United States Government Accountability Office GAO Testimony Before the Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, Committee on Homeland Security and Governmental Affairs, United States Senate INFORMATION For Release on Delivery Expected at 10:00 a.m. EDT Thursday, May 24, 2012 TECHNOLOGY REFORM Progress Made; More Needs to Be Done to Complete Actions and Measure Results Statement of David A. Powner, Director Information Technology Management Issues GAO-12-745T Chairman Carper, Ranking Member Brown, and Members of the Subcommittee: I am pleased to be here today to discuss the progress the Office of Management and Budget (OMB) and key federal agencies have made on selected action items associated with information technology (IT) reform. While investments in IT have the potential to improve lives and organizations, some federally funded IT projects can—and have— become risky, costly, unproductive mistakes. With at least $79 billion spent in fiscal year 2011 by the U.S. government on IT investments, it is important to ensure the most efficient and effective use of resources. In December 2010, the Federal Chief Information Officer (CIO) released a 25-point plan for reforming federal IT management. This document established an ambitious plan for achieving operational efficiencies and effectively managing large-scale IT programs. It also clearly identified actions to be completed in three different time frames: (1) within 6 months (by June 2011), (2) between 6 and 12 months (by December 2011), and (3) between 12 and 18 months (by June 2012). You asked us to testify on our report being released today that describes the progress OMB and key federal agencies have made on selected action items in the IT Reform Plan and the extent to which sound measures are in place to evaluate the success of the initiative. 1 In this regard, my testimony specifically covers the progress made on 10 selected IT Reform Plan action items by OMB; the General Services Administration (GSA); and the Departments of Homeland Security, Justice, and Veterans Affairs. In preparing this testimony, we relied on our report being released at today’s hearing. In that report, we evaluated progress by selecting 10 action items from the IT Reform Plan, focusing on action items that (1) were expected to be completed by December 2011, (2) covered multiple different topic areas, and (3) were considered by internal and OMB subject matter experts to be the more important items. We also selected three federal agencies (the Departments of Homeland Security, Justice, and Veterans Affairs) based on several factors, including high levels of IT spending and large numbers of investments in fiscal year 2011. We then evaluated the steps OMB and 1 GAO, Information Technology Reform: Progress Made; More Needs to Be Done to Complete Actions and Measure Results, GAO-12-461 (Washington, D.C.: Apr. 26, 2012). Page 1 GAO-12-745T the selected federal agencies had taken to implement the selected action items from the IT Reform Plan. In cases where the action was behind schedule, we compared plans for addressing the schedule shortfalls to sound project planning practices. We also determined whether and how agencies were tracking performance measures associated with these action items, and compared these measures to best practices in IT performance management. In addition, we interviewed OMB and selected agency officials regarding progress, plans, and measures. All work on which this testimony is based was performed from August 2011 to April 2012 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective. IT can enrich people’s lives and improve organizational performance. Background However, as we have described in numerous reports and testimonies, federal IT projects too frequently incur cost overruns and schedule slippages while contributing little to mission-related outcomes. Further, while IT should enable government to better serve the American people, the federal government has not achieved expected productivity improvements—despite spending more than $600 billion on IT over the past decade. Over the last two decades, Congress has enacted several laws to assist agencies and the federal government in managing IT investments. Key laws include the Paperwork Reduction Act of 1995, 2 the Clinger-Cohen Act of 1996, 3 and the E-Government Act of 2002. 4 Also, the GPRA (Government Performance and Results Act) Modernization Act of 2010 includes IT management as a priority goal for improving the federal 2 44 U.S.C. § 3501 et seq. 3 40 U.S.C. § 11101 et seq. 4 The E-Government Act of 2002, Pub. L. No. 107-347 (Dec. 17, 2002). Page 2 GAO-12-745T government. 5 Each of these laws delineates roles and responsibilities for OMB and agencies regarding information technology and its management. As set out in these laws, OMB is to play a key role in helping federal agencies manage their investments by working with them to better plan, justify, and determine how much they need to spend on projects and how to manage approved projects. Within OMB, the Office of E-government and Information Technology, headed by the Federal CIO, directs the policy and strategic planning of federal IT investments and is responsible for oversight of federal technology spending. Agency CIOs are also expected to have a key role in IT management. Federal law, specifically the Clinger-Cohen Act, has defined the role of the CIO as the focal point for IT management, requiring agency heads to designate CIOs to lead reforms that would help control system development risks; better manage technology spending; and achieve real, measurable improvements in agency performance. In addition, the CIO Council—comprised of CIOs and Deputy CIOs of 28 agencies and chaired by OMB’s Deputy Director for Management—is the principal interagency forum for improving agency practices related to the design, acquisition, development, modernization, use, sharing, and performance of federal information resources. The CIO Council is responsible for developing recommendations for overall federal IT management policy; sharing best practices; including the development of performance measures; and identifying opportunities and sponsoring cooperation in using information resources. Federal IT Reform Plan After assessing the most persistent challenges in acquiring, managing, Strives to Address and operating IT systems, in December 2010 the Federal CIO established Persistent Challenges a 25-point IT Reform Plan designed to address challenges in IT acquisition, improve operational efficiencies, and deliver more IT value to the American taxpayer. 6 The actions were planned to be completed in 5 Pub. L. No. 111-352, 124 Stat. 3866 (2011). The GPRA (Government Performance and Results Act) Modernization Act of 2010 amends the Government Performance and Results Act of 1993, Pub. L. No. 103-62, 107 Stat. 285 (1993). 6 OMB, 25 Point Implementation Plan to Reform Federal Information Technology Management (Washington, D.C.: Dec. 9, 2010). Page 3 GAO-12-745T three different time frames: (1) within 6 months (by June 2011), (2) between 6 and 12 months (by December 2011), and (3) between 12 and 18 months (by June 2012). Several different organizations were assigned ownership of the key action items, including the Federal CIO, the CIO Council, GSA, the Office of Personnel Management, the Office of Federal Procurement Policy, the Small Business Administration, and other federal agencies. Table 1 contains detailed information on selected action items in the IT Reform Plan. Table 1: OMB’s IT Reform Plan: Selected Action Items, Required Activities, and Responsible Parties Plan Responsible number Action item title Required activities parties Due date 1 Complete detailed • Complete consolidation plans that include a technical roadmap, OMB and June 2011 implementation plans clear consolidation targets, and measurable milestones federal to consolidate 800 • Identify dedicated agency-specific program managers agencies data centers by 2015 • Establish a cross-government task force comprised of the agency program managers • Ensure the task force meets monthly • Launch a public dashboard for tracking progress towards closures a 3 Shift to a “cloud first” • Establish a federal strategy for moving to cloud computing OMB and June 2011 policy • Identify three services (per agency) that are to move to cloud federal computing agencies • Establish migration plans for the three services that are to move • Fully migrate the first service within 12 months 4 Stand-up contract • Make a common set of contract vehicles for secure cloud-based GSA June 2011 vehicles for secure infrastructure solutions available governmentwide Infrastructure-as-a- b Service solutions 10 Launch a best • Establish a portal for program managers to exchange information CIO Council June 2011 practices on best practices collaboration platform • Require agencies to submit their experiences to the portal • Codify and synthesize agency submissions to provide a searchable database that facilitates real-time problem solving 13 Design a cadre of • Define an IT acquisition specialist position OMB and June 2011 specialized IT • Establish the requirements, guidance, curriculum, and process for federal acquisition becoming one agencies c professionals • Create guidance to strengthen the IT acquisition skills and capabilities of IT acquisition specialists 15 Issue contracting • Work with IT and acquisition community to develop guidance on Office of December d guidance and contracting for modular development Federal 2011 templates to support • Obtain feedback from industry leaders Procurement modular Policy • Develop templates and samples supporting modular development development Page 4 GAO-12-745T Plan Responsible number Action item title Required activities parties Due date 17 Work with Congress Analyze working capital funds and transfer authorities to identify current OMB and June 2011 to create IT budget IT budget flexibilities federal models that align Identify programs at agencies where additional budget flexibilities could agencies with modular improve outcomes development Work with Congress to propose budgetary models to complement the modular development approach Evaluate mechanisms for increased transparency for these programs 20 Work with Congress Work with Congress to consolidate commodity IT spending under the OMB and June 2011 to consolidate agency CIO federal commodity IT Develop a workable funding model for “commodity” IT services agencies spending under agency CIO e Have the CIO Council and agency CIOs identify “commodity” services to be included in this funding model as they are migrated towards shared services 21 Reform and Revamp IT budget submissions OMB and June 2011 strengthen Have agencies conduct “TechStat” reviews f federal Investment Review agencies Boards Have OMB analysts provide training to agency CIOs in the “TechStat” methodology 22 Redefine role of Make agency CIOs responsible for managing the portfolio of large IT Federal CIO June 2011 agency CIOs and projects within their agencies and agency CIO Council Have the CIO Council periodically review the highest priority “TechStat” CIOs findings assembled by the agency CIOs Source: GAO analysis of OMB’s IT Reform Plan. a Cloud computing is an emerging form of computing where users have access to scalable, on- demand capabilities that are provided through Internet-based technologies. It has the potential to provide IT services more quickly and at a lower cost. b Infrastructure-as-a-Service is one type of cloud computing in which a vendor offers various infrastructure components such as hardware, storage, and other fundamental computing resources. c While the IT Reform Plan discusses having agencies develop cadres of specialists, there is no requirement for agencies to do so. d According to the IT Reform Plan, modular development is a system development technique that delivers functionality in shorter time frames by creating requirements at a high level and then refining them through an iterative process, with extensive engagement and feedback from stakeholders. e Commodity services are systems or services used to carry out routine tasks (e.g., e-mail, data centers, and web infrastructure). f OMB defines a TechStat as a face-to-face, evidence-based accountability review of an IT investment that results in concrete actions to address weaknesses and reduces wasteful spending by turning around troubled programs and terminating failed programs. GAO Has Previously Given the challenges that federal agencies have experienced in acquiring Reported on Needed and managing IT investments, we have issued a series of reports aimed Improvements in Federal at improving federal IT management over the last decade. Our reports cover a variety of topics, including data center consolidation, cloud IT Management computing, CIO responsibilities, system acquisition challenges, and modular development. Key reports that address topics covered in the IT Page 5 GAO-12-745T Reform Plan include reports on data center consolidation, 7 cloud computing, 8 best practices in IT acquisition, 9 IT spending authority, 10 investment review and oversight, 11 and agency CIO responsibilities. 12 For example, in July 2011, we reported that only one of the agencies submitted a complete data center inventory and no agency submitted a complete data center consolidation plan. 13 We concluded that until these inventories and plans are complete, agencies might not be able to implement their consolidation activities and realize expected cost savings. We recommended that agencies complete the missing elements in their plans and inventories. In response to our recommendations, in October and November 2011, the agencies updated their inventories and plans. We have ongoing work assessing the agencies’ revised plans, and in February 2012, we reported that our preliminary assessment of the 7 GAO, Data Center Consolidation: Agencies Need to Complete Inventories and Plans to Achieve Expected Savings, GAO-11-565 (Washington, D.C.: July 19, 2011), and Follow- up on 2011 Report: Status of Actions Taken to Reduce Duplication, Overlap, and Fragmentation, Save Tax Dollars, and Enhance Revenue, GAO-12-453SP (Washington, D.C.: Feb. 28, 2012). 8 GAO, Information Security: Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing, GAO-10-513 (Washington, D.C.: May 27, 2010), and Information Security: Additional Guidance Needed to Address Cloud Computing Concerns, GAO-12-130T (Washington, D.C.: Oct. 5, 2011). 9 GAO, Information Technology: Critical Factors Underlying Successful Major Acquisitions, GAO-12-7 (Washington, D.C.: Oct. 21, 2011). 10 GAO, Information Technology: VA Has Taken Important Steps to Centralize Control of Its Resources, but Effectiveness Depends on Additional Planned Actions, GAO-08-449T (Washington, D.C.: Feb. 13, 2008). 11 GAO, IT Dashboard: Accuracy Has Improved, and Additional Efforts Are Under Way To Better Inform Decision Making, GAO-12-210 (Washington, D.C.: Nov. 7, 2011); Information Technology: OMB Has Made Improvements to Its Dashboard, but Further Work Is Needed by Agencies and OMB to Ensure Data Accuracy, GAO-11-262 (Washington, D.C.: Mar. 15, 2011); Information Technology: OMB's Dashboard Has Increased Transparency and Oversight, but Improvements Needed, GAO-10-701 (Washington, D.C.: July 16, 2010); Information Technology: Management and Oversight of Projects Totaling Billions of Dollars Need Attention, GAO-09-624T (Washington, D.C.: Apr. 28, 2009); Information Technology: Agencies and OMB Should Strengthen Processes for Identifying and Overseeing High Risk Projects, GAO-06-647 (Washington, D.C.: June 15, 2006); and Information Technology: OMB Can Make More Effective Use of Its Investment Reviews, GAO-05-276 (Washington, D.C.: Apr. 15, 2005). 12 GAO, Federal Chief Information Officers: Opportunities Exist to Improve Role in Information Technology Management, GAO-11-634 (Washington, D.C.: Sept. 15, 2011). 13 GAO-11-565. Page 6 GAO-12-745T updated plans showed that not all agency plans were updated to include all required information. 14 We discuss each of the topics in more detail in the report being publicly released today. 15 As discussed in our report, OMB and key federal agencies have made OMB and Key Federal progress on selected action items identified in the IT Reform Plan, but Agencies Have Made there are several areas where more remains to be done. Of the 10 key action items we reviewed, 3 were completed and the other 7 were Progress on IT partially completed by December 2011. The action items that are behind Reform Action Items, schedule share a common reason for the delays: the complexity of the but Much Remains to initiatives. In all seven of the cases, OMB and the federal agencies are still working on the initiatives. However, OMB and federal agencies have Be Done established time frames for completing only two of these initiatives. In a December 2011 progress report on its IT Reform Plan, OMB reported that it made greater progress than we determined. The agency reported that of the 10 action items, 7 were completed and 3 were partially completed. OMB officials from the Office of E-government and Information Technology explained that the reason for the difference in assessments is that they believe that the IT Reform Plan has served its purpose in acting as a catalyst for a set of broader initiatives. They noted that work will continue on all of the initiatives even after OMB declares the related action items to be completed under the IT Reform Plan. We disagree with this approach. In prematurely declaring the action items to be completed, OMB risks losing momentum on the progress it has made to date. Table 2 provides both OMB’s and our assessments of the status of the key action items, with action items rated as “completed” if all of the required activities identified in the reform plan were completed, and “partially completed” if some, but not all, of the required activities were completed. 14 GAO-12-453SP. 15 GAO-12-461. Page 7 GAO-12-745T Table 2: GAO’s Assessment of the Status of Key Action Items OMB’s reported status Plan number (as of and action December GAO’s item title 2011) assessment Description (1) Complete Completed Partially In 2011, agencies published their updated consolidation plans and identified dedicated detailed completed program managers for their data center consolidation efforts. Also, OMB established a implementation cross-government task force comprised of the agency program managers that meets plans to monthly and launched a public dashboard for tracking progress in closing data centers. consolidate at However, not all of the agencies’ updated data center consolidation plans include the least 800 data required elements. Of the three agencies we reviewed, one (the Department of Justice) centers by lacked required milestones and targets for servers and utilization. In addition, in 2015 February 2012, we reported finding similar gaps in multiple agencies’ consolidation a plans. When asked why the plans were not yet complete, agencies reported that it takes time to adequately plan for data center consolidation and many found that they need more time. We have previously recommended that agencies complete the b missing elements from their data center consolidation plans. OMB has noted that agencies are expected to provide an update on their plans in September 2012. (3) Shift to Completed Partially The Federal CIO published a strategy for moving the government to cloud computing cloud-first completed and had each agency identify three services to be moved to the cloud. In addition, each policy of the three agencies we reviewed established migration plans for these services and had migrated at least one service to the cloud by December 2011. However, each of the three agencies’ migration plans we reviewed were missing key required elements, including a discussion of needed resources, migration schedules, or plans for retiring legacy systems. We have ongoing work performing a more detailed review of seven agencies’ progress in implementing the federal cloud computing policy underway, and c plan to issue that report in the summer of 2012. However, at this point there are no time frames for agencies to complete their migration plans. (4) Stand-up Completed Completed GSA has established a common set of contract vehicles for secure cloud-based contract infrastructure solutions, and made them available governmentwide. As of January vehicles for 2012, federal agencies could purchase cloud solutions from three GSA-approved secure vendors. Infrastructure- as-a-Service solutions (10) Launch a Completed Partially The CIO Council developed a web-based collaboration portal to allow program best practices completed managers to exchange best practices and case studies, and all three agencies we collaboration reviewed have submitted case studies to OMB for the portal. However, the data platform accessible by the portal has not yet been effectively codified and synthesized, making it difficult for program managers to search the databases and for them to use it for problem solving. For example, a general search for cloud computing best practices identified more than 13,000 artifacts, while a date-bounded search for the last year identified 14 artifacts—of which only 8 clearly provided information on best practices in cloud computing. The vice chairman of the CIO Council explained that the portal’s shortcomings are due to how new it is, and noted that the council is still working to improve the portal’s functionality. However, the CIO Council has not established a time frame for providing this additional functionality. Page 8 GAO-12-745T OMB’s reported status Plan number (as of and action December GAO’s item title 2011) assessment Description (13) Design a Completed Completed In 2011, the Office of Federal Procurement Policy issued guidance defining an IT cadre of acquisition specialist; established the requirements, guidance, curriculum, and process specialized IT for becoming one; and established guidance to strengthen the IT acquisition skills and acquisition capabilities of IT acquisition specialists. Because the development of the cadre is professionals voluntary, the status of the agencies we reviewed varies: the Department of Veterans Affairs has a cadre of specialized IT acquisition professionals, the Department of Homeland Security is developing one, and the Department of Justice is still considering whether they need such a cadre. (15) Issue Partially Partially An official within the Office of Federal Procurement Policy stated that the agency contracting completed completed worked with the IT and acquisition community to develop draft guidance for modular guidance and development, and has obtained feedback from industry leaders. However, the office templates to has not yet issued this guidance, or the required templates and samples supporting support modular development. An Office of Federal Procurement Policy official explained that modular delays were due to challenges in ensuring consistent definitions of modular development development across the government and industry. The office currently plans to issue its guidance and templates in spring 2012. (17) Work with Partially Partially OMB reported that it analyzed existing legal frameworks to determine what budget Congress to completed completed flexibilities are currently available and where additional budget flexibilities are needed, create IT and worked to promote these ideas (such as multiyear budgets or revolving funds) with budget models selected congressional committees. Also, the three agencies we reviewed identified that align with programs where additional budget flexibilities could improve outcomes. For example, modular the Department of Homeland Security proposed a working capital fund for centralized development IT operations and maintenance functions. However, in response to OMB’s ideas, there has not yet been any new legislation to create budget authorities as a result of the IT Reform Plan and OMB has not identified options to increase transparency for programs that would fall under these budgetary flexibilities. OMB officials noted that they are behind schedule in working with Congress, in part because when the IT Reform Plan was issued in December 2010, the fiscal year 2012 budget process was already under way. They explained that this meant they needed to wait to incorporate changes into the fiscal year 2013 budget process. However, OMB has not yet established time frames for completing this activity. (20) Work with Partially Partially OMB issued a memo in August 2011 that, among other things, required agencies to d Congress to completed completed consolidate commodity IT services under the agency CIO. In addition, the federal CIO consolidate has discussed the importance of consolidating commodity IT under the agency CIOs commodity IT with selected congressional committees. However, OMB noted that this action item is spending behind schedule and that it is continuing to discuss the implementation of the memo under agency and the development of models for funding commodity IT with agencies and Congress. CIOs Further, the three agencies we reviewed had not yet reported to OMB on their proposals for migrating commodity IT services to shared services, in part because they were waiting for guidance from OMB. OMB officials noted that part of the reason for the delay is that when the IT Reform plan was issued in December 2010, the fiscal year 2012 budget process was already under way. Therefore, they needed to wait a year to incorporate changes into the fiscal year 2013 budget process. However, OMB has not established a time frame for completing this activity. Page 9 GAO-12-745T OMB’s reported status Plan number (as of and action December GAO’s item title 2011) assessment Description (21) Reform Completed Completed In 2011, OMB revamped its requirements for agency IT budget submissions. OMB also and strengthen developed, published, and provided training for agency CIOs on how to conduct Investment TechStat reviews that includes accountability guidelines, engagement cadence, Review Boards evaluation processes, and reporting processes. By December 2011, all 24 agencies conducted at least one TechStat review. (22) Redefine Completed Partially In August 2011, OMB issued a memo directing agencies to strengthen the role of the role of agency completed CIO away from solely being responsible for policymaking and infrastructure CIOs and the maintenance to a role that encompasses true portfolio management for all IT. However, CIO Council OMB acknowledged that there is disparity among agency CIOs’ authorities and that it will take time for agencies to implement the required changes. Of the three agencies we reviewed, two CIOs reported having true portfolio management for all IT projects, and one did not. The Department of Homeland Security’s CIO does not yet have responsibility for the portfolio of all IT projects. We have ongoing work assessing the department’s governance of IT investments. Regarding changes in the role of the CIO Council, the council formed a committee to focus on management best practices. This committee analyzed the outcomes of agency TechStat reviews over the past year and published a report discussing governmentwide trends in December 2011. Source: GAO analysis of OMB and agency data. a GAO-12-453SP. b GAO-11-565. c The seven agencies are the Departments of Agriculture, Health and Human Services, Homeland Security, State, and Treasury, as well as GSA and the Small Business Administration. d OMB, Memorandum for Heads of Executive Departments and Agencies: Chief Information Officer Authorities, M-11-29 (Washington, D.C.: Aug. 8, 2011). Until OMB and the agencies complete the action items called for in the IT Reform Plan, the benefits of the reform initiatives—including increased operational efficiencies and more effective management of large-scale IT programs—may be delayed. With the last of the action items in the IT Reform Plan due to be completed by June 2012, it will be important for OMB and the agencies to ensure that the action items due at earlier milestones are completed as soon as possible. Page 10 GAO-12-745T The importance of performance measures for gauging the progress of OMB Has Not programs and projects is well recognized. In the past, OMB has directed Established Measures agencies to define and select meaningful outcome-based performance measures that track the intended results of carrying out a program or for Evaluating Results activity. 16 Additionally, as we have previously reported, aligning on Most IT Reform performance measures with goals can help to measure progress toward Initiatives those goals, emphasizing the quality of the services an agency provides or the resulting benefits to users. 17 Furthermore, industry experts describe performance measures as necessary for managing, planning, and monitoring the performance of a project against plans and stakeholders’ needs. 18 According to government and industry best practices, performance measures should be measurable, outcome-oriented, and actively tracked and managed. Recognizing the importance of performance measurement, OMB and GSA have established measures for 4 of the 10 action items we reviewed: data center consolidation, shifting to cloud computing, using contract vehicles to obtain Infrastructure-as-a-Service, and reforming investment review boards. Moreover, OMB reported on three of these measures in the analytical perspectives associated with the President’s fiscal year 2013 budget. Specifically, regarding data center consolidation, OMB reported that agencies were on track to close 525 centers by the end of 2012 and expected to save $3 billion by 2015. On the topic of cloud computing, OMB reported that agencies had migrated 40 services to cloud computing environments in 2011 and expect to migrate an additional 39 services in 2012. Regarding investment review boards, OMB reported that agency CIOs held 294 TechStat reviews and had achieved more than $900 million in cost savings, life cycle cost avoidance, or reallocation of funding. However, OMB has not established performance measures for 6 of the 10 action items we reviewed. For example, OMB has not established 16 OMB, Guide to the Program Assessment Rating Tool. 17 GAO, NextGen Air Transportation System: FAA’s Metrics Can Be Used to Report on Status of Individual Programs, but Not of Overall NextGen Implementation or Outcomes, GAO-10-629 (Washington, D.C.: July 27, 2010). 18 Thomas Wettstein and Peter Kueng, “A Maturity Model for Performance Measurement Systems,” and Karen J. Richter, Ph.D., Institute for Defense Analyses, CMMI® for Acquisition (CMMI-ACQ) Primer, Version 1.2. Page 11 GAO-12-745T measures related to the best practices collaboration platform, such as number of users, number of hits per query, and customer satisfaction. Further, while OMB has designed the guidance and curriculum for developing a cadre of IT acquisition professionals, it has not established measures for tracking agencies’ development of such a cadre. Table 3 details what performance measures and goals, if any, are associated with the action item. Table 3: Assessment of Performance Measures Associated with Selected IT Reform Action Items Action item Performance measures Performance goals (1) Complete detailed • Number of data center closures • The IT Reform Plan identifies a goal to consolidate 800 implementation plans to • Expected cost savings data centers by 2015. consolidate 800 data centers by • In December 2011, in conjunction with a decision to • 2015 include smaller data centers in the consolidation effort, the Federal CIO increased this goal to more than 1,000 data centers by 2015. • In February 2012, OMB announced a goal of saving $3 billion by 2015. (3) Shift to a cloud-first policy • Number of services • The IT Reform Plan states that each agency will identify transitioned to a cloud three services to move to the cloud and that one of those computing environment services must move within 12 months. • Number of legacy systems • OMB has not yet announced goals for eliminated legacy eliminated systems or anticipated cost savings. • Anticipated cost savings (4) Stand-up contract vehicles • Number of task orders issued • GSA established a goal of having at least one task order for secure Infrastructure-as-a- under the contract vehicle issued under the Infrastructure-as-a-Service blanket Service solutions • Dollar amounts awarded purchase agreement in the first year. through the contract vehicle • GSA has not yet announced goals for its second year. • Period of performance for the contract a a (10) Launch a best practices — — collaboration platform a a (13) Design a cadre of — — specialized IT acquisition professionals a a (15) Issue contracting guidance — — and templates to support modular development a a (17) Work with Congress to — — create IT budget models that align with modular development a a (20) Work with Congress to — — consolidate commodity IT spending under agency CIOs Page 12 GAO-12-745T Action item Performance measures Performance goals (21) Reform and strengthen • Number of TechStat reviews • OMB established a goal of having agency CIOs terminate investment review boards • Number of terminated or turn around one third of all underperforming IT programs investments by June 2012. • Cost savings associated with TechStat reviews a a (22) Redefine role of agency — — CIOs and the CIO Council Source: GAO analysis of OMB and agency data. a Performance measures or goals have not been established for this action item. Until OMB establishes and tracks measureable, outcome-oriented performance measures for each of the action items in the IT Reform Plan, the agency will be limited in its ability to evaluate progress that has been made and whether or not the initiative is achieving its goals. In our report being released today, we are making several Implementation of recommendations to help ensure the completion of key IT reform Recommendations initiatives and that the results of these initiatives are measured. Specifically, we are recommending that the Departments of Homeland Could Help Ensure Security, Justice, and Veterans Affairs complete elements missing from Key Efforts are the agencies’ plans for migrating services to a cloud computing Completed and environment, and identify and report on the commodity services proposed for migration to shared services. All three agencies agreed with our Results are Identified recommendations and identified steps that they are undertaking to address them. In addition, we are recommending that the Federal CIO ensure that the action items called for in the IT Reform Plan are completed by the responsible parties prior to the completion of the IT Reform Plan’s 18 month deadline of June 2012 and that the agency provide clear time frames for addressing the shortfalls associated with the IT Reform Plan action items. The Federal CIO agreed with both of these recommendations and stated that OMB intends to complete the action items by the deadline. We are also recommending that the Federal CIO accurately characterize the status of the IT Reform Plan action items in an upcoming progress report in order to keep momentum going on action items that are not yet completed. The Federal CIO disagreed with this recommendation and stated that OMB has accurately characterized the completeness of the action items, and therefore, the recommendation does not apply. We do not agree with OMB’s characterization of four action items. Specifically, OMB considers the action items associated with Page 13 GAO-12-745T data center consolidation, cloud-first policy, best practices collaboration portal, and redefining roles of agency CIOs and the CIO Council to be completed. While we agree that OMB has made progress in each of these areas, we found activities specified in the IT Reform Plan that have not yet been completed. For example, in the area of data center consolidation, we found that selected agency plans are still incomplete. In addition, in the move to cloud computing, selected agency migration plans lack key elements. Thus, we believe that the recommendation is warranted. To address our concerns regarding performance measures, we are recommending that the Federal CIO establish outcome-oriented measures for each applicable action item in the IT Reform Plan. The Federal CIO disagreed with our recommendation and noted that OMB measured the completeness of the IT Reform Plan action items and not the performance measures associated with broader initiatives. We continue to believe that our recommendation is appropriate because there are multiple action items in the IT Reform Plan that are not aligned with broader initiatives and for which there are no measures. Examples include the best practices portal, developing a cadre of specialized IT acquisition professionals, and establishing budget models that align with modular development. Given that the purpose of the IT Reform Plan is to achieve operational efficiencies and improve the management of large- scale IT programs, we maintain that it is appropriate to establish performance measures to monitor the IT Reform Plan’s results. In summary, OMB and selected agencies have made strides in implementing the IT Reform Plan, including pushing agencies to consolidate data centers, migrating federal services to cloud computing, improving the skills of IT acquisition professionals, and strengthening the roles and accountability of CIOs. However, several key reform items remain behind schedule despite OMB stating that these items have been completed. In addition, OMB has not established performance measures for gauging the success of most of its reform initiatives. For example, while OMB is tracking the number of services that agencies move to a cloud computing environment and the number of data center closures, it is not tracking the usefulness of its efforts to develop a best practices collaboration portal or a cadre of IT acquisition professionals. Page 14 GAO-12-745T Overstating progress and not implementing appropriate performance measures do not position the federal IT community to leverage and build on the progress made to date. Moving forward, it will be important for OMB to continue to provide guidance, goals, and oversight to ensure that critical IT reform efforts extend well beyond the original 18-month time frame. It will also be important for agencies to aggressively pursue the completion of IT reform initiatives. Chairman Carper, Ranking Member Brown, and Members of the Subcommittee, this concludes my statement. I would be happy to answer any questions at this time. If you or your staffs have any questions about this testimony, please GAO Contact contact me at (202) 512-9286 or at email@example.com. Individuals who and Staff made key contributions to this testimony are Colleen Phillips (Assistant Director), Cortland Bradford, Rebecca Eyler, Kathleen S. Lovett, and Acknowledgments Jessica Waselkow. (311270) Page 15 GAO-12-745T This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. GAO’s Mission The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. The fastest and easiest way to obtain copies of GAO documents at no Obtaining Copies of cost is through GAO’s website (www.gao.gov). Each weekday afternoon, GAO Reports and GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, Testimony go to www.gao.gov and select “E-mail Updates.” Order by Phone The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, http://www.gao.gov/ordering.htm. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO on Facebook, Flickr, Twitter, and YouTube. Connect with GAO Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts. Visit GAO on the web at www.gao.gov. Contact: To Report Fraud, Waste, and Abuse in Website: www.gao.gov/fraudnet/fraudnet.htm E-mail: firstname.lastname@example.org Federal Programs Automated answering system: (800) 424-5454 or (202) 512-7470 Katherine Siggerud, Managing Director, email@example.com, (202) 512- Congressional 4400, U.S. Government Accountability Office, 441 G Street NW, Room Relations 7125, Washington, DC 20548 Chuck Young, Managing Director, firstname.lastname@example.org, (202) 512-4800 Public Affairs U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548 Please Print on Recycled Paper.
Information Technology Reform: Progress Made; More Needs to Be Done to Complete Actions and Measure Results
Published by the Government Accountability Office on 2012-05-24.
Below is a raw (and likely hideous) rendition of the original report. (PDF)