[Senate Hearing 109-972]
[From the U.S. Government Publishing Office]


                                                        S. Hrg. 109-972
 
        IT PROGRAMS AT RISK: IS IT TOO LATE TO SAVE $12 BILLION? 
=======================================================================
                                HEARING

                               before the

                FEDERAL FINANCIAL MANAGEMENT, GOVERNMENT
                     INFORMATION, AND INTERNATIONAL
                         SECURITY SUBCOMMITTEE

                                 of the

                              COMMITTEE ON
                         HOMELAND SECURITY AND
                          GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE


                       ONE HUNDRED NINTH CONGRESS

                             SECOND SESSION

                               __________

                           SEPTEMBER 7, 2006

                               __________

        Available via http://www.access.gpo.gov/congress/senate

       Printed for the use of the Committee on Homeland Security
                        and Governmental Affairs

                              -------

                     U.S. GOVERNMENT PRINTING OFFICE

30-594 PDF                 WASHINGTON DC:  2007
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office  Internet: bookstore.gpo.gov Phone: toll free (866)512-1800
DC area (202)512-1800  Fax: (202) 512-2250 Mail Stop SSOP, 
Washington, DC 20402-0001











        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                   SUSAN M. COLLINS, Maine, Chairman
TED STEVENS, Alaska                  JOSEPH I. LIEBERMAN, Connecticut
GEORGE V. VOINOVICH, Ohio            CARL LEVIN, Michigan
NORM COLEMAN, Minnesota              DANIEL K. AKAKA, Hawaii
TOM COBURN, Oklahoma                 THOMAS R. CARPER, Delaware
LINCOLN D. CHAFEE, Rhode Island      MARK DAYTON, Minnesota
ROBERT F. BENNETT, Utah              FRANK LAUTENBERG, New Jersey
PETE V. DOMENICI, New Mexico         MARK PRYOR, Arkansas
JOHN W. WARNER, Virginia

             Michael L. Alexander, Minority Staff Director
                  Trina Driessnack Tyrer, Chief Clerk


FEDERAL FINANCIAL MANAGEMENT, GOVERNMENT INFORMATION, AND INTERNATIONAL 
                         SECURITY SUBCOMMITTEE

                     TOM COBURN, Oklahoma, Chairman
TED STEVENS, Alaska                  THOMAS CARPER, Delaware
GEORGE V. VOINOVICH, Ohio            CARL LEVIN, Michigan
LINCOLN D. CHAFEE, Rhode Island      DANIEL K. AKAKA, Hawaii
ROBERT F. BENNETT, Utah              MARK DAYTON, Minnesota
PETE V. DOMENICI, New Mexico         FRANK LAUTENBERG, New Jersey
JOHN W. WARNER, Virginia             MARK PRYOR, Arkansas

                      Katy French, Staff Director
                 Sheila Murphy, Minority Staff Director
            John Kilvington, Minority Deputy Staff Director
                       Liz Scranton, Chief Clerk














                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Coburn...............................................     1
    Senator Lautenberg...........................................     4
    Senator Carper...............................................    10

                               WITNESSES
                      Thursday, September 7, 2006

Karen Evans, Administrator for Electronic Government and 
  Information Technology, U.S. Office of Management and Budget...     6
David A. Powner, Director, Information Technology Management 
  Issues, U.S. Government Accountability Office..................     8

                     Alphabetical List of Witnesses

Evans, Karen:
    Testimony....................................................     6
    Prepared statement...........................................    30
Powner, David A.:
    Testimony....................................................     8
    Prepared statement...........................................    36
    Questions and responses for the record.......................    59

                                APPENDIX

Charts submitted by Senator Coburn...............................    27


        IT PROGRAMS AT RISK: IS IT TOO LATE TO SAVE $12 BILLION?

                              ----------                              


                      THURSDAY, SEPTEMBER 7, 2006

                                     U.S. Senate,  
            Subcommittee on Federal Financial Management,  
        Government Information, and International Security,
                            of the Committee on Homeland Security  
                                          and Governmental Affairs,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 9:34 a.m., in 
room 342, Dirksen Senate Office Building, Hon. Tom Coburn, 
Chairman of the Subcommittee, presiding.
    Present: Senators Coburn, Carper, and Lautenberg.

              OPENING STATEMENT OF CHAIRMAN COBURN

    Chairman Coburn. Good morning. The Subcommittee on Federal 
Financial Management will come to order.
    We are having a hearing today on IT projects of the Federal 
Government. I have an opening statement, which I will not read. 
I will place it into the record and a copy will be given to 
each of you.
    This year, we are going to spend $64 billion on IT in the 
Federal Government. That is $15,000 per Federal employee per 
year. When we went to the private sector, we saw very few 
industries who spend that amount of money per employee on IT. 
There are some, but very few. The ratio is significant.
    A couple of things that we are looking at, this first 
poster\1\ shows what the budget is for IT, the watch list, and 
the percentage of the IT budget for Management Watch List 
projects. You can see for the 2007 budget, it looks like only 
$9.9 billion. Some of the things we will raise today is whether 
or not that $9.9 billion is accurate. We have some major 
concerns that may not be accurate, although I would defer until 
we hear the actual testimony.
---------------------------------------------------------------------------
    \1\ The chart referred to appears in the Appendix on page 27.
---------------------------------------------------------------------------
    The concern is spending $64 billion, first of all, are we 
getting our money's worth for it? I have some real problems 
with the Exhibit 300 process, and the problems that I see with 
that is it seems to me that many of the Exhibit 300s are not 
written by the agencies but rather by the contractors to get 
the approval in the first place, which I think is a large 
conflict of interest for the agencies. The contractors should 
not be writing those. In fact, the agency should be writing 
them if, in fact, they think they need these IT projects.
    The second poster that is up there on the Management Watch 
List 2007,\2\ in terms of the percentage of projects that are 
on there, from 857 projects that are proposed in 2007, 263 of 
these are on that. That doesn't necessarily mean there is a 
financial problem, but there may be a management or execution 
problem that is vital to the country, and I think to have 31 
percent of the projects, we are worrying about them, says a 
whole lot about some of our IT management.
---------------------------------------------------------------------------
    \2\ The chart referred to appears in the Appendix on page 28.
---------------------------------------------------------------------------
    I do want to compliment OMB on their working with us. It is 
really great to have an agency that will communicate with you, 
be fair and open and honest, and is trying to do the right 
things to right our government in terms of spending our 
deficits and getting good management tools in place, and I have 
been impressed with the quality and the openness with which our 
staffs and Mr. Portman has been available to us and his staff.
    The final poster shows performance shortfalls and how they 
break down and the number of IT projects with performance 
shortfalls.\1\ That number is actually on the rise, which gives 
me great concern. If you look at unclear baselines, you see 
what was happening in September and December and March of 2006. 
If you look at cost and schedule variance exceeding 10 percent, 
you see that number is on the rise, where you have 25 percent 
of the projects, the cost and scheduling variance is greater 
than 10 percent.
---------------------------------------------------------------------------
    \1\ The chart referred to appears in the Appendix on page 29.
---------------------------------------------------------------------------
    And probably even more troublesome is that the project 
managers for the projects are not qualified to be running the 
managements, which may be one of the reasons why we are seeing 
the costs and scheduling and the unclear baselines. And then, 
finally, duplication of projects, which is also concerning.
    The key point that I want to get across with this hearing 
is just to get a better understanding of where we are on IT. 
Can we save money?
    The final point that I would make is the ability for us to 
look at and manage IT, I believe needs to be streamlined 
somewhat, and with that needs to come not cost-plus contracts, 
but the idea that if we have a clear goal in mind of what we 
want to accomplish, there, in fact, ought to be quotes out 
there for people to accomplish the goal without cost overruns, 
without more money, without more time, and they ought to sign a 
contract and have to perform. I would guarantee you, not very 
many businesses allow open-ended cost-plus contracts on IT. 
They get a quote, they have it competitively bid, there is a 
contract signed, and the requirements are met in the contract 
and if they are not met, they are enforced in a court of law. 
The idea that we have contracts that aren't performing or are 
over cost tells us that some of our problems are in our 
contracting to begin with.
    So the whole goal is to look at this, to see what we can 
do. It is not to point fingers. It is not to say--I believe the 
efforts to get this under control are underway at OMB and I 
want to compliment them on that. I want to thank the GAO, as 
well, for being here and for their work on this, because I 
think it is important, and it is a large segment. Sixty-four-
billion dollars a year spent on IT is a lot of money and we 
ought to be getting $64 billion worth of value for it and we 
need to make sure that we continue to do that in years forward.
    Again, I would compliment the President's agenda in terms 
of management agenda, what he has put in in a lot of areas. I 
know it is slow to come, but we are seeing progress and I think 
that is great. But oversight is about looking at it and making 
sure the pressure is there to continue to do the same thing.
    [The prepared statement of Chairman Coburn follows:]
                  PREPARED STATEMENT OF SENATOR COBURN
    Not very long ago, it would have been possible to find offices in 
which employees did not rely much on computers--today, it would be 
unthinkable. Information technology has come to occupy so central a 
position in our work that we can barely remember what we did before we 
all had cell phones, blackberries, laptops and email.
    The Federal Government is no exception: One of the fastest growing 
IT markets is within Federal agencies. IT projects of all kinds can 
speed communications, secure critical records, squeeze out 
inefficiencies and save time. Americans are now able to interact with 
their government in ways never before dreamed of because of the huge 
strides we've made in IT.
    None of this, though, has come without a huge cost. Our government 
has invested hundreds of billions of dollars in IT throughout all 
Federal agencies. In fiscal year 2007 alone, the Administration has 
requested $64 billion to fund more than 850 IT projects. Money will be 
spent on everything from defense weapons systems to electronic payroll 
and everything in between. But, with this huge investment, the 
government also carries a huge risk. IT projects are complex and 
especially prone to schedule delays, cost overruns and, sometimes, they 
are obsolete before they are even operational. In other words, IT 
projects are highly susceptible to waste if we are not vigilant in 
oversight.
    Providing some of that needed oversight is why we're here today. I 
want to thank my colleague, Senator Carper, for suggesting the need for 
this hearing. GAO has identified upwards of $12 billion in Federal IT 
projects with significant potential for waste if the right measures are 
not taken. As a percentage of a $64 billion IT budget, $12 billion at 
risk is an extremely large percentage. It means that nearly one in five 
Federal dollars that the Federal Government will spend on IT in the 
coming year may result in failure and waste. This potentially wasteful 
spending is an enormous problem, and one which the Federal Government 
cannot afford, especially now, but not ever.
    To put $12 billion in perspective:

      It is about twice as much as the entire budget of the 
Department of Commerce.
      With an average income of $43,000 in this country, it 
also represents the salary of nearly 280,000 working Americans.
      $12 billion is the collective amount of money that more 
than 5,700 Americans with college degrees will earn in a LIFETIME.
      Finally, to waste $12 billion would be tantamount to 
taking the taxes sent in by 1.5 million people and flushing it down the 
toilet.

    We must do anything and everything to steward this money so that 
doesn't happen.
    The responsibility of overseeing all Federal IT spending falls to 
the Office of Management and Budget. OMB reviews all IT projects on a 
regular basis to ensure that agencies are not spending money on 
wasteful projects, and keeps a close eye on the projects with problems. 
to this end, I want to congratulate the Office of Management and Budget 
for taking certain positive steps to keep track of the projects that 
pose the greatest risk of failure. It has developed two separate lists, 
each with a slightly different function: The High-Risk List and the 
Management Watch List. The High-Risk List is primarily to keep track of 
projects with potential performance problems, while the Management 
Watch List tracks projects planning problems. Essentially, one list for 
those projects planned well, but prone to failure in execution, and 
another list for those not even planned well from the start.
    Placing a project on either one of these lists is a very serious 
matter. A project is only placed on either list if it is usually risky. 
The disturbing reality is that, of the 857 Federal IT projects to be 
funded in 2007, 452 are currently on one or both of these lists. That 
means a staggering 53 percent of all IT projects are at serious risk. 
The $12 billion total is obtained from adding the value of all projects 
on the Management Watch List--$9.9 billion--to the value of High-Risk 
List projects with known ``performance shortfalls''--$2.2 billion. 
Numbers like this serve as a wake up call that something must be done 
to ensure Federal IT projects are being well managed and given proper 
oversight.
    Twelve billion dollars is bad enough. But I suspect that the real 
number is even higher. In June, this Subcommittee held a hearing on the 
Census Bureau, and discovered that the Bureau currently has a $1.8 
billion contract for its technology needs in the 2010 Census. That 
contract, the Decennial Response Integration System, or DRIS, is 
experiencing so many problems at the moment that the Census Bureau is 
threatening to scrap it and go back to a pen and paper census, adding a 
billion dollars or more to its costs. So imagine our surprise, to find 
that this contract does not appear on either of OMB's two lists, the 
High-Risk List or the Management Watch List. Adding this project alone 
to the list would increase the amount of IT projects at risk of waste 
from $12 billion to more than $13 billion.
    Similarly, GAO has uncovered other projects worth billions of 
dollars that meet the criteria for placement on one of these two lists 
that do not show up either. This means that $12 billion may be a floor, 
rather than a ceiling.
    Further leading me to believe that the total dollar figure at risk 
is higher than currently known has to do with the business cases, or 
Exhibit 300s, submitted by agencies. Exhibit 300s are planning 
documents that agencies fill out and send to OMB to explain their plans 
for costs, schedule and other important items before a project ever 
gets funding. I am concerned that contractors responsible for carrying 
out the work may actually be the ones filling out exhibit 300s on 
behalf of the agencies they work for. If so, this would present an 
enormous conflict-of-interest, whereby contractors could be responsible 
for not only setting agency priorities, but also benefiting financially 
from them.
    Finally, my last concern gets at an issue very near to the heart of 
what this Subcommittee has tried to promote: Transparency and sunshine. 
Transparency means allowing Congress and the public to know how their 
hard-earned money is spent. At the very least, the information should 
be given to Congress, which is asked to make decisions about spending 
taxpayer dollars. This is especially true for the government's most at-
risk IT projects. But, as of today, OMB has kept the Management Watch 
List internally and used it for its own planning purposes.
    The Management Watch List consists of 263 projects and represents 
$9.9 billion of the government's total $64 billion in IT spending for 
2007. Each of the projects on this list is there because it has serious 
planning weaknesses. I believe that Congress has a right to know not 
only what these projects are, but also why we are funding projects that 
have been poorly planned. I look forward to working with OMB to find a 
way forward by which Congress can know more fully what problem projects 
it is funding while enabling OMB to do its job as well.
    It is my hope that this hearing will provide a needed spark to try 
and get a better grasp on Federal IT spending. We cannot sit idly by 
and watch billions of dollars be put at risk year-by-year, with 
American citizens paying the price. Our goal should be to minimize that 
risk to the greatest degree possible and do everything in our power to 
protect the precious financial resources entrusted to us by Americans 
each year.
    I want to thank the witnesses for being here today to discuss this 
important issue.

    Chairman Coburn. Senator Carper will be here in a moment. 
He is on the floor. I would like to recognize Senator 
Lautenberg at this time.

            OPENING STATEMENT OF SENATOR LAUTENBERG

    Senator Lautenberg. Thanks, Mr. Chairman. This is an 
especially meaningful review because, as you noted, $64 billion 
being spent on IT, information technology, is about $25,000 per 
Federal employee. That is a huge sum of money. Federal agencies 
from the Defense Department to the Department of Veterans' 
Affairs are funding IT projects that don't meet clear baselines 
and don't maintain their cost projections, don't stick to 
schedule, and don't seem to have qualified project managers.
    Now, I have been in the business world and in the IT world. 
I started a company called Automatic Data Processing, ADP as it 
is commonly known, a company that employed IT at its very 
earliest developmental stages. That company now processes one 
out of six paychecks given to employees throughout the country. 
We could never have succeeded if we had managed our technology 
as does the government.
    It seems it is very hard to get a handle around projects 
that we do in government. Mr. Chairman, I was very active on 
the Transportation Subcommittee in my former iteration and we 
started out with projects with the best companies, you name it, 
the computer companies, and none of them succeeded because of 
magnitude of the project was never really understood, and these 
things have to be done, in my view, modularly to make sure that 
you have appropriate benchmarks to guide yourself by, guide 
your progress by, and not expect to be able to solve major 
problems in a single setting.
    So when we look at the $12 billion that could be wasted by 
poor planning, poor management and planning, just think, it 
could provide health care coverage for 85 percent of the 
children in America. It could send more than two million bright 
young Americans to universities. So wasting that kind of money 
is a disgrace. It is unacceptable. We are working hard to make 
our dollars go further and the last thing we ought to do is be 
throwing them away casually. To avoid this, we have got to hold 
people and government agencies accountable.
    Mr. Chairman, thanks again. This is consistent with your 
view of how we ought to manage government, and I agree totally, 
so we will hear from the witnesses and go on.
    Chairman Coburn. Thank you.
    Let me introduce, if I may, Karen Evans. She is the 
Administrator for E-Government and Information Technology at 
OMB. Previously, she served at the Department of Justice as an 
Assistant Director for Information Services and then as 
Division Director for Information System Management. Prior to 
that, she was Deputy Director for the Applications Management 
Division at the Department of Agriculture. She has an MBA from 
West Virginia University.
    I would also like to introduce David Powner. He is the 
Director for Information Technology Management Issues at the 
Government Accountability Office. He has been with GAO for 14 
years. After 10 years at GAO, though, Mr. Powner took a break 
and worked in the private sector for 4 years in the 
telecommunications industry. He has now been back at GAO for 4 
years and brings with him a depth of knowledge about both 
private and Federal IT management.
    I would like to recognize you both. You can take the amount 
of time that you need to take in terms of your opening 
statements. Senator Carper will arrive somewhere between your 
opening statements and we will allow him to make a statement at 
that time.
    Ms. Evans.

   TESTIMONY OF KAREN EVANS,\1\ ADMINISTRATOR FOR ELECTRONIC 
     GOVERNMENT AND INFORMATION TECHNOLOGY, U.S. OFFICE OF 
                     MANAGEMENT AND BUDGET

    Ms. Evans. Good morning, Mr. Chairman and Members of the 
Committee. My remarks today will focus on the Administration's 
strategy and progress in planning, managing, and measuring the 
results of the Federal Government's information technology 
investments.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Evans appears in the Appendix on 
page 30.
---------------------------------------------------------------------------
    The President has proposed to spend roughly $64 billion in 
fiscal year 2007 for information technology and associated 
support services to support the multiple and wide-ranging 
missions of the Federal Government. When performing 
appropriately, these IT investments help improve the ability of 
the government's programs and operations to more effectively 
deliver services, products, and information to State, local, 
and Tribal Governments, industry, nonprofit organizations, and 
the American people.
    In particular, you have requested a discussion about two 
specific tools we use throughout the year to manage information 
technology investments, the Management Watch List and our high-
risk list of projects. I plan to discuss our overall process 
for managing investments given our tools and how OMB executes 
its responsibilities using various methods, such as reviewing 
agencies' annual budget submissions, engaging with agencies 
throughout the year on issues such as the E-Government 
scorecard of the President's Management Agenda, and monitoring 
specific projects of interest to OMB, what we call the high-
risk list projects.
    OMB reviews and evaluates the business cases as part of our 
overall evaluation of an entire agency budget submission. 
Business cases are primarily planning documents and do not 
reflect the actual project performance. Performance information 
is obtained through other means that I will describe later. It 
is important to note, though, that OMB is not the only intended 
audience for the business case. The primary audiences should be 
and are the agency officials and their investment review 
boards. These managers should use the business cases to 
effectively manage their own IT portfolios and to submit to OMB 
only those investment requests that meet the criteria specified 
in law, OMB policies, and supporting the priorities of the 
Administration. For the fiscal year 2008 budget cycle, agencies 
will be required to post on their agency website within 2 weeks 
of the release of the President's budget these updated 
exhibits, which will reflect the final Presidential decisions.
    Business cases reflecting one or more planning weaknesses 
are placed on what we call the Management Watch List and they 
are targeted for follow-up and correction. We continue to use 
the Management Watch List as one of the many tools that we use 
to oversee planning activities for the investments and to drive 
improved portfolio management. The fiscal year 2007 budget, as 
you have pointed out, is approximately $64 billion for IT and 
associate support services. Included in there is 857 business 
cases of which the 263 were valued at $9.9 billion not meeting 
this criteria for success.
    As of this hearing, I am pleased to report that this year's 
list has now been reduced to 86 investments valued at $4.5 
billion.
    While over the past several years agencies have improved 
the quality of their IT project planning and justification, we 
have recognized the need to continue this improvement 
throughout the life cycle into the execution phase of the IT 
project. This time last year, we issued new guidance 
specifically to assist the agencies in monitoring and improving 
project planning and execution and the implementation of earned 
value management for their IT projects. The objective is to 
manage the risk associated with an IT investment or project to 
achieve the intended outcomes. Each quarter, agencies evaluate 
and report to us on the performance of these high-risk 
projects.
    These projects are high risk, not at risk, thus the 
definition of high risk. These projects require special 
attention from the highest levels of agency management and 
oversight authorities, including OMB, agencies' Inspectors 
General, and GAO. For an example, a project could be classified 
as high risk because of the exceptionally high cost, and even 
if this project is performing well, we would still ask and 
classify it as a high-risk project.
    The goal is for the oversight authorities and agency 
management to have data on how these projects are performing at 
least quarterly to better ensure improved execution and 
performance. Agency managers and oversight authorities should 
know within 90 days, if not sooner, if a project is not 
performing well. The goal is to manage project risk and avoid 
problems or catch them early enough, should they occur, before 
the taxpayers' dollars are wasted.
    It is also important to note that this policy is designed 
to supplement and complement our existing oversight and agency 
internal processes, not to replace them. This policy is 
separate and apart from the Management Watch List and discusses 
and presents to oversight authorities information differing in 
focus, timing, and expected results.
    OMB oversees the agencies' activities under the President's 
Management Agenda and its associated quarterly reporting 
process. Each quarter, agencies receive a scorecard about their 
progress and status in achieving the government-wide goals. We 
deliberately include a criterion for acceptable business cases 
to underscore it is at the core of an essential management 
practice and issue. The acceptability of business cases is just 
one of the number of critical components agencies must satisfy 
to get green or yellow on the scorecard. If the business case 
criteria are not successfully met, agencies do not move 
forward, regardless of their performance on other elements of 
the scorecard.
    Additionally, our oversight of agencies' investment 
requests over the past 2 years have identified widespread 
weaknesses in agencies' abilities to meet cost, schedule, and 
performance goals. Therefore, we now emphasize earned value 
management as a key feature of the quarterly scorecard.
    And finally, the recent GAO report revealed questions about 
the validity of the agencies' information in the Exhibit 300 
submitted to OMB. We are working with each of the agencies to 
correct these problems and to ensure that they do not occur in 
the future.
    We do have many examples of success, two of which I 
included in my written statement, and there are more. Each year 
in OMB's report to Congress on the implementation of the E-
Government Act, we included one example of the success stories 
from the agencies. The agencies include more information in 
their own annual E-Government reports and publish them on their 
websites. However, we do need to continue improvement and build 
upon these successes to ensure that we do not waste the 
taxpayers' dollars with duplicative investments or unsuccessful 
IT projects.
    I thank you for this opportunity to discuss the 
Administration's strategy and we look forward to continue to 
work with the agencies and with Congress for new opportunities 
to refine our oversight and improve the execution of our 
projects.
    Chairman Coburn. Thank you, Ms. Evans. Mr. Powner.

    TESTIMONY OF DAVID A. POWNER,\1\ DIRECTOR, INFORMATION 
 TECHNOLOGY MANAGEMENT ISSUES, U.S. GOVERNMENT ACCOUNTABILITY 
                             OFFICE

    Mr. Powner. Dr. Coburn, Ranking Member Carper, and Senator 
Lautenberg, we appreciate the opportunity to testify on poorly 
planned and performing IT projects across the Federal 
Government.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Powner appears in the Appendix on 
page 36.
---------------------------------------------------------------------------
    In fiscal year 2007, the Federal Government plans to spend 
nearly $65 billion on information technology. Agency CIOs are 
accountable for ensuring their agency investments are 
appropriately selected, meaning they are tied to mission 
improvements and appropriately overseen, meaning that progress 
is monitored through proven performance measures and corrective 
actions taken when needed. GAO's reports and others have 
highlighted that there is much room for improvement in these 
areas. Given this, OMB's statutory responsibility, to establish 
processes to analyze, track, and evaluate the risks and results 
of major capital IT investments, is critical.
    To its credit, OMB has established several processes and 
criteria to improve the management of Federal IT projects, 
including the E-Government scorecard associated with the 
President's Management Agenda, the Management Watch List that 
identifies poorly-planned projects, and high-risk projects that 
identify poorly performing projects.
    This morning, I will summarize three key points. First, 
agencies and OMB annually identify hundreds of IT projects 
representing billions of dollars that are poorly planned or 
performing. Second, our work has shown that the number of 
troubled projects is likely even higher. And third, 
opportunities exist to oversee these projects better.
    First, over 300 projects totaling more than $12 billion in 
estimated IT expenditures have been identified on OMB's 
Management Watch List or as a high-risk project with 
performance issues. Specifically, in the President's budget, 
OMB reported that 263 projects representing about $10 billion 
is on the Management Watch List. Today, OMB is reporting that 
this number is now 86 projects totaling $4.5 billion, still 
significant.
    In addition, agencies reported that 79 high-risk projects 
collectively totaling more than $2 billion had performance 
shortfalls. Highlighting these projects with shortfalls creates 
tremendous opportunities to correct deficiencies in these 
investments that comprise a significant portion of the Federal 
IT budget.
    Our work has shown that the number of projects is likely 
even higher. OMB derives projects on its Management Watch List 
based on a detailed review of IT budget justifications, called 
Exhibit 300s. Our evaluation of Exhibit 300s showed that the 
information reported in them is not always accurate or 
reliable. This is not surprising, since there is pressure to 
overstate budget justifications so that investments can make 
the selection cut and to keep them off of OMB's oversight 
radar. Ensuring reliability of information in the Exhibit 300s 
is essential for many reasons, including an accurate Management 
Watch List.
    For the high-risk projects, we found that agencies do not 
always consistently apply OMB's criteria for identifying these 
projects. For example, we found projects that we have reported 
on and testified on that have clearly met OMB's criteria that 
were not listed. These included a key census system and 
environmental satellite acquisitions that are both laden with 
risks.
    In addition, the charts in my written statement that lists 
the number of poorly-performing projects by agencies raises 
many questions. For instance, how can DOD only have five 
performing projects when they comprise $30 billion of the 64? 
In addition, NASA reported no projects.
    In addition to improving how these projects are identified, 
improvements are also needed in how these deficiencies are 
followed up on, tracked to resolution, and reported. OMB does 
not aggregate either list. We have never seen the complete list 
of Management Watch List projects, as OMB keeps this 
information in-house. In addition, we have found the processes 
of following up on the watch list projects to be ad hoc and are 
concerned that this may leave unattended weak projects 
consuming significant budget dollars. Contrary, the high-risk 
projects are available for IGs and GAO and their follow-up is 
transparent through a quarterly reporting process.
    To take full advantage of both lists, we recommended that 
OMB aggregate each list so that government-wide analysis can be 
performed, resolution of deficiencies can be tracked, and the 
list of specific projects can be shared with the Congress to 
assist in the Administration's oversight. Until this occurs, 
OMB is missing an opportunity to seek assistance in assuring 
that agencies address project weaknesses.
    In summary, OMB should be commended for its many efforts to 
identify projects at risk and to raise the bar on CIO 
accountability. But, Mr. Chairman, this bar has a ways to go. 
First, OMB's oversight starts with accurate data being reported 
to them. Data used to identify both watch list and high-risk 
projects needs to be improved and OMB needs to round out its 
oversight of these projects. Until this is done, not all 
problem projects will be identified, nor do we have assurance 
that follow-up on identified problems is enough to keep 
billions of dollars from being wasted.
    This concludes my statement. I would be pleased to respond 
to questions at this time.
    Chairman Coburn. Thank you, Mr. Powner.
    Welcome, Senator Carper. Let me give due credit to Senator 
Carper. The idea behind this hearing is his and his interest in 
making sure we are efficient. I am pleased that we are able to 
have this hearing. I also would say that this won't be the only 
hearing on IT that this Subcommittee will have. We are going to 
watch this.
    Senator Carper, you are recognized for an opening 
statement.

              OPENING STATEMENT OF SENATOR CARPER

    Senator Carper. Thanks so much. I apologize to our 
witnesses for not arriving earlier. As I think the Chairman 
knows, we begin every day in the U.S. Senate with an opening 
prayer and oftentimes the prayer is given by the Senate 
Chaplain, Barry Black. Occasionally, we have a guest who 
presents the opening prayer and today that person was from 
Delaware, the leader of our Greek-American community, and I 
wanted to be there to welcome him, so I missed, unfortunately, 
all of your statement, Ms. Evans, and part of yours, Mr. 
Powner.
    I am grateful to the Chairman for agreeing to schedule the 
hearing and I am thankful to my own staff and to our majority 
staff for working with us to make it a good one.
    There is a lot of money involved in these projects. As the 
Chairman noted, no one is more committed in the Senate than he 
is to finding ways to bring down our budget deficit and 
reestablish some fiscal sanity around here, and we can't ignore 
the potential savings that we can accrue by putting in place 
solid, sound IT projects. That is good to the extent that there 
are those that are running off the track and we can identify 
those and try to get them back on track. That is critically 
important, as well.
    I remember from my own experience in my old job, my last 
job as governor, the money that we spent and money that we 
invested in IT projects of all kinds. Some of them were able to 
enable us to save a lot of money, and frankly, some of them 
cost a bundle and didn't, at the end of the day, we didn't have 
as much to show for them that we wanted to. They are not easy 
to do well, and frankly, the oversight in some cases, at least 
in our case, wasn't what I would have liked.
    I am grateful to our friends from GAO for trying to help us 
in our oversight missions to make sure that to the extent that 
we can, we play the appropriate watchdog role, not just being 
critical but being constructive, asking the right questions as 
we go forward.
    I have a statement that I would like to enter for the 
record, Mr. Chairman. I am grateful that we are here. This is 
good stuff. Thank you.
    Chairman Coburn. Without objection, your statement as well 
as mine will be entered.
    [The prepared statement of Senator Carper follows:]
                  PREPARED STATEMENT OF SENATOR CARPER
    I want to thank Chairman Coburn for holding today's hearing to 
focus on how the OMB will ensure the success of potentially $12 
billion--as of this hearing, $7 billion-at-risk information technology 
projects. As our witnesses will testify to, the President has proposed 
to spend nearly $64 billion in FY 2007 for information technology. 
Without the needed investments in information technology, our 
government could not conduct its everyday business. As we all know, 
investment in information technology is not a one stop deal. 
Implementing and maintaining information technology involves detailed 
planning--with clear costs, project schedules, and performance goals. 
Within Federal agencies, Chief Information Officers and project 
managers are among the many that have the responsibility to ensure that 
information technology projects are implemented in the most efficient 
manner. We in this room--our Subcommittee, the Office of Management and 
Budget, and the GAO--also have the responsibility to conduct oversight 
on Federal information technology investments. It's unfortunate that 
not all information technology projects are implemented in the most 
efficient manner.
    As the OMB will testify to, there are currently 226 information 
technology projects classified as ``high-risk.'' The OMB also has 86 
information technology projects listed on their ``Management Watch 
List.'' Information technology projects that are the most at-risk of 
planning and performance shortfalls total nearly $7 billion in Federal 
funds. What we will hear today is that $7 billion worth of information 
technology projects is in serious risk of being wasted unless:

      The OMB improves its oversight of at-risk information 
technology projects, and
      Agenceis improve their reporting on all information 
technology projects.

    Due to problems with the OMB's classification of high-risk projects 
and projects on the Management Watch List, I believe the OMB cannot 
possibly be carrying out adequate oversight of information technology 
projects. Not only does the OMB not keep running-aggregate lists of the 
Management Watch List and high-risk projects, the OMB does not have 
consistent processes for following-up on at-risk projects.
    In my opinion, one of the most concerning problems, which the GAO 
will testify to, is that agencies often inadequately report information 
on their information technology projects. Agencies are required to 
justify resource requests for major information technology projects on 
forms that the OMB calls Exhibit 300s. Unfortunately, information on 
these forms is often inadequate. Agencies tend to leave out necessary 
documentation and include unreliable cost estimates. Therefore, 
according to the GAO, the OMB is depending on unreliable information 
when monitoring the management of major information technology projects 
and making critical funding decisions. Since the OMB derives its 
information from Exhibit 300s when placing projects on its Management 
Watch List, I believe that the number of projects on that list 
(approximately 86) is likely to be understated.
    Until we fix these problems, the Federal Government risks losing 
billions of dollars from the shortfalls of the most at-risk information 
technology projects. Personally, I believe that both the OMB and 
Federal agencies can do better and we must. I look forward to hearing 
suggestions from our witnesses on how we can improve oversight of the 
most at-risk information technology projects.
    Thanks you.

    Chairman Coburn. I am going to start off our questioning. I 
want to try to get an understanding of process a little bit. We 
have an Exhibit 300. This is a justification for a project, is 
that correct?
    Ms. Evans. It is a justification for an investment.
    Chairman Coburn. For an investment in IT----
    Ms. Evans. Yes, sir.
    Chairman Coburn [continuing]. To save money?
    Ms. Evans. Well, not necessarily to save money, as well. It 
is a justification in order to meet a business need or 
requirement.
    Chairman Coburn. All right. And that is approved by an 
agency Secretary and that is approved by a management review 
board, is that correct?
    Ms. Evans. Yes, sir. Within an agency, there is an 
investment review board and then the CIO is to manage the 
investment review process, and it is included in the project 
and then gets submitted by the Secretary.
    Chairman Coburn. So that happens. So how come we have a 
third of them that are poorly planned?
    Ms. Evans. That is actually a really good question and why 
we have been working on it since I have been in this job, of 
going through and making sure that we have the underlying 
management practices in place, that we really are reviewing the 
investments, that you really are looking at those to ensure 
that there is alignment between what you are trying to do in a 
program and how the IT investment will support that program, 
either through efficiencies or to get the outcome to support a 
service.
    Chairman Coburn. What I am trying to figure out is the 
management review board, if we have nearly a third of them 
poorly planned, somebody isn't doing their job right.
    Ms. Evans. Yes, sir.
    Chairman Coburn. So where does that lie? Does that lie at 
the CIO level, the management review board, where does that 
lie? If the whole purpose for the Exhibit 300 is to give a 
justification for an investment for a project or an advancement 
or greater ability for the government to function in some way 
or measure something or defend us and we have that laid out and 
that gets approved and yet a third of them are poorly planned, 
I thought that was the purpose for the Exhibit 300, is to make 
sure they are planned properly.
    Ms. Evans. Yes, sir, and the way that the process is set up 
and the way that we hold the agencies accountable is through 
the scorecard process. So the Secretary is ultimately held 
accountable for making the decisions of what those IT 
investments should go forward to support the Administration's 
priorities and that agency's mission goals to support the 
Administration's priorities.
    Chairman Coburn. So is it possible that the Exhibit 300s 
aren't accurate when they come through?
    Ms. Evans. It is possible that the Exhibit 300s, based on 
the skill levels of the people evaluating them at the agency 
and the CIO who is explaining how this works, may need 
improvement. And so I think that is evident when you look at 
the overall performance and how we have ranked the agencies on 
scorecard, because if all agencies were performing well, then 
we would have all agencies showing a green progress and green 
status. We don't have that.
    As you can see on the scorecard, if you have had an 
opportunity to look at it, which I am sure you have, you can 
see that we have agencies that are very red and we have 
agencies that are having mixed results, a yellow score, based 
on what they are doing, and then agencies who are green. There 
are a few agencies that are green, and it varies back and forth 
based on where we are in the year and the products that we are 
evaluating from our oversight role during the quarterly 
scorecard.
    So I agree with you there are problems and we have 
identified what they are and we work with the agencies to 
strengthen where those weaknesses are within the agencies.
    Chairman Coburn. When you look at these projects, do you 
ever look at the projects by vendor?
    Ms. Evans. No.
    Chairman Coburn. Well, let me suggest that you do that 
because, in fact, if we have a large number of underperforming 
or poorly planned or high-risk but we are not looking at it by 
vendor, we may, in fact, see a trend by two or three vendors 
out of the 10 or 20 or 50 that are used that says these are 
constantly poor performing, or these are constantly over cost 
or behind schedule. I think that one of the analyses that OMB 
ought to do is look at it by vendor and see if there is a 
pattern of poor performance.
    Mr. Powner talked about inaccurate reporting--what is the 
consequence for an agency for inaccurately reporting?
    Ms. Evans. In the fact that we identify that there are 
weaknesses associated with a business case when it comes in. I 
am going to say we make an assumption that people are not 
deliberately reporting erroneous data, that what we need to do 
from an OMB perspective is identify what appears to be the job 
or what is the issue within that agency. Is it just within that 
particular investment or is it a systemic problem throughout 
the agency?
    For example, one thing that we have noticed across the 
board, and you have highlighted it in your charts, is the 
ability for agencies to put qualified project managers in 
charge of individual projects as they go forward. We have that 
as a systemic problem across the government, not just within an 
agency.
    So if that is a weakness that is identified, what we do, 
what I do through the CIO Council, is we come up with an 
overall plan, which we have, to work with the agencies to 
strengthen project managers, also come up with a common way 
that agencies can evaluate the qualifications of the people who 
they are putting in charge of projects so that we have a 
consistent measure across the board, and then once that is 
done, what we have worked now with the agencies over the past 
year is each agency has a human capital plan for the weaknesses 
of their workforce and they have specific milestones that are 
now being measured through the Human Capital Initiative on the 
President's Management Agenda for them to either hire, recruit, 
or train and close those gaps so that, first and foremost, 
first defense there, is being met and that the agencies can 
then improve that area to at least move forward in that 
particular piece dealing with success.
    As far as if they overall have a systemic problem and we 
cannot remediate what we see as a weakness before the fiscal 
year starts, then OMB does take action such as using the tools 
that we have available, like Category B apportionments, and so 
then that puts more restrictions on the agencies to produce 
results instead of getting the money, them being able to do 
what they want to do and then us not having proper oversight.
    Chairman Coburn. I don't want to question anybody's 
motivation, but one of the tools of management is consequences 
of not stepping up to the line. So whether somebody 
inadvertently or intentionally is inaccurate in their 
reporting, what I want to see developed, and I think is a 
correct management technique, is there ought to be a 
consequence and there ought to be a measurement goal of whether 
or not they are performing accurately in terms of reporting 
accurately.
    Ms. Evans. I can tell you that, especially when I was still 
at the agency at the Department of Energy, the goals that we 
have in the E-Government scorecard are directly reflected and 
were directly reflected in my performance plan, which then 
meant that my own individual performance plan as an SES within 
the government was that I had to meet those marks and there 
were consequences. If I did not achieve that within my own 
agency of what those requirements were, it was reflected in my 
own performance, which then reflected my ability to get a raise 
or a bonus or those types of activities. That alignment is now 
there in many of the CIOs' performance plans and they are now 
getting greater alignment within their own agencies so that you 
can see how people's performance is now dependent on each 
other.
    We have also done that internally within my own staff. So 
some of the weaknesses and some of the repeatable processes 
that we are talking about that we need to improve on ourselves, 
we have now--through the President's Management Agenda, we are 
a beta site. So my own performance plan is public so that you 
can see what the goals are, but my staff's performance plans 
now align to those goals so that they are now vested in the 
agency's success, as well. So there is an individual 
consequence back on all of us who are responsible for ensuring 
the management of these initiatives.
    Chairman Coburn. But the project still gets funded.
    Ms. Evans. Sometimes the projects need to be funded, and 
that is why we put them on the Management Watch List. For 
example, when I first came into this job, one of the 
investments that were on there was TRICARE For Life. That was 
on the Management Watch List. They needed to do certain 
investments in order to upgrade and be able to improve health 
care information. You are not going to not fund things to 
support TRICARE For Life, but what you are going to do is then 
put additional oversight and management into that to ensure 
that--because this is now an area that we need that is high 
risk, so we need to continue to watch that to make sure that 
DOD had the right practices in place so that they could achieve 
the outcome knowing that there was a risk associated with it.
    Chairman Coburn. I want to go back to something Mr. Powner 
said, and it concerns me because the Defense Department has $30 
billion out of the $65 billion in IT. The question I have is 
either their reporting is inaccurate--as a matter of fact, I 
know their reporting is inaccurate because DTS, the Defense 
Travel System, isn't on anybody's list and it is a mess and it 
has been a mess from the time it started in terms of cost 
overruns and delays and everything else. So there has to be 
inaccurate reporting. This is going back to the point that my 
worry is that we are underestimating what the risk is, and I 
think GAO has testified to that. How is it that Defense can 
say, and I don't know where I have it, but I have the list of 
all the projects----
    Ms. Evans. Right.
    Chairman Coburn [continuing]. And they have very few on the 
high-risk list and very few on the Management Watch List. How 
can that be?
    Ms. Evans. And I would put the responsibility back on 
myself as far as clarity of the instructions and then 
consistency across the board about how we need to work with the 
agencies to be able to do that. So Defense is a good example. 
So when we are looking at this--this is a new policy that we 
put in place--there is a distinction between what is on the 
Management Watch List and the high-risk project list.
    Chairman Coburn. Yes, I understand the difference.
    Ms. Evans. But I would say that we need to bring better 
clarity to the instructions on what should be on a high-risk 
project. For example, we have all the 24 E-Government 
initiatives on the high-risk project list that we monitor 
through another mechanism. That is not included because there 
isn't a direct Exhibit 300 to map a lot of those to within each 
of the agencies.
    Chairman Coburn. And why is that?
    Ms. Evans. Because of the way that we allow certain 
flexibility of how agencies would categorize a major capital 
investment, and so that is why we make a distinction between an 
actual project----
    Chairman Coburn. And the investment----
    Chairman Coburn [continuing]. And the capital investment. 
For example, our policy says that all office automation and 
infrastructure types of investments need to be on one business 
case. So that would be things like telecommunications, office 
automation, any of those types of things, BlackBerrys, e-mail. 
You could have several major projects included in that one 
investment, like what we are currently doing now, the upgrade 
to IPB6. That is a project, but that would only have one 
capital investment. If you are upgrading your 
telecommunications to use new technology like voice-over IP and 
consolidate phone systems, that is only going to show up in one 
business case, one Exhibit 300, but that is a separate project. 
So that one particular investment could have anywhere, at a 
minimum, like five major projects underway. So that is why we 
have distinguished between the two of them.
    A lot of the E-Government initiatives, the dollar threshold 
is really low because the total budget across the board when we 
are collecting that, it averages about $190 million all the way 
across the board for all agencies doing all of their parts 
within 25 initiatives and six lines of business. But it is the 
complexity of depending now on interagencies to meet their part 
and the project planning and the major milestones make that 
high-risk, because if one person misses a milestone, the ripple 
effect is huge. So that is why we distinguish those.
    We have to go back to the agencies, giving the example that 
you just gave, like DOD, and clarifying further to them how 
they can use these tools and not necessarily drive reporting 
underground so that they get on our list and then we are 
looking at them, but encouraging them to use these tools so 
that they can really manage it within their agencies to achieve 
the results.
    Chairman Coburn. My time is up. Senator Carper.
    Senator Carper. Thanks, Mr. Chairman.
    In State Government, as in Federal Government, we use 
information technology in similar initiatives to provide better 
service. We use them to save money. We use them to, in many 
cases, improve the performance but also the job satisfaction of 
those that are working, whether it is in State or the Federal 
Government. I like to say that everything I do, everything that 
my team, my staff and I do, we could do better, and I think the 
same is probably true in every agency with whom you or each of 
you work.
    I want to start off with just a real basic question so I 
understand it. Now, the Chairman has delved into this, and I am 
sure, Ms. Evans, you spoke to it in your testimony. But I 
understood pretty well in State Government how we identify 
initiatives to which we wanted to bring information technology 
to bear. Just explain in a very basic way, how agencies 
identify their own IT projects, the screening process that they 
go through to have those funded, and then, if you will, the 
process by which we oversee, or OMB or someone oversees those 
projects to make sure that we are getting our money's worth, 
projects end up on the watch list.
    Ms. Evans. What an agency should do, and when I was at an 
agency myself, the way that we would do this based on the 
policies that are existing within OMB and the laws, what you 
are supposed to do is take a look at what are the agency's 
business needs, and basic things like utilities, 
telecommunications, office automation, those types of 
activities, you are supposed to go through, look at what is the 
cost to operate those, if you are going to upgrade those, it is 
a major system investment that you would then take to what is 
called an investment review board. Some agencies will have them 
divided into two areas, a technical review board as well as an 
executive review board.
    So the first threshold would be the technical review board 
would say, OK, this meets all our requirements. This has a good 
return on investment. It appears that it is going to meet our 
agency needs. So it can meet that first threshold of review.
    When it goes to the second level of review, which is an 
executive review board, they have to look at that across the 
board of what dollars do we have available? What are we trying 
to accomplish? What is the mission of the agency? Does this 
support mission outcomes? If we invest this dollar, will we 
achieve X, Y, and Z? And the business case is supposed to be 
able to articulate that in a way and summarize it in a way that 
senior executives can realize if I invest this one dollar, I am 
going to achieve X results for my mission. That is how you are 
supposed to do it.
    And then at that point, you then tie it, and we ask it to 
be very specifically tied to a program or to a business 
outcome. Are there performance measures? How will you know you 
will be successful? Is it just total efficiency because I am 
going to reduce cycle time? Those types of activities. That all 
is summarized in what we are calling the business case, the 
Exhibit 300.
    Senator Carper. Back up. Say that last sentence again, 
please.
    Ms. Evans. Sure. They are supposed to review these 
investments to ensure that they are tied to a business area, 
that they are either tied to an efficiency measure, like they 
are going to reduce cycle time within an agency--I am not going 
to mail things out anymore, those types of things, or actual 
program performance, that they have a measure that they can 
show that if I invest a dollar, this is the outcome that I 
should get. And that is what they are supposed to include and 
justify within what we call an Exhibit 300.
    Then what the CIO does all throughout this process is 
advise, make sure that it is aligned with everything that they 
are doing IT-wise within the agency, information-wise, make 
sure there are no duplications for the cost savings, how you 
can maximize those things, and then they send them over 
included in the overall budget because these are the 
investments that are going to enable program results. And then 
we----
    Senator Carper. Let me interrupt.
    Ms. Evans. Sure.
    Senator Carper. When would that be taking place during the 
year, right about now?
    Ms. Evans. September. Yes, sir. We get them as part of the 
regular budget submission, and so they are submitted 
concurrently with the overall budget and then what my area does 
is review and analyze those across the board to make sure that 
they are supporting the program outcomes. So there are very 
specific questions that we will ask, like we will ask, are you 
supporting a program that has been PART-ed? What are the 
measures associated with that?
    And so we look at those and we analyze them across the 
board. There are several criteria. There are several areas, 
acquisition strategy, project management, all those things. We 
look at them through our lens. So an agency may feel that they 
have done everything to the extent possible to mitigate risk, 
that they have a qualified project manager, that they have 
certified that project manager, they have good performance 
measures, but then we evaluate it and look at it and that is 
how they end up on the Management Watch List. From that 
planning document, we will say there appears to be weaknesses 
in the performance.
    But we also use other information at that point, because 
that is the same time that we get the annual cyber security 
reports coming in from the IGs and the CIOs. So if there is an 
overall problem in an agency, their ability to manage and 
secure data that they are collecting, we also use that 
information because there is a piece within the business case 
that talks about cyber security.
    So there are several tools that we use when we evaluate it 
and then determine that planning project, that particular 
effort should be on a Management Watch List, and then we 
integrate our processes into the internal OMB processes that 
then the Director reviews and makes recommendations to the 
President about what should be included in the investments 
going forward.
    Senator Carper. Maybe for no one else in the room, but for 
me, that was helpful. Thank you.
    Mr. Powner, let me turn to you, if I could. The title of 
your testimony, full testimony, is ``Information Technology: 
Improvements Needed to More Accurately Identify and Better 
Oversee Risky Projects Totaling Billions of Dollars.'' Sort of 
reflecting back on what Ms. Evans has just said and thinking of 
what you are trying to do in your testimony, looking at the 
process that she outlined, what are the strengths and 
weaknesses of that process?
    Mr. Powner. First of all, if we start with the Federal 
agencies, and back to Dr. Coburn, your question, too, where you 
look at those processes that are in place associated with these 
management review boards, our reviews of individual agencies 
and government-wide looking at basic processes that are in 
place with these investment review boards, do they select the 
investments appropriately? And what this is all about is 
racking and stacking of business cases. You rack and stack 
them. You put them in priority order and you say, here is where 
the budget runs out and everyone else doesn't get funding and 
these projects do. Now, there are a few nuances to that because 
of things that are called for in law and that type of thing----
    Senator Carper. Because of things that are called what?
    Mr. Powner. There are a few nuances that because of 
requirements in law for certain projects need to be funded and 
that type of thing, but overall, that is how it should work, 
just the way Ms. Evans described it.
    If you look at those processes at the agency level, we 
found weaknesses across the board. Sometimes the investment 
review boards don't comprise the right individuals. You can 
start there. The CIO should be driving it. You ought to have 
the business owners of these systems on the boards. We found 
investment boards that don't have the appropriate makeup, they 
don't have the appropriate processes, and I think agencies are 
improving over time. I think OMB is doing a lot to improve 
those processes. Our reviews highlight some of these things.
    This goes back to requirements called for in the Clinger-
Cohen Act back in 1996, so this isn't new and these processes 
aren't new, but there are weaknesses there. So first of all, 
you have those weaknesses at the agency level.
    And then when you look at, if you think about the racking 
and stacking of these Exhibit 300s, of the business cases, 
there is pressure to game those business cases, to overstate. 
What our review showed, we looked at 30 of these in great 
detail at a number of agencies and they were inaccurate, 
unreliable, and not supported by documentation in a number of 
areas. So if you look at that, what do we do about it?
    I think OMB issued some new instructions where agencies are 
going to publish on their websites these business cases. That 
will help. That is a step in the right direction. Another step 
in the right direction is within the agencies, there are 
controls that can be put in place. In the private sector, the 
same thing happened. Folks game their business cases because 
they want to secure funding. What did we do? We used internal 
audit to review business cases. Why not use IGs to review a 
handful of business cases that would at least put those project 
owners on their toes that it is going to get looked at? You 
don't know which ones are going to get reviewed, but you could 
look at a handful. There are controls that you could put in 
place to improve this process.
    Senator Carper. My time is about to expire here on this 
round. Mr. Chairman, could I ask Ms. Evans just to respond 
briefly to the recommendations that Mr. Powner made right at 
the end of his comments?
    Ms. Evans. Actually, I wrote the recommendation down 
because that is a great idea. We work a lot with----
    Senator Carper. Just restate the recommendation and then 
respond to it.
    Ms. Evans. The recommendation is to use the Inspector 
Generals within the agencies to go and do a random check of the 
business cases to ensure quality. I think it is a wonderful 
idea. We work with the IG community often. The IG community is 
doing certain things for us right now. They do it on the cyber 
security aspect for us so that we get that independent review 
and I am willing to take that recommendation back to the IGs 
and ask them specifically, would they be willing to take that 
on.
    They have taken on several things for us, like validating 
savings where agencies have estimated what their cost savings 
would be, and validate that type of methodology. The high-risk 
policy projects, we also ask for independent validation, and 
that is where we did open up everything for IGs and GAO to 
request all that documentation, as well. And I do think that 
several of them, I know GAO has taken us up on that and they 
are reviewing that information that the agencies should have 
available and randomly look at to support whether it is really 
reliable data.
    Senator Carper. Let me, first of all, thank you for the 
suggestion, Mr. Powner, and for the spirit that you responded 
to it, Ms. Evans. I think it would be interesting or be 
welcomed if you would let us know what kind of progress is made 
on this front. Thank you.
    Chairman Coburn. Ms. Evans, are Exhibit 300s ever rejected?
    Ms. Evans. Yes, they are, but----
    Chairman Coburn. What is the frequency of that?
    Ms. Evans. From our perspective, it is very few because of 
the checks and balances that we have put in place, because what 
we really are doing at that point is that we want the agencies 
to do that due diligence going forward, so we really should not 
get failing business cases.
    Chairman Coburn. But let us go back to the earlier 
question. You get 30 percent of them, poor planning that we 
have now----
    Ms. Evans. Yes.
    Chairman Coburn [continuing]. And we haven't rejected the 
Exhibit 300s. Something is wrong in between there.
    Ms. Evans. Well, because those investments that do come 
forward that we then release on the Management Watch List are 
investments that are clearly aligned with the President's 
priorities that we feel that we do need to go forward with, but 
do extra due diligence on whatever the gaps are that we have 
identified. But do we outright say no to something? Yes, we 
have done that because it is not either aligned with the 
President's priorities or agencies will come back based on the 
guidance that we do through our budget process and will 
withdraw them or cancel them.
    Chairman Coburn. Based on what Mr. Powner said about the 
boards not being constituted properly, some suggestion that 
some of the firms are actually writing the Exhibit 300s rather 
than the agencies, are you aware that happens?
    Ms. Evans. Sure. Absolutely. That is why----
    Chairman Coburn. Do you not see that as a conflict of 
interest?
    Ms. Evans. What I also see is that people view, and this 
will support Mr. Powner's comments, that the Exhibit 300 is 
like the test. This is the test. If I turn in a good term 
paper, I am going to become fully funded. So we recognize that 
maybe we were driving certain behavior so that an industry is 
springing up that is writing business cases. We run analysis, 
for example, on a portfolio. This is because we get it all 
electronic. I ran an analysis this past year. We did an 
analysis to see exactly how many words changed in a business 
case because it is electronic. So we can run it through and see 
how many words actually changed. So knowing where the 
investments are, for example, if they are steady state, then we 
should see more things happening later in the life cycle on the 
latter part of the business case. If they are in the first 
part, then you would see big changes in what they have 
completed in their acquisition strategy and where they are now 
in execution.
    Needless to say, what was happening was we had very few 
business cases that there were absolutely no changes to, but 
there are sections where, for example, in security where 
nothing is changed but we knew they had a problem. So we know 
that there is evidence of people just trying, well, this passed 
last year so I will just resubmit it again this year.
    Chairman Coburn. So how do we fix that? How do we 
incentivize behavior that is based on accuracy and better 
outcome?
    Ms. Evans. Well, the way that we did it, and we would 
welcome any comments or additional suggestions that you would 
have is that is why we released and really focused on 
execution, because it is one thing to talk about what you are 
going to do, but it is another thing to actually be able to 
deliver results.
    And so through our implementation and oversight of what the 
agencies are doing through earned-value management, which is 
really you are taking actual against planned, so there are 32 
different criteria in that----
    Chairman Coburn. So it is measurement metrics?
    Ms. Evans [continuing]. And there is measurement metrics in 
that and it is very sensitive. And so when you start getting 
those reports and you are looking at those, and I personally 
read those. An agency does not get the checkmark to move to 
green that they actually are managing 10 percent of cost 
schedule and performance until we--and we physically go to the 
agency and we discuss with the agency managers, because we know 
the same weakness that Mr. Powner has brought up. Who is 
actually managing this? Are you just producing reports because 
OMB has asked for reports or are you really using this data to 
make management decisions?
    And so it is one thing to get a really good planning 
document. It is almost like you take a driver's test. In West 
Virginia, you have to take a driver's test, but then you 
actually have to drive before they give you the license and it 
is a 6 months' difference. It is the same type of logic that we 
apply here. You can get through the first hurdle because you 
wrote a good term paper, but you have to now apply that 
knowledge that you said you have and produce results.
    Chairman Coburn. Good analogy. The problem I have with the 
way we are doing it is we are looking backwards rather than 
incentivizing behavior going forward. I would love for you all 
to think about, and maybe Mr. Powner think about, how do we set 
the system a little differently where we incentivize better 
behavior rather than have to look back? What you are doing is 
auditing, right?
    Ms. Evans. Yes.
    Chairman Coburn. The fact that there is an audit and an 
audit can be gamed and then you are using the final, where is 
the performance. But how do we get it to where we have to do 
less auditing and less control after the fact and incentivize 
better in the beginning? I don't expect you to answer that, but 
I think that is where we want to go with this, because if we 
have management review boards that are not constituted 
properly, how do we incentivize that to change? In other words, 
not after the fact that we come back and look at it----
    Ms. Evans. Right.
    Chairman Coburn [continuing]. But how do we get it right 
the first time? From my business experience, it just wasn't 
acceptable. What we are seeing in this is things that would 
never be acceptable in a personally-run business or like what 
Senator Lautenberg had. It just wouldn't be acceptable, the 
degree of what we are seeing, and I know it is tough to manage 
that.
    Again, let me go back to the Exhibit 300. The whole purpose 
for that is to put forward a plan that is based accurately, 
that will be a proper investment, whether it be through cost 
savings or accomplishing a goal. How do we make that tool 
really be what it should be? Let me address that to you, Mr. 
Powner. How do we make sure that every Exhibit 300 is right, is 
accurate, to the best of the ability it can be, with no 
question about motives, so that we can make a good judgment on 
it? Everything after that, once that goes through, it is all 
retrospective looking.
    If you look at the Defense Travel System, or, for example, 
another one that is not on the high-risk list is the Census 
Bureau. I can't figure out how that isn't on the high-risk 
list. That system is either gamed--I will reserve my comment. 
There is no way it should not be on the high-risk list.
    Ms. Evans. Right.
    Chairman Coburn. Senator Carper and I have sent a letter to 
GAO today asking some very specific questions about the 
Decennial Response Integration System, because I think it is a 
disaster right now. The fact that it is not on there tells us 
we have got a problem with the list.
    Ms. Evans. Yes.
    Chairman Coburn. How do we do that, Mr. Powner? How do we 
make it more effective prospectively rather than have to have 
the threat of a retrospective look?
    Mr. Powner. A couple of comments. First of all, the Exhibit 
300, the intent is fine. It is the business case. It puts in 
place some assurances that there are basic project management 
capabilities there associated with this investment or this 
project. So that is all well and good. I think an opportunity 
to streamline that over time, so it is not a writing exercise 
where contractors are filling their pockets, that should 
probably be looked at.
    But going back to one of your original questions, what are 
the consequences of submitting an Exhibit 300 that is, one, 
either inaccurate, or two, that shows that this project isn't 
ready to go forward and spend money, there should be real 
consequences. I think Ms. Evans pointed out some of these 
projects, like TRICARE, we have to keep going forward and we 
have to fund them and we have to try to fix them on the fly. 
But they are not all TRICARE. Using the apportionment process 
and withholding money, that matters, and if we did that more, 
maybe folks would take it a bit more serious.
    Chairman Coburn. OK. Ms. Evans, you mentioned in your 
opening statement the decision to post Exhibit 300s, I think is 
very good for transparency, and to allow us to actually see 
those, I think will be very helpful.
    I think also the fact that the Congress ought to be aware 
of the high-risk list and ought to be aware of the Management 
Watch List. It is our responsibility to oversee that and I 
think we have pretty much had an agreement from your boss that 
is going to be made available to us. Is that your 
understanding?
    Ms. Evans. About the Management Watch List and the high-
risk list?
    Chairman Coburn. Yes.
    Ms. Evans. Yes, sir. What we will do is we will provide the 
high-risk list that we have to you guys next week.
    What we would like to do, if it is OK with you, and my 
boss, is on the Management Watch List, what we do is we have a 
deadline on the scorecard of June 30. So we receive them in 
September and we work through the budget process with the 
agencies and then we have a deadline on the scorecard of June 
30 where they have to remediate any of the weaknesses or have 
an adequate plan that shows that they are going to remediate 
the weakness that we have identified. If that hasn't happened 
by June 30, which obviously the date has passed now so we can 
make the list available, we would like at that point to publish 
what is remaining on the Management Watch List so that Congress 
could then use that going forward in their own decisions that 
they want to make through the appropriations process.
    Chairman Coburn. The problem with that is, hopefully, most 
of the appropriations hearings and everything have already 
happened by that time, and so the decisions to really impact 
that will be a year and a half later. But we will work with you 
on that.
    Ms. Evans. OK.
    Chairman Coburn. It is the obligation of the U.S. Congress 
to know what is not working right and to be able to hold 
oversight hearings on specific cases when they are not working 
right, we can be a tool for you. When it is not working right 
and we have that agency here with the Exhibit 300, with the 
budget and say, what went on here?
    We, myself and Senator Carper, have every intent to do 
that, is to help the rest of the agencies understand you are 
not going to skid this thing. We want to fund you. We want you 
to do what is right. We understand that your intent is to do 
what is right. But when it doesn't work, we want to hold you 
accountable and for us to have the correct oversight and 
transparency, not just for us, but for the American people.
    Senator Carper and I have a bill that is going to go 
through this week, which OMB is backing and we are very 
thankful for, that is going to allow the American people to 
know where the money went. All these contracts are going to be 
known. Everybody in America is going to know who has got the 
contracts, unless it is a national security issue. So that is 
going to help.
    But the point is, we need to do the specific oversight, and 
if we can't know where the problem is because we can't get the 
list of the problems from OMB, then we don't have the ability 
to carry out our constitutional function, which we consider 
very seriously on this Subcommittee.
    Senator Carper, do you have additional questions?
    Senator Carper. Yes, just a few, if I could. Again, I think 
this would be probably a question for Mr. Powner. We learned 
today that there are many problems with the oversight of at-
risk information technology projects. I am just asking your 
opinion. How much in cost overruns do you think we can expect 
to endure from the most at-risk information technology projects 
that make up the $7 billion that we have heard about?
    Mr. Powner. So to project how much the overrun would likely 
be? I think that would be very difficult to do. I think the--I 
mean, that is tough. We look at a lot of individual projects. 
There is one project we looked at, Rescue 21, a Coast Guard 
communications system that isn't on the high-risk list that 
overran $300 million in a very short period of time. That is 
very common.
    Senator Carper. The overrun was $300 million?
    Mr. Powner. Three-hundred million. There is a system that 
we have been tracking for years, environmental satellite 
system, a joint acquisition between DOD, NOAA, and NASA called 
NPOESS. It basically provides weather forecasting information. 
It is important for hurricane tracking, very important going 
forward. That project has gone over a 3-year period from $6 
billion life cycle cost to $12 billion. OK, that is not on the 
list. So you could look at that.
    Senator Carper. Why not?
    Mr. Powner. Well, that is one of our examples where we 
think the high-risk list is understated. So those are two 
examples that we pointed out in our reports, Rescue 21 at the 
Coast Guard and NPOESS----
    Senator Carper. Let me stop you for just a second and just 
ask for something. Why do you suppose those are not on the 
list?
    Ms. Evans. And I agree with Mr. Powner that they should be 
on the list. What agencies have a tendency to do, and the way 
that we are measuring some of these things, which sometimes--
and I agree that we need to improve this--is that agencies will 
have a tendency to rebaseline a project or----
    Senator Carper. When you say rebaseline, give me that in 
plain English.
    Ms. Evans. What they do is, for example, if GAO is tracking 
the same project by a different name and it is going on for 10 
years, agencies will have a tendency when a project is deemed a 
failure or needs to be redone, will say, OK, after 5 years, 
this project hasn't been successful. So they will rebaseline it 
and----
    Senator Carper. What is rebaseline?
    Ms. Evans. They will zero it out and they will count it as 
a sunk cost and they will give us a new Exhibit 300, so it will 
show as something new. So I am going to give you a quick 
example of how this would work.
    Senator Carper. OK.
    Ms. Evans. So we track by agencies, like number of business 
cases that they will submit. So last year we saw a big drop. 
You can see it right here. There was 1,087 major investments 
that came in and it dropped to 857. That is a big flag for me, 
going, what has happened here? Did people actually finish 
projects and stop? Because the dollar amount is the same. So 
something has happened in the way that these agencies are 
putting together the investments and putting together the 
business cases.
    We went through agency by agency. So I have one specific 
agency----
    Senator Carper. That is a lot to go through.
    Ms. Evans. Yes, it is, but, that would be the question that 
I would figure my boss would ask me. What is the difference? 
What is the drop? Why do you see this change? Because we are 
collecting all these numbers now, we should be able to analyze 
them.
    So I looked at who were the biggest deviants that happened 
here and we had one agency that in fiscal year 2006, they had 
51 business cases. In fiscal year 2007, they went to 34. So I 
sent them an e-mail. You should be able to answer this question 
fairly quickly and say what happened to the other 17. Because 
when we look at it, there are several of them that had brand 
new names. But when you look at how the dollars are broken out, 
there is development, modernization, enhancement, which is 
supposed to be new dollars, and steady state, which is supposed 
to be existing systems.
    So I asked them, I said, what happened to these 17 business 
cases? You should be able to tell me. I want to know by the end 
of the day, because that gets to your contractor issue. You 
should be able to answer this question if you are managing it. 
So the agency did come back and say, OK, we have recategorized 
this. Twelve of them went into what we have as the single 
business case for office automation. Four are actually brand 
new. We actually completed one, and so that is off the list, 
and we restructured. So that is the rebaselining. We 
restructured four of those and we canceled one. So when you 
look at it, they redistributed their portfolio in a way that 
they thought that they could better manage it.
    But we do go agency by agency to ask them what they are 
doing with those so that you are not kind of flying under the 
radar screen or that you are just doing certain things. So in 
these particular cases, what will happen is GAO will track it 
through the entire requirement. It could take 25 years on some 
of these things. What we are tracking is if they ended and then 
they start a new one because they said that they have done all 
of these different things, it becomes a new investment for us. 
So there is a difference between the way GAO is tracking them 
and the way that we get the information from the agency.
    Senator Carper. All right. Thank you.
    Mr. Powner, I interrupted you in order to ask that question 
of Ms. Evans. Do you want to pick up your train of thought?
    Mr. Powner. Well, just to round out, I think that is a very 
important point that Ms. Evans made on the rebaseline. 
Basically what rebaselining is is you start over. When we track 
in the President's Management Agenda, that is a high bar, to 
OMB's credit. To have all major projects within 10 percent of 
cost, schedule, and performance, used earned value techniques, 
that is a very high bar.
    The concern would be what some agencies do is--our cost is 
$200 million on this. We rebaseline it. We bump it up to $300 
million. So now we are within 10 percent. It is kind of a ``get 
out of jail free'' card, just because they moved the total up 
that we are measuring from. That is what rebaselining is all 
about, so it is very important to look at these numbers to make 
sure.
    And I am sure if we looked in detail at some of these 
projects that aren't on the high-risk lists at DOD and other 
places, it is probably due to rebaselining. So it is something 
we are all aware of and we will keep our eye out for.
    Chairman Coburn. Do you have a rebaseline list that you 
follow?
    Ms. Evans. No, I don't maintain a rebaseline list.
    Chairman Coburn. Should we? I mean, that is really gaming 
the system.
    Ms. Evans. Well, we can. And what we do--some of the 
agencies--the term relentless has been associated with my 
name---- [Laughter.]
    Chairman Coburn. I like that.
    Ms. Evans [continuing]. That I have been pretty stringent 
about what you can and what you can't do on some of these major 
investments. But we do recognize that at a certain point, you 
have to be able to produce an audit trail so that GAO can track 
the history. But at a certain point, you do have to, like, 
start to ensure that they actually do have management 
practices, because some of these projects were so bad that if 
we kept all that information in there, they would never be able 
to show that they actually have the right progress and the 
right management practices in place and that they are now 
managing that effort to 10 percent of cost, schedule, and 
performance. But that is a very conscious decision and agreed-
upon point between OMB and the agency before we allow an agency 
to rebaseline.
    Chairman Coburn. My point would be is that ought to be a 
policy and a reporting policy inside OMB, because no matter who 
the Administration is, you want to be able to track that. That 
ought to be something that happens all the time so that we 
know, as a performance indicator. That is just a suggestion.
    Ms. Evans, is GAO reporting their examples in their report 
in June about the projects that weren't on the high-risk list 
or on the watch list. The ones they reported, are they now on 
the list?
    Ms. Evans. Yes. Actually, we have gone back very 
specifically and asked. I am very intimately aware of the 
Census issue, sir.
    Chairman Coburn. I am announcing today I am going to send a 
letter to every agency asking every IT project that they have 
and where they are and where they are in terms of cost overrun. 
We are going to look at those. We are going to help you.
    Ms. Evans. OK.
    Chairman Coburn. We are going to expect them to respond and 
also list by vendor so that we can look at it. I am convinced 
that you all are trying to do the right thing, and I think 
Senator Carper is, too, but I think we need more oversight and 
I certainly believe that we need the recommendations that we 
saw in the GAO report instituted as best as we can, and maybe 
some of the new ones that Mr. Powner brought forward today.
    We have great IT companies in this country, but we don't 
want them to get to be lazy and we want to hold them 
accountable as well as the agencies accountable. My hope is 
that in the next couple of months, we will single out two or 
three projects and look at those to see why they are not 
meeting what they need to do. We have done it on the Defense 
Travel System. I have tried to win. I have lost on that. The 
vendor is stronger than I am on the floor and we have spent 
$500 to $600 million on something we could have gotten for $30 
million, and when they redo all the computers in the Pentagon, 
DTS isn't going to work. They are doing a good job of trying to 
do that, but it is a half-a-billion dollars of our kids' money 
that we have thrown out the door.
    We can't have any more of those. We just have to do a 
better job. I am talking about us. Senator Carper and I are 
committed to do the oversight that is necessary and we want to 
help you. We don't want to be your adversaries. We want to be 
your supporters and we want to shine sunshine on areas that are 
weaknesses and allow good ideas to filter up to hold people 
accountable.
    Anything further?
    Senator Carper. Just to follow up on what the Chairman 
said, just in terms of reaching out to all the agencies and 
asking them to come back with the information that he has 
mentioned, sometimes I say to my staff, help me to be a guided 
missile as opposed to being an unguided missile. If you were to 
give some friendly advice and constructive advice as to how we 
might craft the kind of inquiry used just to describe it, do 
you have any thoughts now as to how it would be most 
constructive and most helpful to the work that you are trying 
to do, that would be welcome. If you don't have anything right 
off the bat to share with us, maybe you could within the next 
24 or 48 hours. That would be, I think, helpful to us.
    Ms. Evans. OK.
    Chairman Coburn. Thank you all very much for your testimony 
and your cooperative nature. We look forward to working----
    Senator Carper. Mr. Chairman, could I interrupt just one 
quick minute?
    Chairman Coburn. Yes, sure.
    Senator Carper. Ms. Evans indicated that one of the 
adjectives that she used to describe her is relentless, and I 
heard you talking about the Department of Defense Travel System 
and how you were outmanned on the floor. One of the adjectives 
that is used to describe the Chairman, and I hope me, is 
relentless, as well, and this is a good one to be relentless 
on. Thank you.
    Chairman Coburn. Thank you all for being here. Thanks for 
your effort, and thank you for the service to our country.
    Ms. Evans. Thank you.
    Chairman Coburn. The hearing is adjourned.
    [Whereupon, at 10:50 a.m., the Subcommittee was adjourned.]

                            A P P E N D I X

                              ----------                              

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


                                 
