The US Government Accountability Office (GAO) says in a recent report that the federal government needs to strengthen its processes for identifying and overseeing high-risk IT projects. However, the GAO’s recommendations were all rebuffed by Karen Evans, the US federal administrator of IT and e-government.
The GAO’s report assessed processes put in place after an August 2005 directive in which the White House Office of Management and Budget (OMB) ordered federal agencies to identify high-risk projects and provide quarterly reports on those failing to meet certain performance criteria.
Commissioned by the House Committee on Government Reform, the report summarises the progress that agencies have made in adhering to the directive but notes they haven’t always consistently identified high-risk projects. As a result, the GAO found several projects that appeared to meet the OMB’s definition of high-risk, but the agencies didn’t classify them as such.
The GAO also chastised the OMB for failing to fully assist the agencies in complying. For example, it cites a lack of clarity in the directive and says the OMB could have done more to ensure its success. The budget office needs to streamline the procedures that agencies use to submit their quarterly reports, the GAO says, noting that inconsistencies could exist between OMB and agency records.
According to the GAO, the OMB hasn’t defined procedures for agencies to provide updated information about high-risk projects. It also hasn’t compiled a single, aggregated list of the identified projects, which limits OMB staffers’ ability to analyse projects on a government-wide basis and track the full set of IT investments requiring special oversight, the report says.
Big money is at stake, the report notes. Within the 24 agencies subject to the August 2005 directive, the GAO tallied 226 IT projects classified by their respective agencies as high-risk. The report said the total funding requested for the projects in fiscal year 2007, which starts October 1, is US$6.4 billion (NZ$10 billion) — about 10% of the Bush administration’s overall IT budget request.
Seventy-nine of the high-risk projects, totalling about US$2.2 billion in planned outlays, were classified by agencies as suffering from performance shortfalls, the report says.
The GAO recommended that the OMB order agencies to consistently apply its criteria for designating projects as high risk and establish “a structured, consistent process” for updating project data. It also called on the OMB to create a unified list of high-risk projects and their deficiencies.
But Evans, who was appointed to the IT and e-government oversight role in 2003, is adamant that the GAO’s suggestions were based on inaccurate assumptions and interpretations. Evans, who is also the director of the Federal CIOs Council, says the GAO’s report contradicts itself on the need for the OMB to provide agencies with further guidance on identifying high-risk projects.
“The report incorrectly implies agencies will not be able to oversee their own projects without additional guidance on this narrowly focused process, when in fact the report itself suggests agencies are using this policy as an opportunity to improve their internal oversight,” she says. Evans disputes the need for an aggregated list of high-risk projects, noting the OMB uses the reports from agencies “in the larger context of [its] budget and program oversight processes”.