This is the accessible text file for GAO report number GAO-03-1028 
entitled 'Information Technology: Departmental Leadership Crucial to 
Success of Investment Reforms at Interior' which was released on 
September 12, 2003.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

Report to the Subcommittee on Interior and Related Agencies, Committee 
on Appropriations, House of Representatives:

September 2003:

Information Technology:

Departmental Leadership Crucial to Success of Investment Reforms at 
Interior:

[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-03-1028] GAO-03-
1028:

GAO Highlights:

Highlights of GAO-03-1028, a report to Chairman and Ranking Minority 
Member of the Subcommittee on Interior and Related Agencies, House 
Committee on Appropriations

Why GAO Did This Study:

The Department of the Interior is responsible for diverse and complex 
missions ranging from managing America’s public lands, mineral and 
water resources, and wildlife to providing satellite data to the 
military and scientific communities. To fulfill these 
responsibilities, Interior invests over $850 million annually—about 6 
percent of its total annual budget—in communications and computing 
projects and systems. Interior’s Office of the Secretary and its Chief 
Information Officer (CIO) are responsible for overseeing processes for 
managing these investments to ensure that funds are expended in the 
most cost-effective way in support of the agency’s mission needs. GAO 
was asked to evaluate (1) departmental capabilities for managing the 
agency’s information technology (IT) investments and (2) the 
department’s actions and plans to improve these capabilities.

What GAO Found:

The Department of the Interior has limited capability to manage its IT 
investments. Based on GAO’s IT Investment Management (ITIM) Framework, 
which measures the maturity of an organization’s investment management 
processes, the department is carrying out few of the activities that 
support critical foundational processes (see table below). As an 
initial step to improve its investment management capability, the 
department has issued a Capital Planning and Investment Control Guide, 
which describes its approach to IT investment management. However, it 
has thus far implemented few of the processes described in its own 
guide. In addition, it has yet to develop an adequate approach to 
identify existing projects and systems. In order to ensure strong 
investment management at all levels, the department has also specified 
a requirement for certifying bureau-level investment processes, but 
certification has not yet begun. Finally, in order to strengthen the 
CIO’s ability to manage IT investments at all levels, the Secretary of 
the Interior has issued an order establishing the authority of the 
bureau-level CIOs; however, the order has not been fully implemented.

In order to improve investment management processes, an organization 
needs to develop and implement a coherent plan, supported by senior 
management, which defines and prioritizes enhancements to its 
investment processes. While Interior has undertaken a number of 
initiatives designed to improve its investment management processes, 
the department has not yet developed a unified, comprehensive plan to 
achieve its objective of establishing effective investment management 
processes, nor has it committed the resources to successfully 
implement the necessary reforms. Without a well-defined process 
improvement plan and controls for implementing it, Interior will 
continue to be challenged in its ability to make informed and prudent 
investment decisions.

What GAO Recommends:

To strengthen the department’s investment management capability, GAO 
recommends that the Secretary of the Interior direct Interior’s CIO to 
develop and implement a plan aimed at addressing the weaknesses 
discussed in this report, including a timetable and specific 
milestones for implementation of appropriate investment management 
processes at all levels of the agency. In commenting on a draft of 
this report, Interior concurred with GAO’s recommendations.

www.gao.gov/cgi-bin/getrpt?GAO-03-1028.

To view the full product, including the scope and methodology, click 
on the link above. For more information, contact Linda Koontz at (202) 
512-6240 or koontzl@gao.gov.

[End of section]

Contents:

Letter: 

Results in Brief:  

Background:  

Scope and Methodology:  

Interior's Capacity to Effectively Manage IT Investments Is Limited:  

Department's Efforts to Improve Investment Management Processes and 
Oversight Are Fragmented and Inadequate:  

Conclusions:  

Recommendations:  

Agency Comments and Our Evaluation:  

Appendixes:

Appendix I: Bureau Missions, Functions, and IT Investments: 

Appendix II: Comments from the Department of the Interior: 

Appendix III: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Acknowledgments:  

Tables Tables: 

Table 1: Stage 2 Critical Processes--Building the Investment 
Foundation:

Table 2: Status of Stage 2 Critical Processes:  

Table 3: Investment Board Operation: 

Table 4: IT Project and System Identification: 

Table 5: IT Project Oversight: 

Table 6: Business Needs Identification: 

Table 7: Proposal Selection: 

Table 8: Stage 3 Critical Processes--Developing a Complete Investment 
Portfolio: 

Table 9: Status of Stage 3 Critical Processes:  

Figures: 

Figure 1: Interior's Organizational Structure: 

Figure 2: The Five Stages of Maturity within ITIM:  

Abbreviations: 

ALMRS: Automated Land and Mineral Record System:

BIA: Bureau of Indian Affairs:

BLM: Bureau of Land Management:

CIO: Chief Information Officer:

CPIC: Capital Planning and Investment Control:

IT: Information Technology:

ITIM: Information Technology Investment Management:

MMS: Minerals Management Service:

NBC: National Business Center:

NPS: National Park Service:

OCIO: Office of Chief Information Officer:

OIG: Office of the Inspector General:

OMB: Office of Management and Budget:

OSM: Office of Surface Mining Reclamation and Enforcement:

PMB: Policy, Management and Budget:

SAIC: Science Applications International Corporation:

TAAMS: Trust Asset and Accounting Management System:

USBR: United States Bureau of Reclamation:

USFWS: United States Fish and Wildlife Service:

USGS: United States Geological Survey:

Letter September 12, 2003:

The Honorable Charles H. Taylor 
Chairman 
The Honorable Norman D. Dicks 
Ranking Minority Member 
Subcommittee on Interior and Related Agencies 
Committee on Appropriations 
House of Representatives:

The Department of the Interior is responsible for diverse and complex 
missions ranging from managing America's public lands, mineral and 
water resources, and wildlife to providing satellite data to the 
military and scientific communities. To fulfill these responsibilities, 
Interior invests over $850 million annually--about 6 percent of its 
total annual budgetary resources--in communications and computing 
projects and systems. The Secretary of the Interior and Interior's 
Chief Information Officer (CIO) are responsible for overseeing 
processes for managing these investments at all levels of the 
organization to ensure that funds are expended in the most cost-
effective way in support of the agency's mission needs.

This report is one of two in response to your request that we evaluate 
the Department of the Interior's information technology investment 
management capabilities.[Footnote 1] As agreed with your offices, our 
objectives were to evaluate (1) departmental capabilities for managing 
the agency's information technology (IT) investments, including its 
ability to effectively oversee bureau processes, and (2) the 
department's actions and plans to improve these capabilities.

Results in Brief:

The Department of the Interior has limited capacity to effectively 
manage its planned and ongoing IT investments. Over the past few years, 
Interior has undertaken several initiatives to better understand its 
current capabilities and to implement the organizational processes 
required for the department to exercise its responsibility to select, 
control, and evaluate IT investments. For example, the department has 
issued a Capital Planning and Investment Control (CPIC) Guide, which 
describes its approach to IT investment management. In addition, in 
order to support the implementation of effective investment management 
practices throughout the department, the Secretary has issued an order 
aligning bureau CIOs with the department CIO and specifying that the 
bureau CIOs will have authority over IT expenditures within their 
bureaus. This order acknowledges that effective bureau processes are 
necessary to support effective investment management throughout the 
department. However, efforts to implement the CPIC Guide and the 
secretarial order have not moved forward as specified in implementing 
memoranda. Interior has much to accomplish before it can have 
confidence that its mix of IT investments best meets its mission and 
business needs.

* The first step toward establishing effective investment management is 
to put in place foundational, project-level control and selection 
processes. Interior has implemented few of these processes. While the 
CPIC Guide describes the approach Interior intends to take, and the 
department-level boards have begun operating, few other key practices 
have been instituted at this time. Until processes are established that 
enable executives to select and oversee investments using reliable 
information, they cannot be assured that they are consistently 
selecting and managing IT investments that meet Interior's needs and 
priorities.

* The second major step toward effective investment management is to 
continually assess proposed and ongoing projects as an integrated and 
competing portfolio of investment options. Interior officials 
acknowledge that the agency has made little progress in managing 
investments as a complete portfolio. As a result, Interior executives 
are unable to adequately assess the relative merits of investment 
proposals and make trade-offs among options.

Interior has undertaken a number of initiatives designed to improve its 
investment management processes; however, it has not coordinated these 
efforts, nor has it assigned the resources to effectively carry them 
out. Without a well-defined process improvement plan and controls for 
implementing it, it is unlikely that the agency will establish a mature 
investment management capability. As a result, Interior will continue 
to be challenged in its ability to make informed and prudent investment 
decisions in managing its IT investments to meet its mission 
objectives.

To strengthen the department's investment management capability, we are 
making a number of recommendations aimed at addressing the weaknesses 
discussed in this report. In addition, we are recommending that the 
department develop and implement a plan that includes (1) provisions to 
improve investment management practices agencywide and (2) a timetable 
and milestones for certifying bureau CPIC processes and for 
implementing the secretarial order aligning CIO authorities and 
responsibilities.

In commenting on a draft of this report, the Department of the Interior 
concurred with our recommendations and identified actions that it plans 
to take to improve IT investment management processes throughout the 
department. Among other things, the department stated that it intends 
to develop and implement a comprehensive plan, approved by its senior 
investment decision-making board, to address specific weaknesses that 
we identified in its foundational investment management practices and 
to move to strengthen the role of the CIO in oversight and resource 
allocation.

Background:

Interior Has Diverse Missions and IT Investments:

The Department of the Interior, created by Congress in 1849, is a 
multitiered organization that currently employs approximately 70,000 
people in about 2,400 locations throughout the United States. The 
Secretary of the Interior heads the agency, which comprises 
approximately 30 offices and committees and eight bureaus. Five 
Assistant Secretaries support the Secretary of the Interior at the 
department level. One of these is responsible for Policy, Management 
and Budget. The others are responsible for mission-related matters 
including Land and Minerals Management, Indian Affairs, Fish and 
Wildlife and Parks, and Water and Science.

At the next level of the organization, eight bureaus,[Footnote 2] 
aligned with these Assistant Secretaries, are responsible for achieving 
Interior's diverse missions. Interior's missions include managing 
approximately 500 million acres of land--about one-fifth of the total 
U.S. land mass--and about 1.8 billion acres of the Outer Continental 
Shelf; fulfilling the government's trust responsibility to American 
Indians and Alaska Natives; conserving and protecting fish and 
wildlife; offering recreational opportunities; managing the National 
Park System; providing stewardship of energy and mineral resources; 
fostering the sound use of land and water resources; helping with the 
management of the National Fire Plan; ensuring the reclamation and 
restoration of surface mining sites; and providing scientific 
information on resource, natural hazard, and earth science issues. 
Figure 1 shows how Interior is organized.

Figure 1: Interior's Organizational Structure:

[See PDF for image]

[End of figure]

Information technology (IT) investments play a vital role in Interior's 
ability to fulfill its missions. Given the diversity of these missions 
and operating environments, the character of these investments also 
varies substantially. For example, the department uses a land mobile 
radio infrastructure to support geographically dispersed public safety 
and protection missions. These missions include law enforcement on 
federal and tribal lands, urban and wildland firefighting, seismic 
monitoring, wildlife tracking management of national parks, and water 
reclamation activities. In contrast, Interior's Minerals Management 
Service owns systems that track oil and gas production on public lands 
and maintains records on royalties that are due to the federal 
government and to American Indian tribes. Interior's bureaus and 
associated program offices propose, fund, and manage these kinds of 
investments, while certain departmental offices--such as the Offices of 
Financial Management and Personnel Policy--propose and manage other 
systems that support administrative functions. Interior's National 
Business Center is responsible for managing and operating departmental 
information systems on a fee-for-service basis and for providing other 
kinds of administrative support, such as facilities management.

In fiscal year 2003, Interior invested over $850 million in IT--about 6 
percent of its total budget. While the Secretary of the Interior has 
the ultimate responsibility for managing these investments--including 
overseeing and guiding the development, management, and use of 
information resources and information technology throughout the 
department--Interior's CIO is responsible for providing leadership and 
oversight for IT investment management processes throughout the agency. 
To that end, Interior's CIO serves as the chair of the department's IT 
Management Council, which oversees "major" investments in IT.[Footnote 
3] About 2,255 of Interior's staff of about 70,000 are classified as IT 
professionals. Thirty-four staff provided direct support to the CIO in 
the department's Office of the CIO during fiscal year 2003.

Appendix I provides additional information about each bureau's 
missions, functions, staffing, and total expenditures on IT for fiscal 
year 2003.

Reviews Identified Need for Improving IT Investment Management:

Prior reviews of IT projects performed at Interior over the past 
decade--by GAO and the Office of Management and Budget (OMB) as well as 
Interior's Office of the Inspector General (OIG)--have revealed 
significant weaknesses in IT investment management practices at both 
the department and the bureau levels. Over the last several years, we 
have issued a series of reports on Interior's major IT investments and 
associated management practices. In April and July of 1999, we reported 
that Interior had not followed sound management practices in the early 
stages of its effort to acquire the Trust Asset and Accounting 
Management System,[Footnote 4] a system designed to manage Indian 
assets and land records. We also reported that, as a result of poor 
planning, Interior could not ensure that the system would meet 
financial management needs cost effectively or mitigate system 
development risks adequately. In September 2000, we reported that 
Interior still needed to address significant remaining risks.[Footnote 
5] Among other things, we recommended that Interior take steps to 
strengthen its software development and acquisition processes and that 
it regularly assess the progress being made in implementing this 
system.

Between 1995 and 2001, we reported on Interior's efforts to acquire a 
land and mineral case processing system called Automated Land and 
Mineral Record System(ALMRS)/Modernization and raised concerns about 
the Bureau of Land Management's (BLM) and the prime contractor's 
abilities to complete, integrate, and test the new software system and 
complete the current schedule.[Footnote 6] Among other things, we 
recommended that BLM take steps to strengthen its IT investment 
management processes and systems acquisition capabilities. ALMRS was 
terminated in 1999, but many of the management weaknesses we had 
identified remained. In 2000 and 2001, we reported that BLM had been 
working to implement our recommendations, and we further recommended 
that BLM develop a plan to integrate all of the corrective actions 
necessary to implement our recommendations and establish a schedule for 
completing them.

In August 2002, Interior's OIG reported that the department did not 
have a process to ensure that IT capital investments or projects 
focused on departmental mission objectives or federal government goals 
and initiatives--principally because of its decentralized approach to 
IT investment management.[Footnote 7] The OIG further stated that only 
20 investment projects--representing over 24 percent of the total--were 
subject to departmental review and approval in fiscal years 2002 and 
2003 through submission of capital asset plans. Therefore, about $1 
billion in Interior IT investment projects were not subject to 
department-level review and approval during those 2 years.

Consistent with these reports, OMB reported in the President's fiscal 
year 2003 budget that Interior was putting large sums of public funds 
at high risk for failure and that it had not complied with applicable 
legislative requirements that were established in the Paperwork 
Reduction Act of 1995 and the Clinger-Cohen Act of 1996.[Footnote 8] 
OMB also reported that the department had not been able to adequately 
identify major projects within its IT portfolio or to demonstrate 
through adequate business cases the need for all of the major projects 
that it did identify. In addition, out of the 23 federal agencies 
included in the fiscal year 2003 budget supplemental document entitled 
Performance Information for Major IT Investments, the Department of the 
Interior was one of only two agencies that were unable to provide the 
type of information on the actual performance of their IT investments. 
In the Presidentís fiscal year 2004 budget, OMB reported that Interior 
had made significant strides toward more fully identifying its IT 
investments and strengthening the business cases that it developed for 
major IT projects, although 20 of its 35 initial submissions remained 
on OMB's at-risk list.[Footnote 9]

Information Technology Investment Management Maturity Framework:

Our IT Investment Management (ITIM) maturity framework,[Footnote 10] 
issued in May 2000, is a useful tool that can help Interior to improve 
its IT investment management capabilities. The ITIM framework can be 
used to determine both the status of an agency's current IT investment 
management capabilities and what additional steps need to be taken to 
put more effective processes in place. The ITIM framework establishes a 
hierarchical set of five maturity stages. Each stage builds upon the 
lower stages and represents increased capabilities toward achieving 
both stable and effective (and thus mature) IT investment management 
processes. Except for the first stage--which largely reflects ad hoc, 
undefined, and undisciplined decision and oversight processes--each 
maturity stage is composed of critical processes that are essential to 
satisfying the requirements of that stage. These critical processes are 
defined by key practices that include organizational commitments (e.g., 
policies and procedures), prerequisites (e.g., resource allocation), 
and activities (e.g., implementing procedures). Key practices are the 
specific conditions that must be in place and tasks that must be 
performed for an organization to effectively implement the necessary 
critical processes.

Figure 2 shows the five ITIM stages and a brief description of each 
stage.

Figure 2: The Five Stages of Maturity within ITIM:

[See PDF for image]

[End of figure]

While the ITIM framework defines critical processes and key practices 
in general terms, our work at multitiered organizations, such as the 
Postal Service and the Department of Justice,[Footnote 11] showed that 
specific roles and responsibilities may vary by organizational tier. 
For example, in such organizations, department-level management has 
overall responsibility for a process, while component-level management 
is responsible for ensuring that applicable requirements defined by the 
department are met and that operational units such as program offices 
take primary responsibility for performing the day-to-day activities 
that are described by ITIM, in accordance with management expectations. 
In such an environment, the presence of well-established and managed 
processes at lower levels of the organization can provide a level of 
assurance to the department concerning the quality and reliability of 
proposals for new investments, information reported on the actual 
performance of projects, and budget requests.

In an agency like Interior, in which organizations at different levels 
execute various aspects of IT investment management, it is essential 
that top agency management establish and oversee processes throughout 
the agency to ensure that effective investment management practices are 
being adhered to. Over the past decade, Congress has enacted a series 
of laws that require centralized management and performance reporting 
to ensure that agencies can demonstrate that they are making the best 
funding decisions to support their mission needs. The Clinger-Cohen Act 
of 1996 specifically requires that the head of each agency designate a 
CIO to implement a process that maximizes the value and assesses and 
manages the risk of IT investments. Under the Clinger-Cohen Act, the 
Department of the Interior's CIO has the ultimate responsibility for 
ensuring the cost-effectiveness of decisions made by program managers 
to expend funds on IT in support of the agency's mission needs. 
Therefore, even though individual bureaus have CIOs or similar 
officers, the department's CIO must monitor and evaluate the 
performance of its IT investment portfolio as a whole and report to the 
Secretary on compliance with applicable laws and policies.

Scope and Methodology:

To determine the department's capabilities for managing its information 
technology (IT) investments, including its ability to effectively 
oversee bureau processes, we used several different criteria. To 
evaluate the underlying investment management processes we used our 
Information Technology Investment Management: A Framework for Assessing 
and Improving Process Maturity, Exposure Draft (ITIM 
Framework).[Footnote 12] We applied the framework as it is described in 
the exposure draft, except that we used a revised version of the IT 
Asset Inventory critical process, called IT Project and System 
Identification, after discussion with departmental officials at the 
beginning of this engagement. This revised critical process has been 
used in our evaluations since June 2001. At the start of our 
evaluation, we requested that the department conduct a self-assessment 
using the ITIM as criteria. Using this self-assessment and the 
supporting documentation as a starting point, we worked with Interior 
officials to further support their conclusions. Based on the 
department's acknowledgement that it had only executed two of the key 
practices in Stage 3, we did not independently assess the capabilities 
at this stage or at Stages 4 and 5 of the framework. In our evaluation, 
an ITIM key practice was rated as "executed" only when we found 
sufficient evidence that the practice was already in place at the time 
of the review. We rated all other key practices as "not executed.":

To gain additional insight into the department's ability to oversee its 
components' IT investment management processes, we reviewed 
documentation and conducted interviews on the department's efforts to 
put the necessary management structures in place, whether the 
department had clearly defined what was expected of the bureaus, and 
whether it held the bureaus accountable to the necessary standards. In 
order to evaluate the success of the department's oversight activities, 
we also assessed the capabilities of Interior's components. To 
determine the capabilities of the components, we collected 
documentation describing bureau CPIC and investment management 
processes and spoke with responsible officials at eight bureaus (the 
Bureau of Indian Affairs, the Bureau of Land Management, the Bureau of 
Reclamation, the Minerals Management Service, the National Park 
Service, the Office of Surface Mining Reclamation and Enforcement, the 
U.S. Fish and Wildlife Service, and the U.S. Geological Survey) and the 
National Business Center.

To assess Interior's plans for improving its IT investment management 
processes--including oversight of bureau processes--and to identify 
potential barriers to their implementation, we obtained and evaluated 
documents showing what management actions had been taken and what 
initiatives had been planned by the department. In addition, we 
interviewed officials in the Offices of Acquisition and Property 
Management, Budget, and the Chief Information Officer.

We conducted our work at Interior's headquarters offices in Washington, 
D.C; bureaus headquarters offices in Arlington, Virginia; Reston, 
Virginia; and Lakewood, Colorado; and at the National Business Center 
in Englewood, Colorado, from November 2002 through July 2003, in 
accordance with generally accepted government auditing standards.

Interior's Capacity to Effectively Manage IT Investments Is Limited:

In order to have the capabilities to effectively manage IT investments, 
a department should (1) have basic, project-level control and selection 
practices in place and (2) manage its projects as a portfolio of 
investments, treating them as an integrated package of competing 
investment options and pursuing those that best meet the department's 
strategic goals, objectives, and mission. These practices may be 
executed at various organizational levels of the agency--including the 
bureau level--although overall responsibility for their success remains 
at the department level.

The Department of the Interior is executing only 7 of the 38 key 
practices that are required by the ITIM framework to establish a 
foundation for IT investment management and only 2 of the 38 key 
practices required to manage investments as a portfolio. In addition, 
the department's ability to oversee the successful implementation and 
execution of the required practices is limited, although a number of 
initiatives have been undertaken to address this issue. However, 
efforts to implement the reform initiatives have not moved forward as 
specified in implementing memoranda.[Footnote 13] Until Interior 
successfully implements stable investment management practices 
throughout the department, it will lack essential management controls 
over its IT investments, and it will be unable to ensure that the mix 
of investments it is pursuing is the best to meet the department's 
strategic goals, objectives, and mission.

Department Demonstrates Few Capabilities for IT Investment Management:

At the ITIM framework's Stage 2 level of maturity, an organization has 
attained repeatable, successful investment control processes and basic 
selection processes at the project level. Through these processes, the 
organization can identify expectation gaps early and take appropriate 
steps to address them. According to the ITIM framework, critical 
processes at Stage 2 include (1) defining investment board operations, 
(2) collecting information about existing investments, (3) developing 
project-level investment control processes, (4) identifying the 
business needs for each IT project, and (5) developing a basic process 
for selecting new IT proposals. Table 1 describes the purpose for each 
of the Stage 2 critical processes.

Table 1: Stage 2 Critical Processes--Building the Investment 
Foundation:

Critical process: IT investment board operation; Description: To define 
and establish the governing board(s) responsible for selecting, 
controlling, and evaluating investments.

Critical process: IT project oversight; Description: To regularly 
determine each IT project's progress toward cost and schedule 
milestones, using established criteria, and to take corrective actions 
when milestones are not achieved.

Critical process: IT project and system identification; Description: To 
create and maintain an IT project and system inventory to assist in 
managerial decision making.

Critical process: Business needs; identification; Description: To 
ensure that each IT program and project supports the organization's 
business needs and meets users' needs.

Critical process: Proposal selection; Description: To ensure that an 
established, structured process is used to select new IT proposals.

Source: GAO.

[End of table]

In a multitiered organization like Interior, the department is 
responsible for providing leadership and oversight for foundational 
critical processes by ensuring that written policies and procedures are 
established, repositories of information are created that support IT 
investment decision making, resources are allocated, responsibilities 
are assigned, and all of the activities are properly carried out where 
they may be most effectively executed. In such an organization, the CIO 
is specifically responsible for ensuring that the organization is 
effectively managing its IT investments at every level. If Interior's 
bureaus do not have investment management processes in place that 
adequately support the department's investment management process, its 
CIO must take action to ensure that the department is expending funds 
on IT investments that will fulfill its mission needs.

The department is executing 7 of the 38 key practices associated with 
Stage 2 critical processes (or about 18 percent), primarily as a result 
of issuing the IT and Construction Capital Planning and Investment 
Control (CPIC) Guide in December 2002 and assigning responsibility for 
IT investment management functions to three oversight boards. Among 
other things, the CPIC Guide clearly describes the structure of the 
department's IT investment review boards and how authority is to be 
aligned among bureau-and department-level boards; it assigns 
responsibility to the boards for its proposal selection process.

However, the department has not executed most of the crucial key 
practices at the Stage 2 level. For example, information about the 
expected and actual cost and schedule for Interior's IT projects, which 
could form the basis for selection decisions, is not being provided to 
the investment review boards. In addition, the department has few 
capabilities for overseeing IT projects and ensuring that business 
needs are adequately identified. Finally, in July 2003 Interior had not 
yet implemented most of the investment management processes that it 
describes in its CPIC Guide, and thus the members of its boards lacked 
direct experience in the execution of ITIM critical processes.

Table 2 summarizes the status of the department's Stage 2 critical 
processes, showing how many associated key practices the agency has 
executed. The department's actions toward implementing each of the 
critical processes are discussed in the sections that follow.

Table 2: Status of Stage 2 Critical Processes:

Critical process: IT investment board operation; Key practices 
executed: 2; Total required by critical process: 6; Percentage of key 
practices executed: 33.

Critical process: IT project and system identification; Key practices 
executed: 0; Total required by critical process: 7; Percentage of key 
practices executed: 0.

Critical process: IT project oversight; Key practices executed: 1; 
Total required by critical process: 11; Percentage of key practices 
executed: 9.

Critical process: Business needs identification; Key practices 
executed: 2; Total required by critical process: 8; Percentage of key 
practices executed: 25.

Critical process: Proposal selection; Key practices executed: 2; Total 
required by critical process: 6; Percentage of key practices executed: 
33.

Critical process: Cumulative; Key practices executed: 7; Total required 
by critical process: 38; Percentage of key practices executed: 18.

Source: GAO.

[End of table]

Boards Are Operating but Have Limited Experience:

To help ensure executive management accountability and adequate 
oversight for IT capital planning and investment decisions, an 
organization should establish a governing board or boards with 
responsibility for selecting, controlling, and evaluating IT 
investments. According to the ITIM framework, effective operation of an 
IT investment board requires, among other things, that (1) board 
members have both IT and business knowledge, (2) board members 
understand the investment board's policies and procedures and exhibit 
core competencies in using the agency's IT investment policies and 
procedures, (3) the organization's executives and line managers support 
and carry out board decisions, (4) the organization develop 
organization-specific process guidance that includes policies and 
procedures to direct the board's operations, and (5) the investment 
board operates according to written policies and procedures. (The full 
list of key practices is provided later in table 3.):

The department is executing two of the six key practices needed for its 
IT investment boards to operate effectively, as specified in the ITIM 
framework. Interior's new CPIC Guide provides a conceptual framework 
for the operation of IT investment boards and a description of a five-
phase investment process. It also specifies the membership of 
Interior's IT investment boards in a way that should ensure the 
integration of technical and business knowledge as well as the 
appointment of senior-level executives to the boards.

In its new CPIC Guide, Interior provides a conceptual overview of the 
department-and bureau-level review boards that are now responsible for 
overseeing IT investments. At the department level, these boards and 
their decision thresholds include the following:

* the Management Excellence Council, which is responsible for 
validating recommendations made to it by the Management Initiatives 
Team on IT investments;

* the Management Initiatives Team, which is responsible for reviewing, 
evaluating, and approving investments that are expected to cost $35 
million or more, and other investments that are otherwise considered to 
be major; and:

* the IT Management Council, which is responsible for reviewing, 
evaluating, and approving IT investments that are expected to cost 
between $5 million and $35 million.

The Management Excellence Council, chaired by the Secretary of the 
Interior and comprising Assistant Secretaries and bureau heads, was 
created to provide leadership, direction, and accountability in meeting 
the administration's goals and to provide overall direction for and 
oversight of the department's management reform activities. Its IT 
investment management activities include validating the Management 
Initiatives Team's recommendations and recommending strategic 
investments for the Secretary's approval. The Management Initiatives 
Team, chaired by the Assistant Secretary for Policy, Management and 
Budget and comprising Deputy Assistant Secretaries and Deputy Bureau 
Directors, was established to support the Management Excellence Council 
in its broad activities. In the context of IT investment management, 
the Management Initiatives Team's responsibilities include 
articulating investment strategy, validating scoring by the IT 
Management Council, and resolving duplication of effort. The IT 
Management Council, chartered in the CPIC Guide, is cochaired by the 
department CIO and a rotating cochair who is elected by IT Management 
Council annually; it is composed of the bureau CIOs and representatives 
from several departmental offices. The IT Management Council is 
responsible for scoring potential investments against a predetermined 
set of criteria, maintaining the planning process and the investment 
portfolio, and identifying duplication of effort.

The department has taken steps to ensure that investment boards are 
established at the bureau level also. For example, Interior's CPIC 
Guide requires that investment review boards be established by each of 
its bureaus to provide oversight for IT investments that are funded by 
Interior. This multilayered review of investments is designed to 
increase the likelihood that Interior's IT investments will meet 
mission needs.

However, at the time that we concluded our work in July 2003, the 
department could not assert that board members exhibited core 
competencies in using the IT investment approach because department 
level boards had very limited experience with IT proposal selection 
processes. Until the department implements an effective IT investment 
board process that is well established and understood throughout the 
agency, executives cannot be adequately assured that decisions made by 
the boards are being well supported and carried out by its executives 
and line managers or that each board is operating according to 
established policies and procedures.

Table 3 summarizes our ratings for each key practice and the specific 
evidence that supports the ratings.

Table 3: Investment Board Operation:

Type of practice: Organizational commitments; 

Key practice: 1. An 
organization-specific IT investment process guide is created to direct 
each board's operations; Rating: Executed; Summary of evidence: The 
department issued a Capital Planning and Investment Control Guide 
(CPIC) Guide in December 2002 that defined department-and bureau-level 
IT investment boards and specified their authorities, procedures, 
membership, roles, and responsibilities.

Key practice: 2. Organization executives and line managers support and 
carry out IT investment board decisions; Rating: Not executed; Summary 
of evidence: The CPIC Guide describes a number of controls or processes 
for ensuring that executives and line managers carry out the decisions 
of the IT investment boards. These include entry and exit criteria for 
five investment management phases defined in the CPIC Guide and a 
description of how CPIC and budget processes are to be linked. However, 
at the time of our review these boards had limited experience and their 
activities focused on OMB budget reporting.

Type of practice: Prerequisites; 

Key practice: 1. Adequate resources 
are provided for operating each IT investment board; Rating: Not 
executed; Summary of evidence: The department indicated in its self-
assessment that this key practice had not been executed.

Key practice: 2. Board members understand the investment board's 
policies and procedures and exhibit core competencies in using the IT 
investment approach through training, education, or experience; 
Rating: Not executed; Summary of evidence: The department's IT 
investment boards are composed of departmental and bureau office 
executives who are capable of making investment board decisions. 
However, at the time of this review, Interior's department-level boards 
had limited experience with the processes described in its new CPIC 
Guide.

Type of practice: Activities; 

Key practice: 1. Each IT investment board 
is created and defined with board membership integrating both IT and 
business knowledge; Rating: Executed; Summary of evidence: Interior 
has three department-level IT investment boards, including the IT 
Management Council, the Management Initiatives Team, and the Management 
Excellence Council. The IT Management Council reviews IT investments 
from a technical perspective for all three boards, and its members 
include both IT and business representatives. The Management 
Initiatives Team includes representatives from the bureaus, as well as 
the department's Offices of the Chief Information Officer, Financial 
Management, and Planning and Performance Management. Finally, the 
Management Excellence Council is made up of Assistant Secretaries 
responsible for Interior's programs and the heads of its bureaus.

Key practice: 2. Each IT investment board operates according to written 
policies and procedures in the organization-specific IT investment 
process guide; Rating: Not executed; Summary of evidence: Although the 
department issued a CPIC Guide in December 2002 that contains written 
policies and procedures for the organization's IT investment management 
process, Interior's IT investment boards had not yet fully implemented 
these at the time of this review.

Source: GAO.

[End of table]

No Project and System Inventory Exists to Support Investment Decision 
Making:

Agency boards, managers, and staff at all levels who are responsible 
for decisions about IT investment management must have at their 
disposal information about existing investments as well as new ones 
that are being proposed. Besides the fundamental business justification 
for each of the individual investments, decision makers must also 
consider the interaction of each continuing or proposed project with 
other projects that comprise the agency's overall IT environment. In 
addition, opportunities to consolidate projects or systems and avoid 
redundant investments may be found when proposals are evaluated in this 
context. The information that could be used in this analysis includes 
current and planned system functions, physical location, organizational 
owners, and how funds are being expended toward acquiring, maintaining, 
and deploying these assets.

A project and system inventory can take many forms and does not have to 
be centrally located or consolidated. The guiding principles for 
developing the inventory are that the information maintained should be 
both accessible--located where it is of the most value to investment 
decision makers--and relevant to the management processes and decisions 
that are being made. In multitiered organizations, information from an 
IT project and system inventory should be accessible and relevant to 
the decision processes of boards at all levels of the organization that 
are responsible for ITIM activities. An IT project and system inventory 
is also essential to successfully implementing certain other critical 
processes, including IT Project Oversight and Proposal Selection, and 
developing a comprehensive IT investment portfolio.

According to the ITIM framework,[Footnote 14] organizations at the 
Stage 2 level of maturity allocate adequate resources for tracking IT 
projects and systems, designate responsibility for managing the project 
and system identification process, and develop related written policies 
and procedures. Resources required for this purpose typically include 
managerial attention to the process; staff; supporting tools, such as 
an inventory database; inventory reporting, updating, and query tools; 
and a method for communicating inventory changes to affected parties. 
Stage 2 organizations also maintain information on their IT projects 
and systems in one or more inventories according to written procedures, 
recording changes in data as required, and maintaining historical 
records. Access to this information is provided on demand to decision 
makers and other affected parties. (The full list of key practices is 
provided in table 4.):

However, the department is not executing any of the seven key practices 
in this critical process. It does not have any written standards or 
existing repositories of information on Interior's IT investments that 
meet ITIM standards, and it has not assigned responsibility or 
allocated resources for this purpose. In April 2003, departmental 
officials indicated that they are planning to use the Exhibit 53 report 
they prepared for OMB as their IT project and system inventory. 
However, according to the same officials, the current Exhibit 53 report 
for Interior does not constitute a comprehensive list of its IT 
investments. Moreover, this report does not include information on 
actual project cost and schedule or other information needed to support 
IT investment decisions.

Developing an adequate project and system inventory has only recently 
become a priority at Interior. As a result, Interior's IT investment 
boards do not currently have the information they need to make well-
informed decisions regarding selecting, controlling, and evaluating 
investment decisions. Without information from such an inventory, the 
department-and bureau-level boards cannot ensure that duplication among 
existing and proposed IT investments is eliminated. In addition, the 
boards cannot compare actual project performance with expectations and 
determine whether corrective actions should be taken.

Table 4 summarizes our ratings for each key practice.

Table 4: IT Project and System Identification:

Type of practice: Organizational commitments; 

Key practice: 1. The 
organization has written policies and procedures for identifying its IT 
projects and systems and collecting, in an inventory, information about 
the IT projects and systems that is relevant to the investment 
management process; Rating: Not executed; Summary of evidence: The 
department indicated that it plans to use its Exhibit 53 report to OMB 
as its IT project and system inventory. While the Exhibit 53 is 
designed to list all of Interior's IT projects and systems, this report 
does not contain sufficient information to constitute an IT project and 
system inventory as described by the ITIM framework. Therefore, any of 
the department's current policies and procedures on the Exhibit 53 do 
not meet the requirements of this key practice.

Key practice: 2. An official is assigned responsibility for managing 
the IT project and system identification process and ensuring that the 
inventory meets the needs of the investment management process; 
Rating: Not executed; Summary of evidence: Although the department has 
assigned responsibility for preparing the Exhibit 53 to the Office of 
the Budget, the Exhibit 53 does not provide sufficient information to 
support the investment management process as described in the ITIM 
framework.

Type of practice: Prerequisite; 

Key practice: 1. Adequate resources are 
provided for identifying IT projects and systems and collecting 
relevant information into an inventory; Rating: Not executed; Summary 
of evidence: The department indicated in its self-assessment that this 
key practice had not been executed.

Type of practice: Activities; 

Key practice: 1. The organization's IT 
projects and systems are identified, and specific information about 
them is collected in an inventory; Rating: Not executed; Summary of 
evidence: The department indicated in its self-assessment that it 
intends to merge several inventories of IT projects and systems into 
the Exhibit 53 in order to develop a comprehensive list of investments. 
However, the Exhibit 53 does not include all of the kinds of 
information that are required to support IT investment management 
decisions.

Key practice: 2. Changes to IT projects and systems are identified, and 
change information is maintained in the inventory; Rating: Not 
executed; Summary of evidence: The department does not have an adequate 
inventory in which changes to information on IT projects and systems 
can be identified.

Key practice: 3. Information from the inventory is available on demand 
to decision makers and other affected parties; Rating: Not executed; 
Summary of evidence: The department plans to use the Exhibit 53 as its 
investment inventory, but this document does not include the necessary 
information to constitute an adequate IT project and system inventory, 
according to the ITIM framework.

Key practice: 4. The IT project and system inventory and its 
information records are maintained to contribute to future investment 
selections and assessments; Rating: Not executed; Summary of evidence: 
The department does not maintain an IT project and system inventory 
with records that could contribute to future IT investment board 
decisions.

Source: GAO.

[End of table]

Department Lacks Fundamental Capabilities for IT Project Oversight:

According to the ITIM framework, effective project oversight requires, 
among other things, (1) having written policies and procedures for 
project management; (2) developing and maintaining an approved 
management plan for each IT project; (3) having written policies and 
procedures for oversight of IT projects; (4) making up-to-date cost and 
schedule data for each project available to the oversight boards; 
(5) reviewing each project's performance by regularly comparing actual 
cost and schedule data to expectations; (6) ensuring that corrective 
actions for each under-performing project are documented, agreed to, 
implemented, and tracked until the desired outcome is achieved; and 
(7) using information from the IT projects and systems inventory. (The 
complete list of key practices is provided in table 5.) For all IT 
projects, performance reviews should be conducted at least at each 
major life cycle milestone. In an organization such as Interior, it is 
essential that the department provide leadership and oversight of IT 
project management even though the day-to-day management of IT 
investments may be handled by bureau-level staff and the National 
Business Center.

The department is executing 1 of the 11 key practices in this critical 
process by operating department-level IT investment boards. However, 
the other 10 key practices are not being executed, such as those 
requiring the development of written policies and procedures for 
project management or management oversight of IT projects. Moreover, 
the department currently has no consistent way of knowing the extent to 
which project management plans are being developed, approved, 
maintained, and reviewed. As a result, the department has no mechanisms 
for ensuring that up-to-date information on actual costs and schedule 
are being provided to the IT investment boards. Finally, Interior lacks 
an IT projects and systems inventory to capture performance information 
that can be used by its boards in the investment decision process.

According to Interior officials, the department is not executing many 
of the key practices for Stage 2 IT project oversight because it 
currently relies on the bureaus to perform these management functions. 
However, since the department has not developed policies and procedures 
for the bureaus to follow in conducting IT project oversight, Interior 
is running the risk that under performing projects will not be reported 
to the appropriate IT investment board. In the absence of effective 
board oversight, Interior executives do not have adequate assurance 
that projects are being developed on schedule and within budget.

Table 5 summarizes our ratings for each key practice and the evidence 
that supports the ratings.

Table 5: IT Project Oversight:

Type of practice: Organizational commitments; 

Key practice: 1. The 
organization has written policies and procedures for IT project 
management; Rating: Not executed; Summary of evidence: The department 
has not developed any written policies and procedures for IT project 
management.

Key practice: 2. The organization has written policies and procedures 
for management oversight of IT projects; Rating: Not executed; Summary 
of evidence: The department has not developed any written policies and 
procedures for management oversight of IT projects.

Type of practice: Prerequisites; 

Key practice: 1. Adequate resources 
are provided to assist the board(s) in overseeing IT projects; Rating: 
Not executed; Summary of evidence: The department indicated in its 
self-assessment that this key practice had not been executed.

Key practice: 2. Each IT project has and maintains an approved project 
management plan that includes cost and schedule controls; Rating: Not 
executed; Summary of evidence: The department does not have any 
guidance or requirements for developing, approving, or maintaining IT 
project plans to ensure that these exist and that they include cost and 
schedule controls. The department also lacks a reporting mechanism to 
determine which existing IT projects may now have such a plan.

Key practice: 3. An IT investment board is operating; Rating: 
Executed; Summary of evidence: The department's IT Management Council, 
Management Initiatives Team, and Management Excellence Council began 
operating in support of the new CPIC processes in July 2002 and 
reviewing Exhibit 300 reports for IT investments during the fiscal year 
2004 budget formulation process.

Key practice: 4. Information from the IT project and system inventory 
is used by the IT investment board as applicable; Rating: Not 
executed; Summary of evidence: The department does not have an IT 
project and system inventory.

Type of practice: Activities; 

Key practice: 1. Each project's up-to-
date cost and schedule data are provided to the appropriate IT 
investment board; Rating: Not executed; Summary of evidence: Up-to-
date cost and schedule data for all IT investments had not been 
provided to the department's boards at the time of our review. The 
boards did, however, receive information on major investments shown in 
the Exhibit 300 reports that are prepared annually for OMB.

Key practice: 2. Using established criteria, the IT investment board 
oversees each IT project's performance regularly by comparing actual 
cost and schedule data to expectations; Rating: Not executed; Summary 
of evidence: At the time of our review, Interior's IT investment boards 
did not oversee the performance of all IT projects because information 
on actual cost and schedule for some investments was not available for 
review.

Key practice: 3. The IT investment board performs special reviews of 
projects that have not met predetermined performance standards; 
Rating: Not executed; Summary of evidence: At the time of our review, 
Interior's department-level IT investment boards had not performed 
special reviews of any IT projects.

Key practice: 4. Appropriate corrective actions for each under-
performing project are defined, documented, and agreed to by the IT 
investment board and the project manager; Rating: Not executed; 
Summary of evidence: Since the department level boards had not 
conducted reviews of IT project performance, corrective actions had not 
been defined.

Key practice: 5. Corrective actions are implemented and tracked until 
the desired outcome is achieved; Rating: Not executed; Summary of 
evidence: Corrective actions for underperforming IT projects had not 
been defined by department-level IT investment boards at the time of 
our review.

Source: GAO.

[End of table]

Department Is Not Able to Clearly Link IT Investments to Business 
Needs:

Defining business needs for each project helps to ensure that projects 
support the organization's mission goals and meet users' needs. This 
critical process creates the link between the organization's business 
objectives and its IT management strategy. According to our ITIM 
framework, effectively identifying business needs requires, among other 
things, (1) defining the organization's business needs or stated 
mission goals, (2) identifying users for each project who will 
participate in the project's development and implementation, 
(3) training IT staff adequately in identifying business needs, and 
(4) defining business needs for each project. (The complete list of key 
practices is provided in table 6.):

The department is responsible for providing leadership and oversight 
for the identification and documentation of business needs for IT 
investments by issuing written guidance for this critical process and 
executing the associated key practices. However, given that knowledge 
of the actual business needs of Interior's departmental offices and 
programs resides in the sponsors of IT investments, much of the work of 
identifying business processes must necessarily be performed at those 
levels of the organization.

The department is executing two of the eight key practices for this 
critical process by defining mission goals in strategic planning 
documents and by ensuring that appropriately trained individuals 
identify the needs for its IT projects. However, the department is not 
executing the remaining key practices, such as those that involve 
ensuring that adequate resources are being provided and identifying all 
of its IT projects and systems in an inventory. As a result, the 
department could not identify specific users and business needs for all 
of Interior's IT investments at the time of our review.

In April 2003, the department provided training in linking projects to 
Interior's IT strategic plan, but written policies and procedures for 
business needs identification have not been formalized. Also, the 
Exhibit 300 reports on IT investments that the department produces for 
OMB in support of the President's budget--and which it identifies as 
the mechanism for capturing business needs--are not required for 
nonmajor IT investments. Because nonmajor projects comprised 
approximately 67 percent of Interior's projects and 45 percent of its 
total IT expenditures in fiscal year 2003, business needs were not 
captured for many of Interior's projects. The department was also 
unable to demonstrate that identified users participated in project 
management throughout a project's life cycle.

Office of Chief Information Officer (OCIO) officials explained that the 
department has not provided oversight of the process of identifying 
business needs, because it has historically relied on its IT investment 
sponsors to determine the business needs of the investments. However, 
until the department provides adequate leadership and oversight for 
this critical process that is well established and understood 
throughout the agency, executives cannot be adequately assured that 
sponsors of IT investments are consistently and objectively identifying 
user needs and linking investment proposals to the agency's strategic 
goals.

Table 6 summarizes our ratings for each key practice and the evidence 
that supports the ratings.

Table 6: Business Needs Identification:

Type of practice: Organizational commitment; 

Key practice: 1. The 
organization has written policies and procedures for identifying the 
business needs (and the associated users) of each IT project; Rating: 
Not executed; Summary of evidence: Written policies and procedures for 
identifying business needs have not been formally approved, although 
training has been initiated which includes identifying business needs 
for major projects, to familiarize individuals with the preparation of 
OMB Exhibit 300s.

Type of practice: Prerequisites; 

Key practice: 1. Adequate resources 
are provided for identifying business needs and associated users; 
Rating: Not executed; Summary of evidence: The department indicated in 
its self-assessment that this key practice had not been executed.

Key practice: 2. The organization has defined business needs or stated 
mission goals; Rating: Executed; Summary of evidence: The department 
issued a Strategic Plan for FY 2000-2005 and a draft Strategic Plan for 
FY 2003-2008. Both of these documents contain information on Interior's 
stated mission goals and business needs.

Key practice: 3. IT staff are trained in business needs 
identification; Rating: Executed; Summary of evidence: Since 
individuals responsible for identifying business needs and preparing 
Exhibit 300 reports work in departmental and bureau offices that 
sponsor IT investments, their work experience gives them sufficient 
knowledge regarding the business needs of those units. In addition, the 
department has provided supplemental training in business needs 
identification for major projects.

Key practice: 4. IT projects and systems are identified in the IT 
project and system inventory; Rating: Not executed; Summary of 
evidence: The department indicated in its self-assessment that this key 
practice had not been executed. The department does not have an IT 
project and system inventory.

Type of practice: Activities; 

Key practice: 1. The business needs for 
each IT project are clearly identified and defined; Rating: Not 
executed; Summary of evidence: Business needs are identified for major 
projects in Exhibit 300 reports that are prepared annually for OMB. 
However, these reports are not prepared for nonmajor IT investments.

Key practice: 2. Specific users are identified for each IT project; 
Rating: Not executed; Summary of evidence: Exhibit 300 reports include 
a section for identifying users of IT systems. However, these are not 
prepared for nonmajor IT investments.

Key practice: 3. Identified users 
participate in project management throughout a project's life cycle; 
Rating: Type of practiceRating: Not executed; Summary of evidence: Type 
of practiceSummary of evidence: The department indicated in its self-
assessment that this key practice had not been executed. In addition, 
the department lacks written policies and procedures for IT project 
management that could help ensure that users participate in project 
management throughout a project's life cycle.

Source: GAO.

[End of table]

Selection Process Is Established, but Boards Lack Implementation 
Experience:

Selecting new IT proposals requires an established and structured 
process to ensure informed decision making and management 
accountability. According to our ITIM framework, this critical process 
requires, among other things, (1) making funding decisions for new IT 
proposals according to an established process, (2) providing adequate 
resources for proposal selection activities, (3) using an established 
proposal selection process, (4) analyzing and ranking new IT proposals 
according to established selection criteria--including cost and 
schedule criteria--and (5) designating an official to manage the 
proposal selection process. While initial selection decisions may be 
made at the bureau level, the department should have in place clear, 
established criteria for selection and guidance regarding the structure 
and content of IT proposals. (The complete list of key practices is 
provided in table 7.):

The department is executing two of the six key practices for this 
critical process by identifying the IT Management Council cochairs as 
the responsible authorities for the proposal selection process and by 
using the CPIC Guide's funding process to make decisions on IT 
proposals. These achievements notwithstanding, the department has yet 
to implement most key practices--such as using established criteria to 
analyze each investment and prioritizing these investments accordingly. 
The CPIC Guide does contain requirements that address several of the 
objectives of the critical process for proposal selection, such as 
establishing a consistent approach to assessing the costs and benefits 
of proposed investments and developing clear performance expectations 
with quantifiable performance measures. If implemented, the CPIC Guide 
would satisfy many of the requirements of the key practices in this 
critical process.

Until now, the department has focused on other aspects of its IT 
investment management process, such as the review of OMB Exhibit 300s 
for each major project, without using the selection criteria that are 
defined in the CPIC Guide. Moreover, while fundamental processes for 
proposal selection are described in the CPIC Guide, these had not been 
fully implemented at the time of our review. In the meantime, 
Interior's bureaus have retained responsibility for selecting IT 
investments--without benefit of departmental review. Until the 
department implements the key practices described in the ITIM 
framework, and they are well established and understood throughout the 
agency, Interior cannot be adequately assured that it is consistently 
and objectively developing and selecting proposals that best meet the 
needs and priorities of the agency.

Table 7 summarizes our ratings for the proposal selection critical 
process.

Table 7: Proposal Selection:

Type of practice: Organizational commitments; 

Key practice: 1. 
Executives and managers follow an established selection process; 
Rating: Not executed; Summary of evidence: The department's CPIC Guide 
established a selection process for IT investments. However, because 
the department only began implementing this process in 2002, to 
formulate its request for fiscal year 2004 funding, executives and 
managers have not yet fully implemented the selection process.

Key practice: 2. An official is designated to manage the proposal 
selection process; Rating: Executed; Summary of evidence: The 
department's self-assessment states that the cochairs of the IT 
Management Council review board are designated as the responsible 
officials for the proposal selection process.

Type of practice: Prerequisite; 

Key practice: 1. Adequate resources are 
provided for proposal selection activities; Rating: Not executed; 
Summary of evidence: The department indicated in its self-assessment 
that this key practice had not been executed.

Type of practice: Activities; 

Key practice: 1. The organization uses a 
structured process to develop new IT proposals; Rating: Not executed; 
Summary of evidence: The department's CPIC Guide established a 
structured process for developing IT proposals. However, the department 
had not implemented this process at the time of our review.

Key practice: 2. Executives analyze and prioritize new IT proposals 
according to established selection criteria; Rating: Not executed; 
Summary of evidence: The department's CPIC Guide established criteria 
for prioritizing IT proposals. However, the department had not used 
these criteria to prioritize new IT proposals at the time of our 
review.

Key practice: 3. Executives make funding decisions for new IT proposals 
according to an established process; Rating: Executed; Summary of 
evidence: The department's CPIC Guide established a process for making 
funding decisions for IT proposals, which the department used in its 
2004 budget formulation process.

Source: GAO.

[End of table]

Department Is Not Managing Interior IT Investments as a Portfolio:

An IT investment portfolio is an integrated, agencywide collection of 
investments that are assessed and managed collectively based on common 
criteria. Managing investments within the context of such a portfolio 
is a conscious, continuous, and proactive approach to expending limited 
resources on an organization's competing initiatives in light of the 
relative benefits expected from these investments. Taking an agencywide 
perspective enables an organization to consider its investments 
comprehensively, so that collectively the investments optimally address 
the organization's missions, strategic goals, and objectives. Managing 
IT investments with a portfolio approach also allows an organization to 
determine priorities and make decisions about which projects to fund 
based on analyses of the relative organizational value and risks of all 
projects, including projects that are proposed, under development, and 
in operation.

According to the ITIM framework, Stage 3 maturity includes (1) defining 
portfolio selection criteria, (2) engaging in project-level investment 
analysis, (3) developing a complete portfolio based on the investment 
analysis, (4) maintaining oversight over the investment performance of 
the portfolio, and (5) aligning the authority of the IT investment 
boards.

Table 8 summarizes the purposes of each of the critical processes in 
Stage 3.

Table 8: Stage 3 Critical Processes--Developing a Complete Investment 
Portfolio:

Critical process: Authority alignment of IT investment boards; 
Description: To ensure that IT investments are selected and managed by 
the appropriate investment board.

Critical process: Portfolio selection criteria definition; 
Description: To ensure that the organization develops and maintains IT 
portfolio selection criteria that support its mission, organizational 
strategies, and business priorities.

Critical process: Investment analysis; Description: To ensure that all 
IT investments are consistently analyzed and prioritized according to 
the organization's portfolio selection criteria.

Critical process: Portfolio development; Description: To ensure that an 
optimal IT investment portfolio with manageable risks and returns is 
selected and funded.

Critical process: Portfolio performance oversight; Description: To 
ensure that each IT investment portfolio achieves its cost, benefit, 
schedule, and risk expectations.

Source: GAO.

[End of table]

The department provided evidence that it is executing 2 of the 38 key 
practices for Stage 3 by establishing and maintaining in its CPIC Guide 
written policies and procedures and associated criteria for aligning 
the decision-making authority of its IT investment review boards. In 
its self-assessment, Interior did not claim to be fully executing any 
other Stage 3 key practices.

At the time of our review, the department's efforts to implement ITIM 
were in the initial stages, since the CPIC Guide had been issued in 
December 2002. Moreover, OCIO efforts at IT management reform had to 
compete for resources with other ongoing priorities. Until now, 
Interior has focused its improvement activities in the preselect and 
select phases described by its CPIC Guide. Until the department fully 
implements the foundational critical processes in Stage 2 and then the 
critical processes for portfolio management in Stage 3, it will lack 
the capability to consider Interior's investments in a comprehensive 
manner and determine whether it has the mix of IT investments that best 
meet the agency's mission needs and priorities.

Table 9 summarizes the status of the department's Stage 3 critical 
processes, showing how many associated key practices the agency has 
executed.

Table 9: Status of Stage 3 Critical Processes:

Critical process: Authority alignment of IT investment boards; Key 
practices executed: 2; Total required by critical process: 7; 
Percentage of key practices executed: 29.

Critical process: Portfolio selection criteria definition; Key 
practices executed: 0; Total required by critical process: 6; 
Percentage of key practices executed: 0.

Critical process: Investment analysis; Key practices executed: 0; Total 
required by critical process: 7; Percentage of key practices executed: 
0.

Critical process: Portfolio development; Key practices executed: 0; 
Total required by critical process: 9; Percentage of key practices 
executed: 0.

Critical process: Portfolio performance oversight; Key practices 
executed: 0; Total required by critical process: 9; Percentage of key 
practices executed: 0.

Critical process: Cumulative; Key practices executed: 2; Total required 
by critical process: 38; Percentage of key practices executed: 5.

Source: GAO.

[End of table]

Department Has Limited Ability to Oversee IT Investments in the 
Bureaus:

The ability of a department-level CIO to effectively oversee IT 
investment management processes throughout the agency depends on the 
existence of appropriate management structures with adequate 
authorities and sufficient guidance. To its credit, Interior has taken 
several crucial initial steps to make this possible; it conducted a 
study of existing organizational structures, issued a secretarial order 
providing broad authorities to its CIOs, and issued a capital planning 
and investment control guide that provided a conceptual framework for 
improvements to the IT investment management process. However, 
Interior's CIO has taken limited action to ensure that the secretarial 
order was implemented and that other required improvements to the 
process were made. The department had envisioned a certification 
process through which it would hold bureaus accountable for improving 
their investment management capabilities, but it has yet to implement 
this concept. Until sound management structures and a certification 
process are in place, the department's ability to oversee the bureaus' 
practices for investment management will be limited.

Department and Bureau CIOs Are Not Positioned to Provide Leadership for 
IT Investment Processes:

Under the Clinger-Cohen Act of 1996, the CIO of each agency is 
responsible for effectively managing all of the agency's IT 
resources.[Footnote 15] To comply with the act, Interior's CIO is 
responsible for ensuring that the bureaus are implementing effective 
investment management processes that are appropriately aligned with the 
department's processes. Our report on Maximizing the Success of Chief 
Information Officers[Footnote 16] describes the principles of 
successful CIO management in leading organizations. In such 
organizations, the CIO has been positioned for success, having been 
assigned clearly defined roles, responsibilities, and 
accountabilities. Because Interior has multiple levels of IT investment 
management authority, it is especially critical that the roles, 
responsibilities, and accountabilities of all the CIOs be clearly 
defined.

In 2002, Interior contracted with Science Applications International 
Corporation (SAIC) to study the department and bureau CIO organizations 
and determine whether it was in compliance with the requirements of the 
Clinger-Cohen Act. SAIC concluded that, in the current environment, 
Interior's CIO did not have adequate power--or the leverage of a formal 
structure with clear lines of authority and control of resources--to 
carry out its responsibilities under the act. The study pointed to a 
general lack of authority and resource control at the bureau level as 
well, which further inhibited the CIO's ability to function. According 
to SAIC, in most of the bureaus, the CIOs lacked the authority to 
effect change among their subordinate IT staff and decision areas 
because they cannot allocate or withdraw funds and do not control 
hiring, training, or performance appraisals. On the basis of these 
findings, SAIC recommended that Interior establish formal lines of 
authority from the department's CIO to the bureau CIOs and to IT staff 
at lower levels.

On the basis of the SAIC study, and because of its desire to comply 
with the Clinger-Cohen Act, Interior issued Secretarial Order 
3244,[Footnote 17] which acknowledged that authority and control over 
management of IT resources had not been fully established or 
coordinated in the department, resulting in significant variability 
among bureaus and offices in implementing IT functions and setting 
funding priorities. To rectify this situation, the order provides broad 
authorities to all of Interior's CIOs. Among other things, the order 
requires all bureaus[Footnote 18]to standardize their IT functional 
areas to achieve continuity of responsibility and accountability 
throughout the department. Specifically, the order calls for 
establishing a function described as technology management, which 
encompasses IT investment management.[Footnote 19]

The order assigns approval authority and management responsibility for 
all IT assets to bureau CIOs. On the basis of the order, every Interior 
organization with 5,000 or more employees must have a separate CIO 
position at the Senior Executive Service level. The individual in this 
position must be a fully participating member of the executive 
leadership/management teams and must report to the Deputy Director or 
Director of the bureau. For any office that reports directly to the 
Secretary or the Deputy Secretary of the Interior, the department's CIO 
will serve as the CIO if those offices have not designated one. 
Consistent with the Clinger-Cohen Act, the order states that the 
department's CIO is responsible for approving all IT expenditures.

Interior's CIO issued specific direction to the bureaus in November 
2002 and in January 2003, indicating how to implement Secretarial Order 
3244 and establishing a process for monthly status reporting, which was 
to begin on January 31, 2003. However, at the time of our review, only 
two bureaus had provided the required monthly status reports, and none 
of the bureaus had fully implemented the order. This lack of 
responsiveness is consistent with concerns described in the SAIC report 
that Interior's CIO currently lacks adequate support from bureau CIOs 
to ensure that departmental efforts at improving IT investment 
management will be effectively implemented.

Department Does Not Follow Through with Certification of the Bureaus' 
IT Investment Management Processes:

According to the Clinger-Cohen Act and Interior's own CPIC Guide, the 
department should take steps to ensure that Interior's bureaus 
implement effective capital planning and investment control processes. 
To execute this responsibility according to project management best 
practices, the department should clearly define its expectations for 
these processes and then hold the bureaus accountable to the standards 
it has established.

At the time of our review, the department had specified initial 
expectations for the bureaus' processes. On January 15, 2003, the 
department CIO issued a memorandum that called for the bureaus to 
immediately begin implementing more formal IT processes, using the CPIC 
Guide. The department held training sessions in which bureaus were 
informed that the Exhibit 300s they provide to the department for 
review as part of the annual budget formulation process must first be 
reviewed by their own IT investment review boards. The department 
emphasized during these sessions that the bureaus should work on making 
their Exhibit 53 reports on IT investments more complete and reliable. 
Although the Exhibit 53 reports do not include adequate information for 
IT investment management purposes--according to the ITIM framework--
improving the reports will bring Interior one step closer to 
identifying and tracking IT projects and systems. This is a critical 
aspect of the investment management process that will provide better 
visibility of all IT projects to the department.

Despite this initial instruction on its expectations, the department 
has yet to fully implement a certification process through which it can 
hold bureaus accountable for their IT investment management processes. 
With the issuance of its CPIC Guide in December 2002, the department 
began to define some criteria for certification of these processes. The 
guide states that, at a minimum, a bureau's investment review board 
must maintain a documented description or charter outlining the 
bureau's CPIC process and the roles and responsibilities of the board, 
the bureau offices, and any other entities that are involved in CPIC. 
In addition, the guide outlines other departmental expectations--such 
as six steps that need to be accomplished in the short term, along with 
establishing a bureau-level investment review board--but it does not 
explicitly state whether these are required for certification. During 
our interviews with staff from Interior's IT Portfolio Management 
Division, officials confirmed that the certification process is still 
only a concept at Interior and that it has not been well defined. More 
specifically, the department has not established a date for the 
certification to begin or specified what corrective action will be 
taken if a bureau fails to be certified. Implementation of an effective 
certification process will provide the department with a mechanism for 
ensuring that the bureaus are operating in a manner that is consistent 
with the policies and procedures it establishes for ITIM key practices.

Departmental officials confirmed that at the time of our review, OCIO 
efforts were concentrated on providing training for the preparation of 
bureau Exhibit 300 reports, discussed above, rather than on 
implementing the CPIC Guide's provisions for a certification process. 
Until the department focuses resources on defining and enforcing 
standards for certifying bureau processes, the risk is high that 
bureaus may implement IT investment management processes that do not 
sufficiently support the departmental investment management process. 
Only by institutionalizing effective processes at both the department 
and the bureau levels can Interior ensure that it is optimizing its 
investments in IT and effectively assessing and managing the risks of 
these investments.

Department's Efforts to Improve Investment Management Processes and 
Oversight Are Fragmented and Inadequate:

Achieving successful reform of IT management requires an organization 
to develop a complete and well-prioritized plan for systematically 
correcting weaknesses in its existing capabilities. To properly focus 
and target this plan, an organization should first fully identify and 
assess current strengths and weaknesses (i.e., create an investment 
management capability baseline). As we have previously 
reported,[Footnote 20] this plan should, at a minimum, (1) specify 
measurable goals, objectives, milestones, and needed resources and (2) 
clearly assign responsibility and accountability for accomplishing 
well-defined tasks. The plan should also be documented and approved by 
agency leadership. In implementing such a plan, it is important that 
the organization measure and report progress against planned 
commitments and take appropriate corrective action to address 
deviations.

In order to develop a focus for its reform efforts, Interior has made 
several attempts to document existing conditions and identify 
weaknesses in its organization. Between 2001 and 2003, OCIO hired three 
different contractors to perform studies of existing IT projects and 
systems, organizational reporting relationships and functions, and IT 
investment management practices. The META Group performed the first 
study, after which the SAIC study, described earlier, was completed to 
assess the earlier results. G&B Solutions was then contracted to 
further elaborate and validate the earlier work, focusing on technical 
solutions and CIO authorities. In a separate effort in 2002, the 
department directed the bureaus to rate themselves in a number of areas 
that correspond to areas evaluated by OMB in the budget process. 
Further, on January 15, 2003, OCIO issued a memorandum that required 
bureaus to submit descriptions of their capital planning and investment 
control processes and IT investment board charters and to perform self-
assessments of their IT investment management capabilities. However, 
the effectiveness of this particular effort was limited because no 
specific instructions were given on how to perform the self-
assessments; this will lead to difficulties in comparing results across 
bureaus.

The Department of the Interior has indicated that it intends to create 
a comprehensive reform plan with target goals and measurement criteria, 
but this plan has not been fully developed. In November 2002, the 
department created a Program Management Office to implement IT 
management reforms by pulling together various improvement efforts and 
prioritizing them. However, as of July 2003, the Program Management 
Office did not have a formal charter or a budget, and its manager did 
not have a clearly defined role. In addition, this individual's 
attention was being diverted away from issues of IT investment 
management to address other concerns, such as Interior's court-ordered 
efforts to resolve issues with the Indian Trust Fund and related 
information security problems.

The lack of clear accountability and responsibility for improvement 
efforts that an office such as this would have provided has resulted in 
initiatives that are not well integrated and do not support a unified 
plan. For example, no steps have been taken to integrate the 
requirements of Secretarial Order 3244 for CIO organizations with the 
bureau certification process established in the CPIC Guide. In 
addition, the multiple efforts to develop an understanding of current 
conditions and identify weaknesses in the existing organization, 
described above, have not yielded a coherent view, despite the 
expenditure of considerable resources.

Without committing to a plan that allows it to systematically 
prioritize, sequence, and evaluate improvement efforts, Interior 
jeopardizes its ability to establish mature investment processes, which 
include selection and control capabilities that would result in greater 
certainty about the outcomes of future IT investments.

Conclusions:

The Department of the Interior lacks most of the fundamental IT 
investment management practices necessary to effectively and 
efficiently manage its IT resources. Only by effectively and 
efficiently managing these resources can the department gain 
opportunities to further leverage its IT investments and make better 
allocation decisions among many investment alternatives. Recent moves 
by senior executives to define an IT investment management approach--
and to align the IT investment decision review process with the CIOs at 
both the department and bureau levels--demonstrate Interior's 
realization that reform is necessary. Nonetheless, the department still 
finds itself without many of the capabilities it needs to ensure that 
Interior's mix of IT investments best meets the agency's mission and 
business priorities.

Interior's ability to guide and oversee investment practices throughout 
the agency is limited by its lack of mature investment management 
processes. The department has recognized that it needs to oversee 
bureau activities, and it has begun to establish the authority of 
bureau CIOs to manage IT investments and to implement certification of 
standard investment processes in the bureaus. However, until the 
department is able to ensure mature investment management capabilities 
at all levels, its ability to wisely select and effectively manage IT 
investments will be limited.

Interior's success in resolving the weaknesses described in this report 
will depend on the department's ability to plan and execute the 
implementation of robust investment management and related practices 
throughout the agency. However, the department's efforts have suffered 
from a lack of unified planning, clear implementation guidance, 
supporting resources, and follow-up on requirements that have been 
established by the CIO. Until the department develops a comprehensive 
plan, supported by top management, that delineates performance 
expectations for process improvements, Interior's prospects will remain 
limited for successfully developing the management capabilities that 
are necessary to make prudent decisions that maximize the benefits and 
minimize the risks of its IT investments.

Recommendations:

To strengthen Interior's capabilities for IT investment management and 
address the weaknesses discussed in this report, we recommend that the 
Secretary of the Interior direct Interior's CIO to do the following:

* Develop a unified, comprehensive plan for implementing departmentwide 
improvements to the IT investment management process that are based on 
the Stage 2 and Stage 3 critical processes of our ITIM framework.

* Ensure that the plan focuses first on the weaknesses that this report 
identifies in the Stage 2 critical processes, before addressing those 
associated with higher stages of ITIM maturity, because Stage 2 
processes collectively provide the foundation for building a mature IT 
investment management process. Specifically:

* Establish a timetable for the IT Management Council, Management 
Initiatives Team, and Management Excellence Council to begin operating 
according to the guidance described in the CPIC Guide.

* Develop and issue policies and procedures to guide the IT project 
oversight as described by our ITIM framework, including the review of 
actual performance information against expected performance by the 
investment boards and the implementation of corrective actions when 
performance falls below acceptable levels. Implement these policies and 
procedures to accomplish the purpose of project oversight.

* Develop and issue policies and procedures to guide the project and 
system identification processes as described by the ITIM framework, 
including the specification of information required by the investment 
management process, the sources of such information, and the methods 
for collecting and retaining this information. Implement these policies 
and procedures to accomplish the purpose of IT project and system 
identification.

* Develop and issue policies and procedures to guide the identification 
of business needs as described by the ITIM framework, including the 
identification of business needs for all projects and the inclusion of 
users in project management throughout a project's life cycle. 
Implement these policies and procedures to accomplish the purpose of 
identifying business needs.

* Establish a timetable for implementing IT proposal selection as 
described by Interior's CPIC Guide.

* Ensure that the plan next focuses on Stage 3 critical processes, 
which are necessary for portfolio management, because, along with the 
Stage 2 foundational processes, these processes are necessary for 
effective management of IT investments.

* To further strengthen the department's ability to oversee bureau 
investment management processes so that it may ensure that investment 
management is effectively carried out throughout the organization, the 
plan should also:

* establish a timetable and specific implementation milestones for 
Secretarial Order 3244, and:

* describe acceptable criteria for certification of bureau CPIC 
processes and establish a time frame for the certification of these 
processes at all bureaus.

* Ensure that the plan establishes a baseline of the agency's 
capabilities, specifies measurable goals and time frames, and 
establishes review milestones.

* Establish a well-defined management structure for directing and 
controlling the unified plan with clear authority and responsibility.

* Ensure that the Management Excellence Council, which holds 
responsibility for department management reform activities, approves 
the plan.

* Implement the approved plan and report on progress made against the 
plan's goals and time frames to the Secretary of the Interior every 6 
months.

Agency Comments and Our Evaluation:

The Department of the Interior's Assistant Secretary for Policy, 
Management and Budget provided written comments on a draft of this 
report (reprinted in appendix II). In these comments, the Department of 
the Interior concurred with our recommendations and identified actions 
that it plans to take to improve IT investment management processes 
throughout the department. Specifically, it intends to leverage lessons 
learned in BLM's implementation of the ITIM framework to accelerate the 
maturing of department practices. It also intends to develop and 
implement a comprehensive plan, approved by the Management Excellence 
Council, to address specific weaknesses that we identified in its 
foundational investment management practices and to move to full 
implementation of Secretarial Order 3244.

In response to the department's comments, we removed all descriptions 
of national critical infrastructure or Trust. In its comments the 
department also provided us with additional information that reflects 
the ongoing progress it is making in implementing more mature 
investment management practices. As we have described in this report, 
Interior's progress has been evident and is ongoing. In particular, the 
establishment of the ITMC and the release of the CPIC Guide have 
provided an organizational point of focus and a set of procedures to 
guide IT investment management. This has enabled the department to 
begin to implement new practices with a departmentwide scope. The 
information the department provided to us in its comments on the 
completed evaluation reflects the continuing implementation of plans 
described in this report. We strongly support this ongoing progress, 
and we will reflect the successful execution of key practices in 
following up on our recommendations.

:

We are sending copies of this report to interested committees of 
Congress, to the Secretary of the Department of the Interior, and to 
the Chief Information Officer of the Department of the Interior. Copies 
will be made available to others upon request. In addition, the report 
will be made available at no charge on the GAO Web site at [Hyperlink, 
http://www.gao.gov.] http://www.gao.gov.

If you have any questions regarding this report, please contact me at 
202-512-6240 or at [Hyperlink, koontzl@gao.gov]. Additional GAO contact and staff 
acknowledgments are listed in appendix III. 

Linda D. Koontz 
Director, 
Information Management Issues:

Signed by Linda D. Koontz: 

[End of section]

Appendixes: 

Appendix I: Bureau Missions, Functions, and IT Investments:

Dollars in millions.

Bureau of Indian Affairs (BIA); Mission: To 
fulfill BIA's trust responsibilities and promote self-determination on 
behalf of Tribal Governments, American Indians, and Alaska Natives; 
IT Investments FY 2003[A]: $32.6; Budget authority FY 2003[B]: 
$2,252.0; FTEs FY 2003 estimate: 9,667; Description: BIA 
provides federal services to approximately 1.4 million American Indians 
and Alaska Natives who are members of 562 federally recognized tribes 
in the 48 contiguous United States and in Alaska. The bureau 
administers 43,450,267 acres of tribally owned land, 11,000,000 acres 
of individually owned land, and 443,000 acres of federally owned land 
held in trust status. The bureau's mission is to promote and support 
tribes on their future path through self-determination and to reduce 
administration by the bureau in nontrust areas.

Bureau of Land Management (BLM); Mission: To 
sustain the health, diversity, and productivity of the public lands for 
the use and enjoyment of present and future generations; IT Investments 
FY 2003[A]: $88.2; Budget authority FY 2003[B]: $1,660.0; FTEs FY 
2003 estimate: 10,739; Description: BLM administers 
over 264 million surface acres of public land, about one-eighth of the 
land in the U.S., and approximately 700 million acres of federal 
subsurface mineral estate. Most of these lands are in the West and 
Alaska, and they are dominated by extensive grasslands, forests, high 
mountains, arctic tundra, and deserts. BLM is responsible for the 
management and use of a variety of resources on these lands, including 
energy and minerals, timber, forage, wild horse and burro populations, 
fish and wildlife habitat, recreation sites, wilderness areas, and 
archeological and historical sites. BLM balances the goals of providing 
opportunities for environmentally responsible recreation and 
commercial activities; preserving natural and cultural heritage 
resources; reducing threats to public health, safety, and property; 
providing land, resource, and title information; providing economic and 
technical assistance to Indian tribes and island communities; 
understanding and planning for the condition and use of the public 
lands; and restoring at-risk resources and maintaining functioning 
systems.

U.S. Fish and Wildlife Service (USFWS); Mission: 
To work with others to conserve, protect, and enhance fish, wildlife, 
plants and their habitats for the continuing benefit of the American 
people; IT Investments FY 2003[A]: $3.5; Budget authority FY 2003[B]: 
$1,281.0; FTEs FY 2003 estimate: 8,928; 
Description: USFWS is the primary federal agency responsible for the 
protection, conservation, and renewal of fish, wildlife, plants, and 
their habitats. It manages migratory bird populations, restores 
interjurisdictional fisheries, conserves and restores wildlife 
habitat, administers the Endangered Species Act, and assists foreign 
governments with their conservation efforts. USFWS oversees the Federal 
Aid in Fish and Wildlife Restoration Programs, which distribute 
hundreds of millions of dollars earned from excise taxes on fishing and 
hunting equipment to state fish and wildlife agencies. USFWS is the 
steward for nearly 93 million acres of public lands, including 529 
refuges of the National Wildlife Refuge System, and it manages 67 
national fish hatcheries for the restoration of the nation's fishery 
resources. USFWS also works closely with partnership activities for 
assisting voluntary habitat development and fostering aquatic 
conservation for fish and wildlife habitat on nonfederal lands.

Minerals Management Service (MMS); Mission: To 
manage the mineral resources on the Outer Continental Shelf in an 
environmentally sound and safe manner and to timely collect, verify, 
and distribute mineral revenues from federal and Indian lands; IT 
Investments FY 2003[A]: $29.6; 
Budget authority FY 2003[B]: $170.0; FTEs FY 2003 
estimate: 1,747; Description: MMS manages the 
nation's natural gas, oil, and other mineral resources on the Outer 
Continental Shelf. The agency also collects, accounts for, and 
disburses more than $5 billion per year in revenues from federal 
offshore mineral leases and from onshore mineral leases on federal and 
Indian lands. MMS includes two major programs, Offshore Minerals 
Management and Minerals Revenue Management. Offshore Minerals 
Management manages the mineral resources on the Outer Continental Shelf 
and has three regions: Alaska, the Gulf of Mexico, and the Pacific. 
Minerals Revenue Management collects, accounts for, and distributes 
revenues associated with mineral production from leased federal and 
Indian lands.

National Park Service (NPS); Mission: To preserve 
unimpaired the natural and cultural resources and values of the 
national park system for the enjoyment, education, and inspiration of 
this and future generations. The Park Service cooperates with partners 
to extend the benefits of natural and cultural resource conservation 
and outdoor recreation throughout this country and the world; IT 
Investments FY 2003[A]: $36.3; 
Budget authority FY 2003[B]: $2,354.0; FTEs FY 
2003 estimate: 20,369; Description: NPS manages 
379 parks and various historic preservation, conservation and 
recreation programs, and hosts 287 million visitors annually. The 
National Park System encompasses approximately 83.6 million acres in 
over three hundred areas, of which more than 4.3 million acres remain 
in private ownership. There are three principal categories used in 
classification: natural areas, historical areas, and recreational 
areas. NPS's four goal categories are to preserve park resources; to 
provide for the public enjoyment and visitors' experience of parks; to 
strengthen and preserve natural and cultural resources and enhance 
recreational opportunities managed by partners; and to ensure 
organizational effectiveness in supporting NPS's mission.

Office of Surface Mining (OSM); Mission: To carry 
out the requirements of the Surface Mining Control and Reclamation Act 
in cooperation with states and tribes; IT 
Investments FY 2003[A]: $1.3; Budget authority FY 
2003[B]: $279.0; FTEs FY 2003 estimate: 630; 
Description: OSM is the lead federal agency for 
carrying out the mandates of the Surface Mining Control and Reclamation 
Act, whose goal is to protect society and the environment from the 
adverse effects of surface coal mining operations. OSM's mission goal 
of Environmental Restoration addresses mining that occurred prior to 
the passage of Surface Mining Control and Reclamation Act in 1977, 
while its goal of Environmental Protection addresses mining since 1977. 
Environmental Restoration is accomplished through the Abandoned Mine 
Land Program, whose main purpose is to restore a safe and clean 
environment. As part of this, the Appalachian Clean Streams Initiative 
supports local efforts to eliminate environmental and economic impacts 
of acid mine drainage from abandoned coal mines. Environmental 
Protection focuses on current coal mining and is accomplished with the 
Surface Mining Program, which oversees 4.4 million acres of surface 
coal mines in 26 states and on the lands of three Indian tribes. The 
principal means of delivering environmental protection is through 24 
primacy states that receive federal grant funding.

U.S. Bureau of Reclamation (USBR); Mission: To 
manage, develop, and protect water and related resources in an 
environmentally and economically sound manner in the interest of the 
American public; IT Investments FY 2003[A]: $9.8; 
Budget authority FY 2003[B]: $855.0; FTEs FY 2003 estimate: 5,628; 
Description: USBR has developed and manages a limited natural water 
supply in the 17 western states. USBR works to meet the increasing 
water demands while protecting the environment and the public's 
investment. USBR has 348 reservoirs with a total storage capacity of 
245 million acre-feet of water, 58 hydroelectric power plants, and over 
300 recreation sites. USBR is the nation's second largest producer of 
hydroelectric power in the western United States, generating more than 
40 billion kilowatt hours of energy annually. USBR is the nation's 
largest water wholesaler; its water usage includes irrigation for one 
out of every five western farmers (140,000)--about 10 million acres of 
irrigated land; 10 trillion gallons of municipal, rural, and industrial 
water for over 31 million people; habitat support for wildlife refuges, 
migratory waterfowl, fish, and threatened and endangered species; and 
irrigation projects and potable water supplies for Indian tribes. USBR 
provides flood control benefits and drought contingency planning and 
assistance, and it provides water-based recreation activities for about 
90 million visitors a year.

U.S. Geological Survey (USGS); Mission: The USGS 
serves the nation by providing reliable scientific information to 
describe and understand the Earth; minimize loss of life and property 
from natural disasters; manage water, biological, energy, and mineral 
resources; and enhance and protect our quality of life; IT Investments 
FY 2003[A]: $198.6; 
Budget authority FY 2003[B]: $867.0; FTEs FY 2003 
estimate: 9,397; Description: USGS is the nation's 
principal natural science and information agency. USGS conducts 
research, monitoring, and assessments to contribute to understanding 
the natural world--lands, water, and biological resources. USGS 
provides reliable, impartial information in the form of maps, data, and 
reports containing analyses and interpretations of water, energy, 
mineral and biological resources, land surfaces, marine environments, 
geologic structures, natural hazards, and dynamic processes of the 
Earth; this information is used to understand, respond to, and plan for 
changes in the environment. USGS describes, documents, and gains 
understanding of natural hazards and their risks through the study of 
earthquakes, volcanoes, landslides, geomagnetic field changes, floods, 
droughts, coastal erosion, tsunamis, wild land fire, and wildlife 
disease. Environmental and natural resources activities deal with 
physical, chemical, biological, and geological processes in nature and 
the impact of human actions on natural systems through studies 
including data collection, long-term assessments, ecosystems analysis, 
and the forecasting of future changes.

Total; IT Investments FY 2003[A]: $399.9; Budget authority 
FY 2003[B]: $9,718.0; FTEs FY 2003 estimate: 67,105.

Source: Department of the Interior (data), GAO (presentation).

[A] Department of the Interior's Exhibit 53, Agency IT Investment 
Portfolio for fiscal year 2003.

[B] Department of the Interior, Fiscal Year 2004: The Interior Budget 
in Brief.

[End of table]

[End of section]

Appendix II: Comments from the Department of the Interior:

THE ASSOCIATE DEPUTY SECRETARY OF THE INTERIOR WASHINGTON, D.C. 20240:

AUG 27 2003:

MEMORANDUM:

To: Managing Director:

Information and Technology Team:
From: Assistant Secretary:

Policy, Management and Budget:

Subject: Interior Response to the Draft General Accounting Office (GAO) 
Report - "Information Technology, Departmental Leadership Crucial to 
Success on Investment Reform at Interior" (GAO-03-1028).

Thank you for the opportunity to review the GAO draft report entitled, 
"Information Technology, Departmental Leadership Crucial to Success on 
Investment Reform at Interior" (GAO-03-1028). In the report, GAO 
acknowledges that Interior has taken decisive steps over the past year 
toward improving management of information technology (IT) resources. 
Noted accomplishments include implementation of a capital planning and 
investment control (CPIC) management process, the issuance of the CPIC 
guide, and establishment and operation of IT investment review boards 
at both the bureau and department levels. Other achievements include 
the issuance of a Secretarial Order to establish the authority of the 
bureau-level Chief Information Officers.

Within Interior, the Bureau of Land Management (BLM) aligned resources 
and authority to implement GAO recommendations, resulting in BLM 
reaching Stage 2 of the IT investment management (ITIM) framework in 3 
years. As reported in the GAO draft report entitled, "BLM, Plan Needed 
to Sustain Progress in Establishing IT Investment Management 
Capabilities" (GAO-03-1025), BLM established most of the Stage 2 Key 
Practices and initiated efforts to manage its investments as a 
portfolio. Using this proven methodology, the Department is leveraging 
the lessons from BLM implementation of the ITIM framework to progress 
more rapidly toward Stage 2.

In order to continue the strong progress Interior has made in the past 
year, the report recommends strengthening the oversight and resource 
allocation role of the Chief Information Officer, directing resources 
to implementation, and integrating ongoing and future ITIM improvement 
initiatives. This is to be accomplished through the development and 
implementation of a comprehensive plan, approved by the Management 
Excellence Council, covering specific weaknesses in Stage 2 of the ITIM 
framework, full implementation of the Secretarial Order, and progress 
toward Stage 3. The plan is to include baselines, performance measures 
and a defined management structure. Interior concurs with these 
recommendations.

In some areas the report does not sufficiently recognize progress 
Interior has made toward implementing the ITIM framework. The earlier 
self-assessment indicated that many key practices had not yet been 
fully executed. To the extent GAO based their assessment on the earlier 
incomplete information, Interior provides the attached supplemental 
information. The Department requests reconsideration of the ratings for 
the key practices addressed in the attachment. Interior is also 
continuing to provide information to the GAO ITIM self-assessment team, 
which would be valuable in documenting progress.

Interior requests deletion in the final report of any description of 
national critical infrastructure or Trust systems, as this could 
potentially cause security concerns.

Interior appreciates GAO's review of ITIM implementation to date, and 
the opportunity to provide comments and additional information. The 
combination of this report and the Department's self-assessments serve 
as a baseline to establish management processes to maximize the 
effectiveness of IT expenditures. Interior will use this report to 
baseline and incorporate metrics, time frames, and review milestones in 
its improvement plan. Finally, Interior will push forward in ensuring 
bureau compliance with the Capital Planning and Investment Control 
(CPIC) Guide, and the Secretarial Order.

For additional information please contact W. Hord Tipton at 202-208-
6194.

Attachment:

[End of section]

Appendix III: GAO Contact and Staff Acknowledgments:

GAO Contact : 

Lester Diamond, (202) 512-7957, [Hyperlink, diamondl@gao.gov] 
diamondl@gao.gov:

Acknowledgments:

In addition to the individual named above, William G. Barrick, Joanne 
Fiorino, Peggy A. Hegg, Alison Jacobs, Mary Beth McClanahan, and Nik 
Rapelje made key contributions to this report.

(310356):

FOOTNOTES

[1] U.S. General Accounting Office, Bureau of Land Management: Plan 
Needed to Sustain Progress in Establishing IT Investment Management 
Capabilities, GAO-03-1025 (Washington, D.C. Sept. 12, 2003).

[2] Interior uses the term "bureau" to refer to bureaus and offices 
and, in some instances, to its departmental offices.

[3] Major information technology investments include those with total 
life cycle costs greater than $35 million; financial systems with a 
life cycle cost greater than $500,000; multiple bureau and/or agency 
projects; investments mandated by legislation or executive order or 
identified by the Secretary as critical; those reported as major on 
Exhibit 53 reports submitted to OMB; those requiring a common 
infrastructure investment; department strategic-and mandatory-use 
systems; those that differ significantly from or affect department 
infrastructure, architecture, or standards and guidelines; high risk 
investments as determined by OMB, GAO, Congress and/or the CIO; 
investments that directly support the President's Management Agenda 
items of "high executive visibility;" and those that are related to 
electronic government or that use E-business technologies.

[4] U.S. General Accounting Office, Indian Trust Funds: Interior Lacks 
Assurance That Trust Improvement Plan Will Be Effective, GAO/AIMD-99-53 
(Washington, D.C. Apr. 28, 1999) and U.S. General Accounting Office, 
Indian Trust Funds: Challenges Facing Interior's Implementation of New 
Trust Asset and Accounting Management System, GAO/T-AIMD-99-238 
(Washington, D.C. July 14, 1999).

[5] U.S. General Accounting Office, Indian Trust Funds: Improvements 
Made in Acquisition of New Asset and Accounting System But Significant 
Risks Remain, GAO/AIMD-00-259 (Washington, D.C. Sept. 15, 2000).

[6] U.S. General Accounting Office, Land Management Systems: Progress 
and Risks in Developing BLM's Land and Mineral Record System, GAO/AIMD-
95-180 (Washington, D.C. Aug. 31, 1995); U.S. General Accounting 
Office, Land Management Systems: BLM Faces Risks in Completing the 
Automated Land and Mineral Records System, GAO/AIMD-97-42 (Washington, 
D.C. Mar. 19, 1997); U.S. General Accounting Office, Land Management 
Systems: Information on BLM's Automated Land and Mineral Record System 
Release 2 Project, GAO/AIMD-97-109R (Washington, D.C. June 6, 1997); 
U.S. General Accounting Office, Land Management Systems: Major Software 
Development Does Not Meet BLM's Business Needs, GAO/AIMD-99-135 
(Washington, D.C. Apr. 30, 1999); U.S. General Accounting Office, Land 
Management Systems: Status of BLM's Actions to Improve Information 
Technology Management, GAO/AIMD-00-67 (Washington, D.C. Feb. 24, 
2000); and U.S. General Accounting Office, Land Management Systems: 
BLM's Actions to Improve Information Technology Management, GAO-01-282 
(Washington, D.C. Feb. 27, 2001).

[7] U.S. Department of the Interior, Advisory Report, Developing the 
Department of the Interior's Information Technology Capital Investment 
Process: A Framework for Action, No. 2002-I-0038, August 2002.

[8] The Paperwork Reduction Act of 1995 requires each agency to define 
its information needs and develop strategies, systems, and capabilities 
to support programs and to improve productivity, efficiency, and 
effectiveness. The Clinger-Cohen Act requires agencies to link IT 
investments to agency accomplishments and establish a process to 
select, manage, and control IT investments.

[9] Office of Management and Budget, Analytical Perspectives Budget of 
the United States Government, Fiscal Year 2004. 

[10] U.S. General Accounting Office, Information Technology Investment 
Management: A Framework for Assessing and Improving Process Maturity 
(Exposure Draft), GAO/AIMD-10.1.23 (Washington, D.C. May 2000).

[11] U.S. General Accounting Office, United States Postal Service: 
Opportunities to Strengthen IT Investment Management Capabilities, GAO-
03-3 (Washington, D.C. Oct. 15, 2002) and U.S. General Accounting 
Office, Information Technology: Justice Plans to Improve Oversight of 
Agency Projects, GAO-03-135 (Washington, D.C. Nov. 22, 2002).

[12] U.S. General Accounting Office, Information Technology Investment 
Management: A Framework for Assessing and Improving Process Maturity 
(Exposure Draft), GAO/AIMD-10.1.23 (Washington, D.C. May 2000).

[13] U.S. Department of the Interior, "Follow-on Guidance on 
Implementation of Secretarial Order Requirements," Memorandum from W. 
Hord Tipton (Jan. 31, 2003) and U.S. Department of the Interior, 
"Capital Asset Investment Management Clarification," Memorandum from P. 
Lynn Scarlett (Mar. 13, 2003).

[14] For this critical process, we used a revised version of the IT 
Asset Inventory critical process included in the Exposure Draft of the 
ITIM framework. We discussed the revision with departmental officials 
at the start of this engagement, and they agreed to use it as the basis 
for our review of Interior's IT investment management capabilities.

[15] The fiscal year 1997 Omnibus Consolidated Appropriations Act, Pub. 
L. 104-208, renamed both Divisions D and E of the 1996 DOD 
Authorization Act, Pub. L. 104-106, the Clinger-Cohen Act of 1996.

[16] U.S. General Accounting Office, Maximizing the Success of Chief 
Information Officers: Learning From Leading Organizations, GAO-01-376G 
(Washington, D.C. Mar. 1, 2001).

[17] U.S. Department of the Interior, Standardization of Information 
Technology Functions and Establishment of Funding Authorities, Office 
of the Secretary Order No. 3244 (Washington, D.C. Nov. 12, 2002).

[18] For purposes of this order, "bureaus and offices" refers 
collectively to the bureaus of the department, the Secretarial Offices, 
and the immediate offices of the Secretary and the Deputy Secretary.

[19] Secretarial Order 3244 requires that each bureau CIO organization 
include the following IT management functions: technology, security, 
information management, telecommunications, inventory and asset 
management, strategic planning, project management, and IT career and 
skills management. Technology management is defined to include 
enterprise architecture, capital planning and investment control 
processes, and IT acquisition.

[20] U.S. General Accounting Office, Information Technology: DLA Needs 
to Strengthen Its Investment Management Capability, GAO-02-314 
(Washington, D.C. Mar. 15, 2002).

GAO's Mission:

The General Accounting Office, the investigative arm of Congress, 
exists to support Congress in meeting its constitutional 
responsibilities and to help improve the performance and accountability 
of the federal government for the American people. GAO examines the use 
of public funds; evaluates federal programs and policies; and provides 
analyses, recommendations, and other assistance to help Congress make 
informed oversight, policy, and funding decisions. GAO's commitment to 
good government is reflected in its core values of accountability, 
integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony:

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains 
abstracts and full-text files of current reports and testimony and an 
expanding archive of older products. The Web site features a search 
engine to help you locate documents using key words and phrases. You 
can print these documents in their entirety, including charts and other 
graphics.

Each day, GAO issues a list of newly released reports, testimony, and 
correspondence. GAO posts this list, known as "Today's Reports," on its 
Web site daily. The list contains links to the full-text document 
files. To have GAO e-mail this list to you every afternoon, go to 
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order 
GAO Products" heading.

Order by Mail or Phone:

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:

U.S. General Accounting Office

441 G Street NW,

Room LM Washington,

D.C. 20548:

To order by Phone:  

 Voice: (202) 512-6000:

 TDD: (202) 512-2537:

 Fax: (202) 512-6061:

To Report Fraud, Waste, and Abuse in Federal Programs:

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov

Automated answering system: (800) 424-5454 or (202) 512-7470:

Public Affairs:

Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.

General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.

20548: