[Senate Hearing 110-409]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 110-409

                    HIGH-RISK INFORMATION TECHNOLOGY
                      PROJECTS: IS POOR MANAGEMENT
                     LEADING TO BILLIONS IN WASTE?

=======================================================================

                                HEARING

                               before the

                FEDERAL FINANCIAL MANAGEMENT, GOVERNMENT
                   INFORMATION, FEDERAL SERVICES, AND
                  INTERNATIONAL SECURITY SUBCOMMITTEE

                                 of the

                              COMMITTEE ON
                         HOMELAND SECURITY AND
                          GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE


                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

                           SEPTEMBER 20, 2007

                               __________

        Available via http://www.access.gpo.gov/congress/senate

       Printed for the use of the Committee on Homeland Security
                        and Governmental Affairs







                     U.S. GOVERNMENT PRINTING OFFICE

38-844 PDF                 WASHINGTON DC:  2008
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office  Internet: bookstore.gpo.gov Phone: toll free (866)512-1800
DC area (202)512-1800  Fax: (202) 512-2250 Mail Stop SSOP, 
Washington, DC 20402-0001










        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

               JOSEPH I. LIEBERMAN, Connecticut, Chairman
CARL LEVIN, Michigan                 SUSAN M. COLLINS, Maine
DANIEL K. AKAKA, Hawaii              TED STEVENS, Alaska
THOMAS R. CARPER, Delaware           GEORGE V. VOINOVICH, Ohio
MARK L. PRYOR, Arkansas              NORM COLEMAN, Minnesota
MARY L. LANDRIEU, Louisiana          TOM COBURN, Oklahoma
BARACK OBAMA, Illinois               PETE V. DOMENICI, New Mexico
CLAIRE McCASKILL, Missouri           JOHN WARNER, Virginia
JON TESTER, Montana                  JOHN E. SUNUNU, New Hampshire

                  Michael L. Alexander, Staff Director
     Brandon L. Milhorn, Minority Staff Director and Chief Counsel
                  Trina Driessnack Tyrer, Chief Clerk


FEDERAL FINANCIAL MANAGEMENT, GOVERNMENT INFORMATION, FEDERAL SERVICES, 
                AND INTERNATIONAL SECURITY SUBCOMMITTEE

                  THOMAS R. CARPER, Delaware, Chairman
CARL LEVIN, Michigan                 TOM COBURN, Oklahoma
DANIEL K. AKAKA, Hawaii              TED STEVENS, Alaska
BARACK OBAMA, Illinois               GEORGE V. VOINOVICH, Ohio
CLAIRE McCASKILL, Missouri           PETE V. DOMENICI, New Mexico
JON TESTER, Montana                  JOHN E. SUNUNU, New Hampshire

                    John Kilvington, Staff Director
                  Katy French, Minority Staff Director
                       Liz Scranton, Chief Clerk


























                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Carper...............................................     1
    Senator Coburn...............................................     4
    Senator Akaka................................................     5

                               WITNESSES
                      Thursday, September 20, 2007

Karen Evans, Administrator, Electronic Government and Information 
  Technology, Office of Management and Budget....................     7
David A. Powner, Director, Information Technology Management 
  Issues, U.S. Government Accountability Office..................     8
Barry C. West, Chief Information Officer, U.S. Department of 
  Commerce.......................................................    26
Daniel G. Mintz, Chief Information Officer, U.S. Department of 
  Transportation.................................................    28
Michael D. Duffy, Deputy Assistant Secretary for Information 
  Systems and Chief Information Officer, U.S. Department of the 
  Treasury.......................................................    29
Scott Charbo, Chief Information Officer, U.S. Department of 
  Homeland Security..............................................    30
Paul A. Brinkley, Deputy Under Secretary for Business 
  Transformation, U.S. Department of Defense.....................    31

                     Alphabetical List of Witnesses

Brinkley, Paul A.:
    Testimony....................................................    31
    Prepared statement...........................................   116
Charbo, Scott:
    Testimony....................................................    30
    Prepared statement...........................................   110
Duffy, Michael D.:
    Testimony....................................................    29
    Prepared statement...........................................   108
Evans, Karen:
    Testimony....................................................     7
    Prepared statement...........................................    43
Mintz, Daniel G.:
    Testimony....................................................    28
    Prepared statement...........................................    97
Powner, David A.:
    Testimony....................................................     8
    Prepared statement...........................................    47
West, Barry C.:
    Testimony....................................................    26
    Prepared statement...........................................    81

                                APPENDIX

Chart entitled ``Figure 3: Reported Performance Shortfalls of 126 
  Projects (as of June 2007)''...................................   124
Chart entitled ``Poorly Planned and Poorly Performing IT Projects 
  (as of June 2007)''............................................   125
Chart submitted by Senator Coburn entitled ``Percentage of 
  Projects Rebaselined--By Agency''..............................   126
Chart submitted by Senator Coburn entitled ``Total Projects Re-
  baselined''....................................................   127








 
                    HIGH-RISK INFORMATION TECHNOLOGY
                      PROJECTS: IS POOR MANAGEMENT
                     LEADING TO BILLIONS IN WASTE?

                              ----------                              


                      THURSDAY, SEPTEMBER 20, 2007

                                   U.S. Senate,    
          Subcommittee on Federal Financial Management,    
                Government Information, Federal Services,  
                                and International Security,
                            of the Committee on Homeland Security  
                                          and Governmental Affairs,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 2:31 p.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Thomas R. 
Carper, Chairman of the Subcommittee, presiding.
    Present: Senators Carper, Akaka, and Coburn.

              OPENING STATEMENT OF SENATOR CARPER

    Senator Carper. The Subcommittee will come to order. I want 
to welcome all of our witnesses. Thank you for joining us today 
and for our next panel as well.
    We are here today, in large part because of the interest 
that our Chairman from our last session of Congress, Senator 
Coburn, had expressed and demonstrated in the issue of IT 
projects. We had a hearing in the last Congress, and this is 
really a follow-up to that, and I thank him for his leadership 
and for getting us to focus on this. And I am sure he will have 
a good deal more to say, but we are here in no small part 
because of the effort that he led the last 2 years.
    In my role as governor, we used to work on IT projects, and 
we found them in some cases very difficult to manage. They 
often turned out to be expensive. We launched those projects 
because we were trying to find ways to provide better service 
to the people that we served, represented, and we were trying 
to save taxpayers some money, and we tried to do it by 
harnessing information technology for the delivery of better 
service at a lower cost.
    Usually we succeeded. There were a couple of times we did 
not, and we are not very proud of those failures. So I know 
what it is like to have tried this stuff and to have been 
successful and not to have been successful. And the idea of 
having someone looking over our shoulders--in this case, the 
Federal Government looking over our shoulders, not only OMB and 
GAO, but also us on this Subcommittee--is, I think, a good 
thing. We want to exercise our oversight in a constructive way, 
to always let our agencies know that we are trying to provide 
better service, trying to do it in a better way and save the 
taxpayers some money, to know that we want to make sure that 
they are on the ball, that they are getting the job done, and 
that they do not lose track of that.
    We appreciate our witnesses coming before us today, taking 
your time to participate in this hearing. This is the second 
hearing, as I said, of this Subcommittee on the issue of poorly 
planned and underperforming IT investments. This hearing will 
focus on how the Office of Management and Budget and Federal 
agencies will ensure the success of potentially $10, $10.5 
billion of at-risk information technology projects.
    Investing in the Federal Government's information 
technology infrastructure is crucial to the efficient operation 
of Federal programs and in many cases to our national security. 
Projects such as the Department of Homeland Security's Secure 
Border Initiative technology program, or SBInet, as it is 
commonly referred to, is expected to provide our border agents 
real-time information on attempted border crossings by illegal 
immigrants or by terrorists or by thieves. Investments such as 
this are too important to our Nation to be allowed to fail due 
to a lack of planning or a lack of management oversight.
    But there are times when maybe we might want to cut our 
losses and end a failing project before we waste even more 
hard-earned taxpayer dollars. I know from experience it is hard 
to make those decisions, but sometimes it is a decision we must 
make. We owe it to taxpayers to pull the plug in some cases or 
go back to the drawing board when a project is continually over 
budget and is just not delivering what we had expected it to 
deliver.
    Last year alone, the Federal Government spent some $64 
billion on 857 information technology investments. Spending 
this year will be just as high, I am told. The Federal 
Government is planning to invest approximately another $65 
billion on some 840 IT projects.
    Managing IT investments can be a difficult process, as we 
know. Cost overruns and delays can be expected from time to 
time. Sometimes a project that sounded like a good idea at one 
point just might not pan out. This makes sound oversight 
important, and that is what we are here for.
    As our witnesses are aware, the Clinger-Cohen Act requires 
OMB to report to Congress on the net program performance 
benefits achieved as a result of agencies' IT investments. OMB 
uses documents provided by Federal agencies to compile two 
lists that identify the most at-risk IT projects. Aptly named 
the ``Management Watch List'' on the one hand and the ``High-
Risk List'' on the other hand, these lists highlight projects 
that have been poorly planned or are underperforming.
    However, as GAO is going to testify here today, the OMB may 
not be receiving the information required to properly exercise 
their oversight duty. As we found out at our last hearing, much 
of the documentation that agencies submit to OMB, such as the 
Exhibit 300s, are not properly supported or contain unreliable 
cost estimates. Moreover, the high-risk list is potentially 
understated as agencies are only required to report their own 
projects based on OMB criteria.
    This year, according to GAO, 227 IT projects totaling an 
estimated $10.4 billion in expenditures for fiscal year 2008 
have been identified as being poorly planned, poorly 
performing, or, in some cases, both. Most alarming are the 33 
projects totaling $4.1 billion identified simultaneously as 
both poorly planned and poorly performing, and that is just not 
acceptable.
    As you can see, we have got a couple of charts over here. I 
am just going to put up one of the charts.\1\ Figure 3 shows 
the breakdown by the number of projects and billions of dollars 
between the high-risk list, the Management Watch List, and the 
projects that are listed because they are both poorly planned 
and underperforming.
---------------------------------------------------------------------------
    \1\ The chart submitted by Senator Carper appears in the Appendix 
on page 124.
---------------------------------------------------------------------------
    The next chart enables us to examine the high-risk list a 
little more closely, and it tells us why these projects run 
into trouble.\2\ How many do we have here?
---------------------------------------------------------------------------
    \2\ The chart submitted by Senator Carper appears in the Appendix 
on page 125.
---------------------------------------------------------------------------
    Senator Coburn. One hundred eighty six.
    Senator Carper. We have 186. We have about 101 running into 
trouble because of cost and schedule variance within 10 
percent. They are not staying within that 10 percent. We have 
another 33 because we do not have qualified project managers. 
And then there are about 12 more that we can attribute to 
avoiding duplication.
    Now, OMB, to their credit, has made improvements in 
identifying and overseeing at-risk projects. Following last 
September's hearing, OMB released the Management Watch List, 
requiring agencies to publish their Exhibit 300s on their 
website. And, further, OMB has improved agencies' self-
identification of high-risk projects, resulting in an increase 
in the number of projects on the high-risk list. However, we 
need to do more, and as GAO will testify today, questions still 
remain as to whether all high-risk projects are properly 
identified and tracked by senior management at both OMB and at 
the individual agencies themselves. Moreover, OMB has not 
revealed to Congress the specific reasons why projects are on 
the Management Watch List, leaving us unable to track progress, 
recognize trends, or to examine underlying causes or 
governmentwide issues.
    I look forward to working with our witnesses today, as 
well, along with my Ranking Member, Senator Coburn, and our 
other colleagues on this Subcommittee, in order to assure that 
proper oversight is in place. The American taxpayers demand 
that we be good stewards of their money, and I know everyone in 
this room wants to see that become a reality. We have a 
responsibility, really, to ensure that IT investments are 
managed properly, appropriately at every phase of development. 
Again, that is what we are here to do, to try to ensure it 
happens more often than not.
    Again, I would say to Senator Coburn thanks very much for 
providing the inspiration and the leadership on this issue in 
the last Congress, and I look forward to working with you on it 
this time as well.

              OPENING STATEMENT OF SENATOR COBURN

    Senator Coburn. Thank you, Senator Carper. And welcome. You 
are familiar faces, being in front of this Subcommittee. I 
think it is important that we stay informed on what is 
happening. I appreciate very much what OMB has done in terms of 
making information more transparent.
    I have a lot of concern. Please put up those two charts.\1\
---------------------------------------------------------------------------
    \1\ The first chart submitted by Senator Coburn appears in the 
Appendix on page 126.
---------------------------------------------------------------------------
    I think you are moving in the right direction. I am very 
worried that we have a lot of dollars at risk because we are 
not moving fast enough and effectively enough.
    These two slides, the first thing that bothers me is we 
have over 90 percent of the IT projects at the Department of 
Veterans Affairs being rebaselined. Now, that has got to be a 
metric that tells us we have got real problems with buying IT 
projects at the VA. What rebaselining is, for everybody here, 
is that we are going to reset, so we are going to hide the true 
cost and the failures of the programs in terms of buying. The 
average is 19 percent in the government, and you can see all 
those to the left, which is about 10 or 11--Veterans Affairs, 
Department of Health and Human Services, Department of the 
Treasury, Department of Defense, Department of Labor, and USAID 
are all above 30 percent of their projects get rebaselined. 
Well, ``rebaselined'' is another way of saying we do not want 
everybody to know what the real cost was, or we do not want 
everybody to know that we inadequately prepared when we started 
out on this project. And so to me that is a very concerning 
figure. Anywhere in the private sector, if you had 90 percent 
of your projects needing to be rebaselined, we would fire the 
people who are responsible for the IT projects, and I would 
tell you probably if you had 30 percent in the private sector. 
I can understand because there are a lot of unknowns in terms 
of when we contract that.
    Then this other slide just shows the total number of 
projects rebaselined by Department, and you can see HHS and 
Department of Transportation and Department of the Treasury 
have a significant number, but the dollar amounts are not as 
great.\2\
---------------------------------------------------------------------------
    \1\ The second chart submitted by Senator Coburn appears in the 
Appendix on page 127.
---------------------------------------------------------------------------
    So I am looking forward to our testimony today. I am 
worried that we are still--this is a large amount of money, $65 
billion. It is bigger than the total GDP of 100 countries out 
there, and yet we seem to still be having some troubles 
managing it.
    The other thing that I have concern with is we have cost-
plus contracting rather than contracting where here is what we 
want, you give us a bid, and you deliver, and then let's hold 
you accountable for delivering. And I know that is an 
oversimplification. I know that does not apply in every 
instance, especially in defense and some of the other security 
issues. But in the private sector, there is not much in terms 
of cost-plus bidding for some of these IT contracts. There is a 
total bid, and then their feet are held to the fire to 
accomplish the goal at a fixed price.
    And so I look forward to hearing from our witnesses. I 
thank you both for being here, thank you for the great work the 
GAO does, and I thank you for the responsiveness that OMB has 
had, and I look forward to continued responsiveness from you.
    Thank you, Mr. Chairman.
    Senator Carper. Thank you, Senator. Senator Akaka, you are 
up. Thanks so much for being here.

               OPENING STATEMENT OF SENATOR AKAKA

    Senator Akaka. Thank you, Mr. Chairman. I want to welcome 
our witnesses here to this hearing.
    Information technology is fundamental to the day-to-day 
functioning of our government, from managing benefits at the 
Department of Veterans Affairs to helping first responders at 
the Department of Homeland Security. According to the 
Administration's fiscal year 2008 budget request--and this was 
mentioned by Senator Coburn--about $65 billion is spent on over 
6,500 IT projects government-wide. This is more than the entire 
budget of the Department of Homeland Security. These massive 
investments must be carefully planned and managed to ensure the 
government runs effectively and that the taxpayers' dollars are 
not squandered.
    Oversight of these projects is very difficult. There are 
few reliable measures now available to assess the performance 
and management of IT investments. While the Office of 
Management and Budget maintains a high-risk list and an at-risk 
list, additional performance data on IT projects is difficult 
to come by. Without this essential information, neither OMB nor 
Congress can adequately assess the value of these projects. 
Additional information is also needed to fully understand the 
risks associated with a project. Agencies should not be overly 
risk averse, but they can minimize risk through better 
management.
    Agencies often rely on contractors to provide IT goods and 
services, making oversight even more difficult. As my 
Subcommittee on Oversight of Government Management has heard 
from several witnesses, contract oversight is increasingly 
difficult with an overburdened Federal acquisition workforce. 
Agencies need to commit to planning for their own specific IT 
needs rather than relying on contractors to make the decisions 
for them.
    There needs to be greater emphasis on utilizing off-the-
shelf products or products already in use by the government. 
Testimony by DHS' Chief Financial Officer at a hearing in July 
underscored this point when DHS decided to consolidate several 
existing financial management systems rather than developing a 
new one from scratch. It is my hope that the Office of 
Management and Budget will take a more active leadership role 
in providing guidance and so assistance that agencies avoid 
unwarranted or duplicative IT projects. At the same time, OMB 
must not shy away from using their budgetary authority to make 
course corrections or halt failing projects when necessary.
    I want to emphasize the critical role played by individual 
agency Chief Information Officers (CIOs), who are critical to 
IT planning and management. The Federal Government must recruit 
CIOs who have experience and expertise in the IT field in 
addition to strong management skills. Unfortunately, according 
to a 2004 GAO report, retaining CIOs is a challenge. Past and 
current CIOs admitted that they should be in place for at least 
3 to 5 years to be effective, though the average tenure was 
only 2 years. Agencies must confront the challenge of 
maintaining experienced CIOs despite fierce competition with 
the often more lucrative private sector. While cutting-edge IT 
will always be a risky investment, costly problems can be 
avoided through better management.
    Again, Mr. Chairman, I want to thank you for holding this 
hearing and for your and Senator Coburn's continued attention 
and dedication to this important issue. Thank you very much.
    Senator Carper. You bet, and thank you very much for your 
statement. Thanks a lot for being here and for working with us 
on this obligation.
    We have two panels. I am just going to introduce our first 
two witnesses, if I may, and we will introduce the others when 
we go to the second panel. I think we are going to have a vote 
that starts at about 2:55, and what we will do is probably--I 
would like to finish the testimony from our first panel, and we 
will run off and vote, come back, and then we will do 
questions, and then bring the second panel on. But I expect we 
will have a couple of other interruptions later this afternoon.
    Let me start, if I could, with Karen Evans. Ms. Evans is 
the Administrator of the Office of Electronic Government and 
Information Technology at the Office of Management and Budget. 
In this role, she oversees the implementation of information 
technology throughout the Federal Government, including 
advising the Director on the performance of IT investments. 
Prior to becoming administrator, Ms. Evans was the Chief 
Information Officer for the Department of Energy--is that 
right?
    Ms. Evans. Yes, sir.
    Senator Carper. As well as Vice Chair of the Federal Chief 
Information Officers Council. As Vice Chair, she coordinated 
the council's efforts in developing Federal IT programs and in 
improving agency information resource practices. She has a 
bachelor's degree in chemistry and a master's in business 
administration from the University of Delaware--all right, from 
West Virginia, West Virginia University. And as a native of 
West Virginia, the only native-born West Virginian in the U.S. 
Senate, welcome, Ms. Evans.
    David Powner is Director of GAO's Information Technology 
team. He is currently responsible for a large segment of GAO's 
information technology work, including system development, IT 
investment management, health IT, and cyber critical 
infrastructure protection reviews. In the private sector, he 
has held several executive-level positions in the 
telecommunications industry. He graduated from the University 
of Denver with a degree in business administration, as well as 
Harvard University's John F. Kennedy School of Government's 
Senior Executive Fellows Program.
    I am going to ask you to keep your testimony close to 5 
minutes. If you run a few minutes over, we will let that go. 
But, if you will, I am going to recognize Ms. Evans first, and 
when she is finished, Mr. Powner, we will ask you to follow 
right on.
    Ms. Evans, you are recognized, and the entire statements 
from both of you will be entered into the record, and we will 
ask you just to summarize. Thanks.

    TESTIMONY OF KAREN EVANS,\1\ ADMINISTRATOR, ELECTRONIC 
GOVERNMENT AND INFORMATION TECHNOLOGY, OFFICE OF MANAGEMENT AND 
                             BUDGET

    Ms. Evans. Good afternoon, Mr. Chairman and Members of the 
Subcommittee. My remarks will focus on the Administration's 
strategy and progress in tracking, analyzing, and evaluating 
the Federal Government's information technology investments.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Evans appears in the Appendix on 
page 43.
---------------------------------------------------------------------------
    Each quarter agencies receive a scorecard about their 
progress and status in achieving governmentwide goals under the 
President's Management Agenda. OMB analyzes information 
provided on business cases when evaluating agencies' activities 
pertaining to the Electronic Government component of the 
scorecard. We deliberately included a criterion for 
``acceptable business cases'' to emphasize the necessity in 
management. It is just one of a number of the components 
agencies must satisfy to get to green (or yellow) for the 
scorecard, and the agencies' scorecards are posted on a 
quarterly at results.gov.
    The information included about each business case 
ultimately helps OMB and the agencies ensure effectively 
planned IT investments and improved portfolio management. 
Business cases reflecting one or more planning weaknesses are 
placed on what we call the ``Management Watch List'' and are 
targeted for follow-up.
    I would also like to describe another indicator, the high-
risk list, which is used to analyze and evaluate actual project 
execution and performance. The objective of our analysis is to 
manage the risk each quarter associated with the execution of 
the planned actions with the IT project to ensure and achieve 
the intended outcomes. Each quarter agencies evaluate and 
report to us on the performance of the high-risk projects. 
These projects are considered ``high-risk,'' requiring special 
attention from the highest levels of the agency management and 
oversight authorities due to size, complexity and/or nature of 
the risk of the project, but they are not necessarily at-risk. 
For example, a successfully performing project may still be 
classified high risk due to the exceptionally high costs and/or 
complexity of the project.
    Oversight authorities and agency management must have 
tangible data on the performance of the projects at least 
quarterly to better ensure improvement in execution and 
performance. Agency managers and oversight authorities should 
know within 90 days if a project is not performing well. It is, 
therefore, a collaborative effort to manage project risk and 
avoid problems or to catch them early should they occur before 
the taxpayers' dollars are wasted. This approach is separate 
and unique from what we do on the Management Watch List since 
it presents the oversight authorities about information in a 
differing focus and timing and expected results. It is not 
designed to replace the pre-existing oversight and internal 
agency processes but, rather, to supplement and complement 
them.
    This concludes my initial remarks on our strategy and our 
progress to date in analyzing and tracking, and the results 
have been included in my written statement. I would be glad to 
take questions when it is appropriate.
    Senator Carper. Thanks, Ms. Evans. We can reserve your 2 
minutes, if you want.
    Ms. Evans. No. That is OK.
    Senator Carper. All right. Mr. Powner, welcome. Thank you 
for joining us and for your work.

    TESTIMONY OF DAVID A. POWNER,\1\ DIRECTOR, INFORMATION 
 TECHNOLOGY MANAGEMENT ISSUES, U.S. GOVERNMENT ACCOUNTABILITY 
                             OFFICE

    Mr. Powner. Thank you. Chairman Carper, Dr. Coburn, Senator 
Akaka, we appreciate the opportunity to testify this afternoon 
on poorly planned and performing Federal IT projects.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Powner appears in the Appendix on 
page 47.
---------------------------------------------------------------------------
    Last September, we testified before this Subcommittee that 
$10 billion in Federal IT spending was at risk of being wasted, 
that this figure was understated, and that OMB and agencies 
could do more to oversee these technology investments. The good 
news is that OMB has stepped up its efforts and there is more 
accurate reporting of troubled projects due to your oversight. 
However, we still have tens of billions of dollars at risk, and 
additional efforts are needed to better manage these technology 
investments.
    This afternoon, I have three points to make:
    First, over 200 IT projects totaling more than $10 billion 
are still not appropriately planned for or managed.
    Second, OMB's efforts have resulted in more accurate 
reporting and oversight of troubled projects.
    And, third, despite progress, the $10 billion figure is 
still understated, and additional oversight is needed from both 
OMB and agency CIOs.
    Expanding on each of these, first, as of July of this year, 
nearly 140 projects totaling $8.6 billion were on the 
Management Watch List, and nearly 125 projects totaling $6 
billion were being reported as high-risk projects with 
shortfalls. Common to both lists, as your chart shows here,\2\ 
are more than 30 projects totaling more than $4 billion, 
meaning that these projects are both poorly planned and poorly 
performing. For example, DHS' Secure Border Initiative project 
is on both lists.
---------------------------------------------------------------------------
    \2\ The chart referred to appears in the Appendix on page 125.
---------------------------------------------------------------------------
    Second, OMB has initiated several efforts to improve the 
reporting and oversight of troubled projects. Specifically, the 
number of reported projects on the Management Watch List 
increased from last year, as did the number of high-risk 
projects with shortfalls. For example, last year when we 
testified before this Subcommittee, we reported that 70 high-
risk projects totaling $2 billion had performance shortfalls at 
that time. We also identified several projects that clearly 
should have been included on the list and were not. Since then, 
the number of high-risk projects with performance shortfalls 
has nearly doubled, and the projects we identified are now 
included. This is due in part to OMB working with agencies to 
ensure more consistent application of the high-risk criteria. 
In addition, since last September, OMB publicly releases on a 
quarterly basis aggregate lists of Management Watch List and 
high-risk projects by agency.
    Despite these positive steps, agency Inspectors General 
continue to report issues with the accuracy and reliability of 
the Exhibit 300s, which means the number of projects on the 
Management Watch List is still somewhat inaccurate and 
understated. We also remain skeptical whether all high-risk 
projects with shortfalls are being reported by agencies. For 
example, although DOD accounts for nearly half of the $65 
billion in Federal IT expenditures, it only reports three 
projects that collectively total less than $1 million with 
having shortfalls.
    We would also like to see agency-specific and 
governmentwide root cause analysis performed on Management 
Watch List and high-risk projects. Having such information 
would help identify areas for agencies to focus on and to 
identify weaknesses that transcend individual agencies. Such 
information would help to identify agency-specific and 
governmentwide improvement areas that could be addressed by 
hiring, training, and independent review teams, to name a few. 
In addition to focusing on the root causes of these poorly 
planned and performing projects, agency, OMB, and congressional 
oversight should focus immediately on the 33 projects 
highlighted in my written statement that are on both lists, as 
well as those projects that are repeat offenders, meaning that 
they have been on either list for extended periods of time. For 
example, last September, there were 86 projects on the 2007 
Management Watch List; 29 of these are on the 2008 list since 
it was released earlier this year with the President's budget. 
In addition, my written statement highlights over 20 projects 
that have had performance shortfalls for the last four 
quarters.
    In summary, Mr. Chairman, OMB should be commended for 
shining a spotlight on these poorly planned and performing 
projects. Now more needs to be done to fix them. Specifically, 
OMB and agencies need to address the root causes of these 
management weaknesses and focus on those projects that have 
multiple issues or those that have a long history of planning 
and performance shortfalls. Until this is done, we continue to 
risk wasting billions of dollars on these projects and leaving 
gaps in mission-critical operations.
    This concludes my statement. Thank you, Mr. Chairman, for 
your continued oversight of the Federal IT budget.
    Senator Carper. Mr. Powner, thanks very much.
    I am going to ask you to talk us through each of these 
charts.
    Just walk us through Figure 1, please, poorly planned and 
poorly performing IT projects, from June of this year. Just 
explain both of them, if you will.
    Mr. Powner. Well, first of all, the Management Watch List, 
that is derived by a review of agencies' Exhibit 300s, so these 
are poorly planned projects.
    Senator Carper. Talk to us a little bit about the Exhibit 
300s. Some people have never heard of Exhibit 300s. Just what 
is it?
    Mr. Powner. Well, what the Exhibit 300s is, it is the 
business case for these IT investments. It is also an assurance 
that we have adequate planning from a project management point 
of view. There are several areas based on OMB's guidance--and 
Ms. Evans can get into the details here--where we look for 
things like earned value techniques so we can track costs and 
schedule performance and those types of things, effective risk 
management programs.
    So based on the review of these business cases, there is 
roughly 136 projects totaling $8.6 billion that are poorly 
planned. That is where you get the combination of the first two 
boxes there, the Management Watch List.
    Now, the high-risk projects, as Ms. Evans clearly pointed 
out, just because it is high risk does not mean that there is 
an issue with it. What we focus on are high-risk projects with 
performance shortfalls, one of these performance shortfalls on 
the far right chart.
    So if you look at the high-risk projects with shortfalls, 
we roughly have $6 billion projects--that is about 125 projects 
totaling $6 billion. So if you take the two lists and add them 
up, you get to about $14 billion. But since we have the overlap 
of $4 billion, collectively we have about $10 billion that is 
at risk today.
    Senator Carper. All right. Go ahead and talk to us a little 
bit about the chart on the right.
    Mr. Powner. The chart on the right, if you look at the 125 
high-risk projects with performance shortfalls, some projects 
report multiple shortfalls. that is why it adds up to more than 
125 on the far right. So, clearly, the No. 1 shortfall for 
these high-risk projects are costs and schedule not within a 
10-percent threshold. That is very common across the Federal 
Government, and I think the chart that Dr. Coburn held up that 
talked about the rebaselining, at times there are good reasons 
to rebaseline, but what you do not want is excessive 
rebaselining that masks overruns within 10 percent. And I think 
that is a large concern that was appropriately pointed out.
    You can see there that the second highest reported 
shortfall is where we do not have a clear baseline. Then 
following that are 33 projects that are self-reporting that 
they do not have a qualified project manager.
    Now, interestingly, if you added the totals of those 33 
projects, you come close to $1 billion worth of investment for 
fiscal year 2008. That is not a good thing. We are saying that 
we have $1 billion worth of investment that we do not have 
qualified PMs running those projects.
    And then, finally, the last category there is duplication. 
In that case, there are a lot of e-gov initiatives where 
agencies have some of their financial management e-gov projects 
that they are actually reporting that there is current overlap 
with that because they have existing payroll systems and the HR 
systems and those types of things. But, clearly, the No. 1 
issue here is the cost and schedule variance.
    What we would like to see is not only a breakdown like 
this--this is a good breakdown for the high risk. We would like 
to see a breakdown like this for the reasons why projects are 
on the Management Watch List. We have never seen that. So we do 
not have a comparable breakdown for the Management Watch List.
    So what my written statement highlights is we would like to 
see a comparable breakdown, and then we would also like to see 
even a further breakdown where you get at the root cause 
analysis. Why do we not hit the 10-percent threshold? Well, I 
can tell you that we estimate poorly; we define requirements 
poorly; we have poor risk management; we have issues with 
overseeing contractors. If we got into those root causes a bit 
more, then you can attack a lot of those root causes from a 
governmentwide and agency perspective. And to Ms. Evans' 
credit, her CIO Council and a number of efforts actually touch 
on a number of these improvement efforts. But we would like to 
see more follow-up from a root cause analysis from these lists.
    Senator Carper. Would you repeat what you were saying there 
about we do not have a comparable . . . ?
    Mr. Powner. We know that there are 136 projects----
    Senator Carper. And then I am going to ask Ms. Evans to 
respond to that and say why do you suppose that is the case. Go 
ahead.
    Mr. Powner. We know there are 136 projects totaling $8.6 
billion on the Management Watch List. Now, we do not know why 
they are on the list. We know it is one of 10 categories. We 
understand how OMB scores, but we do not have the specifics 
where we would have a comparable analysis like we do for the 
high-risk projects with shortfalls.
    Senator Carper. Do you think that would be helpful to have 
that?
    Mr. Powner. Absolutely. I think if you want to attempt to 
attack the root cause of the issues here, it would be nice to 
have that breakdown and then go after the primary problems.
    Senator Carper. OK. Ms. Evans, would you just make a 
comment or two on that, please?
    Ms. Evans. When we review the business cases, there are 10 
areas, as Mr. Powner said, that the business case is composed 
of when we look at major investments. And so in those 
particular areas, it is things like project management which 
then translate over to the high-risk list. So you actually see 
activities related--what they say they are going to do for 
project management, do they have a qualified project manager. 
So you actually see that going into the execution.
    We have not released the exact scoring of this for a couple 
reasons, too, because this is a planning document as the agency 
is justifying the investment, going forward and talking about 
how they are going to do certain things that support the 
priorities going forward through the agency. So it is a 
supporting budget document at that point. That is one of the 
issues.
    The other thing is that there is a lot of analysis. We may 
not be as transparent with the analysis as everyone would like 
for us to be, so I will acknowledge that up front. But there is 
a lot of analysis that goes onto this and that when we release 
it, along with the other activities that we use, like on the 
President's Management Agenda, on the scorecard, we actually 
evaluate things like security and privacy. There are specific 
criteria associated with that. And so when we rank these, when 
we rate these, we are using other information that complements 
the business case, not just what is said in the business case 
alone.
    So if you take security and privacy, when a business case 
comes in, in September, the annual cyber security report also 
comes in, in October. So what we do is we look at that 
information together, and so if an IG says that an agency has a 
very poorly performing security program, when you start looking 
at what is happening within the security overall within an 
agency, we look at that in total, and we say, OK, this 
particular part of this business case, which we have been very 
public about that, the whole business is at risk because they 
have a poorly performing security program. So we put those 
investments on the Management Watch List based on using the two 
pieces of information together.
    Now, it is possible--so I am really getting into some 
nuances here--that they can have some type of compensating risk 
for that particular investment which may not necessarily put it 
on there. So we use several pieces of information, and so my 
concern is that if we released a comparable piece when we are 
in the planning phase, it may not necessarily show all the 
analysis that goes into what we do with the business case as we 
are making recommendations through the budget process. So this 
is a planning document.
    At the end, when we release it, when the President's budget 
is released, we keep them on the Management Watch List for 
specific things. And I think what I am hearing from everybody--
so I will go back and relook at that--is at that time when we 
release those, you would like to know specifically why they are 
remaining on the Management Watch List, and is it something 
systemic like a failing cyber security program, or is it 
something particular to that particular investment. And so I 
will take that back and look at that as a potential area for 
improvement for us.
    Senator Carper. All right. Good. Thanks.
    I am going to ask you to hold your fire right here, and we 
have 7 minutes to go on this vote, and I am going to run and 
vote. We are going to stand in recess until Senator Coburn 
comes back. We will resume the hearing once he gets back, and 
he will ask some of his questions. And I should be back in 
about 10 minutes, but for now, let's just stand in recess. And 
as we used to say in the Navy, ``At ease.''
    [Recess.]
    Senator Coburn [presiding]. All right. We are going to try, 
for the sake of efficiency, to keep going, and Senator Carper 
should be back shortly.
    I want to spend a little time on the business case, the 
Exhibit 300s. When something comes on the Management Watch 
List, most often it is because the Exhibit 300s, there is 
something wrong with them, right?
    Ms. Evans. Yes, sir.
    Senator Coburn. How is it that we have already bought a 
product when there is something wrong with the business case 
analysis?
    Ms. Evans. OK. When you do a business case analysis, it 
depends on where you are in the lifecycle of the investment as 
well.
    Senator Coburn. Well, let's talk about just when it starts.
    Ms. Evans. A brand-new one.
    Senator Coburn. A brand-new one. If we have a business case 
analysis that does not fit, that in OMB's assessment is 
suspect, how in the world do we start down the road on a 
contract when we have a business case analysis that does not 
make sense in the first place?
    Ms. Evans. So if this is a brand-new project and we look at 
the business case and the business case is not strong enough or 
there is a weakness in it based on--because at that point it 
would be planning and then your potential acquisition strategy. 
So those would be the areas that we would highlight the most on 
because it is a brand-new type of effort.
    So if it ended up on the Management Watch List, what 
happens is that is 2 years in advance, so the Management Watch 
List, what you are doing is that is a document that is 
supporting the upcoming budget. So right now, they have not 
done anything except for tell us what they are planning to do. 
And we are saying there is a problem with what you are planning 
to do, whether it is the acquisition strategy, you have not 
thought of all these things.
    So we work with them all the way up to where they actually 
have to execute out on that planning document. We say, ``OK, 
you have to have a remediation plan, or we want you to go back 
and look at the acquisition strategy, or it is not really 
strong, or whatever the weakness is.'' And so we work through 
the upcoming year knowing that they have got to fix and put 
some type of plan in or address it or fix their acquisition 
strategy going forward.
    Now, in the ideal world, what would happen is before the 
fiscal year starts, they would have addressed all those 
weaknesses so that when the money is appropriated and they 
start that new project, that all the things that we have 
identified from a planning perspective jointly have been 
resolved, so that they can then go forward with the proper 
precautions in place.
    If you step back and say, ``OK, maybe they did not address 
some of the planning issues, like project management, they do 
not have a qualified project manager on there to manage it 
through;'' then what will happen is we say, ``OK, they have 
done these other activities, they have this person set up to go 
into training, they have a remediation plan as they start to 
execute.'' So it moves to the high-risk list because that is 
when you are actually executing out on that particular effort 
that we thought needed to have some type of remediation.
    Senator Coburn. But here is the thing I do not understand. 
If, in fact, everything is not solved, why would we go on and 
allow a contract to be let?
    Ms. Evans. Sometimes we do not.
    Senator Coburn. Well, I know, but sometimes you do.
    Ms. Evans. Sometimes we have to----
    Senator Coburn. No, you do not have to. You could say we 
are not prepared to spend the people of this country's money 
wisely so, therefore, we are going to hold off on your allowing 
to let this contract--unless it is an earmark, we are going to 
hold off allowing you to spend this money until you have your 
act together.
    Ms. Evans. Which I would say that OMB does use its 
authorities appropriately, especially in those types of cases, 
and then we also then, if the project has to go forward because 
there is a compelling business need, that we use the proper 
budget authorities, proper management authorities that we have, 
and we do not just release all the funds so that there is a 
floodgate of money and no accountability.
    Senator Coburn. No, and I am not accusing you of that.
    Ms. Evans. Right.
    Senator Coburn. If something is on the high-risk list and 
then it goes to the Management Watch List, to me it says we did 
not do what we were trying to do on a high-risk list. In other 
words, the whole purpose for having the high-risk list is so 
that they do not move to the Management Watch List. And if they 
are moving from a high-risk list before we ever institute a 
contract to a Management Watch List, how did we fail in that 
time period where we recognized there was a problem until we 
were implemented?
    If there is a business case to be made to start a program 
and yet we are going to start it without all the tools and all 
the management there, why would we go on and start it? Even 
though we are going to lose some time, why would we not get it 
right before we start it? Because we are wanting to spend the 
money in the budget that is allowed?
    Ms. Evans. No. I would say, sir, to the agencies' credit in 
that particular case, the underlying business requirement is 
there because they put it together, whether it is a brand-new 
program coming out or there is a business need. So they clearly 
have identified a business need, and it is a major investment 
because it is coming in on a business case. I would say a lot 
of times to the agencies' credit, especially when we are 
highlighting certain areas that we have major concerns with, 
which we know the oversight committees would also have concerns 
with, they do slow down several of these activities until there 
are proper gates in place. They do go back and relook at that 
and slow it down and say, ``OK, we cannot--we are not going to 
spend this money right now because we cannot answer some of 
these questions, we do not have the right contracting vehicle 
in place, OK, you want us to put certain provisions into the 
contract, we need to go back and look at it.''
    And so the agencies in partnership with us, with, ``we are 
OMB'' type of approach here, but they do go back, to their 
credit, and go back and re-evaluate those, and there have been 
several projects where they have either stopped them because 
there was not adequate controls in place and then restarted 
them, or they have stopped the contract and redid the contract 
to address those concerns.
    Senator Coburn. How much is Congress to blame for bad 
projects moving forward? Have you looked at that? In other 
words, where we have directed you to do something that you are 
not ready to do because some Member of Congress says you have 
to do it?
    Ms. Evans. I cannot say that I have specifically done that 
particular analysis.
    Senator Coburn. Has GAO looked at that?
    Mr. Powner. No, we have not. But one thing to point out, 
the high-risk list, Dr. Coburn, if you look--we have 840 
projects, right? And so ``high risk'' means it is an 
important--it is high dollar, it is an important project. If we 
do not deliver it, there is going to be some----
    Senator Coburn. There is going to be a cost.
    Mr. Powner. There is going to be an issue, right?
    Senator Coburn. Right.
    Mr. Powner. So of the 840 projects, we have about 440 that 
are deemed high risk, which means they are important projects. 
So we have 400 projects that agencies are saying are not that 
important. That does not make sense, does it?
    Senator Coburn. No.
    Mr. Powner. I would expect 90 percent of our 840 projects 
or more to be on the high-risk list.
    Ms. Evans. Well, OK.
    Mr. Powner. To your point about what are you instructed to 
do and that, I think, it would be worthwhile to look at those 
400 projects. Why aren't they high risk?
    Senator Coburn. Well, I think you will probably get a 
letter from my staff requesting that of the GAO after this 
hearing.
    Ms. Evans. There is a nuance here, so I need to clarify 
something. I feel this compelling need to clarify this. I 
appreciate this opportunity.
    When we use the 840 number, that is a major investment. So 
when you are preparing this audit to ask them to look at this, 
that does not necessarily directly equate to 840 projects. So 
there could be a lot more projects under that investment, 
depending on how they group things. I am going to give you an 
example. Our policy says for one business case, one investment, 
we want one Exhibit 300 that deals with infrastructure, office 
automation, desktop computing. Now, when you actually look at 
that and what is encompassed in that, we also have a policy out 
there that is now telling agencies you need to do a standard 
desktop configuration, you need to move your agency to 
implement Internet Protocol Version 6. There are other things 
that they are doing, like changing out their telephone systems, 
updating--those are all projects.
    So there could be potentially five to six projects 
associated with one investment, so I am actually making the 
argument that there could be more than what is being reported 
here, but I want to make sure that everybody realizes it is not 
a one-for-one match here.
    Senator Coburn. I think that is a fair statement, and we 
will do that as we look at it. But it kind of goes back as to 
why if we start a project and it is on the high-risk list, why 
does it stay on the high-risk list? Why don't they ever get 
off?
    Ms. Evans. Because sometimes they should stay on there 
because of the complexity of the project, or because of the 
oversight and the mission-critical nature of the project. It 
can be a very highly performing project, but everybody wants to 
make sure that it gets to the intended results. And so there 
are other projects that are down there that are--for example, 
let's take the 25 E-Government initiatives. Those are very 
important to the Office of Management and Budget. Those may not 
necessarily have the same level of importance to every 
different part of the organization within the agencies. So we 
use our authorities to put that on the high-risk list to make 
sure that there is not duplication.
    A project could be performing very well, but because 
Congress has a particular interest in a project because it is 
mission critical, because it is doing things with homeland 
security, it should be on the high-risk list so that everyone 
knows what it is doing, how well it is performing, getting that 
information on a quarterly basis so that you know how it is 
performing.
    Senator Coburn. So let's go back to the Management Watch 
List. Those are poorly planned?
    Ms. Evans. Yes.
    Senator Coburn. So let's just use the Management Watch 
List. Why do they stay on the Management Watch List then? If 
they are poorly planned, where is the arrow that goes in and 
says poorly planned, fix it or quit it? Make it properly 
planned and fix it rather than keep it on the Management Watch 
List because it continues to be poorly planned.
    In other words, that is not an acceptable behavior anywhere 
in the private sector that you are going to allow somebody to 
continue to have a nightmare program and not go in and fix it. 
And we are not going to continue over a 5-year period to 
continue to say this is a poorly planned project. Somebody has 
to remedy a treatment or a solution for that problem.
    I am not upset with you all. I think you guys have done a 
great movement. I want to move us all the way. I think we are 
wasting $6 to $8 billion a year on IT right now, at a minimum 
in this country because we do not do bid--we do cost-plus 
contracting. And we could get a lot of it done for a whole lot 
less if we held contractors' feet to the fire and if we knew 
exactly what we wanted. Our problem is that we do not know what 
we want, so we still offer a contract anyhow, and the system 
works to where it is cost-plus. And since we are changing what 
we want as we go, the VA has rebased over 90 percent of their 
projects, IT projects, which means they do not know what they 
want when they started it. They do not know the final result 
they want.
    As we move people onto the high-risk list, we move them 
onto the Management Watch List, there has to be--if they stay 
on the high-risk list, I understand that. It is something 
important for the Pentagon or Homeland Security or something 
that is strategic. But the Management Watch List is not. It is 
``poorly planned.'' That is what the definition of it is.
    Ms. Evans. Right.
    Senator Coburn. And so why do they stay there?
    Ms. Evans. So when you look at that, I would ask for us to 
drop down a specific level, which when you look at all the 
different investments that have been initially on the 
Management Watch List--it is a planning document, but we have 
done the analysis across the board, from the inception when we 
started the Management Watch List. Now we changed it from 2004 
to 2005, and we called it a ``Management Watch List'' because 
there were activities, things you needed to look at and work 
with it.
    If you look at it from the time that we started that to 
now, and out of the thousands of investments that we had, there 
are 73 that have consistently been there for one reason or 
another, depending on where they are in the lifecycle. So when 
you look at that number, 73--I am not saying that is good, bad, 
or indifferent. We know exactly what it is. So then what you do 
is you drop down and you say, ``OK, is it a systemic problem 
within the agency or is it that particular investment because 
they do not know what they want to do on that particular 
project.'' And in the case of one agency, I know it is the two 
because it is duplication. And we are arguing with the agency 
saying that it is duplication in what you are doing and so we 
do not agree with this, and so we have been scaling back and 
making them move those so that they are consolidating the 
system.
    So we have had that ongoing issue to consolidate down and 
have a good plan so that they can continue on with the services 
that they are doing, but consolidating it and meeting all the 
other requirements. We have continued to put that on the 
Management Watch List from that perspective, and then each year 
we work through that incremental performance with them.
    Now, I will tell you that when you look through the 73 
investments that are consistently on the Management Watch List, 
our numbers, even though we have not released these, match up 
with yours. We have identified the same type of issues that you 
have. There is a systemic problem at VA. There are issues at VA 
about how IT programs are being managed, how they are doing 
certain things. And the CIO there, Bob Howard, is really 
aggressively moving out to address those overall weaknesses 
that you are now seeing through all these other indicators.
    And so we are working very closely with him because there 
are underlying issues that are causing people to question why 
they are rebaselining, why these things are happening, and it 
does go back to specific things like what problem are you 
trying to solve and how will you know that you have done it and 
how does this investment or this particular IT project, how is 
this helping you get there?
    Senator Coburn. I will finish up, if we can come back in a 
minute. Is there a clearance procedure at OMB for IT programs 
throughout the government? In other words, can they initiate 
one without you all saying OK?
    Ms. Evans. That is kind of----
    Senator Coburn. Well, now, that is just a yes or no answer. 
Can they initiate an IT program without OMB's approval?
    Ms. Evans. I would say that the answer, the straight yes or 
no answer would be ``yes.'' I would hope that agencies, through 
the process of what we have in place, that they give us the 
information ahead of time. But we are talking about major 
investments, and when you talk about an IT project, the Exhibit 
53, which is a higher-level document that summarizes 
information, we do not get down into the specificity of some 
specific projects because we allow them that flexibility.
    Senator Coburn. Are you still allowing the VA some of that 
flexibility? And are you still allowing the Department of 
Health and Human Services that flexibility?
    Ms. Evans. No, that is a different issue on that particular 
one. So what we have in place is earned value management. There 
is a policy in place. So earned value management deals with 
this particular issue. That is the actual execution. So when an 
agency starts a project, there are certain guidelines in place. 
You are either using new money, you are starting something new, 
or it is steady state. If you are using new money, you have to 
put this in place.
    And so we work very closely with these agencies, and VA in 
particular is on my other list--I have another list here--from 
the earned value management, who has it in place, who has 
policies in place, who has these things in place. That is what 
that issue is because in order to really do it, you have to get 
an integrated baseline. Once you do that, the simplest way to 
understand it is--I plan these actions for this year and this 
is how much I think it is going to cost. Then I start executing 
out every quarter, and if I have done a good job planning, it 
is going to fall within 10 percent. If I have done a bad job 
planning, it is going to be really out there, or it may take an 
action like rebaselining.
    Senator Coburn. But if you had a fixed-price contract and 
you knew what you wanted and you competitively bid it, you 
would not have the price variance.
    Ms. Evans. You would not have a price variance, but you 
would still have a performance variance.
    Senator Coburn. Well, you may, but at least you are 
controlling the other end of it. We are not controlling the 
other end of it. Twenty percent is the average.
    Ms. Evans. Well, and we agree with you because we--that is 
the other thing that we asked the agencies right when they were 
starting, if they were in a new phase of the contract, or 
whenever a contract is coming up for renewal. All the E-
Government initiatives, the way that we are moving those out 
are performance-based contracts. You pay on the level of 
performance. If you do not perform, then you do not pay. Or 
there are incentives for pay or there are disincentives for 
performance.
    Senator Coburn. I need to yield back, and I will yield to 
the Chairman.
    Senator Carper [presiding]. All right. Senator Akaka, you 
are recognized. Thanks for being here.
    Senator Akaka. Thank you very much, Mr. Chairman.
    Ms. Evans, I understand from your biography that you have a 
lot of experience in government. First, let me thank you for 
that service. As you may know, I am a strong advocate of 
choosing government service as a career, and I am glad you have 
chosen that path. I hope that your service will help us find a 
better way to deal with the problems that we have now. So when 
you hear reports like $65 billion is being spent for 6,500 IT 
projects, it is difficult to understand how much investment is 
put in, and immediately the question becomes: How do we keep 
this in check? Is it working right? And this is our problem, 
and we are trying to find answers to do that.
    From your long service, I am sure that you understand 
better than most how government agencies often resist change, 
especially in processes that have been in place for years. This 
is often reflected in the unique technology solutions adopted 
at many agencies, and what I am referring to is that many 
agencies do create their kinds of systems.
    In the area of information technology, should agencies be 
doing more to adopt private sector best practices so that they 
can use more off-the-shelf technology?
    Ms. Evans. So the simple answer is yes, and when we go 
forward on that--but I do think that there are a lot of things 
that we do within the Federal Government that the private 
sector does not have to do, especially statutory types of 
requirements and data assurance and information security types 
of requirements that Federal CIOs need to do and are 
statutorily required to do.
    So I think a lot of times when you start looking at best 
practices, there are actually some really good best practices 
within the Federal Government, and we need to make sure--that 
is what the CIO Council does, to make sure that they are shared 
across the government so that all of us can learn from one 
another.
    Senator Akaka. Mr. Powner, in 2004, GAO released a report 
on agency CIOs that found that there is high turnover, as I 
mentioned in my opening statement, with an average tenure of 
about 2 years. Can you give me your thoughts on what, if 
anything, the Federal Government can do to compete with the 
lucrative private sector for the best talent and then keep that 
talent in the government?
    Mr. Powner. There are several things that you can do. First 
of all, it is very difficult to compete because the salaries 
are comparable in the Federal Government, first of all. And you 
are right that turnover is very high. On average, it is 2 
years. If you look at political appointees, it is less than 2 
years; career CIOs, slightly higher.
    One of the things you can do--and there are some agencies 
that have done a very good job looking at critical position pay 
authority, where you can actually pay up to the salary of the 
Vice President through critical position pay. IRS is a good 
example. IRS sought a number of those critical position pay 
authorities, and a lot of those are within their IT 
organization. They were able to attract some very talented 
folks. In IRS we always hear a mixed bag about whether they are 
doing well or not, but they have had some successes in recent 
years, and that is due to the critical position pay. So that is 
one area that you can look at.
    The other thing that is very important when you have this 
continuity that is always at issue is the Deputy CIO position. 
Some agencies have been very effective, especially when you 
have political appointees, having a career deputy, that kind of 
keeps some continuity over time there. So that is also 
something that is very key.
    Senator Akaka. Ms. Evans, can you give me your thoughts on 
that same question?
    Ms. Evans. OK, so I am probably the exception to the rule 
since I am now a political appointee, and I am going on my 
fifth budget season. So I am past the 18-month piece here in 
both tenure.
    So it is hard for me as a career public civil servant to 
say that there is competition out in the private industry. To 
me, these jobs are very rewarding, and so there are reasons why 
you are attracted to public service. And these jobs, especially 
the CIO jobs, are very exciting because you are right on the 
cutting edge and you see everything, and so you have the 
opportunity to really make a difference. You see how things 
are, and you see how things can be. And so I think it is 
important for us to attract the right folks in here.
    Now, on a more granular level, what happens is we are 
required through the Clinger-Cohen Act to actually do a 
workforce assessment. We do one every 2 years. So the CIO 
Council actively takes this on. We have identified where our 
skill gaps are. We have identified what our personnel gaps are, 
how many people we have on board in those positions, and we are 
actively doing things to ensure that we can retain them through 
activities like pay. We are doing other activities along the 
lines to ensure that they are properly trained. We have put out 
guidance dealing with project management. That is a particular 
skill gap that we have identified that we have to have and 
recruit and retrain.
    The CIO Council has actively gone out and has programs in 
the high schools as well as the colleges to attract IT 
professionals into our area. We work very closely with several 
programs that the agencies have in cyber security, which is 
another area so that we can then do direct hires and bring them 
into our workforce.
    I do think that there are a lot of things that we need to 
talk about as far as leadership and continuity of that 
leadership, and there is a lot to be said about how there is 
the political CIO as well as the career deputy. But I will tell 
you, if you look at the agencies going across the board, the 
leadership that is in the agencies now look at the CIO as a 
critical function and now whether it is political or career. 
They look at it as what are the skill sets that we need, what 
are we going to accomplish, and who is the right person for 
that job. And I actively work with each and every department to 
ensure that we get the right person into those positions as 
they leave.
    I am very passionate about my service, and I feel that we 
have a wonderful opportunity here in the Federal Government to 
make a difference. So I think that it is attractive enough and 
that there are other things that attract us into this. And so I 
think everybody does want to do a good job when it is all said 
and done at the end.
    Senator Akaka. I understand that part of the problem that 
we are facing today in trying to resolve these problems is that 
GAO is having some difficulty in tracking problem projects. And 
the reason that I see as stated here is that OMB does not list 
why specific projects are on the Management Watch List.
    Is that correct? And if so, what can we do to correct or 
improve that?
    Ms. Evans. So that is correct. We do not list the specific 
reasons when we release the list that is out there for the 
Management Watch List. We have really looked at that--we were 
discussing it a little bit during the break--because we look at 
the Management Watch List as a planning document, and what is 
really more important is how agencies are actually executing, 
which is all the information associated with the high-risk list 
because that is boots on the ground, what are they doing, how 
are they performing, and you can get that information on a 
quarterly basis.
    The Management Watch List in our view is a planning 
document that an agency is doing 2 years in advance, and so 
what we really want them to be focused on is execution and 
getting the things done.
    So this was my concern initially--but 100 percent 
transparency is giving us consistency here--that we get very 
focused on the list and not really focused on the results. And 
so that is why we put a lot of effort on the high-risk list. 
But I hear the concern, and so I will go back and see what we 
can do about when we release the President's budget and the 
list and the information about having more transparency into 
that process.
    Senator Akaka. And our concern, too, is that the Clinger-
Cohen Act requires you to establish the process, analyze, 
track, and evaluate the risk, and also analyze the results of 
the major capital investments that are made, and my question 
was to see that is carried out.
    Actually, we have heard from GAO that they are having 
difficulty along this line, and I hope we can find a way of 
improving that. Thank you very much, Mr. Chairman.
    Senator Carper. Thank you, Senator Akaka.
    Let me go back to this chart over here for just a moment, 
if we could, and, again, we are looking at the number and type 
of high-risk with shortfalls, and the third column over says 33 
of them fall into the category of a lack of a qualified project 
manager. I think Mr. Powner said that the number--if you 
quantify the dollar value of the projects, is about $1 billion. 
And we are talking a little bit in here about how to attract 
and retain qualified folks to work in these jobs when you are 
trying to compete with the private sector where they can make a 
lot more money.
    I just want to ask about the issue of a qualified project 
manager, any idea why, Ms. Evans? Is it because we are unable 
to attract and retain folks, because there is a turnover, the 
churn in the managers that are managing these kinds of 
projects? What is the deal?
    Ms. Evans. There are a couple of issues associated with 
that which we have looked at, and so we have the specific 
information by agency going across about how many project 
managers they actually have on board and how they are training 
them and closing the gaps.
    Initially, what we have is we have more projects than we do 
qualified project managers right now. So that is the initial 
gap that we have identified, and that is what you are seeing 
right there. That is the validation of that. And so what we are 
doing is CIOs then are either compensating for and closing that 
gap in other ways--they put a person in there and then train 
the person as they are going along with the project. And so 
that is why they will show up that way. If it is a project that 
is a high-level project that needs the highest-level project 
manager, yet they only have one who is certified at a secondary 
level, they will put that person in there, but then they will 
concurrently train them as they go forward.
    So it is a gap, and it is a combination of several things: 
Recruit, retrain, the churn as people leave, and then the 
volume of the projects. So we are constantly focused on trying 
to close that gap.
    Senator Carper. Is it being closed? Is it steady? Is it 
going up? Is it going down in terms of--that number last year, 
was it 30 or 25? Or was it higher?
    Ms. Evans. To be really honest, right now the methodology 
that we are using does not give me accurate enough data to be 
able to answer that question going forward. We are really 
looking through those numbers so that I can consistently 
answer, have I systemically addressed what that issue is. I 
know what the numbers are by a quarterly basis of what is 
happening, but when I start looking at those in conjunction 
with OPM through the scorecard, some of it I think I need to 
strengthen the process jointly with OPM so that I have more 
validity in the numbers.
    Senator Carper. Think about that question and respond in 
writing and see if you cannot give a little more insight.
    Another question or two, if I can, and I think Senator 
Coburn has maybe another one or two. We will see if Senator 
Akaka has another one, and then we will go to our second panel. 
My goal is to try to wrap it up here around 4:30. I need to 
leave by then. So we are going to try to--pardon? No, it is not 
my train. It is a meeting with our leader. And I do not want to 
get on his bad list.
    Senator Coburn. It's fun.
    Senator Carper. How would you know? [Laughter.]
    All right. For OMB, one question. When overseeing multiple 
projects by dozens of agencies, it is important to recognize 
trends and create solutions before a problem becomes 
widespread. I think we all agree with that. I noticed that some 
agencies were able to decrease the number of projects on the 
Management Watch List fairly drastically. Others sort of 
continue to have difficulty effectively managing their 
investments.
    What is OMB doing to highlight trends and examine the root 
cause of governmentwide problems in planning and implementing 
IT projects?
    Ms. Evans. So we do the analysis and look at the business 
cases across the board so that we can identify whether agencies 
are having a hard time really saying what the outcome is, so 
performance-based and a good way of measuring that.
    We look across the board to see if there are problems with 
the acquisition strategies and how those things--I think that 
has been highlighted. You are aware of those issues just like 
we are aware of those issues.
    So if we identify things that are specific to the 
workforce, like we were previously talking about, we will go 
back through the CIO Council and work those problems jointly 
with the CIO Council and go through and get suggestions, 
recommendations about how to deal with that. Is there a policy 
that needs to be done in a particular area, or is it really 
execution? And is it realignment of resources, those types of 
things?
    So we try to see if there is broad-based types of issues 
going across, and if they are, we jointly work that with the 
CIO Council.
    If it is agency-specific--and in a lot of cases, it is--I 
work very closely with the budget side of the house as well as 
the agency itself, and so there are several agencies that I 
meet with on a monthly basis so that we can make sure that we 
are addressing what those overall issues are, whether they are 
management issues, it could be leadership, it could be 
something at the higher level that they do not necessarily get 
all the visibility that they need to in some of the projects.
    We do dive down vertically, and we do look across 
horizontally at those problems, and we try to highlight those 
when we do the chapter in the budget so that everyone knows 
what type of analysis we have done as we are required by 
Clinger-Cohen. And then the types of actions that we intend to 
take, whether it is OMB-specific or CIO Council types of 
actions.
    Senator Carper. Thanks very much. Dr. Coburn.
    Senator Coburn. Great. Thank you.
    I guess one of the things I would like for you to answer 
back, after you have had a chance to think about it, is you 
have a tough job. I mean, this is a lot of stuff, a lot of 
important stuff. I would like for you to answer back: How do we 
help you? How does this Subcommittee help you? In other words, 
if there are areas where there needs to be oversight in 
specific areas, we ought to be doing that. We ought to be 
looking at it. Every now and then heat brings forth light, and 
it would be nice if we could know where we can actually help. 
Rather than just have a hearing to talk with you about it and 
ask GAO to look at it, are there specific agencies that ought 
to be before us that have failed to respond and failed to go 
up?
    I would just note, we have one in five projects that get 
rebaselined in this country. One in five. I would just tell you 
there is not anywhere else out in the private sector where they 
would tolerate that. We have one in six without a project 
manager--without an appropriate project manager. And so we 
continue to go forward with a project even though we are 
required by law to have a project manager there that is 
qualified, but we go forward and do it. And there may be some 
thought as to maybe we should not do the project until we have 
the qualified project manager there because even though we may 
be more timely in our response, the cost and the effort and the 
end product may not be near as well as had we waited a year 
until we got a qualified project manager. So I would just like 
for you to think about that.
    Mr. Powner, I would like for you to just talk with me, and 
if you do not know the answer, it is fine. What percentage of 
our IT contracts are cost-plus versus fixed-price?
    Mr. Powner. I do not have the specific numbers on that, Dr. 
Coburn. I would tell you that there are very few fixed-price 
contracts.
    Senator Coburn. Is there a systemic reason why there is not 
fixed-price contracts?
    Mr. Powner. The reason is primarily because there is 
uncertainty with what is to be delivered and that type of 
thing. So the more we can define up front through solid 
requirements that are validated, that all helps.
    Senator Coburn. In other words, better planning, knowing 
what you want.
    Mr. Powner. Correct.
    Senator Coburn. And what your end result is to be?
    Mr. Powner. Correct.
    Senator Coburn. So the fact that we do not have that 
indicates that really our planning may be worse than what we 
think it is.
    Mr. Powner. I think the planning is pretty poor. If you 
look at the Management Watch List, we are saying that 40 
percent of our projects are poorly planned, and we contend that 
is understated. OK? Because the Exhibit 300s are still--there 
are still games that are played with the Exhibit 300s.
    Senator Coburn. Are the games played because so many of the 
Exhibit 300s forms are actually filled out by the contractors 
themselves?
    Mr. Powner. Well, I think it is just the nature of your 
business case. I mean, it is not just in the government, but in 
the private sector, too, you do everything you can to stretch 
your business case to make sure you get the funding. But the 
contractors are writing a lot of those Exhibit 300s. That is 
how the process is played out, correct.
    Senator Coburn. All right. I will submit additional 
questions for the record.
    Senator Carper. As will I.
    Senator Coburn. Thank you both.
    Senator Carper. OK. Senator Akaka, another question?
    Senator Akaka. Yes, Mr. Chairman, I have some questions 
here, but let me ask one of them in the second round.
    Senator Carper. Please, go ahead.
    Senator Akaka. Ms. Evans, I am concerned that having both 
what they call an at-risk list and a high-risk list 
unnecessarily divides up the projects that are or may become 
problematic. These IT programs should be measured across 
several dimensions. For example, some projects may be 
inherently risky due to size but are executed well, while 
others may have been planned well but have poor outcomes. I am 
sure you have seen cases of both.
    Why wouldn't OMB combine all of these projects and assess 
them across the same dimensions much like OMB does with the 
Performance Assessment Rating Tool?
    Ms. Evans. So we view that the IT investments complement 
the Program Assessment Rating Tool (PART), and we do evaluate 
the IT investments in alignment with those, so there is a 
performance piece. The business case, though, has to clearly 
talk about how it aligns with program outcomes. And we do ask 
them about the PART and the process. We used to track it until 
all programs had gone through the assessment, and now agencies 
have to clearly show that alignment, whether they are meeting 
the efficiency measures in the improvement plan or they are 
actually dealing with the measures on performance.
    So we do that linkage.
    There is a difference--and we can go back and look at this, 
but there is a difference in time, and I think the way that the 
PART is structured is when they first look at it, that is how 
we have the Management Watch List. That is the business case, 
that is the Exhibit 300s, because of the cost that you are 
asking for in the budget process. It is a budget document.
    There is an improvement plan on the PART as the agency goes 
forward, and then they measure against the improvement plan. 
That is the same as our high-risk list. In our high-risk list, 
each one of those has a plan underneath it, and then we manage 
that on a quarterly basis looking to see how well they are 
executing against that plan.
    Now, it may not be as smooth, so we can take a look at it, 
but we have these two dimensions in time of how we are looking 
at it, and that is why we have separated it. But we do 
continuously analyze it, and then we also then align it. So I 
hope that has helped in the answer going forward, but we can 
take a look and see if we can better articulate how we do the 
analysis with these two documents to show that we are doing it 
on a continuum basis.
    Senator Akaka. Mr. Chairman, because I have another hearing 
to attend, let me conclude with this one question.
    Ms. Evans, OMB has put considerable effort into producing 
these risk lists, though, as we have said, we would appreciate 
it if more detailed information were available publicly. OMB 
has considerable power to influence how agencies spend the 
dollars that they have been budgeted.
    If OMB concludes that an individual IT program is having 
problems or is failing, could it and should it use budgetary 
means to try to correct or end it?
    Ms. Evans. Yes.
    Senator Akaka. Thank you. Thank you, Mr. Chairman.
    Senator Carper. Was that the answer you were looking for?
    Senator Akaka. Yes.
    Senator Carper. All right. We will wrap up this panel with 
that response. I just want to thank you both for being back 
here and for the time you spent preparing for the testimony 
today and for your focus on these issues.
    Dr. Coburn a year or two ago put his finger on an important 
issue, and I certainly agree that it is important. He asked a 
real good question here today--several of them, but one of them 
was how can we be of further help? And I just think it is 
helpful when you put a spotlight on an issue that needs to be--
an itch that needs to be scratched, and this is one that needs 
to be scratched. And to the extent that we can be 
constructive--and that is what we want to be--we look to you 
for some guidance on that front.
    In the meantime, stay vigilant, remain vigilant, and we 
will look forward to having the opportunity to continue this 
conversation further down the line. Thank you very much.
    With that, we would like to invite our second panel to come 
forward, please. Barry West, we are going to start off with 
you. I am going to just make a very short introduction here. 
Full introductions will be in the record, but this is just the 
highlights.
    Mr. West joins us as Chief Information Officer at the 
Department of Commerce. Mr. West was formerly the Chief 
Information Officer and Director of the IT Services Division 
for the Department of Homeland Security and FEMA, as well as 
the CIO at the National Weather Service. He serves in a number 
of key associations and councils advising on information 
technology issues.
    Daniel Mintz, currently serves as the Chief Information 
Officer for the Department of Transportation. His previous 
experience was with Sun Microsystems where, for 10 years, he 
worked on implementing large government and commercial 
programs. Before that he served as a member of the State of 
Maryland Advisory Panel on Electronic Commerce, providing 
advice on enabling online commerce in his State, my neighboring 
State to the west.
    Next we have Michael Duffy, who just last week was 
appointed as the Deputy Assistant Secretary for Information 
Systems and Chief Information Officer at the Department of the 
Treasury. Good for you. He joins Treasury after serving at the 
Department of Justice where he served as the Deputy Chief 
Information Officer.
    Next, Scott Charbo. Mr. Charbo is the Department of 
Homeland Security's Chief Information Officer. He has previous 
experience as CIO for the Department of Agriculture and as 
President of a company called mPower3, Incorporated. Welcome.
    And, last, Paul Brinkley, who is the Deputy Under Secretary 
of Defense for Business Transformation at the Department of 
Defense. Mr. Brinkley leads the business modernization for the 
Department of Defense, and prior to assuming his current role, 
he served as Senior Vice President of Customer Advocacy and 
Chief Information Officer for JDS Uniphase Corporation.
    We welcome you all. Your entire testimony will be made part 
of the record, and we will recognize you in the order that you 
have been introduced. If we have time for questions at the end, 
we will do that. If not, we will submit questions and ask you 
to respond for the record. I need to leave here about 4:25.
    Mr. West, you are recognized. Thank you again for coming.

TESTIMONY OF BARRY C. WEST,\1\ CHIEF INFORMATION OFFICER, U.S. 
                     DEPARTMENT OF COMMERCE

    Mr. West. Chairman Carper, Ranking Member Coburn, Senator 
Akaka, I appreciate the opportunity to address you on the 
Department of Commerce's inclusion on the Office of Management 
and Budget's High-Risk List and Management Watch Lists.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. West appears in the Appendix on 
page 81.
---------------------------------------------------------------------------
    Commerce has 12 information technology investments on the 
OMB High-Risk List. Of these, eight represent Commerce's 
participation in OMB's E-Government Initiatives or Lines of 
Business with a migration component or where Commerce is a 
shared service provider.
    The OMB High-Risk List. These investments were designated 
by OMB as high risk and include E-Travel, E-Rulemaking, E-
Authentication, and the Financial Management Line of Business. 
The other four were nominated by Commerce because they meet two 
of OMB's four high-risk criteria. The four investments 
nominated by Commerce include three components of the upcoming 
2010 Decennial Census. They are the Field Data Collection 
Automation, FDCA; the Decennial Response Integration System, 
also known as DRIS; and the Master Address File and 
Topologically Integrated Geographic Encoding and Referencing 
system, also known as MAF/TIGER. The fourth is the Ground 
System of the National Polar-orbiting Operational Environmental 
Satellite System, also known as NPOESS. All meet OMB's 
evaluation criteria, that is, they have a baseline with clear 
goals, are within 10 percent of cost and schedule targets, have 
a qualified project manager, and avoid duplication with OMB's 
E-Government efforts.
    OMB Management Watch List. Of Commerce's 65 major IT 
investments submitted to OMB in the fiscal year 2008 budget, 
OMB placed 49 on its Management Watch List. All have been 
remediated and are no longer on the Management Watch List. Of 
the 49, 29 were taken off the list by December 2006, leaving 20 
on the list. All but one were removed by March 2007; the last 
was removed in June 2007. To ensure that Commerce's senior 
management understood the importance of the Management Watch 
List and actively supported corrective actions, I briefed the 
Executive Management Team, which is Commerce's most senior 
executives, providing a status update routinely. During my 
weekly update to the Deputy Secretary, the most critical IT 
issues, including the Management Watch List updates were given, 
status briefed, and overall progress was tracked. Corrective 
actions included completing additional documentation necessary 
to demonstrate adequate planning and investment control, 
largely in the areas of security and privacy. Office of the CIO 
staff worked diligently with the operating units to research 
and develop additional explanatory material and to ensure that 
responses were consistent across the business cases.
    Commerce attributes its success to the strength of its 
information technology capital planning and investment control 
process--this is also known as CPIC--and to its commitment to 
improve IT security.
    Capital Planning and Investment Control. Commerce's CPIC 
process is built on a foundation of strategic and operational 
IT planning that is integrated with processes for the 
selection, control, and evaluation of IT investments.
    The process begins with a request from my office to the 
operating units to develop a strategic IT plan within the 
context of maturing their capital planning and investment 
control processes. Strategic IT plans provide a framework for 
discussion and an opportunity for operating units to focus on 
the strategic use of IT resources to improve program delivery.
    The Commerce IT Review Board advises the Secretary and the 
Deputy Secretary on critical IT matters, ensuring that proposed 
investments contribute to the Secretary's strategic vision and 
mission requirements and provide the highest return on the 
investment or acceptable project risk.
    As part of its charter, the Commerce IT Review Board makes 
recommendations for continuation or termination of projects 
under development at key milestones or when they fail to meet 
performance, cost, or schedule criteria.
    Project Management. Commerce recognizes the importance of 
effective project management to the success of IT investments. 
We have established a central source for project management 
expertise, advice, and guidance which focuses on four strategic 
initiatives. They are the establishment of standards and 
guidelines; providing project management services and support; 
providing Department of Commerce program and project managers 
with technical assistance; and mentoring, training, and guiding 
project teams.
    In conclusion, since information technology expenditures 
constitute such a large portion of the Commerce annual budget, 
which is about 20 percent, or $1.7 billion, it is imperative 
that special management attention be given to the Department's 
proposed and continuing IT investments. This is done through 
the capital planning and investment control process, which 
continues to be strengthened to provide broader and deeper 
analysis of proposed new IT investments, projects under 
development, and projects that have completed deployment, as 
well as the overall performance of the portfolio. Where the 
cost, schedule, or performance goals of IT investments are not 
yet being fully achieved, the processes in place have detected 
the problems and directed corrective action.
    Again, I thank you for the opportunity to appear before 
you, and I look forward to answering any questions that you may 
have.
    Senator Carper. Mr. West, thank you for that so much. I am 
going to now recognize Mr. Mintz for his comments. Thank you.

  TESTIMONY OF DANIEL G. MINTZ,\1\ CHIEF INFORMATION OFFICER, 
               U.S. DEPARTMENT OF TRANSPORTATION

    Mr. Mintz. Chairman Carper, Ranking Member Coburn, other 
Members of the Subcommittee, thank you for the opportunity to 
appear before you today to discuss issues relating to the 
Department of Transportation's information technology programs. 
My name is Dan Mintz; I have been the Chief Information Officer 
for the Department of Transportation since May 1, 2006. In that 
capacity, my responsibilities include serving as the Vice Chair 
of the Department's Investment Review Board, which oversees all 
major IT investments for the Department.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Mintz appears in the Appendix on 
page 97.
---------------------------------------------------------------------------
    I came to the government from Sun Microsystems. During my 
years at Sun, I managed IT programs similar in magnitude to 
those being discussed here today and understand the need for 
senior management review and oversight, ensuring that all risks 
are properly mitigated. Many of the lessons learned during my 
time at Sun have helped me to more fully appreciate the issues 
facing departmental IT program managers and what we, as a 
Department, need to accomplish.
    My written testimony provides specifics about three IT 
investments that are included on the OMB Management Watch List 
and the OMB High-Risk List, and one of our projects designated 
by GAO as high risk. I would like to briefly mention here my 
five initiatives based on the lessons learned from those 
projects that we strongly believe will both improve ongoing 
program management and the way we are more effectively meeting 
mission needs overall.
    First, we are in the process of establishing a Department-
wide program management organization. This organization will 
establish systematic processes and requirements to enable a 
more consistent approach to program management throughout the 
Department.
    Second, we will continue to ensure that those programs 
identified as high risk and high priority are reviewed by 
senior managers as well as the Investment Review Board when 
cost and schedule variances exceed the threshold of 10 percent.
    Third, I am implementing a plan to effectively address both 
technical and functional performance. We will be creating 
performance milestones developed with more precise indicators 
tracking program success.
    Fourth, we are addressing the issue of Earned Value 
Management, mentioned earlier in the first panel. This early-
warning mechanism will further assist program managers in 
addressing risks.
    And, finally, this year we developed an improved ranking of 
investments across the Department to better determine the 
``health of our investments'' which we plan to update on a 
quarterly basis.
    In conclusion, significant progress has been made and is 
continuing to be made to fully leverage information technology 
to meet the Department's mission. Significant challenges 
remain, including the need to continue to improve our program 
management skills, manage project risks and monitor program 
performance so that management can quickly and effectively 
mitigate issues before a project becomes a troubled investment. 
Our experience is that when we develop transparent processes, 
collaborate with senior business owners and budget officials, 
and follow a consistent and robust project approach, we are 
able to keep most of the IT investments off the Management 
Watch List or have them quickly removed. When we do not 
accomplish one or more of those goals, the results are far less 
positive.
    Because of the importance of many of the transportation 
programs to the Nation's economic well-being, we receive 
attention from many sources of oversight. Over the years we 
have learned to maximize the value of their input, however 
challenging their opinion may be. Again, I thank you for the 
opportunity to appear before the Subcommittee today, and I look 
forward to answering any questions that you may have.
    Senator Carper. Mr. Mintz, thanks. We thank you for your 
testimony. Mr. Duffy, you are recognized.

 TESTIMONY OF MICHAEL D. DUFFY,\1\ DEPUTY ASSISTANT SECRETARY 
  FOR INFORMATION SYSTEMS AND CHIEF INFORMATION OFFICER, U.S. 
                   DEPARTMENT OF THE TREASURY

    Mr. Duffy. Mr. Chairman, Dr. Coburn, I appreciate the 
opportunity to appear before you to discuss the management of 
information technology investments. Like the other Federal 
agencies represented here today, the Department of the Treasury 
is diligently working to improve the management of its IT, 
especially those investments considered to be high risk. The 
Department has experienced its share of IT challenges. In 
response, Secretary Henry Paulson made IT management one of his 
top priorities when he took over the Department this past year. 
As a new member of the Secretary's management team, I am fully 
committed to improving our ability to effectively manage our IT 
investments to ensure business value from those investments.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Duffy appears in the Appendix on 
page 108.
---------------------------------------------------------------------------
    Treasury has an IT portfolio that totals roughly $3 
billion--about 25 percent of the Department's budget. Of the 
total, $2.4 billion funds 63 major investments; the remaining 
$560 million supports 222 ``non-major'' investments.
    The Department and its bureaus rely significantly on 
information technology to carry out its extensive and varied 
mission. Our largest investments are, of course, at the 
Internal Revenue Service, who uses IT to administer the tax 
programs. The Department, however, also uses IT to support 
other critical purposes, such as analyzing financial 
intelligence information to combat terrorism.
    Given the importance of Treasury's IT investments, the 
Government Accountability Office reviewed and issued a report 
on Treasury's IT management. The July 2007 GAO report found 
that Treasury has established many of the capabilities needed 
to select, control, and evaluate its IT investments. However, 
GAO also found several very significant weaknesses.
    Due to these findings, GAO identified the need for Treasury 
to implement an executive-level review board to oversee IT 
investments throughout the entire lifecycle of the projects. 
GAO also recommended that Treasury implement a more 
comprehensive process by which to manage all IT investments, 
irrespective of size, scope, or dollar value.
    The Department concurred with the GAO recommendations and 
began to immediately address the issues raised. I strongly 
support these steps, and I believe this is a clear indication 
of the commitment of the Department's leadership to rapidly and 
comprehensively improve Treasury's management of IT.
    As the new CIO, I have taken particular interest in GAO's 
findings and recommendations. I believe regular engagement of 
our Department and bureau executives and the continuous 
attention to the progress of IT investments are integral to our 
Department's successful planning, implementation, and use of 
IT.
    In the coming months, the Department intends to take 
several key steps. Foremost, we will revitalize an Executive 
Investment Review Board. We will do that in the first quarter 
of this upcoming fiscal year. Doing so will bring greater 
executive involvement and accountability into Treasury's 
management of IT and will further ensure IT portfolio decisions 
are driven by our business requirements and strategies. We also 
intend to better leverage existing management tools and 
processes that can be used to improve investment management 
capabilities.
    Notwithstanding the planned changes, I note that the 
Department has already taken some steps. To ensure that all IT 
investments receive comprehensive oversight, the Department 
began implementing process changes this past summer to ensure 
that all of our ``non-major'' investments go through a formal 
select and control process.
    In summary, the Department has made strides in the past 
year to improve the management and performance of its IT 
resources. Work does remain to be done. However, these efforts 
and the actions we have planned to engage executive 
stakeholders will result in effective IT management at the 
Department of the Treasury, and in so doing, Treasury IT 
programs will provide value-added services to the bureaus and 
offices performing the Treasury missions.
    Thank you again for the opportunity to participate on this 
panel. I would be happy to answer any questions.
    Senator Carper. Thank you, Mr. Duffy. Mr. Charbo, you are 
recognized.

 TESTIMONY OF SCOTT CHARBO,\1\ CHIEF INFORMATION OFFICER, U.S. 
                DEPARTMENT OF HOMELAND SECURITY

    Mr. Charbo. Thank you, Chairman Carper, Dr. Coburn. I 
appreciate the opportunity to address you on the Department of 
Homeland Security's inclusion on the Office of Management and 
Budget's High-Risk and Management Watch Lists.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Charbo appears in the Appendix on 
page 110.
---------------------------------------------------------------------------
    DHS currently has 20 systems on the OMB Management Watch 
List from the 105 major investments submitted to OMB in the 
fiscal year 2008 budget. We are actively managing 9 out of the 
20 for removal from the list. These range from issues relating 
to cost/schedule, privacy statements, and security. The 
remaining investments on the list have been remediated, and we 
have submitted documents to OMB for removal.
    DHS is managing 33 information technology investments on 
the OMB High-Risk List. Of these, 19 represent DHS' 
participation in OMB's E-Government Initiative or Lines of 
Business with a migration component or where we are the 
managing partner of the initiative and operate as a shared 
service provider. The remainder, we have confirmation that 
issues are addressed, or we have submitted to OMB information 
addressing the high-risk list and are waiting future removal.
    We have made progress to improve capital planning, 
acquisition planning, procurement oversight, alignment with 
enterprise architecture, and stronger policies for IT security. 
Collectively, this improved investment review process 
methodology has brought planning, budget, program management, 
IT, and acquisition planning into a stronger alignment.
    In March, Secretary Chertoff issued Management Directive 
007, which operates greater oversight to the Department's CIO 
for IT issues relating to budget, acquisition, architecture, 
and performance ratings of component CIOs. We have seen a 
response and expect to see more improvements in IT performance 
as the Department matures.
    DHS has also worked to centralize information technology 
processes and avoid unnecessary duplication by requiring 
adherence to the architecture for IT investments over $2.5 
million, which was also appropriation requirements. To date, we 
have reviewed over $1.8 billion in acquisitions prior to 
committal of funds.
    I cannot emphasize enough the importance of good policy and 
a strong relationship of the CIO, the CFO, and the CPO in 
achieving any goals for improved management of IT and, more 
importantly, program performance. DHS has benefited by such a 
relationship under the direction of the Under Secretary for 
Management.
    This concludes my comments, and I welcome questions. Thank 
you.
    Senator Carper. Thank you, sir. Mr. Brinkley, last word.

 TESTIMONY OF PAUL A. BRINKLEY,\1\ DEPUTY UNDER SECRETARY FOR 
      BUSINESS TRANSFORMATION, U.S. DEPARTMENT OF DEFENSE

    Mr. Brinkley. Thanks. Chairman Carper, Senator Coburn, it 
is my honor to have the opportunity to appear before you to 
discuss Defense Business Transformation and its associated 
information technology investments.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Brinkley appears in the Appendix 
on page 116.
---------------------------------------------------------------------------
    Defense Business Transformation is not an easy task. The 
size and complexity of the Department of Defense, combined with 
its unique mission, present challenges that are not faced by 
other organizations undergoing transformational change. Despite 
these challenges, I believe the progress the Department has 
made at all levels under the leadership of Deputy Secretary of 
Defense Gordon England over the past 3 years has been 
remarkable.
    Fundamentally, business transformation requires a number of 
things: Leadership, commitment, and a strong investment 
management and governance structure, a sound enterprise-level 
strategy for transforming business processes and the culture 
that our people work within, and a solid relationship with 
independent organizations that can be unbiased arbiters of 
success or failure. Most importantly, and a key missing factor 
in many governmental transformation efforts, including prior 
efforts at DOD, is an awareness that IT projects struggle or 
fail because of a failure of management to confront necessary 
changes to processes, policies, and statutes. IT projects are 
too often sold as quick fixes to core management problems that 
are difficult for leaders to confront and resolve.
    Over the last 3 years, DOD has built a foundation to ensure 
these business issues are addressed before IT investments are 
made. Today, the Department's top operational leaders are the 
champions of our organizational transformation. The Defense 
Business Systems Management Committee, established by statute, 
is chaired by Deputy Secretary England and associated 
investment review boards that provide strong investment 
management and overall transformation governance and ensure 
investments are aligned to business strategies.
    The Business Transformation Agency, established by the 
Deputy Secretary of Defense in 2005, provides an accountable 
organization for all of our DOD-wide business and system 
improvement efforts. It is staffed with a combination of best 
and brightest career civil servants and highly qualified 
experts and others, using hiring authorities given to the DOD 
by Congress.
    The Enterprise Transition Plan, produced biannually by the 
Business Transformation Agency, approved by the DBSMC, provides 
a strategic plan and emphasizes business process and system 
improvements and cultural change, and it clearly articulates 6-
month milestones for measuring progress.
    Finally, we have developed a very productive relationship 
with OMB and the GAO based on those clear metrics, proactive 
engagement, and responsive cooperation.
    We have successfully developed and continue to evolve the 
Business Enterprise Architecture and its associated federation 
strategy. For an organization the size of DOD, these are 
critical factors. We are driving the Department-wide adoption 
of continuous process improvement principles, and we are 
implementing Lean Six Signal methodologies. This addresses 
business issues that IT issues often suffer from.
    We are improving acquisition and fielding processes for 
information systems through developing what we call the 
Business Capability Lifecycle. This is a new acquisition 
process for business systems that will resolve longstanding 
challenges that have impacted delivery of business capabilities 
in a timely, well-informed manner.
    Under the rules of the BCL process, initial operating 
capability of an IT program must be reached within 12 to 18 
months of the contract award, or else business cases will not 
be approved. This better aligns IT projects with technology 
industry innovation rates that are moving much faster today 
than our ability to field capabilities within government.
    Two major systems programs critical to the DOD that have 
directly benefited from this approach are the Defense Travel 
System and the Defense Integrated Management Human Resource 
System, called DIMHRS. By confronting and addressing policy and 
process issues long ignored, the Defense Travel System has 
addressed key issues that have been highlighted by GAO and the 
Congress repeatedly. And it is finally realizing its full 
potential as a source of lowest fare, financially efficient 
travel management for the Department. Using a similar approach, 
the DIMHRS program has been restructured and is on a path to 
resolve longstanding military personnel pay issues for the Army 
and Air Force beginning in 2008.
    There are many similar success stories emerging for the 
DOD. Our efforts at business transformation in the DOD will 
take years to complete. Our goal is to sustain this positive 
momentum beyond administrations and continue our ability to 
provide our customer, the American warfighter, with business 
practices that best enable their challenging mission and to 
provide Congress with agile financial transparency and the 
accountability the American people rightfully expect from their 
government.
    Thank you. I look forward to your questions.
    Senator Carper. Thank you, Mr. Brinkley. In fact, I thank 
all of you.
    Who is here from Treasury? Mr. Duffy. And how long have you 
been there?
    Mr. Duffy. Nine days, sir. [Laughter.]
    Senator Carper. Perfect. We had at least one hearing in the 
last Congress on the issue of the tax gap, and Mark Everson, 
who was until fairly recently the Commissioner of the IRS, has 
now gone over to run the Red Cross, but he has been before us a 
couple of times in the last 2 years. We talked about, among 
other things, the tax gap.
    I do not know if you have had enough time in 9 days to 
figure out if there are any IT projects that you all are 
working on that would help us know the gap between the taxes 
that are owed, that ought to be collected, and those which are 
being collected. We are led to believe that the tax gap is--how 
much is it, Senator Coburn?
    Senator Coburn. Three hundred billion dollars.
    Senator Carper. And anything we can do to narrow that so 
that people do not like to pay taxes, but it is sort of rubs 
salt into those wounds when they feel like they are paying 
their fair share and other people are getting away scot free. 
So what have you got going on in that area? And is there 
anything in particular that we not just in this Subcommittee 
but we in this Senate can help to make sure that we go after 
those scoundrels and make sure that you have the tools you need 
to get them?
    Mr. Duffy. Unfortunately, Mr. Chairman, I have not had the 
opportunity to get the briefings in-depth on that, and I would 
like to get back to you in writing.
    Senator Carper. Would you do that? That would be much 
appreciated.
    The second question I have really deals with--as you said, 
Senator Coburn, and Senator Akaka--the issue of how do we 
attract and retain good talent to work in this field for the 
Federal Government when they can make, by most observations, a 
fair amount more money in the private sector? I think it was 
Ms. Evans who indicated that, well, she likes the job, she has 
been there 5 or 6 years, at least, and she likes it because she 
gets to work on cutting-edge projects. She gets a sense of 
civic pride in knowing that she is doing something good and 
meaningful for our country. And I can appreciate that. In fact, 
I think we can both appreciate that.
    What are you all seeing that is working in your own 
departments, in your own agencies, that enables you to attract 
and retain good people? How can we learn from those 
experiences? What is working? Please, Mr. West?
    Mr. West. Yes, my experience in the 23\1/2\ years I have 
had in government is that most of your individuals want to look 
for challenges. It is not so much about the pay, but they want 
to be challenged on exciting projects, and they want to be 
rewarded and recognized at the end of the day. So I think we 
need as a government to recognize our people more and to 
continue to challenge them as best we can on exciting projects, 
but at the same time holding them accountable.
    Senator Carper. All right. Good answer. Thank you.
    Others, please. Mr. Mintz, you were at Sun Microsystems 
for, what, 10 years?
    Mr. Mintz. Almost 11 years.
    Senator Carper. OK.
    Mr. Mintz. And then all around the Washington area, 
different private companies. High school was the last time I 
was in government.
    One of the things that government brings that many of the 
jobs in private industry do not is a sense of mission. And I 
think one of the issues is how do we convey to people, 
particularly young people, that advantage. One of the things we 
are doing, we are working--GSA has a program called IT Shadow 
Day where we invite high school kids in, and I know it has 
become a very active program, where we introduce them and take 
them around, and they get some experience with government 
employees as to how exciting it is. I think people 
underestimate the fact that a lot of the younger people are 
looking also for meaning in terms of their job, and that is 
something I think we have to emphasize.
    The other thing, our Deputy Secretary has been emphasizing 
things like telework and flexibility in terms of job 
performance. I think increasing that kind of flexibility helps 
also because, again, a lot of the younger people today are 
looking for flexibility in terms of how they come to work or 
are able to work out of their house.
    Senator Carper. One of the ways we identify good talent in 
our business in the Senate is through interns. We have 
undergraduate and graduate student interns who come in not just 
in our Washington office, but we have three offices in 
Delaware. We will have interns there throughout the course of 
the year. We look for the interns that are especially 
energetic, enthusiastic, bright, committed, and when they have 
graduated, we keep track of them. And having developed that 
relationship, we know what their work ethic is and what their 
capabilities are. They know how we work and how we operate. And 
when we have an entry-level position, we go after them. We have 
kept track of them. I do not know if you all do any of that, 
but if you do not, you may want to consider it.
    Other ideas, Mr. Duffy?
    Mr. Duffy. Actually, along those lines, Mr. Chairman, there 
is a program that I believe is run out of the National Science 
Foundation. It is called the CyberCorps Program. When I was at 
the Department of Justice, we used that program to bring in a 
number of young, talented people who are interested in the IT 
realm with obviously a bent toward IT security. That is one 
that I think has been very effective.
    I believe that Mr. Powner during the first panel mentioned 
the IRS' critical pay authority and the ability that they have 
had to bring in some very talented people from the private 
sector to help IRS begin the process of their modernization and 
their evolution. And then, of course, I would have to echo the 
comments of my colleagues here, some of the things that they 
have talked about in terms of the challenges.
    Senator Carper. Good. In fact, going back, as congressman, 
governor, and senator, I have had four chiefs of staff over the 
last 25 years; two of them started off as interns.
    Mr. Charbo.
    Mr. Charbo. Yes, sir. As you know, DHS is a tough place to 
not only attract people but to retain them. So we have looked 
at some creative ways to attract and retain. First of all, the 
partnerships, I can again emphasize that more. In this case, 
our chief human capital officer has really taken on that role 
for us to try to attract better ITs. One example, we have run 
some Washington Post ads where we have attracted hundreds of 
applicants, where we actually can draw that certification, and 
then hire directly from those certifications and move that 
across the Department from component to component, focusing on 
IT security.
    We are focusing on giving a better environment for those 
employees once they get here. We are dispersed particularly 
from the headquarters viewpoint. It is tough to retain people 
in some of the situations that we put some of the employees 
into. So we are pretty focused on trying to develop that. And 
then certain benefits in terms of payments of loans, etc., and 
in terms of attracting students. We use interns as well. My 
office directly uses interns.
    So it is really a matter of getting out of the box of the 
typical government hiring processes and certification and 
looking for better ways to do it.
    Senator Carper. Good. I know there is a program in the 
Senate where our employees can continue to improve their 
educational skills, and they get financial help in doing that. 
In passing the Higher Education Act, which I think the 
President has just signed into law, there may be a provision 
there as well which plays to our advantage in the Federal 
Government in attracting and retaining talent, offering as an 
incentive to people some help in improving their academic 
credentials.
    Mr. Brinkley, do you have anything you wanted to add?
    Mr. Brinkley. The only thought, sir, is the personal 
experience we have had with this in the DOD and MAPS. I am sure 
my colleague from Sun Microsystems can comment on this. We are 
not going to retain a skilled technical workforce, we are not 
going to be able to hire a young engineer and get him to stay 
for 30 years in the government. The trick is to create an 
environment, as they have in the technology sector, where you 
can come in and in a year to 2 years do something significant 
so that when you move on your career moves on. And that is the 
way the technology sector continues to evolve. It leads the 
world in terms of innovation, and I think there is still a 
disconnect between expectations of what the Federal workforce 
must become--the people who are in it have been in it for many 
years, and they are proud of that service, and they should be 
proud of that service. But the technology world now is one in 
which you have a constant rotation of people in and out of 
companies, and they move on to another company. And the trick 
is to create an environment where a young person or anyone can 
come in and make an impact in as quick amount a time as 
possible.
    So increasing and accelerating the ability to deliver value 
in a job, they will sacrifice the funding for the opportunity 
to serve, but they will not sacrifice the funding if it is 
going to take them 5 years to actually make something happen. 
The best and brightest do not want to work in an environment 
where it is going to take 5 years to feel the capability. They 
want to work in an environment like they can get in the private 
sector where they can do it in 6 months or 12 months. So to us, 
that is a major focus, how do we shrink and tighten the ability 
for somebody to make a difference, and in doing that create 
capabilities that the Department needs and also make it a 
desirable place to work.
    Senator Carper. Good. Those are all, I think, very 
constructive statements, and we appreciate them. I have some 
questions I am going to submit for the record, and Dr. Coburn 
has graciously offered to chair the hearing until its 
conclusion. You all should be out of here by suppertime.
    Senator Coburn. I am sure we will be out of here before 
suppertime.
    Senator Carper. Thank you, sir. And thank you all for 
joining us today and for your service.
    Senator Coburn [presiding]. You are all Chief Information 
Officers. Do you sit down with OMB at this CIO Council? Do each 
of you?
    [Witnesses nod yes.]
    Senator Coburn. Is there a CIO for the Pentagon?
    Mr. Brinkley. Yes, there is. He does sit on that council.
    Senator Coburn. He does sit on that council. Is there 
anything you have gleaned from one another that has been 
beneficial? Are there things that you have learned from one 
another in that council that have been beneficial other than 
working through with OMB to get your stuff off the Management 
Watch List and the high-risk list?
    Mr. Charbo, you have been before us before.
    Mr. Charbo. Yes, sir. There is always an agenda for the 
council. Typically, it is an item of the moment or trying to 
drive a lot of the larger initiatives. There is always that 
member time towards the end where it is issues--where I may be 
having a situation trying to resolve something. I may want to 
try to steal some employees from some of my brethren here as 
well. So, there is a lot of dialogue and discussion within the 
council. It also builds the relationships so that we can share 
war stories, best-case examples, best practices, worst-case 
examples, worst practices, and not go down some of those roads.
    Senator Coburn. OK. Let me get specific for a minute. If I 
look at the Department of the Treasury, you all rebaseline 
almost 50 percent of your IT projects. Why?
    Mr. Duffy. I do not have a good answer for you at this 
point in time. The reality is, as GAO identified that we have 
had----
    Senator Coburn. These are your responses.
    Mr. Duffy. I know.
    Senator Coburn. This is not GAO----
    Mr. Duffy. No.
    Senator Coburn. We sent a letter to each agency, you all 
sent us one back, and we put this data together based on every 
agency in the Federal Government.
    Mr. Duffy. Absolutely.
    Senator Coburn. And we had it confirmed by OMB that she saw 
the same thing.
    Mr. Duffy. And I do not refute the data. What I was going 
to say is that GAO identified, very correctly, that we have had 
issues in the past with the planning of the IT investments. The 
absence of good planning ultimately leads to needing to 
rebaseline.
    Senator Coburn. OK. I have a couple of questions. I am 
going to ask them, and if you cannot answer them, it is fine.
    Last tax season, the fraud detection software was not 
available, and yet you all dumped the old fraud detection 
software. So last tax season, we had no fraud detection 
software. Is there going to be fraud detection software this 
year?
    Mr. Duffy. I will have to get back with you with a written 
answer on that one, sir.
    Senator Coburn. OK. Well, it is worrisome that you do not 
know that the answer is yes. That concerns me about it.
    Just for all of you, on your project managers or your 
managers who are in charge of IT under you, is there either an 
incentive or a penalty system when there is poor planning? You 
testified that you have cleared it all up in terms of the 
Management Watch List. The Management Watch List is about 
poorly planned projects. But we are into this, the third and 
fourth year on these Management Watch Lists. So are they moving 
the ball on you at OMB in terms of what they are requiring? Or 
is there not a learned cycle here where we understand what they 
want and are just not performing? And is there an incentive 
system for the people that work under you on these to get it 
right or a penalty if they do not get it right? Is there a cost 
consequence for having a failed IT project? Anybody want to 
answer? And the Pentagon is really different, and let me tell 
you why. That is why we have business transformation over 
there. They have 100 different computer systems that do not 
talk to one another, and they cannot even get to ground zero--I 
guess you are getting to ground zero now through the 
Controller's Office, but there is a big difference in the 
Pentagon and almost every one of our other agencies in terms of 
communication capability.
    So anybody want to answer that? Thanks, Mr. Charbo.
    Mr. Charbo. You were going to get to me eventually, so I 
figured I would take a shot. In terms of the program managers 
that directly report to me--which a majority of the program 
managers do not report to me in DHS. I would venture to say 
that is probably the case for most of the CIOs here and in 
government.
    There is a direct consequence. That is part of our 
performance rating. So you set those measures in the 
performance plans. If they do not meet those you have to hold 
them accountable.
    Senator Coburn. How are they held accountable?
    Mr. Charbo. Directly through their bonus program, their 
evaluations, which could lead to dismissal. If it is an SES, 
they could be dismissed. If it is a GS level, it is a little 
bit different, but it could lead to dismissal if they continue 
to fail to meet expectations.
    Senator Coburn. So is that applied, for example, in your 
Department?
    Mr. Charbo. For this piece, under those who report to me, 
it is. We have a track record. A lot of times, those people 
will see the writing, and they move on.
    In terms of what the Secretary has done from the management 
directive, this year is the first year that I will actually 
specifically write recommendations on the performance 
evaluation for each of the CIOs within the components. I will 
preface that to say that in some cases some of these programs 
do not report directly under the CIO, even in the components. 
We are working to change some of that.
    Senator Coburn. But are each of your agencies--as Chief 
Information Officers, are you copied, are you made aware on a 
routine basis, what is happening on these projects?
    Mr. Charbo. At DHS now for--I talked about an improved 
investment review. What we have done, what the Under Secretary 
has done, for the ones that are on the front page, typically, 
or that are very high focus, we have put an integrated team 
together. So the CIO is there, the CPO is there, the CFO is 
there, and we are working--because I will agree that the 
schedules--typically the schedules get--are very optimistic in 
terms of setting some of the program deliverables, and most of 
the programs that we are seeing, I think that would attribute 
to a lot of the cost/schedule variances that we see.
    So at this point, what we do is with the program manager we 
set those expectations. If we are having to go back and reset 
the expectation with our leadership in terms of the true price, 
the true schedule now for some of these investments, we are 
doing that. We are carrying that bad news forward to the 
Congress, to OMB, to the leadership on a lot of these 
investments.
    So that is a change that is happening in DHS with a lot of 
the larger ones. That is the group that we focused with the 
program.
    Senator Coburn. How about the rest of you?
    Mr. Duffy. In Treasury, and as well as at Justice, where I 
was previously, what Mr. Charbo described as the overall 
environment is very much the same. There has been within the 
last year more attention paid, particularly at the SES level, 
to put specific performance criteria into those plans and then 
hold the executives responsible.
    As for my own office--I am all of 9 days into this job, but 
I am going to get an opportunity to have some influence on the 
next round, I personally believe in putting those types of 
criteria into performance plans and holding people accountable. 
That is where we are at today.
    I think your comments, however, and your questions are very 
good ones, and they are opportunities for us to look at how do 
we incentivize people, both negatively as well as positively.
    Senator Coburn. Anything different?
    Mr. Brinkley. Dr. Coburn, I think the question of 
accountability is a question of who we are holding accountable. 
I think it is a very common knee-jerk tendency to drag a PM 
through a wire brush session when they miss a milestone or they 
do something. Yet it is almost never the responsibility of the 
PM. PMs get handed projects that are generated by functional 
leaders, and it is the functional leadership that we have put 
accountability in place for. So our efforts under Secretary 
England have been focused on monthly reviews of status where we 
do not bring the PM in to give status; we bring the person who 
is sponsoring the project in to give status. And that 
individual is the one who drives the budget, and he is the one 
who drives the requirements. And if the project is off the 
rails, it is usually because something has gone wrong in terms 
of requirements or change or statute or policy, and, again, as 
you are very familiar with the Defense Travel System. We have 
many examples where failure to confront the brokenness on the 
front end led to failure on the back end with the project 
manager trying to knit something together to deal with a broken 
process.
    Senator Coburn. And it was not the project manager that 
had----
    Mr. Brinkley. Absolutely. So for us, accountability applied 
to the leadership that is generating the requirement, and this 
funding the program has made, I think, a lot of our progress 
possible over the past 2\1/2\ years.
    Senator Coburn. You all do not know about DTS. Mr. Brinkley 
does and a lot of other people do. This is something we have 
been looking at for 2\1/2\ years, and it is a great example of 
how not to do it--in other words, not clear goals, not knowing 
what you wanted to get, and having a cost-plus program that 
originally cost supposedly $30 million--and I think it has 
ended up at $670 million. And you extrapolate--and we are 
seeing that across agencies. We are seeing that in Commerce. 
The Census has no fixed-price contracts. They are all cost-
plus. And the contracts that were issued were kind of--well, we 
are kind of guessing what we want. Why don't you develop what 
we think we want? And so what we did was have very poor 
planning. And at the same time, we did not put any of the 
efforts on an online census, which is IRS, Treasury--what is 
it, 55 percent now filed online with secure data? Tremendous. 
And so the capability was out there, but we did not have the 
vision or the leadership or the management to get that done to 
save this money. We gave your Assistant Secretary information 
that the private sector, in terms of mailing and Internet, can 
do it for one-eighth of what the Census can do it. And I think 
you may have actually seen that. That was a company we asked to 
prepare it who competes with you all in lots of other areas. 
But it just goes to show you that if, in fact, we will plan and 
we really know what our goals are, we identify what our goal 
really is rather than saying we think this is what we want. We 
should not go forward until we know what we want.
    And so I appreciate you guys being in the positions that 
you are in. You make a big difference--$65 billion of which 
about $14 to $15 billion is really at risk, which in this day 
and age, if we can make it not at risk and we can convert cost-
plus contracts to fixed-price contracts, you will have a little 
more leverage to do other things within your agencies rather 
than this.
    I do not mean to sound that I am not appreciative of what 
you all do. You all are managers. I know what you are doing, 
and the goal is there. We have to get consistent on it.
    Let me just ask you, Mr. West, right now GAO is real 
concerned about IT on the census. Can you give me a comfort 
level that is different than what GAO has? Since you are kind 
of over that, are you feeling good about that?
    Mr. West. I feel good about the leaders that we have in IT 
out there. Having been involved in the census--I was heavily 
involved in the 1990 census, spent 8 years at Census, so I 
actually have a really good feel for what goes into a 
decennial. A lot of those same folks have been around for four 
or five censuses. They are using the handhelds this year. As 
you know, they went with the Harris contract. I feel 
comfortable as they move forward. I have been heavily involved 
in a lot of their briefings. I do have a comfort level that 
they are going to make this work. It has been a challenge as 
you know, but I feel that they have the right people there--you 
have provided the attention to really make them accountable as 
we move forward.
    Senator Coburn. OK. Just one final thing. I want to ask 
about DOT and the telecommunications at FAA as well as the 
traffic control programs. Those are both big programs. There 
has been a lot said.
    Are you all being oversighted by other subcommittees, both 
in the House and in the Senate, in terms of the traffic 
control? Have you come and made a presentation to Congress on 
those IT programs?
    Mr. Mintz. Well, the FAA has. Most of my personal 
interaction has been directly with GAO. When I first came here, 
I actually reached out to GAO, and before any of the 
investigations came on the table, and asked them to come over 
to figure out how best to work with them. And then I have 
worked with now the former administrator, Marion Blakey, and 
the FAA people set up a regular program with GAO to look at the 
air traffic control system and working on how to get it off the 
GAO High-Risk List, which is a little bit different issue than 
the OMB one.
    Senator Coburn. Right. Is there anything that any of you 
all would want us to do that would be helpful in you 
accomplishing what you are trying to do? I have had quite a few 
experiences on different things with the Defense Department's 
modernization, and I feel real comfortable they are moving. It 
is slow, but it is moving. Are there other things that we can 
do or areas we need to look into that will make you more 
effective, give you a greater tool? Is there a tool that we 
need to provide that will allow you to manage more efficiently 
and get better results as you do your job?
    Mr. Mintz. Well, there are two things that I guess I would 
encourage you to continue to do. First of all, the emphasis on 
transparency, one of the things that is certainly true in terms 
of my private industry experience and is certainly true here in 
the government is that the more transparent we can make this 
and the more visible in public that we can make all the 
information, the better off we are, because a lot of the 
problems surface, whether we like it or not, when we make all 
the information public because intermediaries that are 
interested in the topics look at them closely and hold us 
accountable.
    The other thing, some of the conversation you had in the 
first panel, I think the encouragement with OMB is a good one 
and with GAO is a good one, that we need them to continue to be 
aggressive. I think, at least I know speaking just for 
Transportation, our challenge is to internalize the OMB 
directive and make it true within the Department.
    Senator Coburn. Make it a culture.
    Mr. Mintz. There is a tendency, when I first came, to look 
at OMB as sort of the parent, that if OMB said it was wrong, 
then we would do something about it. But if they did not say it 
was wrong, we sort of went on.
    And the focus that I have tried to bring and I think is 
being adapted is we have to be OMB, that is, we have to 
integrate these lessons into the culture and change the 
internal behavior because it is the right thing to do.
    So the more I think people like yourself focus on making 
all this information transparent will force changes in that 
kind of----
    Senator Coburn. Well, you all know January 1 of this year, 
every penny you spend other than for security is coming up. It 
is going to pop up. If it is not there, we are going to be 
having hearings on why it is not there. And by September of 
next year, all the subcontractors all throughout the Defense 
Department, all throughout every agency and all the sub-
grantees, it is all going to be there. We are going to know who 
got it, how much they got, and what they did with it. So it is 
going to make us better. It is going to make us all better.
    I want to thank each of you for the job you do, the service 
to our country, for coming and testifying. You will probably 
get some questions from some of the Members of the 
Subcommittee. We would love to have you respond to those in 2 
weeks.
    With that, thanking you for your service, the hearing is 
adjourned.
    [Whereupon, at 4:43 p.m., the Subcommittee was adjourned.]




                            A P P E N D I X

                              ----------                              

[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]


                                 
