Skip to main content

Information Technology: Federal Agencies Need to Strengthen Investment Board Oversight of Poorly Planned and Performing Projects

GAO-09-566 Published: Jun 30, 2009. Publicly Released: Jul 30, 2009.
Jump To:
Skip to Highlights

Highlights

The federal government expects to spend about $71 billion for information technology (IT) projects for fiscal year 2009. Given the amount of money at stake, it is critical that these projects be planned and managed effectively to ensure that the public's resources are being invested wisely. This includes ensuring that they receive appropriate selection and oversight reviews. Selection involves identifying and analyzing projects' risks and returns and selecting those that will best support the agency's mission needs; oversight includes reviewing the progress of projects against expectations and taking corrective action when these expectations are not being met. GAO was asked to determine whether (1) federal departments and agencies have guidance on the role of their department-level investment review boards in selecting and overseeing IT projects and (2) these boards are performing reviews of poorly planned and poorly performing projects. In preparing this report, GAO reviewed the guidance of 24 major agencies and requested evidence of department-level board reviews for a sample of 41 projects that were identified as being poorly planned or poorly performing.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Commerce To ensure that IT projects are effectively managed, the Secretaries of Commerce and Labor should ensure their department-level review boards include business unit (i.e., mission) representation.
Closed – Implemented
Since our review, the department of Commerce established the Commerce Information Technology Review Board which is an executive-level board that provides advice to the Commerce Secretary and Deputy Secretary regarding IT investments. In April 2013, the department expanded the board's membership to include senior executives from its business units.
Department of Veterans Affairs The Secretaries of the Departments of Defense, Education, Homeland Security, Transportation, Treasury, and Veterans Affairs, the Administrator for the National Aeronautics and Space Administration, the Chairman of the Nuclear Regulatory Commission, and the Administrator for the U.S. Agency for International Development should ensure that the projects that are identified in this report as not having received departmental-IRB selection or oversight reviews receive these reviews.
Closed – Implemented
According to the fiscal year 2010 exhibit 300 for the VistA Imaging project which we selected for our review, the Information Technology Leadership Board, VA's senior-level investment review board, reviewed the project for funding in fiscal year 2010 and approved a modification to its baseline to reflect changes due to the realignment of resources under the Office of Information and Technology.
Department of Labor To ensure that IT projects are effectively managed, the Secretaries of Commerce and Labor should ensure their department-level review boards include business unit (i.e., mission) representation.
Closed – Implemented
In September 2011, the department of Labor established the Enterprise Implementation Committee as part of a new governance structure. The Committee is a department-level investment review board whose mission is to ensure that all initiatives affecting information technology infrastructure, common services and customer service programs that have cross-agency impacts are implemented to provide effective support for the Department's business mission and operations. According to this committee's charter, it includes the Deputy Secretary (Chair) and Deputy Chief Information Officer and senior business managers from its agencies and offices, such as Bureau of Labor Statistics, Employee Benefits Security Administration and Employment and Training Administration.
Nuclear Regulatory Commission To ensure that IT projects are effectively managed, the Chairman of the Nuclear Regulatory Commission should direct the Executive Director for Operations to define conditions for elevating issues related to project selection and oversight to its department-level Investment Review Board (IRB).
Closed – Implemented
Since our review, NRC defined conditions for elevating issues related to project selection and oversight to the Information Technology/Information Management Portfolio Executive Council (IPEC), its department-level investment review board. Specifically, according to its charter, the Information Technology/Information Management (IT/IM) Board, a lower-level review board, is responsible, among other things, for recommending IT/IM proposals IT investments that meet or exceed a 5-year life cycle cost threshold of $3,000,000 (Tier 1 and Tier 2 level) to the IPEC for investment planning or implementation. In addition, according to NRC's August 2012 capital planning and investment control procedures, investments exceeding certain performance thresholds (i.e., with cost, schedule, or system metric variances greater than 12 percent, a security plan of action and with red milestones, or an IT survey score of less than 2.5 , must make a presentation to the IPEC for a decision to continue, modify, or terminate the program.
Department of Veterans Affairs To ensure that IT projects are effectively managed, the Secretary of Veterans Affairs should define and implement responsibilities for the department-level IRB to oversee projects in operations and maintenance.
Closed – Implemented
According to VA's Fiscal Year 2015-2019 Multi-Year Programming Guide, the Information Technology Leadership Board, the department's senior-level investment review board, performs final approval of the department's multi-year program. The multi-year program is a five-year view of all of the Office of Information and Technology's investments (including projects in operations and maintenance) which are needed to support the Secretary's strategic priorities and meet the department's current and future challenges.
Department of Transportation The Secretaries of the Departments of Defense, Education, Homeland Security, Transportation, Treasury, and Veterans Affairs, the Administrator for the National Aeronautics and Space Administration, the Chairman of the Nuclear Regulatory Commission, and the Administrator for the U.S. Agency for International Development should ensure that the projects that are identified in this report as not having received departmental-IRB selection or oversight reviews receive these reviews.
Closed – Not Implemented
Since we issued our report, the Department of Transportation changed the funding structure for the Combined IT infrastructure project (now known as Combined Operating Environment) which we selected for our review so that it is no longer reviewed by the department-level investment review board but by a working capital fund review group which performs annual reviews and includes the department's Associate Chief Information Officer for Policy and several operating administrations' chief information officers. According to officials, the Combined Operating Environment project was most recently reviewed by this group in April 2013.
Department of Defense The Secretaries of the Departments of Defense, Education, Homeland Security, Transportation, Treasury, and Veterans Affairs, the Administrator for the National Aeronautics and Space Administration, the Chairman of the Nuclear Regulatory Commission, and the Administrator for the U.S. Agency for International Development should ensure that the projects that are identified in this report as not having received departmental-IRB selection or oversight reviews receive these reviews.
Closed – Implemented
In May 2013, we learned that the department's Defense Information System for Security project was reviewed by the Department's Human Resources Management Investment Review Board and the Defense Business System Management Committee and certified by these bodies in September 2009. According to DOD, the project continues to undergo all required reviews. For the Integrated Acquisition Environment Shared Services Provider/ Past Performance Information Retrieval System, the second Defense project we reviewed, the department reported that the project received a department-level investment review board review as we recommended.
Nuclear Regulatory Commission The Secretaries of the Departments of Defense, Education, Homeland Security, Transportation, Treasury, and Veterans Affairs, the Administrator for the National Aeronautics and Space Administration, the Chairman of the Nuclear Regulatory Commission, and the Administrator for the U.S. Agency for International Development should ensure that the projects that are identified in this report as not having received departmental-IRB selection or oversight reviews receive these reviews.
Closed – Implemented
The Nuclear Regulatory Commission's (NRC) Information Technology/ Information Management Portfolio Executive Council, the agency's executive level investment review board, reviewed the Infrastructure Services and Support investment, one of the two investments selected for our review, in April 2012, as part of a broader review of NRC's major investments and planned development, modernization, and enhancement activities. The board also reviewed the National Source Tracking System, the second investment selected for our review, as part of a review the Integrated Source Management Program. According to the IPEC's charter, the board is expected to review NRC's portfolio on a quarterly basis.
Department of Education The Secretaries of the Departments of Defense, Education, Homeland Security, Transportation, Treasury, and Veterans Affairs, the Administrator for the National Aeronautics and Space Administration, the Chairman of the Nuclear Regulatory Commission, and the Administrator for the U.S. Agency for International Development should ensure that the projects that are identified in this report as not having received departmental-IRB selection or oversight reviews receive these reviews.
Closed – Implemented
Shortly after our review, the department of Education brought the Common Services for Borrowers and the Advance Aid Delivery projects which we reviewed in our study under the oversight of the department's investment review board. The department provided evidence that these projects were reviewed by the board in July 2009, as part of a broader portfolio review.
Department of the Treasury The Secretaries of the Departments of Defense, Education, Homeland Security, Transportation, Treasury, and Veterans Affairs, the Administrator for the National Aeronautics and Space Administration, the Chairman of the Nuclear Regulatory Commission, and the Administrator for the U.S. Agency for International Development should ensure that the projects that are identified in this report as not having received departmental-IRB selection or oversight reviews receive these reviews.
Closed – Implemented
We reported that the Department of the Treasury's department-level investment review board had not performed reviews of the Enterprise IT Infrastructure Optimization Initiative (EITIO), Integrated Collection System (ICS, and Treasury Automated Auction Processing System (TAAPS) because the board was not active for the time frame we considered during our review. The department, however, subsequently re-established the Executive Investment Review Board (E-Board) in January 2008. The E-Board reviewed EITIO and ICS as part of a broader department IT portfolio review in July 2009. According to Treasury, the department's governance process was restructured after that time and a new departmental board was established in July 2013. In addition, according to Treasury, TAAPS, the third project we selected for our review--was incorporated into the Bureau of Fiscal Service's Wholesale Securities Services major investment.
U.S. Agency for International Development The Secretaries of the Departments of Defense, Education, Homeland Security, Transportation, Treasury, and Veterans Affairs, the Administrator for the National Aeronautics and Space Administration, the Chairman of the Nuclear Regulatory Commission, and the Administrator for the U.S. Agency for International Development should ensure that the projects that are identified in this report as not having received departmental-IRB selection or oversight reviews receive these reviews.
Closed – Implemented
In January 2012, USAID's investment review board reviewed the HSPD-12 project as we had recommended.
National Aeronautics and Space Administration The Secretaries of the Departments of Defense, Education, Homeland Security, Transportation, Treasury, and Veterans Affairs, the Administrator for the National Aeronautics and Space Administration, the Chairman of the Nuclear Regulatory Commission, and the Administrator for the U.S. Agency for International Development should ensure that the projects that are identified in this report as not having received departmental-IRB selection or oversight reviews receive these reviews.
Closed – Implemented
In April 2013, we received evidence from NASA showing that the Office Automation, IT Infrastructure, Telecommunications project (now called, IT Infrastructure Integration Program) received a selection review from its IT Strategy Investment Board in June 2009.
Department of Homeland Security The Secretaries of the Departments of Defense, Education, Homeland Security, Transportation, Treasury, and Veterans Affairs, the Administrator for the National Aeronautics and Space Administration, the Chairman of the Nuclear Regulatory Commission, and the Administrator for the U.S. Agency for International Development should ensure that the projects that are identified in this report as not having received departmental-IRB selection or oversight reviews receive these reviews.
Closed – Implemented
In November 2012, the department provided evidence that its Infrastructure Transformation Program had received a review by the Acquisition Review Board, the department's investment review board, in November 2011. The Secure Border Initiative project, the second project we had recommended DHS subject to a board review, was terminated after our audit and our recommendation for this project is therefore no longer valid.

Full Report

Topics

Agency missionsFunds managementInformation technologyInvestment Review BoardIT investment managementMission critical systemsNeeds assessmentPerformance managementProgram managementRisk assessmentRisk factorsRisk managementStrategic planningSystems analysisCost estimatesPolicies and procedures