This is the accessible text file for GAO report number GAO-14-66 entitled 'Information Technology: Agencies Need to Strengthen Oversight of Multibillion Dollar Investments in Operations and Maintenance' which was released on November 6, 2013. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to Congressional Requesters: November 2013: Information Technology: Agencies Need to Strengthen Oversight of Multibillion Dollar Investments in Operations and Maintenance: GAO-14-66: GAO Highlights: Highlights of GAO-14-66, a report to congressional requesters. Why GAO Did This Study: Of the over $82 billion that federal agencies plan to spend on IT in fiscal year 2014, at least $59 billion is to be spent on O&M, which consists of legacy systems (i.e., steady state) and systems that are in both development and O&M (known as mixed life cycle). OMB calls for agencies to perform annual OAs, which are a key method for examining the performance of O&M investments. GAO was asked to review IT O&M investments and agency use of OAs. The objectives of this report were to among other things (1) identify the federal IT O&M investments with the largest budgets, including their responsible agencies and how each investment supports its agency’s mission; (2) determine the extent to which these investments have undergone OAs; and (3) assess whether the responsible agency’s major IT investments are in development, mixed life cycle, or steady state. To do so, GAO focused on the 10 IT investments with the largest budgets in O&M and their responsible eight agencies, and assessed whether OAs were conducted on the investments. In addition, GAO evaluated what agencies spent on mixed, development, and O&M investments and whether agencies were using O&M funds for development activities. What GAO Found: The 10 federal information technology (IT) operations and maintenance (O&M) investments with the largest budgets in fiscal year 2012-—and the eight agencies that operate them—-are identified by GAO in the table below. They support agencies by providing, for example, global telecommunications infrastructure and information transport services for the Department of Defense. Of the 10 investments, only the Department of Homeland Security (DHS) investment underwent an operational analysis (OA)—a key performance evaluation and oversight mechanism required by the Office of Management and Budget (OMB) to ensure O&M investments continue to meet agency needs. DHS’s OA addressed most factors that OMB calls for; it did not address three factors (e.g., comparing current cost and schedule against original estimates). DHS officials attributed these factors not being addressed to the department still being in the process of implementing its new OA policy. The remaining agencies did not assess their investments, which accounted for $7.4 billion in reported O&M spending. Agency officials cited several reasons for not doing so, including relying on budget submission and related management reviews that measure performance; however, OMB has noted that these are not a substitute for OAs. Until the agencies ensure their operational investments are assessed, there is a risk that they will not know whether these multibillion dollar investments fully meet intended objectives. Table: Department: Department of Defense; Investment: Defense Information System Network; O&M Budget fiscal year 2012[A]: $1.813 billion; OA? No. Department: Department of Defense; Investment: Next Generation Enterprise Network; O&M Budget fiscal year 2012[A]: $1.394 billion; OA? No. Department: Department of Energy; Investment: Consolidated Infrastructure, Office Automation, and Telecommunications Program; O&M Budget fiscal year 2012[A]: $909 million; OA? No. Department: Department of Health and Human Services; Investment: National Institutes of Health IT Infrastructure; O&M Budget fiscal year 2012[A]: $358 million; OA? No. Department: Department of Homeland Security; Investment: Customs and Border Protection Infrastructure; O&M Budget fiscal year 2012[A]: $529 million; OA? Yes. Department: Department of the Treasury; Investment: Main Frames and Servers Services and Support; O&M Budget fiscal year 2012[A]: $482 million; OA? No. Department: Department of Veterans Affairs; Investment: Medical IT Support; O&M Budget fiscal year 2012[A]: $1.053 billion; OA? No. Department: Department of Veterans Affairs; Investment: Enterprise IT Support; O&M Budget fiscal year 2012[A]: $665 million; OA? No. Department: National Aeronautics and Space Administration; Investment: IT Infrastructure; O&M Budget fiscal year 2012[A]: $458 million; OA? No. Department: Social Security Administration; Investment: Infrastructure Data Center; O&M Budget fiscal year 2012[A]: $272 million; OA? No. Source: GAO analysis of OMB and agency data. [A] GAO assessed whether an OA had been performed for fiscal year 2012 because it was the last full year for completing OAs. [End of table] For the eight agencies in this review, the majority of their 401 major IT investments were mixed life cycle (i.e., having activities and systems that are in both development and O&M) with regard to total spending and number of investments. Specifically, 193 (48 percent) of the investments were mixed investments, accounting for about $18 billion (61 percent) of planned spending. As such, successful oversight of such investments should involve a combination of conducting OAs to address operational portions of an investment and establishing IT governance and program management disciplines to manage those portions under development. GAO’s experience at the agencies and this report have identified agency inconsistencies in conducting OAs and establishing the capabilities that are key to effectively managing IT investments; accordingly, GAO has made prior recommendations to strengthen agency efforts in these areas. GAO assessed whether an OA had been performed for fiscal year 2012 because it was the last full year for completing OAs. What GAO Recommends: GAO is recommending that the seven agencies that did not perform OAs on their large IT O&M investments do so, and that DHS ensure that its OA is complete and addresses all OMB factors. Of the seven agencies, three agreed with GAO’s recommendations; two partially agreed; and two had no comments. DHS agreed with the GAO recommendation to it. View [hyperlink, http://www.gao.gov/products/GAO-14-66]. For more information, contact David A. Powner at (202) 512-9286 or pownerd@gao.gov. [End of section] Contents: Letter: Background: The 10 O&M IT Investments with the Largest Budgets Support Agencies in a Variety of Ways and Represent a Significant Part of Overall Federal IT O&M Funding: Most of the Largest O&M IT Investments Did Not Undergo Operational Analyses: Majority of Agencies' Investments Were Mixed Life Cycle and Use of O&M Funds for Development Activities Was Limited: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Objectives, Scope, Methodology: Appendix II: Comments from the Department of Homeland Security: Appendix III: Comments from the National Aeronautics and Space Administration: Appendix IV: Comments from the Social Security Administration: Appendix V: Comments from the Department of Veterans Affairs: Appendix VI: Comments from the Department of Defense: Appendix VII: Comments from the Department of Energy: Appendix VIII: Comments from the Department of the Treasury: Appendix IX: GAO Contact and Staff Acknowledgments: Tables: Table 1: Fiscal Year 2014 O&M Percentage of Total Planned IT Spending: Table 2: Fiscal Year 2014 Development Percentage of Total Planned IT Spending: Table 3: 10 Largest O&M Investments, Responsible Department and Agency, Amount Budgeted for O&M and Development for fiscal year 2012, Investment Type, and How Investment Supports Mission: Table 4: 10 Largest IT O&M Investments, Whether They Underwent an OA, and Their fiscal year 2012 O&M Cost (in millions): Table 5: Customs and Border Protection Infrastructure: Analysis of Extent to Which Investment's Fiscal Year 2012 OA Addressed OMB Factors: Table 6: Fiscal Year 2012 Selected Major IT Investments Reported Spending Summary (in millions): Table 7: Fiscal Year 2012 Selected Major IT Investments Summary: Figures: Figure 1: Percentages of Total Federal IT Spending for Fiscal Year 2014: Figure 2: Major IT Investments for Fiscal Year 2012 by Reported Spending (billions): Figure 3: Major IT Investments for Fiscal Year 2012 by Total Number of Investments in Each Phase (Development, Steady State, or Mixed Life Cycle): Abbreviations: DOD: Department of Defense: DOE: Department of Energy: DHS: Department of Homeland Security: HHS: Department of Health and Human Services: IT: information technology: NASA: National Aeronautics and Space Administration: OA: operational analysis: O&M: operations and maintenance: OMB: Office of Management and Budget: SSA: Social Security Administration: Treasury: Department of the Treasury: VA: Department of Veterans Affairs: [End of section] GAO: United States Government Accountability Office: 441 G St. N.W. Washington, DC 20548: November 6, 2013: Congressional Requesters: Federal agencies plan to spend over $82 billion on information technology (IT) in fiscal year 2014. Of this amount, at least $59 billion was reported by the agencies to be spent on operations and maintenance (O&M). O&M investments consist of existing legacy systems (i.e., steady state) and systems that are in both development and O&M (known as mixed life cycle). Given the size and magnitude of these investments, it is important that agencies effectively manage the operations and maintenance of existing investments to ensure they (1) continue to meet agency needs, (2) deliver value, and (3) do not unnecessarily duplicate or overlap with other investments. The Office of Management and Budget (OMB) directs agencies to periodically examine the performance of these investments against, among other things, established cost, schedule, and performance goals. Specifically, OMB calls for agencies to perform annual operational analyses (OA), which are a key method for examining the performance of such investments in O&M. The objectives of our current review were to: * identify the federal IT O&M investments with the largest budgets, including their responsible agencies and how each investment supports its agency's mission; * determine the extent to which these investments have undergone OAs; and: * assess whether the responsible agency's major IT investments are in development, mixed life cycle, or steady state and the extent to which funding for investments in O&M have been transferred and used to fund investments in development. To do so, our work focused on the 10 federal IT investments with the largest reported budgets in O&M and the eight responsible agencies-- namely, the Departments of Defense (DOD), Energy, Homeland Security (DHS), Health and Human Services (HHS), the Treasury, and Veterans Affairs (VA), and the National Aeronautics and Space Administration and Social Security Administration--that operate these investments. In addition, we determined how these 10 investments supported their agencies' mission by analyzing OMB and agency documentation and conducting interviews with agency officials responsible for these investments. We also addressed whether the agencies conducted OAs to manage these 10 investments in accordance with OMB guidance. More specifically, we assessed whether an analysis had been performed on each of the 10 investments during fiscal year 2012 (because it was the last full year for completing OAs) and if so, we compared it to the OMB guidance criteria to identify any gaps and their causes. Further, to assess whether each of the eight agency's major IT investments are in development, mixed life cycle, or steady state, we analyzed OMB budget documentation on the agencies' planned spending on each IT investment by phase (i.e., development, mixed, or steady state). Moreover, to assess the extent to which these agencies' had used their O&M funds on development activities, we compared what the agencies had planned to spend on development and O&M (in fiscal year 2012) with what was reported to have been spent in order to identify any variances that indicated O&M funds had been reprogrammed and used to fund development activities. We also conducted interviews with agency officials and reviewed agency documentation to verify whether any such reprogramming of funds had occurred, their causes, and the extent to which such changes were subject to management oversight. We conducted this performance audit from December 2012 to October 2013 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Details on our objectives, scope, and methodology can be found in appendix I. Background: The President's fiscal year 2014 budget request included plans for the federal government to spend over $82 billion on IT. The stated goal of the President's IT budget request is to support making federal agencies more efficient and effective for the American people; it also states that the strategic use of IT is critical to success in achieving this goal. Of the $82 billion budgeted for IT, the budget provides that 26 key agencies[Footnote 1] plan to spend the bulk of it, approximately $76 billion.[Footnote 2] Further, of the $76 billion, over $59 billion is to be spent on O&M investments with the remainder ($17 billion) being budgeted for development of new capabilities. As shown in figure 1, the $59 billion represents a significant majority (i.e., 77 percent) of total budgeted spending for these agencies ($76 billion). Figure 1: Percentages of Total Federal IT Spending for Fiscal Year 2014: [Refer to PDF for image: pie-chart] Operations and maintenance: 77%; Development: 23%. Source: GAO analysis of OMB data. [End of figure] Although O&M spending by these agencies is about 77 percent of total IT spending, the amount spent by each agency varies from a high of 98 percent to a low of 46 percent (as shown in the following table). Table 1: Fiscal Year 2014 O&M Percentage of Total Planned IT Spending: Agency: Department of Defense; Total IT spending: $34.591 billion; O&M spending: $25.194 billion; O&M percentage of total IT spending: 73%. Agency: Department of Health and Human Services; Total IT spending: $7.288 billion; O&M spending: $6.477 billion; O&M percentage of total IT spending: 89%. Agency: Department of Homeland Security; Total IT spending: $6.072 billion; O&M spending: $5.075 billion; O&M percentage of total IT spending: 84%. Agency: Department of Veterans Affairs; Total IT spending: $3.890 billion; O&M spending: $3.346 billion; O&M percentage of total IT spending: 86%. Agency: Department of the Treasury; Total IT spending: $3.746 billion; O&M spending: $2.860.0 billion; O&M percentage of total IT spending: 76%. Agency: Department of Transportation; Total IT spending: $3.128 billion; O&M spending: $1.442 billion; O&M percentage of total IT spending: 46%. Agency: Department of Justice; Total IT spending: $2.657 billion; O&M spending: $2.152 billion; O&M percentage of total IT spending: 81%. Agency: Department of Agriculture; Total IT spending: $2.510 billion; O&M spending: $2.204 billion; O&M percentage of total IT spending: 88%. Agency: Department of Commerce; Total IT spending: $2.507 billion; O&M spending: $1.578 billion; O&M percentage of total IT spending: 63%. Agency: Department of Energy; Total IT spending: $1.529 billion; O&M spending: $1.317 billion; O&M percentage of total IT spending: 86%. Agency: Social Security Administration; Total IT spending: $1.504 billion; O&M spending: $849.1 million; O&M percentage of total IT spending: 56%. Agency: National Aeronautics and Space Administration; Total IT spending: $1.436 billion; O&M spending: $1.410 billion; O&M percentage of total IT spending: 98%. Agency: Department of State; Total IT spending: $1.417 billion; O&M spending: $1.146 billion; O&M percentage of total IT spending: 81%. Agency: Department of the Interior; Total IT spending: $1,013 billion; O&M spending: $958.2 million; O&M percentage of total IT spending: 95%. Agency: Department of Education; Total IT spending: $620.8 million; O&M spending: $515.6 million; O&M percentage of total IT spending: 83%. Agency: Department of Labor; Total IT spending: $611.1 million; O&M spending: $517.3 million; O&M percentage of total IT spending: 85%. Agency: General Services Administration; Total IT spending: $485.9 million; O&M spending: $397.7 million; O&M percentage of total IT spending: 82%. Agency: Environmental Protection Agency; Total IT spending: $447.7 million; O&M spending: $381.0 million; O&M percentage of total IT spending: 85%. Agency: Department of Housing and Urban Development; Total IT spending: $293.6 million; O&M spending: $144.9 million; O&M percentage of total IT spending: 49%. Agency: Nuclear Regulatory Commission; Total IT spending: $152.4 million; O&M spending: $130.2 million; O&M percentage of total IT spending: 85%. Agency: U.S. Agency for International Development; Total IT spending: $125.8 million; O&M spending: $98.4 million; O&M percentage of total IT spending: 78%. Agency: Small Business Administration; Total IT spending: $115.2 million; O&M spending: $76.7 million; O&M percentage of total IT spending: 67%. Agency: National Archives and Records Administration; Total IT spending: $103.3 million; O&M spending: $94.3 million; O&M percentage of total IT spending: 91%. Agency: National Science Foundation; Total IT spending: $98.7 million; O&M spending: $84.8 million; O&M percentage of total IT spending: 86%. Agency: Office of Personnel Management; Total IT spending: $86.1 million; O&M spending: $65.4 million; O&M percentage of total IT spending: 76%. Agency: Smithsonian Institution; Total IT spending: $66.1 million; O&M spending: $63.9 million; O&M percentage of total IT spending: 97%. Agency: Grand total; Total IT spending: $76.496 billion; O&M spending: $58.578 billion; O&M percentage of total IT spending: 77%. Source: GAO analysis of OMB data. [End of table] Development spending, which is intended for the inclusion of new capabilities, accounts for approximately 23 percent of the total amount to be spent on IT in fiscal year 2014 by these agencies. However, the investments in development vary greatly, from 54 percent by the Department of Transportation to a low of 2 percent by the National Aeronautics and Space Administration. Table 2: Fiscal Year 2014 Development Percentage of Total Planned IT Spending: Agency: Department of Defense; Total IT spending: $$34.591 billion; Development spending: $$9.398 billion; Development percentage of total IT spending: $27%. Agency: Department of Health and Human Services; Total IT spending: $7.288 billion; Development spending: $810.7 million; Development percentage of total IT spending: $11%. Agency: Department of Homeland Security; Total IT spending: $6.072 billion; Development spending: $997.5 million; Development percentage of total IT spending: $16%. Agency: Department of Veterans Affairs; Total IT spending: $3.890 billion; Development spending: $543.8 million; Development percentage of total IT spending: $14%. Agency: Department of the Treasury; Total IT spending: $3.746 billion; Development spending: $886.0 million; Development percentage of total IT spending: $24%. Agency: Department of Transportation; Total IT spending: $3.128 billion; Development spending: $1.686 billion; Development percentage of total IT spending: $54%. Agency: Department of Justice; Total IT spending: $2.657 billion; Development spending: $505.8; Development percentage of total IT spending: $19%. Agency: Department of Agriculture; Total IT spending: $2.510 billion; Development spending: $306.4 million; Development percentage of total IT spending: $12%. Agency: Department of Commerce; Total IT spending: $2.507 billion; Development spending: $928.6 million; Development percentage of total IT spending: $37%. Agency: Department of Energy; Total IT spending: $1.529 billion; Development spending: $212.5 million; Development percentage of total IT spending: $14%. Agency: Social Security Administration; Total IT spending: $1.504 billion; Development spending: $654.9 million; Development percentage of total IT spending: $44%. Agency: National Aeronautics and Space Administration; Total IT spending: $1.436 billion; Development spending: $25.8 million; Development percentage of total IT spending: $2%. Agency: Department of State; Total IT spending: $1.417 billion; Development spending: $270.8 million; Development percentage of total IT spending: $19%. Agency: Department of the Interior; Total IT spending: $1.013 billion; Development spending: $54.7 million; Development percentage of total IT spending: $5%. Agency: Department of Education; Total IT spending: $620.8 million; Development spending: $105.2 million; Development percentage of total IT spending: 17%. Agency: Department of Labor; Total IT spending: $611.1 million; Development spending: $93.8 million; Development percentage of total IT spending: $15%. Agency: General Services Administration; Total IT spending: $485.9 million; Development spending: $88.2 million; Development percentage of total IT spending: $18%. Agency: Environmental Protection Agency; Total IT spending: $447.7 million; Development spending: $66.7 million; Development percentage of total IT spending: $15%. Agency: Department of Housing and Urban Development; Total IT spending: $293.6 million; Development spending: $148.7 million; Development percentage of total IT spending: $51%. Agency: Nuclear Regulatory Commission; Total IT spending: $152.4 million; Development spending: $22.2 million; Development percentage of total IT spending: 15%. Agency: U.S. Agency for International Development; Total IT spending: $125.8 million; Development spending: $27.4 million; Development percentage of total IT spending: $22%. Agency: Small Business Administration; Total IT spending: $115.2 million; Development spending: $38.4 million; Development percentage of total IT spending: 33%. Agency: National Archives and Records Administration; Total IT spending: $103.3 million; Development spending: $9.0 million; Development percentage of total IT spending: $9%. Agency: National Science Foundation; Total IT spending: $98.7 million; Development spending: $13.9 million; Development percentage of total IT spending: 14%. Agency: Office of Personnel Management; Total IT spending: $86.1 million; Development spending: $20.7 million; Development percentage of total IT spending: 24%. Agency: Smithsonian Institution; Total IT spending: $66.1; million Development spending: $2.1 million; Development percentage of total IT spending: 3%. Agency: Grand total; Total IT spending: $$76.496 billion; Development spending: $$17.918 billion; Development percentage of total IT spending: 23%. Source: GAO analysis of OMB data. [End of table] Further, in addition to including amounts to be spent on IT development and O&M, the budget also further specifies how the total $76 billion budgeted for IT is to be spent on agency IT investments by the following three categories: * those solely under development ($6 billion), * those involving activities and systems that are in both development and O&M--known as mixed life cycle ($40 billion), and: * those existing operational systems--commonly referred to by OMB as steady state investments--that are solely in O&M ($30 billion). OMB's Roles and Responsibilities for Overseeing IT Investments, Including Operations and Maintenance: To assist agencies in managing their investments, Congress enacted the Clinger-Cohen Act of 1996, which requires OMB to establish processes to analyze, track, and evaluate the risks and results of major capital investments in information systems made by federal agencies and report to Congress on the net program performance benefits achieved as a result of these investments.[Footnote 3] Further, the act places responsibility for managing investments with the heads of agencies and establishes chief information officers to advise and assist agency heads in carrying out this responsibility. In carrying out its responsibilities, OMB uses several data collection mechanisms to oversee federal IT spending during the annual budget formulation process. Specifically, OMB requires federal departments and agencies to provide information to it related to their IT investments (called exhibit 53s) and capital asset plans and business cases (called exhibit 300s).[Footnote 4] * Exhibit 53. The purpose of the exhibit 53 is to identify all IT investments--both major and nonmajor[Footnote 5]--and their associated costs within a federal organization. Information included on agency exhibit 53s is designed, in part, to help OMB better understand what agencies are spending on IT investments. The information also supports cost analyses prescribed by the Clinger-Cohen Act. As part of the annual budget, OMB publishes a report on IT spending for the federal government representing a compilation of exhibit 53 data submitted by agencies. * Exhibit 300. The purpose of the exhibit 300 is to provide a business case for each major IT investment and to allow OMB to monitor IT investments once they are funded. Agencies are required to provide information on each major investment's cost, schedule, and performance. In addition, in June 2009, to further improve the transparency into and oversight of agencies' IT investments, OMB publicly deployed a website, known as the Federal IT Dashboard (Dashboard), which replaced its Management Watch List and High-Risk List. As part of this effort, OMB issued guidance directing federal agencies to report, via the Dashboard, the performance of their IT investments. Currently, the Dashboard publicly displays information on the cost, schedule, and performance of major federal IT investments at key federal agencies. In addition, the Dashboard allows users to download exhibit 53 data, which include information on both major and nonmajor investments. According to OMB, these data are intended to provide a near real-time perspective of the performance of these investments, as well as a historical perspective. Further, the public display of these data is intended to allow OMB, other oversight bodies, and the general public to hold the government agencies accountable for results and progress. Since the Dashboard has been implemented, we have reported and made recommendations to improve the data accuracy and reliability. In 2010, 2011, and 2012, we reported on the progress of the Dashboard and made recommendations to further improve how it rates investments relative to current performance.[Footnote 6] OMB concurred with our recommendations and has actions planned and underway to address them. Further, OMB has developed guidance that calls for agencies to develop an OA policy for examining the ongoing performance of existing legacy IT investments to measure, among other things, that the investment is continuing to meet business and customer needs and is contributing to meeting the agency's strategic goals.[Footnote 7] This guidance calls for the policy to provide for an annual OA of each investment that addresses the following: cost, schedule, customer satisfaction, strategic and business results, financial goals, and innovation. To address these areas, the guidance specifies the following 17 key factors that are to be addressed: * assessment of current costs against life-cycle costs; * a structured schedule assessment (i.e., measuring the: * performance of the investment against its established schedule); * a structured assessment of performance goals (i.e., measuring the performance of the investment against established goals); * identification of whether the investment supports customer processes as designed and is delivering goods and services it was designed to deliver; * a measure of the effect the investment has on the performing organization itself; * a measure of how well the investment contributes to achieving the organization's business needs and strategic goals; * a comparison of current performance with a pre-established cost baseline and estimates; * areas for innovation in the areas of customer satisfaction, strategic and business results, and financial performance; * indication if the agency revisited alternative methods for achieving the same mission needs and strategic goals; * consideration of issues, such as greater utilization of technology or consolidation of investments to better meet organizational goals; * an ongoing review of the status of the risks identified in the investment's planning and acquisition phases; * identification of whether there is a need to redesign, modify, or terminate the investment; * an analysis on the need for improved methodology (i.e., better ways for the investment to meet cost and performance goals); * lessons learned; * cost or schedule variances; * recommendations to redesign or modify an asset in advance of potential problems; and: * overlap with other investments. With regard to overseeing the agencies' development of policies and annual performance, OMB officials responsible for governmentwide OA policy stated that they expect agencies to perform all the steps specified in the guidance and to be prepared to show documentation as evidence of compliance with the guidance. GAO Has Previously Reported on IT Investments in O&M: In October 2012 we reported on five agencies' use of OAs (during fiscal year 2011) and how they varied significantly.[Footnote 8] Specifically, of the five agencies, we found that three--namely, DOD, Treasury, and VA--did not perform analyses on their 23 major steady state investments with annual budgets totaling $2.1 billion. The other two agencies--DHS and HHS--performed analyses but did not do so for all investments. For example, DHS analyzed 16 of its 44 steady state investments, meaning 28 investments with annual budgets totaling $1 billion were not analyzed; HHS analyzed 7 of its 8 steady state investments, thus omitting a single investment totaling $77 million from being assessed. We also found that of those OAs performed by these two agencies, none fully addressed all the key factors. Specifically, our analysis showed that only about half of the key factors were addressed in these assessments. Consequently, we recommended, among other things, that the agencies conduct annual OAs and in doing, ensure they are performed for all investments and that all factors are fully assessed. To ensure this is done and to provide transparency into the results of these analyses, we also recommended that OMB revise its guidance to include directing agencies to post the results on the Dashboard. OMB and the five agencies agreed with our recommendations and have efforts planned and underway to address them. In particular, OMB issued guidance (dated August 2012) to the agencies directing them to report OA results along with their fiscal year 2014 budget submission documentation (e.g., exhibit 300) to OMB. According to OMB officials, they are currently establishing a process on how agencies are to provide the information to OMB which they plan to have in place over the next 6 months. As part of this, OMB is defining a process for what they plan to do with the information once they receive it. Further, we recently reported[Footnote 9] that actions are needed within the federal government to reduce fragmentations, overlap, and duplication among federal programs and activities. These actions include improving the management oversight of federal IT investments in operations and maintenance. Specifically, to avoid wasteful or duplicative investments in operations and maintenance, we recommended that agencies analyze all information technology investments annually and report the results of their analyses to OMB. These actions could help agencies achieve cost savings by strengthening the oversight of their existing information technology investments in operations and maintenance, resulting in the potential for billions of dollars in savings. The 10 O&M IT Investments with the Largest Budgets Support Agencies in a Variety of Ways and Represent a Significant Part of Overall Federal IT O&M Funding: The 10 federal IT O&M investments with the largest budgets, identified during our review, support agencies in a variety of ways such as: * providing worldwide telecommunications infrastructure and information transport for DOD operations; * enabling HHS to conduct research, award grants, and disseminate biomedical research and health information to the public and National Institutes of Health stakeholders; and: * providing SSA the capability to maintain demographic, wage, and benefit information on all American citizens. Including ensuring the availability, changeability, stability, and security of SSA's IT operations for the entire agency. * These investments are operated by eight agencies, such as the Department of Energy (DOE), the National Aeronautics and Space Administration (NASA), and Social Security Administration (SSA). In total, the investments accounted for about $7.9 billion in O&M spending for fiscal year 2012, which was approximately 14 percent of all such spending for federal IT O&M. The following table identifies the 10 investments and describes the agency responsible for each investment, the amount budgeted for O&M and development for fiscal year 2012, investment type, and how each investment supports the organization's mission. Table 3: 10 Largest O&M Investments, Responsible Department and Agency, Amount Budgeted for O&M and Development for fiscal year 2012, Investment Type, and How Investment Supports Mission: Investment: Defense Information System Network; Responsible department/agency or office: DOD/Defense Information Systems Agency; Investment O&M FY12 budget: $1.813 billion; Investment development FY12 budget: $113 million; Investment type: Mixed; How investment supports mission: Is to enable the consolidated worldwide telecommunications infrastructure and information transport for DOD operations. Investment: Next Generation Enterprise Network; Responsible department/agency or office: DOD/Navy; Investment O&M FY12 budget: $1.394 billion; Investment development FY12 budget: $202 million; Investment type: Mixed; How investment supports mission: Is to provide secure net-centric data and services to Navy and Marine Corps personnel, and forms the foundation for the Navy's future Naval Network Environment. Investment: Consolidated Infrastructure, Office Automation, and Telecommunications Program; Responsible department/agency or office: DOE/Office of the Chief Information Officer; Investment O&M FY12 budget: $909 million; Investment development FY12 budget: $59 million; Investment type: Mixed; How investment supports mission: Is to allow access to modern, reliable, and secure IT infrastructure to support and enhance the DOE's business processes, strategic priorities, and IT vision. Investment: National Institutes of Health IT Infrastructure; Responsible department/agency or office: HHS/National Institutes of Health; Investment O&M FY12 budget: $358 million; Investment development FY12 budget: $13 million; Investment type: Mixed; How investment supports mission: Is to enable the department to conduct research, award grants, and disseminate biomedical research and health information to the public and National Institutes of Health stakeholders. Investment: Customs and Border Protection Infrastructure; Responsible department/agency or office: DHS/Customs and Border Protection; Investment O&M FY12 budget: $529 million; Investment development FY12 budget: $0; Investment type: Steady state; How investment supports mission: Is to provide the backbone support for all of Customs and Border Protection systems. Investment: Internal Revenue Service Main Frames and Servers Services and Support; Responsible department/agency or office: Treasury/Internal Revenue Service; Investment O&M FY12 budget: $482 million; Investment development FY12 budget: $0; Investment type: Steady state; How investment supports mission: Is to enable for the design, development, and deployment of server, middleware, and large systems and enterprise storage infrastructures. Investment: Medical IT Support; Responsible department/agency or office: VA; Investment O&M FY12 budget: $1.053 billion; Investment development FY12 budget: $0; Investment type: Steady state; How investment supports mission: Is to provide the critical IT infrastructure and systems necessary for the delivery of health care and services to veterans. Investment: Enterprise IT Support; Responsible department/agency or office: VA; Investment O&M FY12 budget: $665 million; Investment development FY12 budget: $3 million; Investment type: Mixed; How investment supports mission: Is to support the mission of the Department by integrating, managing, and sustaining critical IT infrastructure and systems necessary for the delivery of services. Investment: National Aeronautics and Space Administration IT Infrastructure; Responsible department/agency or office: NASA/Office of the Chief Information Officer; Investment O&M FY12 budget: $458 million; Investment development FY12 budget: $1 million; Investment type: Mixed; How investment supports mission: Is to allow institutional capabilities to conduct aeronautic and space activities, including ensuring vital assets are ready, available, and appropriately sized to conduct its missions. Investment: Infrastructure Data Center; Responsible department/agency or office: SSA/Office of the Chief Information Officer; Investment O&M FY12 budget: $272 million; Investment development FY12 budget: $153 million; Investment type: Mixed; How investment supports mission: Is to maintain demographic, wage, and benefit information on all American citizens; more specifically, the objective of the investment is to ensure the availability, changeability, stability, and security of SSA's IT operations for the entire agency. Investment: Total; Investment O&M FY12 budget: $7.9 billion; Investment development FY12 budget: $544 million. Source: GAO analysis of OMB data and agency documentation. [End of table] Most of the Largest O&M IT Investments Did Not Undergo Operational Analyses: Although required to do so, seven of the eight agencies did not conduct OAs on their largest O&M investments. Specifically, of the 10 O&M IT investments (with the largest budgets) we reviewed, only one agency--DHS--conducted an analysis on its investment. In doing so, the department addressed most of the required OMB factors. However, the other seven agencies--DOD, DOE, HHS, Treasury, VA, NASA, and SSA--did not conduct OAs on their O&M investments, which have combined annual O&M budgets of $7.4 billion. The following table lists the 10 investments and whether an analysis was completed for fiscal year 2012. Further, it provides the total O&M amount for the investment that had an OA and for the investments that did not have one--$529 million and $7.4 billion, respectively. Table 4: 10 Largest IT O&M Investments, Whether They Underwent an OA, and Their fiscal year 2012 O&M Cost (in millions): Investment: Defense Information System Network; Completed OA for fiscal year 2012: No; Total O&M budget of investments with OA conducted: [Empty]; Total O&M budget of investments with OA not conducted: $1.813 billion. Investment: Next Generation Enterprise Network; Completed OA for fiscal year 2012: No; Total O&M budget of investments with OA conducted: [Empty]; Total O&M budget of investments with OA not conducted: $1.394 billion. Investment: Consolidated Infrastructure, Office Automation, and Telecommunications Program; Completed OA for fiscal year 2012: No; Total O&M budget of investments with OA conducted: [Empty]; Total O&M budget of investments with OA not conducted$ 909 million. Investment: National Institutes of Health IT Infrastructure; Completed OA for fiscal year 2012: No; Total O&M budget of investments with OA conducted: [Empty]; Total O&M budget of investments with OA not conducted: $358 million. Investment: Customs and Border Protection Infrastructure; Completed OA for fiscal year 2012: Yes; Total O&M budget of investments with OA conducted: $529 million; Total O&M budget of investments with OA not conducted: [Empty]. Investment: Internal Revenue Service Main Frames and Servers Services and Support; Completed OA for fiscal year 2012: No; Total O&M budget of investments with OA conducted: [Empty]; Total O&M budget of investments with OA not conducted: $482 million. Investment: Medical IT Support; Completed OA for fiscal year 2012: No; Total O&M budget of investments with OA conducted: [Empty]; Total O&M budget of investments with OA not conducted: $1.053 billion. Investment: Enterprise IT Support; Completed OA for fiscal year 2012: No; Total O&M budget of investments with OA conducted: [Empty]; Total O&M budget of investments with OA not conducted: $665 million. Investment: NASA IT Infrastructure; Completed OA for fiscal year 2012: No; Total O&M budget of investments with OA conducted: [Empty]; Total O&M budget of investments with OA not conducted: $458 million. Investment: Infrastructure Data Center; Completed OA for fiscal year 2012: No; Total O&M budget of investments with OA conducted: [Empty]; Total O&M budget of investments with OA not conducted: $272 million. Investment: Total; Total O&M budget of investments with OA conducted: $529 million; Total O&M budget of investments with OA not conducted: $7.4 billion. Source: GAO analysis of agency documentation. [End of table] With regard to the OA DHS performed on its investment (the Customs and Border Protection Infrastructure), the department addressed 14 of the 17 OMB factors. For example, in addressing the factor on assessing performance goals, DHS made efforts to consolidate software licenses and maintenance in order to eliminate redundancy and reduce costs associated with software licenses and maintenance. Although DHS addressed these factors, it excluded 3 factors. Specifically, the department did not (1) assess current costs against life-cycle costs, (2) perform a structured schedule assessment, and (3) compare current performance against cost baseline and estimates developed when the investment was being planned. These factors are important because, among other things, they provide information to agency decision makers on whether an investment's actual annual O&M costs are as they were planned to be and whether there is a need to examine more cost effective approaches to meeting agency mission objectives. Table 5 shows our analysis of DHS's assessment of its Customs and Border Protection Infrastructure investment. Table 5 Customs and Border Protection Infrastructure: Analysis of Extent to Which Investment's Fiscal Year 2012 OA Addressed OMB Factors: Key factor: 1. Assesses current costs against life-cycle cost; Yes or no: No. Key factor: 2. Includes a structured schedule assessment; Yes or no: No. Key factor: 3. Includes a structured assessment of performance goals; Yes or no: Yes. Key factor: 4. Identifies whether the investment supports customer processes as designed and is delivering the goods and services it was designed to deliver; Yes or no: Yes. Key factor: 5. Measures the effect the investment has on the performing organization itself; Yes or no: Yes. Key factor: 6. Includes a measure of how well the investment contributes to achieving the organization's business needs and strategic goals; Yes or no: Yes. Key factor: 7. Compares current performance with a pre-established cost baseline and estimates; Yes or no: No. Key factor: 8. Identifies any areas for innovation in the areas of customer satisfaction, strategic and business results, and financial performance; Yes or no: Yes. Key factor: 9. Identifies if the agency revisited alternative methods for achieving the same mission needs and strategic goals; Yes or no: Yes. Key factor: 10. Addresses issues such as greater utilization of technology or consolidation of investments to better meet organizational goals; Yes or no: Yes. Key factor: 11. Includes an ongoing review of the status of the risks identified in the investment's planning and acquisition phases; Yes or no: Yes. Key factor: 12. Identifies a need to redesign, modify, or terminate the investment; Yes or no: Yes. Key factor: 13. Includes an analysis on the need for improved methodology (i.e., better ways for the investment to meet cost and performance goals); Yes or no: Yes. Key factor: 14. Identifies any lessons learned; Yes or no: Yes. Key factor: 15. Identifies if the investment had a cost or schedule variance; Yes or no: Yes. Key factor: 16. Identifies recommendations to redesign or modify an asset before it becomes a problem; Yes or no: Yes. Key factor: 17. Includes information on the overlap of the investment with other systems; Yes or no: Yes. Key: Yes: fully addressed the factor; No: did not address the factor. Source: GAO analysis of DHS data. [End of table] With regard to why DHS's analyses did not address all OMB factors, officials from the DHS Office of the Chief Information Officer (who are responsible for overseeing the performance of OAs departmentwide) attributed this to the department still being in the process of updating their Management Directive 102-01 and its related guidance, which will provide additional instructions for completing OAs. As part of this update, department officials told us they plan to provide additional guidance on conducting OAs for programs once they have achieved full operational capability. The department expects the guidance to be completed in calendar year 2014. Further, according to DHS, once completed, this guidance will complement existing program review processes--referred to by DHS as program health assessments-- that requires all major IT investments, in support or mixed lifecycle phases, to complete an OA every 12 months. The other seven agencies attributed not performing OAs on these investments to several factors, including relying on other management and performance reviews--such as those used as part of developing their annual exhibit 300 submissions to OMB--although OMB has stated that these reviews are not to be a substitute for conducting annual analyses. The specific reasons cited by each agency are as follows: * DOD: Officials from DOD's Defense Information Systems Agency stated that they did not conduct an OA for the Defense Information Systems Network due to the fact that the investment undergoes constant oversight through weekly meetings to review issues such as the project status and accomplishments. Further, they said that the program manager exercises cost, schedule, and performance oversight using earned value management techniques. In addition, they stated that monthly reviews of actual versus planned spending are collected to flag any discrepancies from expected cost and schedule objectives. While these reviews are important steps to monitoring performance management, OMB states such ongoing efforts to manage investment performance are not a substitute for conducting an annual OA. According to the OMB guidance, OAs are to be conducted for all existing IT investments to ensure that, among other things, an investment is continuing to meet business and customer needs and is contributing to meeting the agency's strategic goals. With regard to the Next Generation Enterprise Network, officials from the Navy who manage and oversee this investment stated an OA was not performed due to it going through a transition from a mature fielded system to a new service delivery model, which will become operational in 2014. Nonetheless, OMB guidance calls for agencies to also conduct annual analyses on all existing IT investments as part of ensuring that such investments continue to deliver value and support mission needs. * DOE: Officials from the Office of the Chief Information Officer stated that an OA was not conducted on its Consolidated Infrastructure, Office Automation, and Telecommunications Program investment because in the summer of 2012 they began to separate it into smaller, more manageable pieces--referred to by these agency officials as deconsolidation--to better provide insight into the departmentwide infrastructure. In addition, to gain further insight into the infrastructure spending, the DOE Chief Information Officer led an in-depth analysis in collaboration with senior IT executives, which included a commodity IT TechStat review in the fall of 2011, and a commodity IT PortfolioStat review in the fall of 2012. While these latter reviews are helpful in monitoring performance, our analysis shows that they do not fully address all 17 OMB factors. Specifically, the reviews do not address, among other things, factors in the areas of customer satisfaction, strategic and business results, and financial performance. Addressing these factors is important because it provides information to agency decision makers on whether the investment supports customer processes and is delivering the goods and services it was designed to deliver. * HHS: According to officials from the department's National Institutes of Health, the National Institutes of Health IT Infrastructure investment, which had an annual budget of $371 million for fiscal year 2012, did not undergo an OA because this investment is an aggregation of all the components' infrastructure and not a particular system or set of systems suited for this kind of macro analysis. In addition, they noted that National Institutes of Health does monitor the operational performance of its IT infrastructure and conducts a more strategic analysis of services within its IT infrastructure to evaluate the operational effectiveness at a strategic level. While these types of performance monitoring efforts are important, OMB guidance nonetheless calls for agencies to also conduct annual analyses on all existing IT investments as part of ensuring that such investments continue to deliver value and support mission needs. * Treasury: Officials from the department's IT Capital Planning and Investment Control branch (within the office of Treasury's Chief Information Officer) noted that its Internal Revenue Service Main Frames and Servers Services and Support investment, which had a budget of $482 million for fiscal year 2012, was deconsolidated in fiscal year 2011 to allow for greater visibility into the infrastructure and that it is currently undergoing an OA but were not able to provide documentation at the time of our work. * VA: Officials from VA's Office of Information and Technology said an OA was not conducted on its Medical IT Support or Enterprise IT Support investments because performance is currently being reported monthly via the Federal IT Dashboard and internally through monthly performance reviews. The officials added that the department plans to develop a policy and begin conducting OAs on investments. However, VA has not yet determined when these analyses will be completed. * NASA: Officials from NASA's Office of the Chief Information Officer stated while they did not conduct a formal OA on the NASA IT Infrastructure investment, they did review the performance of the investment using monthly performance status reviews and bimonthly service delivery transition status updates. The officials noted that these reviews address financial performance, schedule, transformation initiatives, risks, customer satisfaction, performance metrics, and business results. According to officials, the investment underwent a service delivery transition status update and a performance status review in May 2012. While these NASA reviews are essential IT management tools, they do not incorporate all 17 OMB factors. For example, the reviews do not address, among other things, innovation and whether the investment overlapped with other systems. Fully addressing the OMB factors is essential to ensuring investments continue to deliver value and do not unnecessarily duplicate or overlap with other investments. * SSA: According to officials from SSA's Office of the Chief Information Officer, SSA's Infrastructure Data Center investment did not undergo an analysis because it has significant development content and therefore an earned value analysis was conducted, which is called for by SSA guidance for mixed life-cycle investments. Officials stated they generally perform either an earned value analysis or OA, as applicable to the investment. While earned value management analyses are important to evaluating investment performance, OMB guidance nonetheless calls for agencies to also conduct annual OAs on all existing IT investments as part of ensuring that such investments continue to deliver value and support mission needs. Until the agencies address these shortcomings and ensure all their O&M investments are fully assessed, there is increased risk that these agencies will not know whether these multibillion dollar investments fully meet intended objectives, including whether there are more efficient ways to deliver their intended purpose, therefore increasing the potential for waste and duplication. Majority of Agencies' Investments Were Mixed Life Cycle and Use of O&M Funds for Development Activities Was Limited: For the eight selected agencies, the majority of their 401 major IT investments--totaling $29 billion--were in the mixed life-cycle phase in both spending and number of investments. Specifically, of the $29 billion, our analysis, as shown in figure 2, found that: * mixed life-cycle investments accounted for approximately $18 billion, or 61 percent; * steady state investments accounted for approximately $8 billion, or 27 percent; and: * development investments accounted for approximately $3 billion, or 12 percent. Figure 2: Major IT Investments for Fiscal Year 2012 by Reported Spending (billions): [Refer to PDF for image: pie-chart] Development: $3 billion; 12%; Steady state: $8 billion; 27%; Mixed: $18 billion; 61%. Source: GAO analysis of OMB and agency data. [End of figure] With regard to the number of investments by phase, our analysis, as shown in figure 3, found that of the total 401 investments: * 193, or 48 percent, were in the mixed life-cycle phase, * 139, or 35 percent, were in the steady state phase, and: * 69 or 17 percent, were in the development phase. Figure 3: Major IT Investments for Fiscal Year 2012 by Total Number of Investments in Each Phase (Development, Steady State, or Mixed Life Cycle): [Refer to PDF for image: pie-chart] Development: 69; 17%; Steady state: 139; 35%; Mixed: 193; 48%. Source: GAO analysis of OMB and agency data. [End of figure] On an individual agency basis, table 6 provides the total amount each agency reportedly spent on IT. It also shows of how each agency allocates this total by development, mixed life cycle, or steady state investments. Further for the mixed investments, it shows the amounts for O&M and development. Table 6: Fiscal Year 2012 Selected Major IT Investments Reported Spending Summary (in millions): Agency: DOD; Total IT spending: $12.712 billion; Development only: Development spending only: $2.355 billion (19%); Mixed life cycle: Mixed spending: $9.772 billion (77%); Mixed breakdown: Development: $4.222 billion; O&M: $5.550 billion; Steady state: Steady state spending: $585 million (5%). Agency: DHS; Total IT spending: $4.391 billion; Development only: Development spending only: $345 million (8%); Mixed life cycle: Mixed spending: $1.520 billion (35%); Mixed breakdown: Development: $699 million; O&M: $821 million; Steady state: Steady state spending: $2.526 billion (58%). Agency: HHS; Total IT spending: $3.004 billion; Development only: Development spending only: $230 million (8%); Mixed life cycle: Mixed spending: $1.552 billion (52%); Mixed breakdown: Development: $438 million; O&M: $1.113 billion; Steady state: Steady state spending: $1.222 billion (41%). Agency: VA; Total IT spending: $2.889 billion; Development only: Development spending only: $31 million (1%); Mixed life cycle: Mixed spending: $1.467 billion (51%); Mixed breakdown: Development: $593 million; O&M: $874 million; Steady state: Steady state spending: $1.391 billion (48%). Agency: Treasury; Total IT spending: $2.426 billion; Development only: Development spending only: $247 million (10%); Mixed life cycle: Mixed spending: $953 million (39%); Mixed breakdown: Development: $320 million; O&M: $633 million; Steady state: Steady state spending: $1.226 billion (51%). Agency: SSA; Total IT spending: $1.127 billion; Development only: Development spending only: $118 million (10%); Mixed life cycle: Mixed spending: $993 million (88%); Mixed breakdown: Development: $349 million; O&M: $644 million; Steady state: Steady state spending: $16 (1%). Agency: NASA; Total IT spending: $962 million; Development only: Development spending only: [Empty]; Mixed life cycle: Mixed spending: $459 million (48%); Mixed breakdown: Development: $1 million; O&M: $458 million; Steady state: Steady state spending: $503 (52%). Agency: DOE; Total IT spending: $1.510 billion; Development only: Development spending only: $120 million (8%); Mixed life cycle: Mixed spending: $1.0 billion (66%); Mixed breakdown: Development: $65 million; O&M: $935 million; Steady state: Steady state spending: $390 (26%). Agency: Total; Total IT spending: $29.021 billion; Development only: Development spending only: $3.446 billion (12%); Mixed life cycle: Mixed spending: $17.715 billion (61%); Mixed breakdown: Development: $6.687 billion; O&M: $11.028 billion; Steady state: Steady state spending: $7.859 billion (27%). Source: GAO analysis of OMB and agency data. Note: Due to rounding, numbers may not add up to total numbers. [End of table] Further, the following table provides for each of the eight agencies, their total number of investments and of that total, the number of investments in development, mixed life cycle, and steady state. Table 7: Fiscal Year 2012 Selected Major IT Investments Summary: Agency: DOD; Total Number of: investments: 93; Development phase: Number of investments: in development: 21 (23%); O&M phase: Mixed: Number of investments in mixed life cycle: 59 (63%); Steady state: Number of investments in steady state: 13 (14%). Agency: DHS; Total Number of: investments: 91; Development phase: Number of investments: in development: 14 (15%); O&M phase: Mixed: Number of investments in mixed life cycle: 28 (31%); Steady state: Number of investments in steady state: 49 (54%). Agency: HHS; Total Number of: investments: 92; Development phase: Number of investments: in development: 16 (17%); O&M phase: Mixed: Number of investments in mixed life cycle: 40 (43%); Steady state: Number of investments in steady state: 36 (39%). Agency: VA; Total Number of: investments: 25; Development phase: Number of investments: in development: 5 (20%); O&M phase: Mixed: Number of investments in mixed life cycle: 16 (64%); Steady state: Number of investments in steady state: 4 (16%). Agency: Treasury; Total Number of: investments: 53; Development phase: Number of investments: in development: 6 (11%); O&M phase: Mixed: Number of investments in mixed life cycle: 34 (64%); Steady state: Number of investments in steady state: 13 (25%). Agency: SSA; Total Number of: investments: 16; Development phase: Number of investments: in development: 4 (25%); O&M phase: Mixed: Number of investments in mixed life cycle: 11 (69%); Steady state: Number of investments in steady state: 1 (6%). Agency: NASA; Total Number of: investments: 11; Development phase: Number of investments: in development: [Empty]; O&M phase: Mixed: Number of investments in mixed life cycle: 1 (9%); Steady state: Number of investments in steady state: 10 (91%). Agency: DOE; Total Number of: investments: 20; Development phase: Number of investments: in development: 3 (15%); O&M phase: Mixed: Number of investments in mixed life cycle: 4 (20%); Steady state: Number of investments in steady state: 13 (65%). Agency: Total; Total Number of: investments: 401; Development phase: Number of investments: in development: 69 (17%); O&M phase: Mixed: Number of investments in mixed life cycle: 193 (48%); Steady state: Number of investments in steady state: 139 (35%). Source: GAO analysis of OMB and agency data. Note: Due to rounding, numbers may not add up to total numbers. [End of table] The implications of the above analyses--especially the results in table 6 that show mixed investments having significant amounts of funding for both development and O&M activities--are noteworthy, particularly as it relates to the oversight of such investments. More specifically, overseeing these investments will involve a set of IT management capabilities for those portions of the investment that are operational and a different set of IT management capabilities for those portions that are still under development. In the case of those portions that are operational, this will include agencies having the capability to perform thorough OAs, the importance of which is discussed earlier in this report. For those portions still under development, OMB guidance[Footnote 10] and our best practices research and experience at federal agencies [Footnote 11] show such effective oversight will involve agencies having structures and processes--commonly referred to as IT governance and program management disciplines--that include: * instituting an investment review board to define and establish the management structure and processes for selecting, controlling, and evaluating IT investments; * ensuring that a well-defined and disciplined process is used to select new IT proposals; and: * overseeing the progress of IT investments--using predefined criteria and checkpoints--in meeting cost, schedule, risk, and benefit expectations and to take corrective action when these expectations are not being met. Having these disciplines are important because they help agencies, among other things, ensure such investments are supporting strategic mission needs and meeting cost, schedule, and performance expectations. However, our experience at federal agencies has shown that agencies have not yet fully established effective governance and program management capabilities essential to managing IT investments. For example, we reported in April 2011 that many agencies did not have the mechanisms in place for investment review boards to effectively control their investments.[Footnote 12] More specifically, we reported that while these agencies largely had established IT investment management boards, these boards did not have key policies and procedures in place for ensuring that projects are meeting cost, schedule, and performance expectations. In addition, our experience at federal agencies, along with the results from this audit, has found that agencies do not consistently conduct OAs. Specifically, as noted in the background, we reported in 2012 on five agencies' use of them and how they varied significantly. [Footnote 13] Of the five agencies, we found that three--namely, DOD, Treasury, and VA--did not perform analyses on 23 major steady state investments with annual budgets totaling $2.1 billion. The other two agencies--DHS and HHS--performed them but did not do so for all investments. Accordingly, we have made recommendations to these agencies to improve their use of OAs and fully implement effective governance and program management capabilities. They have in large part agreed to our recommendations and have efforts underway and planned to implement them. Regarding the use of O&M funds for development efforts, the eight agencies we reviewed did not, in large part, reprogram or reallocate O&M funds for use on development activities during the period reviewed (fiscal year 2012). Specifically, six of the agencies reported they did not reprogram IT O&M funds to be used on development activities and we identified no evidence to the contrary; two agencies--Treasury and VA--reported they did so in two instances. With regard to Treasury, the department--on its CADE 2 investment which has a total O&M budget of $40 million--reallocated a total of $10,000 to fund development activities planned for the investment. According to Treasury documentation, the cost of the investment's operations and maintenance came in under budget by $10,000 so the department reallocated the funds to be used on new CADE 2 development efforts. Treasury reported this reallocation was discussed and approved by the Internal Revenue Service's investment review board (the Internal Revenue Service is responsible for overseeing CADE 2) during its monthly executive steering meetings held during fiscal year 2012. With regard to VA, it reprogrammed a total of $13.3 million from O&M to development on investments within an investment category which VA referred to as a portfolio. Specifically, during fiscal year 2012, the department reprogrammed $13.3 million from an O&M investment within its Medical Portfolio to investments under development within the portfolio requiring additional funding. This reprogramming of funds was approved by the Secretary of Veterans Affairs in June 2012. Conclusions: The 10 largest federal O&M IT investments represent a significant part of the federal government's multibillion dollar commitment to operating and maintaining its IT investments. Although OMB has established that agencies are to use OAs to evaluate the performance of such investments, their use by the agencies on these investments was very limited. DHS was the only agency to perform such an assessment and in doing so largely addressed the required OMB factors. While Treasury and VA had planned to perform analyses, they had not done so. Further, DOD, DOE, HHS, NASA, and SSA had not intended to perform these analyses on their large O&M investments. This limited use of OAs is due in part to a number of factors, including agencies relying on other types of performance oversight reviews that can be helpful but are not intended to be a substitute for these assessments. Until these agencies address these shortcomings and ensure all their large O&M investments are fully assessed, there is increased risk that these agencies will not know whether these multibillion dollar investments fully meet intended objectives, including whether there are more efficient ways to deliver their intended purpose. Recommendations for Executive Action: To ensure that the largest IT O&M investments are being adequately analyzed, we recommend that the: * Secretary of Defense direct appropriate officials to perform OAs on the two investments identified in this report, including ensuring the analyses include all OMB factors; * Secretary of Energy direct appropriate officials to perform an OA on the investment identified in this report, including ensuring the analysis includes all OMB factors; * Secretary of Health and Human Services direct appropriate officials to perform an OA on the investment identified in this report, including ensuring the analysis includes all OMB factors; * Secretary of Treasury direct appropriate officials to perform an OA on the investment identified in this report, including ensuring the analysis include all OMB factors; * Secretary of Veterans Affairs direct appropriate officials to perform OAs on the two investments identified in this report, including ensuring the analyses include all OMB factors; * NASA Administrator direct appropriate officials to perform an OA on the investment identified in this report, including ensuring the analysis includes all OMB factors; and: * Commissioner of Social Security direct appropriate officials to perform an OA on the investment identified in this report, including ensuring the analysis includes all OMB factors. In addition, we recommend that the Secretary of Homeland Security direct appropriate officials to ensure the department's OA for the Customs and Border Protection Infrastructure is complete and assesses missing OMB factors identified in this report. Agency Comments and Our Evaluation: In commenting on a draft of this report, four agencies--DHS, NASA, SSA, and VA--agreed with our recommendations; two agencies--DOD and DOE--partially agreed; and two agencies--HHS and Treasury--had no comments. The specific comments from the four agencies that agreed are as follows: * DHS in its written comments, which are reprinted in appendix II, stated that it concurred with our findings and recommendation. It also commented that DHS's Office of the Chief Information Officer and the Office of Information Technology within Customs and Border Protection (the DHS component agency responsible for the Customs and Border Protection Infrastructure investment) are to work closely to ensure future OAs conducted on the investment fully address the OMB assessment factors. * NASA, in its written comments--which are reprinted in appendix III-- stated it concurred with our recommendation. NASA also stated that it planned to conduct an OA on its NASA IT Infrastructure investment in April 2014 that is to include all OMB factors. * In its written comments, SSA stated it agreed with our recommendation. It also stated that since 2008, SSA has had a process to perform OAs on investments that were solely in O&M and that it recently expanded the process to include mixed life cycle IT investments that have significant systems in O&M. SSA further commented that it was in the process of performing OAs on the SSA mixed life cycle investment identified in our report and other similar agency investments, with the goal of completing these analyses by September 30, 2013. SSA's comments are reprinted in appendix IV. * VA, in its written comments, stated it agreed with our conclusions and concurred with our recommendation. It also said that it had scheduled OAs for the two investments identified in our report to begin in the second half of fiscal year 2014. VA's comments are reprinted in appendix V. The specific comments of the two agencies that partially agreed are as follows: * DOD, in its written comments, stated that it partially concurred with our recommendation. Specifically, DOD said it agreed with our recommendation that its OAs should address all OMB assessment factors and said it is establishing an OA policy in coordination with OMB. The department further agreed with our recommendation that it perform an OA on its Defense Information System Network investment. The department disagreed with our recommendation to perform an OA on its Next Generation Enterprise Network investment stating the investment is no longer in O&M and such investments, per OMB policy, do not require an OA. More specifically, as noted earlier in this report, DOD is transitioning the investment from a mature fielded system to a new service delivery model, which will become operational in 2014, and has moved the entire investment back into planning and acquisition. Nonetheless, consistent with our recommendation and as required by OMB policy, DOD plans to conduct an OA on this investment once the department begins to make it operational in 2014. DOD's comments are reprinted in appendix VI. * In its written comments--which are reprinted in appendix VII--DOE commented that it partially concurred with our recommendation. DOE stated it was not required to perform an OA on the Consolidated Infrastructure, Office Automation, and Telecommunications Program because the investment no longer exists. Specifically, DOE said it decided in 2012 to separate this large investment into smaller, more manageable pieces--referred to by DOE as deconsolidation--to better provide insight into its departmentwide infrastructure, and that since the investment no longer exists, there is no reason to perform an OA on it. Nonetheless, consistent with our recommendation, DOE added that it will ensure that OAs are conducted on the O&M components of all current major IT investments in DOE's IT portfolio. DOE stated that it had already performed OAs on applicable operational components that used to comprise the Consolidated Infrastructure, Office Automation, and Telecommunications Program. For example, DOE commented that one of the investments created during deconsolidation--called Consolidated Infrastructure--had already undergone an OA most recently in August 2013. While DOE reported this progress in its comments to us, it did not provide us with documentation to support that this OA had been performed and whether it addressed all the OMB assessment factors. Consequently, we are revising our recommendation to DOE that it ensure OAs are performed on the applicable operational components that used to comprise the Consolidated Infrastructure, Office Automation, and Telecommunications Program, including the newly created Consolidated Infrastructure investment. With regard to HHS and Treasury, * HHS, in comments provided via e-mail from its GAO Intake Coordinator within the Office of the Assistant Secretary for Legislation, stated that it did not have any general comments on this report, and: * Treasury in its written response said it had no comments on our report; the department's comments are reprinted in appendix VIII. DHS and HHS also provided technical comments, which we incorporated as appropriate. We are sending copies of this report to interested congressional committees; the Secretaries of the Departments of Defense, Energy, Health and Human Services, Homeland Security, Treasury, and Veterans Affairs; the Administrator of the National Aeronautics and Space Administration; and the Commissioner of the Social Security Administration. This report will also be available at no charge on our website at '[hyperlink, http://www.gao.gov]. If you or your staffs have any questions on matters discussed in this report, please contact me at (202) 512-9286 or pownerd@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in appendix IX. Signed by: David A. Powner: Director: Information Technology Management Issues: List of Requesters: The Honorable Thomas R. Carper: Chairman: The Honorable Tom Coburn, M.D. Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Claire McCaskill: Chairman: Subcommittee on Financial and Contracting Oversight: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Susan M. Collins: United States Senate: [End of section] Appendix I: Objectives, Scope, Methodology: Our objectives were to (1) identify the federal IT O&M investments with the largest budgets, including their responsible agencies and how each investment supports its agency's mission; (2) determine the extent to which these investments have undergone OAs; and (3) assess whether the responsible agency's major IT investments are in development, mixed life cycle, or steady state, and the extent to which funding for investments in O&M have been used to finance investments in development. To identify those federal IT O&M investments with the largest budgets, we used data reported to the Office of Management and Budget (OMB) as part of the budget process, and focused on the 10 largest reported budgets in O&M and the responsible eight agencies (the Departments of Defense, Energy, Homeland Security, Health and Human Services, the Treasury, and Veteran Affairs; and the National Aeronautics and Space Administration and Social Security Administration) that operate these investments. In addition, to determine how these 10 investments support their agencies' missions, we reviewed OMB and agency documentation (e.g., exhibit 300s, exhibit 53s) and interviewed agency officials. To determine the extent to which OAs were conducted to manage these investments in accordance with OMB guidance, we analyzed agency documentation and interviewed responsible agency officials to determine whether any operational analyses had been performed on these 10 investments during fiscal year 2012 because it was the last full year for completing OAs. In those cases where an OA had been performed, we compared it against OMB guidance on conducting them, including the 17 factors that are to be addressed as part of such assessments, to identify any variances.[Footnote 14] Where there were variances, we reviewed agency documentation and interviewed agency officials responsible for the OA to identify the cause of their occurrence. In those instances where an analysis was not performed, we reviewed documentation and interviewed agency officials to identify why it was not done. To assess whether each of the eight agency's major IT investments are in development, mixed life cycle, or steady state, we analyzed agencies' reported spending data provided to OMB as part of the budget process to determine what phase the majority of the investments were in and where the majority of funds were invested (i.e., development, mixed, or steady state). To assess the reliability of the data we analyzed, we corroborated them by interviewing investment and other agency officials to determine whether the OMB information we used was consistent with that reported by the agencies; based on this assessment, we determined the data were reliable for the purposes of this report. Further, to assess the extent to which these and other agency IT O&M investments involve development activities, we analyzed agency data and evaluated whether the eight agencies were using their O&M funds for development activities (i.e., through the reprogramming or reallocation of funds). Specifically, we compared what agencies planned to spend on development and O&M with what was reported to have been spent to identify any variances that indicated O&M funds were reprogrammed and used for development activities. In addition, we reviewed agencies' documentation to determine if agencies had any processes in place to manage investments transitioning from development to O&M. Lastly, we reviewed agency documentation and interviewed agency IT budget and investment officials to verify whether any reprogramming occurred, its causes, and the extent of which any reprogramming was subject to management oversight. We conducted this performance audit from December 2012 to October 2013 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. [End of section] Appendix II: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, DC 20528: October 22,2013: David A. Powner: Director, Information Technology Management Issues: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Re: Draft Report GAO-13-823, "Information Technology: Agencies Need to Strengthen Oversight of Multibillion Dollar Investments in Operations and Maintenance" Dear Mr. Powner: Thank you for the opportunity to review and comment on this draft report. The U.S. Department of Homeland Security (DHS) appreciates the U.S. Government Accountability Office's (GAO's) work in planning and conducting its review and issuing this report. The Department is pleased to note GAO's positive recognition that, out of 10 federal Information Technology investments with the largest budgets in operations and maintenance (O&M) reviewed; only DHS conducted an operational analysis (OA) on its investment. In addition, GAO found that even though DHS's OA policy was still under development, the OA for the U.S. Customs and Border Protection (CBP) lnfrastructure investment addressed 14 of 17 Office of Management and Budget (OMB)-required factors. The draft report contained one recommendation directed to DHS with which the Department concurs. Specifically, GAO recommended that the Secretary of Homeland Security: Recommendation: Direct the appropriate officials to ensure the Department's OA for the Customs and Border Protection Infrastructure is complete and assesses missing OMB factors identified in this report. Response: Concur. CBP's Office of Information Technology (OIT) agrees with GAO's findings and, in the case of table 5, key factors 1 & 7 shown in the report, will work closely with DHS's Office of Information Technology (OCIO) during the next fiscal year (FY) to ensure the CBP Infrastructure OA is (1) in compliance with the DHS OA guidance/template, and (2) completed prior to the FY 2016 OMB Exhibit 300 submission. The finalized structured schedule assessment guidance from DHS, per table 5, key factor 2, has not yet been issued. Once received, CBP OIT will follow DHS CIO guidance and establish a process to adequately collect, assess, track, and report the required data within the CBP Infrastructure OA. Estimated Completion Date: September 30, 2014. Again, thank you for the opportunity to review and provide comments on this draft report. Technical comments were previously provided under separate cover. Please feel free to contact me if you have any questions. We look forward to working with you in the future. Sincerely, Signed by: Jim H. Crumpacker: Director: Departmental GAO-OIG Liaison Office: [End of section] Appendix III: Comments from the National Aeronautics and Space Administration: National Aeronautics and Space Administration: Headquarters: Washington, DC 20546-0001: September 27, 2013: Reply to Attn of: Office of the Chief Information Officer: Mr. David Powner: Director: Information Technology Management Issues: United States Government Accountability Office: Washington, DC 20548: Dear Mr. Powner: The National Aeronautics and Space Administration (NASA) appreciates the opportunity to review and comment on the Government Accountability Office (GAO) draft report entitled, "Information Technology: Agencies Need to Strengthen Oversight of Multibillion Dollar Investments in Operations and Maintenance" (GAO-13-823). In the draft report, GAO addresses one recommendation to the NASA Administrator. To ensure that the largest IT O&M investments are being adequately analyzed, GAO recommends that the NASA Administrator direct the Chief Information Officer to take the following action: Recommendation 1: NASA Administrator direct appropriate officials to perform an OA on the investment identified in this report, including ensuring the assessment includes all OMB factors. Management's Response: Concur. An Operational Analysis will be conducted in April 2014 to include all of the OMB factors. Thank you for the opportunity to comment on this draft report. If you have any questions or require additional information, please contact Valarie Burks at (202) 358-3716. Signed by: Larry Sweet: Chief Information Officer: [End of section] Appendix IV: Comments from the Social Security Administration: Social Security: Office of the Commissioner: Social Security Administration: Baltimore, MD 21235-0001: September 30, 2013: Mr. David Powner: Director, Information Technology: Management Issues: United States Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Mr. Bertoni: Thank you for the opportunity to review the draft report, "Information Technology: Agencies Need to Strengthen Oversight of Multibillion Dollar Investments in Operations and Maintenance" (GAO-13-823). Please see our enclosed response. If you have any questions, please contact me at (410) 966-9014. Your staff may contact Gary Hatcher, Senior Advisor for Records Management and Audit Liaison Staff, at (410) 965-0680. Sincerely, Signed by: Katherine Thornton: Deputy Chief of Staff: Enclosure: Comments On The Government Accountability Office Draft Report, "Information Technology: Agencies Need To Strengthen Oversight Of Multibillion Dollar Investments In Operations And Maintenance" (GAO-13- 823): Recommendation 1: Perform an OA on the investment identified in this report, including ensuring the assessment includes all OMB factors. Response: We agree. We currently have the framework in place to perform an operational analysis (OA) on the operations and maintenance (O&M) portion of our major information technology (IT) investments. In fiscal year (FY) 2008, we incorporated an OA for our steady-state IT investments. As part of our Presidential Budget submission, we conduct (or update) an OA on an annual basis or as appropriate. In 2013, we expanded the OA process to include mixed life cycle IT investments that have a significant O&M portion of the investment. We are updating our OA for our Financial Accounting System and our disability determination services automation investments. We are also completing an OA on the O&M portion of our infrastructure investments (i.e., Data Center, Office Automation, and Telecommunications) and Interactive Video Tele-training. We plan to complete all FY 2013 OAs by September 30, 2013. [End of section] Appendix V: Comments from the Department of Veterans Affairs: Department of Veterans Affairs: Washington DC 20420: September 25, 2013: Mr. David A. Powner: Director, Information Technology: Management Issues: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Mr. Powner: The Department of Veterans Affairs (VA) has reviewed the Government Accountability Office's (GAO) draft report, "Information Technology; Agencies Need to Strengthen Oversight of Multibillion Dollar Investments in Operations and Maintenance" (GAO-13-823). VA generally agrees with GAO's conclusions and concurs with GAO's recommendation to the Department. The enclosure specifically addresses GAO's recommendation in the draft report. VA appreciates the opportunity to comment on your draft report. Sincerely, Signed by: Jose D. Riojas: Chief of Staff: Enclosure: Department of Veterans Affairs (VA) Response to Government Accountability Office (GAO) Draft Report: "Information Technology: Agencies Need to Strengthen Oversight of Multibillion Dollar Investments in Operations and Maintenance" (GAO-13-823): GAO Recommendation: To ensure that the largest IT O&M investments are being adequately analyzed, GAO recommends that the Secretary of Veterans Affairs direct appropriate officials to perform OAs on the two investments identified in this report, including ensuring the assessments include all OMB factors. VA Comment: Concur. The two investments referenced by GAO are sub- accounts of VA's single Information Technology Appropriation. These two sub-accounts contain operations and maintenance funding for multiple operational legacy systems and some resources for enhancements to those systems. VA has scheduled the implementation of operational assessments at the system level starting in the second half of fiscal year 2014; to include the legacy systems funded by these two sub-accounts. [End of section] Appendix VI: Comments from the Department of Defense: Department of Defense: Chief Information Officer: 6000 Defense Pentagon: Washington, DC 20301-6000: October 8, 2013: Mr. David A. Powner Director, Information Technology Management: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Mr. Powner, On behalf of the Department of Defense (DoD), DoD CIO is forwarding the response to the GAO draft report Information Technology: Agencies Need to Strengthen Oversight of Multibillion Dollar Investments in Operations and Maintenance, dated September 2013 (GAO Engagement 311283). The Department's comments on the draft report are enclosed. My point of contact is Mr. Craig Garant at craig.r.garant.civ@mail.mil or (703) 697-1029. Sincerely, Signed by: Teresa M. Takai: Enclosure: As Stated: GAO Draft Report Dated August 30, 2013: GAO-13-823 (GAO Code 311283): “Information Technology: Agencies Need To Strengthen Oversight Of Multibillion Dollar Investments In Operations And Maintenance” Department Of Defense Comments To The GAO Recommendations: Recommendation: To ensure that the largest IT O&M investments are being adequately analyzed, GAO recommends that the Secretary of Defense direct appropriate officials to perform OAs (operational analysis) on the two investments identified in this report, including ensuring the assessments include all OMB factors. DoD Response: The Department of Defense (DoD) partially concurs with GAO’s recommendation. The DoD concurs with GAO’s recommendation to ensure OA’s include all Office of Management and Budget (OMB) factors. As noted in this report, GAO recommended that the Secretaries of Defense direct appropriate officials to develop an OA policy, annually perform OAs on all major investments in sustainment, and ensure OAs include all key factors.[Footnote 1] DOD concurred with that recommendation and is establishing an OA policy in coordination with OMB. The DoD concurs with GAO’s recommendation to perform OA on the Defense Information System Network investment identified in this report. DoD non-concurs with the recommendation to perform OA on the Next Generation Enterprise Network (NGEN) investment at this time. OMB policy requires OA be performed on investments in the management in use life cycle phase. The NGEN investment remains in the planning and acquisition stage. Footnote: [1] GAO, Information Technology: Agencies Need to Strengthen Oversight of Billions of Dollars in Operations and Maintenance Investments, GAO- 13-87 (Oct 2012). [End of section] Appendix VII: Comments from the Department of Energy: Department of Energy: Washington, DC 20585: October 16, 2013: Mr. David A. Powner: Director, Information Technology Management Issues: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Mr. Powner: The Department of Energy's (DOE) Office or the Chief Information Officer (OCIO) appreciates the opportunity to provide comments to the General Accountability Office's (GAO) Draft Information Technology (IT) Report, Agencies Need to Strengthen Oversight of Multibillion Dollar Investments in Operations and Maintenance. (GAO-13-823). We understand this audit was conducted to review the Department's processes for overseeing and managing our major IT investments in operations and maintenance. The focus of the review at the Department was on the former investment entitled Consolidated Infrastructure, Office Automation, and Telecommunications. We offer the following specific comments for your consideration. Management Response to Audit Findings/Comments: As part of the Department's IT Capital Planning and Investment Control Program, the OCIO developed and issued an Operational Analysis (OA) guide for Program and Staff Offices (PSOs) to use when assessing their investments. According to the guidance, all major IT investments with operational components are required to conduct an operational analysis on an annual basis and provide a summary report to the OCIO with their annual budget submission in August. The operational analysis process allows PSOs to evaluate the actual performance of their major steady-state investments and to identify funding requirements, based on the actual performance of the investments. The operational analysis evaluates the financial performance, customer results, strategic and business results, and innovation aspects of the investment. At the time of this audit, the Consolidated Infrastructure, Office Automation, and Telecommunications Program no longer existed in DOE's IT portfolio as a major IT investment, and therefore, was not required to complete an operational analysis. The investment was reported to the Office of Management and Budget (OMB) for the last time in May 2012, as part of the final Budget Year (BY) 2013 Exhibit 53 submission. The investment was deconsolidated into smaller infrastructure investments and reported to OMB in September 2012, prior to the start of this audit in December 2012. More than five years ago, OMB released guidance in Circular A-II, directing agencies to report a single, major IT investment for all infrastructure across the Department. However, in the BY 2012 Circular A-II budget guidance, OMB inserted the following language, allowing for the deconsolidation of the infrastructure investments at the bureau-level: "Each agency may submit multiple Exhibits 300 encompassing office automation, infrastructure, security, and telecommunications for the agency. These investments may be defined at the bureau level and/or by functional components of the infrastructure ... Agencies are encouraged to report these investments as they are managed. If IT infrastructure is managed at both the agency and bureau levels, agencies should report both agency and bureau-level infrastructure investments." In addition to OMB's published guidance in Circular A-II, OMB provided further instruction for the level of granularity that the Department should report its IT investments via the BY 2014 Budget Passback process. Last year DOE received instructions to break-up the NNSA Consolidated Infrastructure investment to include aggregating the smaller investments into larger investments. For the latest budget submission, NNSA followed OMB's instructions and further deconsolidated the annual $500 million investment to report approximately $250 million. As a result of this change in guidance, DOE deconsolidated the Consolidated Infrastructure, Office Automation and Telecommunications Program in accordance with OMB instructions. The Department believed it could achieve better insight into Department-wide infrastructure spending by deconsolidating the investments to the level where they were managed in the organization (Le., having individual business cases reported and managed at the PSO level). As part of the BY 2014 budget (submitted to OMB in September 2012), the Consolidated Infrastructure, Office Automation, and Telecommunications investment was deconsolidated. In place of the single $957 million line item reported in the BY 2013 budget, DOE reported: * NNSA Consolidated Infrastructure: NNSA reported a new Exhibit 300 that aggregated their smaller infrastructure investments. An operational analysis which we believe addressed all of the OMB factors for an operational analysis was conducted for this investment in August 2012 and again most recently in August 2013, as required by DOE's IT Capital Planning and Investment Control Program. * Detailed Infrastructure Spending by PSO in Part 2 of Exhibit 53: PSOs provided a detailed break-out of smaller, non-major IT infrastructure initiatives. Since they did not meet the dollar threshold for a major investment, they were not required to conduct an operational analysis. Instead, PSOs maintained oversight and accountability through other internal project management processes applied to smaller-dollar IT projects. Management Response to Energy Recommendation: Recommendation: Secretary of Energy direct appropriate officials to perform an OA on the investment identified in this report, including ensuring the assessment includes all OMB factors. The Department partially concurs with this recommendation. Instead of conducting an operational analysis on the former investment, the Department will ensure that operational analyses are conducted on the O&M components of all current major IT investments in the DOE IT portfolio on an annual basis. Since the Consolidated Infrastructure, Office Automation, and Telecommunications Program no longer exists as an investment in DOE's IT portfolio, it is not possible to conduct an operational analysis on the investment as defined in the report. The investment has not been reported to OMB for two budget cycles (September 2012 and 2013 Exhibit 53 submissions). Therefore, the Department of Energy does not agree with the action as currently stated. DOE has already implemented various investment review processes to manage the cost, schedule, and performance of O&M investments. The reviews include our annual IT portfolio analysis, quarterly Control Reviews, monthly IT Dashboard reporting, PortfolioStat process, and the Federal Data Center Consolidation Initiative (FDCCI). Through these reviews, the Department has identified opportunities for cost savings and efficiencies; however, we realize additional opportunities exist for improving the management of our IT investments. We will continue to analyze and oversee the performance of our steady-state investments through our operational analysis process. Thank you for the opportunity to review this report. If you have any questions related to this letter, please feel free to contact me at (202) 586-0166. Sincerely, Signed by: Robert F. Brese: [End of section] Appendix VIII: Comments from the Department of the Treasury: Department of The Treasury: Washington, D.C. 20220: September 25, 2013: Mr. David A. Powner: Director: Information Technology Management Issues: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Mr. Powner, Thank you for the opportunity to provide comments on GAO's Draft Report, "Information Technology: Agencies Need to Strengthen Oversight of Multibillion Dollar Investments in Operations and Maintenance (GAO- 13-823}." The Department of the Treasury has no comments on the Report and appreciates GAO's efforts in its development. Please contact me at 202-622-1200 if you need anything further. Sincerely, Signed by: Robyn East: Deputy Assistant Secretary for Information Systems and Chief Information Officer: [End of section] Appendix IX: GAO Contact and Staff Acknowledgments: GAO Contact: David A. Powner, (202) 512-9286 or pownerd@gao.gov: Staff Acknowledgments: In addition to the contact name above, individuals making contributions to this report included Gary Mountjoy (Assistant Director), Gerard Aflague, Camille Chaires, Rebecca Eyler, and Lori Martinez. [End of section] Footnotes: [1] The 26 key agencies are the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, Interior, Justice, Labor, State, Transportation, the Treasury, and Veterans Affairs; Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, National Archives and Records Administration, National Science Foundation, Nuclear Regulatory Commission, Office of Personnel Management, Small Business Administration, Smithsonian Institution, Social Security Administration, and U.S. Agency for International Development. [2] According to the budget, the remaining $6 billion includes classified DOD IT investments. [3] 40 U.S.C. § 11302(c). [4] OMB Circular No. A-11, Preparation, Submission, and Execution of the Budget (August 2012). [5] According to OMB guidance, a major IT investment requires special management attention because of its importance to the mission or function to the government; significant program or policy implications; high executive visibility; high development, operating, or maintenance costs; unusual funding mechanism; or definition as major by the agency's capital planning and investment control process. [6] GAO, IT Dashboard: Opportunities Exist to Improve Transparency and Oversight of Investment Risk at Select Agencies, [hyperlink, http://www.gao.gov/products/GAO-13-98] (Washington, D.C.: Oct. 16, 2012); IT Dashboard: Accuracy Has Improved and Additional Efforts Are Under Way to Better Inform Decision Making, [hyperlink, http://www.gao.gov/products/GAO-12-210] (Washington, D.C.: Nov. 7, 2011); Information Technology: OMB Has Made Improvements to Its Dashboard, but Further Work Is Needed by Agencies and OMB to Ensure Data Accuracy, [hyperlink, http://www.gao.gov/products/GAO-11-262] (Washington, D.C.: Mar. 15, 2011); and Information Technology: OMB's Dashboard Has Increased Transparency and Oversight, but Improvements Needed, [hyperlink, http://www.gao.gov/products/GAO-10-701] (Washington, D.C.: July 16, 2010). [7] Capital Programming Guide, Supplement to OMB Circular A-11, Part 7 (July 2012); OMB Memorandum M-10-27 (June 2010), requires agencies to establish a policy for performing OAs on steady state investments as a part of managing and monitoring investment baselines. [8] GAO, Information Technology: Agencies Need to Strengthen Oversight of Billions of Dollars in Operations and Maintenance Investments, [hyperlink, http://www.gao.gov/products/GAO-13-87] (Washington, D.C.: Oct. 16, 2012). [9] GAO, 2013 Annual Report: Actions Needed to Reduce Fragmentation, Overlap, and Duplication and Achieve Other Financial Benefits, [hyperlink, http://www.gao.gov/products/GAO-13-279SP] (Washington, D.C.: Apr. 9, 2013). [10] OMB, Evaluating Information Technology Investments, A Practical Guide (Washington, D.C.: November 1995). [11] See, for example, GAO, Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity, [hyperlink, http://www.gao.gov/products/GAO-04-394G] (Washington, D.C.: March 2004) and GAO, Information Technology: DHS Needs to Further Define and Implement Its New Governance Process, [hyperlink, http://www.gao.gov/products/GAO-12-818] (Washington, D.C.: July 25, 2012). [12] GAO, Information Technology: Continued Improvements in Investment Oversight and Management Can Yield Billions in Savings, [hyperlink, http://www.gao.gov/products/GAO-11-511T] (Washington, D.C.: Apr. 12, 2011). [13] [hyperlink, http://www.gao.gov/products/GAO-13-87] [14] Capital Programming Guide, Supplement to OMB Circular A-11, Part 7 (July 2012); OMB Memorandum M-10-27 (June 2010). [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E-mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]