[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]





 OMB MANAGEMENT WATCH LIST: $65 BILLION REASONS TO ENSURE THE FEDERAL 
 GOVERNMENT IS EFFECTIVELY MANAGING INFORMATION TECHNOLOGY INVESTMENTS

=======================================================================

                                HEARING

                               before the

                              COMMITTEE ON
                           GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED NINTH CONGRESS

                             FIRST SESSION

                               __________

                             APRIL 21, 2005

                               __________

                           Serial No. 109-20

                               __________

       Printed for the use of the Committee on Government Reform


  Available via the World Wide Web: http://www.gpo.gov/congress/house
                      http://www.house.gov/reform


                                 ______

                    U.S. GOVERNMENT PRINTING OFFICE
20-953                      WASHINGTON : 2005
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

                     COMMITTEE ON GOVERNMENT REFORM

                     TOM DAVIS, Virginia, Chairman
CHRISTOPHER SHAYS, Connecticut       HENRY A. WAXMAN, California
DAN BURTON, Indiana                  TOM LANTOS, California
ILEANA ROS-LEHTINEN, Florida         MAJOR R. OWENS, New York
JOHN M. McHUGH, New York             EDOLPHUS TOWNS, New York
JOHN L. MICA, Florida                PAUL E. KANJORSKI, Pennsylvania
GIL GUTKNECHT, Minnesota             CAROLYN B. MALONEY, New York
MARK E. SOUDER, Indiana              ELIJAH E. CUMMINGS, Maryland
STEVEN C. LaTOURETTE, Ohio           DENNIS J. KUCINICH, Ohio
TODD RUSSELL PLATTS, Pennsylvania    DANNY K. DAVIS, Illinois
CHRIS CANNON, Utah                   WM. LACY CLAY, Missouri
JOHN J. DUNCAN, Jr., Tennessee       DIANE E. WATSON, California
CANDICE S. MILLER, Michigan          STEPHEN F. LYNCH, Massachusetts
MICHAEL R. TURNER, Ohio              CHRIS VAN HOLLEN, Maryland
DARRELL E. ISSA, California          LINDA T. SANCHEZ, California
GINNY BROWN-WAITE, Florida           C.A. DUTCH RUPPERSBERGER, Maryland
JON C. PORTER, Nevada                BRIAN HIGGINS, New York
KENNY MARCHANT, Texas                ELEANOR HOLMES NORTON, District of 
LYNN A. WESTMORELAND, Georgia            Columbia
PATRICK T. McHENRY, North Carolina               ------
CHARLES W. DENT, Pennsylvania        BERNARD SANDERS, Vermont 
VIRGINIA FOXX, North Carolina            (Independent)
------ ------

                    Melissa Wojciak, Staff Director
       David Marin, Deputy Staff Director/Communications Director
                      Rob Borden, Parliamentarian
                       Teresa Austin, Chief Clerk
          Phil Barnett, Minority Chief of Staff/Chief Counsel


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on April 21, 2005...................................     1
Statement of:
    Evans, Karen, Administrator, Electronic Government and 
      Information Technology, Office of Management and Budget; 
      David Powner, Director, Information Technology Management 
      Issues, Government Accountability Office, accompanied by 
      Lester Diamond, Assistant Director.........................     9
        Evans, Karen.............................................     9
        Powner, David A..........................................    18
    Matthews, Dan, Chief Information Officer, U.S. Department of 
      Transportation, accompanied by Darren B. Ash; Robert 
      McFarland, Assistant Secretary for Information Technology, 
      U.S. Department of Veterans Affairs; Rosita Parkes, Chief 
      Information Officer, U.S. Department of Energy; and Lisa 
      Schlosser, Chief Information Officer, U.S. Department of 
      Housing and Urban Development..............................    40
        Matthews, Dan............................................    40
        McFarland, Robert........................................    48
        Parkes, Rosita O.........................................    51
        Schlosser, Lisa..........................................    54
Letters, statements, etc., submitted for the record by:
    Cummings, Hon. Elijah E., a Representative in Congress from 
      the State of Maryland, prepared statement of...............    64
    Davis, Chairman Tom, a Representative in Congress from the 
      State of Virginia, prepared statement of...................     3
    Evans, Karen, Administrator, Electronic Government and 
      Information Technology, Office of Management and Budget, 
      prepared statement of......................................    12
    Matthews, Dan, Chief Information Officer, U.S. Department of 
      Transportation, prepared statement of......................    43
    McFarland, Robert, Assistant Secretary for Information 
      Technology, U.S. Department of Veterans Affairs, prepared 
      statement of...............................................    49
    Parkes, Rosita, Chief Information Officer, U.S. Department of 
      Energy, prepared statement of..............................    52
    Porter, Hon. Jon C., a Representative in Congress from the 
      State of Nevada, prepared statement of.....................    67
    Powner, David, Director, Information Technology Management 
      Issues, Government Accountability Office, prepared 
      statement of...............................................    20
    Schlosser, Lisa, Chief Information Officer, U.S. Department 
      of Housing and Urban Development, prepared statement of....    55
    Waxman, Hon. Henry A., a Representative in Congress from the 
      State of California, prepared statement of.................     6

 
 OMB MANAGEMENT WATCH LIST: $65 BILLION REASONS TO ENSURE THE FEDERAL 
 GOVERNMENT IS EFFECTIVELY MANAGING INFORMATION TECHNOLOGY INVESTMENTS

                              ----------                              


                        THURSDAY, APRIL 21, 2005

                          House of Representatives,
                            Committee on Government Reform,
                                                    Washington, DC.
    The committee met, pursuant to notice, at 10:10 a.m., in 
room 2154, Rayburn House Office Building, Hon. Tom Davis 
(chairman of the committee) presiding.
    Present: Representatives Davis, Porter, Marchant, Waxman, 
Cummings, Kucinich, Watson, Ruppersberger, and Norton.
    Staff present: Melissa Wojciak, staff director; David 
Marin, deputy staff director/communications director; Rob 
White, press secretary; Drew Crockett, deputy director of 
communications; Victoria Proctor, senior professional staff; 
Jaime Hjort, professional staff member; Teresa Austin, chief 
clerk; Sarah D'Orsie, deputy clerk; Corinne Zaccagnini, chief 
information officer; Chas Phillips, policy counsel; Kristin 
Amerling, minority deputy chief counsel; Karen Lightfoot, 
minority communications director, senior policy advisor; Adam 
Bordes and Nancy Scola, minority professional staff members; 
Earley Green, minority chief clerk; and Jean Gosa, minority 
assistant clerk.
    Chairman Davis. Good morning. A quorum being present, the 
committee will come to order.
    I want to welcome everybody to today's hearing on the OMB 
watch list. The President's fiscal year 2006 IT budget request 
for the Federal Government is over $65 billion, and that figure 
is expected to rise continually throughout the rest of the 
decade. Given this fact, it is essential that the Federal 
Government manage IT investments efficiently. The Federal 
Government must acquire systems and services that not only 
provide the highest quality for Government employees, but also 
provide the best value for the taxpayer dollar.
    Under the Clinger-Cohen Act, OMB is required to establish 
processes to analyze, track, and evaluate the risks and results 
of major capital investments in information systems made by 
Federal agencies. For fiscal year 2005, OMB established a 
management watch list of mission-critical projects that have 
exhibited shortfalls in performance measures, project 
management, IT security, or overall justification. According to 
OMB's testimony before this committee last year, agencies with 
projects on the watch list are required to correct weaknesses 
and deficiencies or risk OMB placing limits on their spending.
    Of the $60 billion dedicated for Federal IT spending in 
fiscal year 2005, $22 billion represented projects on the watch 
list. This is over half of all Federal IT initiatives. This 
year there are more than 1,000 IT projects. OMB reported there 
are 342 projects, representing about $15 billion on the watch 
list. This represents a significant improvement, one I hope we 
can continue.
    I want to commend OMB for creating this management tool to 
address significant challenges facing the Federal Government. 
But at the same time, I want to make sure that it is being used 
effectively. There is some concern that OMB has not fully 
exploited the opportunity to use the watch list as a tool for 
analyzing IT investments on a government-wide basis. I am 
concerned that there is no aggregate list, per se.
    It is my understanding that OMB did not develop a single 
list of projects meeting their watch list criteria, but instead 
relied on individual analysts to evaluate the agencies and 
simply compile the results. Without a comprehensive list of 
projects and their identified weaknesses, we are apprehensive 
about OMB's ability to effectively followup with these agencies 
to determine whether they have addressed the weaknesses 
associated with projects on the watch list.
    Now today's primary purpose is to get a better 
understanding of OMB's use of the watch list. In particular, 
the committee is interested in determining if the concept of 
the watch list could be more effectively utilized by the 
Federal Government as a tool to manage information technology 
investments. Additionally, the committee looks forward to 
learning how OMB coordinates with individual agencies to 
identify and resolve IT-related challenges.
    In a report requested by the committee last year, the GAO 
evaluated OMB's processes regarding placing projects on the 
watch list and following up on corrective actions established 
for projects on the watch list. GAO will be releasing this 
report to the public today, and we look forward to discussing 
the results of their research.
    We have two distinguished panels of witnesses. Our first 
panel, we will hear from Karen Evans again from OMB, and David 
Powner from the Government Accountability Office, and we will 
discuss the watch list from a government-wide perspective. Our 
second panel features representatives from the Department of 
Transportation, Housing and Urban Development, Energy, and 
Veterans Affairs. These representatives will explain the nature 
of their projects on the watch list as well as efforts they 
have taken to resolve the issues that have led to their 
placement on the watch list.
    I want to welcome the witnesses to today's hearing. I look 
forward to your testimony.
    [The prepared statement of Chairman Tom Davis follows:]

    [GRAPHIC] [TIFF OMITTED] T0953.001
    
    [GRAPHIC] [TIFF OMITTED] T0953.002
    
    Chairman Davis. Mr. Waxman.
    Mr. Waxman. Thank you, Mr. Chairman. I am pleased that the 
committee is continuing its efforts to oversee the way in which 
the Federal Government is managing its information technology 
investments. The Federal Government has made a considerable 
investment in information technology. The President's budget 
for fiscal year 2006 includes more than 1,000 major IT projects 
that will cost the Federal Government more than $65 billion.
    The White House Office of Management and Budget has a 
statutory responsibility to evaluate and track the Federal 
Government's enormous investment in information technology. 
Unfortunately, it is not meeting its responsibility.
    For the past few years, OMB has been reporting that it 
tracks problem IT projects on what it calls a management watch 
list. Last year, OMB reported that more than a third of the 
Federal Government's major IT projects were on this list. 
However, when members of this committee asked OMB to provide 
basic information on what specific projects were on the watch 
list and how it was being used, OMB was not responsive.
    It is difficult to have confidence that OMB is fulfilling 
its responsibilities to monitor IT spending by the Federal 
Government when OMB fails to provide essential information 
about its tracking methodology.
    Now, GAO has taken a closer look at the management watch 
list and it has found that OMB does not maintain an aggregate 
list of troubled projects. Rather, what OMB calls its watch 
list is an ad hoc compilation of lists maintained by a few 
individual OMB analysts. No business with $65 billion at stake 
would ever manage itself this way. But apparently, different 
standards are fine when it is taxpayer money at risk.
    GAO is recommending that OMB create and maintain a 
government-wide watch list concerning major Federal IT projects 
to provide a mechanism for tracking whether problems that have 
been identified in any given year have been addressed. 
Incredibly, the administration is opposing even this minimal 
level of responsibility. I understand OMB disagrees with this 
recommendation.
    I know we can do better. And I look forward to hearing from 
today's witnesses about the merits of having an aggregate 
management watch list so that we can gain understanding of how 
OMB and other individual Government agencies can improve 
management of Federal information technology projects.
    Mr. Chairman, I want to make the comment to our witnesses, 
on the floor today is the energy bill that has come out of 
primarily the Energy and Commerce Committee and this committee. 
Later, we will have an amendment from this committee. 
Unfortunately, I am not going to be here for a lot of the 
testimony, but I will have a chance to review the testimony, 
and my staff, of course, is here to follow the issue very 
carefully.
    [The prepared statement of Hon. Henry A. Waxman follows:]

    [GRAPHIC] [TIFF OMITTED] T0953.003
    
    [GRAPHIC] [TIFF OMITTED] T0953.004
    
    [GRAPHIC] [TIFF OMITTED] T0953.005
    
    Chairman Davis. Thank you. We have a Davis-Waxman amendment 
and at least one of us is going to have to be there for that.
    Mr. Waxman. Better you.
    Chairman Davis. Any other Members wishing to make opening 
statements? If not, I am going to swear in the first panel. If 
you would rise with me and raise your right hands.
    [Witnesses sworn.]
    Chairman Davis. Let the record reflect that all witnesses 
responded in the affirmative.
    Mr. Powner, who is the gentleman behind you so we can 
identify him for the record?
    Mr. Powner. Mr. Lester Diamond, Assistant Director.
    Chairman Davis. Thank you very much for being here. I look 
forward to your testimony.
    Karen, why not start with you, and then we will go to Mr. 
Powner. If you can keep it to 5 minutes. But it is a short 
panel, I want to make sure you get everything in. Your entire 
statement is part of the record. Thank you.

STATEMENTS OF KAREN EVANS, ADMINISTRATOR, ELECTRONIC GOVERNMENT 
 AND INFORMATION TECHNOLOGY, OFFICE OF MANAGEMENT AND BUDGET; 
   DAVID POWNER, DIRECTOR, INFORMATION TECHNOLOGY MANAGEMENT 
ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE, ACCOMPANIED BY LESTER 
                  DIAMOND, ASSISTANT DIRECTOR

                    STATEMENT OF KAREN EVANS

    Ms. Evans. Good morning, Mr. Chairman and members of the 
committee. My remarks will focus on the administration's 
strategy and progress to date in planning, managing, and 
measuring the results of the Government's technology 
investments. You asked me to specifically address OMB's use of 
the tool we refer to as the management watch list, and I will 
do so, but first I will discuss the overall context within 
which this list and our many other oversight tools are used.
    For fiscal year 2006, the President is proposing to spend 
roughly $65 billion for information technology and associated 
services to support the multiple and wide-ranging missions of 
the Federal Government. These IT investments help improve the 
ability of the Government's programs and operations to more 
effectively deliver services, products, and information.
    OMB executes its responsibility using various methods such 
as reviewing agencies' annual budget submissions, remaining 
engaged with agencies throughout the year using the President's 
management agenda, and issuing policies and guidance. Each 
year, OMB updates issues and guidance to the agencies on 
preparing their budget submissions as well as instructions on 
budget execution.
    Of the more than 40 sections within our guidance, 2 provide 
specific additional guidance about IT funding requests. These 
sections provide guidance for Federal capital assets. To submit 
an investment request for a major IT project, agencies must use 
the exhibit 300, also called Capital Asset Plan and Business 
Case.
    Please note, business cases are primarily planning 
documents and used an indicator, but it is not a measurement of 
the agency's ability to execute or manage an IT project. This 
is an important distinction. OMB reviews and evaluates business 
cases as part of its overall evaluation of the entire agency 
budget submission. If, based upon OMB's evaluation, a business 
case does not successfully meet the evaluation criteria, it is 
placed on the management watch list.
    The information included in each business case helps OMB 
and the agencies ensure correctly planned IT investments. The 
President's budget for fiscal year 2005 included approximately 
1,200 major IT projects, totaling about $60 billion. Of this 
number, OMB reported slightly over half, 621 projects, 
representing about $22 billion, as being on the management 
watch list.
    In my March 3rd testimony of last year about the Federal IT 
portfolio, I described this list as consisting of mission-
critical projects needing improved overall justification, 
performance measures, project management, or IT security. 
Agencies were required to correct identified project weaknesses 
and business case deficiencies. Those failing to do so were 
subject to additional oversight and requirements prior to 
spending. We did place conditions on agency spending in five 
instances last year.
    This year we continue to use the management watch list as 
one of the many tools to oversee agencies' planning for IT 
investments and drive improved portfolio management. A total of 
1,087 business cases were submitted this year and less than one 
third, 342, valued at approximately $15 billion, did not meet 
the criteria for success. In November 2004, the 342 investments 
were placed on this year's management watch list. As they did 
last year, agencies have until the end of the fiscal year to 
correct all deficiencies or risk limits on their spending. I am 
pleased to report that this year's list currently at this time 
has been reduced to 248 projects.
    Let me now describe how other tools are used to monitor 
actual project execution and performance. In doing so, one will 
see, as OMB does, over-emphasis on the management watch list 
may lead to unintended consequences.
    Although business cases include information design to 
identify whether the agency appropriately considered project 
performance as part of the project planning, they are but a 
snapshot in time and they are not designed to be nor are they 
used for measuring project performance. Managing and measuring 
project performance is first and foremost an agency 
responsibility. OMB then oversees the agencies' activities 
under the President's management agenda and its associated 
quarterly reporting process.
    Each agency receives a scorecard about their progress and 
their status in achieving the government-wide goals, such as 
achieving 10 percent of cost, schedule, and performance for 
their IT portfolio. We deliberately included the criterion for 
``acceptable business cases'' to underscore the need for good 
capital planning processes to be in place within an agency in 
order to produce good business cases.
    However, we recognize the business case as an output 
measurement. The acceptability of the business cases is just 
one of a number of the critical components agencies must 
satisfy to get to green or yellow for the E-Government 
scorecard. If the business case criteria are not successfully 
met, agencies cannot move forward regardless of their 
performance on other elements.
    Followup is dependent on particular issues identified and 
tends to focus on strategic issues or problems existing at a 
government-wide or agency-wide programmatic level, not tactical 
ones residing with an individual investment.
    I appreciate the opportunity to discuss the 
administration's strategy in this area. The management watch 
list represents just one example of such opportunity and helps 
call attention to concerns within the planning for major IT 
projects. I will be happy to answer any questions at the 
appropriate time.
    [The prepared statement of Ms. Evans follows:]

    [GRAPHIC] [TIFF OMITTED] T0953.006
    
    [GRAPHIC] [TIFF OMITTED] T0953.007
    
    [GRAPHIC] [TIFF OMITTED] T0953.008
    
    [GRAPHIC] [TIFF OMITTED] T0953.009
    
    [GRAPHIC] [TIFF OMITTED] T0953.010
    
    [GRAPHIC] [TIFF OMITTED] T0953.011
    
    Chairman Davis. Thank you very much.
    Mr. Powner.

                  STATEMENT OF DAVID A. POWNER

    Mr. Powner. Chairman Davis, Ranking Member Waxman, and 
members of the committee, we appreciate the opportunity to 
testify on our report, completed at your request, Mr. Chairman, 
on OMB's management watch list. This morning I will summarize 
three key points in this report.
    First, OMB annually identifies hundreds of IT projects 
representing tens of billions of dollars that are at risk; 
meaning, there are significant questions about how these 
projects are planned and managed. In doing so, it identifies 
tremendous opportunities to strengthen investments.
    Second, OMB does not have a list. It does not aggregate a 
single list that identifies each project and its weaknesses, 
and therefore is missing an opportunity to analyze IT 
investments on a government-wide basis.
    Third, OMB does not consistently monitor the followup 
performed, and therefore was unable to tell us progress in 
addressing government-wide as well as project-specific 
weaknesses. Again, it is missing an opportunity to ensure that 
agencies address project weaknesses and that the Government's 
investment in IT is not wasted.
    Expanding on each of these, first, OMB should be commended 
for its analysis of agencies' IT project business cases which 
now collectively total over $60 billion annually. In the 2005 
budget, OMB highlighted that of approximately 1,200 IT 
projects, about half, 620 projects, valued at $22 billion, were 
on its management watch list. In the 2006 budget, OMB again 
stated that of approximately 1,100 IT projects, about a third, 
342, valued at $15 billion, were on its list.
    OMB uses a comprehensive scoring process to evaluate each 
business case which consists of evaluating 10 categories 
associated with project planning and management. These 
categories include the project's acquisition strategy, security 
plans and processes, and cost and schedule performance. 
Projects were placed on the management watch list if they 
scored poorly overall or in specific categories that OMB 
emphasizes. Either way, being placed on the management watch 
list means that these projects clearly have weaknesses in 
project planning and management. Thus, OMB identifies 
tremendous opportunities to strengthen investments totaling 
billions of dollars.
    However, a single, aggregate list identifying the projects 
and their weaknesses does not exist. To derive the total number 
of management watch list projects reported in the President's 
budget, OMB poled its individual analysts who have specific 
agency responsibilities and compiled the numbers and their 
combined value. By not aggregating the projects and weaknesses, 
OMB is missing an opportunity for analyzing IT investments on a 
government-wide basis.
    In addition, OMB does not consistently monitor the followup 
performed, and therefore was unable to tell us progress in 
addressing government-wide and project-specific weaknesses. 
Some projects were followed up during budget preparation. In 
addition, OMB officials told us that followup of some 
management watch list projects was done through the quarterly 
e-gov scorecards associated with the President's management 
agenda.
    However, OMB could not tell us which of the 621 watch list 
projects for 2005 were followed up on. Nor could they describe 
the relationship between its followup activities and changes in 
the number of projects on the watch list between 2005 and 2006.
    In our opinion, the current followup that does occur may 
leave unattended weak projects consuming significant budget 
dollars. In addition, Mr. Chairman, OMB's ability to report to 
the Congress on progress in addressing critical areas needing 
attention is limited by not having an aggregate list and 
coordinated followup.
    To take full advantage of the management watch list, we 
make several recommendations, including: developing a central 
list, using the list to guide prioritized followup, and 
reporting to the Congress on progress in addressing risks in 
areas needing additional attention.
    In summary, the management watch list creates an ideal 
opportunity to improve the Federal Government's IT investments 
and ensure that taxpayers' dollars are wisely invested. 
However, this opportunity is not being fully exploited because 
the list is not aggregated nor are there assurances that 
followup is adequate.
    This concludes my statement. I would be pleased to respond 
to any questions that you or members of the committee have at 
this time.
    [Note.--The GAO report entitled, ``Information Technology, 
OMB Can Make More Effective Use of Its Investment Reviews,'' 
may be found in committee files.]
    [The prepared statement of Mr. Powner follows:]

    [GRAPHIC] [TIFF OMITTED] T0953.012
    
    [GRAPHIC] [TIFF OMITTED] T0953.013
    
    [GRAPHIC] [TIFF OMITTED] T0953.014
    
    [GRAPHIC] [TIFF OMITTED] T0953.015
    
    [GRAPHIC] [TIFF OMITTED] T0953.016
    
    [GRAPHIC] [TIFF OMITTED] T0953.017
    
    [GRAPHIC] [TIFF OMITTED] T0953.018
    
    [GRAPHIC] [TIFF OMITTED] T0953.019
    
    [GRAPHIC] [TIFF OMITTED] T0953.020
    
    [GRAPHIC] [TIFF OMITTED] T0953.021
    
    [GRAPHIC] [TIFF OMITTED] T0953.022
    
    [GRAPHIC] [TIFF OMITTED] T0953.023
    
    [GRAPHIC] [TIFF OMITTED] T0953.024
    
    Chairman Davis. Thank you both.
    Ms. Evans, given the effort you have put into creating and 
using the watch list, it seems that the small additional 
investment of creating an aggregate list of projects and 
weaknesses could yield significant opportunities and a means to 
track progress on agency corrective actions. What is it about 
an aggregate management watch list that you either object to or 
have not seen reason to move ahead on? Am I missing something?
    Ms. Evans. We have had a lot of discussion----
    Chairman Davis. I mean, a lot of the criticism in the paper 
and GAO's----
    Ms. Evans. There is a lot of criticism about----
    Chairman Davis. I am just trying to understand your 
perspective.
    Ms. Evans. Yes, sir. Really, what it comes down to is what 
would be the intended outcome of having the aggregate watch 
list. We have gone back and forth over what would be the 
result, what would change, and what would be the outcome, what 
do we really want to achieve.
    And when we look at this, is the outcome to have good 
business cases, is it to have a passing business case to ensure 
that everything that is written down on the business case meets 
our criteria? Or is the outcome to really achieve what is 
described in the business case; that is, what the dollars are 
intended to be invested in?
    That really is what we are focusing our efforts on, is does 
the agency have the right management practices in place to 
ensure what that investment is supposed to achieve. So we work 
on it by a portfolio basis.
    It is not that I am against having an aggregate list. What 
we are actually looking back and forth at, as you would any 
investment, is what are the pros and cons associated with that, 
and would we drive certain behaviors where people would just 
turn in ``a good term paper,'' but not really address what the 
problem is that is happening in that agency.
    Chairman Davis. Over the years, this is long before you got 
there and I got here, the Government had lost tens of billions 
of dollars in IT systems that have just not worked out and so 
on. It seems to me that just having a list up there tracking 
these areas, where you can go back, it not only gives it a 
level of transparency, but it would make it easier to manage. I 
do not hear you really objecting. You are just saying that you 
think the way you are doing it handles it.
    Ms. Evans. Yes, sir. Because of the way that we are looking 
at it, what we do not want to drive is certain behavior where 
people are just checking off the boxes and not really 
addressing the problem. And the problem is really what 
management practices do you need to have in place to ensure 
that the progress hits the milestones?
    Chairman Davis. Let me ask this question.
    Ms. Evans. Sure.
    Chairman Davis. You stated in previous testimony before the 
committee or subcommittee that agencies with projects on the 
list would be required to address these weaknesses or else face 
OMB placing limits on their spending. Is that right?
    Ms. Evans. Yes, sir.
    Chairman Davis. Can you tell us how many projects and what 
total dollar value has been held back as a result of agencies 
not addressing projects?
    Ms. Evans. We did provide a chart last year based on the 
five agencies that we did hold back the money that we took the 
specific action on. We can provide that again to the committee 
this year. I can go back and do that. But I would like to 
stress, part of what we are trying to do here is that is the 
action that we take. There are actions that the agencies take 
themselves that we do not have to take.
    And so we would not be able to provide that information. 
That would have to come from an agency-by-agency basis. But 
there are specific actions that were taken by the agencies 
where they prohibited the spending of the project themselves 
without us having to intervene.
    Chairman Davis. Mr. Powner, what does OMB lose by not 
developing a single, aggregate management watch list?
    Mr. Powner. Several things, Mr. Chairman. First of all, 
having an aggregate list allows you to analyze government-wide 
IT weaknesses more effectively. The other thing that it 
provides an opportunity for, that you pointed out, is that it 
then provides a mechanism to monitor and track those 
investments.
    One additional example, knowing the differences between the 
2005 and 2006 list would be very important. So having aggregate 
lists where we could compare those aggregate lists and look at 
projects that continue to be on that list from year to year 
would be very valuable from an oversight perspective.
    Chairman Davis. Now, are we talking about a sophisticated 
data base that would capture all investment information, or 
something less complex?
    Mr. Powner. Our recommendation was just to aggregate the 
list. This can probably be done with applications that 
currently reside on desktops today. So we are not talking about 
anything too sophisticated here.
    Chairman Davis. OK. In addition to your recommendations, do 
you have any suggestions for how we can all work together--I am 
talking about OMB, I am talking about the agencies, and 
Congress--work together collectively to improve these critical 
IT investments?
    Mr. Powner. Yes, I do. First of all, I think OMB should be 
commended for 12 analysts that identify all these weaknesses 
with all these projects. That is a heck of an effort up front. 
And to expect them to followup on 600 or 350 projects is asking 
a lot. A couple thoughts would be, to involve some of the 
accountability agencies, IGs could get involved in following up 
with some watch list projects, GAO would gladly look at the top 
30, 40 projects, and in addition, hearings such as these, Mr. 
Chairman, where you call up to the table the top five or six 
agencies that either have the most projects on the list or the 
highest dollar value helps further the rigor associated with 
the management of these projects.
    Chairman Davis. OK. Thank you very much.
    Mr. Ruppersberger.
    Mr. Ruppersberger. Thank you, Mr. Chairman. First, Ms. 
Evans. Last year, your office designated 621 Federal technology 
projects as management watch list projects. This year your 
office designated 342 on this watch list. Is that correct?
    Ms. Evans. Yes, sir.
    Mr. Ruppersberger. Now this is a considerable number of 
projects. And it appears from the GAO report that OMB has just 
a dozen or so analysts overseeing these hundreds of troubled 
projects. First, does OMB have a system for prioritizing these 
projects to ensure that attention is paid to mission-critical 
and other important systems?
    Ms. Evans. The short answer is, yes. And it is more----
    Mr. Ruppersberger. The second question is, can you describe 
the system and why you think it works?
    Ms. Evans. Yes. I am getting ready to do that. But I would 
like to clarify one thing. The initial analysis on the business 
cases are done by the 12 analysts that Mr. Powner had 
mentioned. But the followup on these actions are a joint effort 
done by everyone within OMB. So there is a joint team that we 
do through the scorecard process with the budget examiners as 
well as the IT analysts.
    So there is a process, there is a consistent process. And 
because this question has arisen about what we should followup 
on and do we need to have better clarification, we are in the 
process of finalizing our guidance out to the agencies of what 
we would then call the ``high risk'' projects that are included 
on the management watch list. And then those would be then 
singled out for us to followup on directly through the 
scorecard process and have more rigor in those.
    But we do followup on all of them, all the business cases 
through the scorecard process. And the agencies have to 
remediate the weaknesses and tell us what actions they are 
going to do. And this year, they have to have it done by June 
30, so that there is enough time for us to analyze are those 
adequate before they start spending money before the start of 
the next fiscal year.
    Mr. Ruppersberger. Getting back to my issue. It is about 
resources sometimes. You have a lot of projects that are out 
there and some have to be prioritized, as we should, but there 
are some that maybe need to be prioritized that are not. Do you 
feel that you have the tools and the resources to oversee these 
projects and do it in the right way?
    Ms. Evans. Yes, sir, I feel that we do. Because what we do 
is we analyze not the project itself, but all the projects that 
are in a portfolio to see if there is a pervasive or a systemic 
problem. It could be something as simple as there is not the 
right leadership at the top level to give the agency itself the 
resources that it needs to succeed.
    Mr. Ruppersberger. Let me get into a specific project.
    Ms. Evans. Sure.
    Mr. Ruppersberger. We recently saw as part of the Trilogy 
project the IPI spent $170 million to develop a new case 
management system that they will never use. It certainly seems 
that at some point in a multiyear process of developing the 
system someone should have noticed that this project was 
seriously off course. Now, was the Trilogy project on the 
management watch list this year or last year, do you know, 
both?
    Ms. Evans. Yes. And because it is a high risk, high 
visibility project, internally within OMB when that happens, 
especially on a project of that nature given the critical 
mission that it is supporting, there are additional above and 
beyond activities that we do outside of the scorecard process. 
And in that particular case, we had monthly meetings and then 
went to bi-weekly meetings to talk and work with the team to 
understand what was going on and to give them the resources 
that they would need, as well as to understand what we needed 
to do to improve that so that project could go forward and be 
successful.
    Mr. Ruppersberger. Let me ask you this. Why do you think 
the Federal Government's investment review process did not 
catch the problems with this project? Now I know there are a 
lot of other issues, you have the private contractor, you had a 
lot, but bottom line, I think we need to discuss, that is a 
perfect example, where did we go wrong, where did your process 
go wrong that we did not get involved earlier and try to bring 
it to the table.
    Ms. Evans. And I would like to address that. I believe that 
up until within these last 2 years, especially with our 
implementation of earned value management through the 
President's management agenda on the scorecard, a lot of our 
activities are focused on planning. And the failure of the 
Trilogy project was actually in the execution--the problems 
with the contractor, project management, did they have the 
right focus, requirements creep, everything that you read in 
the press.
    Those are things that are tracked through the earned value 
management activities. That earned value is the actual numbers, 
like you would then start seeing, if I said it was going to 
take 10 weeks to accomplish a certain deliverable and it takes 
12, that sets up a flag. We at OMB were not collecting a lot of 
that data and working with the agencies directly in managing it 
at that level.
    Mr. Ruppersberger. What do you think OMB could have done 
better in order to get more involved so that we could have 
addressed this issue sooner? Looking at you and looking at your 
operation, what do you think you could have done better just 
specifically on the Trilogy project with the FBI? Or do you 
think you were perfect?
    Ms. Evans. No, I do not. And I think that hearings such as 
this gives us clearer guidance on what the expectations are 
from the Hill as well. But I believe that we have learned from 
that project, continuously learn from many of the IT projects.
    Right now, we are focused on implementing and giving 
clearer guidance to the agencies on earned valued which is 
focused on the execution, how the agencies are actually going 
about and achieving, executing out on the project plant to 
ensure that they have their project managers in place, that 
they have clearly defined the right deliverables, and is there 
spending. That is what we call 10 percent of cost, schedule, 
and performance. We are measuring those activities now. We were 
not measuring those previously. So I do agree that there were 
things that we needed to do better in an oversight capacity.
    Mr. Ruppersberger. OK. Thank you.
    Chairman Davis. Questions, Mr. Porter? No? Ms. Watson, any 
questions?
    Ms. Watson. Thank you, Mr. Chairman. I am not sure that I 
heard clearly or that I was able to decipher the response when 
asked what is needed to be able to do the management watch that 
is necessary. And I also want to know how long is the 
evaluation after you put a particular project on the watch 
list, how long do you followup? Is there a long-range follow 
through? I was trying to read through our information to see if 
it stated what that period of time would be, but maybe you can 
respond. And this question is to Ms. Evans.
    Ms. Evans. Sure. We would followup, depending on what the 
problem is that we would identify within an agency, through the 
life cycle. So if an investment is going to go 3 to 5 years, we 
continuously work with the agency through that period. So it 
would depend on what you identify as the issue.
    Say, for example, if everything in the agency we failed a 
business case because they had bad cyber security, they just 
did not have a good cyber security plan, that is something that 
this committee measures as well, and say the agency had an F on 
the cyber security from your scorecard, we would continue to 
work on the issue of cyber security within that agency and then 
work with them then to see how and ensure that what they are 
putting in their program then cascades down through the 
management practices they have for projects. So if they say 
that they are doing something in the security area, you 
followup to make sure that it is actually followed through in 
the actual projects as they execute out multiple projects 
within the agency.
    So it would depend on what the problem is. But we 
continuously followup. When we talk about the management watch 
list specifically as we look at these numbers, 342, 621, we try 
to address what is the over-arching problem there--is it a 
leadership problem, is it a risk management problem, is it a 
cyber security problem--and then work at that high level and 
then work with the agency to have processes in place so that it 
will perpetuate throughout the organization so that they can 
move forward on that.
    I do not know if that is getting to all the issues, but it 
is always ongoing. We do not just say, OK, this one is good to 
go and then walk away from that. We continuously work with the 
agency on the problems that we would identify.
    Ms. Watson. Thank you. I heard you respond that you thought 
you had the resources to do this long-term. The way you explain 
it, it would take various units depending on where the problem 
really resides. Do you have the personnel, do you have the 
resources to do that kind of in-depth followup?
    Ms. Evans. And the short answer again is, yes. Because part 
of what we do is we work with the agency, we identify areas, we 
offer suggestions and recommendations, but the hard work of 
remediating the problems and ensuring things are done at the 
agencies. The agencies are the ones who have to change their 
management practices, the agencies are the ones who have to 
take the corrective action, and then we work with them. The 
hard work is actually fixing the problem and that is where the 
resources are needed, and that is with the agencies.
    Ms. Watson. So many of these agencies seem to be short-
changed in recent budgets. So that is where my interest is, do 
we have the resources? Thank you very much. I appreciate your 
response.
    Chairman Davis. Ms. Evans, let me just ask, what is the No. 
1 problem you see out there in the agencies with administering 
IT programs? Do we have enough competent procurement officers? 
Is it the coordination between the agency sometimes and the 
contracting officers? Are we not holding the contractors tight 
enough? Is there one theme, or is it just a number of themes 
that sometimes have these contracts go awry?
    Ms. Evans. This is going to seem like a very simple answer 
to a complex question. All those things that you have described 
are symptoms of the problem. It goes back to very basic project 
management. Many times as a project starts there is not a clear 
vision of what the outcome of that project is supposed to 
achieve. So if we use the Trilogy project again, it started 
down the path and it had one outcome but it changed multiple 
times.
    So as that change occurs, that is where then the disconnect 
happens like what you are talking about, where a procurement 
officer may not necessarily put the right contract vehicle in 
place because they think they are going down to achieve one 
outcome when they really needed to achieve another. So it is 
communications and having a clear vision of what that project 
is supposed to achieve.
    Chairman Davis. But what we ought to be doing is catching 
these early, right?
    Ms. Evans. Yes, sir.
    Chairman Davis. That is the goal. Obviously, in some of 
these complex procurements the needs are going to change as you 
get into it a little bit. The key is catching it early and not 
having it run a $30 million, $100 million bill before you get 
there.
    Ms. Evans. And the other part of that, and I would say is 
back to us at OMB, is if you said that you were going down and 
the original vision is like a two-sentence vision, and this is 
what we ask now from agencies, to clearly articulate in two 
sentences, three sentences or less what you are going to get 
out of this project. If they cannot do that, there is a 
problem.
    And then as a follow-on activity, we need to continuously 
followup to ensure that they have not lost sight of that 
original goal. If they do, and that is what we need to do from 
an oversight capacity, if they need to change it, then they 
have to be able to justify the changes.
    And so we have other indicators that we are putting in 
place to try to catch it sooner before there is so much 
invested in it. And those are the other tools that we have been 
implementing to try to monitor that and catch it.
    Chairman Davis. We will fight on the House floor, sometimes 
spend hours fighting over a $30, $40, $50 million program. But 
an IT project goes awry, it could be a lot more than that. So, 
really, when you talk about savings in government and 
efficiency in government, it is overseeing some of these areas. 
And we can blame the agencies, but at the end of the day it 
starts and stops with OMB. That is why the watch list is so 
important. I just wonder what other tools that we may need in a 
government-wide perspective in terms of being able to get good 
program managers in, and pay them accordingly. Do you see any 
specific concerns with that?
    Ms. Evans. Well, as we have outlined before, project 
management, again, is the key to success because that project 
manager is the front line defense. The Federal CIO Council took 
that issue on last year as a result of this analysis and made 
recommendations to us, we finalized the guidance back out to 
the agencies. And what it did was help the agencies identify 
what type of project manager, the level of complexity of the 
project. We continue to develop these tools. We just issued 
recent guidance jointly with OPM to look at the work force so 
that you have the right resources and the right people in 
place.
    Chairman Davis. And the right training?
    Ms. Evans. And the right training. And what are the gaps, 
what do you currently have, what do you need, and are you 
adequately funded for that. Because the problem is just within 
one agency and it is two to three staff people that you need, 
that is a different solution than if we see, gosh, we need 
1,000 project managers at a certain proficiency level across 
the entire government. We need to have that information ahead 
of time. And you are right, that is an OMB responsibility to 
ensure that the agencies have adequate resources to accomplish 
that.
    Chairman Davis. At DOD there have been cuts in procurement 
officials. That is one of the ways they try to save money. And 
sometimes it looks on the line like you are cutting dollars, 
but if a procurement goes awry, it ends up costing you 10 
times, that could be an outcome of that. That is what we need 
to be careful about.
    Mr. Powner, do you have any comments on that?
    Mr. Powner. Just piggybacking off of your comment on 
catching some of the risk areas early. I do not want to 
downplay the importance of the watch list in the categories 
that we look at. Many things that we discuss associated with 
Trilogy, I know we do work for you on secure flight at TSA, a 
couple of the categories that are highlighted in the analysis 
for the watch list are program management, project management, 
and risk management. Clearly, if you have rigorous processes in 
place associated with project management and risk management, 
it would help to catch some of these issues that ultimately 
result in some of these projects failing.
    Chairman Davis. Thank you very much. Any other questions 
from Members?
    Thank you very much. We appreciate your being here.
    We will now move to our next panel. We have here Mr. Dan 
Matthews, the Chief Information Officer of the U.S. Department 
of Transportation; Mr. Robert McFarland, Assistant Secretary 
for Information Technology at the U.S. Department of Veterans 
Affairs; Ms. Rosita Parkes, the Chief Information Officer at 
the U.S. Department of Energy; and Lisa Schlosser, CIO at the 
Department of Housing and Urban Development.
    Thank you very much for being with us this morning. If you 
would stand with me and raise your right hands, I will swear 
you in.
    [Witnesses sworn.]
    Chairman Davis. Let the record reflect that all witnesses 
have responded in the affirmative.
    Thank you. We have a gentleman back here.
    Mr. Ash. Darren Ash, with the Department of Transportation.
    Chairman Davis. Thank you very much for being with us. Let 
the record show that you were also sworn should we have to call 
on you for any questions.
    Mr. Matthews, we will start with you, and then we will work 
on down. Your entire statement is in the record. Thank you.

  STATEMENTS OF DAN MATTHEWS, CHIEF INFORMATION OFFICER, U.S. 
  DEPARTMENT OF TRANSPORTATION, ACCOMPANIED BY DARREN B. ASH; 
     ROBERT MCFARLAND, ASSISTANT SECRETARY FOR INFORMATION 
TECHNOLOGY, U.S. DEPARTMENT OF VETERANS AFFAIRS; ROSITA PARKES, 
CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF ENERGY; AND LISA 
   SCHLOSSER, CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF 
                 HOUSING AND URBAN DEVELOPMENT

                   STATEMENT OF DAN MATTHEWS

    Mr. Matthews. Thank you, Mr. Chairman. Mr. Chairman and 
members of the committee, thank you for the opportunity to 
appear today to discuss the Office of Management and Budget's 
watch list.
    As the Department's Chief Information Officer, I oversee 
the U.S. Department of Transportation's information technology 
investment guidance, cyber security, and operational 
responsibility for the departmental network and communications 
infrastructure. I also serve as the vice chair of the Federal 
CIO Council.
    As I begin my remarks, let me stipulate that the OMB watch 
list is a management tool that DOT uses to gauge the 
effectiveness of our IT investment program. DOT recognizes that 
to comply with the Clinger-Cohen Act and other statutory 
requirements, external and internal oversight efforts 
necessitate creating watch lists for IT investments.
    OMB's watch list happens to be a well-known tool throughout 
the Government, as it uses defined requirements and multiple 
categories to identify troubled programs and agency-wide 
challenges. OMB's use of a published scoring approach creates a 
level playing field for Federal agency initiatives. Any 
individual program in any departmental agency may have 
deficiencies in any one or more measurement categories. Over 
the last several years, DOT has significantly reduced the 
number of our programs on OMB's watch list.
    To address how OMB's watch list has affected DOT's 
operations, I noted that we use it as one of several critical 
management and oversight tools. DOT also uses the FISMA 
metrics, IG and GAO audit reports, and quarterly earned value 
management data reports to identify at-risk programs.
    What differentiates the OMB watch and these other tools is 
that while unique concerns about an individual program may be 
raised in an audit report, the watch list, through its use of 
defined requirements in specific categories, provides a same 
measure view from program to program. In short, this same 
measure view allows us to see where we perform well and where 
we need to concentrate our efforts in order to strengthen our 
stewardship of the IT investments made at DOT.
    DOT's internal IT management and oversight controls, 
including the OMB watch list, are used to designate under-
performing investments as at-risk. Either the Departmental 
Investment Review Board or the operating administration review 
board must review any at-risk program. The reviewing board can 
direct corrective actions within a required timeframe, and can 
make a decision to modify, rebaseline, or possibly cancel the 
program.
    Because the criteria for OMB's watch list are applied 
across the department's investments, they help DOT focus on 
those critical program management issues that warrant agency-
wide attention. For example, 2 years ago a significant number 
of DOT's business cases found their way onto the watch list due 
to security weaknesses. DOT could have relied exclusively on 
FISMA-related metrics to increase management attention on our 
IT investments. Instead, we used an accumulated effect 
approach, letting the business case cores, FISMA measures, and 
the weight of the President's management agenda scorecard focus 
our attention on weaknesses, direct additional resources and 
guidance to resolve those issues, and ultimately to 
substantially alleviate the security weaknesses.
    The watch list provides more than department level 
visibility. Programs in and of themselves benefit from the 
measures inherent in the tool. For example, the department's 
largest agency and the one with the most IT expenditures, the 
FAA, has programs that have been on the watch list and have 
therefore made changes. In particular, on April 18th, the Air 
Traffic Controllers Association kicked off its annual technical 
conference with a special session on the OMB Exhibit 300, the 
basis on which capital programs are assessed and by which they 
make their way either on to or off of the watch list.
    At the ATCA meeting, a senior program manager indicated 
that being on the watch list forced him to be clearer about who 
the program's customers were and how the program benefited 
those customers. That manager had to improve program 
justifications and results. Through the scoring process 
weaknesses identified in earned value management and life cycle 
costing required improved budgeting and planning. The manager 
responded by employing the useful segments approach.
    In effect, by being on the watch list, the program manager 
was forced to conduct a total program review--not just improve 
the business case to get off the watch list. This is an example 
of the watch list having a positive impact on an individual 
program manager. If we stack enough of these individual program 
success stories together we can drive better results from our 
IT investments across the Government.
    As long as I am mentioning stacking these success stories 
together, I offer the following suggestion, which I intend to 
pursue with OMB and the Federal CIO Council.
    The Federal CIO Council can use agency-by-agency and 
subject area information to identify those agencies excelling, 
for example, in risk management and use those approaches as 
best practices. The Federal CIO Council would then focus 
efforts to help individual agencies struggling in this area 
implement these best practices. Programs on the watch list 
should be expected, encouraged, and directed to reach out for 
best practices, adapt and implement them, and be therefore more 
inclined to operate effectively.
    In conclusion, DOT believes OMB's watch list is one 
important component of an overall management and oversight 
process which is valuable within the individual agencies and 
for OMB. From its cross agency perspective OMB sees the good 
and the bad. Let us keep the watch list and capture from that 
process our best practices. It is my observation and experience 
at DOT that OMB has been a willing and useful partner in 
helping more effectively manage our IT resources.
    Again, I thank you for the opportunity to comment, and I 
look forward to answering your questions. Thank you.
    [The prepared statement of Mr. Matthews follows:]

    [GRAPHIC] [TIFF OMITTED] T0953.025
    
    [GRAPHIC] [TIFF OMITTED] T0953.026
    
    [GRAPHIC] [TIFF OMITTED] T0953.027
    
    [GRAPHIC] [TIFF OMITTED] T0953.028
    
    [GRAPHIC] [TIFF OMITTED] T0953.029
    
    Chairman Davis. Thank you, Mr. Matthews.
    Mr. McFarland.

                 STATEMENT OF ROBERT MCFARLAND

    Mr. McFarland. Thank you, Mr. Chairman. I am pleased to 
appear before this committee today, representing the Secretary 
and the department's information technology program.
    Like other Federal agencies, VA submits budget materials to 
the Office of Management and Budget every year. As part of this 
annual process, VA documents and justifies its expenditures for 
its major IT investments. We do this on OMB's form, Exhibit 
300, the Capital Asset Plan. VA's major IT investments will 
amount to nearly $2 billion in IT spending for fiscal year 
2006.
    OMB reviews and evaluates our Exhibit 300's against 10 
criteria, with a top score of 5 for each of the criteria. All 
10 criteria are listed in the Government Accountability 
Office's draft report on the Exhibit 300 process as well as in 
OMB Circular A-11, section 300.
    OMB created a management watch list to monitor Federal 
agencies' major IT investments that fail to meet OMB's 
standards for adequacy. When OMB places a particular IT 
investment on the management watch list, the owner agency must 
take certain specified actions, on a case-by-case basis 
depending on the investment, or submit remediation plans before 
spending the funds.
    We must modify our Exhibit 300 Capital Asset Plans to 
address OMB's concerns with our business cases currently on the 
management watch list before we can spend fiscal year 2006 
funds on those investments. I would like to note here that, as 
stated in the GAO report, if a score of 3 or less is received 
in the area of security, then the project is placed on the 
watch list. Consequently, we are focusing our energies and 
resources on meeting certification and accreditation 
requirements before the end of this fiscal year. The management 
watch list has also focused attention on VA's other 
infrastructure-type efforts such as Enterprise Architecture.
    If we do not successfully remediate our business cases 
before fiscal year 2006 begins, we are uncertain exactly what 
impact this will have on our day-to-day operations; however, we 
understand there will be increased scrutiny over all activities 
associated with the expenditures of funds for these particular 
investments.
    In closing, I would like to say that VA recognizes the 
importance of OMB overseeing how we spend taxpayers' funds. In 
the 14 months I have been at the department, we have been 
looking at our major projects with a strong business eye and 
have added external program assessments earlier in the life 
cycle. We look forward to continuing to strengthen VA's IT 
Capital Asset Plans and our overall IT portfolio management 
process.
    I would be happy to answer any questions you may have 
later, sir.
    [The prepared statement of Mr. McFarland follows:]

    [GRAPHIC] [TIFF OMITTED] T0953.030
    
    [GRAPHIC] [TIFF OMITTED] T0953.031
    
    Chairman Davis. Thank you very much.
    Ms. Parkes.

                 STATEMENT OF ROSITA O. PARKES

    Ms. Parkes. Thank you, Mr. Chairman and members of the 
committee, for this invitation to appear before your committee 
today to discuss the OMB investment management watch list.
    At the Department of Energy, the management watch list is 
an integral part of our continual efforts to ensure that IT 
investments meet their performance objectives within their 
established schedules and cost thresholds. Agencies understand 
that watch list investments are of particular importance, and 
require special attention and effort. I am proud to inform you 
that the Department of Energy does not currently have any 
investments on the watch list.
    Much of our success is attributable to our partnership with 
our DOE stakeholders, as well as our continual interaction with 
OMB on watch list investments. With our DOE stakeholders, we 
developed and institutionalized a well-defined set of criteria 
against which to measure progress. Further, we 
institutionalized regular communications with all levels of the 
organization throughout the process.
    The watch list initiative also yields benefits for DOE's 
internal investment management and budgetary review process. 
Investments on the watch list are carefully monitored, and 
their status is integrated into the department's internal 
evaluation process, which aligns with the President's 
management agenda. The watch list is a very useful tool to 
ensure that information technology investments are tracked 
against cost, schedule, and performance.
    Thank you, and I will be happy to answer any questions that 
you might have.
    [The prepared statement of Ms. Parkes follows:]

    [GRAPHIC] [TIFF OMITTED] T0953.032
    
    [GRAPHIC] [TIFF OMITTED] T0953.033
    
    Mr. Marchant [presiding]. Thank you very much.
    Ms. Schlosser.

                  STATEMENT OF LISA SCHLOSSER

    Ms. Schlosser. Mr. Chairman and members of the committee, 
thank you for the opportunity to appear today to discuss the 
effect of OMB's watch list on the Department of Housing and 
Development's operations.
    I have been the Chief Information Officer with HUD since 
February 2005. As the department's CIO, I oversee HUD's 
information technology investment management process, IT 
security program, and have operational responsibility for HUD's 
network, communications, and application hosting 
infrastructure.
    Our vision for HUD is to capitalize on the power of IT to 
support our primary business objectives of increasing home 
ownership, supporting community development, increasing access 
to affordable housing free from discrimination, and creating 
internal management efficiencies. HUD recognizes that we must 
institute effective IT capital planning and performance 
management controls to help us meet these business objectives.
    In formulating our strategy on how to continuously improve 
IT management controls, HUD has found that external oversight 
tools such as the President's management agenda scorecard, the 
Federal Information Security Management Act scorecard, and the 
OMB watch list have provided effective independent validations 
of prioritized areas for improvement. Specifically, having 
projects on the OMB watch list has prompted us to conduct 
extensive conversations with OMB to establish how we could 
improve identified weaknesses.
    Based on this independent feedback, HUD has rapidly been 
implementing a plan to improve these specific areas agency-
wide, and we are prioritizing the execution of these 
improvements in the projects identified on OMB's watch list. 
For example, over the past several months HUD has improved our 
performance management process by reviewing all of our programs 
using earned value management on a monthly basis, escalating 
programs that were exceeding cost or schedule goals to an 
executive review board for monitoring and oversight, and 
completing an enterprise architecture, and most importantly, 
accelerating our process to complete security certification and 
accreditation of our systems.
    In sum, HUD is capitalizing on various oversight tools such 
as the President's management agenda, the FISMA scorecard, and 
the OMB watch list to identify opportunities for agency-wide 
process improvements in the way we manage our critical IT 
investments. We are committed to implementing these 
improvements and anticipate that many programs will be removed 
from the OMB watch list over the next year. Most importantly, 
through the use of the watch list and other internal and 
external oversight tools, HUD will ensure that our IT 
investments effectively support our core business requirements.
    I thank the committee for its attention. I look forward to 
your questions.
    [The prepared statement of Ms. Schlosser follows:]

    [GRAPHIC] [TIFF OMITTED] T0953.034
    
    [GRAPHIC] [TIFF OMITTED] T0953.035
    
    [GRAPHIC] [TIFF OMITTED] T0953.036
    
    [GRAPHIC] [TIFF OMITTED] T0953.037
    
    [GRAPHIC] [TIFF OMITTED] T0953.038
    
    [GRAPHIC] [TIFF OMITTED] T0953.039
    
    Mr. Marchant. Thank you very much. The chairman wished for 
me to extend his apologies. We are in the midst of the energy 
bill on the House floor, there are 16 amendments being debated 
and worked on at this very moment, and this committee has some 
important parts of that bill.
    I have a few questions for each of you. Ms. Parkes, in your 
testimony you noted that you currently have no projects on the 
watch list. What steps did you take to get projects removed? Or 
have you not had any?
    Ms. Parkes. Oh, we had projects on the watch list, sir. In 
budget year 2005, we had 45 out of 68 of our projects on the 
watch list, and in budget year 2006, 12 out of 48.
    What we did was, first of all, we worked with our program 
offices--I do need to note that most of the business cases that 
are developed in the Department of Energy are not developed in 
the headquarters, they are developed by our site offices at our 
sites. So what we did was we, first of all, worked with our 
program offices that are responsible for the sites. We trained 
up front on business case development; we literally held hands 
with our program offices and the project managers responsible 
for generating the business cases. We created an internal 
scorecard that mirrored the OMB scorecard so that we could 
identify early the weaknesses that were in the business cases 
before we passed them over to OMB. And then once they went to 
OMB and where the scores were indeed weak in certain areas, we 
came back and used a remediation process, again holding hands 
with the project managers and the program offices to ensure 
that those weaknesses, the content of the business case, those 
weaknesses were strengthened. So we did that. And we continue 
to do that. We continue to provide training, we continue to use 
our information technology council and various working groups 
to help get those business cases, where they need remediation, 
remediated.
    Mr. Marchant. And what incentives or disincentives are 
given to get these off the watch list? Is there a ``or else,'' 
or is there a----
    Ms. Parkes. The Department of Energy has a management 
council that consists of the assistant secretaries and is 
chaired by the deputy secretary and review of the entire 
President's management agenda occurs at this monthly management 
council meeting. And the review of the e-Gov initiative under 
the PMA is part of that management agenda and business cases 
that are on the watch list are reviewed monthly by the 
assistant secretaries. So there is deputy secretary attention 
to the watch list.
    And also, quite frankly, the watch list is part of our 
corporate budget review. So, as Ms. Evans stated earlier, 
within the agency as well as at OMB, funding is at risk if that 
watch list business case does not get remediated. So that is an 
incentive I think, you too?
    Mr. Marchant. Yes, I think so. Ms. Schlosser, with your 
experience at the DOT, what best practices are you bringing to 
HUD?
    Ms. Schlosser. I was fortunate to serve with my colleague 
Mr. Matthews as an associate CIO with DOT and was able to 
observe a lot of best practices DOT has put in place. We have 
already adopted and implemented several of those practices at 
HUD over the past couple months. One, we have implemented and 
updated performance measurement process and, like Ms. Parkes, 
we are reviewing all of our projects on a monthly basis with an 
internal executive review board chaired by our deputy secretary 
so we can identify any projects that are heading toward a 
variance in cost and schedule.
    Second, we have completed enterprise architecture to make 
sure that all of our investments meet our primary business 
objectives. Third, and perhaps most importantly, we have 
accelerated a process using best practice methodologies to 
complete security certification and accreditation of our 
systems. We feel that by adopting and implementing these best 
practices we are positioned to really improve our IT management 
and controls internally, and, in fact, have already done so. 
Thank you, sir.
    Mr. Marchant. Thank you.
    Mr. Matthews, is the Federal CIO Council offering any 
advice to agencies on how to get projects removed from the 
watch list?
    Mr. Matthews. This year, sir, the CIO Council stood up a 
best practices form into which the participating agencies can 
put their best practices. That is being made available to the 
agencies online as well as contact information, so one agency 
can call another. I do believe that we can capture more best 
practices by identifying those agencies that are consistently 
green in one of those criteria areas, post them to the Web 
site, and then work with the agencies to help them install 
those best practices. So the facility is there and we look 
forward to working with the agencies to raise all boats with 
that single tide.
    Mr. Marchant. Do you find that agencies that begin to have 
problems go through a period of not wanting those problems to 
exactly be known by other agencies at the very beginning, and 
they might try to solve their own problems for a while before 
they finally admit we have a problem here, we need help?
    Mr. Matthews. Yes, sir, I believe human nature drives us to 
try and solve our own problems. But certainly by publishing 
best practices, part of that I would envision CIOs just 
reaching out to that data base to see what is there and then 
calling a fellow CIO and saying, hey, how did you go about 
doing this? I think we are trying to facilitate that so people 
can reach out and get expert opinions and advice without the 
need to feel unwanted pressure or recriminations for trying to 
solve problems.
    Mr. Marchant. Mr. McFarland, are there unique challenges at 
the VA that other agencies do not face that you feel like you 
are having to face?
    Mr. McFarland. Well, after 14 months, sir, I would say yes. 
First off, I think it is fair to say we are a work in progress. 
We are the second largest agency in Government, about 230,000 
employees, another 200,000 contractors. So scale is a huge 
problem for us. And as we have run into problems, the scale of 
those problems is quite a management challenge. We also suffer 
from lack of centralized management, which we are investigating 
a change on.
    But we are basically a large decentralized organization 
with funding directly to those organizations. We suffer from 
what I would call large legacy IT programs that truly need to 
be taken out of the stovepipe manner and put into some degree 
of enterprise architecture, which we have not done a good job 
of developing over the last few years.
    We have also suffered from what I would call lack of 
program management. We are in the process of establishing an 
enterprise project management office very similar to what DOD 
uses to manage large, complex projects. Because many of our 
projects are $100 million projects, not $10 million projects, 
the risk that we run by not managing them properly is a huge 
financial risk.
    But I believe that with the current management team in 
place, and the benefit of having I would consider the 
Government's best mission, which is to take care of our 
veterans, I think we have a lot of incentive to change the way 
we have managed the agency in the past from an IT perspective 
and move forward with some change.
    Mr. Marchant. I think I will just ask one more followup 
question before we conclude. You heard the earlier discussion 
between OMB and GAO. Do you have feelings about whether there 
ought to be a published list, or do you feel like the way it is 
being handled now is preferable to the agencies?
    Mr. Matthews. I believe sharing the information so that we 
can garner the best practices is in the interest of the Federal 
Government. The use of the term ``publish'' remains to be seen 
how far we publish it. Do we list, for instance, if security is 
a measure, do we actually want to publicly list these major 
programs and whether they have ``security problems'' or not. 
Probably that is not in our best interest. But taking the 
information and stacking it together so we can find those areas 
that have routinely performed well and capitalize on them I 
believe is something that we should do.
    Mr. Marchant. I would like to thank both panels for 
appearing today. The chairman has asked me to thank you for 
being here. We look forward to having you appear before the 
committee again.
    The committee now stands adjourned.
    [Whereupon, at 11:17 a.m., the committee was adjourned.]
    [The prepared statement of Hon. Elijah E. Cummings 
follows:]

[GRAPHIC] [TIFF OMITTED] T0953.040

[GRAPHIC] [TIFF OMITTED] T0953.041

[GRAPHIC] [TIFF OMITTED] T0953.042

[GRAPHIC] [TIFF OMITTED] T0953.043

                                 
