The Government Accountability Office, the GAO, has added IT Acquisitions and Operations to its list of programs it identifies as posing a high risk for fraud, waste, abuse, and mismanagement.  This biennial list contains GAO’s analysis of newly- and previously-added high-risk programs and recommendations for improving their economy, efficiency, and effectiveness.

In adding IT Acquisitions and Operations to this list, GAO observed that “federal IT investments too frequently fail to be completed or incur cost overruns and schedule slippages while contributing little to mission-related outcomes.”  The GAO noted that “the federal government has spent billions of dollars on failed and poorly performing IT investments, which often suffered from ineffective management, such as project planning, requirements definition, and program oversight and governance.”  As a result, improving IT acquisition requires “[p]erseverance by the executive branch in implementing GAO’s recommended solutions and continued oversight and action by Congress.”

In its full report, GAO explained that over the last five years it has made 730 recommendations for improving IT investments, but that only 23 of these recommendations had been fully implemented as of last month.  Similarly, GAO found that OMB’s recommendations and initiatives have not been effectively implemented either.  For instance, in addressing agencies’ common use of a “big bang” approach to IT investments in which projects are given a broad scope and not expected to deliver any capabilities for several years, OMB recommended that IT projects be structured to require delivery of some capabilities every six months.  GAO noted, however, that only slightly more than a quarter of the IT acquisitions it reviewed followed this recommendation.  In addition, GAO expressed concern with the accuracy and reliability of information posted by procuring agencies on the OMB’s IT Dashboard website, a public website for reporting on the status of major IT investments.  GAO noted that the Dashboard had not been updated for 15 of the previous 24 months, and that some agencies had removed  their major IT investments from the Dashboard instead of reporting on their problems, which GAO said illustrated “a troubling trend toward decreased transparency.”  Finally, GAO also explained that OMB’s TechStat governance initiative—meetings between OMB and agency leadership intended to turn around or terminate failing IT investments—has not produced sufficient results, as these meetings addressed fewer than 20 percent of medium- or high-risk IT investments.

Overall, GAO found that initiatives by OMB and the agencies to improve IT acquisition have been “inconsistent” and that executive-level oversight has been “ineffective.”  Therefore, GAO directed OMB and the agencies to “expeditiously implement” the recent statutory provisions in the National Defense Authorization Act for Fiscal Year 2015 relating to IT acquisition reform. These reforms require, among other things, that chief information officers certify that incremental development requirements are adequately implemented for IT acquisitions, federal agencies report annually to OMB concerning their efforts to consolidate federal data centers, and OMB provide a publicly-available list of all major IT investments that includes each investment’s cost, schedule, and performance evaluation.

GAO also recommended that OMB and the agencies continue implementing GAO’s previous recommendations, especially those in three “crucial” areas—improving management of software licenses, updating the public version of the Dashboard, and conducting TechStat reviews of at-risk investments.  GAO set as a benchmark that at least 80 percent of the government’s major IT acquisitions should be structured to deliver some capabilities every 12 months.

The GAO’s addition of IT acquisitions to its list of high-risk programs underscores the growing emphasis on transparency and accountability in this area.  We will monitor the response by OMB and the agencies as they engage in new IT investments and manage their legacy programs, particularly as agencies begin to implement the changes required by FITARA.