Image

Information Technology

Open Recommendations

IT Portfolio Management: OMB and Agencies Are Not Fully Addressing Selected Statutory Requirements

Show

46 Open Recommendations

Agency Affected	Recommendation	Status
Office of Management and Budget	The Director of OMB should update existing guidance or issue new guidance to agencies to implement a process to assist agencies in reviewing their IT portfolios that includes the requirements provided in FITARA. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget	The Director of OMB should develop standardized performance metrics for agencies to implement the IT portfolio review process, as prescribed by FITARA. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget	The Director of OMB should ensure that the Federal CIO carries out its role in annually reviewing each agency's IT portfolio that is conducted by each agency's CIO in conjunction with the Chief Operating Officer or Deputy Secretary (or equivalent) and the Federal CIO, as prescribed by FITARA. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget	The Director of OMB should direct the Federal CIO to submit a quarterly report to the FITARA-identified committees in Congress on the cost savings and reductions in duplicative IT investments identified through the IT portfolio review process, as prescribed by FITARA. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget	The Director of OMB should direct the Federal CIO to ensure that the agency cost savings on the IT Dashboard that are being used to fulfill statutory requirements to report to Congress are accurate and correctly attributed to IT portfolio review. (Recommendation 5)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget	The Director of OMB should submit to Congress a report on the net program performance benefits achieved as a result of major capital investments made by agencies for information systems and how the benefits relate to the accomplishment of the goals of the agencies, as prescribed by FITARA. (Recommendation 6)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cloud Computing: Selected Agencies Need to Implement Updated Guidance for Managing Restrictive Licenses

Show

12 Open Recommendations

Agency Affected	Recommendation	Status
Department of Justice	The Attorney General should update and implement Department of Justice guidance to fully address identifying, analyzing, and mitigating the impacts of restrictive software licensing practices on cloud computing efforts. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Justice	The Attorney General should assign and document responsibility for identifying and managing potential impacts of restrictive software licensing practices across the department. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Transportation	The Secretary of Transportation should update and implement guidance to fully address identifying, analyzing, and mitigating the impacts of restrictive software licensing practices on cloud computing efforts. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Transportation	The Secretary of Transportation should assign and document responsibility for identifying and managing potential impacts of restrictive software licensing practices across the department. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Veterans Affairs	The Secretary of Veterans Affairs should update and implement guidance to fully address identifying, analyzing, and mitigating the impacts of restrictive software licensing practices on cloud computing efforts. (Recommendation 5)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Veterans Affairs	The Secretary of Veterans Affairs should assign and document responsibility for identifying and managing potential impacts of restrictive software licensing practices across the department. (Recommendation 6)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

IT Modernization: SBA Urgently Needs to Address Risks on Newly Deployed System

Show

14 Open Recommendations

Agency Affected	Recommendation	Status
Small Business Administration	The Administrator of SBA should direct the Associate Administrator of SBA's Office of Government Contracting and Business Development to expeditiously address critical UCP project risk management issues, including developing a project risk management strategy and risk mitigation plan. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration	The Administrator of SBA should direct the Associate Administrator of SBA's Office of Government Contracting and Business Development to expeditiously address critical UCP project cybersecurity issues, including developing a plan for managing project cybersecurity risks and documenting a traceability analysis for project security requirements. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration	The Administrator of SBA should direct the Chief Information Officer to consider the probability and impact of accepted UCP deployment risks if deciding to issue a final authorization to operate for the system. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration	The Administrator of SBA should direct the Chief Information Officer to establish and implement policies and procedures to ensure that risk registers or equivalent risk documentation explicitly state risk sources for IT modernization projects. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration	The Administrator of SBA should direct the Chief Information Officer to establish and implement policies and procedures to ensure that parameters to categorize or analyze risks are clearly defined at the project level for IT modernization projects. (Recommendation 5)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration	The Administrator of SBA should direct the Chief Information Officer to establish and implement policies and procedures to ensure that project risk management strategies are established and maintained for IT modernization projects. (Recommendation 6)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Air Traffic Control: FAA Actions Are Urgently Needed to Modernize Aging Systems

Show

7 Open Recommendations

Agency Affected	Recommendation	Status
Federal Aviation Administration	The Administrator of FAA should report to Congress on how it is mitigating risks of all unsustainable and critical systems that are identified in the annual operational risk assessments. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Federal Aviation Administration	The Administrator of FAA should establish a time frame for developing and implementing guidance to increase JRC oversight of pre-baselined investments that require additional resources or time prior to establishing a baseline. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Federal Aviation Administration	The Administrator of FAA should ensure that ATC modernization investments, including FENS and Aeronautical Information Management Modernization Enhancement 1, establish baselines in an expeditious manner. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Federal Aviation Administration	The Administrator of FAA should establish a time frame for developing and implementing guidance that the JRC ensures that ATC system modernization investments are organized as manageable segments. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Federal Aviation Administration	The Administrator of FAA should ensure that the Joint Resources Council consistently review all high risks facing ATC modernization investments. (Recommendation 5)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Federal Aviation Administration	The Administrator of FAA should require that the program offices for FENS, E-IDS Phase 1, and NWP and the Joint Resources Council each ensure that the acquisition management documentation are finalized prior to the council approving the investments to proceed to future phases of the investments' lifecycles. (Recommendation 6)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

View More Recommendations

GAO Contacts

Carol C. Harris

Director

Information Technology and Cybersecurity

harriscc@gao.gov

Nick Marinos

Managing Director

Information Technology and Cybersecurity

MarinosN@gao.gov

Jennifer Franks

Director

Information Technology and Cybersecurity

franksj@gao.gov

David (Dave) Hinchman

Director

Information Technology and Cybersecurity

HinchmanD@gao.gov

Marisol Cruz Cain

Director

Information Technology and Cybersecurity

cruzcainm@gao.gov

Sterling Thomas

Chief Scientist

Science, Technology Assessment, and Analytics

thomass2@gao.gov