration (SBA) has not yet taken any actions to implement our recommendation. We will continue to monitor SBA's progress in implementing this recommendation.
    Recommendation: The Commissioner of the Social Security Administration should ensure that the CIO of SSA updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 18)

    Agency: Social Security Administration
    Status: Open

    Comments: In comments on our report, the Social Security Administration (SSA) concurred with our recommendation and stated that it had implemented two new processes related to incremental certification, which would be included in the agency's upcoming revision to its Capital Planning and Investment Control Guide. We will follow up with SSA to ascertain whether the guide has been updated during fiscal year 2018.
    Recommendation: The Administrator of the U.S. Agency for International Development (USAID) should ensure that the CIO of USAID establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 19)

    Agency: United States Agency for International Development
    Status: Open

    Comments: In comments on our report, the U.S. Agency for International Development (USAID) reported that it is in the process of establishing an agency-wide policy and process for the CIO's certification of adequate incremental development. It estimates that this policy will be implemented by August 31, 2018. We will continue to monitor USAID's progress in this effort.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    5 open recommendations
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to update FMCSA's IT strategic plan to include well-defined goals, strategies, measures, and timelines for modernizing its systems.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to ensure that the IT investment process guidance lays out the roles and responsibilities of all working groups and individuals involved in the agency's governance process.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to finalize the restructure of the Office of Information Technology, including fully defining the roles and responsibilities of the CIO.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to ensure that appropriate governance bodies review all IT investments and track corrective actions to closure.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to ensure that required operational analyses are performed for Aspen, Motor Carrier Management Information System, Sentri 2.0, and Unified Registration System on an annual basis.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    6 open recommendations
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to update the department's IT Acquisition Review governance process to increase the number of contracts and agreements (associated with both major and non-major investments) that are reviewed by the CIO and appropriate delegates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the specific staff or positions currently within the department's IT acquisition cadre; and (2) assessing whether these staff and positions address all of the specialized skills and knowledge needed, as outlined in OMB's Office of Federal Procurement Policy's guidance for developing an IT acquisition cadre.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the department's future IT skillset needs as a result of DHS's new delivery model, (2) conducting a skills gap analysis, and (3) resolving any skills gaps identified.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update the department's acquisition policies and guidance to be consistent in identifying that the DHS CIO is to certify investments' incremental development activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update DHS headquarters', Customs and Border Protection's, and U.S. Coast Guard's processes to track, for all contracts and agreements, the IT investment with which each is associated (as applicable).

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update and implement the process DHS uses for assessing the risks of major IT investments to ensure that the CIO rating reported to the Dashboard fully reflects the CIO's assessment of each major IT investment.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    3 open recommendations
    Recommendation: To help improve the management of DOD's MAIS programs, the Secretary of Defense should direct the Secretary of the Army to direct the program manager for Global Combat Support System-Army Increment 1 to establish standard operating procedures for managing risks that include guidance for establishing thresholds and bounds for key risk areas.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the management of DOD's MAIS programs, the Secretary of Defense should direct the Secretary of the Air Force to direct the program manager for Air and Space Operations Center-Weapon System Increment 10.2 to develop an overall risk mitigation plan to guide the implementation of individual risk mitigation and contingency plan activities.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the management of DOD's MAIS programs, the Secretary of Defense should direct the Secretary of the Air Force to direct the program manager for Joint Space Operations Center, Mission System Increment 2 to appoint a chief developmental tester to oversee systems testing and integration activities.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Powner, David A
    Phone: (202) 512-9286

    5 open recommendations
    including 2 priority recommendations
    Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Commerce should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish and maintain a workforce planning process; (2) develop competency and staffing requirements; (3) assess competency and staffing needs regularly; (4) assess gaps in competencies for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing; (6) implement activities that address gaps, including an IT acquisition cadre, cross-functional training of acquisition and program personnel, a career path for program managers, and special hiring authorities, if justified and cost-effective; (7) monitor the department's progress in addressing IT competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: The department has not yet provided its written response to this recommendation. We will continue to monitor the department's progress in implementing the recommendation.
    Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Defense should require the Chief Information Officer, the Under Secretary of Defense for Personnel and Readiness, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) develop competencies for all staff; (2) assess competency needs regularly for all positions; (3) assess gaps in competencies for all components of the workforce; (4) develop strategies and plans to address gaps in competencies; (5) implement activities that address gaps, including developing a program management career path, if justified and cost-effective; (6) monitor the department's progress in addressing competency gaps identified for IT staff; and (7) report to department leadership on progress in addressing competency gaps.

    Agency: Department of Defense
    Status: Open

    Comments: The department has provided a written response to this recommendation and we are currently evaluating it.
    Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Health and Human Services should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish and maintain a workforce planning process inclusive of all staff; (2) develop staffing requirements for all positions; (3) assess staffing needs regularly; (4) assess gaps in competencies and staffing for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing; (6) implement activities that address gaps, including an IT acquisition cadre, if justified and cost-effective; (7) monitor the department's progress in addressing competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The department has provided a written response to this recommendation and we are currently evaluating it.
    Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Transportation should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish a time frame for when the department is to finalize its draft workforce planning process and maintain that process; (2) develop staffing requirements for all positions; (3) assess competency and staffing needs regularly for all positions; (4) assess gaps in staffing for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing; (6) implement activities that address gaps, including an IT acquisition cadre, cross-functional training of acquisition and program personnel, a career path for program managers, and use of special hiring authorities, if justified and cost-effective;e (7) monitor the department's progress in addressing competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps.

    Agency: Department of Transportation
    Status: Open
    Priority recommendation

    Comments: The department agreed with the recommendation and stated that it plans to fully implement the recommendation by December 2019. To fully implement this recommendation, DOT should prioritize the completion of its IT workforce planning process and then begin implementing the process in phases based on the availability of resources.
    Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of the Treasury should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish and maintain a workforce planning process; (2) develop competency and staffing requirements for all positions; (3) assess competency and staffing needs regularly; (4) assess gaps in competencies and staffing for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing for all components of the workforce; (6) implement activities that address gaps, including a career path for program managers and special hiring authorities, if justified and cost-effective; (7) monitor the department's progress in addressing competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps for all components of the workforce.

    Agency: Department of the Treasury
    Status: Open

    Comments: The department has not yet provided its written response to this recommendation. We will continue to monitor the department's progress in implementing the recommendation.
    Director: David Powner
    Phone: (202) 512-9286

    24 open recommendations
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: United States Agency for International Development
    Status: Open

    Comments: We reported that the U.S. Agency for International Development (USAID) had partially met the following two practices for establishing a complete software application inventory, (1) includes these systems from all organizational component, and (2) is regularly updated with quality controls to ensure reliability. In September 2017, USAID provided its updated application inventory, which includes enterprise IT and business systems from all organizational components--with the exception of two small offices that USAID officials stated use IT systems provided by other business units. In addition, we verified that the inventory includes basic application attributes, to include system name, system description, and system owner; however, it does not include the system description and owner for all systems listed. USAID officials reported that they have efforts underway to identify system owners and collect system descriptions from these owners. USAID has also taken steps to ensure the reliability of the inventory, including a data call it conducted to gather information for its updated application inventory, as well as efforts from its Business Enterprise Architecture team to follow up with system owners to obtain complete and accurate system information. We plan to continue to monitor USAID's efforts.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Education
    Status: Open

    Comments: We reported that the Department of Education partially met the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, we reported that the department had not yet established a policy for updating its inventory. In May 2017, the department issued an updated Lifecycle Management Framework directive, which requires system program managers to update the IT asset management information, including for software applications, in the department's Cyber Security Assessment and Management (CSAM) tool. In addition, in June 2017, the department updated its System Inventory Methodology and Guidance Document to ensure that the inventories within CSAM accurately reflect the system's software and operating system, and that all software utilized on the system is appropriately licensed and approved for use by the department's Enterprise Architecture Review Board. We will follow up with the department to determine whether it is using its updated policies.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Commerce
    Status: Open

    Comments: We reported that the Department of Commerce did not meet the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, the department did not provide evidence of a process to regularly update its inventory or quality controls to ensure the reliability of the data collected. In October 2017, the department reported that application inventory information will be captured through the Department of Commerce Capital Planning and Investment Control (CPIC) system, as part of its regular updating of investment information. Further, the department stated that it will update its CPIC handbook to provide guidance on quality control to ensure reliability of the data collected. We plan to continue to follow up with Commerce to monitor the status of these planned actions.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Energy
    Status: Open

    Comments: We reported that the Department of Energy partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In May 2017, the department reported that it plans to implement automated monitoring and inventory tools by the end of fiscal year 2018, which it expects will address the key practices. We plan to monitor the department's efforts to implement the tools.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: We reported that the Department of Housing and Urban Development partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In June 2017, the department reported that is working to identify applications in field offices, and plan for this effort to be completed in fiscal year 2018. In addition, the department stated it plans to update the inventory to include business functions for each system by the end of fiscal year 2017. Further, department officials stated that to ensure the accuracy and reliability of the application inventory, the department plans to conduct quarterly portfolio reviews starting in fiscal year 2018. We plan to continue to monitor the department's efforts.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We reported that the Department of Health and Human Services (HHS) partially met the following software application inventory practice: is regularly updated with quality controls to ensure reliability. In June 2017 we followed up with HHS to obtain a status of actions to address our recommendation. As of November 2017, we were still waiting for a response.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Social Security Administration
    Status: Open

    Comments: We reported that the Social Security Administration (SSA) partially met the following two software application inventory practices, (1) includes systems from all organization components, and (2) regularly updates the inventory with quality controls to ensure reliability. In March 2017, SSA officials reported that the agency's Office of Systems and Office of Operations continue to collaborate on integrating application information into the Enterprise Application Inventory. The officials reported that regionally developed applications that have been granted authority to operate have been imported into the enterprise application inventory. In addition, the officials stated that the Office of Operations is in the process of redesigning their repository to accommodate requirements to support the Enterprise Application Inventory, including the ability to update and maintain application information in the enterprise repository. Lastly, SSA officials reported that its Office of Information Security and Office of Systems continue to work to identify additional headquarters applications and develop process and automation to include applications in the inventory. However, the agency did not provide documentation that supports the efforts taken. We are following up with the agency to obtain documentation.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of the Interior
    Status: Open

    Comments: We reported that the Department of Interior did not meet the software application inventory practice of regularly updating the inventory with quality controls to ensure reliability, and partially met the practice of including systems from all organization components. In June 2017, the department reported that it plans to review the application inventory for quality and completeness as a part of its annual update. Further, the department reported that it included applications and systems related to infrastructure investments in the IT portfolio as part of the fiscal year 2017 annual update to the department's application inventory. However, the department did not provide supporting documentation. We plan to monitor the department's efforts to ensure the accuracy and completeness of the inventory, as well as its efforts to include all its business systems in the inventory.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Transportation
    Status: Open

    Comments: In June 2017, the department reported that it had updated its application inventory to, among other things, address the key practices it had not fully met. We are following up with the department to obtain supporting documentation.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Labor
    Status: Open

    Comments: We reported that the Department of Labor did not meet one software application inventory practice, and partially met three practices. Specifically the department did not include business and enterprise IT systems, and partially met (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In June 2017, department officials stated that they plan to update the inventory in fiscal year 2017 to address the key practices, including ensuring that the inventory identifies business and enterprise IT systems, systems from all organizational components, and basic IT system attributes. In addition, officials stated that they plan to update the inventory on a periodic basis as necessary, including at least annually as part of its IT budgeting process. Further, officials stated that the department's Strategic Business Management program implemented a data quality initiative in fiscal year 2016 to improve the quality of data their agencies are reporting on their IT systems as part of the department's IT Capital Planning and Investment Control process. We are following up with the department to obtain evidence of the data quality initiative. Further, we will continue to monitor the department's efforts to address the practices.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of the Treasury
    Status: Open

    Comments: We reported that the Department of the Treasury had partially met the following two practices for establishing a complete software application inventory, (1) specifies basic application attributes, and (2) is regularly updated with quality controls to ensure reliability. In September 2017, the department provided evidence showing that it had taken steps to address these practices. Specifically, the department provided an export of its inventory, which showed that most of the systems listed contained a system description. According to department officials, some systems do not have a system description because the department's inventory policy allows bureaus to attach documents to the inventory, which include the system description, instead of populating the system description field. Further, the policy does not require a system description for systems in the disposal state. Moreover, the inventory did not include the business segment or function that the system supports. According to Treasury officials, the Bureau and Functional Unit fields within the inventory allow the department to map the systems to the business segments that they support; however, they did not provide documentation showing this mapping. We are following up with the Treasury to obtain supporting documentation, including its inventory policy. Further, we will continue to monitor its efforts to ensure that the inventory is regularly updated with quality controls to ensure its reliability.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: We reported that the Department of Veterans Affairs (VA) had partially met the following practice for establishing a complete software application inventory: is regularly updated with quality controls to ensure reliability. We determined that VA partially met this practice because, while officials stated that their repository of systems was viewed as complete, the information within the repository was still maturing and work was being done to automate data capture and integration with other sources. The department has since taken action to address the practice. Specifically, in July 2017, VA officials reported that the department integrated its inventory with multiple repositories of IT system and application information. According to VA officials, this integration enables VA to more completely and accurately capture system and application related information, using both automated and manual processes to update and maintain the inventory. We will follow up with VA to obtain evidence of its action.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of State
    Status: Open

    Comments: We reported that the Department of State partially met the following software application inventory practices: (1) specifies basic application attributes; and (2) is regularly updated with quality controls to ensure reliability. In June 2017, department officials reported that they are working to align IT assets to the appropriate IT investments through both the capital planning and investment control process and the cloud governance process. The agency intends that these efforts will be the first step in better aligning assets to a defined business function. Department officials also stated that to improve quality control, they are developing additional guidance on the process to review all IT assets throughout their lifecycle, which includes a multi-stakeholder approach to confirm each asset contains accurate, appropriate and relevant information. We plan to continue to monitor the department's efforts.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In April 2017, we followed up with the Environmental Protection Agency to obtain a status of actions to address our recommendation. As of November 2017, we were still waiting for a response from the agency.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: We reported that the National Aeronautics and Space Administration had partially met the following two practices for establishing a complete software application inventory, (1) includes these systems from all organizational components, and (2) is regularly updated with quality controls to ensure reliability. In June 2017, agency officials stated that they plan to improve the application inventory using an investment review process, which they expect to complete in 2019. Specifically, the agency intends that the process will lead to an annual review of the application inventory and an improved process for updating the inventory. According to agency officials, the process will incorporate quality control processes into the overall portfolio management and rationalization approach. We plan to continue to monitor the agency's efforts to implement the new review process.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: National Science Foundation
    Status: Open

    Comments: We reported that the National Science Foundation had partially met the following practice for establishing a complete software application inventory: is regularly updated with quality controls to ensure reliability. In June 2017, agency officials reported that its Chief Information Officer is working with the agency's Division of Information Systems to formalize and provide evidence of the annual validation review that it stated it conducts for quality control purposes. The agency expects improvements to be implemented with the upcoming inventory review cycle for fiscal year 2018.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Small Business Administration
    Status: Open

    Comments: We reported that the Small Business Administration (SBA) did not meet one software application inventory practice, and partially met three practices. Specifically, the SBA did not regularly update the application inventory with quality controls to ensure reliability, and partially met (1) includes enterprise IT and business systems, (2) includes systems from all organizational components, and (3) specifies basic application attributes. In July 2017, SBA reported that its draft Software Asset Policy was being vetted throughout the agency for concurrence. SBA officials stated that the Software Asset Policy will determine the required basic application attributes, and provide adequate controls to ensure reliability of the inventory. Although SBA officials stated they are developing the planned milestones and a roadmap to implement the policy, they did not provide a formal release timeframe. We will continue to monitor the SBA's efforts to develop a complete application inventory.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: We reported that the Nuclear Regulatory Commission partially met the following software application inventory practice: is regularly updated with quality controls to ensure reliability. In July 2017, agency officials stated that they plan to finalize procedures to routinely update the agency's inventory in December 2017. We plan to continue to monitor the department's efforts to address our recommendation.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Office of Personnel Management
    Status: Open

    Comments: We reported that the Office of Personnel Management (OPM) partially met the software application inventory practice to regularly update the inventory with quality controls to ensure reliability. In November 2016, OPM officials stated that they were validating the data in the application inventory. In addition, officials stated that they were making progress in using automated scanning tools to update the inventory, including coordinating with the General Services Administration's Software Management Group which is working to standardize the use of automated inventory tools across the government. In June 2017, we followed up with OPM to obtain documentation of these reported actions; however, as of November 2017, the agency had not yet provided supporting documentation. We are continuing to follow up with OPM to obtain documentation of its reported actions.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Defense should direct the responsible official to modify the department's existing processes to collect and review cost, technical, and business information for the enterprise and business IT systems within the Enterprise Information Environment Mission Area applications which are currently not reviewed as part of the department's process for business systems.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2017, department officials reported they did not concur with the recommendation at the time it was made, and that their position had not changed.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Homeland Security should direct the department's CIO to identify one high-cost function it could collect detailed cost, technical, and business information for and modify existing processes to collect and review this information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the department reported that it had identified e-mail as a high cost function, and that it would begin modifying existing processes to collect and review cost, technical, and business information. The agency expects to complete the effort in 2017. We plan to continue to monitor the department's efforts.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of the Interior should direct the department's CIO to document and implement a plan for establishing policy that would define a standard analytical technique for rationalizing the investment portfolio.

    Agency: Department of the Interior
    Status: Open

    Comments: We recommended that the Department of Interior document and implement a plan for establishing policy that would define a standard analytical technique for rationalizing the investment portfolio. In June 2017, the department reported that it had developed a comprehensive strategy and approach to implement application rationalization and portfolio management practices. However, the department did not provide supporting documentation. In addition, the department reported that its Office of the Chief Information Officer (OCIO) is currently drafting an application rationalization policy and supporting guidance that will establish a standard analytical approach for rationalization bureau office portfolios in a consistent manner across the department, and that its OCIO will collaborate with bureaus and offices to develop an application rationalization analytical framework. However, the department did not provide a timeframe for completing these efforts. We plan to continue to monitor the department'?s efforts to develop a rationalization policy and standard analytical techniques.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Labor should direct the department's CIO to consider a segmented approach to further rationalize and identify a function for which it would modify existing processes to collect and review application-specific cost, technical, and business value information.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2017, department officials stated that they plan to associate applications to specific IT investments, and to use this information to identify potential cost savings and avoidance. Further, officials stated that they plan to develop a segmented approach to rationalizing the portfolio of IT investments, including systems and applications. We plan to follow up with the department to determine the expected time frame for completing these actions.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Director of the National Science Foundation should direct the CIO to consistently document evaluations for all applications and report cost information for them in the roadmap or other documentation.

    Agency: National Science Foundation
    Status: Open

    Comments: In June 2017, agency officials stated that they plan to take steps to ensure cost information is consistently documented for applications by the end of 2017. We will continue to monitor the agency's efforts.
    Director: David A. Powner
    Phone: (202) 512-9286

    12 open recommendations
    Recommendation: In order to improve the accuracy of IT Dashboard incremental development data, the Director of OMB should direct the Federal Chief Information Officer (CIO) to clarify existing guidance regarding what IT investments are and are not subject to requirements on the use of incremental development and how CIOs should report the status of projects that are not subject to these requirements.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) has taken initial steps to implement our recommendation. Specifically, OMB's June 2016 annual capital planning guidance for fiscal year 2018 included instructions on what types of investments were required to adhere to incremental development requirements related to the delivery of usable functionality. The guidance stated that all software development projects are required to produce usable functionality at intervals of no more than six months. Further, all major development projects within investments are required to use modular/agile principles. However, OMB's guidance still lacks direction on how CIOs are to report the status of nonsoftware projects, as we recommended. In the absence of our recommended guidance clarification, OMB is at risk of agencies continuing to be unclear about how nonsoftware development investment data are to be reported on the Dashboard, increasing the risk that data on the IT Dashboard will not always be accurate. We will continue to evaluate OMB's progress in clarifying its guidance and considering a change to provide more detailed guidance related to the reporting of nonsoftware development investment data.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) concurred with our recommendation and stated that the Enterprise Business Management Office within the Office of the Chief Information Officer will validate each investment reported on the Dashboard and work with program officials to ensure they appropriately update the data for the IT Dashboard. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education (Education) concurred with our recommendation and stated that the department will ensure that the data is kept current using their IT portfolio management process. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce (Commerce) concurred with our recommendation and stated that these changes would be incorporated into the department?s Dashboard reporting. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (Defense) partially concurred with our recommendation and stated that the department is taking action to update the Dashboard data as appropriate. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) concurred with our recommendation. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation (Transportation) concurred with our recommendation and stated the department was committed to ensuring the information on the IT Dashboard reflects up to date information. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury (Treasury) did not comment on our recommendation. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education (Education) concurred with our recommendation to establish a departmentwide certification policy. Education officials reported in March 2017 that the department will complete changes to its guidance by November 2017. However, until this guidance is finalized, Education will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate Education's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (Defense) did not concur with our recommendation, stating that its existing guidance was adequate in this area. However, in August 2016, Defense issued its fiscal year 2018 budget submission guidance which required each component CIO to certify that IT investments were adequately implementing incremental development. The component CIOs were to document the certification in a statement of compliance memorandum, using their agency's letterhead, and submit the memorandum to the Defense CIO. Defense officials report that this same guidance will be added to the Financial Management Regulations during summer 2017. Until this annual guidance has been updated and incorporated into the department's standing policies, Defense is at risk of overlooking this requirement in subsequent years. We will continue to evaluate Defense's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) concurred with our recommendation to establish a departmentwide certification policy. However, HHS officials reported in April 2017 that they did not have a timeframe for when the department's new certification guidance would be completed. Until this guidance is finalized, HHS will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate HHS's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury (Treasury) did not comment on our recommendations. Further, Treasury officials reported in March 2017 that it had no plans to revise its policies, as we recommended. Until the department establishes a CIO certification policy, Treasury will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate Treasury's progress in implementing this recommendation.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    9 open recommendations
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of the Department of Homeland Security (DHS) should direct the Director of USCIS to direct the USCIS Chief Information Officer (CIO), in coordination with the DHS CIO and the Chief of the Office of Transformation Coordination (OTC), to review and update, as needed, existing policies and guidance and consider additional controls to complete planning for software releases prior to initiating development and ensure software meets business expectations prior to deployment.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, the U.S. Citizenship and Immigration Services (USCIS) within the Department of Homeland Security (DHS) had taken steps to address this recommendation. In particular, in June 2017, USCIS provided an updated policy, dated April 2017, governing planning and deploying software releases. USCIS also demonstrated partial compliance with that policy. For example, it provided some release planning review documentation for recent releases that are required by the updated policy, including readiness review memos for releases 7.2 and 8.1. However, USCIS did not demonstrate that the program responsible for developing the USCIS Electronic Immigration System (USCIS ELIS) was consistently following its updated policy. For example, USCIS did not demonstrate that the program was completing all planning activities prior to initiating development, as called for in its updated policy. Moreover, the agency did not demonstrate compliance with its previous policy for all software releases planned and deployed since our July 2016 report. We will continue to work with USCIS to monitor actions the agency is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to consistently implement the principles of the framework adopted for Agile software development.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software releases, dated April 2017, along with release planning artifacts specific to USCIS ELIS. The updated policy included an appendix devoted to generally accepted agency practices and applying Agile principles in the agency. However, USCIS had not clearly indicated if USCIS ELIS was to implement the practices described in the policy. For example, the updated policy did not require program compliance with the generally accepted agency practices. Moreover, supporting artifacts from the release planning process did not always define a commitment to a particular development methodology or set of development practices. For example, the team process agreements, which describe how members of individual teams will work with each other, did not indicate if developers were to adhere to the practices described in updated USCIS policy. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to define and consistently execute appropriate roles and responsibilities for individuals responsible for development activities consistent with its selected development framework.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in June 2017, USCIS provided updated policy, dated April 2017, governing the development of software releases and release planning artifacts. The updated policy and release documentation defined some roles and responsibilities that were previously only described by USCIS in its informal November 2014 management model, such as the authority and responsibility of a product owner. However, program documentation and policy did not define all of the roles and responsibilities. For example, program documentation and policy did not define the roles and responsibilities of a facilitator, or Scrum Master, which is a position identified in leading practices for software development using Scrum, the development methodology previously identified by the program. In addition, USCIS did not demonstrate that it had defined and committed to an updated development methodology for software releases. Such a defined methodology will impact expectations for the roles and responsibilities in software development. Without such a defined methodology or approach to Agile software development, it is not clear if roles and responsibilities defined by previously documented approach to Agile software development are still applicable for the current development approach. Moreover, documentation associated with program releases and updated policy did not define all of the roles and responsibilities for positions described by USCIS in its May 2017 written response to GAO. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to identify all system users and involve them in release planning activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, DHS and USCIS had not provided information demonstrating that the department has addressed this recommendation. In October 2016, DHS provided a written response stating that the USCIS Office of Information Technology and Office of Transformation Coordination were working closely with the various USCIS directorates to obtain and integrate feedback through regular review sessions with the end users and through additional end user testing. However, as of July 2017, DHS and USCIS have not provided new information about the status of this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to write user stories that identify user roles, include estimates of complexity, take no longer than one sprint to complete, and describe business value.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had provided GAO with documentation intended to demonstrate that the agency had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software releases along with release planning artifacts specific to USCIS ELIS and an Independent Verification and Validation assessment. The agency also provided a series of backlogs that captured user stories for some software releases. In addition, the Independent Verification and Validation assessment indicated that the program was tracking user story quality as part of assessing whether value was continuously discovered and aligned to the mission. However, the assessment report provided to GAO indicated a negative trend for this outcome. Moreover, USCIS policy no longer set expectations regarding user story development. In addition, supporting artifacts from the release planning process did not always define a commitment to a particular development methodology, which is turn impacts the expectations for writing user stories. Finally, backlogs provided by USCIS did not cover all releases in development since our July 2016 report and did not include enough detail to assess all aspects of the user story process (e.g., story size and user involvement). We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to establish outcomes for Agile software development.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in April 2017, USCIS issued updated policy governing software development at the agency. The updated policy included an appendix devoted to generally accepted agency practices and applying Agile principles in the agency. This appendix also included a set of ten outcomes associated with using Agile practices at USCIS. For example, outcomes included that value is continuously discovered and aligned to the mission. However, the updated policy did not require program compliance with the practices and principles described in the appendix. Moreover, the agency did not demonstrate that USCIS ELIS had committed to achieving a specific set of outcomes for Agile software development, such as the outcomes described in the USCIS policy. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to monitor program performance and report to appropriate entities through the collection of reliable metrics.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software that called for teams to prepare an Operations Monitoring Plan or dashboard showing the practices, tools, and measures that will monitor applications in production. The agency also provided a series of documents from internal systems and processes intended to monitor performance, such as a product dashboard for analyzing code quality (i.e., SonarQube) and a report from its Independent Verification and Validation team. However, the program was undergoing a re-baseline and had yet to document updated cost, schedule, and performance expectations against which to monitor. Moreover, the agency did not demonstrate that other metrics, such as customer satisfaction and team velocity, were being reliably collected. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To help manage the USCIS ELIS system, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update existing policies and guidance and consider additional controls to conduct unit and integration, and functional acceptance tests, and code inspection consistent with stated program goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided artifacts from internal systems in place to monitor software development performance. These metrics monitored aspects of testing, such as code quality and code coverage. However, the program did not provide an updated Test and Evaluation Master Plan, which is a document it will produce as part of its ongoing effort to re-baseline. A Test and Evaluation Master Plan sets the testing expectations for the program as agreed upon with its stakeholders in DHS and USCIS. The updated plan will provide a basis for further evaluation of the steps DHS and USCIS have taken to address this recommendation. Moreover, the agency did not demonstrate that functional acceptance tests were being conducted in accordance with stated program goals. For example, the agency did not provide acceptance criteria or the associated tests demonstrating that user stories passed the defined acceptance criteria. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To help manage the USCIS ELIS system, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update existing policies and guidance and consider additional controls to develop complete test plans and cases for interoperability and end user testing, as defined in the USCIS Transformation Program Test and Evaluation Master Plan, and document the results.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, DHS and USCIS had not provided information demonstrating that they had addressed this recommendation. In October 2016, DHS provided a written response indicating that an internal process for revisiting the USCIS ELIS Test and Evaluation Master Plan had been initiated, with participation from all relevant stakeholder groups. A Test and Evaluation Master Plan sets the testing expectations for the program as agreed upon with its stakeholders in DHS and USCIS. The updated plan will provide a basis for further evaluation of the steps DHS and USCIS have taken to address this recommendation. The letter also stated that USCIS had begun to work on a policy for new interoperability test procedures. Moreover, the letter added that end user testing is a continuing activity, including providing feedback of observed issues into the development queue, with the slow launch of the naturalization capabilities in USCIS ELIS being a model. However, as of July 2017, DHS and USCIS had not provided new information about the status of this recommendation. We will continue to work with DHS and USCIS to obtain additional documentation about actions they are taking to address this recommendation.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    6 open recommendations
    Recommendation: To help improve the management of MAIS programs, the Secretary of the Army should direct the Tactical Mission Command program manager to develop a requirements management plan to document and manage its requirements process.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: The Department of Defense concurred with our recommendation. We have requested documentation regarding the status of implementing this recommendation. As of April 2017, we have not received a response from the department to our request. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To help improve the management of MAIS programs, the Secretary of the Navy should direct the Common Aviation Command and Control System program manager to identify weaknesses in the requirements traceability process and take corrective actions to manage the traceability of requirements to the respective lower-level requirements, and periodically evaluate work products, including the requirements management plan, and update them in accordance with the requirements guidance.

    Agency: Department of Defense: Department of the Navy
    Status: Open

    Comments: The Department of Defense concurred with our recommendation. We have requested documentation regarding the status of implementing this recommendation. As of April 2017, we have not received a response from the department to our request. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To help improve the management of MAIS programs, the Secretary of the Air Force should direct the Defense Enterprise Accounting and Management System program manager to address weaknesses in its controls for ensuring that all software requirements are tested and validated before deployment of new software releases.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: The Department of Defense concurred with our recommendation. We have requested documentation regarding the status of implementing this recommendation. As of April 2017, we have not received a response from the department to our request. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To help improve the management of MAIS programs, the Director of OMB should instruct the Federal Chief Information Officer (CIO) to add the Under Secretary of Defense for AT&L as a responsible party to DOD's MAIS entries on the Federal IT Dashboard website, alongside the CIO, to publicly disclose the responsible party for the acquisition performance management of MAIS programs.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget did not agree with the recommendation, but stated it would work with the Department of Defense to address it. In April 2017, the Department of Defense stated that it is reorganizing the office of the Under Secretary of Defense for AT&L and its responsibilities. We will continue to follow up with the department subsequent to the reorganization in an effort to determine the party responsible for the acquisition performance management of MAIS programs and OMB's efforts to disclose the responsible party on the Federal IT Dashboard.
    Recommendation: To help improve the management of MAIS programs, the Secretary of Defense should examine the MAIS critical change reporting process to identify root causes for delays and implement corrective actions for the timely delivery of critical change reports.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense concurred with our recommendation. We have requested documentation regarding the status of implementing this recommendation. As of April 2017, we have not received a response from the department to our request. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To help improve the management of MAIS programs, the Secretary of Defense should develop a mechanism for monitoring whether MAIS programs with late reports are restricted from obligating funds and in turn ensuring compliance with the Antideficiency Act.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense concurred with our recommendation. We have requested documentation regarding the status of implementing this recommendation. As of April 2017, we have not received a response from the department to our request. We will continue to monitor the department's progress in implementing this recommendation.
    Director: Valerie Melvin
    Phone: (202) 512-6304

    2 open recommendations
    Recommendation: To help ensure that FDA's IT strategic planning activities are successful in supporting the agency's mission, goals, and objectives, the Commissioner of FDA should require the CIO to establish schedules and milestones for completing a version of an IT strategic plan that incorporates elements to align the plan's strategies with agency-wide priorities; includes results-oriented goals and performance measures that support the agency's mission, along with targets for measuring the extent to which outcomes of IT initiatives support FDA's ability to achieve agency-wide goals and objectives; identifies key IT initiatives that support the agency's goals; and describes interdependencies among the initiatives.

    Agency: Department of Health and Human Services: Food and Drug Administration
    Status: Open

    Comments: FDA concurred with the recommendation and stated that the agency plans to implement it. We contacted the agency in March 2017 and have requested documents regarding FDA's actions to address the recommendation. We are waiting to receive the documents. We will update the status of the agency's actions after we receive and evaluate their response.
    Recommendation: To help ensure that FDA's IT strategic planning activities are successful in supporting the agency's mission, goals, and objectives, the Commissioner of FDA should require the CIO to implement the plan to ensure that expected outcomes of the agency's key IT initiatives are achieved.

    Agency: Department of Health and Human Services: Food and Drug Administration
    Status: Open

    Comments: FDA concurred with the recommendation and stated that the agency plans to implement it. We contacted the agency in March 2017 and have requested documents regarding FDA's actions to address the recommendation. We are waiting to receive the documents. We will update the status of the agency's actions after we receive and evaluate their response.
    Director: Timothy J. DiNapoli
    Phone: (202) 512-4841

    13 open recommendations
    including 6 priority recommendations
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to conduct a comprehensive analysis of Army IT services spending to determine the extent to which requirements can be addressed by Computer Hardware, Enterprise Software and Solutions (CHESS) or other strategic sourcing approaches, and based on this analysis, consider opportunities to reduce duplicative contracts.

    Agency: Department of Defense: Department of the Army
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to implement utilization metrics and mandatory use or consideration policies.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to develop guidance and overarching goals and metrics for savings.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to conduct a review of the benefits and disadvantages of standardized labor categories for CHESS or future contracts.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Navy, the Secretary of the Navy should direct its strategic sourcing accountable official to conduct a comprehensive analysis of IT services spending to determine the extent to which requirements can be addressed by the existing contracts or other strategic sourcing approaches and based on this analysis, reduce duplicative contracts.

    Agency: Department of Defense: Department of the Navy
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Navy, the Secretary of the Navy should direct its strategic sourcing accountable official to implement utilization metrics and monitor agency efforts to comply with the Navy's existing use policies for IT services.

    Agency: Department of Defense: Department of the Navy
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to conduct a comprehensive analysis of IT services spending to determine the extent to which requirements can be addressed by Network-Centric Solutions (NETCENTS) or other strategic sourcing approaches, and based on this analysis, reduce duplicative contracts.

    Agency: Department of Defense: Department of the Air Force
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our three recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to implement utilization metrics.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to develop guidance and overarching goals and metrics for savings.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to conduct a review of the benefits and disadvantages of standardized labor categories for primary strategic sourcing vehicles such as NETCENTS.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within NASA, the Administrator of NASA should direct its strategic sourcing accountable official to use its 2014 spend analysis to determine the extent to which requirements can be addressed by the IT Infrastructure Integration Program or other strategic sourcing approaches, and based on this analysis, reduce duplicative contracts.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA agreed with this recommendation. To fully implement it, NASA needs to successfully implement its planned actions, including (1) implement new strategic sourcing policies in the NASA federal acquisition regulation supplement, (2) revise the 2014 spend analysis by December 14, 2017, and (3) require strategic sourcing of IT services by December 2018 for services such as mobile communications, telecommunications, cloud computing, and seat management.
    Recommendation: To improve efforts to strategically source IT services within NASA, the Administrator of NASA should direct its strategic sourcing accountable official to implement utilization metrics and mandatory use policies.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA partially agreed with this recommendation. Specifically, NASA agreed to establish metrics, but sought to employ mandatory consideration policies, where applicable, instead of mandatory use policies. We agreed that the proposed approach would meet the intent of our recommendation. To fully implement this recommendation, NASA needs to successfully implement its planned actions, including (1) revising the NASA strategic sourcing guide to include establishment of utilization metrics, and (2) issuing updated strategic sourcing policies in the NASA federal acquisition regulation supplement to include mandatory use policies.
    Recommendation: To improve efforts to strategically source IT services within NASA, the Administrator of NASA should direct its strategic sourcing accountable official to develop guidance and overarching goals and metrics for savings.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA agreed with this recommendation. To fully implement this recommendation, NASA needs to successfully implement its planned actions, including (1) issuing updated strategic sourcing policies in the NASA federal acquisition regulation supplement, (2) updating its strategic sourcing website, and (3) updating the NASA strategic sourcing guide to include the setting of goals or baselines as a method of evaluating the strategic sourcing approach.
    Director: David Powner
    Phone: (202) 512-9286

    5 open recommendations
    Recommendation: In order to institutionalize sound IT management practices and build FSA's IT management capacity while improving service to the Nation's farmers and ranchers, the Secretary of Agriculture should direct the FSA Administrator to establish and implement an improvement plan to guide the agency in adopting recognized best practices and following agency policy.

    Agency: Department of Agriculture
    Status: Open

    Comments: FSA developed a Strategic IT Roadmap to assist the agency's business and IT leadership in prioritizing IT investments. In addition, FSA stated that it will develop and document a comprehensive improvement plan that is to delineate tactical steps, timelines, and performance metrics to track incremental progress in adopting recognized best practices and program management capabilities. We will continue to monitor the agency's progress in documenting and implementing its improvement plan.
    Recommendation: In order to institutionalize sound IT management practices and build FSA's IT management capacity while improving service to the Nation's farmers and ranchers, the Secretary of Agriculture should direct the FSA Administrator to adhere to recognized best practices and agency policy in developing and managing system requirements before proceeding with any further system development to deliver previously envisioned MIDAS functionality. Specifically, the Administrator should ensure that requirements are complete, unambiguous, and prioritized; commitment to requirements is obtained through a formal requirements baseline; differences (or gaps) between the requirements and capabilities of the intended solution (including commercial off-the-shelf solutions) are analyzed; strategies to address any gaps are developed; and requirements are traced forward and backward among development products.

    Agency: Department of Agriculture
    Status: Open

    Comments: FSA reported that it will improve the rigor and adherence to requirements management processes for all IT projects, utilizing processes and tools that will support the integrity of the requirements throughout the lifecycle, to ensure that requirements are complete, formally baselined, gaps are analyzed, and fully traceable forward and backward. FSA also noted that it is pursuing an enhanced, more comprehensive governance structure that will further support its commitment to increasing rigor and adherence to defined requirements management processes. We will continue to monitor the agency's implementation of these efforts.
    Recommendation: In order to institutionalize sound IT management practices and build FSA's IT management capacity while improving service to the Nation's farmers and ranchers, the Secretary of Agriculture should direct the FSA Administrator to adhere to recognized best practices and agency policy in planning and monitoring projects. Specifically, the Administrator should ensure that project plans include predefined expectations for cost, schedule, and deliverables before proceeding with any further system development; updates to the project plan are made through change control processes; and progress against the project plan, including work performed by contractors, is monitored.

    Agency: Department of Agriculture
    Status: Open

    Comments: FSA noted that it began an initiative to improve the agency's use of capital planning guidance from the Office of Management and Budget and would prepare corrective action plans to address identified weaknesses in fiscal year 2016. FSA also noted that it was conducting a series of training classes on capital planning and IT project management across the agency, developing a risk management program, and strengthening the use of earned value management. We will continue to monitor the agency's progress on its project planning efforts.
    Recommendation: In order to institutionalize sound IT management practices and build FSA's IT management capacity while improving service to the Nation's farmers and ranchers, the Secretary of Agriculture should direct the FSA Administrator to adhere to recognized best practices and agency policy in system testing. Specifically, the Administrator should establish well-defined test plans before proceeding with any further system development, and ensure that testing of (a) individual system components, (b) the integration of system components, and (c) the end-to-end system are conducted.

    Agency: Department of Agriculture
    Status: Open

    Comments: FSA stated that going forward the agency will adhere to recognized best practices and agency policy in pursuing consistent or increased rigor around system testing. The agency noted that it plans to demonstrate that its testing capabilities are consistent and repeatable across all FSA IT projects. We will continue to monitor the agency's implementation of these efforts.
    Recommendation: In order to institutionalize sound IT management practices and build FSA's IT management capacity while improving service to the Nation's farmers and ranchers, the Secretary of Agriculture should direct the FSA Administrator to adhere to recognized best practices and agency policy in executive-level IT governance before proceeding with any further system development. Specifically, an executive-level governance board should (1) review and approve a comprehensive business case that includes a life cycle cost estimate, a cost-benefit analysis, and an analysis of alternatives for proposed solutions that are to provide former MIDAS requirements prior to their implementation; (2) ensure that any programs that are to accommodate former MIDAS requirements are fully implementing the IT program management disciplines and practices identified in this report; (3) conduct a post-implementation review and document lessons learned for the MIDAS investment; and (4) reassess the viability of the MIDAS technical solution before investing in further modernization technologies.

    Agency: Department of Agriculture
    Status: Open

    Comments: FSA stated that, as part of its organizational transformation efforts, the CIO is evaluating its governance structure and updating the charter for the agency-wide IT investment review board with the support of the agency's Executive Leadership Council. FSA also noted that it will adhere to the department's governance framework and processes. We will continue to monitor the agency's implementation of these efforts and how they address our recommendation.
    Director: Cristina T. Chaplain
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To improve technology planning and ensure planning efforts are clearly aligned with the SBIRS follow-on, the Secretary of the Air Force should establish a technology insertion plan as part of the SBIRS follow-on acquisition strategy that identifies obsolescence needs as well as specific potential technologies and insertion points.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. DOD's planned action on the scope and focus of technology insertion will be based on the direction provided in the Space Based Infrared System (SBIRS) Follow-on Analysis of Alternatives (AoA) and will be executed through the SBIRS Space Modernization Initiative (SMI). The SBIRS AoA was completed in March 2016; however, as of June 2017, the SMI schedule has yet to show how technology will be inserted into the follow-on system.
    Director: Carol R.Cha
    Phone: (202) 512-4456

    2 open recommendations
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology, and Logistics to require MAIS programs to establish their first acquisition program baseline within 2 years of beginning work on the programs.

    Agency: Department of Defense
    Status: Open

    Comments: The Department developed a draft process document that states that business system (e.g. financial management, logistics management) programs should start development on at least one release within 24 months after programs have identified the needed capabilities and received approval to conduct further analysis into the potential delivery of the capabilities. We will follow-up with the Department for the final process document and guidance, when available.
    Recommendation: The Secretary of Defense should direct the Secretary of the Army to direct the Army (Financial Management and Comptroller) to complete a plan for conducting auditability testing of LMP Increment 2 functionality to ensure that such testing occurs prior to the LMP program management office deploying future functionality.

    Agency: Department of Defense
    Status: Open

    Comments: According to DOD officials, in response to our recommendation, the department developed a plan to conduct system testing on LMP Increment 2 in accordance with the Federal Information System Controls Audit Manual. The officials stated that the department's plan was to conduct this testing both prior to and after the deployment of new functionality to users. We have requested additional information and documentation from DOD regarding these LMP Increment 2 test plans in order to determine whether the testing associated with auditability of the system was to be conducted before deployment to users.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To ensure the management of the required portfolio of contract services and that required reductions are achieved the Secretary of Defense should evaluate fiscal controls used by the military departments to identify effective practices and ensure they are consistently implemented to improve the management of contract services spending.

    Agency: Department of Defense
    Status: Open

    Comments: In commenting on this report DOD concurred with this recommendation but has not yet provided information necessary to demonstrate its implementation.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To help mitigate confusion about the use of reverse auctions in federal acquisitions, the Director of the Office of Management and Budget should take steps to amend the FAR to address agencies' use of reverse auctions.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: In providing comments on this report, OMB generally concurred with this recommendation but, as of July 2017, had not yet publicly released a draft of any related proposed FAR rule(s). In July 2017, OMB staff stated that a FAR team had drafted proposed regulatory changes to address the use of reverse auctions in response to GAO's recommendation. OMB staff said that the draft changes were undergoing review and they expected they would be published for public comment before the end of the calendar year.