oversight

Coast Guard: Strategic Focus Needed to Improve Information Resources Management

Published by the Government Accountability Office on 1990-04-24.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

-.__---__~
A pri I I !)!)O
                           COAST GUARD
                           Strategic Focus
                           Needed to Improve
                           Information Resources
                           Management

                                        -...
                                                    ii
                                               II141250
                                                  Illl



                                                -
(;AO/IM’IW        :-!WE2
       L

  II



                   United States
GAO                General Accounting Office
                   Washington, D.C. 20648

                   Information    Management   and
                   Technology    Division

                   B-223777

                   April 24, 1990

                   The Honorable Walter Jones
                   Chairman, Committee on Merchant
                     Marine and Fisheries,
                   House of Representatives

                   Dear Mr. Chairman:

                   On June 7, 1989, you requested a review of the Coast Guard’s manage-
                   ment of major automated systems in light of its past problems imple-
                   menting such systems. After subsequent meetings with your office, we
                   agreed to review the general decision-making framework used for infor-
                   mation resources management (IRM) at the Coast Guard and identify spe-
                   cific issues regarding automated systems design, development, and
                   review. This report responds to your request.


                   The Coast Guard has difficulties getting basic information that it needs
Results in Brief   to carry out its operations. Whether it is justifying vessel boardings,
                   responding to oil spills, closing facilities in response to budget cuts, or
                   tracking hazardous waste violations at its own stations, the Coast Guard
                   needs, but in many cases does not have, accurate and timely informa-
                   tion. As the Coast Guard’s duties expand and its budget and resources
                   remain constrained, the role of information technology will become
                   increasingly vital. The Coast Guards’ ability to accomplish its missions
                   depends on its ability to implement information systems that serve the
                   needs of the organization overall.

                   In recognition of the need for better information, the Coast Guard plans
                   to spend millions of dollars to modernize or replace many major com-
                   puter systems. Most of the new systems will not be operational until the
                   mid-1990s and will continue to serve the Coast Guard into the 21st cen-
                   tury. Because many of these efforts are still in a planning stage, the pre-
                   sent time offers a key opportunity for determining whether the systems
                   will meet not only current needs, but future needs as well.

                   We found several weaknesses that contribute to the Coast Guard’s cur-
                   rent information resources management problems. First, top-level lead-
                   ership and planning in IRM is lacking. Without top management’s
                   leadership and support, the designated senior official for IRM cannot
                   ensure that information systems will serve the Coast Guard’s long-range
                   plans. Second, the absence of a strategic IRM plan makes it difficult to


                   Page 1                GAO/IMTEG90-32 Coast Guard Information ReeourceeManagement
                          Lb223777                                                                                        F




                          ensure that ongoing and proposed systems development projects logi-
                          cally support agency missions and goals. A strategic IRM plan would
                          address ways that information resources and technology meet adminis-
                          trative and programmatic issues facing the Coast Guard in the short and
                          long terms. Third, the evaluation, development, implementation, and
                          review of information systems is jeopardized by a lack of IRM policies,
                          standards, and procedures. If left unresolved, these weaknesses pose
                          substantial risks to the success of the ongoing systems modernization.

                          We recommend that the Coast Guard establish a solid IRM framework
                          that corrects these three weaknesses. This framework should contain
                          factors such as the support of an organization’s top management, a
                          clearly articulated vision of how technology can help the organization
                          achieve its objectives, and a concrete plan for implementing this vision1
                          By creating this framework the Coast Guard will be in a better position
                          to identify and obtain the information it needs to accomplish its
                          missions.


                          During the 198Os, the Coast Guard acquired new, expanded respon-
Information Is Critical   sibilities-most    notably drug enforcement and defense-related activi-
to Performing in a        ties-in addition to its traditional missions of search and rescue, marine
Multimission              environmental protection, law enforcement, and defense readiness. In
                          this multimission environment, the Coast Guard depends on getting
Environment               large amounts of information, getting it accurately, and getting it on
                          time. In many cases, however, information is not collected, readily avail-
                          able, or easily transferable among various Coast Guard units. These
                          problems have affected both program operations and program
                          management.

                          The Coast Guard’s law enforcement program, for example, suffers from
                          a lack of readily accessible information necessary to support tactical
                          decision-making. In deciding whether or not to board a vessel, timely
                          access to information such as prior boardings or violations is essential to
                          improving law enforcement. Currently, the Coast Guard acknowledges
                          that it may take several hours to retrieve this information from systems
                          within and outside of the Coast Guard.




                          ‘These concepts were reinforced by leaders from industry, the Congress, and executive agencies at a
                          GAO symposium on information technology in October 1989. See Meeting the Government’s Technol-
                          ogy Challenge: Results of a GAO Symposium (GAO/IMTEC-90-23, Feb. 1990).



                          Page 2                     GAO/IMTEC9O-32Coast Guard Information ResourcesManagement
 *
                              B-223777




                              Some operations conducted under the Coast Guard’s marine safety pro-
                              gram also suffer from a lack of information. In a recent report, GAO
                              found that the Coast Guard’s oil spill contingency plans in New York
                              and Philadelphia do not contain specific information on how spills of
                              various sizes would be handled with available resources.2 This type of
                              information is essential for decisionmakers at an oil spill site. In the
                              Exxon Valdez incident, the lack of such information contributed to the
                              Coast Guard’s inability to respond effectively.”

                              In addition to needing information for operations, the Coast Guard needs
                              information to stipport program management decisions. For example, in
                              a November 1988 report on the closing of two Vessel Traffic Service
                              facilities, GAO concluded that the Coast Guard acted primarily to resolve
                              its immediate problem of reducing operating expenses, and gave little
                              consideration to the effectiveness of each of the facilities in enhancing
                              vessel safety in waterways and ports.4 The Coast Guard could not assess
                              whether it made the correct decision because Vessel Traffic Service
                              safety and cost effectiveness information was not used, was seriously
                              out of date, or was not maintained. Furthermore, GAO'S testimony on the
                              Coast Guard’s cleanup of hazardous waste sites pointed out that the
                              Coast Guard does not routinely collect and summarize data on environ-
                              mental violations and the related costs of noncompliance at its own
                              facilities that handle hazardous wastee Without this information, the
                              Coast Guard will find it difficult to project with precision the long-term
                              funding needs for correcting violations of existing regulations.


Information Problems          The Coast Guard is aware of its problems with information technology,
Persist Despite Significant   and in the past 6 years has spent over half a billion dollars on the devel-
                              opment, purchase, operation, and maintenance of and personnel for its
Systems Investments           information systems. Despite this investment, major automated informa-
                              tion systems serving critical Coast Guard missions continue to have
                              problems that affect mission support and impede program operations
                              and management. (See appendix II for examples.)


                              ‘Coast Guard: I’re aration and Response for Oil Spills in Philadelphia and New York Ports
                              (c-d,                Jan. 26, 1990).
                              “Coast Guard: Adequacy of Preparation and Responseto Exxon Valdez Oil Spill (GAO/RCED-90-44,
                              Oct. 30, 1989).

                              4Coa.stGuard: Better Information Needed Before Deciding on Facility Closings (GAO/RCED-89-48,
                              Nov. 29, 1988).
                              “The Coast Guard’s Cleanup of Iiazdrdous Waste Sites (GAO/T-RCED-90-6, Nov. 1, 1989).



                              Page3                      GAO/IMTEX-90-32CoastGuardIuformationResources Management
                         0.223777                                                                  1.




                         Many of the Coast Guard’s information systems were developed to sup-
                         port narrow program needs. Most systems are not integrated and cannot
                         share information with other existing Coast Guard systems. In our
                         review of Coast Guard systems documentation and through interviews
                         with project managers, we found several common problems that have
                         led to an inability to retrieve, access, send, or receive information, or
                         determine its accuracy or completeness. For example, field offices some-
                         times have to use several different systems to obtain information on the
                         variety of interrelated tasks they are performing. (See appendix II for
                         details.)


Systems Modernization    The Coast Guard plans to invest millions of dollars in the next few years
Efforts Are Focused on   modernizing or replacing many major computer systems to eliminate
                         shortcomings with existing information systems technology. Most of
Correcting Technology    these efforts are in an early planning or development stage, and are
Problems                 expected to be operational within the next 2 to 5 years. (See
                         appendix III.)

                         In examining several ongoing systems replacement or enhancement
                         efforts, we found that the Coast Guard is focusing on technology-related
                         solutions without reassessing the basic purposes and uses of its informa-
                         tion systems. The technological solutions may correct some existing
                         problems with data access, storage, retrieval, and exchange, but will not
                         help the Coast Guard to respond to organizationwide information needs
                         in fundamentally new and different ways. For instance, new hardware
                         and software may overcome many existing shortcomings with informa-
                         tion systems performance caused by equipment obsolescence and inflex-
                         ible software applications. Also, plans to apply open systems
                         information processing standards, in accordance with federal policies,
                         through an information architecture can help ensure that current sys-
                         tems interoperability problems are addressed.

                         These are positive steps, but other important issues related to the suc-
                         cess of the Coast Guard’s systems modernization efforts remain largely
                         unaddressed. Organizationwide reassessments of the needs, purposes,
                         and uses for information-all   critical to improving present and future
                         mission performance- are not occurring concurrently with new technol-
                         ogy plans.




                         Page 4              GAO/IMTEGDO-32Coast Guard Information ResourcesManagement
                            B-223777




                            Defining an agency’s information needs and acquiring the information
Underlying Causesof         technology to support these needs requires careful, agencywide plan-
Coast Guard                 ning. In reviewing the Coast Guard’s IRM program, we found three inter-
Information Problems        related problems that pose risks to the success of the Coast Guard’s
                            computer modernization efforts and hinder the Coast Guard’s ability to
                            identify its current and future information needs. First, top-level leader-
                            ship and planning in IRM is lacking. Second, the absence of a strategic IRM
                            plan makes it difficult to ensure that ongoing and proposed systems
                            development projects logically support agency missions and goals.
                            Third, the evaluation, development, implementation, and review of
                            information systems is jeopardized by a lack of IRM policies, standards,
                            and procedures.


Defining the Role of        Top leaders in the Coast Guard periodically analyze new and long-term
Information Technology:     strategic, administrative, and programmatic issues facing the organiza-
                            tion. The Commandant issues a Long Range View every 2 years that
Top Leadership and Vision   assesses the Coast Guard’s current missions and how these are likely to
Needed                      change or broaden during the next several years. This document pro-
                            vides broad policy guidance for program offices during the Planning,
                            Programming, and Budgeting System’s cycle that determines priorities
                            for resource needs and allocations. In 1989, the Commandant created a
                            Strategic Planning Council to assist him in strategic, long-term planning
                            by examining how Coast Guard missions could be affected by changes in
                            the agency’s internal and external environment.

                            In our review of the most recent Long Range View and our discussions
                            with the head of the Strategic Planning Council, we found that the role
                            of information, information technology, and other related resources in
                            addressing strategic, administrative, and programmatic issues is not
                            clearly addressed. Neither the Long Range View nor the Strategic Plan-
                            ning Council indicate how the organization will respond to current or
                            future strategic issues in terms of information requirements and the
                            uses of information technology.

                            This lack of top management vision on the use of information technol-
                            ogy reflects the existing philosophy of the Coast Guard’s leadership. IRM
                            guidance and direction is not viewed as a top management function by
                            Coast Guard leaders. In 1988, the Commandant delegated responsibili-
                            ties for IRM direction, guidance, and control to the Admiral who heads
                            the Office of Command, Control, and Communications (c3). Although the
                            C:’Admiral is the designated senior IRM official, we found he has great
                            difficulty providing agencywide IRM leadership, in part because he lacks


                            Page 6              GAO/IMTEG90-32 Coast Guard Information ResourcesManagement
                                                                                                  .


                            B-223777




                            sufficient authority to do so. In a September 1989 memo to the Chief of
                            Staff, the 0 Admiral acknowledged this dilemma, noting that his
                            designation as the senior IRM official has been a classic case of responsi-
                            bility without authority. Our interviews with some program officials
                            indicated that C:]has had difficulty gaining acceptance by other Coast
                            Guard offices of its IRM leadership role. Its organizational status is
                            equivalent to the program offices, and it is these offices that have direct
                            responsibility for the information systems supporting their work. Only
                            recently have C:’officials been involved, informally, in the Coast Guard’s
                            budget development process. The absence of strong IRM leadership
                            within the Coast Guard management’s highly decentralized environment
                            relegates C:’to a support office with a reactive rather than a proactive
                            IRM role.

                            This lack of leadership is exemplified by the senior IRM official’s inabil-
                            ity to effectively integrate IRM projects with the existing Coast Guard
                            process used to allocate resources. For example, c3 has recognized that
                            more efficient information management is necessary to support opera-
                            tional decision-making. c” proposed an Operations Information System
                            prototype to enhance the command and control functions of a wide vari-
                            ety of Coast Guard decisionmakers. This system would merge crosscut-
                            ting information from existing automated systems supporting various
                            operational missions, such as search and rescue, law enforcement,
                            defense operations, and intelligence. Three Coast Guard operation pro-
                            gram offices reviewed the proposal and agreed that the project was
                            essential to improving performance. The head of the Office of Engineer-
                            ing and Development also concurred, and had the Research and Develop-
                            ment Center in Groton, Connecticut, develop a project plan to analyze
                            requirements and the prototype’s design.

                            Over a year later, little progress has been made on this project. Officials
                            at the Coast Guard’s Research and Development Center stated that more
                            immediate problems with existing automated systems have demanded
                            management’s attention and consumed existing staff resources. For the
                            Operations Information System project to receive higher priority, they
                            indicated, it must receive backing from top Coast Guard management.


Strategic IRM Plan Needed   A strategic IRM plan provides the mechanism to set and evaluate priori-
to Articulate the           ties and specifies how an agency’s information technology will support
                            its mission. This process should provide the vital link between an organ-
Information Technology      ization’s business strategy and its information assets and resources.
Vision                      Office of Management and Budget Circular A-130 specifically requires


                            Page 6              GAO/IMTEG90-32 Coast Guard Information ResourcesManagement
B-223777




federal agencies to establish a multiyear strategic planning process for
acquiring and operating information technology that meets program and
mission needs, reflects budget constraints, and forms the basis for
budget requests. The Coast Guard does not have a strategic IRM plan,
and does not engage in long-range IRM planning as part of its Long Range
Planning Cycle. Several Coast Guard officials explained that such plan-
ning has not been undertaken because senior Coast Guard management
views information technology as a traditional data processing support
function, not as a strategic resource.

Without a strategic IRM plan, attempts to solve the Coast Guard’s infor-
mation problems are uncoordinated and driven by individual program
needs. For example, the c3 office realizes the need for a standardized,
Coast Guard-wide data dictionary.” The Corporate Database Project is
being used to construct this dictionary over time. However, this project
is not coordinated with other systems development projects in the pro-
gram offices, many of which are scheduled for implementation before
the Corporate Database project is completed. Thus, new systems being
developed through the Coast Guard’s modernization effort run the risk
of continuing to function as stand-alone systems, despite integrated
operational and managerial information needs that exist across organi-
zational boundaries.

In the absence of IRM strategic planning by the Coast Guard’s top offi-
cials, the Coast Guard uses its budget planning and review process to
rank and scrutinize ADP procurements. This practice presents two prob-
lems for decisions made about information systems projects. First, fund-
ing decisions continue to be based on the specific needs of individual
Coast Guard offices. With c3 involved only informally in the budget
review process, a comprehensive, coordinated, and agencywide perspec-
tive on information systems projects is difficult to achieve. Without this
perspective, the Coast Guard’s top leadership cannot ensure that infor-
mation resources are being planned, managed, and used in the most
effective manner agencywide.

Second, it is difficult for the budget review process to ensure that sys-
tems requesting funding have been adequately planned. Cases exist
where software development and hardware acquisitions have been
funded prior to sufficient systems requirements analysis, definition, or
design. For example, inadequate system development planning for the

“When different systems are to share data, plans should define standard data elements that will be
common across all systems and specify procedures for managing and sharing the data.



Page 7                      GAO/IMTECSO-32Coast Guard Information ResourcesManagement
                           B-223777




                           Automated Mutual Vessel Emergency Rescue SystemLused to support
                           Coast Guard search and rescue operations-was        not recognized by
                           budget review staff until almost one year after system redesign efforts
                           had been funded. As a result, the project schedule slipped, costs
                           increased, and better support for search and rescue operations was fur-
                           ther delayed. The same problem recently surfaced with the redesign of
                           the Coast Guard’s Law Enforcement Information System; however, 1991
                           funding for system redevelopment was delayed until more complete sys-
                           tems design and requirements analyses were completed. In short, the
                           budget review process is being used to perform a technical function for
                           which it is not well suited, namely, to scrutinize systems design and
                           development proposals.

                           During the course of our review, the Coast Guard took steps to change
                           the funding and development of information systems to better assure
                           that projects are adequately planned before they are funded. A Project
                           Development Board comprised of representatives from the Chief of
                           Staff, c”, and several major program offices has been created to review
                           and approve major hardware and software acquisitions prior to consid-
                           eration of funding. The Coast Guard’s Research and Development Center
                           will play a key role in system developments and will be responsible for
                           directing the new system design efforts approved by the Board and
                           funded through the budget approval processes. These changes are con-
                           structive, but they effectively address only some of the risks associated
                           with the funding of inadequately defined and designed systems propos-
                           als, and do not address, for example, the risks associated with a lack of
                           standards and procedures for developing automated systems.


Policies, Standards, and   Policies, standards, and procedures can provide stability to an IRM pro-
Procedures Needed to       gram, particularly to development efforts, by ensuring that these efforts
                           follow a strategic plan. IRM policies ensure that agencywide initiatives,
Anchor IRM                 such as IRM management control, review, and approval are effectively
                           implemented throughout the agency. System development standards
                           and procedures can provide guidelines for individual development
                           projects. However, this potential stability is missing since the Coast
                           Guard has not developed comprehensive IRM guidance.

                           The Coast Guard’s senior IRM official has responsibility for implementing
                           IHM policies, standards, and procedures. As in the case with strategic
                           planning, IRM policies have not been clearly articulated by top manage-
                           ment, or the c” office. Promulgation of IRM standards and procedures has
                           over the past 3 years been limited to only one IRM directive addressing


                           Page 8              GAO/IMTECSOSBCoast Guard Information ResourcesManagement
        1)
    c

*
             B-223777




             systems developments.7 It specifies that a proposal summarizing certain
             early, standard, life cycle requirements- such as resource requirements,
             benefits and costs, organizational and user impact, and alternatives
             analyses-be approved by @ for cross-unit automated systems that
             exceed certain cost thresholds. c” officials acknowledged that a lack of
             resources has hindered efforts to formulate standards, but explained
             that an informal process to disseminate applicable governmentwide
             standards has been created.

             The lack of formal IRM policies, standards, and procedures increases the
             risk that development projects will not meet the Coast Guard’s needs. In
             discussions with various project managers, we found that a distinct dis-
             parity exists in the way systems are developed. Some project managers
             are cognizant of governmentwide standards and apply them to their sys-
             tem development efforts, while others rely on the c:] office to provide
             them what they need. This office reviews proposals that summarize the
             results of early life cycle documentation, approves system development
             proposals based on this review, and, in some cases, participates in the
             development. However, it is not responsible for evaluating system justi-
             fications. The program office is responsible for project oversight,
             reviewing feasibility studies and requirements analyses, and determin-
             ing the most beneficial way to develop IRM resources. System develop-
             ment risks increase because (Y’s oversight is largely informal once
             projects are approved for funding.

             The Coast Guard’s Cl office is in the process of creating an information
             technology architecture to provide a standard framework that governs
             the deployment and use of information technology resources. For exam-
             ple, the technology architecture will establish standards for the use of
             hardware, operating systems, and telecommunication protocols. How-
             ever, the formulation of this architecture suffers from the lack of guid-
             ance that an IRM plan and policies would provide. For example, it is not
             clear that the completed components of the technology architecture
             have fully addressed mission objectives of current and future Coast
             Guard systems, and the manner in which these systems will be
             employed. If such systems are to be integrated and share data, the archi-
             tecture should define standard data elements, a data dictionary, and
             detailed characteristics of database management systems. In addition, a
             process for adequately testing, implementing, and enforcing the archi-
             tecture has not been set up.

             ‘Commandant Instruction 523 1.2, Planning Approval for Automated Information Systems (AIS)
             (May 15, 1988).



             Page 9                    GAO/IMTEC-90-32Coast Guard Information ResourcesManagement
                         B-223777                                                                   *




                         The Coast Guard’s increased responsibilities and expanded mission com-
Management of            bined with its constrained budget and resources puts great pressure on
Information              the agency to make sound, cost-effective decisions and justifiable fund-
Resources:Creating a     ing requests. Put in this perspective, the Coast Guard’s effective man-
                         agement of its information and technology is of critical importance. The
Framework                agency is entering a period of modernization designed to meet new or
Contributes t0 SUCCeSS   expanding responsibilities while operating under budgetary constraints,
                         which poses a formidable challenge to the Coast Guard’s management,

                         Ways of meeting such challenges are currently being studied by policy-
                         makers both in private industry and the government. In a recent GAO
                         symposium, “Meeting the Government’s Technology Challenge,” leaders
                         from industry, the Congress, and the executive agencies agreed on sev-
                         eral principles that make up a framework to guide the effective acquisi-
                         tion and management of information technology. Many of the
                         underlying principles of this framework reinforce our work at the Coast
                         Guard by emphasizing the significance of committed leadership, a
                         clearly articulated vision of how technology can be used to serve an
                         agency’s objectives, and a concrete plan for implementing this vision,


                         At present, the Coast Guard lacks a clear vision of how it can benefit
Conclusions              from information technology, and without this understanding IRM initia-
                         tives tend to focus only on the needs of individual units. A comprehen-
                         sive, agencywide focus could extend beyond automating existing
                         processes and procedures, to developing new ways of accomplishing
                         objectives.

                         An absence of leadership places all of the Coast Guard’s information
                         technology initiatives at risk. No strategic IRM plan exists to guide the
                         agency during this period of intense modernization. At present, IRM plan-
                         ning is not even required at the program-office level. The danger exists
                         that systems resulting from this modernization will continue to be a
                         loose collection of unrelated projects. Without interconnected and com-
                         patible systems, the Coast Guard will still find it difficult to obtain
                         information in a timely, convenient, and economical fashion,

                         Some of these concerns may be alleviated by an information architec-
                         ture that the Coast Guard is implementing. Although the architecture
                         should reduce the likelihood of acquiring incompatible technology, it is
                         not tied to any strategic vision, nor is there any clear provision for
                         implementing or enforcing it throughout the agency. The architecture
                         represents a step in the right direction, but it does not in itself provide


                         Page 10              GAO/IMTEG90-32 Coast Guard Information ResourcesManagement
        c
    .

>                 B-223777




                  the comprehensive IRM policies and procedures or systems development
                  standards that the Coast Guard needs to guide the modernization of its
                  information systems.

                  The involvement of the Coast Guard’s new Project Development Board
                  and subsequent use of Research and Development staff in determining
                  requirements and designing systems may also help to produce improved
                  systems within realistic time frames. However, no official directive out-
                  lining the authority and purpose of the Project Development Board has
                  been promulgated by the Commandant. Without proper delegation of
                  authority and a long-term information resources management plan,
                  neither the Board nor the Research and Development Center can provide
                  strategic policy direction on the desired role and use of information
                  technology, Setting priorities for agencywide automated information
                  systems could also be difficult. As a consequence of these limitations,
                  both serve as reactive bodies, responding to and reviewing information
                  system needs on a project-by-project basis.


                  The Coast Guard’s top-level management must become fully involved in
Recommendations   the IRM decision-making process if the agency is to have the information
                  it needs to accomplish its missions. We therefore recommend that the
                  Secretary of Transportation direct the Commandant of the United States
                  Coast Guard to clarify the role and authority of the senior IRM official
                  and restructure the way in which the agency is managing the moderni-
                  zation of its information systems. The restructuring should include a
                  clear statement of the agency’s needs and the ways in which informa-
                  tion technology can serve these needs, a strategic IRM plan that supports
                  this view, and comprehensive policies, standards, and procedures to
                  guide implementation.

                  It is up to the Commandant to determine the most effective way of
                  ensuring top-management involvement in IRM. One option he should con-
                  sider is to create a centralized IRM steering committee comprised of the
                  Coast Guard’s top management to provide direction for IRM strategic
                  planning, policy, and procedures. This committee could be supported by
                  an IRM advisory committee made up of program and project managers,
                  technical staff, and system end-users to make policy recommendations,
                  develop procedures, and develop recommendations on operational stan-
                  dards. Whatever option he chooses, he and his Chief of Staff should give
                  the IRM decision-making process direction and solid support.




                  Page 11             GAO/IMTEGQO-32Coast Guard Information ResourcesManagement
                      B-223777




                      In commenting on the report, Department of Transportation officials
Agency Comments and   told us they agree with our findings and recommendations, specifically
Our Evaluation        recognizing the need for improvement in the IRM strategic planning pro-
                      cess. They indicated that our report findings and recommendations
                      would be used as a benchmark in reviewing IRM in the Coast Guard and
                      other agencies within the Department. They also submitted the Coast
                      Guard’s written response to the Secretary of Transportation as part of
                      the official agency comments.

                      In its written response to the report, the Coast Guard agreed with the
                      need to develop a strategic IRM plan and an IRM planning process. With
                      regard to the need for comprehensive IRM guidelines, the Coast Guard
                      stated that it would promulgate some additional IRM policies, standards,
                      and procedures. The Coast Guard did not agree that top-level manage-
                      ment has not been involved in IRM planning, guidance, and direction, cit-
                      ing the establishment of the c” office, which has responsibility for
                      managing the agency’s information resources, and, citing other examples
                      of involvement and vision. The Coast Guard did not specifically respond
                      to the recommendations to clarify the role of the designated senior IRM
                      official and to determine the way in which top management will be
                      involved in managing information resources. However, the Coast Guard
                      commented that it has already started a program to provide top man-
                      agement education on the strategic opportunities provided by informa-
                      tion technology, and has contracted for services to facilitate an
                      organizationwide assessment of information needs.

                      In light of the Coast Guard’s current systems modernization and future
                      information needs, we believe that by not acting on all of our recommen-
                      dations, the Coast Guard only perpetuates risks that our recommenda-
                      tions are designed to reduce. With the support and commitment of top
                      management, the Coast Guard should seek more comprehensive and
                      detailed solutions to its IRM shortcomings, explicitly addressing issues
                      concerning the involvement of top management, the role and authority
                      of its senior IRM official, and the implementation of IRM policies, stan-
                      dards, and procedures to guide the acquisition, management, and over-
                      sight of its information system projects. Such steps could provide the
                      necessary framework for effectively managing its information
                      resources.

                      The Coast Guard’s comments on the report and our evaluation of these
                      comments are contained in appendix IV.




                      Page 12             GAO/IMTEXX4O~32
                                                       Coast Guard Information ResourcesManagement
    .



L

        B-223777




        As arranged with your office, we plan to publicly release this report at
        the time of its issuance. At that time, we will send copies to the Secre-
        tary of Transportation, the Commandant of the United States Coast
        Guard, and other interested parties. This report was prepared under the
        direction of JayEtta Hecker, Director, Resources, Community, and Eco-
        nomic Development Information Systems, who can be reached at
        (202) 275-9675. Other major contributors are listed in appendix V.

        Sincerely yours,




        Ralph V. Carlone
        Assistant Comptroller   General




        Page 13             GAO/IMTEG90-32 Coast Guard Information ResourcesManagement
                                                                                                    I   \

Contents


Letter                                                                                             1

Appendix I                                                                                        16
Objectives, Scope,and
Methodology
Appendix II                                                                                       17
Common Problems
With Existing Coast
Guard Systems
Appendix III                                                                                      19
Coast Guard System
Modernization Projects
Appendix IV                                                                                       23
Agency Comments and GAO
                      Comments                                                                    28
Our Evaluation
Major Contributors to
This Report
Tables                   Table II. 1: Common Problems With Existing Coast Guard
                             Information Systems
                         Table III. 1: Cost and Planning Schedule for System                      21
                             Modernization Projects




            J




                         Page 14            GAO/IMTEC&O-32Coast Guard Information ResourcesManagement
,
    <:ontents




    Abbreviations

    AMIS        Acquisition Management Information Systems
    AMMIS       Aviation Maintenance Management Information System
    ARSC        Aviation Repair and Supply Center
    c           Office of Command, Control, and Communications
    CDB         Corporate Database
    GAO         General Accounting Office
    IMTEC       Information Management and Technology Division
    IRM         Information Resource Management
    IXIS        Law Enforcement Information System
    MSIS        Marine Safety Information System
    I’AMIS      Personnel Assignment Management Information System
    I’DS        Personnel Data/Decision System
    SAR         Search and Rescue Database System
    SARMIS      Search and Rescue Management Information System
    VIIS        Vessel Identification Information System


    Page16               GAO/IMTEG90-32 Coart Guard Information ResourcesManagement
Appendix I

Objectives,Scope,and Methodology


              The objective of our review was to determine the adequacy of (1) the
              general decision-making framework used at the Coast Guard to approve
              automated information projects, develop IRM polices and procedures, and
              direct planning for long-term informational needs, and (2) identify spe-
              cific automated systems issues regarding systems design, development,
              and review. We conducted our work from July through November 1989
              at the Coast Guard Headquarters in Washington, D.C.; the Coast Guard
              Research and Development Center in Groton, Connecticut; and the
              Department of Transportation in Washington, D.C.

              At Transportation’s Office of the Secretary, we interviewed the Director
              of the Office of Information Resources Management and analysts from
              the IRM and Acquisition Offices. At the Coast Guard, we interviewed
              Chief of Staff programming, planning, and policy officials; the desig-
              nated senior IRM official; other IRM officials; program and project mana-
              gers; and officials at the Research and Development Center. We also
              reviewed Coast Guard policy, planning, budget, and system justification
              documents, and relevant reports and legislative documents. We inter-
              viewed a consultant from Index Group, Incorporated, who was responsi-
              ble for assisting the Coast Guard in its development of an information
              architecture. To assist in our evaluation of the Coast Guard’s IRM pro-
              gram, we also contracted with an IRM consultant. In addition, we selected
              and reviewed eight Coast Guard information systems that were (1) iden-
              tified by the Coast Guard as being critical to the accomplishment of
              Coast Guard missions, (2) listed in different program areas and were at
              different stages of development, and (3) budgeted as some of the Coast
              Guard’s most costly system developments. As part of our systems
              review, we developed indicators to assess the risk that systems develop-
              ment projects will not meet Coast Guard needs. Problems with existing
              systems are contained in appendix II and concerns about several ongo-
              ing systems enhancements, replacements, or developments are discussed
              in appendix III.

              Our work was performed in accordance with generally accepted govern-
              ment auditing standards. The Department of Transportation provided
              oral comments and presented the Coast Guard’s written response to the
              Secretary as part of the official agency comments. These comments are
              summarized and evaluated in the body of this report, and the Coast
              Guard’s written response and our evaluation is included in its entirety in
              appendix IV.




              Page 16             GAO/IMTECXO-32Coast Guard Information ResourcesManagement
 Appendix II

Common Problems With Existing Coast
Guard Systems

                                                        In our review of Coast Guard systems documentation and through inter-
                                                        views with project managers, we found several common problems that
                                                        reduced the systems effectiveness and efficiency in supporting the
                                                        Coast Guard’s mission objectives. The Coast Guard’s Offices of Marine
                                                        Safety, Security and Environmental Affairs, Navigation, Safety and
                                                        Waterway Services, and Law Enforcement and Defense Operations man-
                                                        age most of the agency’s operational mission programs, such as marine
                                                        environmental response, search and rescue, and law enforcement. Each
                                                        of these offices along with various administrative ones, including the
                                                        Acquisition, Engineering, and Personnel offices, is supported by sepa-
                                                        rate information systems.

                                                        Systems supporting these offices have experienced a variety of prob-
                                                        lems including limited data query capability, system responsiveness and
                                                        reliability problems, data transfer and data integrity difficulties, prob-
                                                        lems with obsolete hardware, and inflexible software applications. Table
                                                        II. 1 summarizes the problems across five Coast Guard systems.


Table 11.1:Common Problems With Existing Coast Guard Information Systems
                                                          Responsiveness                                                                           Hardware 81
                                          Limited query         61reliability                          Data transfer        Data integrity            software
System
 _ _ -...._--..-.._-
                  -.“.-- . ..-^_I_-               ability         problems                                 difficulty           problems             obsolete
AIrcraft    Repair     and Supply Center Systems                        X                       X                                          X                     X
  ...I-.-.-_-_. .-...-~_-
Law    Enforcement                                                                                                                         X
 _-“--                - ...-.Information
                .._.-__.      -~         System (LEIS) --___-           X                       X                     X
Search and Rescue Database Svstem (SARI
                                     ,       I     I
                                                                        X                       X                     X                    X
Marine Safety Information System (MSIS)                                 X                       X                     X                    X                     X
Personnel Assignment Management
   InformatIon Svstem (PAMIS\                                           X                                                                  X                     X
                                                        aThls system IS actually a collection of several different systems and software appllcatlons developed
                                                        over the last 20 years These systems WINbe consolidated into a single, integrated system called the
                                                        Aviation Maintenance Management InformatIon System (AMMIS)


                                                        These five problems have occurred for a variety of reasons. All five of
                                                        the systems have problems with data integrity. Information received
                                                        from these systems is unreliable or redundant because of limited system
                                                        error checking or validation controls, inadequate user procedures, and
                                                        lack of systems integration. As shown, the systems had limited data
                                                        query capability, obsolete hardware (poor or nonexistent vendor sup-
                                                        port), software not meeting current user needs, and system responsive-
                                                        ness and reliability problems.




                                                        Page 17                      GAO/IMTEC90-32 Coast Guard Information ResourcesManagement
Appendix II                                                                  ,
&mmon Problems With Existing Coast
Guard Systems




Data query problems have resulted because end users of some systems,
such as the Search and Rescue database (SAR) and management informa-
tion system (SARMIS) depend upon technical support staff to tailor soft-
ware programs for certain data requests. Field office staff find the data
query process for the Law Enforcement Information System (LEIS)diffi-
cult to use, tedious, and time consuming. Data are being provided to the
system but rarely extracted to support day-to-day operational decisions.

Hardware problems have occurred because hardware used to support
systems such as those associated with the Aircraft Repair and Supply
Center (ARSC) is obsolete. The vendor no longer manufactures spare
parts for the hardware, and maintenance support for the operating sys-
tem can only be obtained on an emergency basis. Contractor-developed
software applications-designed    in the early 1980s or before-are not
meeting user needs for several systems, including MSIS, the ARSCsystems,
and LEIS. Several of the software applications used to manage the data-
bases are difficult to change because they were written by contractors,
many of which have inadequate documentation. System responsiveness
and reliability problems have interfered with users ability to obtain
information from the systems because response times are slow, com-
puters are down, or data are not current.

Data transfer difficulties have occurred for some Coast Guard sys-
tems-such as LEIS,SAANMIS,   and Msrs-because they are not integrated
systems. These systems have highly inefficient data transfer processes.
For example, many Coast Guard field offices transfer data to District
Offices by mailing floppy diskettes or printed reports which are then
reentered into another system.




Page 19               GAO/IMTEX-90-32Coast Guard Information ResourcesManagement
Appendix III

Coast Guard System Modernization Projects


               The Coast Guard is in the process of replacing or enhancing many of its
               automated information systems, Also, several new information systems
               are in various stages of planning, design, and development. When the
               costs associated with these systems are viewed collectively and over
               their life cycle, the IRM investment being made by the Coast Guard over
               the next 5 years is significant. Almost every major information system
               is scheduled for redesign, enhancement, or replacement and could be
               affected by new standards being implemented by the Coast Guard’s new
               information architecture.

               After consulting with c” officials, we selected eight ongoing automated
               systems projects to determine whether potential risks existed as a con-
               sequence of such factors as inadequate systems definition and design,
               complex requirements, spiraling costs, shortcomings in project manage-
               ment, insufficient user involvement, sophistication of technology
               involved, and lack of adherence to governmentwide standards. In mak-
               ing these risk determinations, we relied upon official Coast Guard docu-
               ments and interviews with project managers and c” personnel. The eight
               systems we examined (1) were identified by the Coast Guard as being
               critical to the accomplishment of Coast Guard missions, (2) covered dif-
               ferent program areas and were at different stages of development, and
               (3) included some of the Coast Guard’s most costly system develop-
               ments. Table III. 1 summarizes select information about these eight sys-
               tems projects.

               We found a disparity of risk across systems, with some efforts much
               better defined and managed than others. Our work surfaced two areas
               of concern which indicated weaknesses in the procedures used by the
               Coast Guard to direct automated systems development projects through
               life cycle management processes. While these concerns cannot be gener-
               alized to every project, we believe they point to significant agencywide
               information resources management weaknesses that deserve the Coast
               Guard’s attention.

                For some systems, we found incomplete documentation for project
                development schedules, cost estimates, or system deliverables. This was
                a particular problem with the Corporate Database (CDB), Search and
                Rescue Management Information System (SARMIS), and Law Enforcement
                Information System (~~1s 11)projects. In some instances, the current pro-
               ject manager lacked adequate documentation on changes previously
                made to the existing system. These problems are exacerbated by the
                lack of sufficient Coast Guard documentation on standard life cycle



               Page 19             GAO/IMTEC-90-32Coast Guard Information ResourcesManagement
Appendix III
Coast Guard System Modernization Projects




management requirements expected of information systems project
managers.

A second general area of concern is an apparent lack of coordination
between projects. Several new information systems, such as CDB, LEIS II,
MSIS II, and VIIS, are expected to interface with other Coast Guard sys-
tems or other agency systems. Because these systems are in an early
design or requirements stage, available documentation was not specific
on how this coordination was to occur. However, it appears projects are
being designed to support specific program functions without address-
ing the need for linkages to other systems to minimize potential data
collection redundancies. As these system requirements become more
fully defined, the Coast Guard will need to review proposed system link-
ages carefully to minimize redundancies.




Page 20                 GAO/IMTEGSO-32Coast Guard Information ResourcesManagement
          .
      .
  1


                                                 Appendix III
                                                 Coast Guard System Modernization ProJecte




Table 111.1:Cost and Planning Schedule for System Modernization Projects
Dollars in mullions
                                                                                                          Fiscal year
                                                                                                         S$; ComplA;t
System name                                     Objective                                                                        Development Costa
Acqursrtron Management Informat/on System       AMIS is being designed to improve contract
(AMIS)                                           management and decision support for major
                                                acquisitions,                                            1987          1992                      $6.8
Avratron Maintenance Management                 AMMIS is expected to provide an integrated
Information System (AMMIS)                       system to support aviation repair, logistics,
                                                and financral and administrative functions at
                                                the Aircraft Repair and Supply Center, Coast
                                                Guard headquarters, and 26 Coast Guard Air
                                                Stations.                                                1985          1991                       8.7
Corporate Data Base (CDB)                       CDB is being developed to provide mid-level
                                                management with consolidated information
                                                from existing systems; It is also expected to
                                                provide an aaencvwide data dictionarv.                   198ab             c                      3.06
Law Enforcement Information System II           LEIS II is expected to provide all users of
(LEIS II)                                       Coast Guard law enforcement information
                                                with data that will support tactical, patrol,
                                                and program planning decrsron making at all
                                                organrzational _____
                                                                 levels.                                 1989          1994                       5.8
Marrne Safety Information System II (MSIS II)   MSIS II is expected to enhance rnformational
                                                support for Coast Guard’s numerous marine
                                                safety security functions (e.g., port safety,
                                                vessel inspections, merchant vessel
                                                documentation, and manne pollution
                                                incidents) by increasing system reliability and
                                                availability through new software and flexible
                                                data processing technology.                              1987          1996                      20.0e
Personnel Data Decrsron System (PDS)            PDS WIII replace existing personnel systems
                                                (e.g., PAMIS) and provide an electronic
                                                backup of servrce records.                               1989          1993                       8.5
Search and Rescue Management Information        SARMIS is expected to provide a more
System (SARMIS)                                 efficient computerized method to process
                                                and communicate Coast Guard search and
                                                rescue data.                                             1984              c                      1.6
Vessel Identrfrcatron~lnformatron~System        VIIS will modernize the processing of
(VIIS)                                          maritime liens and ship mortgages, and will
                                                include vessel registration information.                 1989          1993                      15.6’
                                                aThe Coast Guard does not use a uniform agency document or procedure to estimate or record costs
                                                for system development projects The cost estimates lrsted here were derived from varrous project doc-
                                                uments provrded by Coast Guard offrcralsand our discusslons with project managers
                                                bThe CDB project was funded under the auspices of the Coast Guard’s Distributed Computer System
                                                project between fiscal years 1988 and 1990
                                                ‘Sufflclent information not avarlable
                                                dThrs figure represents budget projectrons for the period fiscal years 1991 through 1995
                           Y




                                                Page 21                       GAO/IMTEC-90-32Coast Guard Information ResourcesManagement
                                                                                              .



                                                                                                     .
Appendix III
Coast Guard System Modernization Projects




eThrs figure represents cost esttmates only for the penod between fiscal years 1990 and 1996 and
Includes costs associated wrth the Vessel Documentatron component of MSIS II that is expected to be
Integrated wrth the Vessel ldentifrcation System component of VIIS. Between ftscal years 1987 and 1989,
MSIS II prelrmrnary development costs were funded from operations and maintenance and other exrsting
MSIS accounts

‘This estrmate IS for a preferred systems development alternative identified In an Internal Coast Guard
study The estimate IS based upon the development costs of a srmtlar Department of Transportation
computerized rnformatton system (Commerctal Drivers License lnformatron System) and the Vessel Doc-
umentatron portion of the MSIS II During our revrew, the Coast Guard hired a contractor to perform a
more detailed alternattves analysts, which will form the basts for a final design decision




Page 22                     GAO/IMTEG9032 Coast Guard Information ResourcesManagement
           .
Apperidix IV

Agency Comments and Our Evaluation


supplementing those In the
report text appear at the
end of this appendix




                             sutrwIGA0 REPORT ON STRATEGIC FOCUS NEEDED                                 Date   211 MAR1990
                                   TO IMPROVE INFORMATION RESOURCES                                            7500
                                   MANAGEMENT, GAO/IMTEC-90-32 APRIL 1990
                                                                                                    reply 10 G-TIS
                              ~romCommandant,              U.S.   Coast     Guard                   Atln 01  OFFUTT
                                                                                                             267-2996

                               loDirector            of    Management       Planning

                                 1.     As requested,                the   proposed    DOT reply   to   the    subject   GAO
                                 report    is enclosed.




                                 Encl:         (1)        Proposed     DOT statement      on GAO report




                                            Page 23                         GAO/IMTEC-90-32Coast Guard Information ResourcesManagement
                             Appendix IV
                             Agency Commentsand Our Evaluatlon




                I-




                                            DEPARTMENT OF TRANSPORTATION
                                              STATEMENT ON GAO REPORT
                     I.     IPITLE:     COAST GUARD: Strategic   Focus Needed to Improve
                            Information     Resources Management, GAO/IMTEC-90-32,
                            April    1990
                     II.    $WMMARYOF GAO FINDINGS AND RECOMMENDATIONS:
                                   The GAO report         stated that the Coast Guard's ability
                            to accomplish         its missions     depends on its ability      to
                            implement      Information       systems that serve the needs of the
                            organization        overall.      The GAO found, that while the Coast
                            Guard was actively           modernizing    aging ADP systems and
                            automating       existing     processes,    a comprehensive,     agency wide
                            Information       Resources Management (IRM) focus was needed to
                            develop new ways of accomplishing               agency missions.      The
                            report     found that IRM guidance and direction             as well as a
                            vision    of how technology          can help the organization       achieve
                            its objectives          is not viewed as a top management function
                            by Coast Guard leaders.
                                    The GAO report,      found as a result     of this lack of
                            vision,     there was a no strategic         Coast Guard IFS-l plan.
                            Such a plan should describe'how            the organization    will
                            respond to current        or future   strategic    issues in terms of
                            information      requirements     and the uses of information
                            technology.
                                   Finally,   the report   found that the evaluation,                          I
                            development,    implementation     and review of Information
                            systems is jeopardized       by a lack of IRM policies,      standards             I
                            and procedures.
                     III.   SUMMARYOF DEPARTMENT OF TRANSPORTATION POSITION:
                                    GAO took a snapshot of an agency completrng               the
                             "Initiation      and Contagion"      stages of ADP growth* and
                            entering      the "Control     and Integration"        stages.    The Coast
                            Guard recognizes       that it has reached this critical
See comment 1               juncture.        Coast Guard management attitudes             and processes
                            have demonstrated        responsiveness       to the need for change to
                            keep pace with the rapid technological                growth engendered by
                            the computer revolution.            In fact,     the Coast Guard has
                            taken many positive         steps toward this objective.             The Coast
                            Guard has a strong technological              foundation      and an
                            aggressive       Command, Control      and Communications        (C3) staff,
                            *"Managing   the Crises In Data Processing,"             Richard    L.
                            Nolan, Harvard Business Review, March-April,                1979,
                            pp. 115-126.




                            Page 24               GAO/IMTEC90-32 Coast Guard Information ResourcesManagement
          .

      .




                      Appendix IV
                      Agency CommentsandOurEvaluation




                 that is well positioned    to implement the necessary        manage-
                 ment changes.    To insure   long term success,      these changes
                 should be modifications    of exis.ting    processes    as opposed to
                 new processes   which often fail     due to lack of institutional
                 commitment.
See comment 2             The Coast Guard does not agree that top level
                 management has absented itself                 from IRM planning,         guidance
                 and direction.          The Chief,       Office    of Command, Control          and
                 Communications        is very much a member of top level
                 management.        The very fact that the Commandant established
                 an Office      of Command, Control,            and Communications         in 1981
                 is indicative       of the Coast Guard's            long term commitment to
                 more visible       management of the emerging IRM technology.
                 The Commandant's delegation                of responsibilities         for IRM
                 direction,      guidance and control             was clearly     intended     to
                 draw sharper       organizational          focus to the integration           of IRM
                 into the fabric         of the Coast Guard.            Within the last two
                 years,     as IRM has become increasingly               recognized       as a
                 critical     success factor        in nearly       every mission       area, the
                 role of the Designated            Senior Official          has matured,      as has
                 his influence       with other Coast Guard offices                 and his role
                 in the planning,         programming and budgeting             processes.        TOP
                 level     management does indeed have a vision                 for the
                 integration      of IRM systems throughout              the Coast Guard as
                 evidenced      by the broad placement of the Coast Guard
                 Standard Workstation           aboard vessels         and every shore unit,
                 increased      emphasis upon source data automation,                   and
                 organizational        priority     given to the modernization               and
                 replacement      of mission       critical       computer systems.
6ee comment 3.           As the organization            prepares     to Invest    Significant
                 resources     into the modernization              and replacement        of several
                 major computer systems,              the Coast Guard takes exception               to
                 the assertion         that its focus is upon technology-related
                 solutions     without       assessing      information      needs, purpose and
                 usage.      In particular,         the Marine Safety Information               System
                 (MSIS II),       the revision        of Automated Mutual Vessel Energy
                 Rescue System (AMVER), Law Enforcement                    Information       System
                 (LEIS II) have initiated               and painstakingly        pursued the
                 requirements         analysis    process to insure          that the systems
                 will    be built      to serve both strategic            and tactical
                 Information8         needs.     Each of these projects,            as well as the
                 Corporate     Data Base (CDB), were in an evolutionary                      stage
                 when first       examined by GAO. Adequate documentation
                 appropriate        to the current         and planned stages of
                 development        are now available.
                         The Coast Guard agrees with the need to develop a
                 formal strategic        IRM plan and intends      to promulgate
                 additional    policies,     standards,  and procedures      to guide             the
See comment 4.   IRM processes.        In many cases, however, the underlying
                 objectives    of such formal plans,       policies    and standards




                       Page28                    GAO/IMTJZG90-32Coast GuardInformationResourcesManagement
                           App~~dixIV
                           Agency Commentsand Our Evaluation




                          have already      been successfully       achieved     through    strict
                          application      of existing     Coast Guard, Department of
                          Transportation,       and General Services        Administration
                          policies,     standards,     and procedures.       For example, the
                          Coast Guard believes         that current     Sensitive     Application
                          Certification      processes     included   in its ADP security
                          program provide       adequate control      to insure that program
                          managers implement systems properly.
SEC comment 5                     The Coast Guard agrees that the current              technology
                          architecture       may not have fully      addressed mission
                          objectives      of current     and future    Coast Guard Systems.
                          However, development          of the technology     architecture       is a
                          significant      starting     point.    The Coast Guard is presently
                          proceeding      with the applications        part of the architecture
                          and improving       the systems planning       process in Its FYgO
                          project     with the Transportation        Systems Center.        It should
                          be noted that this architecture            is dynamic in nature and
                          will    be reviewed      at least every two years to insure            that it
                          reflects     any changes in vision        as new uses of Information
                          technology      emerge.
See comment 6                       The Coast Guard recognizes             that it has reached a
                          critical       phase in adapting         IRM technology         to better
                          accomplish         Its organizational         objectives.          Many of the
                          difficulties          indicated     in the report       have been well known
                          to the Coast Guard: indeed they were the impetus for
                          ongoing modernization              and replacement        efforts.      At the same
                          time, past efforts             have resulted       in significant
                          accomplishments.              The Coast Guard is generally             considered
                          among other government              agencies     to be at the forefront           in
                          the application            of IRM technology.          These successes aside,
                          the Coast Guard acknowledges                that there remains room for
                          improvement.            The Coast Guard finds the GAO report                helpful
                          in identifying           areas for additional          attention,      and also in
                          confirming         that many current        efforts     are headed in the
                          right      direction.
                    IV.   STATUS OF CORRECTIVE ACTION:
See comment 7                   The Coast Guard has developed               and Is in the process          Of
                          promulgating   a directive that:
                          a. Incorporates     IRM considerations  at all levels                of the
                             Planning,    Programming and Budgeting   process.
                          b. Requires    a strategic      IRM plan that includes    initiatives
                             that will    help the agency meet the challenge          of
                             increasing    mission     responsibilities   with level      or
                             constrained     resources      through the use of Information
                             Technology.


                *




                           Page26                   GAO/IMTEG90-32CoastGuardInformationResourcesManagemenc
*
             Appendix IV
             Agency Commentsand Our Evaluation




        C.    Links strategic IRM Plans with the priorities            of the
              Research and Development  Project Development           Board.
        d. Provides  a mechanism for         reporting   the status      of ongoing
           cross functional   systems        development    efforts    to top
           management.
               The Coast Guard has already         started     a program to
        provide     top management education       on the strategic
        opportunities      provided by information         technology     and has
        contracted     for services  to facilitate         an organization     wide
        assessment of information      needs.
                The Coast Guard has done extensive           evaluation    of
        Information      Engineering     Workbench (IEW), an advanced
        Computer Assisted        Software    Engineering   (CASE) tool and is
        implementing      many major systems using this technology.             In
        addition    the Coast Guard will         implement policies     and
        procedure     for the evaluation,       development,     implementation
        and integration       of information       systems as follows:
        a. Formal adoption       of DOD standards  for systems development
           and requirements        for the use of CASE tools:  Summer 1990
        b. Implementation     of the FIPS Pub 156 (a standard
           Information    Resource Dictionary  system) and
           requirements    for its use: Fall 1990
              The Coast Guard believes        that this corrective     action
        is responsive     both to the GAO report       and the challenges     the
        agency is facing      in its Information     Resources Management
        responsibilities.




    Y




             Page 27               GAO/IMTEC-SO-32Coast Guard Information ResourcesManagement
                                                                                       ,


               Appendix IV
               Agency Commentsand Our Evaluation




                1. The Coast Guard stated that its management attitudes and processes
GAO Comments   have demonstrated a responsiveness to the need for change to keep pace
               with technological growth, and that it has taken many positive steps in
               this regard. As an example of these steps, the Coast Guard cited a strong
               technological foundation and an aggressive Command, Control, and
               Communications (C:l) staff that is well positioned to implement necessary
               management changes. The Coast Guard also stated that to ensure long-
               term success, these changes should be modifications of existing
               processes as opposed to new processes, which often fail because of a
               lack of institutional commitment.

               We agree that the Coast Guard has taken several positive steps to deal
               with IRM issues facing the agency. However, as explained on page 4, we
               found that the Coast Guard’s focus over the next few years is directed
               toward eliminating technology-related problems without a concurrent
               reassessment of the organization’s overall information needs, Without
               this assessment, the Coast Guard may lose a key opportunity to identify
               and obtain the information it needs to accomplish its missions.

               We believe that the role and authority of the @ office has not been
               clearly delineated, impairing its ability to implement and guide organiza-
               tionwide IRM policies, As discussed on pages 5 through 7, this office has
               not been able to provide IRM leadership or effectively solve IRM issues,
               and it has not been given adequate support by top Coast Guard manage-
               ment. Further, c:’ has been involved only informally in key information
               system budgeting and oversight processes.

               We agree that modifications of existing IRM processes may serve as ini-
               tial corrective steps for some of the Coast Guard’s problems; however,
               we do not agree that this approach is the solution to the Coast Guard’s
               overall IRM deficiencies. Our findings and recommendations point to the
               need for changes in management of information resources that tran-
               scend changes in processes. With vision, leadership, and commitment
               from top management, the Coast Guard could develop an IRM philosophy
               that would unite individual program efforts and address the interrelated
               problems that pose risks to the success of the Coast Guard’s moderniza-
               tion efforts. By not seizing this opportunity to restructure its IRM pro-
               gram, the danger exists that systems resulting from the modernization
               effort will continue to be a loose collection of unrelated projects.

               2. The Coast Guard does not agree that top-level management has
               absented itself from IRM planning, guidance, and direction. As an exam-
               ple of such involvement, the Coast Guard cited the establishment of the


               Page 28               CAO/IMTEG90-32 Coast Guard Information ResourcesManagement
.


    Appendix IV
    Agency Commentsand Our Evaluatlon




    ~3 office,
             whose chief is a member of top-level management. The Coast
    Guard also believes that top-level management has a vision for the inte-
    gration of IRM systems throughout the agency. This vision, according to
    the Coast Guard, is illustrated by the broad placement of the Coast
    Guard standard workstation aboard vessels and every shore unit,
    increased emphasis on source-data automation, and priority given to the
    modernization and replacement of mission-critical computer systems.

    We disagree. The mere presence of top-level management in IRM decision
    making does not ensure that it is providing leadership, guidance, and
    direction. For example, as pointed out on page 6, the chief of c3 has
    stated that he has not had sufficient authority to provide agencywide
    IRM leadership. Further, as we discuss on pages 6 and 6, top management
    has not clearly articulated how the organization will respond to current
    or future information requirements and uses of information technology.

    We also believe that the individual efforts cited by the Coast Guard,
    such as the placement of standard workstations aboard vessels and
    shore units, or emphasis on source-data automation, do not represent a
    clear, comprehensive vision of how the agency can benefit from infor-
    mation technology. As discussed on pages 6 and 7, a strategic IRM plan
    would provide the mechanism to coordinate automated systems efforts
    such as these, and could be used by top management to articulate its
    vision to the organization. Because of this absence of a strategic IRM
    planning process and the unclear role and authority of the senior IRM
    official, we find the Coast Guard is lacking top-management leadership,
    guidance, and direction in managing information resources.

    3. The Coast Guard takes exception to the assertion that its IRM focus is
    on technology-related solutions without an assessment of information
    needs, The Coast Guard cites several systems that have pursued the
    requirements analysis process as examples of an ongoing assessment of
    information needs, and sees this assessment as part of its modernization
    program. The Coast Guard also implies that because the systems we
    reviewed were in an evolutionary stage of development, adequate docu-
    mentation appropriate to the current and planned stages of development
    was not available.

    We disagree. As we discuss on pages 7 and 9, the absence of an agency-
    wide IRM plan and an information architecture that concentrates on
    technology solutions, indicate that the Coast Guard is not paying suffi-
    cient attention to the organization’s overall information needs. While
    some systems may have defined individual program needs, there has


    Page 29               GAO/IMTECSO-32Coast Guard Information ResourcesManagement
Appendix IV
Agency Commentsand Our Evaluation




been little assessment of the advantages and opportunities that would
be created by addressing information needs that cross organizational
boundaries. With regard to systems being in an evolutionary stage of
development, half of the systems we reviewed had been in development
for over 2 years, as illustrated on page 2 1.

4. The Coast Guard agrees with the need to develop a formal strategic
IRM plan, and intends to promulgate additional policies, standards, and
procedures. However, the Coast Guard also believes that in many cases
the underlying objectives of formal plans, policies, and standards have
already been successfully achieved through strict application of existing
Coast Guard, Transportation, and General Service Administration (GSA)
policies, standards, and procedures.

We agree that the Coast Guard needs to develop a strategic IRM plan and
comprehensive policies, standards, and procedures. We do not agree that
the Coast Guard has achieved the objectives that these mechanisms pro-
vide. As discussed on page 6, a strategic IRM plan provides the mecha-
nism to set and evaluate priorities, and specifies how an agency’s
information technology will support its mission. During our review, we
did not find evidence of any existing Coast Guard, Transportation, or
GSA plan that is currently being used by the Coast Guard to accomplish
this objective.

Further, the Coast Guard has not strictly applied existing policies, stan-
dards, and procedures. As we discuss on page 9, some project managers
are cognizant of governmentwide standards and apply them to their sys-
tem development efforts, while others rely on the c” office to provide
them what they need. Overall, we found that policies, standards, and
procedures have been informally disseminated and disparately applied,
with only informal oversight by the c” office once projects have been
initially funded.

6. The Coast Guard agreed that its current technology architecture may
not fully address the mission objectives of current and future Coast
Guard systems. However, it believes that this architecture is a signifi-
cant starting point. The Coast Guard also stated that it is continuing to
develop the architecture and improving the system-planning process.

We agree that the architecture is a good starting point. Nonetheless, as
discussed on page 9, we believe that the formulation of the architecture
suffers from the lack of guidance that an IRM plan and policies would
provide. For example, it is not clear that the completed components of


Page 30               GAO/IMTEC-90-32Coast Guard Information ResourcesManagement
    .
.

        &endix     IV
        Agency Commentsand Our Evaluation




        the technology architecture fully address mission objectives of current
        and future systems, and the manner in which they will be employed. In
        addition, the Coast Guard has not set up a process for testing, imple-
        menting, or enforcing the architecture.

        6. The Coast Guard recognizes that it has reached a critical phase in
        adapting IHM technology to better accomplish its organizational objec-
        tives. The Coast Guard believes that past efforts have resulted in signifi-
        cant accomplishments, that many of the difficulties pointed out in the
        report are well-known, and these difficulties constitute the reason for
        the current modernization effort.

        We agree that the Coast Guard has reached a critical stage in adapting
        IRM technology to better accomplish its objectives. As discussed on page
        4, we recognize that the Coast Guard has spent over a half-billion dollars
        on the acquisition and management of its information systems, and is
        aware of problems with its existing information systems. We believe,
        however, that the common problems that have affected existing Coast
        Guard systems point to an agencywide problem that the Coast Guard is
        not addressing. Until the Coast Guard fully addresses the recommenda-
        tions made in this report, we believe investments made in the agency’s
        information system infrastructure will run the risk of not meeting the
        agency’s needs.

        7. Current corrective actions cited by the Coast Guard appear to address
        our recommendation on the need for an IRM plan and IRM planning
        processes, but only partially address the other recommendations. The
        Coast Guard stated that it has started a program to provide top manage-
        ment with education on the strategic opportunities provided by informa-
        tion technology. However, the Coast Guard did not address (1) how top
        management will become more involved in the IRM decision-making pro-
        cess, or (2) the need to clarify the role of the designated senior IRM
        official.

        The Coast Guard also notes that it is implementing Department of
        Defense standards for systems development and FIPS Pub 156l to
        strengthen policies and procedures used for the evaluation, develop-
        ment, and integration of information systems. The establishment of sys-
        tem development standards and a standard information resources


        ‘Federal Information Processing Standard Publication 156, Guidelines for developing an Information
        Resources Dictionary System, National Institute of Standards and Technology, Apr. 5, 1989.



        Page 31                    GAO/IMTEC90-32 Coast Guard Information ResourcesManagement
Appendlx IV
Agency Commentsand Our Evaluation




dictionary are positive steps toward developing comprehensive IRM poli-
cies, standards, and procedures to guide the implementation of informa-
tion technology. The Coast Guard also needs to consider including the
FIPS Pub standard as part of its overall information architecture.




Page 32               GAO/IMTEC9032 Coast Guard Information ResourcesManagement
Major Contributors to This Report


                       David G. Gill, Assistant Director
Information            David L. McClure, Assignment Manager
Management and         Heidi L. Alves, Evaluator-in-Charge
Tech<ology Division,   Ruth Baskerville, Evaluator
                       Mary T. Marshall, Reports Analyst
Washington, DC,




(nlwr)                 Page 33           GAO/IMTEX-90-32Coast Guard Information ResourcesManagement