Recommendation: The Commandant of the Coast Guard should work with Congress to include in the Coast Guard's annual 5-year CIP a discussion of the acquisition programs it prioritized that describes how trade-off decisions made could affect other acquisition programs, such as by delaying recapitalization efforts or needing to conduct Service Life Extension Projects for legacy assets. (Recommendation 1)

Agency: Department of Homeland Security: United States Coast Guard
Status: Open

Comments: The Coast Guard agreed with this recommendation and in August 2019 officials reported that the Coast Guard is working with DHS to include additional information that addresses how trade-off decisions made could affect other major acquisition programs in future CIP reports. It anticipates including this information in the FY 2021-2025 CIP, which it expects to release in late summer 2020.

Recommendation: The Commandant of the Coast Guard should require the Executive Oversight Council, in its role to facilitate a balanced and affordable acquisition portfolio, to annually review the acquisition portfolio collectively, specifically for long-term affordability. (Recommendation 2)

Agency: Department of Homeland Security: United States Coast Guard
Status: Open

Comments: The Coast Guard disagreed with this recommendation stating that other bodies within the Coast Guard--such as the Investment Board, Deputies Council, and Investment Review Board--are responsible for making decisions regarding out-year funding, while the Executive Oversight Council works outside of the annual budget process. DHS also stated that, to meet the spirit of our recommendation, the Coast Guard will update the Executive Oversight Council's charter to require a review of the collective acquisition portfolio, specifically evaluating long-term planning. We believe that updating the Executive Oversight Council's charter to include long-term-planning is a positive step. However, we continue to believe that in addition to long-term planning, the Executive Oversight Council should include the major acquisition portfolio's budget realities faced by the Coast Guard in its reviews, or long-term affordability. If the planning accounts for long-term funding considerations to achieve the Coast Guard's acquisition goals and objectives, we believe the intent of our recommendation would be met. The Coast Guard expects to complete the update of the EOC charter by by late summer 2020.

Recommendation: The Assistant Secretary of Labor for the Employee Benefits Security Administration (EBSA) should clarify whether an Employee Retirement Income Security Act of 1974 plan may incorporate material ESG factors into the investment management for a qualified default investment alternative (QDIA). (Recommendation 1)

Agency: Department of Labor
Status: Open

Comments: DOL neither agreed nor disagreed with this recommendation. On April 23, 2018, while DOL was reviewing our report, the agency issued Field Assistance Bulletin 2018-01 regarding retirement plans' use of ESG factors. While this new bulletin specifically mentions the use of ESG factors in a QDIA and reiterates the conditions under which an investment option may generally be considered a QDIA, it focuses on the use of ESG factors for collateral benefits rather than on cases where ESG factors are considered in investment decisions because they have been determined by fiduciaries to be material to financial performance. For example, the new field assistance bulletin states that the QDIA regulations do not suggest that fiduciaries should select a QDIA based on collateral public policy goals. ESG factors can be used to address material risks, which might otherwise be ignored, and there is interest in considering such factors within a QDIA. The use of ESG factors in this manner can be distinct from pursuing collateral public policy goals. Additional clarification from DOL that explicitly addresses plans' use of financially material ESG factors in investment options designated as a QDIA could enhance the agency's effectiveness in assisting plan fiduciaries with understanding and fulfilling their obligations under ERISA. In June 2019, DOL stated that it would be appropriate to engage with stakeholders before reaching any conclusions about the necessity or appropriateness of issuing further guidance in this area. Additional information about DOL's efforts to engage with stakeholders, including the outcome of such efforts and rationale for any conclusions reached would help determine the effectiveness of the agency's actions.

Recommendation: The Assistant Secretary of Labor for EBSA should provide further information to assist fiduciaries in investment management involving ESG factors, including how to evaluate available options, such as questions to ask or items to consider. (Recommendation 2)

Agency: Department of Labor
Status: Open

Comments: DOL neither agreed nor disagreed with this recommendation. GAO believes that while DOL's new field assistance bulletin provides information on the limitations of using ESG factors for pursuing collateral benefits, additional clarifying information could help sponsors conduct due diligence in considering whether ESG factors are material to an investment's financial performance and, if so, how to address those material risks. DOL's written comments recognize that additional clarification could be appropriate, depending on responses to the new field assistance bulletin from the public. We appreciate the consideration of the need for additional information, particularly as some have noted the new field assistance bulletin could create a chilling effect that leads fiduciaries to avoid considering ESG factors that could address material risks in their investments, to the detriment of plan participants' best interests. In June 2019, DOL stated that it would be appropriate to engage with stakeholders before reaching any conclusions about the necessity or appropriateness of issuing further guidance in this area. DOL further stated that the agency added a new project to the Spring 2019 regulatory agenda related to proxy voting. Additional information about DOL's new project on proxy voting and efforts to engage with stakeholders, including the outcome of such efforts and rationale for any conclusions reached, would help determine the effectiveness of the agency's actions.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of Commerce
Status: Open

Comments: We reported that the Department of Commerce did not meet the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, the department did not provide evidence of a process to regularly update its inventory or quality controls to ensure the reliability of the data collected. In October 2017, the department reported that application inventory information will be captured through the Department of Commerce Capital Planning and Investment Control (CPIC) system, as part of its regular updating of investment information. Further, the department stated that it will update its CPIC handbook to provide guidance on quality control to ensure reliability of the data collected. In November 2018 and November 2019 we followed-up with Commerce on the status of their efforts; however, as of January 2020, we had not received an update. We plan to continue to follow up with Commerce to monitor the status of these planned actions.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of Energy
Status: Open

Comments: We reported that the Department of Energy partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In May 2017, the department reported that it plans to implement automated monitoring and inventory tools by the end of fiscal year 2020, which it expects will address the key practices. In December 2019, the department reported that it anticipates completing a refresh of its application inventory by the end of February 2020. We plan to monitor the department's efforts to implement the tools and to develop a complete application inventory.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of Housing and Urban Development
Status: Open

Comments: We reported that the Department of Housing and Urban Development (HUD) partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In June 2017, the department reported that it is working to identify applications in field offices, and planned for this effort to be completed in fiscal year 2018. In addition, the department stated it planned to update the inventory to include business functions for each system by the end of fiscal year 2017. Further, department officials stated that to ensure the accuracy and reliability of the application inventory, the department planned to conduct quarterly portfolio reviews starting in fiscal year 2018. In October 2018, HUD officials reported that CTO performed a technical assessment of HUD's IT assets, which resulted in identifying systems in the inventory that had been decommissioned and will be decommissioned. In addition, the department provided its strategy for performing the assessment. In August 2019, HUD reported that it completed an assessment of its legacy applications and the current inventory system is outdated. However, as of January 2020, HUD had not yet provided an updated inventory. We plan to continue to monitor the department's efforts to address the recommendation.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Social Security Administration
Status: Open

Comments: We reported that the Social Security Administration (SSA) partially met the following two software application inventory practices, (1) includes systems from all organizational components, and (2) regularly updates the inventory with quality controls to ensure reliability. In March 2017, SSA officials reported that the agency's Office of Systems and Office of Operations continue to collaborate on integrating application information into the Enterprise Application Inventory. The officials reported that regionally developed applications that have been granted authority to operate have been imported into the enterprise application inventory. In addition, the officials stated that the Office of Operations was in the process of redesigning their repository to accommodate requirements to support the Enterprise Application Inventory, including the ability to update and maintain application information in the enterprise repository. Lastly, SSA officials reported that its Office of Information Security and Office of Systems were continuing to work to identify additional headquarters applications and develop process and automation to include applications in the inventory. In June 2019, SSA officials reported that they were continuing to make progress to update the inventory to include systems from all organizational components. However, as of January 2020, we had not received an updated inventory. We will continue to monitor SSA's efforts to develop a complete application inventory.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of Labor
Status: Open

Comments: We reported that the Department of Labor did not meet one software application inventory practice, and partially met three practices. Specifically, we reported that the department did not meet the practice to ensure that the inventory is regularly updated with quality controls to ensure reliability, and partially met the practices to (1) include business and enterprise IT systems, (2) include systems from all organizational components, and (3) specify basic application attributes. In March 2018, department officials provided an updated inventory, which included business and enterprise IT systems from all organizational components, and specified basic attributes, including the name, owner, and business function. In addition, officials stated that they plan to update the inventory on a periodic basis as necessary, at minimum annually, as part of the department's IT budgeting process. Further, in June 2019, officials reported that the department performs biannual reviews of all IT investments and associated systems and applications to verify reported data. The officials also reported that the department uses quality control processes and procedures to ensure consistent, standard, and complete reporting to align with all investment artifacts. However, the department did not provide evidence of these data quality efforts. In June 2019, officials also reported that the department is implementing a new system in order to maintain an ongoing comprehensive inventory of all IT assets, including applications, which it expects to have fully operational by the end of the second quarter of fiscal year 2020. We will continue to monitor the department's efforts.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of the Treasury
Status: Open

Comments: We reported that the Department of the Treasury had partially met the following two practices for establishing a complete software application inventory, (1) specifies basic application attributes, and (2) is regularly updated with quality controls to ensure reliability. In September 2017, the department provided evidence showing that it had taken steps to address these practices. Specifically, the department provided an export of its inventory, which showed that most of the systems listed contained a system description. According to department officials, some systems do not have a system description because the department's inventory policy allows bureaus to attach documents to the inventory, which include the system description, instead of populating the system description field. Further, the policy does not require a system description for systems in the disposal state. Moreover, the inventory did not include the business segment or function that the system supports. According to Treasury officials, the Bureau and Functional Unit fields within the inventory allow the department to map the systems to the business segments that they support. We followed up with the department to obtain this mapping. However, as of January 2020, the department had not provided it. We will continue to monitor the department's efforts to ensure that the inventory is regularly updated with quality controls to ensure its reliability.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Department of State
Status: Open

Comments: We reported that the Department of State partially met the following software application inventory practices: (1) specifies basic application attributes; and (2) is regularly updated with quality controls to ensure reliability. Specifically, we reported that while the inventory included basic application attributes (e.g. name, description), it did not include the business function for the majority of inventory entries. Further, we reported that the agency did not provide evidence that quality control processes were in place to ensure the reliability of the data in the inventory. In July 2017, department officials stated that the department recently began a department-wide data call to obtain information on all IT assets and applications from each bureau, including aligning the assets and applications to a business function. Further, officials stated that they plan to analyze the results against their current data to ensure the accuracy and reliability of the IT asset inventory. In June 2019, the department provided evidence demonstrating that its inventory includes the business function for IT assets. In addition, State officials stated that the IT asset inventory that is posted internally for review is a high-level summary to facilitate monthly validation. However, as of January 2020, the department has not provided documentation showing that it has implemented the quality control processes to ensure the reliability of the data. We plan to continue to monitor the department's efforts to address the recommendation.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Environmental Protection Agency
Status: Open

Comments: We reported that the Environmental Protection Agency had fully met three of the four practices to establish a complete application inventory, and partially met one. Specifically, the agency partially met the practice for including application attributes in the inventory, as although EPA did not identify the business function for every application. In December 2019, Environmental Protection Agency officials stated that the inventory now requires the business function to be included, and provided inventory update instructions that show the business function is to be included. In addition, agency officials provided instructions for senior information managers to update the inventory in fiscal year 2019. However, as of January 2020, agency officials had not provided an updated inventory, and thus we were not able to verify that the business function was added for all applications. We will follow up with the agency to obtain the updated inventory.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

Agency: Office of Personnel Management
Status: Open

Comments: We reported that the Office of Personnel Management (OPM) partially met the software application inventory practice to regularly update the inventory with quality controls to ensure reliability. In November 2016, OPM officials stated that they were validating the data in the application inventory. In addition, officials stated that they were making progress in using automated scanning tools to update the inventory, including coordinating with the General Services Administration's Software Management Group which is working to standardize the use of automated inventory tools across the government. In June 2017, November 2018, and November 2019, we followed up with OPM to obtain documentation of these reported actions; however, as of January 2020, the agency had not yet provided supporting documentation. We are continuing to follow up with OPM to obtain documentation of its reported actions.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Defense should direct the responsible official to modify the department's existing processes to collect and review cost, technical, and business information for the enterprise and business IT systems within the Enterprise Information Environment Mission Area applications which are currently not reviewed as part of the department's process for business systems.

Agency: Department of Defense
Status: Open

Comments: The Department of Defense did not concur with our recommendation, noting, among other things, in its written response to our draft report, that a majority of the Enterprise Information Environment Mission Area systems are IT infrastructure, and not applications. However, we reported that the mission area nevertheless included a large number of enterprise and business IT applications which could benefit from rationalization, and we therefore believed our recommendation was still warranted. In March 2020, the department stated that it is formalizing a guide to assist components with implementing an application rationalization process, that will be used to rationalize the Enterprise Information Environment Mission Area systems. The department stated that it plans to perform annual reviews, and expects to start by the end of fiscal year 2020.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Homeland Security should direct the department's CIO to identify one high-cost function it could collect detailed cost, technical, and business information for and modify existing processes to collect and review this information.

Agency: Department of Homeland Security
Status: Open

Comments: In April 2018, DHS officials stated that they identified FOIA systems as a high cost function, and will modify existing processes to collect and review the cost, technical, and business information. In November 2019, DHS reported that it is continuing to make progress in acquiring a new enterprise-wide FOIA system by reviewing current capabilities. We plan to continue to monitor the department's efforts.

Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Labor should direct the department's CIO to consider a segmented approach to further rationalize and identify a function for which it would modify existing processes to collect and review application-specific cost, technical, and business value information.

Agency: Department of Labor
Status: Open

Comments: In February 2017, department officials stated that the department's portfolio of IT investments, which includes the systems, sub-systems, and applications in the IT asset inventory, are rationalized bi-annually as part of the Office of the Chief Information Officer's IT Capital Planning and Investment Control (CPIC) review processes. Further, officials stated that the systems and applications were also being rationalized as part of the process for updating the IT asset inventory. Officials stated that the department plans to review and update the department's CPIC guide to describe the IT asset inventory management process including the basic quality controls. In July 2019, officials reported that the department plans to have the updated guide completed by the end of fiscal year 2019. However, as of January 2020, the department had not provided documentation supporting these efforts. We plan to follow-up with the department to obtain documentation of its efforts to address the recommendation.

Recommendation: To help ensure the success of PortfolioStat, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to improve transparency of and accountability for PortfolioStat by publicly disclosing planned and actual data consolidation efforts and related cost savings by agency.

Agency: Executive Office of the President: Office of Management and Budget
Status: Open

Comments: As of April 2019, OMB had taken steps to improve transparency of and accountability for PortfolioStat, as GAO recommended in November 2013. In October 2015, the agency started displaying actual data consolidation savings data on the federal information technology (IT) dashboard. As of April 2018, however, OMB was not requiring that agencies report planned PortfolioStat cost savings stating this was as a result of agency feedback, and streamlining of data collection efforts based upon the decision that reporting on realized cost savings is more valuable than reporting on planned or projected cost savings.In March 2019, OMB stated that it was "exploring better approaches to cost savings as reported by agencies to the IT Dashboard." We are following up with OMB to determine whether these approaches include publicly disclosing planned and actual data consolidation efforts and related cost savings by agency.

Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Commerce should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

Agency: Department of Commerce
Status: Open

Comments: In October 2018, the Commerce described its process for updating its IT asset inventory as part of the budget formulation process and provided a mapping of investments to its enterprise architecture as evidence that it had implemented this recommendation. However, the department did not provide any policies and procedures supporting the process it described to us. In addition, it did not provide any evidence of controls to ensure that all investments had been captured in the enterprise architecture. In January 2020, the department told us that its Office of the Chief Information Officer had new leadership and as a result the department was expected to make significant progress in addressing the recommendation this year.

Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Commerce should direct the CIO to develop a complete commodity IT baseline.

Agency: Department of Commerce
Status: Open

Comments: In October 2018, Commerce officials told GAO about actions taken that they believed addressed the recommendation and provided supporting documentation. Specifically, they stated that they send out an annual data call for bureaus to provide their IT asset inventory as part of the budget submission process. They stated they also perform department-level validation of the bureaus' inventories and aggregate them into a single department inventory. As evidence, they provided a data call memo with supporting instructions and a template for bureaus to establish an IT asset inventory. They also provided examples of three bureau inventories received in response to data calls. In addition, they provided the final aggregated inventory (for fiscal year 2017) and department-level validation of bureau submissions. However, the department did not provide any policies or procedures documenting the process they described. In addition, we could not determine whether the creation of the department-wide inventory was a one-time effort or a recurring activity. In January 2020, the department told us that its Office of the Chief Information Officer had new leadership and as a result the department was expected to make significant progress in addressing the recommendation this year.

Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Defense should direct the CIO to develop a complete commodity IT baseline.

Agency: Department of Defense
Status: Open

Comments: The Department of Defense partially concurred with the recommendation and stated that it had efforts underway to further define the department's commodity IT baseline. In January 2019, our contact from the Office of the Chief Information Officer told us that the department had recently established an IT Purchase Request (ITPR) process for controlling spending that had a built-in IT asset inventory process that would address the recommendation. In August 2019, we received documentation on the ITPR process as part of an ongoing engagement. We are reviewing the documentation to determine whether it is sufficient to close the recommendation.

Recommendation: To improve the department's implementation of PortfolioStat, in the future reporting to OMB, the Secretary of Defense should direct the CIO to fully describe the following PortfolioStat action plan element: consolidate commodity IT spending under the agency CIO.

Agency: Department of Defense
Status: Open

Comments: The Department of Defense did not concur with the recommendation, stating that the commodity IT construct implemented by OMB with PortfolioStat did not work with the department's federated management process. However, the department agreed that a strategy, consistent with the intent of achieving better buying power and control of commodity IT items, should be developed and implemented within the department using existing authorities and stated that it was in the process of implementing this strategy. In January 2019, the Office of the Chief Information Officer's Director for Performance Management stated that while the CIO did not have the authority to consolidate commodity IT spending, the department had taken actions he believed addressed the intent of the recommendation to gain visibility into IT spending. Specifically, he stated that the department established a policy to leverage its buying power for commodity IT purchases (for example for software licenses). In addition, the department recently established an IT Purchase Request (ITPR) process for controlling IT spending. In August 2019, we received documentation related to those actions as part of an ongoing engagement. We are reviewing the documentation to determine whether it is sufficient to close the recommendation.

Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Defense should direct the CIO to obtain support from the relevant component agencies for the estimated savings for fiscal years 2013 to 2015 for the data center consolidation, enterprise software purchasing, and General Fund Enterprise Business System initiatives.

Agency: Department of Defense
Status: Open

Comments: The department of Defense concurred with the recommendation and stated that it already reported data center consolidation savings and would continue to realize savings from the Enterprise Software Initiative, other strategic sourcing efforts and the implementation of the General Fund Enterprise Business System initiatives. Through other engagements, in August 2016, we had collected support for data center consolidation and Enterprise Software Initiative savings for fiscal years 2013 to 2015. In January 2019, the Office of the Chief Information Officer's Director for Performance Management told us that the department had not been tracking savings generated by other commodity IT initiatives due to the difficulty in doing so, however, it was tracking an "other" category of savings through OMB's integrated data collection instrument (IDC) process which he believed the intent of our recommendation. He noted that the "other" category tracks savings from various OMB IT reform initiatives. Mr. Johnson said he had sent a recent IDC report along with supporting documentation to GAO to address a recommendation made in GAO-15-296. We are reviewing the documentation to determine whether it is sufficient to close the recommendation.

Recommendation: To improve the U.S. Army Corps of Engineers' implementation of PortfolioStat, in future reporting to OMB, the Secretary of Defense should direct the Secretary of the Army to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) target duplicative systems or contracts that support common business functions for consolidation; (3) establish criteria for identifying wasteful, low-value, or duplicative investments; and (4) establish a process to identify these potential investments and a schedule for eliminating them from the portfolio.

Agency: Department of Defense
Status: Open

Comments: The Department of Defense concurred with the recommendation and stated that, in the future, USACE would fully describe the four action plan elements when reporting to OMB. In August 2016, the department reported that it had addressed and closed the recommendation in February 2015 and cited policies, procedures, and other supporting documentation as evidence. However, the department did not provide the supporting documentation. In April 2018, the department provided several documents as evidence of its efforts to address this recommendation, including an order outlining the capital planning investment management process for the fiscal year 2017. We determined that the documents did not support the department's claims. In January 2019, the department told us it would provide an update on the status of actions to address the recommendation. As of August 2019, the department had not yet provided any update.

Recommendation: To improve the U.S. Army Corps of Engineers' implementation of PortfolioStat, the Secretary of Defense should direct the Secretary of the Army to report on the agency's progress in consolidating eCPIC to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

Agency: Department of Defense
Status: Open

Comments: The Department of Defense partially concurred with the recommendation and stated that it had efforts underway to further define the department's commodity IT baseline. In August 2016, the department reported that it had addressed and closed the recommendation in October 2014 and described several actions that it believed contributed to addressing the recommendation, including, continued improvements to data center reporting, and greater understanding of IT infrastructure costs. However, the department did not provide any documentation to support its claims. In January 2019, the department told us it would provide an update on the status of actions to address the recommendation. As of August 2019, the department had not yet provided any update.

Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the Environmental Protection Agency should direct the CIO to develop a complete commodity IT baseline.

Agency: Environmental Protection Agency
Status: Open

Comments: In September 2016, we reported that the Environmental Protection Agency's (EPA) Registry of Environmental Protection Agency Applications, Models and Databases (READ) system had a complete inventory of enterprise IT and business systems-two of three categories of IT assets that make up a commodity IT baseline-and that the agency had processes in place to regularly update this inventory to ensure its completeness (see GAO-16-511). We have been following up with EPA to obtain its inventory of IT infrastructure systems-the third commodity IT category--and determine the agency's process to ensure the completeness of this inventory. In a December 2019 update, EPA told us that it was working on a response to the recommendation.

Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Administrator of the Environmental Protection Agency should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets; and (3) establish criteria for identifying wasteful, low-value, or duplicative investments.

Agency: Environmental Protection Agency
Status: Open

Comments: In November 2016, the Environmental Protection Agency (EPA) reported making progress in addressing the three action plan elements through implementation of the Federal Information Technology Acquisition Reform Act (FITARA) and efforts to assess applications in its inventory. In June 2019, the agency provided supporting documentation. We are reviewing the documentation to determine whether it fully addresses the recommendation.

Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the Environmental Protection Agency should direct the CIO to report on the agency's progress in consolidating the managed print services and strategic sourcing of end user computing to shared services as part of the OMB integrated data collection quarterly reporting until completed.

Agency: Environmental Protection Agency
Status: Open

Comments: Between July and December 2016, the Environmental Protection Agency (EPA) reported that it had implemented a managed print service contract for headquarters in 2014 and was preparing to award a new contract to also cover its regions. The agency also reported that it plans to use one of the government-wide contracts identified in OMB's policy on improving the acquisition and management of common IT for its end user computing needs. EPA, however, did not provide documentation supporting these efforts. In a December 2019 update, EPA told us that it was working on a response to the recommendation.

Recommendation: To improve the department's implementation of PortfolioStat, the Attorney General should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

Agency: Department of Justice
Status: Open

Comments: In October 2019, the department stated that its budget formulation process ensures that all investments are included in its enterprise architecture (EA). Specifically, the department stated that, as part of the budget formulation process, the EA group reviews investments and aligns them to the business areas within the EA framework by assigning them business reference model codes. To support its claims, in November 2019, the department provided a list of investments showing their alignment with the business reference model codes for the fiscal year 2021 budget formulation process. However, the department did not provide evidence of the EA group's review process. As of January 2020, we were following up with the department to obtain this evidence.

Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the National Aeronautics and Space Administration should direct the CIO to reflect 100 percent of information technology investments in the agency's enterprise architecture.

Agency: National Aeronautics and Space Administration
Status: Open

Comments: In February 2018, NASA reported that it was making revisions to its enterprise architecture policy that would assist with ensuring that 100 percent of the agency's information technology investments are in the enterprise architecture. In July and December 2018, the agency provided updates on its efforts along with supporting documentation, though not enough to fully address the recommendation. In July 2019, the agency stated it also had efforts underway to centralize IT governance under the Chief Information Officer and this would contribute to reflect all investments in the enterprise architecture. The agency stated it would continue to update us on the status of its efforts to address the recommendation.

Recommendation: To improve the agency's implementation of PortfolioStat, the Director of the Office of Personnel Management should direct the CIO to develop a complete commodity IT baseline.

Agency: Office of Personnel Management
Status: Open

Comments: In February 2020, OPM stated that it was developing a service catalog with cost information and allocation components which together with the agency's software inventory would be used for cost avoidance moving forward. However, OPM did not provide supporting documentation. In addition, it was not clear whether the service catalog and software inventory would together include enterprise IT, IT infrastructure, and business systems, the three categories of IT assets that comprise a commodity IT baseline. We will continue to monitor OPM's efforts to address the recommendation.

Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Director of the Office of Personnel Management should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) move at least two commodity IT areas to shared services and (2) target duplicative systems or contracts that support common business functions for consolidation.

Agency: Office of Personnel Management
Status: Open

Comments: In October 2018, OPM provided evidence that it had addressed the action plan element regarding the migration of two commodity IT areas to shared services. Specifically, OPM provided an August 2016 interagency agreement showing plans to migrate its financial management system to a shared service and a May 2018 interagency agreement showing plans to migrate its human resources and time and attendance system to a shared service. However, the interagency agreements were not signed. Regarding the action plan element to target duplicative systems or contracts that support common business functions for consolidation, OPM stated did that it had targeted laptops and mobile phones for consolidation. In addition, OPM did not provide any evidence of reporting to OMB for either action plan element. In February 2020, OPM stated that, in addition to entering into an interagency agreement for its financial management system and consolidating the procurement of agency-wide laptops and cellphones using an enterprise wide contract, it was also working to close two of its five major data centers to consolidate to three. OPM said that it was gathering the documentation to support its claims.

Recommendation: To improve the agency's implementation of PortfolioStat, the Director of the Office of Personnel Management should direct the CIO to report on the agency's progress in consolidating the help desk consolidation and IT asset inventory to shared services as part of the OMB integrated data collection quarterly reporting until completed.

Agency: Office of Personnel Management
Status: Open

Comments: In February 2020, OPM stated that its IT help desk function had become a shared service starting in October 2019. However, OPM did not provide supporting documentation. In addition, OPM stated it did not have any updates on the IT asset inventory. We will continue to monitor the agency's efforts to address this recommendation.

Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of the Treasury should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for identifying wasteful, low-value, or duplicative investments.

Agency: Department of the Treasury
Status: Open

Comments: In September 2014, the Department of the Treasury reported that it did not plan to consolidate commodity IT spending under the agency CIO. Specifically, the department stated that commodity IT investment decisions were consolidated under the Treasury Technology Investment Review Board which is co-chaired by the agency CIO and Assistant Secretary for Management; and that it did not see the benefit of combining the budget authorities of the various bureau infrastructure investments. In regards to establishing criteria to identify wasteful, low-value, and duplicative investments, in September 2014, the department stated that the Treasury Technology Investment Review Board and Technology Advisory Working Group had established an approach that considers risk, value and cost in reviewing investment requests to identify wasteful, low-value, and duplicative investments. As of May 2019, we were reviewing documentation we received from the department in September 2018 to determine whether the recommendation has been fully addressed.

Recommendation: To improve the department's implementation of PortfolioStat, as the department finalizes and matures its enterprise architecture and valuation methodology, the Secretary of the Treasury should direct the CIO to utilize these processes to identify whether there are additional opportunities to reduce duplicative, low-value, or wasteful investments.

Agency: Department of the Treasury
Status: Open

Comments: In September 2014, the Department of the Treasury described several examples of processes it had established to identify opportunities to reduce duplicative, low-value or wasteful investments, including annual reviews of each major IT investment and monthly portfolio reviews. As of May 2019, we were reviewing updated information we received in September 2018 to determine whether the recommendation has been fully addressed.

Recommendation: To effectively implement key components of DOD's business systems modernization program, the Secretary of Defense should direct the Deputy Chief Management Officer to define by when and how the department plans to develop an architecture that would extend to all defense components and include, among other things, (a) information about the specific business systems that support business enterprise architecture (BEA) business activities and related system functions; (b) business capabilities for the Hire-to-Retire and Procure-to-Pay business processes; and (c) sufficient information about business activities to allow for more effective identification of potential overlap and duplication.

Agency: Department of Defense
Status: Open

Comments: DOD has made significant progress addressing the recommendation; however, as of November 2019, more remained to be done. In particular, in 2015, we reported that the department had taken steps to improve the integration of business enterprise architecture information with other existing information, which allows DOD to identify information such as mapping of existing business systems to system functions. More recently, in 2017, the department awarded a contract to improve its business enterprise architecture. According to the department, the objective of the contract was to improve business and system optimization by providing mechanisms to ingest and discover enterprise architecture content from all department components and allow for cross-domain portfolio reviews to include duplication analysis. More specifically, the contract called for developing three major capabilities, including the ability to conduct process and system reviews within and across domains. In October 2019, the Office of the Chief Management Officer (CMO) demonstrated that it had completed development of the three planned capabilities and the office said it was working to host the capabilities in a government-approved cloud environment. With regard to including business capabilities for the Hire-to-Retire and Procure-to-Pay business processes in the business enterprise architecture, the department stated that the new architecture is to identify the business capabilities and processes associated with Lines of Business, which will be defined as a decomposition of the products and services that the business enterprise delivers to the department's components. In September 2019, officials from the Office of the CMO stated that the department plans to review end-to-end processes that comprise the current business enterprise architecture for currency and relevancy. However, the officials did not indicate when they expect to complete this review.

Recommendation: To effectively implement key components of DOD's business systems modernization program, the Secretary of Defense should direct the Deputy Chief Management Officer to ensure that the functional strategies include all of the critical elements identified in DOD investment management guidance, including performance measures to determine progress toward achieving the goals that incorporate all of the attributes called for in the department's guidance.

Agency: Department of Defense
Status: Open

Comments: As of November 2019, the Department of Defense (DOD) had not addressed the recommendation. In May 2013, we reported that, for the fiscal year 2013 certification of business systems, functional strategies included many, but not all, of the critical elements required by DOD's guidance. Specifically, not all functional strategies demonstrated linkages to business goals in DOD's strategic management plan, and not all included expected outcomes for all functional area goals. In addition, some, but not all, had performance measures in place for assessing progress toward achieving stated goals. However, none of the functional strategies included performance measures that reflected all of the key attributes identified in DOD's guidance. We also reported that for the 2014 certification cycle, the functional strategies had been improved. However, not all of them had performance measures that included all key attributes called for in the guidance. Specifically, all performance measures did not include baseline and target measures, and provide a rationale for the identified targets. In June 2018, DOD revised the required functional strategy elements in its defense business system investment management guidance. However, as of November 2019, the department had not ensured that its functional strategies include all of the elements identified in the guidance. The guidance still requires that functional strategies include business outcomes that link to goals in DOD's strategic management plan. In addition, while the guidance no longer calls for the key performance measure attributes that we assessed in our 2013 report (i.e., baseline and target measures and a rationale for identified targets), the new guidance requires that business outcomes include measurable targets. However, none of the fiscal year 2019 functional strategies fully addressed most of the required elements. For example, none of the functional strategies demonstrated that business outcomes were clearly linked to the department's strategic management plan goals, as required by the 2018 investment management guidance. In addition, none of the strategies included measurable targets, An official from the office of the Chief Management Officer (CMO) demonstrated that the department's Integrated Business Framework-Data Alignment Portal, which is used to record functional strategies, includes business outcomes that are aligned to goals and objectives in the National Defense Business Operations Plan (i.e., the agency strategic plan). The official also demonstrated that most functional strategies link to at least one performance measure from the National Defense Business Operations Plan. However, the official agreed that the published functional strategies did not clearly link outcomes to the department's strategic management plan. Further, officials from the office of the CMO stated in September 2019 that the functional strategies for fiscal year 2019 were not revised for fiscal year 2020.

Recommendation: To effectively implement key components of DOD's business systems modernization program, the Secretary of Defense should direct the Deputy Chief Management Officer to select and control its mix of investments in a manner that best supports mission needs by (a) documenting a process for evaluating portfolio performance that includes the use of actual versus expected performance data and predetermined thresholds; (b) ensuring that portfolio assessments are conducted in key areas identified in our IT investment management framework: benefits attained; current schedule; accuracy of project reporting; and risks that have been mitigated, eliminated, or accepted to date; and (c) ensuring that the documents provided to the Defense Business Council as part of the investment management process include critical information for conducting all assessments.

Agency: Department of Defense
Status: Open

Comments: As of November 2019, DOD had not addressed the recommendation. In 2013, we reported that the department's investment management guidance did not specify a process for conducting an assessment or call for the use of actual versus expected performance data and predetermined thresholds for evaluating portfolio performance. In addition, the department did not call for assessments to be conducted in four key areas-benefits attained, current schedule; accuracy of project reporting; and risks that have been mitigated, eliminated or accepted to date. We also reported in 2013, that the department's investment management guidance identified four criteria and specified the associated assessments that were to be conducted when reviewing and evaluating components' organization execution plans in order to make a portfolio-based investment decision. However, the guidance did not call for the department's organizational execution plans to include critical information for conducting assessments associated with three of the four criteria. Specifically, it did not include information for conducting assessments associated with strategic alignment (i.e., information on alignment with the capital planning and investment control practices and Better Buying Power guidance), utility (i.e., interoperability among systems and system scalability to support additional users) and total cost (i.e., cost in relationship to return on investment). In September 2019, the department stated that the Office of the Chief Management Officer's investment management guidance, investment management training materials, and organizational execution plan, addressed elements of the recommendation. However, the documents did not specify a process for evaluating portfolio performance that includes the use of actual versus expected performance data and predetermined thresholds. Regarding ensuring that portfolio assessments are conducted in key areas identified in our IT investment management framework: benefits attained; current schedule; accuracy of project reporting; and risks that have been mitigated, eliminated, or accepted to date, the June 2018 investment management guidance requires organization execution plans to include risks and risk mitigation strategies. In addition, the investment management guidance requires the plans to include information about benefits attained. Specifically, the plans are to include progress against targets for business goals documented in functional strategies. However, the guidance does not address the remaining key areas identified in our IT investment management framework: current schedule; accuracy of project reporting; and risks that have been eliminated or accepted to date. In addition, the guidance does not call for this information to be used as part of portfolio assessments. Regarding ensuring that the documents provided to the Defense Business Council as part of the investment management process include critical information for conducting assessments, in September 2019, the department stated in a written response that business system certification decisions are made in accordance with criteria established in 10 U.S. Code Section 2222. However, as of November 2109, the department had not demonstrated that it established guidance that calls for documents to include critical information on alignment with the capital planning and investment control practices and Better Buying Power guidance), utility (i.e., interoperability among systems and system scalability to support additional users) and total cost (i.e., cost in relationship to return on investment), which are criteria it established in its investment management guidance for making certification decisions.