Skip to main content

Information Technology: Agencies Need to Involve Chief Information Officers in Reviewing Billions of Dollars in Acquisitions

GAO-18-42 Published: Jan 10, 2018. Publicly Released: Jan 10, 2018.
Jump To:
Skip to Highlights

Highlights

What GAO Found

Most of the 22 selected agencies did not identify all of their information technology (IT) contracts. The selected agencies identified 78,249 IT-related contracts, to which they obligated $14.7 billion in fiscal year 2016. However, GAO identified 31,493 additional contracts with $4.5 billion obligated, raising the total amount obligated to IT contracts in fiscal year 2016 to at least $19.2 billion (see figure).The percentage of additional IT contract obligations GAO identified varied among the selected agencies. For example, the Department of State did not identify 1 percent of its IT contract obligations. Conversely, 8 agencies did not identify over 40 percent of their IT-related contract obligations.

Figure: Agency- and GAO-Identified Approximate Dollars Obligated to Fiscal Year 2016 Information Technology (IT) Contracts at the 22 Selected Agencies

Figure: Agency- and GAO-Identified Approximate Dollars Obligated to Fiscal Year 2016 Information Technology (IT) Contracts at the 22 Selected Agencies

Note: Due to rounding, the totals may not equal the sum of component obligation amounts.

Many of the selected agencies that did not identify these IT acquisitions did not follow Office of Management and Budget's (OMB) guidance. Specifically, 14 of the 22 agencies did not involve the acquisition office in their process to identify IT acquisitions for Chief Information Officer (CIO) review, as required by OMB. In addition, 7 agencies did not establish guidance to aid officials in recognizing IT. Until agencies involve the acquisitions office in their IT identification processes and establish supporting guidance, they cannot ensure that they will identify all IT acquisitions. Without proper identification of IT acquisitions, agencies and CIOs cannot effectively provide oversight of these acquisitions.

In addition to not identifying all IT contracts, 14 of the 22 selected agencies did not fully satisfy OMB's requirement that the CIO review and approve IT acquisition plans or strategies. Further, only 11 of 96 randomly selected IT contracts at 10 agencies that GAO evaluated were CIO-reviewed and approved as required by OMB's guidance. The 85 IT contracts not reviewed had a total possible value of approximately $23.8 billion. Until agencies ensure that CIOs review and approve IT acquisitions, CIOs will continue to have limited visibility and input into their agencies' planned IT expenditures and will not be able to use the increased authority that FITARA's contract approval provision is intended to provide. Further, agencies will likely miss an opportunity to strengthen CIOs' authority and the oversight of IT acquisitions. As a result, agencies may award IT contracts that are duplicative, wasteful, or poorly conceived.

Why GAO Did This Study

The federal government invested more than $90 billion on IT in fiscal year 2016. However, prior IT expenditures have produced failed projects. Recognizing the severity of issues, in December 2014 Congress enacted IT acquisition reform legislation (referred to as the Federal Information Technology Acquisition Reform Act, or FITARA). Among other things, OMB's FITARA implementation guidance requires covered agencies' chief acquisition officers to identify IT contracts for the CIOs to review and approve.

GAO's objectives were to determine the extent to which (1) federal agencies identify IT contracts and how much is invested in them, and (2) federal agency CIOs are reviewing and approving IT acquisitions. To do so, GAO reviewed data on IT contracts from fiscal year 2016 at 22 agencies and compared agency actions to law and OMB guidance.

Recommendations

GAO is making 39 recommendations, including that agencies ensure that acquisition offices are involved in identifying IT and issue related guidance; and to ensure IT acquisitions are reviewed according to OMB guidance. OMB and 20 agencies generally agreed with or did not comment on the recommendations. One agency agreed with one recommendation, but disagreed with another. GAO believes this recommendation is warranted. One agency disagreed with two recommendations. GAO subsequently removed one of these, but believes the other recommendation is warranted, as discussed in the report.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Agriculture The Secretary of Agriculture should ensure that the office of the chief acquisition officer (CAO) is involved in the process to identify IT acquisitions. (Recommendation 1)
Closed – Implemented
The agency concurred with our recommendation and in a March 2018 update stated that the CAO is involved in the process to identify IT acquisitions through a new policy issued in November 2017. Specifically, USDA's Procurement Advisory 130 states that Contracting Officers (located within the acquisition office) shall not issue solicitations for IT acquisitions until the office of the CIO has reviewed, approved, and provided an Acquisition Approval Request number. Implementing this recommendation will help ensure that the agency adequately identifies its IT-related acquisitions and the CIO has the opportunity to provide needed oversight of these acquisitions.
Department of Agriculture The Secretary of Agriculture should direct the CAO and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 2)
Closed – Implemented
The agency concurred with our recommendation, and in May 2018, issued a procurement advisory that included guidance on identifying IT. The proper identification of IT acquisitions for review and approval will allow Labor and its CIO opportunity to provide effective oversight of its IT acquisitions.
Department of Agriculture The Secretary of Agriculture should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 3)
Closed – Implemented
The agency concurred with our recommendation. In June 2018, USDA CIO issued a memorandum that delegated the review and approval of acquisition plans and strategies to the agency's Capital Planning and Information Technology Governance Division (CPITGD) through the Associate CIO of the Information Resource Management Center. According to the memorandum, CPITGD will utilize its Integrated IT Governance Framework, IT Investment Scoring Criteria, and Acquisition Approval Request process to review and approve IT acquisition plans and strategies. Ensuring that the CIO has appropriate insight into IT acquisitions will allow USDA to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Department of Commerce The Secretary of Commerce should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 4)
Closed – Implemented
In a March 2018 response to our report, the agency agreed with our recommendation. In February 2022, Commerce provided its revised acquisitions manual. This manual requires the use of an IT Compliance in Acquisition checklist. The checklist's instructions state that the checklist should be addressed in coordination with the Acquisition team. Implementing this recommendation will help ensure that the agency adequately identifies its IT-related acquisitions and the CIO has the opportunity to provide needed oversight of these acquisitions.
Department of Commerce The Secretary of Commerce should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 5)
Closed – Implemented
In a March 2018 response to our report, the agency agreed with our recommendation. As of January 2023, the agency had provided us evidence that the CIO (or designee) was reviewing and approving IT acquisition plans or strategies according to OMB's guidance. Ensuring that the CiO has appropriate insight into IT acquisitions will allow Commerce to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Department of Education The Secretary of Education should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 6)
Closed – Implemented
The agency concurred with our recommendation, and in April 2019, Education issued IT Governance and Investment Management guidance that states that the CAO assists the investment management process by identifying IT contracts for CIO review and approval. The proper identification of IT acquisitions for review and approval will allow Education and its CIO opportunity to provide effective oversight of its IT acquisitions.
Department of Education The Secretary of Education should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 7)
Closed – Implemented
The agency did not concur with this recommendation. However, in April 2019, Education updated its IT Governance and Investment Management guidance to require that all contract actions are provided by the office of Contracts and Acquisitions Management to the Office of the CIO for review. Further, Education's directive on acquisition planning requires that the Office of the CIO review and approve the acquisition plans associated with every acquisition greater than $100,000. Ensuring that the CIO has appropriate insight into IT acquisitions will allow Labor to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Department of Energy The Secretary of Energy should direct the CAO and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 8)
Closed – Implemented
The agency concurred with our recommendation and in December 2017 updated its acquisition guide to include instructions on identifying IT-related acquisitions. Specifically, the agency's guide was updated to include a definition of IT to aid employees in the identification of IT acquisitions. Implementing this guidance will help ensure that the agency adequately identifies its IT-related acquisitions and the CIO has the opportunity to provide needed oversight of these acquisitions.
Department of Energy The Secretary of Energy should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 9)
Closed – Implemented
The agency concurred with our recommendation and in December 2017 updated its acquisition guide to include a provision for the CIO review and approval of IT acquisition plans. Ensuring that the CIO has appropriate insight into IT acquisitions will allow Labor to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Department of Health and Human Services The Secretary of HHS should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 10)
Closed – Implemented
The agency agreed with our recommendation. As of November 2021, HHS had provided evidence that its CIO (or designee, as appropriate) was reviewing and approving IT acquisition plans or strategies according to OMB's guidance. Ensuring that the CIO has appropriate insight into IT acquisitions will allow HHS to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Department of Housing and Urban Development The Secretary of Housing and Urban Development should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 11)
Closed – Implemented
The agency concurred with our recommendation and in March 2018 the agency updated its Annual Strategic Acquisition Plan process to have the Chief Acquisition Officer identify and coordinate with the Chief Information Officer on any applicable IT-related acquisitions. Involving the acquisition office in the identification of IT will better position HUD to ensure that IT acquisitions are appropriately identified, reviewed, and approved, as required by FITARA. The proper identification of IT acquisitions for review and approval will allow HUD and its CIO opportunity to provide effective oversight of its IT acquisitions.
Department of Housing and Urban Development The Secretary of Housing and Urban Development should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 12)
Closed – Implemented
The agency concurred with our recommendation, and in July 2018, HUD provided us evidence that the Office of Management and Budget approved its CIO Assignment Plan. This assignment plan, together with HUD's FITARA guidance, details that HUD's Office of the CIO is to review IT acquisition requests that include an acquisition plan or strategy for acquisitions at or above $500,000. IT acquisitions below this amount are reviewed by program leadership. Ensuring that the CIO has appropriate insight into IT acquisitions will allow Labor to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Department of the Interior The Secretary of the Interior should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 13)
Closed – Implemented
The agency concurred with our recommendation and in July 2019, Interior issued a policy that states that Contracting Officers, who work under the authority of the Chief Administrative Officer, are to closely monitor requirements for all acquisitions for any possible IT implications. Involving the acquisition office in the identification of IT will better position Interior to ensure that IT acquisitions are appropriately identified, reviewed, and approved, as required by FITARA. The proper identification of IT acquisitions for review and approval will allow Interior and its CIO opportunity to provide effective oversight of its IT acquisitions.
Department of the Interior The Secretary of Interior should direct the CAO and CIO to finalize and issue guidance on identifying IT acquisitions in order to ensure the CIO review and approval of those acquisitions. (Recommendation 14)
Closed – Implemented
The agency concurred with our recommendation. In April 2018, Interior's CIO issued OCIO Directive 2018-003 on the requirements and process for the Annual Information Management and Technology Acquisition Strategic Plan. This directive outlines the procedures that bureaus and offices are to follow when submitting strategic plans to the CIOs office for approval. This directive includes a definition of IT that should aid in the identification of IT. Implementing this guidance will help ensure that the agency adequately identifies its IT-related acquisitions and the CIO has the opportunity to provide needed oversight of these acquisitions.
Department of the Interior The Secretary of the Interior should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 15)
Closed – Implemented
The agency concurred with our recommendation. In July 2019, Interior issued a policy that solidified the CIO's role on the Acquisition Procurement Advisory Committee, the group that reviews and approves acquisition strategies for acquisitions valued at $50 million or more (among other criteria). Other IT acquisition actions must be reviewed and approved by an Associate Chief Information Officer or an individual who reports to the Associate Chief Information Officer. Ensuring that the CIO has appropriate insight into IT acquisitions will allow Interior to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Department of Justice The Attorney General should direct the senior procurement executive and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 16)
Closed – Implemented
The agency concurred with our recommendation, and in June 2019, the agency issued acquisition guidance that includes information on how to identify IT-related acquisitions. The proper identification of IT acquisitions for review and approval will allow Justice and its CIO opportunity to provide effective oversight of its IT acquisitions.
Department of Justice The Attorney General should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 17)
Closed – Implemented
The agency concurred with our recommendation In March 2019, Justice charted its Information Technology Acquisition Review Board. The CIO performs the review of IT acquisition plans through this board. The charter states that the board reviews all IT acquisitions, and the CIO is to specifically review and approve those acquisitions over $2.5 million and those supporting major investments. Component CIOs are authorized to approve procurement actions equal to or less than $500,000, but are still required to inform the board of the acquisition. Ensuring that the CIO has appropriate insight into IT acquisitions will allow Labor to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Department of Labor The Secretary of Labor should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 18)
Closed – Implemented
The agency concurred with our recommendation and in a written response to our report, submitted two notices (2012-13 and 2012-22) to show the acquisition office's involvement in the process to identification of IT. These notices, particularly 2012-13, show that contracting officers are responsible for ensuring that all applicable acquisitions go through the ITARB process. Involving the acquisition office in the identification of IT will better position Labor to ensure that IT acquisitions are appropriately identified, reviewed, and approved, as required by FITARA.
Department of Labor The Secretary of Labor should direct the CAO and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 19)
Closed – Implemented
The agency concurred with our recommendation and in a written response to our report, submitted its Acquisition Plan Guide and Instructions which includes the OMB definition of IT and lists acquisition requirements related to FITARA such as the requirement to obtain CIO review and approval of acquisition plans and strategies. Providing this guidance will help ensure that the agency adequately identifies its IT-related acquisitions and the CIO has the opportunity to provide needed oversight of these acquisitions.
Department of Labor The Secretary of Labor should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 20)
Closed – Implemented
The agency concurred with our recommendation and in a written response to our report provided evidence that its acquisition planning guide and related acquisition plan templates require all acquisitions over $150,000 to be reviewed and approved by the CIO. Ensuring that the CIO has appropriate insight into IT acquisitions will allow Labor to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Department of State The Secretary of State should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 21)
Closed – Implemented
The agency agreed with our recommendation. In January 2020, State issued a Standard Operating Procedure (SOP) for the IT acquisition process. The SOP states that Contracting Officers, the representatives of the Chief Acquisition Officer, are to identify IT acquisitions. Involving the acquisition office in the identification of IT will better position State to ensure that IT acquisitions are appropriately identified, reviewed, and approved, as required by FITARA. The proper identification of IT acquisitions for review and approval will allow State and its CIO opportunity to provide effective oversight of its IT acquisitions.
Department of State The Secretary of State should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 22)
Closed – Implemented
The agency agreed with our recommendation, and in December 2021, State provided a policy announcement that was issued in September 2019. This policy states that all IT acquisitions over $10,000 need CIO approval within the Department's acquisition approval software. Ensuring that the CIO has appropriate insight into IT acquisitions will allow HHS to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Department of the Treasury The Secretary of the Treasury should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 23)
Open
The agency did not state whether it agreed or disagreed with the recommendation. In March 2019, Treasury issued a memo that requires the CIO to review and approve IT acquisition plans for acquisitions with a total value of $68 million or more, or for actions with a period of performance longer than 5 years. The review and approval of all other IT acquisition plans are delegated to the component CIOs or Chief Technology Officers. However, as of February 2024, the agency had not not been able to provide evidence that the CIO (or designee) was reviewing and approving selected IT acquisition plans, as required. In addition, Treasury stated that its Office of the CIO was in the process of revising the memorandum to allow for broader and deeper review of Treasury's IT acquisition portfolio. We will continue to monitor the implementation of this recommendation.
Department of Transportation The Secretary of Transportation should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 24)
Closed – Implemented
The agency concurred with the recommendation. In March 2020, Transportation modified its Transportation Acquisition Manual to involve Contracting Officers in the process of identifying IT-related acquisitions. According to Transportation, Contracting Officers operate on behalf of the Chief Acquisition Officer. Involving the acquisition office in the identification of IT will better position Transportation to ensure that IT acquisitions are appropriately identified, reviewed, and approved, as required by FITARA. The proper identification of IT acquisitions for review and approval will allow Transportation and its CIO opportunity to provide effective oversight of its IT acquisitions.
Department of Transportation The Secretary of Transportation should direct the CAO and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 25)
Closed – Implemented
The agency concurred with the recommendation. In March 2020, Transportation modified its Transportation Acquisition Manual to include guidance to ensure IT-related acquisitions are properly identified. Specifically, Transportation added definitions of IT, practical examples of IT, and frequently asked questions regarding IT acquisitions. Providing this guidance will help ensure that the agency adequately identifies its IT-related acquisitions and the CIO has the opportunity to provide needed oversight of these acquisitions.
Department of Transportation The Secretary of Transportation should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 26)
Closed – Implemented
The agency concurred with the recommendation. In October 2019, Transportation issued guidance requiring that the CIO or designee to review and approve all IT acquisition plans. As of January 2023, the agency provided evidence that its CIO or designee is reviewing and approving IT acquisition plans, as required by OMB guidance. Ensuring that the CIO has appropriate insight into IT acquisitions will allow Transportation to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Department of Veterans Affairs The Secretary of Veterans Affairs (VA) should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 27)
Closed – Implemented
The agency concurred with the recommendation. In November 2019, VA issued a Standard Operating Procedure that requires that the Chief Information Officer and Chief Acquisition Officer work in conjunction to review and approve all IT acquisition strategies and plans. Specifically, this procedure involves the contracting activity, acting on behalf of the Chief Acquisition Officer, in the identification of IT acquisitions. Involving the acquisition office in the identification of IT will better position VA to ensure that IT acquisitions are appropriately identified, reviewed, and approved, as required by FITARA. The proper identification of IT acquisitions for review and approval will allow VA and its CIO opportunity to provide effective oversight of its IT acquisitions.
Department of Veterans Affairs The Secretary of VA should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 28)
Closed – Implemented
The agency concurred with the recommendation. In November 2019, VA issued guidance that requires the CIO, in conjunction with the Chief Acquisition Officer, to review and approve all IT acquisition strategies and plans. Specifically, the CIO is to review and approve IT acquisitions valued at $15 million or more. The CIO has delegated the review and approval of IT acquisitions less than $15 million to other designees, based on the value of the contract. Ensuring that the CIO has appropriate insight into IT acquisitions will allow VA to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Environmental Protection Agency The Administrator of the Environmental Protection Agency should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 29)
Closed – Implemented
The agency stated that it did not take exception to the recommendation, and in a May 2018 update, the agency stated that it had updated its policy which implements the agency CIO guidance to comply with the requirements of FITARA. Specifically, the agency now involves the Chief Acquisition Officer (CAO) or the CAO's designee in the process of identifying IT acquisitions. Involving the acquisition office in the identification of IT will better position Labor to ensure that IT acquisitions are appropriately identified, reviewed, and approved, as required by FITARA.
National Aeronautics and Space Administration The Administrator of the National Aeronautics and Space Administration (NASA) should ensure that the office of the CAO is involved in the process to identify IT acquisitions. (Recommendation 30)
Closed – Implemented
The agency concurred with the recommendation. In June 2019, NASA provided documentation that showed that requisition initiators are required to complete a NASA Form 1707, Special Approvals and Affirmations for Requisitions, for every acquisition. The initiator identifies whether the acquisition is IT-related on this form. Contracting Officers, who are part of the NASA acquisition workforce and are acting on the authority of the CAO and Deputy, review each of these forms. The procurement office will not accept a requisition package until the form has all required approvals. Involving the acquisition office in the identification of IT will better position NASA to ensure that IT acquisitions are appropriately identified, reviewed, and approved, as required by FITARA. The proper identification of IT acquisitions for review and approval will allow NASA and its CIO opportunity to provide effective oversight of its IT acquisitions.
National Aeronautics and Space Administration The Administrator of NASA should direct the CAO and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 31)
Closed – Implemented
The agency concurred with the recommendation and in August 2018, NASA updated its Form 1707, a form that is required for all NASA procurements, to include a definition of IT. The proper identification of IT acquisitions for review and approval will allow NASA and its CIO opportunity to provide effective oversight of its IT acquisitions.
National Aeronautics and Space Administration The Administrator of NASA should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 32)
Closed – Implemented
The agency concurred with the recommendation, and in September 2017, NASA's CIO delegated the review and approval authority of IT acquisitions to the Center CIOs. In February 2022, NASA provided evidence that its CIO (or designee) is reviewing and approving IT acquisition plans and strategies, consistent with OMB guidance. Ensuring that the CIO has appropriate insight into IT acquisitions will allow NASA to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Nuclear Regulatory Commission The Chairman of the Nuclear Regulatory Commission should ensure that the office of the senior procurement executive is involved in the process to identify IT acquisitions. (Recommendation 33)
Closed – Implemented
The agency did not concur with this recommendation and stated that acquisition office officials review acquisitions to ensure that IT is properly identified. Despite this, in June 2018, the agency issued an acquisition instruction that states that the Chief Acquisition Officer is involved in the identification of IT. Involving the acquisition office in the identification of IT will better position NRC to ensure that IT acquisitions are appropriately identified, reviewed, and approved, as required by FITARA. The proper identification of IT acquisitions for review and approval will allow NRC and its CIO opportunity to provide effective oversight of its IT acquisitions.
Office of Personnel Management The Director of the Office of Personnel Management should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 34)
Closed – Implemented
The agency concurred with the recommendation. In May 2022, OPM provided evidence that its CIO is reviewing and approving IT acquisition plans and strategies, consistent with OMB guidance. Ensuring that the CIO has appropriate insight into IT acquisitions will allow OPM to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
Small Business Administration The Administrator of the Small Business Administration should ensure that the office of the senior procurement executive is involved in the process to identify IT acquisitions. (Recommendation 35)
Closed – Implemented
The agency agreed with the recommendation and in December 2017, the Chief Financial Officer and the Chief Information Officer, issued a joint Procedural Notice to all employees requiring all technology-related purches of IT with a total cost of $50,000 or more receive Office of the Chief Information Officer approval. It further required that all procurement submissions to its Acquisition Division (which is the agency's office that includes the senior procurement executive) receive Office of the Chief Information Officer approval. If the Acquisition Division receives a package for an IT acquisition without Office of the CIO approval, the package will be considered incomplete. Involving the Acquisition Division in the identification of IT will better position SBA to ensure that IT acquisitions are appropriately identified, reviewed, and approved, as required by FITARA.
Social Security Administration The Commissioner of the Social Security Administration (SSA) should ensure that the office of the senior procurement executive is involved in the process to identify IT acquisitions. (Recommendation 36)
Closed – Implemented
The agency agreed with the recommendation and in a March 2018 update provided the agency's Information Technology Acquisition Approval Policy. The policy states that it is the responsibility of the CFO and Chief Acquisition Officer/Senior Procurement Executive to notify the CIO when planned acquisition plans and strategies include IT. Further, according to the agency's updated CPIC Guide, SSA's Office of Acquisition and Grants (which is under the Chief Acquisition Officer/Senior Procurement Executive's responsibilities) submits completed IT acquisition plans to the OCIO for approval. Involving the acquisition office in the identification of IT will better position SSA to ensure that IT acquisitions are appropriately identified, reviewed, and approved, as required by FITARA.
Social Security Administration The Commissioner of SSA should direct the senior procurement executive and CIO to issue specific guidance to ensure IT-related acquisitions are properly identified. (Recommendation 37)
Closed – Implemented
The agency agreed with the recommendation and in May 2019, SSA provided evidence that it had updated its Acquisition Handbook to include a definition of IT to assist in identifying IT acquisitions. The proper identification of IT acquisitions for review and approval will allow SSA and its CIO opportunity to provide effective oversight of its IT acquisitions.
Social Security Administration The Commissioner of SSA should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 38)
Closed – Implemented
The agency agreed with the recommendation, and as of July 2018, SSA provided evidence that its CIO (or designee was reviewing and approving randomly selected IT acquisition plans, as required by OMB's FITARA guidance. Ensuring that the CIO has appropriate insight into IT acquisitions will allow Labor to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.
U.S. Agency for International Development The Administrator of the United States Agency for International Development should ensure that IT acquisition plans or strategies are reviewed and approved according to OMB's guidance. (Recommendation 39)
Closed – Implemented
The agency agreed with the recommendation and in May 2019, USAID issued a directive that requires the CIO to review and approve IT acquisition plans. Ensuring that the CIO has appropriate insight into IT acquisitions will allow USAID to fully realize the benefits FITARA intended, such as identifying IT acquisitions that are duplicative, wasteful, or poorly conceived.

Full Report

GAO Contacts

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Topics

Acquisition plansChief information officersCompliance oversightFederal acquisition regulationsInformation technologyIT acquisitionsIT investmentsPolicies and proceduresSystems acquisitionGovernment procurement