Recommendation: The Secretary of Agriculture should ensure that the agency fully implements the category management activity to reduce unaligned IT spending, by performing an analysis of alternatives to justify the agency's unaligned IT contracts. (Recommendation 1)

Agency: Department of Agriculture
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Agriculture should ensure that the agency fully implements the category management activity to develop and implement vendor management strategies, by implementing the strategies it had developed. (Recommendation 2)

Agency: Department of Agriculture
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Agriculture should ensure that the agency fully implements the category management activity to share prices paid, terms, and conditions for purchased IT goods and services. (Recommendation 3)

Agency: Department of Agriculture
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Agriculture should ensure that the agency finishes implementing its process to analyze IT contract data. (Recommendation 4)

Agency: Department of Agriculture
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Agriculture should ensure that the agency develops and implements strategies to address duplication identified through the use of spend analyses. (Recommendation 5)

Agency: Department of Agriculture
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Defense should ensure that the agency fully implements the category management activity to reduce unaligned IT spending. (Recommendation 6)

Agency: Department of Defense
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Defense should ensure that the agency documents its annual spend analyses used to identify opportunities to reduce IT contract duplication. (Recommendation 7)

Agency: Department of Defense
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Health and Human Services should ensure that the agency uses a spend analysis on a regular basis to identify IT contract duplication. (Recommendation 8)

Agency: Department of Health and Human Services
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Attorney General should ensure that the Department of Justice fully implements the category management activity to reduce unaligned IT spending, by performing an analysis of alternatives to justify the agency's unaligned IT contracts. (Recommendation 9)

Agency: Department of Justice
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Attorney General should ensure that the Department of Justice fully implements the category management activity to share prices paid, terms and conditions for purchased IT goods and services. (Recommendation 10)

Agency: Department of Justice
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Attorney General should ensure that the Department of Justice fully implements the category management activity to engage the workforce in training regarding category management principles and practices, by tracking its workforce's attendance in the training. (Recommendation 11)

Agency: Department of Justice
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Attorney General should ensure that the Department of Justice uses a spend analysis to identify opportunities to reduce IT contract duplication. (Recommendation 12)

Agency: Department of Justice
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Attorney General should ensure that the Department of Justice develops and implements strategies to address duplication identified through the use of spend analyses. (Recommendation 13)

Agency: Department of Justice
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of State should ensure that the agency fully implements the category management activity to develop and implement vendor relationship management strategies, by executing its vendor management plan. (Recommendation 14)

Agency: Department of State
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Veterans Affairs should ensure that the agency fully implements the category management activity to develop processes and policies for implementing the agency's category management efforts. (Recommendation 15)

Agency: Department of Veterans Affairs
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Veterans Affairs should ensure that the agency fully implements the category management activity to reduce unaligned IT spending, by performing an analysis of alternatives to justify the agency's unaligned IT contracts. (Recommendation 16)

Agency: Department of Veterans Affairs
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Veterans Affairs should ensure that the agency fully implements the category management activity to develop and implement vendor relationship management strategies. (Recommendation 17)

Agency: Department of Veterans Affairs
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Veterans Affairs should ensure that the agency fully implements the category management activity to share prices paid, terms and conditions for purchased IT goods and services. (Recommendation 18)

Agency: Department of Veterans Affairs
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Veterans Affairs should ensure that the agency uses a spend analysis to identify opportunities to reduce IT contract duplication. (Recommendation 19)

Agency: Department of Veterans Affairs
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Veterans Affairs should ensure that the agency develops and implements strategies to address duplication identified through the use of spend analyses. (Recommendation 20)

Agency: Department of Veterans Affairs
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Commissioner of the Social Security Administration should ensure the Office of Acquisition and Grants, in consultation with the Chief Information Officer, revises relevant guidance to identify the role of contracting officials in the Agile software development process.

Agency: Social Security Administration
Status: Open

Comments: The Social Security Administration agreed with the recommendation but has not yet taken actions to implement it.

Recommendation: The Secretary should ensure that the Director of Strategic Technology Management (STM), in collaboration with other members of the Information Technology Program Management Center of Excellence (ITPM COE), identifies the skills and resources needed to complete the work intended for the upcoming fiscal year, including the availability of supplementary staff, such as subject matter experts. (Recommendation 1)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary should ensure that the Executive Steering Committee overseeing the activities of the ITPM COE establishes target measures for the department's desired outcomes of its transition to Agile development. (Recommendation 2)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary should ensure that the DHS Chief Information Officer (CIO) defines a process and associated set of controls to ensure that Agile programs and projects are reporting a set of core required performance metrics for monitoring and measuring Agile adoption. (Recommendation 3)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary should ensure that the ITPM COE, in coordination with the CIO, begins measuring results associated with the transition to Agile and the success of the transition based on its impact on the department. (Recommendation 4)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary should ensure that the CIO, in collaboration with the Chief Procurement Officer, through the Homeland Security Acquisition Institute, establish Agile training requirements for senior stakeholders. (Recommendation 5)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary should ensure that the Chief Human Capital Officer, in collaboration with the CIO, consider modifications to the current employee recognition and performance management governance to ensure that teamwork and team performance of Agile programs and projects are incentivized. (Recommendation 6)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary should ensure that the CIO, in collaboration with the Chief Procurement Officer, through the Homeland Security Acquisition Institute, establish Agile training requirements for staff outside of the acquisition workforce but assigned to Agile programs. (Recommendation 7)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary should ensure that the CIO, upon establishing a set of core performance metrics, tracks and monitors the pace of Agile team development. (Recommendation 8)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary should ensure that the CIO, in collaboration with the Executive Director of the Office of Program Accountability and Risk Management (PARM), update or develop new guidance on Agile methodologies to describe how Agile teams can estimate the relative complexity of user stories. (Recommendation 9)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary should ensure that the CIO, upon establishing a set of core performance metrics, sets expectations for automated testing and code quality, and tracks and monitors against those expectations. (Recommendation 10)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Agriculture should ensure that the agency fully implements each of the eight key IT workforce planning activities it did not fully implement. (Recommendation 1)

Agency: Department of Agriculture
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Education should ensure that the agency fully implements each of the seven key IT workforce planning activities it did not fully implement. (Recommendation 2)

Agency: Department of Education
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Energy should ensure that the agency fully implements each of the eight key IT workforce planning activities it did not fully implement. (Recommendation 3)

Agency: Department of Energy
Status: Open

Comments: In July 2020, the department reported actions it had taken to fully implement the activities associated with assessing competencies and needs regularly; assessing gaps in competencies and staffing; monitoring the agency's progress in addressing competency and staffing gaps; and reporting to agency leadership on progress in addressing competency and staffing gaps. The department also reported actions it had taken to address the remaining four activities and provided estimated time frames for fully implementing them. As of August 2020, we were following up with the department to obtain supporting documentation for the activities it claimed it had fully implemented and status updates for the remaining activities.

Recommendation: The Secretary of Homeland Security should ensure that the agency fully implements each of the eight key IT workforce planning activities it did not fully implement. (Recommendation 4)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Housing and Urban Development should ensure that the agency fully implements each of the seven key IT workforce planning activities it did not fully implement. (Recommendation 5)

Agency: Department of Housing and Urban Development
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of the Interior should ensure that the agency fully implements each of the eight key IT workforce planning activities it did not fully implement. (Recommendation 6)

Agency: Department of the Interior
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Attorney General should ensure that the agency fully implements each of the eight key IT workforce planning activities it did not fully implement. (Recommendation 7)

Agency: Department of Justice
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Labor should ensure that the agency fully implements each of the eight key IT workforce planning activities it did not fully implement. (Recommendation 8)

Agency: Department of Labor
Status: Open

Comments: In December 2019, Labor officials provided additional documentation on actions taken to address the recommendation. We plan to review the documentation, and when we confirm what actions the agency has taken, we will provide updated information.

Recommendation: The Secretary of State should ensure that the agency fully implements each of the seven key IT workforce planning activities it did not fully implement. (Recommendation 9)

Agency: Department of State
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Veterans Affairs should ensure that the agency fully implements each of the five key IT workforce planning activities it did not fully implement. (Recommendation 10)

Agency: Department of Veterans Affairs
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Administrator of the Environmental Protection Agency should ensure that the agency fully implements each of the eight key IT workforce planning activities it did not fully implement. (Recommendation 11)

Agency: Environmental Protection Agency
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Administrator of the General Services Administration should ensure that the agency fully implements each of the seven key IT workforce planning activities it did not fully implement. (Recommendation 12)

Agency: General Services Administration
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Director of the National Science Foundation should ensure that the agency fully implements each of the eight key IT workforce planning activities it did not fully implement. (Recommendation 13)

Agency: National Science Foundation
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Chairman of the Nuclear Regulatory Commission should ensure that the agency fully implements each of the seven key IT workforce planning activities it did not fully implement. (Recommendation 14)

Agency: Nuclear Regulatory Commission
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Director of the Office of Personnel Management should ensure that the agency fully implements each of the eight key IT workforce planning activities it did not fully implement. (Recommendation 15)

Agency: Office of Personnel Management
Status: Open
Priority recommendation

Comments: In December 2019, OPM stated that it had partnered with the General Services Administration's IT Modernization Center of Excellence to assess the current state of its IT workforce planning activities, but had not yet implemented any of the eight key planning activities we recommended. We will continue to monitor OPM's efforts to implement the recommendation.

Recommendation: The Administrator of the Small Business Administration should ensure that the agency fully implements each of the seven key IT workforce planning activities it did not fully implement. (Recommendation 16)

Agency: Small Business Administration
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Commissioner of the Social Security Administration should ensure that the agency fully implements each of the five key IT workforce planning activities it did not fully implement. (Recommendation 17)

Agency: Social Security Administration
Status: Open

Comments: In November 2019, Social Security Administration officials provided the agency's recently issued IT workforce strategy for fiscal year 2019 to fiscal year 2022. We plan to review the strategy, and when we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Administrator of the U.S. Agency for International Development should ensure that the agency fully implements each of the seven key IT workforce planning activities it did not fully implement. (Recommendation 18)

Agency: United States Agency for International Development
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Secretary of Defense should ensure the department implements the pilot program by releasing at least 20 percent of newly custom-developed code as open source software (OSS). (Recommendation 1)

Agency: Department of Defense
Status: Open

Comments: The Department of Defense did not concur with this recommendation and as of July 2020 has not yet implemented it. According to a December 2019 department letter provided to GAO, the 20 percent software release target is unlikely achievable due to the nature of code that is custom developed by the department. However, the department is mandated by law to implement the open source software pilot program established by the Office of Management and Budget's memorandum M-16-21. Releasing at least 20 percent of newly custom-developed code is a requirement of this program. GAO will continue to follow-up on the status of the pilot program.

Recommendation: The Secretary of Defense should ensure the department identifies a measure to calculate the percentage of code released to gauge its progress on implementing the pilot program. (Recommendation 2)

Agency: Department of Defense
Status: Open

Comments: The Department of Defense partially agreed with this recommendation and as of July 2020 has not yet implemented it. According to a December 2019 department letter sent to GAO, the department intends to release updated guidance on the release of custom-developed code as open-source software and will include metrics. The department estimated that the updated policy will be completed in the 3rd quarter of fiscal year 2020. GAO will follow-up with the agency to obtain the status of the updated guidance.

Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Acquisition and Sustainment to identify the reasons behind the high rate of miscoding for orders awarded under multiple award contracts and use this information to identify and take action to improve the reliability of the competition data entered into FPDS-NG. (Recommendation 1)

Agency: Department of Defense
Status: Open

Comments: In November 2018, and in response to our draft report, DOD stated that it would analyze the Federal Procurement Data System- Next Generation data in an effort to identify why the miscoding of orders under multiple award contracts occurs, and use this information to advise the contracting community of actions to improve the reliability of the competition data. In July 2019, DOD officials stated they did not have an update regarding planned actions to address the recommendation. As of September 2020, DOD officials did not respond to our multiple requests for updates to this recommendation.

Recommendation: The Secretary of Health and Human Services should direct the Associate Deputy Assistant Secretary for Acquisition to identify the reasons behind the high rate of miscoding for orders awarded under multiple award contracts and use this information to identify and take action to improve the reliability of the competition data entered into FPDS-NG. (Recommendation 2)

Agency: Department of Health and Human Services
Status: Open

Comments: In February 2019, HHS stated it was performing analysis and research to understand the reasons for the miscoding of orders. Once this analysis and research is completed, HHS reported it plans to work to address the root causes of the previously identified miscodings, so as to prevent future errors. In July 2019, HHS officials stated they did not have an update regarding planned actions to address the recommendation. As of September 2020, HHS officials did not respond to our multiple requests for updates to this recommendation.

Recommendation: The Secretary of Agriculture should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 3)

Agency: Department of Agriculture
Status: Open

Comments: The agency concurred with our recommendation, and in June 2018, USDA CIO delegated the review and approval of acquisition plans and strategies to the Capital Planning and Information Technology Governance Division (CPITGD) through the Associate CIO of the Information Resource Management Center. However, as of June 2020, the agency had not provided evidence to demonstrate that these reviews and approvals are taking place as required by OMB's guidance. We will continue to monitor the implementation of this recommendation.

Recommendation: The Secretary of Commerce should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 4)

Agency: Department of Commerce
Status: Open

Comments: In a March 2018 response to our report, the agency agreed with our recommendation and stated that the CIO and the Senior Procurement Executive will issue a memo to their acquisition and CIO member offices clarifying the offices joint responsibilities to ensure that all IT acquisitions are submitted to the CIO for review and approval. The memo is also to provide guidance on the process by which the CIO will review proposed contract actions. However, as of February 2020, the agency had not responded to requests for updates. We will continue to monitor the implementation of this recommendation.

Recommendation: The Secretary of Commerce should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 5)

Agency: Department of Commerce
Status: Open

Comments: In a March 2018 response to our report, the agency agreed with our recommendation and stated that it intended to clarify its policies and procedures to comply with OMB rules, including the IT acquisition checklist, which must be completed for every proposed contract action. In addition, the CIO and Senior Procurement Executive will work together to review existing acquisition plan review and approval processes. However, as of February 2020, the agency had not responded to requests for updates. We will continue to monitor the implementation of this recommendation.

Recommendation: The Secretary of HHS should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 10)

Agency: Department of Health and Human Services
Status: Open

Comments: The agency agreed with our recommendation and in an April 2018 update stated that HHS has a policy for the HHS IT acquisition review process for acquisition strategies. However, as of February 21, 2020, the agency had not provided evidence that the CIO (or designee) was reviewing and approving IT acquisition plans, as required. We will continue to monitor the implementation of this recommendation.

Recommendation: The Secretary of State should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 22)

Agency: Department of State
Status: Open

Comments: The agency agreed with our recommendation, and in a December 2019 update provided information on the agency's CPIC process and a template for IT acquisition strategies. However, it is not clear whether the CIO is reviewing and approving IT acquisitions plans through the CPIC process and the template does not provide a place for the CIO review and approval. In addition, we have requested evidence of CIO approval of selected IT acquisitions. We will continue to monitor the implementation of this recommendation

Recommendation: The Secretary of the Treasury should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 23)

Agency: Department of the Treasury
Status: Open

Comments: The agency did not state whether it agreed or disagreed with the recommendation. In March 2019, Treasury issued a memo that requires the CIO to review and approve IT acquisition plans for acquisitions with a total value of $68 million or more, or for actions with a period of performance longer than 5 years. The review and approval of all other IT acquisition plans are delegated to the component CIOs or Chief Technology Officers. However, the agency had not yet provided evidence that the CIO (or designee) was reviewing and approving selected IT acquisition plans, as required. We will continue to monitor the implementation of this recommendation.

Recommendation: The Secretary of Transportation should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 26)

Agency: Department of Transportation
Status: Open

Comments: The agency concurred with the recommendation. In October 2019, Transportation issued guidance requiring that the CIO or designee to review and approve all IT acquisition plans. We have requested that the agency provide us evidence of CIO-approved IT acquisition plans. The agency stated that it planned to respond by May 15, 2020. We will continue to monitor the implementation of this recommendation.

Recommendation: The Secretary of VA should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 28)

Agency: Department of Veterans Affairs
Status: Open

Comments: The agency concurred with the recommendation. In November 2019, VA issued guidance that requires the CIO, in conjunction with the Chief Acquisition Officer, to review and approve all IT acquisition strategies and plans. Specifically, the CIO is to review and approve IT acquisitions valued at $15 million or more. The CIO has delegated the review and approval of IT acquisitions less than $15 million to other designees, based on the value of the contract. However, the agency had not provided evidence that the CIO (or designee) was reviewing and approving selected IT acquisition plans, as required. We will continue to monitor the implementation of this recommendation.

Recommendation: The Administrator of NASA should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 32)

Agency: National Aeronautics and Space Administration
Status: Open

Comments: The agency concurred with the recommendation, and in September 2017, NASA's CIO delegated the review and approval authority of IT acquisitions to the Center CIOs. We have requested evidence of CIO-approved IT acquisitions. We will continue to monitor the implementation of this recommendation.

Recommendation: The Director of the Office of Personnel Management should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 34)

Agency: Office of Personnel Management
Status: Open

Comments: The agency concurred with the recommendation and in an April 2020 updated stated that OPM has contracted with a third-party vendor to evaluate the OPM IT human capital, architecture, and governance processes from planning to acquisition to implementation. The agency further stated that it is working to fully implement an IT governance process where the OPM CIO fully reviews and approves IT acquisition plans and processes. We will continue to monitor the implementation of this recommendation.

Recommendation: The Director of OMB should continue to identify and report to Congress on the status of the top 10 high priority information technology programs and the extent to which USDS is involved in the programs, as was done in June 2015 and June 2016. In doing so, the Director should ensure that these reports are issued quarterly. (Recommendation 1)

Agency: Executive Office of the President: Office of Management and Budget
Status: Open

Comments: We have been requesting periodic updates from OMB on actions it has taken to address the recommendation. As of April 2020, the agency did not have any updates.

Recommendation: The Director of OMB should ensure that the Federal CIO is directly involved in the oversight of high priority programs. (Recommendation 2)

Agency: Executive Office of the President: Office of Management and Budget
Status: Open
Priority recommendation

Comments: OMB has not taken actions to address this recommendation, stating that the Federal CIO is not typically involved with overseeing individual IT programs. However, we continue to believe it is important for OMB to take this action, as the results of past CIO-led reviews of troubled programs show that CIO oversight can have significant positive results, including producing significant savings. In December 2019, OMB stated that it had no ongoing or planned action to address the recommendation, noting that the recommendation represents a "fundamental disagreement" between OMB and GAO on the role of the Federal CIO in overseeing programs.

Recommendation: The Director of OMB should continue to report on the status of USDS projects. In doing so, the Director should ensure that the reports are issued quarterly. (Recommendation 3)

Agency: Executive Office of the President: Office of Management and Budget
Status: Open

Comments: We have been requesting periodic updates from OMB on actions it has taken to address the recommendation. As of April 2020, the agency did not have any updates.

Recommendation: The Secretary of Agriculture should ensure that the CIO of USDA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 9)

Agency: Department of Agriculture
Status: Open

Comments: In September 2019, a Department of Agriculture official stated that the department was working to establish a policy to include the information noted in our recommendation and planned to finalize a policy by the end of December 2019. We will continue to monitor the department's progress on these efforts.

Recommendation: The Secretary of Veterans Affairs (VA) should ensure that the CIO of VA updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 10)

Agency: Department of Veterans Affairs
Status: Open

Comments: The Department of Veterans Affairs (VA) has taken action, and stated that it would draft a policy to address our recommendation. In November 2019, a VA official stated that the department is working to address our recommendation but did not identify timeframes for when all activities would be completed. We will continue to evaluate the department's progress in implementing this recommendation.

Recommendation: The Administrator of the Environmental Protection Agency (EPA) should ensure that the CIO of EPA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 11)

Agency: Environmental Protection Agency
Status: Open

Comments: The Environmental Protection Agency (EPA) concurred with our recommendation and stated that it planned to develop a policy to implement this recommendation and other FITARA issues. Specifically, EPA officials reported in July 2019 that the agency was continuing to work to address the recommendation but did not provided a time frame for when a policy would be finalized. We will continue to monitor EPA's progress on these efforts.

Recommendation: The Administrator of the National Aeronautics and Space Administration (NASA) should ensure that the CIO of NASA establishes an agency-wide policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes: a description of the CIO's role in the certification process; a description of how CIO certification will be documented; and a definition of incremental development and time frames for delivering functionality, consistent with OMB guidance. (Recommendation 13)

Agency: National Aeronautics and Space Administration
Status: Open

Comments: The National Aeronautics and Space Administration (NASA) concurred with our recommendation and reported that the agency was in the process of addressing it. Specifically, NASA officials reported in June 2020 that its guidance is currently being updated to include the information noted in our recommendation and will be finalized by September 2020. We will continue to monitor NASA's progress on these efforts.

Recommendation: The Director of the Office of Personnel Management (OPM) should ensure that the CIO of OPM updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 16)

Agency: Office of Personnel Management
Status: Open

Comments: The Office of Personnel Management (OPM) concurred with our recommendation and stated that it would update its policies and processes to include the elements we recommended. Specifically, OPM officials reported in November 2019 that guidance on CIO certification was being developed but the agency had not yet determined a time frame for finalizing the policy. We will continue to monitor OPM's progress on these efforts.

Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the department's future IT skillset needs as a result of DHS's new delivery model, (2) conducting a skills gap analysis, and (3) resolving any skills gaps identified.

Agency: Department of Homeland Security
Status: Open

Comments: In 2018 and 2019, the DHS Office of the Chief Information Officer implemented a Strategic Workforce Planning initiative that included (1) identifying the department's future IT skillset needs, and (2) conducting a skills gap analysis related to these needs. The department is currently working to resolve the skills gaps identified during the initiative. We will continue to monitor and evaluate the Department's efforts to resolve these skills gaps.

Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update the department's acquisition policies and guidance to be consistent in identifying that the DHS CIO is to certify investments' incremental development activities.

Agency: Department of Homeland Security
Status: Open

Comments: In response to our recommendation, DHS updated its agile development policy to specify that the DHS CIO is responsible for certifying investments' incremental development activities, which is consistent with the Department's Acquisition Management Instruction. However, DHS has not yet updated its Systems Engineering Life Cycle Instruction and Guidebook to be consistent in specifying that this certification is the responsibility of the DHS CIO. We will continue to monitor the Department's progress in implementing this recommendation.

Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update DHS headquarters', Customs and Border Protection's, and U.S. Coast Guard's processes to track, for all contracts and agreements, the IT investment with which each is associated (as applicable).

Agency: Department of Homeland Security
Status: Open

Comments: In response to our recommendation, Customs and Border Protection implemented a process to track the IT investments associated with each contract and agreement. The U.S. Coast Guard also implemented a process to track the IT investments associated with its contracts; however, it has not yet demonstrated that it has implemented such a process for tracking the IT investments associated with its agreements. Further, DHS headquarters is still working to establish a process for tracking the IT investments associated with its contracts and agreements. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.

Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update and implement the process DHS uses for assessing the risks of major IT investments to ensure that the CIO rating reported to the Dashboard fully reflects the CIO's assessment of each major IT investment.

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with our recommendation. In May 2020, DHS officials stated that the Office of the CIO began piloting a new program health assessment process in the second quarter of fiscal year 2020, and DHS intends to report the program ratings resulting from that process to the IT Dashboard. We will continue to monitor and evaluate the Department's efforts to implement this new process.

Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Commerce should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish and maintain a workforce planning process; (2) develop competency and staffing requirements; (3) assess competency and staffing needs regularly; (4) assess gaps in competencies for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing; (6) implement activities that address gaps, including an IT acquisition cadre, cross-functional training of acquisition and program personnel, a career path for program managers, and special hiring authorities, if justified and cost-effective; (7) monitor the department's progress in addressing IT competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps.

Agency: Department of Commerce
Status: Open
Priority recommendation

Comments: The department agreed with the recommendation and stated that it plans to fully implement it. In October 2019 (in GAO-20-129), we reported the results of our evaluation of the department's progress in implementing the eight IT workforce planning activities. Specifically, we reported that the department had substantially implemented the activity to develop competency and staffing requirements, minimally or partially implemented four activities, and not implemented the remaining three activities. In July 2020, the department provided a summary of actions it claimed it had taken to close the recommendation. The department also provided supporting documentation. We are reviewing the documentation to determine whether it fully addresses the recommendation.

Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Defense should require the Chief Information Officer, the Under Secretary of Defense for Personnel and Readiness, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) develop competencies for all staff; (2) assess competency needs regularly for all positions; (3) assess gaps in competencies for all components of the workforce; (4) develop strategies and plans to address gaps in competencies; (5) implement activities that address gaps, including developing a program management career path, if justified and cost-effective; (6) monitor the department's progress in addressing competency gaps identified for IT staff; and (7) report to department leadership on progress in addressing competency gaps.

Agency: Department of Defense
Status: Open

Comments: DOD partially concurred with our recommendation. In October 2019 (in GAO-20-129), we reported the results of our evaluation of the Department of Defense's progress in implementing the eight IT workforce planning activities. Specifically, we reported that the department had fully implemented the activities to develop competency and staffing requirements and assess competency and staffing needs regularly, substantially implemented four other activities, and partially implemented the remaining two activities. We will continue to monitor the department's efforts to address our recommendation.

Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Health and Human Services should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish and maintain a workforce planning process inclusive of all staff; (2) develop staffing requirements for all positions; (3) assess staffing needs regularly; (4) assess gaps in competencies and staffing for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing; (6) implement activities that address gaps, including an IT acquisition cadre, if justified and cost-effective; (7) monitor the department's progress in addressing competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps.

Agency: Department of Health and Human Services
Status: Open

Comments: The department agreed with our recommendation and identified plans for (1) collecting and analyzing additional workforce data and (2) conducting targeted recruitment, staff planning, career development, and training. In October 2019 (in GAO-20-129), we reported the results of our evaluation of the department's progress in implementing the eight IT workforce planning activities. Specifically, we reported that the department had substantially implemented the activity to develop competency and staffing requirements, partially implemented three other activities, and either minimally or not implemented the remaining four activities. We will continue to monitor the department's efforts to address our recommendation.

Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of Transportation should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish a time frame for when the department is to finalize its draft workforce planning process and maintain that process; (2) develop staffing requirements for all positions; (3) assess competency and staffing needs regularly for all positions; (4) assess gaps in staffing for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing; (6) implement activities that address gaps, including an IT acquisition cadre, cross-functional training of acquisition and program personnel, a career path for program managers, and use of special hiring authorities, if justified and cost-effective;e (7) monitor the department's progress in addressing competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps.

Agency: Department of Transportation
Status: Open
Priority recommendation

Comments: The department agreed with the recommendation and stated that it plans to fully implement it. In October 2019 (in GAO-20-129), we reported the results of our evaluation of the department's progress in implementing the eight IT workforce planning activities. Specifically, we reported that the department had fully implemented the activity to develop competency and staffing requirements, but had not yet fully implemented the remaining seven activities, including developing a workforce planning process. In January 2020, the department stated that its Office of the Chief Information Officer and Office of Human Resource Management had established a workgroup to lead and conduct workforce planning activities, and had defined the strategic goals and objectives for the department's IT workforce. The department also stated that the workgroup was planning on subsequently completing additional activities, including completing a workforce analysis with a competency gap assessment, by the end of calendar year 2020, and developing strategies to address any identified gaps by the end of 2021. We will continue to monitor the department's efforts to implement our recommendation.

Recommendation: To facilitate the analysis of gaps between current skills and future needs, the development of strategies for filling the gaps, and succession planning, the Secretary of the Treasury should require the Chief Information Officer, Chief Human Capital Officer, and other senior managers as appropriate to address the shortfalls in IT workforce planning noted in this report, including the following actions: (1) establish and maintain a workforce planning process; (2) develop competency and staffing requirements for all positions; (3) assess competency and staffing needs regularly; (4) assess gaps in competencies and staffing for all components of the workforce; (5) develop strategies and plans to address gaps in competencies and staffing for all components of the workforce; (6) implement activities that address gaps, including a career path for program managers and special hiring authorities, if justified and cost-effective; (7) monitor the department's progress in addressing competency and staffing gaps; and (8) report to department leadership on progress in addressing competency and staffing gaps for all components of the workforce.

Agency: Department of the Treasury
Status: Open
Priority recommendation

Comments: The department agreed with our recommendation and identified planned and ongoing efforts to address it. In October 2019 (in GAO-20-129), we reported the results of our evaluation of the department's progress in implementing the eight IT workforce planning activities. Specifically, we reported that it had fully implemented the activity to develop competency and staffing requirements, but had not yet fully implemented the remaining seven activities, including developing a workforce planning process. In January 2020, the department stated that its Office of the Chief Human Capital Officer and Office of the Chief Information Officer would be presenting a decision paper to the Human Capital Advisory Council that month to request approval and resources to complete an IT Competency Framework, conduct a competency assessment, and conduct a department-wide workforce planning study for the 2210 (IT management) occupation. We will continue to monitor the department's efforts to implement our recommendation.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of Commerce
Status: Open

Comments: We reported that the Department of Commerce did not meet the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, the department did not provide evidence of a process to regularly update its inventory or quality controls to ensure the reliability of the data collected. In October 2017, the department reported that application inventory information will be captured through the Department of Commerce Capital Planning and Investment Control (CPIC) system, as part of its regular updating of investment information. Further, the department stated that it will update its CPIC handbook to provide guidance on quality control to ensure reliability of the data collected. In November 2018 and November 2019 we followed-up with Commerce on the status of their efforts; however, as of January 2020, we had not received an update. We plan to continue to follow up with Commerce to monitor the status of these planned actions.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of Energy
Status: Open

Comments: We reported that the Department of Energy partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In May 2017, the department reported that it plans to implement automated monitoring and inventory tools by the end of fiscal year 2020, which it expects will address the key practices. In December 2019, the department reported that it anticipates completing a refresh of its application inventory by the end of February 2020. We plan to monitor the department's efforts to implement the tools and to develop a complete application inventory.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of Housing and Urban Development
Status: Open

Comments: We reported that the Department of Housing and Urban Development (HUD) partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In June 2017, the department reported that it is working to identify applications in field offices, and planned for this effort to be completed in fiscal year 2018. In addition, the department stated it planned to update the inventory to include business functions for each system by the end of fiscal year 2017. Further, department officials stated that to ensure the accuracy and reliability of the application inventory, the department planned to conduct quarterly portfolio reviews starting in fiscal year 2018. In October 2018, HUD officials reported that CTO performed a technical assessment of HUD's IT assets, which resulted in identifying systems in the inventory that had been decommissioned and will be decommissioned. In addition, the department provided its strategy for performing the assessment. In August 2019, HUD reported that it completed an assessment of its legacy applications and the current inventory system is outdated. However, as of January 2020, HUD had not yet provided an updated inventory. We plan to continue to monitor the department's efforts to address the recommendation.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Social Security Administration
Status: Open

Comments: We reported that the Social Security Administration (SSA) partially met the following two software application inventory practices, (1) includes systems from all organizational components, and (2) regularly updates the inventory with quality controls to ensure reliability. In March 2017, SSA officials reported that the agency's Office of Systems and Office of Operations continue to collaborate on integrating application information into the Enterprise Application Inventory. The officials reported that regionally developed applications that have been granted authority to operate have been imported into the enterprise application inventory. In addition, the officials stated that the Office of Operations was in the process of redesigning their repository to accommodate requirements to support the Enterprise Application Inventory, including the ability to update and maintain application information in the enterprise repository. Lastly, SSA officials reported that its Office of Information Security and Office of Systems were continuing to work to identify additional headquarters applications and develop process and automation to include applications in the inventory. In June 2019, SSA officials reported that they were continuing to make progress to update the inventory to include systems from all organizational components. However, as of January 2020, we had not received an updated inventory. We will continue to monitor SSA's efforts to develop a complete application inventory.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of Labor
Status: Open

Comments: We reported that the Department of Labor did not meet one software application inventory practice, and partially met three practices. Specifically, we reported that the department did not meet the practice to ensure that the inventory is regularly updated with quality controls to ensure reliability, and partially met the practices to (1) include business and enterprise IT systems, (2) include systems from all organizational components, and (3) specify basic application attributes. In March 2018, department officials provided an updated inventory, which included business and enterprise IT systems from all organizational components, and specified basic attributes, including the name, owner, and business function. In addition, officials stated that they plan to update the inventory on a periodic basis as necessary, at minimum annually, as part of the department's IT budgeting process. Further, in June 2019, officials reported that the department performs biannual reviews of all IT investments and associated systems and applications to verify reported data. The officials also reported that the department uses quality control processes and procedures to ensure consistent, standard, and complete reporting to align with all investment artifacts. However, the department did not provide evidence of these data quality efforts. In June 2019, officials also reported that the department is implementing a new system in order to maintain an ongoing comprehensive inventory of all IT assets, including applications, which it expects to have fully operational by the end of the second quarter of fiscal year 2020. We will continue to monitor the department's efforts.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of the Treasury
Status: Open

Comments: We reported that the Department of the Treasury had partially met the following two practices for establishing a complete software application inventory, (1) specifies basic application attributes, and (2) is regularly updated with quality controls to ensure reliability. In September 2017, the department provided evidence showing that it had taken steps to address these practices. Specifically, the department provided an export of its inventory, which showed that most of the systems listed contained a system description. According to department officials, some systems do not have a system description because the department's inventory policy allows bureaus to attach documents to the inventory, which include the system description, instead of populating the system description field. Further, the policy does not require a system description for systems in the disposal state. Moreover, the inventory did not include the business segment or function that the system supports. According to Treasury officials, the Bureau and Functional Unit fields within the inventory allow the department to map the systems to the business segments that they support. We followed up with the department to obtain this mapping. However, as of January 2020, the department had not provided it. We will continue to monitor the department's efforts to ensure that the inventory is regularly updated with quality controls to ensure its reliability.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of State
Status: Open

Comments: We reported that the Department of State partially met the following software application inventory practices: (1) specifies basic application attributes; and (2) is regularly updated with quality controls to ensure reliability. Specifically, we reported that while the inventory included basic application attributes (e.g. name, description), it did not include the business function for the majority of inventory entries. Further, we reported that the agency did not provide evidence that quality control processes were in place to ensure the reliability of the data in the inventory. In July 2017, department officials stated that the department recently began a department-wide data call to obtain information on all IT assets and applications from each bureau, including aligning the assets and applications to a business function. Further, officials stated that they plan to analyze the results against their current data to ensure the accuracy and reliability of the IT asset inventory. In June 2019, the department provided evidence demonstrating that its inventory includes the business function for IT assets. In addition, State officials stated that the IT asset inventory that is posted internally for review is a high-level summary to facilitate monthly validation. However, as of January 2020, the department has not provided documentation showing that it has implemented the quality control processes to ensure the reliability of the data. We plan to continue to monitor the department's efforts to address the recommendation.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Environmental Protection Agency
Status: Open

Comments: We reported that the Environmental Protection Agency had fully met three of the four practices to establish a complete application inventory, and partially met one. Specifically, the agency partially met the practice for including application attributes in the inventory, as although EPA did not identify the business function for every application. In December 2019, Environmental Protection Agency officials stated that the inventory now requires the business function to be included, and provided inventory update instructions that show the business function is to be included. In addition, agency officials provided instructions for senior information managers to update the inventory in fiscal year 2019. However, as of January 2020, agency officials had not provided an updated inventory, and thus we were not able to verify that the business function was added for all applications. We will follow up with the agency to obtain the updated inventory.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Office of Personnel Management
Status: Open

Comments: We reported that the Office of Personnel Management (OPM) partially met the software application inventory practice to regularly update the inventory with quality controls to ensure reliability. In November 2016, OPM officials stated that they were validating the data in the application inventory. In addition, officials stated that they were making progress in using automated scanning tools to update the inventory, including coordinating with the General Services Administration's Software Management Group which is working to standardize the use of automated inventory tools across the government. In June 2017, November 2018, and November 2019, we followed up with OPM to obtain documentation of these reported actions; however, as of January 2020, the agency had not yet provided supporting documentation. We are continuing to follow up with OPM to obtain documentation of its reported actions.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Defense should direct the responsible official to modify the department's existing processes to collect and review cost, technical, and business information for the enterprise and business IT systems within the Enterprise Information Environment Mission Area applications which are currently not reviewed as part of the department's process for business systems.

Agency: Department of Defense
Status: Open

Comments: The Department of Defense did not concur with our recommendation, noting, among other things, in its written response to our draft report, that a majority of the Enterprise Information Environment Mission Area systems are IT infrastructure, and not applications. However, we reported that the mission area nevertheless included a large number of enterprise and business IT applications which could benefit from rationalization, and we therefore believed our recommendation was still warranted. In March 2020, the department stated that it is formalizing a guide to assist components with implementing an application rationalization process, that will be used to rationalize the Enterprise Information Environment Mission Area systems. The department stated that it plans to perform annual reviews, and expects to start by the end of fiscal year 2020.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Homeland Security should direct the department's CIO to identify one high-cost function it could collect detailed cost, technical, and business information for and modify existing processes to collect and review this information.

Agency: Department of Homeland Security
Status: Open

Comments: In April 2018, DHS officials stated that they identified FOIA systems as a high cost function, and will modify existing processes to collect and review the cost, technical, and business information. In November 2019, DHS reported that it is continuing to make progress in acquiring a new enterprise-wide FOIA system by reviewing current capabilities. We plan to continue to monitor the department's efforts.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Labor should direct the department's CIO to consider a segmented approach to further rationalize and identify a function for which it would modify existing processes to collect and review application-specific cost, technical, and business value information.

Agency: Department of Labor
Status: Open

Comments: In February 2017, department officials stated that the department's portfolio of IT investments, which includes the systems, sub-systems, and applications in the IT asset inventory, are rationalized bi-annually as part of the Office of the Chief Information Officer's IT Capital Planning and Investment Control (CPIC) review processes. Further, officials stated that the systems and applications were also being rationalized as part of the process for updating the IT asset inventory. Officials stated that the department plans to review and update the department's CPIC guide to describe the IT asset inventory management process including the basic quality controls. In July 2019, officials reported that the department plans to have the updated guide completed by the end of fiscal year 2019. However, as of January 2020, the department had not provided documentation supporting these efforts. We plan to follow-up with the department to obtain documentation of its efforts to address the recommendation.

Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

Agency: Department of Health and Human Services
Status: Open

Comments: The Department of Health and Human Services (HHS) concurred with our recommendation and has taken steps to establish a department policy and process for the certification of major IT investments' use of incremental development. Specifically, in September 2020, HHS officials reported that they have established a draft policy and anticipate publishing the finalized guidance by March 2021. We will continue to evaluate HHS's progress in implementing this recommendation.

Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

Agency: Department of the Treasury
Status: Open

Comments: In September 2020, an official from the Department of the Treasury (Treasury) reported that the department had developed draft guidance to address our recommendation, but did not provide time frames for when the guidance would be finalized. Until the department establishes a CIO certification policy, Treasury will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate Treasury's progress in implementing this recommendation.

Recommendation: To help improve the management of MAIS programs, the Secretary of the Navy should direct the Common Aviation Command and Control System program manager to identify weaknesses in the requirements traceability process and take corrective actions to manage the traceability of requirements to the respective lower-level requirements, and periodically evaluate work products, including the requirements management plan, and update them in accordance with the requirements guidance.

Agency: Department of Defense: Department of the Navy
Status: Open

Comments: DOD concurred with this recommendation and stated in March 2016 that the Navy had corrected the data query issue that caused 11 requirements to be eliminated from the traceability matrix we reviewed. DOD also stated that the Navy had identified the weakness in the traceability process that led to 14 general requirements not being fully traced. However, as of June 2020, DOD had not provided us with documentation that supports that it identified the weakness in the requirements traceability process. It also had not demonstrated that the program office has updated its requirements management guidance to address the weakness it identified.

Recommendation: To help ensure that FDA's IT strategic planning activities are successful in supporting the agency's mission, goals, and objectives, the Commissioner of FDA should require the CIO to implement the plan to ensure that expected outcomes of the agency's key IT initiatives are achieved.

Agency: Department of Health and Human Services: Food and Drug Administration
Status: Open

Comments: According to agency officials, FDA's CIO met with the FDA Commissioner in 2016 where the updated IT strategic plan was reviewed and approved. The Commissioner identified key IT initiatives to be implemented within FY2017 and incorporated them into the CIO's performance management appraisal program. According to officials, the Commissioner requires the CIO to implement a plan to ensure that expected outcomes of the agency's key IT initiatives are achieved. Although FDA provided us with an excel spreadsheet that identifies IT initiatives at the agency's weekly FDA project meeting, we requested additional documentation regarding the plan the CIO is required to implement to ensure that expected outcomes of the agency's key IT initiatives are fulfilled. We contacted FDA in September and December 2019 and January 2020 to obtain additional information on the actions taken to implement the recommendation, but have not received a response. We will update the recommendation when additional information is obtained.

Recommendation: To effectively plan and manage its acquisitions of IT systems and increase the likelihood of delivering promised system capabilities on time and within budget, the Librarian should establish and implement an organization-wide policy for developing cost estimates that includes key practices as discussed in this report.

Agency: Library of Congress
Status: Open

Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in January 2017 the Library established a centralized Library-wide Project Management Office, located within the Office of the Chief Information Officer (OCIO). Additionally, in June 2017 the Library updated its regulations to give the Project Management Office the authority to establish organization-wide policy for developing cost estimates. Further, in August 2017 the Project Management Office finalized guidance for developing cost estimates that generally includes the key practices discussed in our report. However, none of the cost estimates for three key investments fully met the practices associated with a comprehensive estimate. In October 2019, the Library provided evidence of its Monte-Carlo risk assessment process. We are currently assessing whether this process is consistent with the practices found in our Cost Estimating and Assessment Guide. We will continue to evaluate the Library's progress in implementing this recommendation.

Recommendation: To effectively plan and manage its acquisitions of IT systems and increase the likelihood of delivering promised system capabilities on time and within budget, the Librarian should establish a time frame for finalizing and implementing an organization-wide policy for developing and maintaining project schedules that includes key practices as discussed in this report, and finalize and implement the policy within the established time frame.

Agency: Library of Congress
Status: Open

Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in January 2017 the Library established a Project Management Office within the Office of the Chief Information Officer (OCIO) and tasked the office with communicating and enforcing Library requirements for project management and systems development. Additionally, in June 2017 the Library updated its regulations to give the Project Management Office the authority to establish organization-wide policy for developing and maintaining schedules. Further, in August 2017 the Project Management Offices finalized guidance for developing schedules that generally includes the key practices discussed in our report. However, none of the schedules for three key investments fully met the practices associated with a well-constructed schedule. In October 2019, the Library provided the schedules that it uses to manage select projects. We are currently reviewing this scheduling documentation to determine the extent to which the Library is implementing its scheduling guidance.

Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology, and Logistics to require MAIS programs to establish their first acquisition program baseline within 2 years of beginning work on the programs.

Agency: Department of Defense
Status: Open

Comments: As of January 2020, DOD had made limited progress addressing our recommendation for business system programs; however, it had not addressed the recommendation for non-business system programs. Specifically, the department updated its instruction on business systems requirements and acquisition to include, among other things, guidance on establishing baselines against which to measure progress for developing needed business capability. However, the instruction did not explicitly require that a program baseline be established within 2 years. Specifically, according to the instruction, baselines may be established at the program level or at the release level (i.e., for a manageable subset of functionality in support of the business capability), within 2 years after programs have validated a business capability is needed and received approval to conduct solution analysis. If at the program level, the baseline is to be set prior to the development of the first release or deployment. If at the release level, the baseline is to be set prior to the development of each release or deployment. In January 2020, the department also issued interim policy for software-intensive systems. However, while the interim policy requires program managers to develop an acquisition strategy that includes delivering software within one year from the date funds are first obligated to acquire or develop new software capability, the interim policy does not require software-intensive system programs to establish a program baseline within 2 years.

Recommendation: To ensure that major steady state IT investments are being adequately analyzed, the Secretaries of Defense, Veterans Affairs, and the Treasury should direct appropriate officials to develop an OA policy, annually perform OAs on all investments, and ensure the assessments include all key factors.

Agency: Department of Veterans Affairs
Status: Open

Comments: For fiscal years 2013, 2014, and 2016, the Department of Veterans Affairs provided its operational analyses to GAO for its major information technology investments. These operational analyses addressed a majority of the key factors identified in Office of Management and Budget guidance. Nevertheless, in February 2019, the department was still in the process of finalizing its operational analysis policy and identified a target completion date of September 2019 for when the policy would be complete and ready for publication.