Information Technology: Agencies Need to Improve Their Application Inventories to Achieve Additional Savings
Highlights
What GAO Found
Most of the 24 Chief Financial Officers (CFO) Act of 1990 agencies in the review fully met at least three of the four practices GAO identified to determine if agencies had complete software application inventories. To be considered complete, an inventory should (1) include business and enterprise information technology (IT) systems as defined by the Office of Management and Budget (OMB); (2) include these systems from all organizational components; (3) specify application name, description, owner, and function supported; and (4) be regularly updated. Of the 24 agencies, 4 (the Departments of Defense, Homeland Security, and Justice, and the General Services Administration) fully met all four practices, 9 fully met three practices, 6 fully met two practices, 2 fully met one practice, and 3 did not fully meet any practice (see figure).
Assessment of Whether Agencies Fully Met Practices for Establishing Complete Software Application Inventories
A January 2016 OMB requirement to complete an IT asset inventory by the end of May 2016 contributed to most of the agencies fully meeting the first three practices. Agencies that did not fully address these practices stated, among other things, their focus on major and high risk investments as a reason for not having complete inventories. However, not accounting for all applications may result in missed opportunities to identify savings and efficiencies. It is also inconsistent with OMB guidance regarding implementation of IT acquisition reform law, referred to as the Federal Information Technology Acquisition Reform Act, which requires that Chief Information Officers at covered agencies have increased visibility into all IT resources. Not accounting for all applications also presents a security risk since agencies can only secure assets if they are aware of them.
Each of the six selected agencies relied on their investment management processes and, in some cases, supplemental processes to rationalize their applications to varying degrees. However, five of the six agencies acknowledged that their processes did not always allow for collecting or reviewing the information needed to effectively rationalize all their applications. The sixth agency, the National Science Foundation (NSF), stated its processes allow it to effectively rationalize its applications, but agency documentation supporting this assertion was incomplete. Only one agency—the National Aeronautics and Space Administration (NASA)—had plans to address shortcomings. Taking action to address identified weaknesses with agencies' existing processes for rationalizing applications would assist with identifying additional opportunities to reduce duplication and achieve savings.
Why GAO Did This Study
The federal government is expected to spend more than $90 billion on IT in fiscal year 2017. This includes a variety of software applications supporting agencies' enterprise needs. Since 2013, OMB has advocated the use of application rationalization. This is a process by which an agency streamlines its portfolio of software applications with the goal of improving efficiency, reducing complexity and redundancy, and lowering the cost of ownership.
GAO's objectives were to determine (1) whether agencies have established complete application inventories and (2) to what extent selected agencies have developed and implemented processes for rationalizing their portfolio of applications. To do this, GAO assessed the inventories of the 24 CFO Act agencies against four key practices and selected six agencies—the Departments of Defense, Homeland Security, the Interior, Labor, and NASA and NSF—due to their IT spending, among other factors, to determine whether they had processes addressing applications.
Recommendations
GAO is recommending that 20 agencies improve their inventories and five of the selected agencies take actions to improve their processes to rationalize their applications more completely. The Department of Defense disagreed with both recommendations made to it. After reviewing additional evidence, GAO removed the recommendation associated with improving the inventory but maintained the other. The other agencies agreed to or had no comments on the draft report.
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
U.S. Agency for International Development | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the U.S. Agency for International Development (USAID) had partially met the following two practices for establishing a complete software application inventory, (1) includes systems from all organizational components, and (2) is regularly updated with quality controls to ensure reliability. In March 2018, the agency provided its updated application inventory, which includes enterprise IT and business systems from all organizational components, and basic application attributes for each system, including the system's name, description, and owner. USAID also provided documentation showing how it maps the applications to business domains, business capabilities, and business services. In addition, USAID officials provided documentation showing that the agency regularly updates the inventory, and documentation of controls to ensure the reliability of the data. As a result of these actions, the agency is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Department of Agriculture | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of Agriculture (USDA) partially met the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, we reported that the agency planned to complete a crosswalk of the data in the IT Asset Inventory, Cyber Security Administration and Management system, and Capital Planning and Investment Control inventories. Further, we reported that the department had not regularly reconciled and verified the data in its Enterprise Architecture Repository, which maintains the IT Asset Inventory, against data in the Cyber Security and Administration system to ensure the accuracy of the data. In response to our recommendation, in September 2016, the department completed a crosswalk of the IT asset information in the Enterprise Architecture Repository, Cyber Security Administration and Management system, and Capital Planning and Investment Control system, which resulted in the identification of opportunities to better synchronize the IT Asset Inventory data contained in the department's systems. In addition, in March 2017, the agency's Enterprise Architecture Division completed a quality review of the agency's application inventory. Specifically, the division reviewed and normalized IT asset information held in multiple systems, including the Enterprise Architecture Repository, Cyber Security Administration and Management system, and the Capital Planning and Investment Control system. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Department of Education | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of Education partially met the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, we reported that the department had not yet established a policy for updating its inventory. Between May 2017 and November 2019, the department provided evidence that it had addressed our recommendation. Specifically, in May 2017, the department issued an updated Lifecycle Management Framework directive, which requires system program managers to update the IT asset management information, including for software applications, in the department's Cyber Security Assessment and Management (CSAM) tool. In addition, in June 2017, the department updated its System Inventory Methodology and Guidance Document to ensure that the inventories within CSAM accurately reflect the system's software and operating system, and that all software utilized on the system is appropriately licensed and approved for use by the department's Enterprise Architecture Review Board. In November 2019, the department provided documentation demonstrating that it has implemented its policies to ensure that the inventory is regularly updated, and that it has implemented quality controls, including reviews to approve and validate changes to the inventory. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Department of Commerce | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of Commerce did not meet the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, the department did not provide evidence of a process to regularly update its inventory or quality controls to ensure the reliability of the data collected. In December 2020 and February 2021, Commerce provided documentation demonstrating that it had updated its inventory, and taken steps to ensure its reliability. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Department of Energy | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of Energy partially met the following three software application inventory practices: (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In September 2021, the agency provided an updated inventory that included systems from its organizational components, and specified basic application attributes, including the name, description, and system owner. Further, the agency stated that it plans to update the inventory annually, and described steps it is taking to ensure its reliability. As a result of these actions, the department is better positioned to identify opportunities to lead to savings and efficiencies.
|
Department of Housing and Urban Development | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of Housing and Urban Development (HUD) partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. Between 2017 and 2022, HUD provided evidence of steps it had taken to implement the recommendation, by among other things, assessing its inventory. For example, in August 2019, HUD reported that it completed an assessment of its legacy applications and determined that the current inventory system was outdated. In January 2022, HUD provided an updated application inventory that included systems from all organizational components, and included basic attributes such as description, owner, and business function. In addition, the agency provided evidence of steps it takes to regularly update the inventory with quality controls. As a result of these actions, HUD is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Department of Health and Human Services | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of Health and Human Services (HHS) partially met the following software application inventory practice: is regularly updated with quality controls to ensure reliability. Specifically, we reported that while HHS provided its policies and guidelines establishing requirements for systems to be entered into the inventory, it did not provide any evidence showing that it has implemented them. In addition, we reported that HHS did not provide any evidence that it has implemented quality control processes to ensure the reliability of the data in the inventory. In May 2018, HHS provided an updated IT asset inventory. In addition, in March 2019, HHS provided documentation showing that it has implemented a process to ensure the reliability of the data. Specifically, the department's Enterprise Architecture Review Board coordinates component efforts to ensure that they verify and update the inventory, and the department's Enterprise Architect validates the accuracy of the data. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Social Security Administration | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Social Security Administration (SSA) partially met the following two software application inventory practices: (1) includes systems from all organizational components, and (2) regularly updates the inventory with quality controls to ensure reliability. In March 2017, SSA officials reported that the agency's Office of Systems and Office of Operations collaborates on integrating application information into the Enterprise Application Inventory. In March 2021, SSA officials provided documentation demonstrating that its inventory included systems from all organizational components. Further, in August 2021, SSA provided documentation of its processes, including quality controls, to regularly update the inventory. As a result of these actions, the agency is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Department of the Interior | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of Interior did not meet the software application inventory practice of regularly updating the inventory with quality controls to ensure reliability, and partially met the practice of including systems from all organization components. In December 2018, the department provided evidence that its application inventory was updated to include applications supporting business functions and enterprise IT systems from all bureaus and components. Furthermore, Interior provided evidence that its inventory is being regularly updated with quality controls to ensure reliability. For example, the department provided a process flow for how quality is to be ensured during data collection efforts. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Department of Transportation | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of Transportation partially met all four practices to establish a complete inventory. Specifically, we reported that, while the department's application inventory for included business systems, it did not include all enterprise IT systems and did not include applications used by all of its components. In addition, the department did not have processes in place to ensure the reliability and accuracy of the reported information. As of February 2020, the department provided documentation demonstrating that its application inventory includes all enterprise IT systems from all components, and is regularly updated with quality controls to ensure its reliability and accuracy. Specifically, the inventory is updated and maintained by the department's Chief Enterprise Architect. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Department of Labor | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of Labor did not meet one software application inventory practice, and partially met three practices. Specifically, we reported that the department did not meet the practice to ensure that the inventory is regularly updated with quality controls to ensure reliability, and partially met the practices to (1) include business and enterprise IT systems, (2) include systems from all organizational components, and (3) specify basic application attributes. In March 2018, department officials provided an updated inventory, which included business and enterprise IT systems from all organizational components, and specified basic attributes, including the name, owner, and business function. In addition, officials stated that they plan to update the inventory on a periodic basis as necessary, at minimum annually, as part of the department's IT budgeting process. In September 2021 and February 2022, officials provided evidence of steps it takes to regularly update the inventory with quality controls. As a result of these actions, Labor is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies
|
Department of the Treasury | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of the Treasury had partially met the following two practices for establishing a complete software application inventory, (1) specifies basic application attributes, and (2) is regularly updated with quality controls to ensure reliability. In September 2017, the department provided an export of its inventory, which showed that most of the systems listed contained system descriptions; however, it did not include the business segment or function that the system supports. According to department officials, some systems do not have a system description because the department's inventory policy allows bureaus to attach documents to the inventory, which include the system description, instead of populating the system description field. Further, the policy does not require a system description for systems in the disposal state. In July 2020, the department provided an export of the inventory, which included the business segment and function supported by each of the systems in the inventory. Further, in January 2021, the department provided evidence showing that it had implemented quality controls to ensure reliability. For example, the department provided documentation showing that it monitors changes to the inventory based on system development lifecycle phases. As a result of these efforts, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Department of Veterans Affairs | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of Veterans Affairs (VA) had partially met the following practice for establishing a complete software application inventory: is regularly updated with quality controls to ensure reliability. We determined that VA partially met this practice because, while officials stated that their repository of systems was viewed as complete, the information within the repository was still maturing and work was being done to automate data capture and integration of the inventory with other sources. The department has since taken action to address the practice. Specifically, in February 2018, VA officials provided documentation showing that the department integrated its inventory with multiple repositories of IT system and application information and relied on this integration to more completely and accurately update and maintain the inventory. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Department of State | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Department of State partially met the following software application inventory practices: (1) specifies basic application attributes; and (2) is regularly updated with quality controls to ensure reliability. Specifically, we reported that while the inventory included basic application attributes (e.g. name, description), it did not include the business function for the majority of inventory entries. Further, we reported that the agency did not provide evidence that quality control processes were in place to ensure the reliability of the data in the inventory. In June 2019, the department provided evidence demonstrating that its inventory includes the business function for IT assets, In addition, in January 2021, State officials provided evidence of the department's quality control processes to ensure the reliability of the data. Specifically, the department's IT Executive Council Program Management Office reviews the data for completeness, requests investment managers to make any necessary updates, and monitors the inventory to ensure changes were made. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Environmental Protection Agency | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Environmental Protection Agency had fully met three of the four practices to establish a complete application inventory, and partially met one. Specifically, the agency partially met the practice for including application attributes in the inventory, as EPA did not identify the business function for every application. In December 2019, Environmental Protection Agency officials stated that the inventory now requires the business function to be included, and provided inventory update instructions that show the business function is to be included. In addition, agency officials provided instructions for senior information managers to update the inventory. In July 2020, the officials provided an updated application inventory that included the business application for every application. As a result of these actions, the agency is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
National Aeronautics and Space Administration | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the National Aeronautics and Space Administration (NASA) had partially met the following two practices for establishing a complete software application inventory, (1) includes these systems from all organizational components, and (2) is regularly updated with quality controls to ensure reliability In February and October 2019, NASA provided its updated application inventory contained within its Agency Application Rationalization Tool, which includes enterprise IT and business systems from all organizational components. In addition, the agency implemented quality controls, including reviews by its Application Portfolio Management Board, to ensure the reliability of the inventory. As a result of these actions, the agency is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
National Science Foundation | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the National Science Foundation had partially met the following practice for establishing a complete software application inventory: is regularly updated with quality controls to ensure reliability. In March 2018, NSF provided documentation that it has implemented its annual inventory validation review process as part of its efforts to regularly update the agency's FISMA inventory.
|
Small Business Administration | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Small Business Administration (SBA) did not meet one software application inventory practice, and partially met three practices. Specifically, the SBA did not regularly update the application inventory with quality controls to ensure reliability, and partially met (1) includes enterprise IT and business systems, (2) includes systems from all organizational components, and (3) specifies basic application attributes. In November 2018, SBA provided an updated inventory that includes enterprise IT and business systems from all organizational components. In addition, we found that the inventory is regularly updated with quality controls to ensure reliability. Specifically, the agency's IT Asset Management Lifecycle Process includes a process for ensuring the accuracy of the inventory. However, the inventory did not include basic attributes, including the description, system owner or function supported, for all applications. In February 2020, SBA provided an updated inventory that included the basic attributes for all applications. As a result of these actions, the agency is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Nuclear Regulatory Commission | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Nuclear Regulatory Commission partially met the following software application inventory practice: is regularly updated with quality controls to ensure reliability. In May 2019, agency officials provided policies for updating and maintaining the inventory. For example, the policies stated that agency officials will validate the inventory on a quarterly basis, and that the inventory will be independently verified and validated once a year. Further, in August 2020, the agency provided documentation demonstrating that it had implemented the quality controls, including reviewing the inventory for accuracy and completeness, and monitoring the resolution of any issues. As a result of these actions, the department is better positioned to identify opportunities to rationalize its applications, which could lead to savings and efficiencies.
|
Office of Personnel Management | To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met. |
We reported that the Office of Personnel Management (OPM) partially met the software application inventory practice to regularly update the inventory with quality controls to ensure reliability. Specifically, although the agency described its process for updating the inventory, it did not provide evidence of actual updates to the inventory. In addition, the agency stated that it relies on manual reviews of the data in the application to ensure that it is complete and current. In January 2023, the agency stated, among other things, that it had implemented a new software asset management policy. The policy, issued in April 2022, specifically identifies that software assets include applications. It also describes steps to regularly review and update the software inventory. We requested evidence of updates to the inventory using the policy. In response, in February 2024, OPM stated that it was in the process of implementing two applications for automated software application discovery. They stated that the applications were expected to be fully implemented by April 2024 and software management processes including inventory quality controls would be applied to the automated software inventory data. We will continue to follow up with OPM as it implements the automated software application discovery tools and uses automated tools to ensure the quality of its application inventory.
|
Department of Defense | To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Defense should direct the responsible official to modify the department's existing processes to collect and review cost, technical, and business information for the enterprise and business IT systems within the Enterprise Information Environment Mission Area applications which are currently not reviewed as part of the department's process for business systems. |
In April 2020, the Department of Defense issued a System and Application Rationalization Guide, that is intended to assist components with implementing an application rationalization process. Defense officials stated that the guide will be used to rationalize the Enterprise Information Environment Mission Area systems, and that they expected to start doing so in the fourth quarter of fiscal year 2020. In January 2021, the department provided documentation showing that it had taken steps towards performing the rationalization for these systems. As a result, the department is better positioned to identify opportunities for savings and efficiencies.
|
Department of Homeland Security | To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Homeland Security should direct the department's CIO to identify one high-cost function it could collect detailed cost, technical, and business information for and modify existing processes to collect and review this information. |
In April 2018, DHS officials stated that they identified Freedom of Information Act (FOIA) systems as a high cost function, and will modify existing processes to collect and review the cost, technical, and business information. In August 2021, DHS officials provided documentation demonstrating that the department had collected and reviewed cost, technical, and business information from three separate FOIA systems used by components. In addition, according to DHS officials, as a part of this effort, the Office of the Chief Information Officer developed an architecture modernization methodology that could be used to gain additional insights and better leverage data about other DHS programs. As a result, the department is better positioned to identify opportunities for savings and efficiencies.
|
Department of the Interior | To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of the Interior should direct the department's CIO to document and implement a plan for establishing policy that would define a standard analytical technique for rationalizing the investment portfolio. |
We recommended that the Department of Interior document and implement a plan for establishing policy that would define a standard analytical technique for rationalizing the investment portfolio. In March 2018, Interior established a policy titled "Application Portfolio Rationalization to Optimize IT Resource Allocation" outlining the department's strategy for conducting application rationalization. Specifically, the policy defines a standard analytical approach that is to be used by the department's bureaus and components for completing annual rationalization assessments. Further, in October 2018, the department issued a summary of the results from implementing its application portfolio rationalization policy. As a result of its action, the department is better positioned to identify opportunities to achieve savings and efficiencies.
|
Department of Labor | To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Labor should direct the department's CIO to consider a segmented approach to further rationalize and identify a function for which it would modify existing processes to collect and review application-specific cost, technical, and business value information. |
Between September 2021 and February 2022, the Department of Labor provided evidence of actions taken to implement the recommendation. Specifically, in September 2021, the department provided its IT spend plan procedures for consolidating and reviewing spend plans to identify anomalies and redundancies. According to agency officials, as part of this process, they collect and review application specific information. In addition, Labor provided documentation of its investment performance review process, which officials stated the department also uses to rationalize applications. In February 2022, the department provided documentation showing that it had taken steps to rationalize its applications. For example, Labor provided documentation showing that it had implemented its IT spend analysis process, which included decisions made by its IT Acquisition Review Board. In addition, the department provided evidence of an assessment of its IT platform services. As a result of these actions, the department is better positioned to identify opportunities for savings and efficiencies.
|
National Science Foundation | To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Director of the National Science Foundation should direct the CIO to consistently document evaluations for all applications and report cost information for them in the roadmap or other documentation. |
In February 2018, National Science Foundation officials provided documentation showing that the agency had documented cost information for all applications included in the agency's Federal Information Security Modernization Act system inventory. In addition, in March 2019, the agency provided documentation showing that it had documented evaluations for all applications in the agency's Enterprise Modernization Roadmap. As a result of these actions, the agency is better positioned to identify opportunities to reduce duplication and achieve savings.
|