Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "IT investments"

    34 publications with a total of 353 open recommendations including 14 priority recommendations
    Director: David A. Powner
    Phone: (202) 512-9286

    3 open recommendations
    Recommendation: The Director of OMB should continue to identify and report to Congress on the status of the top 10 high priority information technology programs and the extent to which USDS is involved in the programs, as was done in June 2015 and June 2016. In doing so, the Director should ensure that these reports are issued quarterly. (Recommendation 1)

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of OMB should ensure that the Federal CIO is directly involved in the oversight of high priority programs. (Recommendation 2)

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of OMB should continue to report on the status of USDS projects. In doing so, the Director should ensure that the reports are issued quarterly. (Recommendation 3)

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    19 open recommendations
    Recommendation: The Secretary of Energy should ensure that the CIO of Energy reports major IT investment information related to incremental development accurately in accordance with OMB guidance. (Recommendation 1)

    Agency: Department of Energy
    Status: Open

    Comments: In comments on our report, the Department of Energy (Energy) concurred with our recommendation. The department described actions by the Office of the Chief Information Officer to review the accuracy of Energy's major IT investment project reporting related to incremental development as part of monthly IT Dashboard and Investment Review Board meetings. We will continue to monitor Energy's reporting of its incremental data on the IT Dashboard.
    Recommendation: The Secretary of Agriculture should ensure that the CIO of U.S. Department of Agriculture (USDA) reports major IT investment information related to incremental development accurately in accordance with OMB guidance. (Recommendation 2)

    Agency: Department of Agriculture
    Status: Open

    Comments: The U.S. Department of Agriculture (USDA) has not yet taken any actions to implement our recommendation. We will continue to monitor USDA's progress in implementing this recommendation.
    Recommendation: The Commissioner of the Social Security Administration (SSA) should ensure that the CIO of SSA reports major IT investment information related to incremental development accurately in accordance with OMB guidance. (Recommendation 3)

    Agency: Social Security Administration
    Status: Open

    Comments: In comments on our report, the Social Security Administration (SSA) concurred with our recommendation and stated that it had implemented two new processes related to incremental certification, which would be included in the agency's upcoming revision to its Capital Planning and Investment Control Guide. We will follow up with SSA to ascertain whether the guide has been updated during fiscal year 2018.
    Recommendation: The Secretary of Housing and Urban Development (HUD) should ensure that the CIO of HUD establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 4)

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In comments on our report, the Department of Housing and Urban Development (HUD) concurred with our recommendation and stated that it planned to develop more definitive timelines on how to address our recommendation. We will follow up with HUD to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been established during fiscal year 2018.
    Recommendation: The Secretary of the Interior should ensure that the CIO of Interior updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development, consistent with OMB guidance. (Recommendation 5)

    Agency: Department of the Interior
    Status: Open

    Comments: In comments on our report, the Department of the Interior (Interior) concurred with our recommendation and stated that it planned to update its existing policy to include the elements we recommended. We will follow up with Interior to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been updated during fiscal year 2018.
    Recommendation: The Attorney General of the United States should ensure that the CIO of Justice establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 6)

    Agency: Department of Justice
    Status: Open

    Comments: In comments on our report, the Department of Justice (Justice) concurred with our recommendation and stated that it planned to amend existing policy to implement this recommendation. We will follow up with Justice to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been updated during fiscal year 2018.
    Recommendation: The Secretary of Labor should ensure that the CIO of Labor updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 7)

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor (Labor) has not yet taken any actions to implement our recommendation. We will continue to monitor Labor's progress in implementing this recommendation.
    Recommendation: The Secretary of State should ensure that the CIO of State updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 8)

    Agency: Department of State
    Status: Open

    Comments: In comments on our report, the Department of State (State) reported that it has developed an incremental development policy that addresses our recommendation and it is currently in the process of being approved. We will follow up with State to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been developed during fiscal year 2018.
    Recommendation: The Secretary of Agriculture should ensure that the CIO of USDA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 9)

    Agency: Department of Agriculture
    Status: Open

    Comments: The U.S. Department of Agriculture (USDA) has not yet taken any actions to implement our recommendation. We will continue to monitor USDA's progress in implementing this recommendation.
    Recommendation: The Secretary of Veterans Affairs (VA) should ensure that the CIO of VA updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 10)

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, the Department of Veterans Affairs (VA) partially concurred with our recommendation and stated that it would draft a policy to address our recommendation. We will follow up with VA to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been developed during fiscal year 2018.
    Recommendation: The Administrator of the Environmental Protection Agency (EPA) should ensure that the CIO of EPA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 11)

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In comments on our report, the Environmental Protection Agency (EPA) concurred with our recommendation and stated that it planned to develop a policy to implement this recommendation and other FITARA issues. We will follow up with EPA to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been developed during fiscal year 2018.
    Recommendation: The Administrator of the General Services Administration (GSA) should ensure that the CIO of GSA updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 12)

    Agency: General Services Administration
    Status: Open

    Comments: In comments on our report, the General Services Administration (GSA) concurred with our recommendation and stated that it would develop and implement a plan to address it. We will follow up with GSA to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been updated during fiscal year 2018.
    Recommendation: The Administrator of the National Aeronautics and Space Administration (NASA) should ensure that the CIO of NASA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 13)

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: In comments on our report, the National Aeronautics and Space Administration (NASA) concurred with our recommendation and stated that it is currently updating its policies to address it, which will be completed by March 2018. We will continue to monitor NASA's progress on these efforts.
    Recommendation: The Director of the National Science Foundation (NSF) should ensure that the CIO of NSF updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 14)

    Agency: National Science Foundation
    Status: Open

    Comments: The National Science Foundation (NSF) has not yet taken any actions to implement our recommendation. We will continue to monitor NSF's progress in implementing this recommendation.
    Recommendation: The Chairman of the Nuclear Regulatory Commission (NRC) should ensure that the CIO of NRC establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 15)

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: In comments on our report, the Nuclear Regulatory Commission (NRC) reported that it plans to establish agency-wide, formalized processes and procedures for the CIO to approve the incremental development of major IT investments by December 31, 2017. We will continue to monitor NRC's progress on this effort.
    Recommendation: The Director of the Office of Personnel Management (OPM) should ensure that the CIO of OPM updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 16)

    Agency: Office of Personnel Management
    Status: Open

    Comments: In comments on our report, the Office of Personnel Management (OPM) concurred with our recommendation and stated that it would update its policies and processes to include the elements we recommended. We will follow up with OPM to ascertain whether an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development has been updated during fiscal year 2018.
    Recommendation: The Administrator of the Small Business Administration (SBA) should ensure that the CIO of SBA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 17)

    Agency: Small Business Administration
    Status: Open

    Comments: The Small Business Administration (SBA) has not yet taken any actions to implement our recommendation. We will continue to monitor SBA's progress in implementing this recommendation.
    Recommendation: The Commissioner of the Social Security Administration should ensure that the CIO of SSA updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 18)

    Agency: Social Security Administration
    Status: Open

    Comments: In comments on our report, the Social Security Administration (SSA) concurred with our recommendation and stated that it had implemented two new processes related to incremental certification, which would be included in the agency's upcoming revision to its Capital Planning and Investment Control Guide. We will follow up with SSA to ascertain whether the guide has been updated during fiscal year 2018.
    Recommendation: The Administrator of the U.S. Agency for International Development (USAID) should ensure that the CIO of USAID establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 19)

    Agency: United States Agency for International Development
    Status: Open

    Comments: In comments on our report, the U.S. Agency for International Development (USAID) reported that it is in the process of establishing an agency-wide policy and process for the CIO's certification of adequate incremental development. It estimates that this policy will be implemented by August 31, 2018. We will continue to monitor USAID's progress in this effort.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    5 open recommendations
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to update FMCSA's IT strategic plan to include well-defined goals, strategies, measures, and timelines for modernizing its systems.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to ensure that the IT investment process guidance lays out the roles and responsibilities of all working groups and individuals involved in the agency's governance process.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to finalize the restructure of the Office of Information Technology, including fully defining the roles and responsibilities of the CIO.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to ensure that appropriate governance bodies review all IT investments and track corrective actions to closure.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help improve the modernization of FMCSA's IT systems, the Secretary of Transportation should direct the FMCSA Administrator to ensure that required operational analyses are performed for Aspen, Motor Carrier Management Information System, Sentri 2.0, and Unified Registration System on an annual basis.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    4 open recommendations
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to identify performance metrics and associated targets for the goals and objectives in the department's IT strategic plans, including the Information Resources Management strategic plan and the Health Information Strategic Plan, as they relate to the delivery of health IT and the VHA mission.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation and described planned coordination with the Office of Information and Technology and the Veterans Health Administration to develop or revise and maintain performance metrics that support the strategic and health information technology goals and objectives. The department plans to revise performance metrics to align to new goals and objectives by June 2018.
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to ensure that the department-level investment review structure is implemented as planned and that guidance on the IT governance process is documented and identifies criteria for selecting new investments, and reselecting investments currently operational at VHA.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation and provided meeting minutes for its Portfolio Investment Management Board and a document describing the proposed alignment and interdependencies between the 11 governance boards. We will continue to monitor the implementation of the proposed relationships and review any additional guidance issued that further describes the process used by the governance boards for selecting and reselecting information technology investments.
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to identify additional performance metrics to align with VHA's core business functions, and then use these metrics to determine the extent to which the department's IT systems support performance of VHA's mission.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation. In addition, the department outlined steps it intends to take to address our recommendation. These steps include developing a set of core metrics to provide continuous input into investment portfolio decisions and establishing a methodology for ensuring that information technology investments are aligned to business needs and that expected outcomes are defined prior to making the investments. The department plans to complete this work by September 2018. We will continue to monitor VA's progress on these efforts.
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to ensure that unmet IT needs identified by key program areas--pharmacy benefits management, scheduling, and community care--are addressed appropriately and that related business functions are supported by IT systems to the extent required.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation. The department has described its intention to ensure that unmet information technology needs for the pharmacy benefits management, scheduling, and community care program areas are addressed appropriately during fiscal year 2018 budget formulation. We will follow-up with VA to ascertain what needs have been addressed, closed, or reprioritized for each program office during fiscal year 2018.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    6 open recommendations
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to update the department's IT Acquisition Review governance process to increase the number of contracts and agreements (associated with both major and non-major investments) that are reviewed by the CIO and appropriate delegates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the specific staff or positions currently within the department's IT acquisition cadre; and (2) assessing whether these staff and positions address all of the specialized skills and knowledge needed, as outlined in OMB's Office of Federal Procurement Policy's guidance for developing an IT acquisition cadre.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the department's future IT skillset needs as a result of DHS's new delivery model, (2) conducting a skills gap analysis, and (3) resolving any skills gaps identified.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update the department's acquisition policies and guidance to be consistent in identifying that the DHS CIO is to certify investments' incremental development activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update DHS headquarters', Customs and Border Protection's, and U.S. Coast Guard's processes to track, for all contracts and agreements, the IT investment with which each is associated (as applicable).

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update and implement the process DHS uses for assessing the risks of major IT investments to ensure that the CIO rating reported to the Dashboard fully reflects the CIO's assessment of each major IT investment.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Director: Valerie Melvin
    Phone: (202) 512-6304

    1 open recommendations
    Recommendation: To increase the likelihood that its IT investments develop reliable cost estimates, the Secretary of HUD should finalize, and ensure the implementation of, guidance that incorporates the best practices called for in the GAO Cost Estimating and Assessment Guide.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In April 2017, HUD reported that the department concurred with the recommendation and noted that the Office of the Chief Information Officer (OCIO) intends to establish cost estimation guidance for IT projects within its IT Management Framework Guide, incorporating appropriate best practices from the GAO Cost Estimating and Assessment Guide. HUD anticipates completing the OCIO IT Management Framework guidance that is intended to incorporate cost estimating principles for IT projects by September 1, 2017.
    Director: Powner, David A
    Phone: (202) 512-9286

    5 open recommendations
    including 2 priority recommendations
    Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Commerce should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish and maintain a workforce planning process; (2) develop competency and staffing requirements; (3) assess competency and staffing needs regularly; (4) assess gaps in competencies for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing; (6) implement activities that address gaps, including an IT acquisition cadre, cross-functional training of acquisition and program personnel, a career path for program managers, and special hiring authorities, if justified and cost-effective; (7) monitor the department's progress in addressing IT competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: The department has not yet provided its written response to this recommendation. We will continue to monitor the department's progress in implementing the recommendation.
    Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Defense should require the Chief Information Officer, the Under Secretary of Defense for Personnel and Readiness, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) develop competencies for all staff; (2) assess competency needs regularly for all positions; (3) assess gaps in competencies for all components of the workforce; (4) develop strategies and plans to address gaps in competencies; (5) implement activities that address gaps, including developing a program management career path, if justified and cost-effective; (6) monitor the department's progress in addressing competency gaps identified for IT staff; and (7) report to department leadership on progress in addressing competency gaps.

    Agency: Department of Defense
    Status: Open

    Comments: The department has provided a written response to this recommendation and we are currently evaluating it.
    Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Health and Human Services should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish and maintain a workforce planning process inclusive of all staff; (2) develop staffing requirements for all positions; (3) assess staffing needs regularly; (4) assess gaps in competencies and staffing for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing; (6) implement activities that address gaps, including an IT acquisition cadre, if justified and cost-effective; (7) monitor the department's progress in addressing competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The department has provided a written response to this recommendation and we are currently evaluating it.
    Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Transportation should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish a time frame for when the department is to finalize its draft workforce planning process and maintain that process; (2) develop staffing requirements for all positions; (3) assess competency and staffing needs regularly for all positions; (4) assess gaps in staffing for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing; (6) implement activities that address gaps, including an IT acquisition cadre, cross-functional training of acquisition and program personnel, a career path for program managers, and use of special hiring authorities, if justified and cost-effective;e (7) monitor the department's progress in addressing competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps.

    Agency: Department of Transportation
    Status: Open
    Priority recommendation

    Comments: The department agreed with the recommendation and stated that it plans to fully implement the recommendation by December 2019. To fully implement this recommendation, DOT should prioritize the completion of its IT workforce planning process and then begin implementing the process in phases based on the availability of resources.
    Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of the Treasury should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish and maintain a workforce planning process; (2) develop competency and staffing requirements for all positions; (3) assess competency and staffing needs regularly; (4) assess gaps in competencies and staffing for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing for all components of the workforce; (6) implement activities that address gaps, including a career path for program managers and special hiring authorities, if justified and cost-effective; (7) monitor the department's progress in addressing competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps for all components of the workforce.

    Agency: Department of the Treasury
    Status: Open

    Comments: The department has not yet provided its written response to this recommendation. We will continue to monitor the department's progress in implementing the recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    12 open recommendations
    Recommendation: In order to improve the accuracy of IT Dashboard incremental development data, the Director of OMB should direct the Federal Chief Information Officer (CIO) to clarify existing guidance regarding what IT investments are and are not subject to requirements on the use of incremental development and how CIOs should report the status of projects that are not subject to these requirements.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) has taken initial steps to implement our recommendation. Specifically, OMB's June 2016 annual capital planning guidance for fiscal year 2018 included instructions on what types of investments were required to adhere to incremental development requirements related to the delivery of usable functionality. The guidance stated that all software development projects are required to produce usable functionality at intervals of no more than six months. Further, all major development projects within investments are required to use modular/agile principles. However, OMB's guidance still lacks direction on how CIOs are to report the status of nonsoftware projects, as we recommended. In the absence of our recommended guidance clarification, OMB is at risk of agencies continuing to be unclear about how nonsoftware development investment data are to be reported on the Dashboard, increasing the risk that data on the IT Dashboard will not always be accurate. We will continue to evaluate OMB's progress in clarifying its guidance and considering a change to provide more detailed guidance related to the reporting of nonsoftware development investment data.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) concurred with our recommendation and stated that the Enterprise Business Management Office within the Office of the Chief Information Officer will validate each investment reported on the Dashboard and work with program officials to ensure they appropriately update the data for the IT Dashboard. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education (Education) concurred with our recommendation and stated that the department will ensure that the data is kept current using their IT portfolio management process. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce (Commerce) concurred with our recommendation and stated that these changes would be incorporated into the department?s Dashboard reporting. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (Defense) partially concurred with our recommendation and stated that the department is taking action to update the Dashboard data as appropriate. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) concurred with our recommendation. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation (Transportation) concurred with our recommendation and stated the department was committed to ensuring the information on the IT Dashboard reflects up to date information. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury (Treasury) did not comment on our recommendation. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education (Education) concurred with our recommendation to establish a departmentwide certification policy. Education officials reported in March 2017 that the department will complete changes to its guidance by November 2017. However, until this guidance is finalized, Education will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate Education's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (Defense) did not concur with our recommendation, stating that its existing guidance was adequate in this area. However, in August 2016, Defense issued its fiscal year 2018 budget submission guidance which required each component CIO to certify that IT investments were adequately implementing incremental development. The component CIOs were to document the certification in a statement of compliance memorandum, using their agency's letterhead, and submit the memorandum to the Defense CIO. Defense officials report that this same guidance will be added to the Financial Management Regulations during summer 2017. Until this annual guidance has been updated and incorporated into the department's standing policies, Defense is at risk of overlooking this requirement in subsequent years. We will continue to evaluate Defense's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) concurred with our recommendation to establish a departmentwide certification policy. However, HHS officials reported in April 2017 that they did not have a timeframe for when the department's new certification guidance would be completed. Until this guidance is finalized, HHS will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate HHS's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury (Treasury) did not comment on our recommendations. Further, Treasury officials reported in March 2017 that it had no plans to revise its policies, as we recommended. Until the department establishes a CIO certification policy, Treasury will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate Treasury's progress in implementing this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    5 open recommendations
    Recommendation: To effectively measure 18F's performance, the Administrator of GSA should direct the Commissioner for the Technology Transformation Service to ensure that goals and associated performance measures are outcome-oriented and that performance measures have targets, including (1) performance measures and targets tied to fully recovering program costs; and (2) goals, performance measures, and targets for how the program will achieve its mission after September 2016.

    Agency: General Services Administration
    Status: Open

    Comments: The General Services Administration (GSA) agreed with, and has begun to take steps to implement, this recommendation. Specifically, GSA developed a quarterly performance report for fiscal year 2017 that includes an outcome-oriented goal for 18F as well as associated performance measures and targets. According to a Technology Transformation Service official, GSA plans to expand its quarterly performance report for fiscal year 2018 to reflect additional 18F goals and performance measures, including measures tied to fully recovering program costs. We will continue to evaluate GSA's progress in implementing this recommendation.
    Recommendation: To effectively measure 18F's performance, the Administrator of GSA should direct the Commissioner for the Technology Transformation Service to assess actual results for each performance measure.

    Agency: General Services Administration
    Status: Open

    Comments: The General Services Administration (GSA) agreed with, and has begun to take steps to implement, this recommendation. Specifically, GSA developed a quarterly performance report for fiscal year 2017 that includes an outcome-oriented goal for 18F as well as associated performance measures with targets. Additionally, GSA has assessed actual results of the performance measures for the first two quarters of fiscal year 2017. According to a Technology Transformation Service official, GSA plans to expand its quarterly performance report for fiscal year 2018 to include additional 18F goals and performance measures. We will continue to evaluate GSA's progress in implementing this recommendation.
    Recommendation: To effectively measure performance, prioritize USDS's resources, and ensure that CIOs play an integral role in agency digital service teams, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to ensure that all goals and associated performance measures are outcome-oriented and that performance measures have targets.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in its December 2016 report to Congress, OMB developed three goals for U.S. Digital Service (USDS): (1) rethink how the federal government builds and buys digital services; (2) expand the use of common, platforms, services, and tools; and (3) bring top technical talent into public service. In addition, OMB established performance measures with targets for its third goal and for each of the program's major projects. However, OMB has not established performance measures for the first two USDS goals. Further, the program's third goal is not outcome-oriented. We will continue to evaluate OMB's progress in implementing this recommendation.
    Recommendation: To effectively measure performance, prioritize USDS's resources, and ensure that CIOs play an integral role in agency digital service teams, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to assess actual results for each performance measure.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in its December 2016 report to Congress, OMB assessed the results of performance measures for one of the U.S. Digital Service (USDS) program's goals--bring top technical talent into public service--and for each of the program's major projects. However, OMB has not established performance measures for the other two USDS goals--rethink how the federal government builds and buys digital services; and expand the use of common, platforms, services, and tools. We will continue to evaluate OMB's progress in implementing this recommendation.
    Recommendation: To effectively measure performance, prioritize USDS's resources, and ensure that CIOs play an integral role in agency digital service teams, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to update USDS policy to clearly define the responsibilities and authorities governing the relationships between CIOs and the digital service teams and require existing agency digital service teams to address this policy. In doing so, the Federal Chief Information Officer should ensure that this policy is aligned with relevant federal law and OMB guidance on CIO responsibilities and authorities.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) generally agreed with, and has begun to take steps to implement, this recommendation. In particular, OMB updated its digital service team policy to require that teams appropriately inform their chief information officers (CIO) regarding U.S. Digital Service (USDS) projects. However, the policy does not describe the responsibilities or authorities governing the relationships between CIOs and digital service teams. We will continue to evaluate OMB's progress in implementing this recommendation.
    Director: James R. McTigue, Jr.
    Phone: (202) 512-9110

    2 open recommendations
    Recommendation: To enhance the budget process and to improve transparency, the Commissioner of Internal Revenue, to the extent feasible, should ensure that the CJ includes data by appropriation account on the amount of funding requested to maintain current services for each future state theme.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In its fiscal year 2017 congressional justification, IRS modified how its budget data were organized, including linking requested increases to future state themes, but did not clarify how current spending by themes relates to appropriation accounts. Information on current spending by theme and account is important to ensure transparency on the current funding levels to assist Congress in making informed budget decisions. IRS did not include data on the future state themes in the fiscal year 2018 congressional justification and, according to IRS officials, it did not report this information in any other budget document. According to IRS officials, it did not report budget data by future state theme because IRS is working to transition the future state themes into the strategic plan. Including data on the appropriation account would provide additional transparency and improve the quality of the information available to Congress for budget deliberations.
    Recommendation: As Treasury works with IRS to improve the quality and accuracy of budget data, the Secretary of the Treasury should ensure sufficient controls are in place to make certain that the information technology investment reports generated from the SharePoint Investment Knowledge Exchange are accurate. This includes, for example, taking steps to reduce the need for manual corrections to the data.

    Agency: Department of the Treasury
    Status: Open

    Comments: As of November 2017, Treasury Department officials took steps to address the need to manually correct budget data for the fiscal year 2017 budget request, but we have not received documentation that they have done so for future budget years. Improved information would help Treasury and IRS better account for information technology resources. We will continue to monitor Treasury's progress.
    Director: David A. Powner
    Phone: (202) 512-9286

    3 open recommendations
    Recommendation: To help IRS improve its process for determining IT funding priorities and to provide timely information on the progress of its investments, the Commissioner of IRS should direct the Chief Technology Officer to establish, document, and implement policies and procedures for selecting new and reselecting ongoing business systems modernization activities, consistent with IRS's process for prioritizing operations support priorities, which addresses (1) prioritization and comparison of IT assets against each other, (2) criteria for making selection and prioritization decisions, and (3) ensuring IRS executives' final funding decisions on IT proposals are based on IRS's prioritization process.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In April 2017, IRS stated that it had several process improvements underway that would impact its documentation of policies and procedures for prioritizing business systems modernization activities. The agency committed to addressing the recommendation by December 2017.
    Recommendation: To help IRS improve its process for determining IT funding priorities and to provide timely information on the progress of its investments, the Commissioner of IRS should direct the Chief Technology Officer to modify existing processes for Foreign Account Tax Compliance Act (FATCA) and Return Review Program (RRP) for measuring work performed by IRS staff to incorporate best practices, including accounting for actual work performed and using the level of effort measure sparingly.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In April 2017, IRS reported that it was continuing to examine methods for modifying existing processes to measure work performed by IRS staff for the Foreign Account Tax Compliance Act and Return Review programs. We are monitoring IRS's efforts as part of an ongoing review of the agency's information technology operations.
    Recommendation: To help IRS improve its process for determining IT funding priorities and to provide timely information on the progress of its investments, the Commissioner of IRS should direct the Chief Technology Officer to report on actual costs and scope delivery at least quarterly for the Customer Account Data Engine 2 and the Affordable Care Act Administration. For these investments, IRS should develop metrics similar to FATCA and RRP.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS began reporting on actual costs and scope delivery at least quarterly using metrics similar to FATCA and RRP and provided the quarterly reports for fiscal year 2016 and the first two quarters of fiscal year 2017 to GAO. As of September 2017, the agency had not implemented the recommendation for the Affordable Care Act Administration investment because it did not see the benefit in doing so given that development work was minimal. We are following up with IRS on this as part of an ongoing review of the agency's information technology operations.
    Director: David A. Powner
    Phone: (202) 512-9286

    22 open recommendations
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Education
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address it. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Energy
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that the Office of the CIO will update the CIO's OMB IT Dashboard Standard Operating Procedure to include the evaluation and assessment of active risks. This effort is to be completed by the end of December 2016. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it updated its CIO evaluation methodology to measure active risks in areas such as budget variance, performance, policy and governance compliance, risk management, and contract risk. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of the Interior
    Status: Open

    Comments: The Department agreed with this recommendation and, in a written response, stated that it plans to address this recommendation with the following actions: (1) developing a method to review and assign ratings for active risks that will be incorporated into CIO ratings and (2) integrating the risk rating methodology into a new process for all major investments' CIO ratings. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it is amending its current monthly review process to ensure that risks are factored into its IT Dashboard CIO ratings. VA expects to complete this effort during the first quarter of 2017. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of State
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address the recommendation. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Office of Personnel Management
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Defense, Education, and Homeland Security; and the Commissioner of the Social Security Administration should direct their CIOs to update their CIO ratings at least as frequently as required in OMB's guidance.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) disagreed with this recommendation. In its written response, the Department noted that its semi-annual reporting is consistent with FITARA requirements and is documented in its OMB-approved FITARA Implementation Plan. After the publication of our report in June 2016, OMB issued its "Fiscal Year 2018 IT Budget-Capital Planning Guidance." This guidance removes the mandatory reporting frequency, but states that OMB expects that the CIOs would evaluate and rate their investments at specific times, including when the investment business cases are submitted to OMB in the agency budget request and when the business cases are prepared for the President's Budget release. In light of this new guidance, we analyzed the Department's update frequency for its 34 major investments (as listed on the IT Dashboard in June 2017). From June 2016 through May 2017, we found that 26 of the investments' ratings were updated once: in May 2017. The other 8 investments were not updated during this timeframe. Prior to this, the last DOD rating updates were made in March 2016, over a year beforehand. This analysis shows that DOD is not adhering to either its own semi-annual reporting requirements or to OMB's expectations. As such, we are not closing the recommendation at this time. We will continue to monitor the IT Dashboard for changes to DOD's update frequency. We maintain that frequent rating updates help ensure that the information on the Dashboard is timely and accurately reflects recent changes. Without such updates, the CIO ratings on the IT Dashboard may not reflect the current level of investment risk.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that the Office of the CIO Enterprise Business Management Office is updating its program assessment guideline. The updated guideline will include risk-based scores as the basis for its investment ratings. The Department expects to release this new guideline by the end of December 2016. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Education
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address it. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department agreed with our recommendation and, in a written response, stated that the CIO has revised the IT Dashboard assessment criteria to directly incorporate the degree of risk represented in the investments' Business Case documents. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Energy
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that the Office of the CIO will update its IT Dashboard Standard Operating Procedure to include an active risk sub-criteria comprised of probability and impact scores. This effort is to be completed by the end of December 2016. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it updated its CIO evaluation methodology to measure active risks in areas such as budget variance, performance, policy and governance compliance, risk management, and contract risk. According to HHS, these risk areas reflect both internal and external risks that affect an investment's ability to accomplish its goals. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Social Security Administration
    Status: Open

    Comments: The agency partially agreed with our recommendation and, in a written response, stated that its CIO rating criteria includes a review of the level of risk facing an investment relative to that investment's ability to accomplish its goals. The written statement also notes that the CIO receives regular updates from key stakeholders on investment risks and mitigation plans. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of the Treasury
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it plans to require investment managers to assess operational risks detailing the probability and impact of pending threats to success. VA expects to complete this effort during the first quarter of 2017. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of State
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address the recommendation. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The agency disagreed with the recommendation and has not provided an update on its actions to address the recommendation. We will continue to monitor the implementation of this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    16 open recommendations
    including 4 priority recommendations
    Recommendation: The Director of OMB should identify and publish a specific goal associated with its non-provisioned O&M spending measure.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The agency agreed with the recommendation. In April 2017, OMB indicated that it has been working with agencies on their Strategic Plans and associated performance goals and measures, but that it would be premature to say whether there would be a specific goal on its non-provisioned O&M spending measure. We will continue to monitor the implementation of this recommendation.
    Recommendation: The Director of OMB should commit to a firm date by which its draft guidance on legacy systems will be issued, and subsequently direct agencies to identify legacy systems and/or investments needing to be modernized or replaced.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The agency agreed with the recommendation. In April 2017, OMB stated that it was updating the draft guidance on legacy systems and were unable to provide a date when they would be issuing it. We will continue to monitor the implementation of this recommendation.
    Recommendation: To monitor whether existing investments are meeting the needs of their agencies, the Secretaries of Commerce and the Treasury should direct the respective agency CIO to ensure that required analyses are performed on investments in the operations and maintenance phase.

    Agency: Department of Commerce
    Status: Open

    Comments: The agency agreed with the recommendation. In a May 2017 written update, the agency stated that it had updated its Capital Planning and Investment Control handbook with instructions on conducting operational analyses. However, the agency was unable to demonstrate that operational analyses were being completed on an annual basis, as required. We will continue to monitor the implementation of this recommendation.
    Recommendation: To monitor whether existing investments are meeting the needs of their agencies, the Secretaries of Commerce and the Treasury should direct the respective agency CIO to ensure that required analyses are performed on investments in the operations and maintenance phase.

    Agency: Department of the Treasury
    Status: Open

    Comments: The agency had no comment on the recommendation. In June 2017, Treasury provided an update on the IRS's efforts to ensure that operational analyses are performed on investments in the operations and maintenance phase. However, the recommendation is intended to address issues at the department level and not just at the IRS. Treasury declined to provide an update at the department level. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The agency agreed with the recommendation and in July 2017 stated that the department has drafted a Legacy Systems Modernization Framework. DHS is waiting for OMB?s draft guidance to be issued to ensure compliance. As a result, they now estimate this will be completed by December 2017. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Agriculture
    Status: Open

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it had taken steps to improve its overall IT governance processes, and in particular, its oversight of legacy systems. These steps included, implementing its FITARA strategy, creating a Cloud Strategy and Policy Office, and two new executive oversight groups. In addition, the agency stated that it planned to complete an IT Modernization Plan in calendar year 2018. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Commerce
    Status: Open

    Comments: The agency agreed with the recommendation. In May 2017, the agency stated that it was continuously assessing its current IT portfolio for opportunities to retire or modernize its mission critical legacy systems. Specifically, Commerce stated that it had identified two candidate systems for modernization--the National Weather Service Telecommunications Gateway and the USPTO Examiner Automated Search Tool. However, it is unclear how these plans will relate to OMB's guidance. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Defense
    Status: Open

    Comments: The agency partially concurred with the recommendation, and stated that it would continue to identify, prioritize, and manage legacy systems that should be modernized or replaced, based on existing DOD policies, using existing department processes, consistent to the extent practicable with OMB's draft guidance. In June 2017, the department stated that its position has not changed; the department believes that no corrective actions are necessary or planned. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Energy
    Status: Open
    Priority recommendation

    Comments: The department partially agreed with the recommendation and in a September 2017 update stated that the department had conducted a survey of the oldest hardware, software, and programming languages currently in use. They noted that the Office of the Chief Information Officer is in the process of gathering additional information regarding legacy systems and documenting a plan to modernize them. They further stated that such a plan will take considerable time to develop since the vast majority of systems are not within the direct control of the CIO. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The agency agreed with the recommendation and in a September 2016 written update stated that the Office of the CIO is working to identify and plan to modernize or replace IT systems. As of July 2017, the agency had not responded to requests for updates on the implementation of this recommendation. We will continue to monitor this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Social Security Administration
    Status: Open

    Comments: The agency agreed with the recommendation and as of July 2017, the agency stated that it was working on finishing its Information Technology Modernization Plan that outlines 5 major applications that it plans to update. However, since OMB had not yet issued its legacy system guidance, it is unknown whether this plan is consistent with OMB's guidance. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Justice
    Status: Open

    Comments: The agency had no comment on the recommendation and in a June 2017 update stated that the department has identified legacy systems to be modernized or replaced (the National Instant Background Check System (retired in 2016), SENTRY, and Uniform Crime Reporting System). The department stated that it is developing modernization plans. The department also plans to incorporate any forthcoming guidance from OMB on legacy systems. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Transportation
    Status: Open

    Comments: The agency agreed with the recommendation and stated that work is underway to identify systems in need of modernization and upgrade. The department anticipated being able to close the recommendation 90 days after OMB issues guidance on legacy systems. Further, in a recent update, the agency stated that it had recently started a project to create an integrated inventory of Transportation's systems. According to the agency, through this project, it has been able to identify duplication and opportunities to create efficiencies. The next phase of this project is a future state diagram and a roadmap to show planned modernizations and possible divestments of legacy systems. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of the Treasury
    Status: Open
    Priority recommendation

    Comments: The agency had no comment on the recommendation. In a June 2017, Treasury provided an update on the IRS's efforts to modernize the IRS's legacy systems. However, the recommendation is intended to address issues at the department level and not just at the IRS. Treasury declined to provide an update at the department level. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Veterans Affairs
    Status: Open
    Priority recommendation

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it was completing the initial phase of an assessment to provide a qualitative and definitive list of systems which meet criteria for retirement and/or decommission. This assessment will review the complexity of work per system, and provide a rough order of magnitude cost estimate on a system-by-system basis. Further, in an October 2017 updated, VA stated that it is in the process of decommissioning the BDN and PAID systems mentioned in our report. The decommissioning of BDN was estimated to cost $100 million and be completed by 2019. The agency stated that as of June 2016, PAID was no longer being used for human resources transactions. PAID is still being used as a data repository for human resources and payroll data to support financial and other business systems until VA's Time and Attendance system is fully deployed. The agency did not provide a time frame for PAID's total retirement. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: The agency agreed with the recommendation and stated that it plans to work with OMB upon the publication of OMB's guidance to identify opportunities for modernization. In an April 2017 update, the agency stated that it had extended plans to replace the systems mentioned in the report by several years. As of August 2017, the agency stated that it had finalized a new capital planning guide which includes investment review policy to identify opportunities for modernization and away from legacy systems. However, it is too soon to tell if it is in line with OMB's forthcoming guidance. We will continue to monitor the implementation of this recommendation.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    5 open recommendations
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to define the scope, implementation strategy, and schedule of the agency's overall modernization approach, with related goals and measures for effectively overseeing the effort. At a minimum, the agency should update its IT strategic plan and complete its modernization plan.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with this recommendation, and reported on actions taken to update its IT Modernization Plan such as conducting cross-functional work sessions to establish an actionable implementation roadmap in line with agency priorities. However, as of April 2017, we have not yet obtained evidence that FEMA has fully updated its IT strategic plan and completed its modernization plan to address the weaknesses identified in our report. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to establish time frames for current and future IT workforce planning during its modernization efforts and ensure all regions and offices are included in these initiatives.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department stated that FEMA completed the assessment of skills gap and identified and prioritized the skills required to staff and sustain the core competencies required to successfully implement FEMA's IT modernization efforts. However, we have not yet validated the agency actions to establish time frames for current and future IT workforce planning during its modernization efforts. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA adequately manages the selected emergency management systems, the FEMA Administrator should direct the DAIP, EMMIE, and IPAWS program offices, in conjunction with the FEMA CIO, to implement complete program plans that define overall budget and schedule, key deliverables and milestones, assumptions and constraints, description and assignment of roles and responsibilities, staffing and training plans, and an approach for maintaining these plans.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with our recommendation and in response updated its program management plans that support the program offices of the Disaster Assistance Improvement Plan, Emergency Management Mission Integrated Environment, and Integrated Public Alert and Warning System. The program plans addressed some of the weaknesses we identified in our report. For example, the program management plans identified and described the overall program management processes and methods to be used during all phases of projects and defined key deliverables and milestones, roles and responsibilities, staffing and training and an approach for maintaining the plans. However, the plans did not clearly define the knowledge and skills needed to carry out the program or provide sufficient details on the budget and scheduling for the programs under review. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA adequately manages the selected emergency management systems, the FEMA Administrator should direct the DAIP, EMMIE, and IPAWS program offices, in conjunction with the FEMA CIO, to implement a system integration plan that include all systems to be integrated with the system, roles and responsibilities for all relevant participants, the sequence and schedule for every integration step, and how integration problems are to be documented and resolved.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department reported that the system owner for DAIP, EMMIE, and IPAWS programs have updated their respective system integration plans to address the risks identified within the recommendation. In addition, the agency provided documentation such as the IPAWS Integrated Logistics Support Plan, as well as the quality control plan, and test execution plans for both the DAIP and EMMIE programs. However, we have not yet completed our analysis and validated the agency actions on this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As part of the effort of improving IT management at the three programs, the FEMA Administrator should direct the CIO to ensure that FEMA policy for managing IT programs includes guidance for implementing the key management practices.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with the recommendation. In its November 2016 update, FEMA reported that the System Owner for DAIP, EMMIE, and IPAWS have updated their respective IT management program and plans and coordinated with the FEMA CIO to address the risks identified within the recommendation. However, we have not yet validated the agency actions on this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Valerie Melvin
    Phone: (202) 512-6304

    2 open recommendations
    Recommendation: To help ensure that FDA's IT strategic planning activities are successful in supporting the agency's mission, goals, and objectives, the Commissioner of FDA should require the CIO to establish schedules and milestones for completing a version of an IT strategic plan that incorporates elements to align the plan's strategies with agency-wide priorities; includes results-oriented goals and performance measures that support the agency's mission, along with targets for measuring the extent to which outcomes of IT initiatives support FDA's ability to achieve agency-wide goals and objectives; identifies key IT initiatives that support the agency's goals; and describes interdependencies among the initiatives.

    Agency: Department of Health and Human Services: Food and Drug Administration
    Status: Open

    Comments: FDA concurred with the recommendation and stated that the agency plans to implement it. We contacted the agency in March 2017 and have requested documents regarding FDA's actions to address the recommendation. We are waiting to receive the documents. We will update the status of the agency's actions after we receive and evaluate their response.
    Recommendation: To help ensure that FDA's IT strategic planning activities are successful in supporting the agency's mission, goals, and objectives, the Commissioner of FDA should require the CIO to implement the plan to ensure that expected outcomes of the agency's key IT initiatives are achieved.

    Agency: Department of Health and Human Services: Food and Drug Administration
    Status: Open

    Comments: FDA concurred with the recommendation and stated that the agency plans to implement it. We contacted the agency in March 2017 and have requested documents regarding FDA's actions to address the recommendation. We are waiting to receive the documents. We will update the status of the agency's actions after we receive and evaluate their response.
    Director: William Shear
    Phone: (202) 512-8678

    6 open recommendations
    including 1 priority recommendation
    Recommendation: To improve management of the Small Business Administration and to ensure that SBA assesses the effectiveness of its programs, the SBA Administrator should prioritize resources to conduct additional program evaluations.

    Agency: Small Business Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management of the Small Business Administration and to ensure that SBA fully meets GPRAMA requirements, the SBA Administrator should use the results of additional evaluations it conducts in its strategic planning process and ensure the agency's next strategic plan includes required information on program evaluations, including a schedule of future evaluations.

    Agency: Small Business Administration
    Status: Open
    Priority recommendation

    Comments: SBA officials stated that, as of October 2016, the agency had taken several steps to prioritize resources and establish an implementation plan for future evaluations, including hiring its first lead program evaluator to develop a long-term evaluation agenda and initiating four program evaluations. They stated that once completed, the evaluations would be incorporated into the agency's fiscal year 2018-2022 strategic plan. As of May 2017, SBA had started reviewing guidance on drafting this plan, which is due in February 2018.
    Recommendation: To improve management of the Small Business Administration and to improve SBA's human capital management, the SBA Administrator should incorporate into its next training plan key principles such as goals and measures for its training programs and input on employee development goals.

    Agency: Small Business Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management of the Small Business Administration and to ensure that SBA's organizational structure helps the agency meet its mission, the SBA Administrator should document the assessment of the agency's organizational structure, including any necessary changes to, for example, better ensure areas of authority, responsibility, and lines of reporting are clear and defined.

    Agency: Small Business Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management of the Small Business Administration and to improve SBA's program and management guidance, the SBA Administrator should set time frames for periodically reviewing and updating its SOPs as appropriate.

    Agency: Small Business Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management of the Small Business Administration and to help ensure that SBA's IT operations and maintenance investments are continuing to meet business and customer needs and the agency's strategic goals, the SBA Administrator should direct the appropriate officials to perform an annual operational analysis on all SBA investments in accordance with OMB guidance.

    Agency: Small Business Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David Powner
    Phone: (202) 512-9286

    5 open recommendations
    Recommendation: To better ensure that the PortfolioStat initiative improves governmental efficiency and achieves cost savings, the Director of OMB should direct the Federal CIO to ensure that its reports to Congress about the results of IT reform efforts accurately reflect savings generated from all PortfolioStat initiatives, including those associated with FDCCI.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In July 2016, we followed up with OMB on its efforts to address this recommendation. As of September 1, 2016, we were still waiting for the agency's response.
    Recommendation: To better ensure that the PortfolioStat initiative improves governmental efficiency and achieves cost savings, the Director of OMB should direct the Federal CIO to track agencies' planned savings and use them as a baseline for measuring reported actual savings.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In July 2016, we followed up with OMB on its efforts to address this recommendation. As of September 1, 2016, we were still waiting for the agency's response.
    Recommendation: To better ensure that the PortfolioStat initiative improves governmental efficiency and achieves cost savings, the Director of OMB should direct the Federal CIO to require agencies to document specifically how the cost savings achieved from PortfolioStat have been reinvested.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In July 2016, we followed up with OMB on its efforts to address this recommendation. As of September 1, 2016, we were still waiting for the agency's response.
    Recommendation: To better ensure that the PortfolioStat initiative improves governmental efficiency and achieves cost savings, the Director of OMB should direct the Federal CIO to establish time frames for completing assigned PortfolioStat action items and hold agencies accountable for meeting those time frames.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In July 2016, we followed up with OMB on its efforts to address this recommendation. As of September 1, 2016, we were still waiting for the agency's response.
    Recommendation: The Secretary of Defense should direct the Chief Information Officer to revisit the 25 cost initiatives GAO reported in GAO-14-65 to identify those that have achieved savings and cost avoidances and report those savings and avoidances to OMB.

    Agency: Department of Defense
    Status: Open

    Comments: In March 2016, during our review of federal agencies' efforts to rationalize their portfolio of software applications, the department reported that it does not collect data specifically on savings and cost avoidance associated with the business and enterprise IT applications that comprise most of the 25 cost initiatives reported in GAO-14-65. We will continue to follow up with the department on this recommendation.
    Director: Cristina T. Chaplain
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To improve technology planning and ensure planning efforts are clearly aligned with the SBIRS follow-on, the Secretary of the Air Force should establish a technology insertion plan as part of the SBIRS follow-on acquisition strategy that identifies obsolescence needs as well as specific potential technologies and insertion points.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. DOD's planned action on the scope and focus of technology insertion will be based on the direction provided in the Space Based Infrared System (SBIRS) Follow-on Analysis of Alternatives (AoA) and will be executed through the SBIRS Space Modernization Initiative (SMI). The SBIRS AoA was completed in March 2016; however, as of June 2017, the SMI schedule has yet to show how technology will be inserted into the follow-on system.
    Director: Joel C. Willemssen
    Phone: (202) 512-6253

    22 open recommendations
    Recommendation: To provide strategic direction for the Library's use of its IT resources, the Librarian of Congress should establish a time frame for developing a complete and reliable enterprise architecture that accurately captures the Library's current IT environment, describes its target environment, and outlines a strategy for transitioning from one to the other, and develop the architecture within the established time frame.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to address, this recommendation. Specifically, according to Library officials, they have developed a schedule and processes for developing an architecture that describes the current and target IT environments. The Library plans to complete the steps necessary to implement this recommendation by September 2018. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To provide strategic direction for the Library's use of its IT resources, the Librarian of Congress should establish a time frame for implementing a Library-wide assessment of IT human capital needs and complete the assessment within the established time frame. This assessment should, at a minimum, analyze any gaps between current skills and future needs, and include a strategy for closing any identified gaps.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in July 2016 the Library engaged the Office of Personnel Management (OPM) to develop and conduct a skills assessment of the Library's IT workforce. According to Library officials, OPM led a focus group with IT specialists to review and revise competency and skill lists for IT positions. In June 2017, OPM administered a gap analysis survey to all IT specialists, supervisors, managers, and leaders within the Library. According to Library officials, the Library is developing a strategy for closing gaps identified in the survey results. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should establish and implement a process for linking IT strategic planning, enterprise architecture, and IT investment management.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, the Library developed a template for IT investment proposals that calls for investment managers to provide information on how the investments align with the Library's IT strategic plan and enterprise architecture. Additionally, in February 2017, the Library provided us with IT investment proposals for 19 fiscal year 2017 investments. To the Library's credit, the proposals describe how many of the investments align with the IT strategic plan and enterprise architecture. However, we also identified instances where the alignment with the IT strategic plan and enterprise architecture was not included in the proposals or was not clearly defined. In a written response, the Library stated that the inconsistencies were attributable to manual processes for collecting the information and that it is working to make improvements to these processes for the fiscal year 2018 investments. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should establish and implement policies and procedures for reselecting investments that are already operational.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in June 2017 the Library finalized its regulation on Information Technology (IT) Investment Management. According to the regulation, all IT investment proposals, including those associated with operational investments, are to be reviewed annually by the Architecture Review Board, the IT Steering Committee, and the Executive Committee, and then approved by the Librarian. The Library plans to implement these procedures for reselecting investments by September 2018. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should establish and implement policies and procedures for ensuring that investment selection decisions have an impact on decisions to fund investments.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in June 2017 the Library finalized its regulation on Information Technology (IT) Investment Management. According to the regulation, the Executive Committee is responsible for finalizing and recommending IT investment proposals that request increases to the Library's appropriations in future budget years. The Library plans to implement these procedures by September 2018. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should ensure that appropriate governance bodies review all investments that meet defined criteria.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in June 2017 the Library finalized its regulation on Information Technology (IT) Investment Management. According to the regulation, all IT investment proposals, including those associated with operational investments, are to be reviewed annually by the Architecture Review Board, the IT Steering Committee, and the Executive Committee, and then approved by the Librarian. The Library plans to ensure that these governance bodies review all IT investments by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should fully establish and implement policies for developing a comprehensive inventory of IT assets.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. The Library is revising its asset management policy to improve its process for developing and maintaining its inventory of IT assets. Additionally, the Office of the CIO engaged a contractor to perform a full inventory of its IT assets in September 2017. Further, the Library is working to reconcile the results of this IT asset inventory with the information in its asset management system. The Library plans to complete the steps necessary to implement this recommendation by March 2018. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should fully establish and implement policies and procedures consistent with the key practices on portfolio management, including (1) defining the portfolio criteria, (2) creating the portfolio, and (3) evaluating the portfolio.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is drafting several policies and directives relating to IT investment management, to include key practices on portfolio management. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To effectively plan and manage its acquisitions of IT systems and increase the likelihood of delivering promised system capabilities on time and within budget, the Librarian should complete and implement an organization-wide policy for risk management that includes key practices as discussed in this report, and within the time frame the Library established for doing so.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in January 2017 the Library established a centralized Library-wide Project Management Office, located within the Office of the Chief Information Officer. Additionally, in June 2017 the Library updated its regulations to give the Project Management Office the authority to establish organization-wide policy for risk management. Further, the Project Management Office developed risk management guidance that includes key risk management practices. In addition, we are reviewing documentation for three key IT projects to evaluate the implementation of this guidance. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To effectively plan and manage its acquisitions of IT systems and increase the likelihood of delivering promised system capabilities on time and within budget, the Librarian should establish and implement an organization-wide policy for requirements development that includes key practices as discussed in this report.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in January 2017 the Library established a centralized Library-wide Project Management Office, located within the Office of the Chief Information Officer. Additionally, in June 2017 the Library updated its regulations to give the Project Management Office the authority to establish organization-wide policy for requirements development. Further, the Project Management Office has finalized detailed guidance for the Library on requirements development. We are reviewing this information to determine the extent to which the guidance includes key practices for requirements development. In addition, we are reviewing documentation for three key IT projects to evaluate the implementation of this guidance. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To effectively plan and manage its acquisitions of IT systems and increase the likelihood of delivering promised system capabilities on time and within budget, the Librarian should establish and implement an organization-wide policy for developing cost estimates that includes key practices as discussed in this report.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in January 2017 the Library established a centralized Library-wide Project Management Office, located within the Office of the Chief Information Officer. Additionally, in June 2017 the Library updated its regulations to give the Project Management Office the authority to establish organization-wide policy for developing cost estimates. Further, the Project Management Office has finalized detailed guidance for the Library on developing cost estimates. However, the guidance does not address all key practices for developing cost estimates. In December 2017, Library officials told us that they have additional guidance on cost estimating, which they will provide to GAO. In addition, we are reviewing documentation for three key IT projects to evaluate the implementation of this guidance. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To effectively plan and manage its acquisitions of IT systems and increase the likelihood of delivering promised system capabilities on time and within budget, the Librarian should establish a time frame for finalizing and implementing an organization-wide policy for developing and maintaining project schedules that includes key practices as discussed in this report, and finalize and implement the policy within the established time frame.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in January 2017 the Library established a Project Management Office within the Office of the Chief Information Officer (OCIO) and tasked the office with communicating and enforcing Library requirements for project management and systems development. Additionally, in June 2017 the Library updated its regulations to give the Project Management Office the authority to establish organization-wide policy for developing and maintaining schedules. Further, the Project Management Office has finalized detailed guidance for the Library on developing and maintaining schedules. However, the guidance does not address all key practices for developing and maintaining schedules. In December 2017, Library officials told us that they have additional guidance on schedule development, which they will provide to GAO. In addition, we are reviewing documentation for three key IT projects to evaluate the implementation of this guidance. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should revise information security policy to require system security plans to describe common controls, and implement the policy.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, the Information Technology Security Group reviewed all system security plans to ensure that they are complete. After the completion of this review, in August 2017 the Library provided us with system security plans for nine key systems. To its credit, the plans describe many of the common controls (i.e., where a system relies on controls established for another system) on which the systems relied. However, we also identified instances where the plans included conflicting information about whether certain controls are being implemented by the system, are inherited from another system, or are not being implemented. According to the Library, in August 2017 it hired additional information system security officers in order to improve the Library's management of information security, including information security planning. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should ensure that all system security plans are complete, including descriptions of how security controls are implemented and justifications for why controls are not applied.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, the Library's Information Technology Security Group reviewed all system security plans to ensure that they are complete. After completing this review, in August 2017 the Library provided us with system security plans for nine key systems. Each of the plans generally includes descriptions of how security controls are implemented and justifications for why controls are not applied. However, we also identified instances where the plans included conflicting information about whether certain controls are being implemented. According to the Library, in August 2017 it hired additional information system security officers in order to improve the Library's management of information security, including information security planning. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should conduct comprehensive and effective security testing for all systems within the time frames called for by Library policy, to include assessing security controls that are inherited from the Library's information security program.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, in August 2015 the Library began monthly security testing and vulnerability scans for servers, networks, and workstations. Additionally, in November 2015 the Library finalized guidance for its continuous monitoring program, which includes the establishment of ongoing security controls assessments for each system. The Library began to implement this guidance in fiscal year 2016 and plans to complete the steps necessary to implement this recommendation by June 2018. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should ensure that remedial action plans for identified security weaknesses are consistently documented, tracked, and completed in a timely manner.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in August 2017, the Library provided us with remedial action plans for key Library systems. The Library has generally documented and tracked remedial action plans for these key systems and has completed many. However, we also identified instances of remedial actions that, as of August 2017, had yet to be completed and were past their expected completion date. According to the Library, in August 2017 it hired additional information system security officers in order to improve the Library's management of information security, including management of remedial action plans. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should finalize and implement guidance on continuous monitoring to ensure that officials are informed when making authorization decisions about the risks associated with the operations of the Library's systems.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in October 2015 the Library finalized its guidance on security assessment and authorization, which requires authorizing officials to review the security status of information systems on an ongoing basis to determine whether the risk of operating the system remains acceptable. The Library began to implement this guidance in fiscal year 2016 and plans to complete the steps necessary to implement this recommendation by June 2018. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should develop contingency plans for all systems that address key elements.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in December 2016 the Library finalized an IT system contingency planning template that generally addresses key elements of National Institute of Standards and Technology guidance. Additionally, in April 2017 the Library required that contingency plans be established for all systems by September 2017. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should establish and implement a process for comprehensively identifying and tracking whether all personnel with access to Library systems have taken required security and privacy training.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. According to Library officials, the OCIO is developing a process to track user accounts, including contractors and volunteers, on Library systems to ensure completion of required annual IT Security Training. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To help ensure that services provided by ITS meet the needs of the Library's service units, the Librarian should finalize and implement a Library-wide policy for developing service-level agreements that (1) includes service-level targets for agreements with individual service units and (2) covers services in a way that best meets the need of both ITS and its customers, including individual service units.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in September 2016 the Library's Office of the CIO finalized a new service catalog that captures its IT services. The catalog identifies 21 categories of IT services that are available to Office of the CIO customers (e.g., data network management, IT service desk, and website support) and describes applicable service-level targets relating availability, fulfillment, and response. Additionally, between May 2016 and May 2017, the Office of the CIO executed memorandums of understanding with the six main Library units. Each memorandum establishes roles and responsibilities for specialized application and services that the Office of the CIO provides to those units. Further, the Library's Office of the CIO is developing a directive on its memorandums of understanding and plans to brief its customers on that directive in November 2017. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: To help ensure that services provided by ITS meet the needs of the Library's service units, the Librarian should document and execute a plan for improving customer satisfaction with ITS services that includes prioritized improvement projects and associated resource requirements, schedules, and measurable goals and outcomes.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, the Office of the Chief Information Officer has begun drafting a customer satisfaction improvement plan. The Library expects this plan to be finalized by December 2017. The Library plans to complete the steps necessary to implement this recommendation by September 2018. We will continue to evaluate the Library's progress in implementing this recommendation.
    Recommendation: In addition, to help ensure an efficient and effective allocation of the agency's IT resources, the Librarian should conduct a review of the Library's IT portfolio to identify duplicative or overlapping activities and investments, including those identified in our report, and assess the costs and benefits of consolidating identified IT activities and investments.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, the Library is drafting several policies and directives to relating to IT investment management, to include reviewing the Library's IT portfolio to identify duplicative or overlapping activities and investments. In addition, according to Library officials, the Library has taken a number of steps to reduce duplicative IT activities. For example, in March 2015 we reported that the Office of Security and Emergency Preparedness (OSEP) managed its own network independent of the Library's central IT provider. However, in June 2017 the Library reported that the Office of the CIO is now managing the OSEP network. Further, the Library plans to assess the costs and benefits of consolidating potentially duplicative email and network services identified in our March 2015 report. The Library plans to complete the steps necessary to implement this recommendation by March 2018. We will continue to evaluate the Library's progress in implementing this recommendation.
    Director: Joel Willemssen
    Phone: (202) 512-6253

    2 open recommendations
    Recommendation: To help ensure that the Copyright Office makes improvements to its current IT environment, the Librarian of Congress should direct the Register of Copyrights to, for current and proposed initiatives to improve the IT environment at the Copyright Office, develop plans including investment proposals that identify the business problem, a proposed solution, the expected benefits, how the solution aligns with the Library's strategic plan, an initial 3-year cost estimate, and expected funding sources, and bring those to the Library's IT Steering Committee for review, as required by Library policy.

    Agency: Library of Congress
    Status: Open

    Comments: In commenting on our draft report, the Copyright Office neither agreed nor disagreed with our recommendation. Subsequently, the Copyright Office has begun to take steps to address this recommendation. For example, in November 2015 Copyright submitted to the Library's IT Steering Committee plans for three new fiscal year 2017 IT initiatives aimed at improving current systems, such as technical upgrades to the electronic (eCO) registration system. For each initiative, the office developed plans that identified the business problems, proposed solutions, expected benefits, alignment with the Library's strategic plan, initial 3-year cost estimates, and expected funding sources. In November 2016, the Librarian of Congress directed all top-level IT staff in the Library's various service units, including the Copyright CIO, to be detailed to the Library's OCIO. Subsequently, in April 2017 Library and Copyright Office officials stated that the Copyright Office, in coordination with the Library OCIO, will develop IT investment proposals for fiscal year 2018, including proposals for modernizing the Copyright Office's IT systems. We will continue to evaluate the Copyright Office's efforts to address our recommendation.
    Recommendation: To help ensure that the Copyright Office makes improvements to its current IT environment, the Librarian of Congress should direct the Register of Copyrights to develop an IT strategic plan that includes the office's prioritized IT goals, measures, and timelines, and is aligned with the Library's ongoing strategic planning efforts.

    Agency: Library of Congress
    Status: Open

    Comments: In commenting on our draft report, the Copyright Office neither agreed nor disagreed with our recommendation. In November 2016, the Librarian of Congress directed all top-level IT staff in the Library's various service units, including the Copyright Chief Information Officer (CIO), to be detailed to the Library's Office of the CIO. In light of this organizational realignment, in May 2017 the Library's Office of the CIO and the Copyright Office stated that they will be working in coordination to address our recommendation. In September 2017, the Library's Office of the CIO and Copyright Office began developing a Copyright IT modernization program management plan. According to the Library, this plan will include prioritized IT goals, measures, and timelines which are aligned with the Library's ongoing strategic planning efforts. The Library plans to complete a first draft of the Copyright IT modernization program management plan in January 2018. We will continue to evaluate the Library and Copyright's efforts to address our recommendation.
    Director: David Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To improve the reliability and reporting of investment performance information and management of selected major investments, the Commissioner of the IRS should direct the Chief Technology Officer to modify reporting of the Affordable Care Act Administration testing status to senior management to include a comprehensive report on all impacted systems--including an explanation for why impacted systems were not tested at a particular level--and ensure this reporting is aligned with the manner in which testing is being performed.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS disagreed with this recommendation at the time we made it stating that it followed a rigorous risk-based process for planning the tests of ACA-impacted systems, including the types and levels of testing, and that it had comprehensive reporting for the filing season 2015 release, which included ACA impacted systems. However, as noted in our report, our review of ACA Testing Review Checkpoint reports and filing season reports, which officials stated were used to provide comprehensive reports to senior managers, did not identify the status of testing for all systems impacted by ACA Releases 5.0 and 6.0. We therefore concluded that the recommendation was still valid. As of July 2017, IRS had not changed its position. We will be following up with the agency to discuss the recommendation.
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    5 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that HUD fully implements and sustains effective IT governance practices, the Secretary of Housing and Urban Development should direct the Deputy Secretary and the department's Chief Information Officer to place a high priority and ensure that the executive-level investment review board meets as outlined in its charter, documents criteria for use by the other boards, and distributes its decisions to appropriate stakeholders.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: As of April 2017, HUD had not provided information demonstrating that the department has addressed this recommendation. HUD reported that it established a new executive-level investment review board (i.e. the Executive Operations Committee) that replaced the board discussed in our report. However, as of April 2017, the department had not yet documented criteria the Committee had established for use by other boards or provided evidence of how this new committee would distribute decisions made to appropriate stakeholders.
    Recommendation: To ensure that HUD fully implements and sustains effective IT governance practices, the Secretary of Housing and Urban Development should direct the Deputy Secretary and the department's Chief Information Officer to place a high priority and fully establish and maintain a complete set of governance policies, establish time frames for establishing policies planned but not yet developed, and update key governance documents to reflect changes made to established practices.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: As of April 2017, the department had taken steps to address this recommendation. In 2015, HUD updated its Project Planning and Management policy and confirmed that the remaining policies to be developed were the IT Risk Policy and the IT Performance Management Policy. HUD also reported that the department planned to revise additional existing policies, including the IT Management Framework Policy, IT Capital Management Policy, IT Project Planning & Management Policy, IT Governance Policy, and IT Strategic Planning Policy. As of April 2017, the department had finalized a Risk Policy but reported it was still working on additional policy updates anticipated to be finalized during 2017.
    Recommendation: To ensure that HUD fully implements and sustains effective IT governance practices, the Secretary of Housing and Urban Development should direct the Deputy Secretary and the department's Chief Information Officer to place a high priority and fully establish an IT investment selection process that includes (1) articulating how reviews of project proposals are to be conducted; (2) planning how data (including cost estimates) are to be developed and verified and validated; (3) establishing criteria for how cost, schedule, and project risk are to be analyzed; (4) developing procedures for how proposed projects are to be compared to one another in terms of investment size (cost), project longevity (schedule), technical difficulty, project risk, and cost-benefit analysis; and (5) ensuring that final selection decisions made by senior decision makers and governance boards are supported by analysis, consider predefined quantitative measures, and are consistently documented.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: As of April 2017, HUD had not provided information demonstrating that the department has addressed this recommendation. In 2015, HUD reported that it had begun using a new tool to support its IT selection process. As of April 2017, the department had reported on improvements to its investment process but had not yet provided evidence of specific actions or plans aimed at ensuring the five IT selection processes highlighted in this recommendation would be addressed.
    Recommendation: To ensure that HUD fully implements and sustains effective IT governance practices, the Secretary of Housing and Urban Development should direct the Deputy Secretary and the department's Chief Information Officer to place a high priority and fully establish a well-defined process that incorporates key practices for overseeing investments, including (1) monitoring actual project performance against expected outcomes for project cost, schedule, benefit, and risk; (2) establishing and documenting cost-, schedule-, and performance-based thresholds for triggering remedial actions or elevating project review to higher-level investment boards; and (3) conducting post-implementation reviews to evaluate results of projects after they are completed.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: As of April 2017, the department had taken steps to address this recommendation. Specifically, in April 2016, HUD provided evidence of actions taken toward developing new processes for investment oversight practices. Specifically, the department created processes for conducting project health assessments and weekly project management meetings intended to monitor, among other things, actual performance against expected outcomes, and to establish thresholds for triggering remedial actions or elevating projects for additional review. As of April 2017, the department had not provided evidence that these new processes were fully established and institutionalized.
    Recommendation: To establish an enterprise-wide view of cost savings and operational efficiencies generated by investments and governance processes, the Secretary of Housing and Urban Development should direct the Deputy Secretary and Chief Information Officer to place a higher priority on identifying governance-related cost savings and efficiencies and establish and institutionalize a process for identifying and tracking comprehensive, high-quality data on savings and efficiencies resulting from IT investments and the IT governance process.

    Agency: Department of Housing and Urban Development
    Status: Open
    Priority recommendation

    Comments: As of April 2017, the department had taken steps to address this recommendation. Specifically, in April 2016, HUD provided examples of cost savings that the department had identified by "scrubbing" existing contracts during the fiscal year 2015 budget formulation process, along with copies of a template that it designed and used to help identify such savings. As of April 2017, the department had not yet provided evidence that it had formally established policies and procedures or taken other actions to institutionalize a process for identifying and providing an enterprise-wide view of IT-related cost savings and operational efficiencies.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    100 open recommendations
    including 2 priority recommendations
    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Agriculture
    Status: Open

    Comments: In written comments to our report, the Department of Agriculture concurred with our recommendation. In July 2017, Agriculture reported on actions taken to address this recommendation, including the development of a draft software license management policy to address Information Technology Asset Management (ITAM) procedures and practices. We will follow-up with the department to monitor its progress in completing an agency-wide comprehensive policy for the management of software licenses.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Department of Agriculture agreed with our recommendation and, in July 2017 reported that it has established a comprehensive software license inventory. We will request additional information to validate the extent to which Agriculture addressed this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Department of Agriculture agreed with our recommendation. In July 2017, Agriculture reported on actions taken to address this recommendation. For example, Agriculture reported that it uses the Bigfix network management tool to track software. We will request additional information to validate the extent to which Agriculture regularly tracks and maintains the department's inventory of software licenses; and analyzes software data to inform decision making.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Department of Agriculture agreed with our recommendation. In July 2017, Agriculture reported on actions taken to address this recommendation. For example, agriculture reported that it continues to analyze existing contracts to show their utilization. We will request additional information to validate the extent to which Agriculture analyzes agency-wide software license data to identify opportunities to reduce costs and better inform investment decision making.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Agriculture
    Status: Open

    Comments: In July 2017, Agriculture reported on actions taken to address this recommendation. For example, Agriculture reported that members of its Category Management Team have worked with GSA over the past year to better understand the terms and conditions of vendors, such as Oracle and Microsoft. In addition, Agriculture reported that the members maintain a Contracting Officer's Representative certification and attend continuous training on software procurement, contracting laws regulations and negotiations. We will request additional information to validate the extent to which Agriculture provided appropriate agency personnel with sufficient software license management training.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce concurred with our recommendation. In April 2017, the department reported that it has established an integrated project team (IPT) team with representation from the bureau enterprise architecture teams to develop a methodology of managing software licenses across the department. In addition, Commerce reported that the IPT is chartered to refine the department's software licenses policy over time and provide guidance in establishing an enterprise license software management practice. We will continue to monitor the department's progress in implementing a comprehensive software license management policy.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce partially concurred with our recommendation. In April 2017, the department reported that it has established an integrated project team (IPT) with representation from the bureau enterprise architecture teams to develop a methodology of managing licenses across the department. In addition, the department reported that the IPT is chartered to refine the software policy over time and provide guidance in establishing an enterprise license management practice. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: The Department of Commerce partially concurred with our recommendation. In April 2017, Commerce reported that it has conducted an inventory of software licenses through a data call and inventory collection template. Commerce also reported that it is evaluating how to automate the inventory process by leveraging the portfolio of deployed network discovery tools for identifying installed licensed products, collating and ingesting the information into a repository for maintenance and reporting of the data. We will continue to monitor the department's progress in implementing automated discovery and inventory tools in support of its department-wide software license inventory.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce partially concurred with our recommendation. In April 2017, Commerce reported that it has conducted an inventory of software licenses through a data call and inventory collection template. Commerce also reported that it is evaluating how to automate the inventory process by leveraging the portfolio of deployed network discovery tools for identifying installed licensed products, collating and ingesting the information into a repository for maintenance and reporting of the data. We will continue to monitor the department's progress in implementing automated discovery and inventory tools in support of its department-wide software license inventory.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce partially concurred with our recommendation. In April 2017, the department reported that it has established an integrated project team (IPT) with representation from the bureau enterprise architecture teams to develop a methodology of managing licenses across the department. In addition, the department reported that the IPT is chartered to refine the software policy over time and provide guidance in establishing an enterprise license management practice. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce partially concurred with our recommendation. In April 2017, the department reported that it has established an integrated project team (IPT) with representation from the bureau enterprise architecture teams to develop a methodology of managing licenses across the department. In addition, the department reported that the IPT is chartered to refine the software policy over time and provide guidance in establishing an enterprise license management practice. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency: Department of Defense
    Status: Open

    Comments: In March 2016, the Department of Defense reported that it was in the process of developing policy and guidance for software license management with issuance expected by the end of fiscal year 2017. As of July 2017, the department did not provide additional information. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Defense
    Status: Open

    Comments: In March 2016, the Department of Defense (DOD) reported on actions to implement a more centralized software license management approach. For example, the department reported that the DOD CIO is leveraging the DOD Enterprise Software Initiative and joint enterprise license agreement efforts centrally managed by the Defense Information Systems Agency to coordinate centralized acquisitions for licenses that are commonly purchased across DOD. The DOD CIO also issued a memorandum on November 16, 2015 directing department-wide migration to the Microsoft Windows 10 Operating System by January 2017 for all Windows-based desktop and laptop computers, which will support an enterprise approach for centrally coordinating software license management. However, as of July 2017, the department did not provide additional information. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense partially concurred to develop comprehensive inventory for the management of software licenses. In March 2016, DOD reported on actions to implement a comprehensive inventory using automated tools. For example, DOD reported that it has completed a software inventory license reporting plan and continues to automate security domains for asset management and plans to implement automated support and processes for software license management processes in Fiscal Year 2020. However, as of July 2017, the department did not provide additional information. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense partially concurred with this recommendation to develop a comprehensive inventory for the management of software licenses. In March 2016, DOD reported on actions to implement this recommendation. For example, DOD reported that it has completed a software inventory license reporting plan and continues to automate security domains for asset management and plans to implement automated support and processes for software license management processes in Fiscal Year 2020. However, the department did not provide additional information as of July 2017. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: The Department of Defense concurred with this recommendation. DOD made progress in implementing this recommendation by analyzing Fiscal Year 2013 selected software inventory data from 31 of 32 components. However, as of October 2016, DOD had not yet fully implemented this recommendation because it had not established automated discovery and inventory tools to maintain and track a comprehensive inventory of licenses, which are needed to fully and routinely analyze agency-wide software licensing data. Further, the department did not provide additional information as of July 2017. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense concurred with this recommendation. In March 2016, DOD reported on actions to implement this recommendation. For example, DOD added a new webinar training session on software license management and developed a two-day in-person training course on "Strategic Vendor Management" that introduces participants to category management best practices for commercial software. DOD also reported that it expects to establish additional training on software license management by the end of fiscal year 2016. However, the department did not provide updated information as of July 2017. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Education should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education concurred with this recommendation. In August 2016, the Department provided evidence that it has developed agency-wide policy that addresses six of the seven elements that a comprehensive software licensing policy should specify. However, as of August 2017, the department did not provide evidence that its policy specifically addresses the analysis of software license data such as usage to inform decision making. We will follow up with the agency to obtain additional information on its software licensing policy and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Education should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education concurred with this recommendation. In August 2016, the department reported that it regularly analyzes agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. For example, the department said that it manually analyzes software data by comparing data in the software inventory database with requests for software acquisitions. However, as of August 2017, the department did not provide documentation on its analysis of agency-wide software license data or on the extent to which this information was used to inform investment decisions to identify opportunities to reduce costs. We will follow-up with the department to obtain documentation supporting actions to fully implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Education should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education concurred with this recommendation. The department has made progress in implementing this recommendation by providing its staff with software license training, including training on its software tracking database. In addition, the department's Software Asset Management and Acquisition Policy (SAMA) require employees to take training on the SAMA policy and computer software piracy. However, as of August 2017, the department did not demonstrate that it offers training in other important areas specific to software license management, such as contract terms and conditions, laws, and regulations. We will continue to monitor the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Energy
    Status: Open

    Comments: In the Department of Energy's written comments the agency neither agreed nor disagreed with our recommendation, but stated it has taken a number of steps to aggregate software licensing. In March 2017, Energy reported that it had developed an agency-wide comprehensive policy for the management of software licenses. In addition, the department reported that the policy encourages the consolidation of software package acquisition, volume purchasing arrangements, enterprise wide agreements and best practices in software implementation. However, the department has not yet provided documentation of its policy. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Energy
    Status: Open

    Comments: In the Department of Energy's written comments the agency neither agreed nor disagreed with our recommendation, but stated it had taken a number of steps to aggregate software licensing, and at that time had no plans to centralize software licensing. In March 2017, the department reported that it's Office of the Chief Information Officer's Enterprise Wide Agreement (EWA) program host periodic conference calls with key IT representatives across the department's complex and recommend common software for consideration by the EWA program. In addition, the department reported that its Office of Management, Strategic Programs Division holds meetings throughout the department to facilitate a centralized management approach towards purchasing. However, the department has not provided evidence that it employs a centralized software management approach that is coordinated and integrated with key personnel for the majority of the agency's software licenses spending and/or enterprise-wide licenses. We will continue to monitor the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Energy
    Status: Open

    Comments: In the Department of Energy's written comments the agency neither agreed nor disagreed with our recommendation, but stated it had taken a number of steps to aggregate software licensing, and at that time had no plans to centralize software licensing. In March 2017, the department reported that it's Office of the Chief Information Officer's Enterprise Wide Agreement (EWA) program hosts periodic conference calls with key IT representatives across the department's complex and recommend common software for consideration by the EWA program. In addition, the department reported that its Office of Management, Strategic Programs Division holds meetings throughout the department to facilitate a centralized management approach towards purchasing. However, the department has not provided evidence that it employs a centralized software management approach that is coordinated and integrated with key personnel for the majority of the department's software licenses spending and/or enterprise-wide licenses. We will continue to monitor the department's progress in implementing this recommendation
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Energy
    Status: Open

    Comments: In Energy's written comments the agency neither agreed nor disagreed with our recommendation. In March 2017, DOE reported on actions to implement this recommendation. Consistent with the Act's provisions, Energy is working with GSA on providing usage data and support needed for the establishment of government-wide software contracts. The agency noted that it continues to use Continuous Monitoring and Diagnostic tools to inventory and consolidate software usage and eliminate unnecessary maintenance support costs. We have not yet validated agency actions on this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Energy
    Status: Open

    Comments: In the Department of Energy's written comments the agency neither agreed nor disagreed with our recommendation, but stated it has taken a number of steps to aggregate software licensing. In March 2017, Energy stated that it is analyzing agency-wide software data through the CIO's Enterprise Wide Agreement program which hosts periodic conference calls with key IT representatives across Energy. However, Energy has not provided evidence that it is fully analyzing agency-wide software license data to inform investment decisions and identify opportunities to reduce costs. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Energy
    Status: Open

    Comments: In Energy's written comments the agency neither agreed nor disagreed with our recommendation. In March 2017, the department noted that training for employees is managed on an office-by-office basis as part of the Individual Development and Training Needs Assessment Process and those individuals needing such training can be self-identified or identified by their supervisor for training. We will follow up with Energy to obtain documentation on its software license management training.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the CDM implementation will facilitate normalization efforts across DHS by defining common software license and maintenance requirements. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the CDM implementation will provide DHS with an automated capability for IT hardware and software asset discovery; IT asset inventory tracking; software inventory normalization; software license optimization; data sharing capabilities, and thus ensure full compliance with the requirement to maintain a continual agency-wide inventory of software licenses. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the tracking of software assets and inventory will be implemented as CDM is rolled out to each DHS Component. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that CDM tracking of software assets and inventory will be implemented as CDM is rolled out to each DHS Component. The CDM tool will provide DHS with an automated capability for IT hardware and software asset discovery; IT asset inventory tracking; software inventory normalization; software license optimization; data sharing capabilities, and thus ensure full compliance with the requirement to maintain a continual agency-wide inventory of software licenses, including all licenses purchased, deployed, and in use, as well as spending on subscription services. As this data is captured the DHS OCIO, OSDO will analyze the software license data to track cost, usage, benefits to establish spending data that allows to the Department to perform trend analysis. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In written comments to our report, HUD agreed to take executive actions to address our recommendation and noted steps the agency plans to take. In its May 2017 update, HUD stated that the department developed a draft policy that will implement policies and responsibilities for managing software licenses and a software license consolidation plan to enable maintenance and enforcement of the software license management policy. In addition, the department reported that it appointed a software license manager who is the single point of contact for software license management. According to HUD, the targeted completion for implementing this recommendation is the first quarter of 2018. We will follow-up with the Department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In May 2017, HUD reported that its Office of the Chief information Officer (CIO) has achieved full operational capability for the agency's Federal Asset Management Enterprise System (FAMES) and began to populate the FAMES with information on the agency's software assets in January 2017. However, HUD noted that it still needs to implement and test the PRISM interface with the FAMES which the agency expects to be completed by the end of fiscal year 2017. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In written comments to our report, HUD agreed to take executive actions to address our recommendation. In its May 2017 update, HUD reported on actions taken to implement this recommendation including the development of a GAP analysis to support acquisition and deployment of an automated software license management capability. According to HUD, this capability will provide the CIO with the data necessary to identify opportunities to reduce cost, implement IT commodity-consolidated acquisitions and buy licenses in bulk. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In written comments to our report, HUD agreed to take executive actions to address our recommendation and noted steps the agency plans to take. In May 2017, HUD reported that the agency has worked with the Department of Defense (DOD) to offer DOD Enterprise Software Initiative (ESI) sponsored software license management training to staff and continues to work with peer agencies to identify opportunities to access required software management skills and other required training. HUD reported that its target completion for addressing this recommendation is the first quarter of 2018. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of the Interior
    Status: Open

    Comments: The Department of Interior (DOI) agreed with this recommendation. In March 2017, DOI reported that the department has drafted a comprehensive policy that is comprised of the core elements of software management. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of the Interior
    Status: Open

    Comments: In March 2017, DOI reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets, and that this approach includes roles and responsibilities. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of the Interior
    Status: Open

    Comments: In written comments to our report, the Department of Interior (DOI) concurred with our recommendation. In March 2017, DOI reported that the department was working on a comprehensive management approach for accounting for and managing IT Software Assets. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of the Interior
    Status: Open

    Comments: In written comments to our report, the Department of Interior concurred with our recommendation. In March 2017, DOI reported that the department was working on a comprehensive management approach for accounting for and managing IT Software Assets. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making

    Agency: Department of the Interior
    Status: Open

    Comments: In written comments to our report, the Department of Interior concurred with our recommendation. In March 2017, DOI reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of the Interior
    Status: Open

    Comments: In written comments to our report, the Department of Interior partially concurred with our recommendation to provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. In March 2017, DOI reported that the department DOI does and will continue to provide software license management training to agency personnel on contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management as appropriate. We will follow-up with the department to obtain supporting documentation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Justice
    Status: Open

    Comments: In its June 2015 statement of actions to address our recommendations, the Department of Justice reported that it was pursuing a number of initiatives focused on improving Software License management. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Justice
    Status: Open

    Comments: The Department reported in June 2015 that it has taken initial steps to address our recommendations. For example, it reported using technology tools to pull software data being used within the infrastructure and to identify what software is not being used. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Justice
    Status: Open

    Comments: The Department in June 2015 reported that it has initiated steps to establish a comprehensive inventory of software licenses by using automated tools. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Justice
    Status: Open

    Comments: The Department has taken initial steps to regularly track and maintain a comprehensive inventory of software licenses. For example, the Department reported in June 2015, that it is managing a comprehensive inventory for major suppliers and exploring enterprise agreements with key suppliers to ensure compliance. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Justice
    Status: Open

    Comments: The Department reported in June 2015 that it has taken initial steps to analyze agency-wide software license data by providing better governance of software utilization to derive cost savings and by developing Enterprise License Agreements to achieve savings from processes across the components. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Justice
    Status: Open

    Comments: The Department reported in June 2015 that it has taken initial steps to provide training to appropriate agency personnel. For example, in the department's Vendor Management Calls they provide training on processes and the use of tools, including contract terms, negotiations, laws and regulations, acquisition, security planning and configuration management. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2017, the Department of Labor (DOL) reported that it plans to continue researching for an automated tool to identify, track and maintain the agency's software license inventory. We will continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2017, the Department of Labor (DOL) reported that it plans to continue researching for an automated tool to identify, track and maintain the agency's software license inventory. We will continue to monitor its progress in implementing this recommendation
    Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2017, the Department of Labor (DOL) reported that it was planning to assemble a cross-functional team before the end of fiscal year 2017 to evaluate solutions and tools for automated software management and to identify opportunities for enterprise-wide software agreements. We will continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2016, the Department of Labor reported that it now has one individual certified in software management and intends to provide training to additional staff over the next year. In June 2017, Labor reported on progress in implementing this recommendation. Specifically, Labor noted that it has two additional personnel with configuration management and software library certifications to help ensure effective management of software licenses. We will continue to monitor its progress in providing appropriate agency personnel with sufficient training on managing software licenses.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation. In July 2017, the department reported that its existing department policy identifies a single office within the department for managing the enterprise software licensing agreements. However, the department did not provide evidence that it addressed the weaknesses identified in our report including policies establishing a comprehensive inventory, analyses of software license data, training on management of software licenses, goals and objectives, and consideration of the software license life-cycle phases. We will follow-up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation. In July 2017, the department reported that existing policy identifies roles and responsibilities for key stakeholders in the acquisition of software including the CIO and systems owners. However, the department did not provided evidence that it addressed the weaknesses identified in our report including employing a centralized management approach to the software licenses that had been managed on a bureau by bureau basis. We will follow-up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with, and has taken steps to implement our recommendation. In July 2017, the department reported that it currently has insight into procurement information as well as a broad range of software inventory information available via the department's current network monitoring toolset and purchasing system. In addition, the department stated that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) initiative spearheaded by the Department of Homeland Security. According to the department, the CDM is expected to provide an improved, more consolidated, user-friendly, and actionable view into software license data on its network. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with, and has taken steps to implement our recommendation. In July 2017, the department reported that it currently has insight into procurement information as well as a broad range of software inventory information available via the department's current network monitoring toolset and purchasing system. In addition, the department stated that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) which is expected to become the department's automated tool to track its software inventory. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with, and has taken steps to implement our recommendation. In July 2017, the department reported that it currently conducts software licenses analysis on a contract-by-contract basis, with a focus on the highest-dollar contracts. In addition, the department stated that the implementation of Continuous Diagnostics and Mitigation (CDM) automated tool is expected to provide a baseline of inventory, usage, and trending data that combined with our acquisition insight will permit decision makers to identify opportunities for future centralized, enterprise agreements. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with, and has taken steps to implement our recommendation. In July 2017, the department reported that it has provided software license management training to the agency's Information Resource Management and acquisition personnel and that the agency plans to provide more relevant software license training in the future. We will follow-up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Transportation
    Status: Open

    Comments: In February 2017, DOT stated that it has developed a policy addressing components of centralized management and management of software licenses through the entire life cycle. In addition, DOT updated its policy to address regularly tracking licenses using automated tools, analyzing license data to inform investment decision making, providing license management training to personnel, and establishing goals and objectives of the program. However, while DOT's Order 1351.21 states that each Enterprise License Agreement will be accompanied by a licensed management portal to provide department-wide transparency on how many licenses are available and when licenses need to be renewed, the policy did not include details on procedures for establishing a comprehensive inventory by identifying and collecting information about software license agreements using automated discovery and inventory tools. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Transportation
    Status: Open

    Comments: In February 2017, DOT reported that the Federal Information Technology Acquisition Reform Act (FITARA) guidance requires the department to maintain a continual agency-wide inventory of software licenses. However, DOT did not provide evidence that it had established a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. We will follow-up with the department to obtain evidence of the implementation of this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Transportation
    Status: Open

    Comments: In February 2017, the Department of Transportation (DOT) noted that it was following guidance under the Federal Information Technology Acquisition Reform Act (FITARA). However, DOT did not provide evidence that it is regularly tracing and maintaining a comprehensive inventory of software licenses. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Transportation
    Status: Open

    Comments: In February 2017, the Department of Transportation (DOT) noted that it was following guidance under the Federal Information Technology Acquisition Reform Act (FITARA). However, DOT did not provide evidence that it analyzes agency-wide software license data to identify opportunities to reduce cost and inform decisions. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Transportation
    Status: Open

    Comments: In February 2017, the Department of Transportation (DOT) reported that its Office of the Chief Information Officer (OCIO) is piloting the Staff Training Education and Professional Development Program (STEP) for all OCIO employees. The courses cover areas such as contracting and negotiations, laws and regulations and security training. However, DOT reported that the training is not specific to software licensing, although elements of software management are covered in full through the offerings within the STEP program. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of the Treasury
    Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. According to Treasury, once implemented the CDM capabilities will enhance the department's security posture and provide the department with capabilities for automatically collecting software and hardware inventories. Treasury stated that it will then work with its bureaus to develop common procedures, policies and capabilities for auditing and tracking software inventories. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation. We will follow-up with Treasury to monitor its progress in implementing this recommendation and obtain supporting documentation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of the Treasury
    Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. According to Treasury, once implemented the CDM capabilities will enhance the department's security posture and provide the department with capabilities for automatically collecting software and hardware inventories. Treasury stated that it will then work with its bureaus to develop common procedures, policies and capabilities for auditing and tracking software inventories. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation. We will follow-up with Treasury to monitor its progress in implementing this recommendation and obtain supporting documentation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of the Treasury
    Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. According to Treasury, once implemented the CDM capabilities will enhance the department's security posture and provide the department with capabilities for automatically collecting software and hardware inventories. Treasury stated that it will then work with its bureaus to develop common procedures, policies and capabilities for auditing and tracking software inventories. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation. We will follow-up with Treasury to monitor its progress in implementing this recommendation and obtain supporting documentation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of the Treasury
    Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. According to Treasury, once implemented the CDM capabilities will enhance the department's security posture and provide the department with capabilities for automatically collecting software and hardware inventories. Treasury stated that it will then work with its bureaus to develop common procedures, policies and capabilities for auditing and tracking software inventories. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation. We will follow-up with Treasury to monitor its progress in implementing this recommendation and obtain supporting documentation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of the Treasury
    Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. According to Treasury, once implemented the CDM capabilities will enhance the department's security posture and provide the department with capabilities for automatically collecting software and hardware inventories. Treasury stated that it will then work with its bureaus to develop common procedures, policies and capabilities for auditing and tracking software inventories. Treasury also stated that these tools, policies and procedures will allow the department to study usage and better inform future procurement needs to minimize cost and duplication. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation. We will follow-up with Treasury to monitor its progress in implementing this recommendation and obtain supporting documentation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of the Treasury
    Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In written comments to our report, the Department of Veterans Affairs (VA) agreed with our recommendation. In September 2017, VA provided information on actions taken to address our recommendation. However, we have not yet validated agency actions on this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In written comments to our report, the Department of Veteran Affairs (VA) agreed with our recommendation. In September 2017, VA provided information on actions taken to address our recommendation. However, we have not yet validated agency actions on this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In written comments to our report, the Department of Veterans Affairs (VA) agreed with our recommendation. In September 2017, VA provided information on actions taken to address our recommendation. However, we have not yet validated agency actions on this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In written comments to our report, the Department of Veterans Affairs (VA) agreed with our recommendation and reported that it made progress in providing software asset management (SAM) training to all personnel responsible for overseeing software enterprise license agreement (ELA) management. In September 2017, VA provided information on actions taken to address our recommendation. However, we have not yet validated agency actions on this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, Environment Protection Agency (EPA) reported that it is currently taking steps to develop a comprehensive policy that will address a centralized management program of licenses, an analysis to inform decision making, education and training goals and overall management throughout the lifecycle. In addition, EPA stated that it is still leveraging the efforts of the Continuous Diagnostics and Mitigation project as well as its Office of Acquisition Management's consolidation of its Microsoft suite. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is currently taking steps to develop a comprehensive policy that will address a centralized management program of licenses. In addition, EPA stated that it is still leveraging the efforts of the Continuous Diagnostics and Mitigation project as well as leveraging its Office of Acquisition Management's consolidation of enterprise licenses. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, EPA reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for a comprehensive software license inventory. EPA also reported that this comprehensive inventory will be provided via an automated dashboard. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for an automated tool that will establish a comprehensive software license inventory. EPA We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, the Environment Protection Agency reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for a comprehensive software license inventory. that will be available by the second quarter of fiscal year 2017. EPA also stated that it has consolidated six of the agency's eight major software license contracts. In addition, EPA reported that it is currently conducting an analysis of licenses and maintenance with regards to category management to determine the current spend environment and visibility within the agency to develop strategies for addressing each platform. We will follow up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is working to develop a robust training curriculum that addresses all software license requirements including but not limited to negotiations, laws and regulations, and contract terms and conditions department wide. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: The National Aeronautics and Space Administration (NASA) has taken steps to implement our recommendation. In July 2017, NASA reported that the agency currently owns an enterprise software license management tool for the Office of the Chief Engineer and that the Office of the Chief Information Office will be coordinating with stakeholders to pursue expanding the use of this system NASA-wide. NASA anticipates completing this effort by the end of the fiscal year 2017.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: The National Aeronautics and Space Administration (NASA) has taken steps to implement our recommendation. In July 2017, NASA reported that the agency currently owns an enterprise software license management tool for the Office of the Chief Engineer and that the Office of the Chief Information Office will be coordinating with stakeholders to pursue expanding the use of this system NASA-wide. NASA anticipates completing this effort by the end of the fiscal year 2017. We will continue to monitor NASA's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: National Science Foundation
    Status: Open

    Comments: In March 2017, NSF reported on actions taken to implement this recommendation. For example, the agency reported that in July 2015 NSF issued a new acquisition policy that provides the Chief Information Officer central oversight authority for IT acquisitions including software agreements. However, the guidance does not specify policies on managing software licenses for regularly tracking and maintaining software licenses to assist the agency in implementing decisions throughout the software license management life cycle, analyzing software usage and other data to make cost-effective decisions and providing training relevant to software license management. We will continue to monitor the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: National Science Foundation
    Status: Open

    Comments: In March 2017, NSF reported that it continues to regularly track and maintain a comprehensive inventory of software licenses. For example, NSF reported that in 2015 the agency implemented an automated tool to capture, track and report on software licenses. In addition, NSF reported that it is implementing a Continuous Diagnostic and Mitigation (CDM) capabilities to further consolidate and centralize management of the agency's software asset inventory in an automated way. However, NSF did not provide documentation showing that it regularly tracks and maintains its inventory using automated tools and metrics. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: National Science Foundation
    Status: Open

    Comments: In March 2017, NSF reported on its progress in analyzing agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. However, NSF did not provide documentation demonstrating that it analyzed agency-wide software license data to inform investment decisions and identify opportunities to reduce costs. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: National Science Foundation
    Status: Open

    Comments: In March 2017, NFS reported that the agency is committed to providing software license training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. However, NFS did not provide documentation showing that this training include aspects of sufficient software license management training such as contract terms and conditions or negotiations. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: The Nuclear Regulatory Commission (NRC) has taken steps to implement this recommendation. For example, in March 2017, NRC reported that the agency's Software Manager is in the process of developing the NRC Software Management Centralization Plan to meet NRC's business needs and to ensure compliance with applicable Federal mandates and guidelines, including those from the Office of Management and Budget, the Federal Information Technology Acquisition Reform Act, the Federal Information Security Management Act, and from the National Institute of Standards and Technology. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) stated that a manual effort is underway to gather and verify data associated with the software on the list to complete a comprehensive inventory of software licenses. NRC also reported that it has developed requirements for an information technology asset management tool to support the establishment of a comprehensive inventory of software licenses using automated tools. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) stated that a manual effort is underway to gather and verify data associated with the software on the list to complete a comprehensive inventory of software licenses. NRC also reported that it has developed requirements for an information technology asset management tool to support the establishment of a comprehensive inventory of software licenses using automated tools. Upon deployment of an automated tool, NRC reported that it will be able to regularly track and maintain a comprehensive inventory of all software licenses. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) reported that the agency will analyze agency-wide software license data after it deploys an automated tool. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) reported that the agency plans to provide software license management training to all key personnel. NRC also reported that its software training is currently being developed by the Office of Management and Budget, the Federal Acquisition Institute and the Defense Acquisition University. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency: Office of Personnel Management
    Status: Open

    Comments: OPM concurred with this recommendation and in September 2015, reported that it had developed a guide to capture enterprise architecture (EA) lifecycle activities including software licensing management, acquisition, and requirements during several points of the project lifecycle. We contacted the agency and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Office of Personnel Management
    Status: Open

    Comments: OPM concurred with this recommendation and in September 2015 reported that it is finalizing a revised Life Cycle Management draft policy which will use stage gate reviews to evaluate the progress of projects including software licenses throughout the agency. According to OPM, once the new policy is approved, OPM subject matter experts will review project documentation during stage gates reviews to make written recommendations on whether projects should continue. OPM's Investment Review Board will then review that recommendation and other procurement documentation to make a final recommendation to the OPM Director. We contacted the agency and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Office of Personnel Management
    Status: Open

    Comments: OPM concurred with this recommendation and in September 2015 OPM reported that it acquired an enterprise architecture repository tool and is collecting information on its software applications. OPM also reported that it is assembling and performing quality reviews on hardware and software lists currently maintained in spreadsheets, in its EA Systems database, and Remedy database in order to consolidate the entire hardware and software asset inventory. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Office of Personnel Management
    Status: Open

    Comments: OPM concurred with this recommendation and in September 2015 OPM reported that it acquired an enterprise architecture repository tool and is collecting information on its software applications. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In written comments to our report, OPM concurred with our recommendations and noted actions the agency plans to take. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In written comments to our report, OPM concurred with our recommendations and noted actions the agency plans to take. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    3 open recommendations
    Recommendation: The Director of the Office of Management and Budget should direct the Federal Chief Information Officer to update, and clearly and explicitly issue incremental development guidance that addresses the following three components: (1) requires projects associated with major IT investments to deliver incremental functionality at least every 12 months, with the exception of the three types of investments identified in this report; (2) specifies how agencies are to define the project functionality that is to be delivered; and (3) requires agencies to define a process for enforcing compliance with incremental functionality delivery, such as the use of TechStat sessions.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) agreed with our recommendation to update and issue incremental guidance, but disagreed that the time frame for incremental delivery should be changed to every 12 months. Subsequently, OMB began to take steps to address aspects of our recommendation. Specifically, in June 2014, OMB updated its information technology (IT) budget guidance to, among other things, define project functionality as any changes to an IT system that primarily provides new or improved capability to the end user. Additionally, in June 2015, OMB issued its guidance on how agencies are to implement December 2014 federal IT acquisition reform legislation. As part of that guidance, OMB required CIOs to ensure that all acquisition strategies and acquisition plans that include IT apply adequate incremental development principles. However, as of June 2017, OMB's annually updated IT budget capital planning guidance still requires that projects associated with major IT investments deliver functionality every 6 months, rather than every 12 months, as we recommended. In the absence of our recommended delivery time frame change, OMB is at risk of continuing to require functionality to be delivered in a time frame that we found to be unrealistic for many IT investments based on their current levels of performance. We will continue to evaluate OMB's progress in implementing the recently issued guidance and in considering a change in how often projects are to deliver functionality.
    Recommendation: The Secretaries of Defense, Health and Human Services, Homeland Security, and Transportation should modify, finalize, and implement their agencies' policies governing incremental development to ensure that those policies comply with OMB's guidance, once that guidance is made available.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) has begun to take steps to address this recommendation. Specifically, in January 2015, HHS established a working group on incremental development in order to define a methodology for more rapid development. Further, HHS officials reported in April 2017 that the department was working to finalize its new guidance on incremental development and CIO certification as required by OMB guidance but could not provide a time frame for when the policy would be finalized. Until HHS finalizes and implements its incremental development policy, its information technology expenditures are more likely to produce sub-optimal results. We will continue to evaluate HHS's progress in implementing this recommendation.
    Recommendation: When updating their policies, the Secretaries of Defense, Health and Human Services, Homeland Security, and Transportation should consider the factors identified in this report as enabling and inhibiting incremental development.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) has begun to take steps to address this recommendation. Specifically, in January 2015, HHS established a working group on incremental development in order to define a methodology for incremental development that would address the factors identified in the report. Further, HHS officials reported in April 2017 that the department was working to finalize its new guidance on incremental development and CIO certification as required by OMB guidance but could not provide a time frame for when the policy would be finalized. Until HHS updates and implements its incremental development policy, its information technology expenditures are more likely to produce sub-optimal results. We will continue to evaluate HHS's progress in implementing this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To improve the reliability of reported cost and schedule variance information for major investments, the Commissioner of IRS should direct the Chief Technology Officer to ensure that projected cost and schedule variances for in-process activities are updated monthly, for the six investments for which we reviewed monthly updates, consistent with OMB and Treasury reporting requirements, by ensuring investment staff have a consistent understanding of the information to be included in monthly reports.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: To address this recommendation, in October 2014, IRS provided training to its project staff, which focused on, among other things, the monthly update of investment performance information. In addition, in fiscal year 2016, IRS began using a tool to track performance information, including progress in meeting cost and schedule goals for ongoing investments, for two investments in development. IRS is now expanding the use of this tool to other investments. As of November 2017, we were reviewing the implementation of the tool as part of an ongoing review of IRS's information technology operations. We will determine whether IRS's implementation of the tool fully addresses this recommendation.
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    2 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure effective management and modernization of HUD's IT environment, the Secretary of Housing and Urban Development should direct the department's Chief Information Officer to establish a means for evaluating progress toward institutionalizing management controls and commit to time lines for activities and next steps.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: As of April 2017, HUD had not yet established a means for evaluating progress toward institutionalizing IT management controls. According to HUD officials, the department expects to evaluate the controls through an update to its IT Management Framework scheduled to be completed during fiscal year 2017.
    Recommendation: To ensure effective management and modernization of HUD's IT environment, the Secretary of Housing and Urban Development should direct the department's Chief Information Officer to define the scope, implementation strategy, and schedule of its overall modernization approach, with related goals and measures for effectively overseeing the effort.

    Agency: Department of Housing and Urban Development
    Status: Open
    Priority recommendation

    Comments: In August 2016, HUD officials reported that the department was taking actions intended to establish a new, stronger enterprise approach for IT development and operations. As of April 2017, the department reported that it was in phase 2 of a 4-phase application assessment initiative expected to address this recommendation. However, HUD has not yet provided evidence of how the new approach is expected to define the scope, implementation strategy, and schedule for modernizing the department's IT.
    Director: Powner, David A
    Phone: (202) 512-9286

    3 open recommendations
    Recommendation: To better ensure that the Dashboard provides meaningful ratings and reliable investment data, the Director of OMB should direct the Federal CIO to make accessible regularly updated portions of the public version of the Dashboard (such as CIO ratings) independent of the annual budget process.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: Although the Federal CIO did not agree or disagree with our recommendation, OMB has taken initial steps to implement it. Specifically, OMB recently updated the Dashboard with a number of changes, and OMB officials stated in 2015 that they intended for the Dashboard to be able to show updates throughout the year. That said, OMB has yet to implement this recommendation. Specifically, OMB did not publish updates to the public version of the Dashboard during the fiscal year 2018 budget formulation process, starting at the end of August 2016. We will continue to monitor the Dashboard to determine if portions of the public version of the Dashboard (such as CIO ratings) are available throughout the year. Maintaining the availability of these data is important for increasing the utility of the Dashboard as a tool for greater IT investment oversight and transparency.
    Recommendation: To better ensure that the Dashboard provides accurate ratings, the Secretary of Commerce should direct the department CIO to ensure that the department's investments are appropriately categorized in accordance with existing statutes and that major IT investments are included on the Dashboard.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce disagreed with this recommendation. In written correspondence, the Department noted that, although it is no longer reporting three of the 10 investments reviewed for this engagement on the IT Dashboard, it is maintaining oversight through monthly Dashboard-like assessments. As of July 28, 2016, the Department stated that it did not have plans to re-categorize these three particular investments as IT and report the data on the IT Dashboard. We continue to believe that this recommendation has merit and will monitor the Department's efforts to maintain oversight for these investments.
    Recommendation: To better ensure that the Dashboard provides accurate ratings, the Secretary of Energy should direct the department CIO to ensure that the department's investments are appropriately categorized in accordance with existing statutes and that major IT investments are included on the Dashboard.

    Agency: Department of Energy
    Status: Open

    Comments: While the Department of Energy had agreed with this recommendation, in subsequent written correspondence, it explained that five of the eight investments noted by GAO as being IT were no longer being reported in the IT Portfolio on the Dashboard. Instead, the Department was reporting these data to OMB via an alternative reporting mechanism specific to high performance computing. In addition, the Department noted that the remaining three investments were deconsolidated or downgraded into non-major investments, or eliminated by funding and, as such, these investments will not be included on the Dashboard. However, we continue to believe that this recommendation has merit and that the remaining investments are more properly classified as IT. We will continue to monitor the Department's efforts to maintain oversight for these investments.
    Director: Powner, David A
    Phone: (202)512-9286

    48 open recommendations
    including 1 priority recommendation
    Recommendation: To help ensure the success of PortfolioStat, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to disclose the limitations of any data reported (or disclose the parameters and assumptions of these data) on the agencies' consolidation efforts and associated savings and cost avoidance.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In its comments on GAO's November 2013 report, OMB disagreed with this recommended action, stating that it had disclosed limitations on data reported and cited three instances of these efforts. However, GAO maintained that, while OMB reported limitations of data regarding commodity information technology (IT) consolidation efforts in these cases, the information reported did not provide stakeholders and the public with a complete understanding of the data presented. For example, OMB did not disclose that information from the Departments of Defense (DOD) and Justice was not included in the consolidation estimates reported, which, considering the scope of DOD's efforts in this area (at least $3.2 billion), was a major gap. As of March 2017, OMB still had not addressed this recommendation. During that month, the agency told GAO that improving the quality of the data agencies submit through the integrated data collections (which include data on agencies' consolidation efforts and associated savings and cost avoidance) is a priority and that Office of the Federal Chief Information Officer staff follow up with agencies when they detect anomalies in the data reported. OMB, however, did not address actions to disclose the limitations of data reported or disclose the parameters and assumptions of these data. Such disclosure would provide the public and other stakeholders with crucial information needed to understand the status of PortfolioStat and agency progress in meeting the goals of the initiative.
    Recommendation: To help ensure the success of PortfolioStat, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to require that agencies report on efforts to address action plan items as part of future PortfolioStat reporting.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: OMB's June 2015 memorandum on the management and oversight of federal information technology (M-15-14) established quarterly PortfolioStat sessions between OMB and agency Chief Information Officers. This represented a change from the previously required annual action item memos. In November 2016, OMB stated that it informally tracks action items resulting from PortfolioStat but no formal documentation is kept. We will continue to follow up on how OMB ensures that agencies report on efforts to address action items as part of future PortfolioStat reporting.
    Recommendation: To help ensure the success of PortfolioStat, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to improve transparency of and accountability for PortfolioStat by publicly disclosing planned and actual data consolidation efforts and related cost savings by agency.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In October 2015, OMB started displaying actual data consolidation savings data on the federal information technology (IT) dashboard, consistent with provisions of the IT reform legislation commonly referred to as the Federal Information Technology Acquisition Reform Act. However, in November 2016, and again in March 2017, OMB stated that it does not track planned cost savings and cost avoidance figures and did not provide any plans to do so. Improving the transparency and accountability for PortfolioStat by publicly disclosing both planned and actual data consolidation efforts and related cost savings by agency would provide stakeholders, including Congress and the public, a means to monitor agencies' progress and hold them accountable for reducing duplication and achieving cost savings.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Agriculture should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture (USDA) provided information on its efforts to ensure the quality of its commodity IT baseline data. Specifically, USDA reported having (1) developed a central repository for agencies and staff offices to populate commodity IT data and (2) provided training on the use of the repository, and (3)established an addtional level of oversight to monitor data quality. We are reviewing supporting documentation obtained from the department to determine whether the recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Agriculture should direct the CIO to fully describe the following PortfolioStat Action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for wasteful, low-value, or duplicative investments.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture provided information on the elements identified in the recommendation. We are reviewing additional supporting documentation obtained from the department to determine whether the recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, as the department finalizes and matures its valuation methodology, the Secretary of Agriculture should direct the CIO to utilize this process to identify whether there are additional opportunities to reduce duplicative, low-value, or wasteful investments.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture stated that its Chief Information Officer will formalize and implement a value-based measurement model to help determine which IT investments should be included in the USDA IT portfolio. We are reviewing supporting documentation obtained from the department to determine whether this recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Agriculture should direct the CIO to develop support for the estimated savings for fiscal years 2013 through 2015 for the Cellular Phone Contract Consolidation, IT Infrastructure Consolidation/Enterprise Data Center Consolidation, and Geospatial Consolidation initiatives.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture stated that its CIO has developed supporting documentation for the cost savings/avoidance associated with the efforts identified in the recommendation. We are reviewing supporting documentation obtained from the department to determine whether this recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Commerce should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

    Agency: Department of Commerce
    Status: Open

    Comments: In its January 2014 statement of actions to address our recommendations, the Department of Commerce stated that the majority of its IT investments were made at the operating unit level and it was therefore planning on issuing policy to require consistency between the operating units' enterprise architecture and the totality of IT investments as reflected in the annual capital asset plan and business case summary submission. The department noted it would also require that consistency between the department's enterprise architecture and the IT investment portfolio is confirmed before submission of either of these artifacts. We are following up with the department to determine the status of these planned actions.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Commerce should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of Commerce
    Status: Open

    Comments: In its January 2014 statement of actions to address our recommendations, the Department of Commerce stated it had submitted two iterations of its commodity IT baseline to OMB since we made our recommendation. The department noted the PortfolioStat process and requirement to submit the baseline through the integrated data collection tool helped ensure the baseline was complete. We plan to follow up with Commerce officials.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Defense should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of Defense
    Status: Open

    Comments: In its December 2013 statement of actions to address our recommendations, the Department of Defense stated that it had efforts underway, including an initiative known as the Joint Information Environment, to further refine the Department's commodity IT baseline. As of August 2016, we found that the department's DOD IT Portfolio Repository included business and enterprise IT systems--two of three commodity IT areas defined by OMB--as part of an ongoing engagement. We are following up with the department to find out about actions to develop an inventory of assets associated with IT infrastructure--the third category of commodity IT defined by OMB.
    Recommendation: To improve the department's implementation of PortfolioStat, in the future reporting to OMB, the Secretary of Defense should direct the CIO to fully describe the following PortfolioStat action plan element: consolidate commodity IT spending under the agency CIO.

    Agency: Department of Defense
    Status: Open

    Comments: As of December 2013, the department did not concur with this recommendation stating that the commodity IT construct implemented in the PortfolioStat initiative did not work well within the department's federated processes. The department agreed, however, that a strategy, consistent with the intent of achieving better buying power and control of commodity IT items, should be developed and implemented within the department using existing authorities, and noted that it was in the process of implementing such a strategy. In August 2016, we followed up with the department to obtain an update on the status of this strategy and determine the associated reporting to OMB. As of the end of October, we were still waiting for a response.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Defense should direct the CIO to obtain support from the relevant component agencies for the estimated savings for fiscal years 2013 to 2015 for the data center consolidation, enterprise software purchasing, and General Fund Enterprise Business System initiatives.

    Agency: Department of Defense
    Status: Open

    Comments: In its statement of actions to address our recommendations, the Department of Defense stated that it already reports data center consolidation savings to both OMB and Congress and will continue to realize savings from the Enterprise Software Initiative, other strategic sourcing efforts, and the continuing implementation of General Fund Enterprise Business System initiatives. As of August 2016, we had collected support for data center consolidation as part of our ongoing data center consolidation work, and were waiting to receive support for the Enterprise Software Initiative savings for fiscal years 2013 to 2015 through recommendation follow-up for a prior software licensing review (GAO-14-413). We are following up with the department to obtain support for savings for the General Fund Enterprise Business System.
    Recommendation: To improve the U.S. Army Corps of Engineers' implementation of PortfolioStat, in future reporting to OMB, the Secretary of Defense should direct the Secretary of the Army to the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) target duplicative systems or contracts that support common business functions for consolidation; (3) establish criteria for identifying wasteful, low-value, or duplicative investments; and (4) establish a process to identify these potential investments and a schedule for eliminating them from the portfolio.

    Agency: Department of Defense
    Status: Open

    Comments: In its statement of actions to address our recommendations, the Department of Defense stated that the U.S. Army Corps of Engineers would fully describe the four action plan elements identified in this recommendation in future OMB reporting. We are following up with the department to determine the status of these efforts and obtain the associated supporting documentation.
    Recommendation: To improve the U.S. Army Corps of Engineers' implementation of PortfolioStat, the Secretary of Defense should direct the Secretary of the Army to report on the agency's progress in consolidating eCPIC to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Defense
    Status: Open

    Comments: In October 2016, the Department of Defense provided a report stating it had completed the consolidation of eCPIC to a shared service in August 2014. We are following up with the department to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Energy should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Department of Energy
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Energy stated that it will update its policy orders as necessary to implement the OMB policy for consolidating commodity IT under the Chief Information Officer and include a description in future OMB reporting. The department also noted that it will work to establish additional value criteria to idenitfy low-value or duplicative federal commodity IT investments, and these criteria will be described in future OMB reporting. We are reviewing the department's reporting to OMB to determine the extent to which this recommendation has been addressed.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the Environmental Protection Agency should direct the CIO to develop a complete commodity IT baseline.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In August 2014, the Environmental Protection Agency reported that it uses OMB's quarterly integrated data collection submission process to continually update the information in its baseline. We are following up with the agency to determine whether it has any process to ensure the completeness of the information that is submitted.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Administrator of the Environmental Protection Agency should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets; and (3) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In August 2014, the Environmental Protection Agency stated that, in its August 2014 PortfolioStat update, it had reported to OMB on the status of actions to consolidate commodity IT spending under the agency CIO and to establish targets for commodity IT spending reductions. The agency also stated that it was working to develop criteria for identifying wasteful, low-value, and duplicative investments. We are reviewing the August 2014 PortfolioStat update to verify the agency's claims. We plan to also follow up on efforts to develop the aforementioned criteria and any associated reporting to OMB.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the Environmental Protection Agency should direct the CIO to report on the agency's progress in consolidating the managed print services and strategic sourcing of end user computing to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Environmental Protection Agency stated that it expected its print services to take on additional devices and locations beginning in April 2014 and that a contract vehicle for the purchasing and leasing of end user computing equipment was expected to be awarded by the end of the month. We are reviewing the agency's quarterly reporting to OMB to determine whether progress on the two initiatives was reported to OMB as we recommended.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of the Interior should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of the Interior
    Status: Open

    Comments: In August 2014, the Department reported that it was planning to undertake a series of activities spanning a 15-month timeframe to create a complete commodity IT baseline, including embarking upon a statistical analysis and cost projection initiative that is intended to identify the degree of confidence in the commodity IT baseline, and develop mechanisms that will enable validation and verification in the future. We will follow up with the department on the results of its activities.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of the Interior should direct the CIO to fully describe the following PortfolioStat action plan element: establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Department of the Interior
    Status: Open

    Comments: In its January 2014 comments on our report, the Department of the Interior stated that it was undertaking a business-driven approach that will involve working wtih its governance boards to establish criteria for identifying wasteful, low-value, or duplicative investments. The department stated it would establish the criteria by December 2014. However, the department did not address whether it would be reporting its plans to OMB, which was the focus of our recomnendation. We will follow up with officials on this.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of the Interior should direct the CIO to report on the department's progress in consolidating the Electronic Forms System component of the eMail Enterprise Records & Document Management System deployment 8 to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of the Interior
    Status: Open

    Comments: In its January 2014 comments on our report, the Department of the Interior provided information on the status of its efforts to consolidate the Enterprise Forms System to a shared service and established a December 2014 target date for completion. In addition, the department stated that it would report on the status of the initiative quarterly until completion. We will follow up with the department to monitor its progress in completing the initiative and reporting on it to OMB.
    Recommendation: To improve the department's implementation of PortfolioStat, the Attorney General should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

    Agency: Department of Justice
    Status: Open

    Comments: In its December 2013 response to this recommendation, the Department of Justice stated that it had updated its enterprise architecture to include 100 percent of the information technology investments. However, it did not provide evidence of this action.We will follow up with the department to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Attorney General should direct the CIO to fully describe the following PortfolioStat action plan element: establish targets for commodity IT spending reductions and deadlines for meeting those targets.

    Agency: Department of Justice
    Status: Open

    Comments: In its December 2013 response to this recommendation, the Department of Justice (DOJ) stated that its Email and Collaboration Working Group established consolidation targets, and began Phase One of its email consolidation effort. In addition, DOJ provided information on the status of its efforts to establish additional targets. We are reviewing the information provided, as well as DOJ's reporting to OMB, to determine the extent to which this recommendation has been addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Labor should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets.

    Agency: Department of Labor
    Status: Open

    Comments: In its December 2013 response to this recommendation, the Department of Labor stated that the Chief Information Officer participates in discussions to identify and eliminate duplication and facilitate the use of commodity IT and shared services through the IT governance committees. We are reviewing documentation we recently obtained from the department to determine the current status of action to address this recommendation.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Labor should direct the CIO to report on the department's progress in consolidating the cloud e-mail services to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor completed the consolidation of DOL agency e-mail systems into a shared cloud-based e-mail service in September 2014. In July 2015, the department provided evidence of a status report on the Office of Management and Budget IT dashboard showing completion of the initiative.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the National Aeronautics and Space Administration should direct the CIO to reflect 100 percent of information technology investments in the agency's enterprise architecture.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: in July 2015, NASA reported that it had initiated an effort referred to as Business Service Assessment (BSA) for IT to establish a more efficient IT operating model that maintains a minimum set of capabilities and meets current and future mission needs. The agency stated that one objective of the BSA is to guide technical, services, and investment decisions, create enterprise architecture and enterprise services methodologies for each IT domain that feeds into the overarching enterprise architecture for the full IT portfolio. In March 2016, the agency reported that final recommendations regarding the BSA were expected to be submitted to the Agency Mission Support Council at the end of the month. We are following up with NASA on the status of this recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Administrator of the National Aeronautics and Space Administration should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) target duplicative systems or contracts that support common business functions for consolidation; (3) establish criteria for identifying wasteful, low-value, or duplicative investments; and (4) establish a process to identify these potential investments and a schedule for eliminating them from the portfolio.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: In May 2015, NASA reported that OMB published new action items that resulted in a shift in tracking of the previous action items identified in our recommendation. In July 2015, the agency provided evidence of a July 2015 report updating OMB of the status of these items.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Archivist of the United States should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) target duplicative systems or contracts that support common business functions for consolidation; (3) establish criteria for identifying wasteful, low-value, or duplicative investments; and (4) establish a process to identify these potential investments and a schedule for eliminating them from the portfolio.

    Agency: National Archives and Records Administration
    Status: Open

    Comments: In its February 2014 statement of actions to address our recommendations, the National Archives and Records Administration reported that the four action plan elements identified in the recommendation had been included in the latest information resources management strategic plan submitted to OMB. We will review the plan to confirm whether the elements were included.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Director of the National Science Foundation should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: National Science Foundation
    Status: Open

    Comments: The National Science Foundation (NSF) reported that while OMB had not requested that the agency provide updates to the 2012 PortfolioStat action plan, NSF had provided different, OMB-requested documentation in support of annual PortfolioStat activities. We plan to follow up with the agency to determine the extent to which the documentation provided to OMB addresses our recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Director of the Office of Personnel Management should direct the CIO to develop a complete commodity IT baseline.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In August 2014, the Office of Personnel Management stated that it would be generating a policy requiring the baselines to be updated quarterly and established a target of May 2015 for fully implementing this recommendation. In March 2015, the agency stated that it was continuing to make progress toward the completion of its commodity IT baseline.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Director of the Office of Personnel Management should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) move at least two commodity IT areas to shared services and (2) target duplicative systems or contracts that support common business functions for consolidation.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In August 2014, the Office of Personnel Management stated that the initial program office responses to our recommendation represented the vision of the former Chief Information Officer (CIO). The agency stated that the new CIO's strategic plan would address duplicative systems and contracts as part of the CIO re-organization project that was underway, with the intent of bringing the different job functions under one group in order to utilize resources and common business functions more effectively. The agency established May 2015 as a target for fully implementing the recommendation. However, we have not yet received evidence of this action. We plan to follow up on the status of actions taken.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Director of the Office of Personnel Management should direct the CIO to report on the agency's progress in consolidating the help desk consolidation and IT asset inventory to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In August 2014, the Office of Personal Management (OPM) stated that a project initiated under the former Chief Information Officer's guidance deals specifically with help desk consolidation. OPM also stated it had leveraged the Remedy tool to integrate the IT asset inventory function as part of the help desk and that many of the IT asset inventory functions were now automated as part of this effort. The agency established May 2015 as a target for fully implementing the recommendation. We plan to follow up with OPM to find out about the status of actions taken to address this recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the Small Business Administration should direct the CIO to develop a complete commodity IT baseline.

    Agency: Small Business Administration
    Status: Open
    Priority recommendation

    Comments: In a recent GAO review examining whether agencies have complete inventories of business and enterprise IT systems (which represent 2 of the 3 categories of assets called for in the commodity IT baseline), SBA provided an inventory which it acknowledged did not include all systems or represent all offices. (Note: the review was summarized in GAO-16-511 issued in September 2016.) The agency noted that it was working with its offices to complete the inventory and hoped to finalize it and establish processes for updating the inventory, including possibly automating its data gathering abilities. In May 2017, SBA provided an update on the status of actions to address the recommendation. We are currently reviewing the documentation provided to determine whether SBA has fully addressed the recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Administrator of the Small Business Administration should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets; (3) target duplicative systems or contracts that support common business functions for consolidation; and (4) establish a process to identify those potential investments and a schedule for eliminating them from the portfolio.

    Agency: Small Business Administration
    Status: Open

    Comments: In June 2015, SBA stated it believed the action items would be addressed as part of its actions to implement the provisions of the Federal Information Technology Acquisition Reform Act. We reviewed the agency's December 2015 plan for implementing the law and an April 2016 update but did not find evidence of actions to address the items in the recommendation. In May 2017, SBA provided an update on the status of actions to address the recommendation. We are currently reviewing the documentation provided to determine whether SBA has fully addressed the recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Commissioner of the Social Security Administration should direct the CIO to develop a complete commodity IT baseline.

    Agency: Social Security Administration
    Status: Open

    Comments: In September 2014, the Social Security Administration (SSA) reported that the instruction set for its Special Expense Item process through which all non-labor IT dollars go now includes the definition of commodity IT baseline, and the requirement to identify all commodity IT baseline funds requested. SSA also stated it will report the commodity IT baseline results for fiscal year 2015 in its November integrated data collection report. We are reviewing the instruction set for the Special Expense Item process and SSA's November integrated data collection report to verify SSA's reported actions.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Commissioner of the Social Security Administration should direct the CIO to report on the agency's progress in consolidating the geospatial architecture to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Social Security Administration
    Status: Open

    Comments: In August 2015, the Social Security Administration (SSA) reported that it had migrated its geospatial architecture to a shared service in September 2014 and was complying with OMB reporting requirements. In July 2016, the agency provided e-mail messages and meeting minutes documenting various stages of the migration as evidence that it was completed as planned. However, SSA did not provide evidence of reporting to OMB. We are following up with SSA to obtain this evidence.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of State should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

    Agency: Department of State
    Status: Open

    Comments: According to the Department of State, since August 2014 all major and non-major IT investments and corresponding assets have been captured in enterprise architecture artifacts. We will follow up with the department to obtain documentation supporting this claim.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of State should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets; (3) move at least two commodity IT areas to shared services; (4) target duplicative systems or contracts that support common business functions for consolidation; and (5) establish a process to identify those potential investments and a schedule for eliminating them from the portfolio.

    Agency: Department of State
    Status: Open

    Comments: In August 2014, the Department of State reported taking several actions to address the action plan elements we determined had not been fully described in our review. For example, it provided the Integrated Logistics Management System and the Global IT Modernization program as examples of two commodity IT investments it had moved to shared services and reported that it instituted review processes to identify duplicative efforts within the IT portfolio. The department, however, did not state whether it had reported these actions to OMB, which was the focus of our recommendation. We will follow up with the department on this.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of State should direct the CIO to report on the department's progress in consolidating the Foreign Affairs Network and content publishing and delivery services to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of State
    Status: Open

    Comments: In August 2014, the Department of State reported that it had completed the content publishing and delivery services initiative and was reporting on its progress in consolidating the Foreign Affairs Network initiative to shared services through the OMB budget process. We plan to follow up with the agency to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Transportation should direct the CIO to report on the department's progress in consolidating the Enterprise Messaging to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Transportation
    Status: Open

    Comments: In September 2015, the department reported that it had discontinued its effort to migrate the Enterprise Messaging program to shared services because it was no longer cost-effective. We plan to follow up with the department on this matter.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of the Treasury should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Department of the Treasury
    Status: Open

    Comments: In September 2014, the Departmnent of the Treasury provided information on its efforts to address its action plan elements, including (1) establishing a general approach to reviewing new investment requests that considers risk, value, and cost; and (2) driving Treasury's IT investment portfolio toward common platforms whenever possible. However, the department did not address whether it was reporting on these efforts to OMB, which was the focus of our recommendation. We will follow up with the department on this.
    Recommendation: To improve the department's implementation of PortfolioStat, as the department finalizes and matures its enterprise architecture and valuation methodology, the Secretary of the Treasury should direct the CIO to utilize these processes to identify whether there are additional opportunities to reduce duplicative, low-value, or wasteful investments.

    Agency: Department of the Treasury
    Status: Open

    Comments: The department described several examples of processes it had in place to identify opportunities to reduce duplicative, low-value or wasteful investments, including annual reviews of each major IT investment and monthly portfolio reviews. We plan to follow up with the department to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of the Treasury should direct the CIO to develop support for the estimated savings for fiscal years 2013 to 2015 for the DoNotPay Business Center, Fiscal IT Data Center Consolidation and Business Process Management Status initiatives.

    Agency: Department of the Treasury
    Status: Open

    Comments: The department provided documentation related to its DoNotPay Business Center, Fiscal IT Data Center Consolidation, and Business Process Management Status initiatives. We are reviewing the information provided and plan to follow up with the department as appropriate.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the U.S. Agency for International Development should direct the CIO to reflect 100 percent of information technology investments in the agency's enterprise architecture.

    Agency: United States Agency for International Development
    Status: Open

    Comments: In response to this recommendation, in September 2014, USAID provided GAO its guidance for establishing an IT asset inventory consistent with Federal Information Systems Management Act requirements and its guidance for purchasing equipment and services which are compliant with agency standards. In October 2015, USAID also stated that it regularly updates its enterprise architecture through maintenance of its information systems inventory and evaluation of future investments. In March 2017, the agency provided GAO documentation supporting its efforts to maintain its information systems inventory and evaluate future investments. However, USAID did not show how these activities help ensure that investments are all included in the enterprise architecture. GAO is following up with the agency on this matter.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Veterans Affairs should direct the CIO to fully describe the following PortfolioStat action plan element: target duplicative systems or contracts that support common business functions for consolidation.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In a December 2015 update to the status of this recommendation, the department stated it was changing its governance processes and organizational structures for IT portfolio, system, project and requirements management to strengthen its ability to identify and eliminate/consolidate duplicative systems or contracts. The department recently reported that these new processes and organizations were established in the Spring of 2016, including a new strategic sourcing approach which should assist in addressing our recommendation. We are following up with the department to obtain evidence of this approach.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Veterans Affairs should direct the CIO to report on the department's progress in consolidating the dedicated fax servers to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In December 2015, the department reported that it would no longer pursue the initiative because an analysis performed in fiscal year 2014 indicated very little, if any cost savings to be achieved. The agency, however, did not provide evidence regarding any related reporting to OMB. We are following up with the department to obtain this evidence.
    Recommendation: To improve the department's implementation of PortfolioStat, as the department matures its enterprise architecture process, the Secretary of Veterans Affairs should direct the CIO to make use of it, as well as the valuation model, to identify whether there are additional opportunities to reduce duplicative, low-value, or wasteful investments.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In December 2015, the department stated it was changing its governance processes and organizational structures for IT portfolio, system, project and requirements management to strengthen its ability to identify and eliminate/consolidate duplicative systems or contracts. The department recently reported that these new processes and organizations were established in the Spring of 2016. We are following up with the department to find out how they are incorporating the use of the enterprise architecture and value model to identify opportunities to reduce duplicative, low-value, or wasteful investments.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Veterans Affairs should direct the CIO to develop detailed support for the estimated savings for fiscal years 2013 to 2015 for the Server Virtualization, Eliminate Dedicated Fax Servers Consolidation, Renegotiate Microsoft Enterprise License Agreement, and one CPU policy initiatives.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In December 2015, the department reported that the scope of the Server Virtualization initiative was increased and that the cost avoidance estimates were being revised accordingly. It also reported that the Elimination of Analog Fax Lines initiative was no longer being pursued because an analysis found that it would result in very little, if any, cost savings. In regards to the Renegotiate Microsoft Enterprise License Agreement initiative, the department reported that total savings over a 5-year period were renegotiated but did not provide supporting documentation. Lastly, the department reported that a new economic justification for the One CPU Policy initiative was being developed based on a consolidation strategy, and would be provided when completed. We are following up with the department to obtain documentation supporting its reported actions.
    Director: Powner, David A
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretary of Health and Human Services should direct appropriate officials to assess whether it would be cost effective to consolidate the remaining functions of the Medicare coverage determination systems.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We contacted the department and are awaiting a response on its efforts to implement this recommendation.
    Director: Powner, David A
    Phone: (202)512-9286

    1 open recommendations
    Recommendation: The Secretaries of Agriculture and Commerce should address the weaknesses in agency- and bureau-led TechStat processes and management outlined in this report.

    Agency: Department of Agriculture
    Status: Open

    Comments: The agency partially agreed with our assessment of the agency's TechStat process, but has not yet implemented our recommendation. At the time of our review, we identified several weaknesses in the agency's TechStat processes and management, including holding bureau-led TechStats, incorporating TechStats in its capital planning and governance structure, providing training on TechStats, and consistently capturing action steps, deadlines, and responsibilities in its TechStat memorandums. In an April 2017 update, the agency stated that it had not held any TechStats in 2016, but had identified several candidates for TechStats within the next 6 months. In addition, the agency plans to update its capital planning documents to include the TechStat program in late summer 2017. In addition, it has not finalized its TechStat training documentation, but plans to complete the documentation in late summer 2017. We will continue to monitor the implementation of this recommendation.
    Director: Powner, David A
    Phone: (202)512-9286

    3 open recommendations
    Recommendation: To improve the reliability of reported cost and schedule variance information for the seven major investments we reviewed, the Acting Commissioner of IRS should direct the Chief Technology Officer to improve the reliability of cost estimates by addressing the weaknesses we identified in this report so that each investment at least substantially meets each of the characteristics of a reliable cost estimate.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: We followed up on the status of IRS's actions to address this recommendation for the Customer Account Data Engine (CADE) 2, the Return Review Program (RRP), and IRS.gov, the three investments with significant planned expenditures for development in fiscal year 2017, according to data reported on the Federal IT dashboard (the remaining four investments in our 2013 review are primarily in operations and maintenance based on the same IT dashboard data). We selected CADE 2, RRP, and IRS.gov because they would benefit most from improvements to cost estimates given their life cycle stage. In the Summer of 2017, IRS provided documentation to demonstrate actions taken to address the weaknesses we had identified with the CADE 2, and RRP cost estimates. We are currently analyzing this information. For IRS.gov, IRS told us the investment had been in operations and maintenance for several years and was therefore not producing the cost documentation that is typically associated with development efforts. We requested documentation supporting this claim and as of September 2017 were waiting to receive it.
    Recommendation: To improve the reliability of reported cost and schedule variance information for the seven major investments we reviewed, the Acting Commissioner of IRS should direct the Chief Technology Officer to improve the extent to which schedules are well-constructed and controlled by addressing the weaknesses we identified in this report so that each investment at least substantially meets each of these characteristics.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: We followed up on the status of IRS's actions to address this recommendation for the Customer Account Data Engine (CADE) 2, the Return Review Program (RRP), and IRS.gov, the three investments with significant expenditures planned for development in fiscal year 2017, according to data reported on the Federal IT dashboard (the remaining four investments in our 2013 review are primarily in operations and maintenance based on the same IT dashboard data). We selected CADE 2, RRP, and IRS.gov because they would benefit most from improvements to schedule estimates given their life cycle stage. In the Summer of 2017, IRS provided documentation to demonstrate actions taken to address the weaknesses we had identified with the CADE 2, and RRP schedule estimates. We are currently analyzing this documentation. For IRS.gov, IRS told us the investment had been in operations and maintenance for several years and was therefore not producing the schedule estimates that are typically associated with development efforts. We requested documentation supporting this claim and as of September 2017 were waiting to receive it.
    Recommendation: To improve the reliability of reported cost and schedule variance information for the seven major investments we reviewed, the Acting Commissioner of IRS should direct the Chief Technology Officer to develop and implement guidance that specifies best practices--such as including evaluating critical path (for projected schedule), using earned value management data, evaluating the performance of completed work and comparing it to the remaining budget, assessing commitment values for material needed to complete remaining work, and estimating future conditions--to consider when determining projected cost and schedule amounts.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In June 2016, we reported on IRS's development and implementation of its Investment Performance Tool for tracking cost, schedule and scope metrics for its IT investments. At the time, IRS was using the tool for two investments. As of September 2017, we were reviewing the agency?s use of the tool as part of an ongoing review. We plan to further examine the use of the tool and the supporting guidance to determine the extent to which they address this recommendation.
    Director: Powner, David A
    Phone: (202) 512-9286

    5 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that major steady state IT investments are being adequately analyzed, the Secretaries of Defense, Veterans Affairs, and the Treasury should direct appropriate officials to develop an OA policy, annually perform OAs on all investments, and ensure the assessments include all key factors.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has stated it is developing OA policy, but has yet to provide a timeframe for when it will be completed. In addition, we are waiting for fiscal year 2016 OAs.
    Recommendation: To ensure that major steady state IT investments are being adequately analyzed, the Secretaries of Defense, Veterans Affairs, and the Treasury should direct appropriate officials to develop an OA policy, annually perform OAs on all investments, and ensure the assessments include all key factors.

    Agency: Department of the Treasury
    Status: Open
    Priority recommendation

    Comments: The Department of Treasury has developed an OA policy and is currently performing OAs on investments. However, we are waiting for fiscal year 2016 investment OAs to determine if all key factors are being met.
    Recommendation: To ensure that major steady state IT investments are being adequately analyzed, the Secretaries of Defense, Veterans Affairs, and the Treasury should direct appropriate officials to develop an OA policy, annually perform OAs on all investments, and ensure the assessments include all key factors.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: We are waiting for VA to provide its finalized OA policy and for fiscal year 2016 OAs.
    Recommendation: The Secretaries of Homeland Security and Health and Human Services should direct their Chief Information Officers to ensure OAs are performed annually on all major steady state investments and the assessments include all key factors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security has updated their OA policy and is currently performing OAs on investments. We received fiscal year 2016 OAs for CBP but are waiting for the rest of the departments OAs for FY2016.
    Recommendation: The Secretaries of Homeland Security and Health and Human Services should direct their Chief Information Officers to ensure OAs are performed annually on all major steady state investments and the assessments include all key factors.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We are waiting for HHS's fiscal year 2016 OAs.
    Director: Cha, Carol
    Phone: (202) 512-3000

    33 open recommendations
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Department of Agriculture has not implemented this recommendation. In January 2017, the department provided an action plan that indicated it would address the recommendation by November 2017.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce has not implemented this recommendation. We reported in September 2012 that the department had established metrics to measure and report outcomes associated with its enterprise architecture program, such as information technology cost savings, but it had yet to establish a method (i.e. steps to be followed) for measuring such outcomes. In April 2017, a department liaison reported that the Office of the Chief Information Officer had developed an initial draft of an enterprise architecture value measurement plan. However, as of August 2017, the department had not demonstrated that the plan had been finalized.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2017, the Department of Defense had not addressed our recommendation for either of the department's enterprise architectures we reviewed in 2012. With respect to the DOD enterprise architecture, we reported in 2012 that, according to officials, DOD's approach to establishing a method and metrics for measuring enterprise architecture strategic mission value (outcomes and benefits) would be accomplished through the development and publication of a DOD instruction and an enterprise architecture management plan. In particular, DOD's June 2012 draft instruction on enterprise architecture called for establishing metrics for assessing the effectiveness of the enterprise architecture to provide information that contributes to mission effectiveness and efficiency. In addition, the draft Enterprise Architecture Management Plan called for the development of metrics to assess the use of enterprise architecture, provided examples of potential metrics, including reduction in redundancies in DOD's portfolio, and called for the development of baseline and target threshold values for each selected metric. The plan also stated that the DOD CIO and architecture organization were to determine the final set of metrics and threshold values based on the resources available to assess the metrics. However, according to a March 2016 memo from the Deputy Chief Information Officer for Information Enterprise to the DOD Inspector General, the department no longer planned to publish an instruction related to enterprise architecture and considered our recommendation closed. The memo also described structures and processes for developing, managing, and applying DOD's architecture that it said fulfilled what would have been the intent of a DOD instruction on enterprise architecture, including governance, requirements, acquisition, portfolio management, and budgeting. However, the memo did not discuss measuring architecture outcomes. With respect to its business enterprise architecture, in August 2016, the department stated that it did not have a systematic methodology for measuring the business value of its business enterprise architecture. Department officials noted that our July 2015 report "DOD Business Systems Modernization: Additional Action Needed to Achieve Intended Outcomes" (GAO-15-627) concluded that the business enterprise architecture has yielded limited value. The officials stated that internal department management assessments and component feedback supported these determinations. The department also stated that it used our report as a key method for measuring enterprise architecture outcomes and is acting on the results. Specifically, the department stated that senior management has directed changes to the department's Business Enterprise Architecture program. However, as of August 2017, the department had not provided documentation indicating that it planned to establish an approach for measuring business enterprise architecture outcomes. We will continue to follow up on the department's efforts to address this recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: As of August 2017, the Department of the Air Force had not implemented this recommendation. As of September 2016, the department reported architecture-related outcomes, to top agency officials, including the numbers of defense business systems decommissioned. However, the department did not demonstrate that it had established an approach, including metrics and a documented method, to measure enterprise architecture outcomes. We will continue to monitor the Air Force's efforts to implement this recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of Defense: Department of the Navy
    Status: Open

    Comments: The Department of the Navy has partially implemented this recommendation. Specifically, the department demonstrated that it had established a metric to measure the percentage of server-based systems and applications that are virtualized annually. However, the department has yet to demonstrate that it documented the steps to be followed for measuring this virtualization. In October 2015, Navy developed a plan of actions and milestones to address elements in GAO's Enterprise Architecture Management Maturity Framework, including the element focused on measuring and reporting enterprise architecture outcomes, by September 2017. We will continue to monitor the Navy's efforts to implement this recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: The Department of the Army has taken steps to address this recommendation, but much more remains to be done. Specifically, since we reported in September 2012 that one of the department's three segment architectures had established a metric and a method to measure architecture outcomes, one of the remaining segments had established metrics, but it had not documented the steps to measure the metrics. The other remaining segment had yet to establish metrics and a method to measure architecture outcomes. Specifically, in December 2013, the Generating Force segment (now known as the Business Mission Area) developed an Army Business Management Strategy, which included metrics to measure the number of business systems retired over five years and cost savings and avoidance through use of the Army's business enterprise architecture. However, the department had not demonstrated that it had documented the steps to measure the metrics. In addition, the Operating Force segment has not demonstrated that it had established metrics and a method to measure architecture outcomes. In September 2015, the Army developed a plan of actions and milestones to address elements of GAO's Enterprise Architecture Management Maturity Framework, including the element focused on measuring and reporting enterprise architecture outcomes, by September 2017. We will continue to monitor the Army's efforts to implement this recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy has not implemented our recommendation. In March 2017, the department's Office of the Chief Information Officer reported that the department was evaluating actions to better integrate enterprise architecture practices into the department's information technology strategic planning, capital planning and investment control, and program management processes. The Office of the Chief Information Officer further reported that the department expected to develop a plan to measure and report architecture outcomes by the end of fiscal year 2017.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice has not taken sufficient steps to implement our recommendation. In June 2014, the department established metrics associated with the department's enterprise architecture (e.g., cost savings/avoidance gained through consolidated systems). However, as of August 2017, the department had not provided evidence that it had documented a method for measuring the metrics, or that it plans to do so. We will continue to monitor the department's efforts to implement the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor has not implemented this recommendation. In July 2017, the department stated that, by the end of fiscal year 2018, it would include the adoption and implementation of measurable enterprise architecture outcomes as part of upcoming information technology strategic planning efforts. We will continue to monitor the department's efforts to implement the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of the Treasury
    Status: Open

    Comments: As of August 2017, the Department of the Treasury had not implemented our recommendation. We reported in September 2012 that the department had established enterprise architecture metrics, but that it had not established a methodology for measuring its architecture outcomes. In June 2016, the department reported that it did not plan to establish an approach to measure architecture outcomes. Specifically, the department stated that it measured cost, schedule, and operational outcomes, but it did not attribute these measures to any practice, such as architecture. Nonetheless, we continue to believe that it is important to measure the value of its enterprise architecture and we will continue to monitor the department's efforts to implement the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of State
    Status: Open

    Comments: The Department of State has yet to implement this recommendation. In June 2017, the department's Information Resource Management GAO liaison stated that the department was in the process of developing an enterprise architecture plan. According to the liaison, the plan is to include a structured approach to capturing, evaluating, and assessing relevant performance related data. The liaison also that the target completion date for the plan is June 2018.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: As of August 2017, the Environmental Protection Agency had not implemented this recommendation and did not have a specific plan to do so. In March 2014, the agency submitted its Enterprise Roadmap to the Office of Management and Budget, which included metrics associated with potential outcomes related to its enterprise architecture efforts, such as cost savings gained from consolidating and sharing services. However, the agency had not established steps to be followed for measuring architecture outcomes. More recently, according to its May 2015 Enterprise Roadmap, the agency no longer planned to measure architecture-related outcomes. We will continue to monitor the agency's efforts to implement the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: The National Aeronautics and Space Administration (NASA) has taken steps to implement this recommendation, but more remains to be done. In December 2013, NASA issued Enterprise Architecture Procedures, which stated that key enterprise architecture metrics, such as cost savings and reduction of duplication, would be established. The procedures also stated that NASA's Chief Architect was to work with internal and external stakeholders to develop and mature metrics that provide information on enterprise architecture benefits and clearly illustrate progress or deficiencies in key areas. In January 2017, an official from NASA's Office of the Chief Information Officer described steps that NASA was taking to establish an approach for measuring architecture outcomes. However, as of August 2017, NASA had not demonstrated that it has documented a method and metrics for measuring outcomes.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: National Science Foundation
    Status: Open

    Comments: As of March 2017, the National Science Foundation had not implemented this recommendation. The agency stated that it is committed to measuring and reporting enterprise architecture results and outcomes and that it continues to adopt the Office of Management and Budget's recommended approach to enterprise architecture measurement. However, the agency did not provide supporting documentation. We will continue to monitor its efforts to implement the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Small Business Administration
    Status: Open

    Comments: The Small Business Administration (SBA) has not implemented our recommendation or established a plan to do so. In April 2014 and May 2015, SBA submitted to the Office of Management and Budget its Enterprise Roadmap, which included metrics associated with the agency's enterprise architecture, such as cost savings gained from consolidating systems. However, as of August 2017, the agency had yet to document the steps to be followed for measuring architecture outcomes. In July 2016, a Program Manager from the SBA Office of Congressional and Legislative Affairs stated that, going forward, progress for the SBA enterprise architecture program was expected to be limited because of limited labor resources. Nevertheless, we will continue to monitor the agency's efforts to implement the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Office of Personnel Management
    Status: Open

    Comments: The Office of Personnel Management has not implemented this recommendation. In September 2016, the agency's Office of Internal Oversight and Compliance reported that it planned to develop an enterprise architecture strategic plan in the third quarter of fiscal year 2017. The plan was to include application rationalization metrics and a method for measurement. However, as of August 2017, the agency had not demonstrated that it had addressed the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Department of Agriculture has not yet implemented this recommendation. In January 2017, the department provided its action plan to address the recommendation by November 2017.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce has not implemented this recommendation. In November 2012, the department reported architecture outcomes, such as information technology cost savings, to top agency officials. However, the department has not reported architecture outcomes again to top agency officials or to the Office of Management and Budget. In April 2017, a department liaison reported that the Office of the Chief Information Officer had developed an initial draft enterprise architecture value measurement plan, which the department expected to complete by May 2017. In addition, the official reported that the department was in the process of developing a communication plan, by May 2017, to brief executive leadership on architecture value measurement on a regular basis. However, as of August 2017, the department had not demonstrated that these plans had been finalized.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2017, the Department of Defense (DOD) had not implemented this recommendation for either of the department's enterprise architectures we reviewed in 2012. With respect to the DOD enterprise architecture, the department had not measured and reported architecture outcomes and benefits. We reported in 2012 that, according to DOD officials, the implementation of an instruction on enterprise architecture and an enterprise architecture management plan would allow the benefits of architecture to be measured and reported. However, according to a March 2016 memo from the Deputy Chief Information Officer for Information Enterprise to the DOD Inspector General, the department no longer planned to publish an instruction related to enterprise architecture and considered our recommendation closed. The memo also described structures and processes for developing, managing, and applying DOD's architecture, including governance, requirements, acquisition, portfolio management, and budgeting. However, the memo did not discuss measuring and reporting enterprise architecture outcomes. With respect to its business enterprise architecture, in August 2016, the department stated that it did not have a systematic methodology for measuring the business value of its business enterprise architecture. Department officials further stated that our July 2015 report "DOD Business Systems Modernization: Additional Action Needed to Achieve Intended Outcomes" (GAO-15-627) concluded that the business enterprise architecture had yielded limited value. As a result of our report, the department stated that senior management had directed changes to the department's Business Enterprise Architecture program. However, as of August 2017, the department had not provided documentation indicating that it planned to establish an approach for measuring and reporting business enterprise architecture outcomes. We will continue to follow up on the department's efforts to address this recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Department of Defense: Department of the Navy
    Status: Open

    Comments: The Department of the Navy has not implemented this recommendation. Specifically, the department has not demonstrated that it has measured and reported enterprise architecture outcomes and benefits to top agency officials. In October 2015, the department developed a plan of actions and milestones to address elements in GAO's Enterprise Architecture Management Maturity Framework, including the element focused on measuring and reporting enterprise architecture results and outcomes by September 2017. We will continue to monitor the Navy's efforts to implement this recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy has not yet implemented the recommendation. In March 2017, the department's Office of the Chief Information Officer reported that the department is evaluating actions to better integrate enterprise architecture practices into the department's information technology strategic planning, capital planning and investment control, and program management processes. The Office of the Chief Information Officer also reported that the department expects to develop a plan to measure and report architecture outcomes by the end of fiscal year 2017 and to have routine measures and reporting in place during fiscal year 2018.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice has not sufficiently implemented our recommendation. Although the department reported cost savings through use of its enterprise architecture, as of August 2017, it has not provided documentation to support that the cost savings have been reliably measured.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor has not implemented this recommendation. In July 2017, the department stated that it planned to include, by the end of fiscal year 2018, the adoption and implementation of measurable enterprise architecture outcomes as part of upcoming information technology strategic planning efforts. We will continue to monitor the department's efforts to implement the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Department of the Treasury
    Status: Open

    Comments: As of August 2017, the Department of the Treasury had not measured and reported enterprise architecture outcomes in accordance with our recommendation. Moreover, in June 2016, the department reported that it does not plan to do so. In September 2012, we reported that the department had reported architecture outcomes; however the metrics had not been periodically measured and reported. Subsequently, in its February 2014 Information Technology Enterprise Roadmap, the department reported a reduction in infrastructure spending as a percentage of its information technology budget from fiscal year 2010 through fiscal year 2013 and attributed the results to enterprise architecture. However, the department did not demonstrate that it had reliably measured the outcome. Specifically, it did not provide supporting documentation. In June 2016, the department reported that it did not plan to establish an approach to measure and report architecture outcomes. Nonetheless, we continue to believe our recommendation is warranted and will monitor the department's efforts to implement it.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department of Veterans Affairs has not implemented this recommendation. In July 2017, the department stated that in the fall of 2016, the Chief Information Officer instituted a new information technology governance framework and established the Architecture Board that is responsible for overseeing all aspects of the department's architecture. According to the department, as of July 2017, the board was formulating enterprise architecture priorities, including the measurement and reporting of architecture outcomes and benefits. The department anticipated that priority enterprise architecture measures and reporting requirements would be established by the end of fiscal year 2017, and that actual reporting to the board will begin by December 2017.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Department of State
    Status: Open

    Comments: The Department of State has not implemented our recommendation. According to the department's Information Resource Management GAO liaison, the department will complete an updated enterprise architecture plan and establish desired performance outcomes by December 2017.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency has not implemented this recommendation. In March 2014, the agency submitted to the Office of Management and Budget its Enterprise Roadmap, which identified outcomes associated with its enterprise architecture efforts. For example, the agency reported cost savings achieved in fiscal year 2013 related to consolidating and sharing services. However, the agency did not demonstrate that it reliably measured the outcome (i.e., it did not provide supporting documentation). More recently, according to its May 2015 Enterprise Roadmap, the agency no longer planned to measure architecture-related outcomes. As of August 2017, the agency had not demonstrated that it had taken additional actions to address this recommendation. Nonetheless, we continue to believe that it is important that the agency measure the value of its enterprise architecture and will monitor its efforts to implement the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: The National Aeronautics and Space Administration (NASA) has not implemented this recommendation. In February 2017, the agency reported that enterprise architecture performance outcomes were being refined for incorporation into its 2017 Information Resource Management Strategic Plan. However, as of August 2017, NASA had not demonstrated that it has measured and reported architecture outcomes.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: National Science Foundation
    Status: Open

    Comments: As of March 2017, the National Science Foundation had not implemented this recommendation. The agency stated that it is committed to measuring and reporting enterprise architecture results and outcomes and that it continues to adopt the Office of Management and Budget's recommended approach to enterprise architecture measurement. However, the agency did not provide supporting documentation. We will continue to monitor its efforts to implement the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Small Business Administration
    Status: Open

    Comments: As of August 2017, the Small Business Administration had not implemented this recommendation. Specifically, it had not demonstrated that it has measured architecture outcomes. In July 2016, the agency reported that, going forward, desired progress for its enterprise architecture program was expected to be limited because of limited labor resources. Nevertheless, we will continue to monitor the agency's efforts to implement the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Office of Personnel Management
    Status: Open

    Comments: The Office of Personnel Management (OPM) has not implemented this recommendation. In September 2016, OPM's Office of Internal Oversight and Compliance reported that the agency planned to develop an enterprise architecture strategic plan in the third quarter of fiscal year 2017, which was to include measuring and reporting application rationalization metrics to OPM senior executives and the Office of Management and Budget. However, as of August 2017, the agency had not demonstrated that it had addressed the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Health and Human Services and Housing and Urban Development should ensure that enterprise architecture outcomes are periodically measured and reported to top agency officials.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services has not implemented this recommendation, or provided a plan to do so. As of August 2017, it had not demonstrated that it had measured architecture metrics that it had established in its April 2014 Enterprise Roadmap. We will continue to monitor the department's efforts to implement the recommendation
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, and to assist agencies in measuring and reporting outcomes achieved through enterprise architecture, the Director of OMB should ensure that the planned December 2012 guidance for enterprise architecture value measurement and reporting includes (1) sufficient details on the method and metrics that agencies could use to measure their architecture program's value and (2) a requirement for agencies to include in their April 2013 enterprise roadmap submissions a measurement method (i.e., steps to be followed) and metrics, and report on the outcomes and benefits achieved through enterprise architecture.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: As of July 2017, the Office of Management and Budget (OMB) had not fully addressed our recommendation. In March 2013, the office required agencies to submit annually an Enterprise Roadmap, which was to include an appendix on enterprise architecture outcomes. To prepare the appendix, the office provided agencies with a template to document architecture metrics and measurement methods. The template included examples of outcome metrics and a field where agencies were to document measurement methods. However, OMB did not provide details on the methods that agencies could use to measure architecture outcomes or require that agencies include the steps to be followed for measuring outcomes. Furthermore, as of July 2016, OMB no longer required agencies to submit a report of enterprise architecture outcomes. According to OMB's Integrated Data Collection guidance, the Office of the Federal Chief Information Officer reviewed the information requested from agencies and reduced it in an effort to reduce the reporting burden on agencies. Nonetheless, we continue to believe that it is important that OMB assist agencies in measuring outcomes achieved through enterprise architecture and require that outcomes be reported, in order to enhance agencies' ability to realize enterprise architecture benefits.
    Director: Mctigue Jr, James R
    Phone: (202) 512-7968

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To continue to improve information on program cost and results that could aid in resource decision making, the Commissioner of Internal Revenue should develop a quantitative measure of scope, at a minimum for its major IT investments, to have complete information on the performance of these investments.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open
    Priority recommendation

    Comments: As of March 2017, IRS had taken actions to develop a quantitative measure of scope for its major information technology (IT) investments, as GAO recommended in June 2012. Specifically, starting in December 2015, IRS included planned "scope elements" for the Return Review Program investment and identified the elements it had delivered to date in its quarterly report on IT to Congress. IRS further enhanced this report in December 2016, by including the percentage of planned scope delivered for selected investments. IRS actions represent positive steps and GAO will continue to work with the agency to determine the reliability of the reported performance information and monitor efforts to expand the use of a quantitative measure of scope. These efforts will assist with providing IRS and other decision makers complete information on the performance of major IT investments.