Information Technology Investment: A Governmentwide Overview (Letter
Report, 07/31/95, GAO/AIMD-95-208).
Increasingly, federal agencies' ability to improve performance and cut
costs depends on automated data processing systems that give managers
critical financial and programmatic information needed to make good
decisions, hold down costs, and improve service to the public. However,
major federal investments in information technology have often yielded
poor results--costing more than expected, falling behind schedule, and
failing to meet mission needs. To shed light on whether information
technology dollars are being spent, what costs and benefits are
anticipated, and what risks must be managed, this report provides
information on overall federal information technology obligations, as
well as on program by GAO, the Office of Management and Budget, and the
General Services Administration to identify information technology
investments that are at risk and in need of corrective action.
--------------------------- Indexing Terms -----------------------------
REPORTNUM: AIMD-95-208
TITLE: Information Technology Investment: A Governmentwide Overview
DATE: 07/31/95
SUBJECT: Budget obligations
Appropriated funds
Federal procurement
Total obligational authority
Reporting requirements
Risk management
Source data automation
Information resources management
Information systems
IDENTIFIER: FAA Air Traffic Control Modernization Program
TSM
IRS Tax System Modernization Program
CIM
DOD Corporate Information Management Initiative
NWS Modernization Program
FAA Advanced Automation System
FAA Airport Surveillance Radar Program
NWS Advanced Weather Interactive Processing System
EDGAR
SEC Electronic Data Gathering, Analysis, and Retrieval
System
GSA Time Out Program
USDA Info Share Program
PTO Automated Patent System
OMB High Risk Program
**************************************************************************
* This file contains an ASCII representation of the text of a GAO *
* report. Delineations within the text indicating chapter titles, *
* headings, and bullets are preserved. Major divisions and subdivisions *
* of the text, such as Chapters, Sections, and Appendixes, are *
* identified by double and single lines. The numbers on the right end *
* of these lines indicate the position of each of the subsections in the *
* document outline. These numbers do NOT correspond with the page *
* numbers of the printed product. *
* *
* No attempt has been made to display graphic images, although figure *
* captions are reproduced. Tables are included, but may not resemble *
* those in the printed version. *
* *
* A printed copy of this report may be obtained from the GAO Document *
* Distribution Facility by calling (202) 512-6000, by faxing your *
* request to (301) 258-4066, or by writing to P.O. Box 6015, *
* Gaithersburg, MD 20884-6015. We are unable to accept electronic orders *
* for printed documents at this time. *
**************************************************************************
Cover
================================================================ COVER
Report to the Chairman, Committee on Governmental Affairs, U.S.
Senate
July 1995
INFORMATION TECHNOLOGY INVESTMENT
- A GOVERNMENTWIDE OVERVIEW
GAO/AIMD-95-208
Governmentwide IT Investment
Abbreviations
=============================================================== ABBREV
AAS - Advanced Automation System
ADP - automated data processing
ATC - air traffic control
AWIPS - Advanced Weather Interactive Processing System
CIM - corporate information management
DEA - Drug Enforcement Administration
EIA - Electronic Industries Association
FAA - Federal Aviation Administration
FY - fiscal year
GAO - General Accounting Office
GSA - General Services Administration
HHS - Health and Human Services
HUD - Housing and Urban Development
IRS - Internal Revenue Service
IT - information technology
NWS - National Weather Service
OMB - Office of Management and Budget
PTO - Patent and Trademark Office
SEC - Securities and Exchange Commission
TSM - tax systems modernization
VBA - Veterans Benefits Administration
Letter
=============================================================== LETTER
B-261553
July 31, 1995
The Honorable William V. Roth, Jr.
Chairman, Committee on Governmental Affairs
United States Senate
Dear Mr. Chairman:
The need to achieve high returns on information technology (IT)
investments and reduce systems development risks has never been
greater, given the public's demand for a government that works better
and costs less. Increasingly, federal agencies' ability to improve
their performance and reduce costs depends on automated data
processing systems that give managers critical financial and
programmatic information needed to make good decisions, hold down
costs, and improve service to the public. As we have previously
reported, major federal IT investments have often yielded poor
results--costing more than anticipated, falling behind schedule, and
failing to meet mission needs.\1
A major reason for these problems has been the lack of a sound
process for selecting which IT initiatives to fund and for overseeing
their development. Leading public and private sector organizations
manage risks and maximize returns on IT-related spending by generally
treating information systems projects as investments, rather than
expenses.\2 With a disciplined process to control investments, agency
executives can use explicit decision criteria and quantifiable
measures for assessing mission benefits, risks, and costs to identify
early--and avoid--investments in projects with low potential to yield
significant improvements in performance. Such a process also
establishes strong links between IT project outcomes and program
needs.
The Congress is focusing increased attention on accountability for
achieving results from IT projects, reflecting a growing consensus on
the need for better investment decisions. Two legislative
initiatives are particularly important. The recently reauthorized
Paperwork Reduction Act requires federal agencies to establish a
process to select, control, and evaluate IT initiatives and to
integrate this process into budget, financial, and program management
decisions. The Federal Acquisition Streamlining Act requires that
executive agency heads (1) set cost, performance, and schedule goals
for major acquisition programs, (2) monitor the programs to ensure
they are achieving, on average, 90 percent of the established goals,
and (3) take corrective actions, including termination, on programs
that do not remain within the permitted tolerances.
A disciplined approach to information system investment, however,
cannot work without a clear understanding of where the IT dollars are
being spent, what costs and benefits are expected, and what risks
must be managed. This letter responds to your March 21, 1995,
request for information on overall federal IT obligations, as well as
on programs by GAO, the Office of Management and Budget (OMB), and
the General Services Administration (GSA) to identify IT investments
that are at risk and in need of corrective action. To meet your
request, we obtained the latest available IT-related budget
information from OMB and met with officials of OMB's Office of
Information and Regulatory Affairs to discuss the strengths and
weaknesses of the IT budget figures that it obtains from federal
agencies. We did not independently verify OMB's budget numbers or
actual obligations. To gain further insight into federal IT
obligations, we met with officials of the Electronic Industries
Association (EIA), which forecasts federal IT spending based on
information from OMB and independent data collection from other
federal agencies.\3 To obtain information on IT systems at risk, we
discussed OMB's high-risk program with responsible officials, and met
with GSA officials responsible for GSA's "Time Out" program. We are
also providing information on the systems development projects listed
in GAO's 1995 high-risk series reports.\4 In addition, we describe a
new IT risk-management proposal that has recently been put forward by
OMB and GSA. Except as noted above, we performed our work between
March 1995 and July 1995 in accordance with generally accepted
government auditing standards.
--------------------
\1 Managing for Results: Steps for Strengthening Federal Management
(GAO/T-GGD/AIMD-95-158, May 9, 1995).
\2 Executive Guide: Improving Mission Performance Through Strategic
Information Management and Technology (GAO/AIMD-94-115, May 1994).
\3 EIA develops electronics industry market data and technical
standards. The association, which draws its members from companies
in the U.S. electronics manufacturing community, also represents the
interests of U.S. electronics concerns in the legislative arena.
\4 High-Risk Series: An Overview (GAO/HR-95-1, February 1995).
RESULTS IN BRIEF
------------------------------------------------------------ Letter :1
Although OMB does not collect comprehensive IT-related budget data on
a governmentwide basis, it does collect data on a substantial portion
of IT-related obligations in executive branch agencies through a
special budget exhibit. Thus, the total amount of annual federal
spending for IT is unknown; however, some significant costs are
identified in available data. Generally speaking, agencies do not
break out IT obligations as separate line items in their budget
documents, but rather include this information within program or
administrative costs. In the case of major modernization efforts
that rely heavily on information systems, the IT obligations may be
more visible, but even this can vary greatly from one agency to the
next.
According to data gathered by OMB through its special budget exhibit,
executive branch agencies planned to obligate about $26.5 billion in
IT-related funds in FY 1996. It is important to note that OMB's
budget exhibit does not require the reporting of some potentially
significant types of IT-related spending, such as funding for IT
embedded in weapons systems. OMB has not determined what this
unreported spending might amount to; however, the Department of
Defense has estimated it spends $24 billion to $32 billion annually
for software embedded in weapon systems.\5
Over the past 6 years, the IT-related obligations reported to OMB
have shown a nominal increase, from about $22 billion in FY 1991 to
the current estimate of about $26.5 billion. This growth has been
among the civilian agencies, with Department of Defense obligations
declining modestly.
Currently, 11 federal agencies have problems with information
management or systems development that are serious enough to be
listed in the GAO, OMB, and/or GSA programs to identify high risk.
The systems under development are key elements of mission-critical
improvement initiatives involving such critical areas as air traffic
control, veterans claims processing, and income tax processing.
Costly in themselves, these new systems are intended to support
program improvement initiatives that, altogether, involve
multibillion dollar investments. All of the initiatives were placed
in the high-risk programs because they warrant increased oversight by
the Congress to ensure that top management in the agencies takes
steps to resolve IT problems.
--------------------
\5 Embedded Computer Systems: Defense Does Not Know How Much It
Spends on Software (GAO/IMTEC-92-62BR, July 6, 1992).
ANNUAL IT-RELATED BUDGET DATA
------------------------------------------------------------ Letter :2
The Paperwork Reduction Act requires OMB to oversee the acquisition
and use of automatic data processing equipment, telecommunications,
and other information technology. Agency budget submissions
generally do not break out IT-related spending into separate line
items. Instead, IT-related funds are typically spread across the
program area that the IT supports or included with administrative
expenses. As a result, OMB established a separate reporting process
for executive branch agencies to provide an IT-related budget
exhibit. OMB collects these IT-related budget data each year after
final budget decisions have been made. The procedures by which
agencies are to report their IT obligation data to OMB are set forth
in OMB Circular A-11, Section 43.
However, the IT obligation numbers that OMB reports based on agency
data submissions do not represent total IT-related obligations. For
example, agencies with annual IT-related obligations under $2 million
prior to
FY 1996 and under $50 million for FY 1996 and beyond, as well as the
legislative and judicial branches of the federal government, are not
required to separately report IT obligation data to OMB. In
addition, computers that are embedded in weapon systems are not
included in the reporting categories. Finally, federally funded
research on computers is not part of the reporting requirement.
FY 1996 IT-RELATED PLANNED
OBLIGATIONS BY AGENCY
---------------------------------------------------------- Letter :2.1
OMB collects three kinds of numbers on IT-related obligations during
each annual reporting cycle: (1) planned obligations for the
upcoming budget year, (2) estimated obligations for the current
fiscal year, and (3) actual obligations for the previous fiscal year.
With regard to the first category--planned obligations for the
upcoming budget year--for FY 1996, OMB reported that executive branch
agencies planned to obligate about $26.5 billion for IT-related
items. Figure 1 provides an agency-by-agency breakout of this total.
Figure 1: Agencies' IT-Related
Planned Obligations for FY 1996
(See figure in printed
edition.)
Note: Individual agency amounts do not total $26.5 billion due to
rounding.
Source: Office of Management and Budget.
FY 1996 IT-RELATED PLANNED
OBLIGATIONS BY SPENDING
CATEGORY
---------------------------------------------------------- Letter :2.2
Starting with the FY 1996 reporting cycle--which includes data on FY
1994 actual obligations, FY 1995 estimated obligations, and FY 1996
planned obligations--agencies that obligate more than $50 million for
IT activities are required to report obligations for the following
categories:
"Equipment" used in the automatic acquisition, storage,
manipulation, management, movement, control, display, switching,
interchange, transmission, or reception of data or information.
Equipment should be reported in the subcategories of "capital
purchases" or "other equipment purchases/leases."
"Software," including firmware, specifically designed to use and
extend the capabilities of the equipment described above.
Software should be reported in the subcategories of "capital
purchases" for software purchases or leases costing $25,000 or
more, or "other software purchases/leases" for purchases or
leases costing less than $25,000.
"Services," such as teleprocessing, local batch processing,
electronic mail, voice mail, centrex, cellular telephone,
facsimile, and packet switching of data.
"Support services," including maintenance used in support of the
equipment, software, or services identified above. Support
services also include data entry, training, planning, studies,
facilities management, custom software development, system
analysis and design, and computer performance evaluation and
capacity management.
"Supplies," including any consumable item designed specifically for
use with equipment, software, services, or support services
described above.
"Personnel," including compensation and benefits for both civilian
and military government personnel who perform IT functions 51
percent or more of their time.
"Intra-governmental payments" for all IT services within agencies
and between agencies and state and local governments.
"Intra-governmental collections" for all IT services within
agencies and between agencies and state and local governments.
The above reporting categories are different than those for previous
reporting cycles because OMB no longer requires amounts for
IT-related travel and some site/facilities-related obligations.
Additionally, OMB regrouped several categories and raised the
threshold that indicates whether an agency is required to report
IT-related budget information from $2 million in obligations for
annual information system activities to $50 million. Because of
these changes in the reporting requirements, the IT-related budget
that OMB puts forth for fiscal year 1996 will not be comparable to
the fiscal year 1995 and earlier years' IT-related budgets.
Definitions of the old reporting categories are provided in appendix
I.
Figure 2 shows a breakout of the $26.5 billion in planned IT-related
obligations for FY 1996 under the new reporting categories.
Figure 2: Categories of
IT-Related Planned Obligations
for FY 1996
(See figure in printed
edition.)
Source: Office of Management and Budget.
Table 1 presents a dollar breakout of the categories for fiscal years
1994, 1995, and 1996.
Table 1
Categories of IT-Related Obligations
(Dollars in thousands)
Fiscal
Fiscal year Fiscal
year 1995 year
1994 (estimated 1996
Category (actual) ) (planned)
------------------------ ---------- ---------- ----------
Equipment:
Capital purchases
Other equipment $3,774,079 $3,788,099 $4,765,481
1,082,442 899,530 836,632
Software:
Capital purchases 879,413 810,650 968,194
Other software 260,284 242,582 260,652
Services 3,555,609 3,609,024 3,590,876
Support Services 7,766,616 8,545,627 8,761,938
Supplies 599,802 592,116 621,105
Personnel 5,360,095 5,828,311 5,902,884
Other (Defense only) 217,114 180,931 189,595
Intra-government
payments 4,845,980 5,200,719 5,295,272
Intra-government
collections (4,884,703 (4,870,382 (4,703,030
) ) )
============================================================
Total $23,456,73 $24,827,20 $26,489,59
1 7 9
------------------------------------------------------------
Source: Office of Management and Budget.
6-YEAR TREND IN IT
OBLIGATIONS
---------------------------------------------------------- Letter :2.3
Based on A-11 budget exhibits, IT obligation levels over the past 6
years show a small, nominal increase. As shown in figure 3, this
increase is a result of increased obligations in the civilian
agencies. We did not calculate real growth because of the short time
period for which actual obligation data are available.
Figure 3: IT-Related
Obligations for Fiscal Years
1991-1996
(See figure in printed
edition.)
Source: Office of Management and Budget.
To give a sense of the changes in IT-related obligations on an
agency-by-agency basis over the last 6 years, table 2 gives a
snapshot of actual obligations for FY 1991 and FY 1994, and planned
obligations for FY 1996.
Table 2
Comparison of Agencies' IT-Related
Obligations
(Dollars in thousands)
Fiscal Fiscal Fiscal
year year year
1991 1994 1996
Agency (actual) (actual) (planned)
------------------------ ---------- ---------- ----------
Air Force $2,740,445 $1,715,367 $1,912,591
Army 2,612,430 1,890,485 1,802,341
Navy 2,563,562 2,189,701 2,210,516
Defense-Other 1,650,071 3,068,141 3,155,043
Agriculture 640,920 934,200 1,130,657
Commerce 458,051 593,051 791,998
Education 100,110 205,002 385,979
Energy 1,666,621 1,422,196 1,564,050
HHS 1,315,855 1,909,109 2,268,510
HUD 131,849 138,535 152,430
Interior 449,225 517,428 533,895
Justice 663,627 953,264 971,832
Labor 143,944 142,198 189,180
State 344,791 315,230 340,307
Transportation 1,679,363 2,122,400 2,653,200
Treasury 1,330,186 1,588,313 2,119,695
VA 571,797 703,523 835,012
NASA 1,588,667 1,604,458 1,576,493
Others 1,420,193 1,444,130 1,895,870
============================================================
Total $22,071,70 $23,456,73 $26,489,59
7 1 9
------------------------------------------------------------
Source: Office of Management and Budget.
To provide a more detailed view of the A-11 data, we have summarized
a subset of the available budget figures on IT-related obligations
for FY 1991 through FY 1996 in appendix II.
INFORMATION TECHNOLOGY PROBLEMS
IDENTIFIED IN FEDERAL HIGH-RISK
PROGRAMS
------------------------------------------------------------ Letter :3
Risk management is a vital part of sound systems development,
especially given the difficulty and complexity of many of these
efforts. Estimated development costs can skyrocket due to poorly
defined or shifting requirements. Delays in developing and deploying
a new system can erode projected benefits and delay returns on
investment, and poorly designed systems can aggravate operational
problems or create new ones. In the worst cases, systems development
effort can suffer from a cascade of problems that lead to the
termination of the effort, and a total waste of expended funding.
Large "grand design" systems are particularly vulnerable to such
problems because of their "all or nothing" approach.
In addition to development problems with new systems, other kinds of
problems with current systems can also put operations at risk. These
include problems such as inadequacies in data that impair sound
financial management and decision-making, or vulnerabilities in data
security that put sensitive information at risk of tampering or
improper disclosure. These development and operational problems are
endemic in the federal government; indeed, our reviews have noted
many such problems over the last decade.\6
Three agencies with oversight responsibility--GAO, OMB, and GSA--have
identified problems that selected major system development efforts or
IT operations are having. The purpose in doing so is to get top
management in the agencies to take steps to address the problems and
implement effective remedial action. Currently, 11 agencies have
projects or areas of IT management that have been designated as being
at high risk, as shown in table 3. The sections following the table
provide an overview of each of these high-risk programs.
Table 3
IT Areas and Systems At Risk
GAO OMB
High- High- GSA Time
Risk Risk Out
Agency/IT Project Series List Program\a
---------------------------- -------- -------- ----------
Federal Aviation � � �
Administration: Air Traffic
Control Modernization/
Advanced Automation System
Internal Revenue Service: �
Tax Systems Modernization
Department of Defense: �
Corporate Information
Management Initiative
National Weather Service � � �
Modernization
Department of Agriculture: * � �
Info Share Project
Department of Justice: * �
Information Systems Security
Department of State: IT * �
Operations and Security
GSA: Oversight of Major * �
Systems Development Efforts
Within GSA
Securities and Exchange * �
Commission: Management of
Systems Development Projects
Veterans Benefits * �
Administration: Claims
Modernization
Patent and Trademark Office * �
Modernization
------------------------------------------------------------
\a GSA has also conducted information resource management reviews
that have touched on several of these agencies and projects.
*Note: Though not designated as high-risk, GAO has issued reports
related to these areas. The reports are cited in the following
section.
--------------------
\6 Government Reform: Using Reengineering and Technology to Improve
Government Performance (GAO/T-OCG-95-2, Feb. 2, 1995); Improving
Government: Actions Needed to Sustain and Enhance Management Reforms
(GAO/T-OCG-94-1, Jan. 27, 1994); Information Resources: Summary of
Federal Agencies' Information Resources Management Problems
(GAO/IMTEC-92-13FS, Feb. 13, 1992).
GAO'S HIGH-RISK SERIES
---------------------------------------------------------- Letter :3.1
In 1990, GAO began a special effort to review and report on federal
program areas that we consider to be high-risk because they are
especially vulnerable to waste, fraud, abuse, and mismanagement, and
were potentially costing the government billions of dollars without
clear returns. This year, in recognition of the government's large
investment in information technology, we introduced a newly
designated high-risk area--information system modernizations.\7
We have placed four multimillion dollar information technology
initiatives on our list--air traffic control (ATC) modernization, tax
systems modernization (TSM), Defense's corporate information
management (CIM) initiative, and the National Weather Service's
modernization. These four are listed because they have experienced
past difficulties, involve complex technology, and are critical to
improving their agency's mission performance.
--------------------
\7 High-Risk Series: An Overview (GAO/HR-95-1, February 1995).
AIR TRAFFIC CONTROL
MODERNIZATION
-------------------------------------------------------- Letter :3.1.1
The ATC modernization is a $37-billion program aimed at overhauling
our nation's ATC system. Begun in 1981, this modernization has
changed significantly over the years in both size and content due to
changing requirements, new technologies, and project successes and
failures. Currently, the modernization involves over 150 separate
projects ranging from the remainder of the problem-plagued $6 billion
Advanced Automation System (AAS), to enroute and airport surveillance
radars, to various communication systems. Each of these projects
represents a story in and of itself, but perhaps none has received
more attention and publicity than AAS, which the Federal Aviation
Administration (FAA) totally restructured last year by canceling
portions and redirecting residual pieces. AAS failed because FAA did
not recognize the technical complexity of the effort, realistically
estimate the resources required, adequately oversee its contractor's
activities, or effectively control the system's requirements.\8
--------------------
\8 Advanced Automation System: Implications of Problems and Recent
Changes (GAO/T-RCED-94-188, Apr. 13, 1994).
TAX SYSTEMS MODERNIZATION
-------------------------------------------------------- Letter :3.1.2
The Internal Revenue Service's (IRS) vision of future business
operations includes virtually eliminating paper processing and
relying instead on electronic systems. Through FY 1995, IRS will
have spent or obligated over $2.5 billion on its over $8-billion TSM
initiative. However, IRS does not yet have a comprehensive business
strategy for maximizing cost-effective electronic returns
submissions. In addition, although IRS has efforts underway to
define and implement improvements to its strategic information
management, technical infrastructure, and software development
capability, these efforts are either incomplete or not yet
institutionalized throughout the agency. We are concerned that IRS
is continuing to develop systems with inadequate strategic management
and system development processes.\9
--------------------
\9 Tax Systems Modernization: Management and Technical Weaknesses
Must be Addressed if Modernization Is to Succeed (GAO/AIMD-94-156,
July 26, 1995); Tax Systems Modernization: Status of Planning and
Technical Foundation (GAO/T-AIMD/GGD-94-104, Mar. 2, 1994).
DEFENSE'S CORPORATE
INFORMATION MANAGEMENT
INITIATIVE
-------------------------------------------------------- Letter :3.1.3
Begun in 1989, the Department of Defense estimated that its Corporate
Information Management (CIM) initiative would save billions of
dollars by streamlining operations and enabling more effective
resource management through better use of IT. However, to date,
Defense has focused on selecting the best of its hundreds of
automated systems and standardizing their use across military
components rather than streamlining operations. Defense has
identified several opportunities to streamline or reengineer the
business processes supported by these systems--for example,
personnel, payroll, inventory management, supply distribution, and
contract administration--but few have been implemented. As a result,
Defense continues to spend about $3 billion annually to develop and
modernize automated information systems with little demonstrable
benefit. Few redundant systems have been eliminated and significant
savings have not yet materialized.\10
--------------------
\10 Defense Management: Stronger Support Needed for Corporate
Information Management Initiative to Succeed (GAO/AIMD/NSIAD-94-101,
Apr. 12, 1994); Defense ADP: Corporate Information Management Must
Overcome Major Problems (GAO/IMTEC-92-17, Sept. 14, 1992).
NATIONAL WEATHER SERVICE
MODERNIZATION
-------------------------------------------------------- Letter :3.1.4
The National Weather Service (NWS) estimates that its over
$4.5-billion program to modernize its weather observing, information
processing, and communications systems will now be completed by
1999--5 years beyond its original 1995 completion date. Moreover,
the Advanced Weather Interactive Processing System (AWIPS), which is
to be the centerpiece of this modernization, has recently experienced
design problems and is being restructured. Additionally, the
multiple systems that comprise the modernization have long proceeded
without the benefit of an overall architecture to guide their design,
development, and evolution. This has negatively affected the
modernization's cost and performance by requiring additional
resources to acquire, interconnect, and maintain hardware and
software.\11
--------------------
\11 Weather Forecasting: Unmet Needs and Unknown Costs Warrant
Reassessment of Observing System Plans (GAO/AIMD-95-81, Apr. 21,
1995); Weather Forecasting: Systems Architecture Needed for National
Weather Service Modernization (GAO/AIMD-94-28, Mar. 11, 1994).
OTHER RELATED WORK
-------------------------------------------------------- Letter :3.1.5
We have also reported on serious problems in each of the seven
additional IT areas that were either designated high-risk by OMB or
placed in Time Out by GSA. Although we have not designated these
situations as high risk, we are monitoring them as appropriate.
Following is a brief summary of our work related to each area.
The Department of Agriculture managed Info Share primarily as a
vehicle to acquire new IT rather than as an opportunity to
fundamentally improve business processes.\12
The Department of Justice was not ensuring that its highly
sensitive computer systems were adequately protected. In a
specific situation, the Drug Enforcement Administration (DEA)
had serious and fundamental computer security weaknesses that
collectively posed a significant risk to the integrity of DEA's
computer systems and the sensitive data they contain. During
the course of our work, we noted improvements in computer
security at Justice and DEA.\13
The Department of State had a poor history of managing information
resources and, as a result, continues to rely on inadequate and
obsolete IT. Such reliance has resulted in critical information
shortfalls as well as interruption of operations.\14
GSA needed a chief information officer to (1) provide a better
opportunity for ensuring top management involvement in linking
information management and technology to meet internal customer
needs and services and (2) provide a means to develop
performance measures to more accurately evaluate the return on
IT investments.\15 GSA subsequently created a full-time chief
information officer position.
The Securities and Exchange Commission's efforts to manage
development of a major system--the Electronic Data Gathering,
Analysis, and Retrieval System--resulted in a 3-year schedule
slippage and a nearly $20 million increase in the contract's
estimated cost.\16
The Veterans Benefits Administration (VBA) proceeded with plans to
deploy computer equipment even though it had not determined how
that equipment would improve the delivery of benefits to the
veteran. Also, the costs for the entire modernization were
indeterminate. Finally, we could not substantiate VBA's
contention that new computer equipment was needed to immediately
alleviate service problems caused by aging regional
equipment.\17
The Patent and Trademark Office's (PTO) processes for exercising
effective management control over development of the automated
patent system were weak. PTO management, the Department of
Commerce, and congressional oversight committees did not have
meaningful information on progress against cost baselines,
reasons for deviations from those baselines, or lessons learned
to apply to the next development cycle.\18
--------------------
\12 USDA Restructuring: Refocus Info Share Program on Business
Processes Rather Than Technology (GAO/AIMD-94-156, Aug. 5, 1994).
\13 Justice Automation: Tighter Computer Security Needed
(GAO/IMTEC-90-69, July 30, 1990); Computer Security: DEA Is Not
Adequately Protecting Sensitive Drug Enforcement Data
(GAO/IMTEC-92-83, Sept. 22, 1992).
\14 Department of State IRM: Strategic Approach Needed to Better
Support Agency Mission and Business Needs (GAO/AIMD-95-20, Dec. 22,
1994).
\15 Information Management: Need for a Chief Information Officer for
the General Services Administration (GAO/T-AIMD-94-98, Mar. 24,
1994).
\16 Securities and Exchange Commission: Effective Development of the
EDGAR System Requires Top Management Attention (GAO/IMTEC-92-85,
Sept. 30, 1992).
\17 Veterans Benefits: Redirected Modernization Shows Promise
(GAO/AIMD-94-26, Dec. 9, 1993).
\18 Patent and Trademark Office: Key Processes for Managing
Automated Patent System Development Are Weak (GAO/AIMD-93-15, Sept.
30, 1993).
OMB'S HIGH-RISK PROGRAM
---------------------------------------------------------- Letter :3.2
Following the disclosure of widespread and costly problems at the
Department of Housing and Urban Development in 1989, OMB implemented
its high-risk program to identify federal programs that are at risk
of abuse, fraud, and waste, as well as to suggest needed corrective
actions. Issues included on OMB's high-risk list are generally
derived from Federal Managers' Financial Integrity Act reports sent
by agency heads to the President, and from other sources, including
reports by inspectors general and GAO. Upon designation of a
high-risk issue, OMB works with the agency to ensure that appropriate
attention is given to the area. A progress report providing OMB's
assessment of agency efforts is published annually in the budget.
At the beginning of 1995, the OMB high-risk list contained a total of
57 areas. Although OMB does not categorize the areas on its
high-risk list, we found seven items that are substantially IT
related. The following is a brief synopsis of these seven IT-related
areas.
The Department of Agriculture's planning for its Info Share project
is not effective. With estimated costs of $260 million between
1995 and 1997 and $1 billion over the project's life, Info Share
will entail information integration, reengineering, and
automatic data processing procurements to support departmentwide
reorganization.
The National Weather Service's $4.5-billion modernization has more
than doubled in cost and has experienced major schedule delays
since its inception. AWIPS, which is necessary to realize the
full benefits of the modernization, has been delayed due to the
contractor's inability to deliver a government-approved system
design.
The Department of Justice's security over its data processing sites
and systems is inadequate. While Justice has active efforts
underway to improve security, sensitive litigation and law
enforcement information remains at risk.
The Department of State's operations are hampered by information
management deficiencies. While State has made progress, the
adequacy of its IT infrastructure to support mission-critical
operations and ensure the security of sensitive information
remains at risk.
The Federal Aviation Administration's AAS, a $6-billion program,
has suffered from cost overruns, schedule delays, and the
potential for conflict of interest in FAA's monitoring of the
program.
GSA's oversight of its own major information systems has weaknesses
that have resulted in risk of substantial investments in systems
that may not perform as intended, although significant progress
has been made in this area. GSA's budget for major systems
development efforts is approximately $99 million.
The Securities and Exchange Commission's management of computer
systems development projects needs improvement. These projects
totalled $21.3 million in the FY 1995 budget. Assurance that
this expenditure will result in systems that produce accurate,
timely, and useful information remains at risk, although
significant progress has been made.
GSA'S TIME OUT PROGRAM
---------------------------------------------------------- Letter :3.3
In mid-1994, GSA established its "Time Out" program to focus
attention on some of the largest and most important federal IT
acquisitions that have experienced problems. GSA has a special
interest in this area because it is the federal government's central
agency with responsibility for procuring IT. With the Time Out
program, GSA established a means to cancel or restrict the
procurement authority that had previously been delegated to an
agency. A key feature of the Time Out program is GSA's requirement
that the agency, for the project in question, either bring the
project to a halt or cease new initiatives while an independent
assessment, which entails total reconsideration of the project, is
conducted. After the independent assessment is completed, the agency
is expected to restructure the project to include goals and interim
measures for tracking progress before delegated procurement authority
is restored.
GSA uses four criteria to identify high-risk projects that should be
considered candidates for Time Out:
cost overruns, which signal poor contractor performance, poor
management, or ineffective controls,
schedule delays, which can indicate a lack of agency focus,
management problems, or unresolved technology issues,
failure to meet mission objectives, as evidenced by changes in
program scope, milestones, or contractual requirements, which
can indicate that a program is being modified to correct
deficiencies, and
management problems, as evidenced by high-level leadership changes
or organizational restructuring, which can indicate that a
program is encountering difficulties.
GSA has placed five projects in Time Out since the program was
established--VBA's claims modernization, FAA's AAS, the National
Weather Service's AWIPS, Agriculture's Info Share, and Patent and
Trademark Office modernization.
VBA MODERNIZATION
-------------------------------------------------------- Letter :3.3.1
In mid-May 1994, GSA modified the delegation of procurement authority
for the VBA claims modernization. VBA's intent for this project was
to replace its aging computer systems with a new integrated,
decentralized system to improve timeliness in processing claims for
compensation and pension benefits. GSA became concerned about a
schedule slippage in realizing performance improvements planned
during the first stage of the modernization. This first stage
involves a $300-million contract for computer and communications
equipment, packaged software, and related services.
FAA'S ADVANCED AUTOMATION
SYSTEM
-------------------------------------------------------- Letter :3.3.2
In late-May 1994, GSA restricted the delegation of procurement
authority for AAS until a restructuring plan could be approved by
GSA. AAS has been the $6-billion centerpiece of FAA's plans to
modernize the aging air traffic control system. GSA placed the
system in Time Out because it was concerned about planned
restructuring of the program to address serious cost overruns and
schedule delays.
NWS' ADVANCED WEATHER
INTERACTIVE PROCESSING
SYSTEM
-------------------------------------------------------- Letter :3.3.3
In August 1994, GSA placed AWIPS in Time Out by directing that the
AWIPS-90 contract not be modified to restructure the project without
GSA approval. AWIPS, which is expected to cost $525 million, is the
principle integrating system for NWS' $4.5-billion modernization
effort. GSA was concerned about significant software development,
integration, contractual, and program management difficulties with
AWIPS.
AGRICULTURE'S INFO SHARE
-------------------------------------------------------- Letter :3.3.4
In September 1994, GSA cancelled the delegation of procurement
authority it had previously issued to the Department of Agriculture
for its $2.6-billion Info Share initiative, which was designed to
improve operations and provide better service to farmers. In taking
this action, GSA expressed concern about the lack of a firm
definition for the Info Share initiative. Also, GSA took the
position that IT acquisitions planned under Info Share might not
support Agriculture's strategic plans.
PTO MODERNIZATION
-------------------------------------------------------- Letter :3.3.5
In January 1995, GSA placed PTO's $955-million modernization in Time
Out by restricting the delegation of procurement authority for the
Automated Patent System pending an independent assessment of the
program. In placing PTO's modernization in Time Out, GSA noted that
the modernization will take twice as long and cost three times as
much as originally planned. Additionally, GSA noted that the
modernization has undergone restructuring and that the current
modernization strategy is unclear.
OMB/GSA PROPOSAL FOR IMPROVING
OVERSIGHT OF INFORMATION
TECHNOLOGY INVESTMENTS
------------------------------------------------------------ Letter :4
These various high-risk programs, for the most part, identify
problems that are already serious by the time the systems are put on
these lists. More emphasis needs to be placed on improving the
entire IT planning and acquisition process in order to ensure that
the most appropriate IT projects receive funding and that they are
well managed and kept on track.
At the request of the Vice President, OMB and GSA chaired an
interagency working group to review the current process for planning
and acquiring technology and to recommend improvements. In its May
19, 1995, report to members of the President's Management Council and
senior federal information resource management officials, the working
group presented three key findings:
The most important points in the life cycle of an IT investment
occur well before the present oversight process begins. The
oversight process should be focused on promoting sound capital
planning, which begins with an analysis of how IT investments
will be used to improve an agency's business processes.
To help manage their IT investments, agencies need to draw upon the
government's best experience and talent across agency lines.
This will assist the agencies in managing their complex systems
projects and pursuing development efforts on functions that
could yield cross-agency or governmentwide benefits.
Agencies need to rely more on the use of incremental and
evolutionary approaches to major systems development and
acquisition, rather than undertaking large, unwieldy projects.
As the working group noted, similar conclusions were reached in
studies prepared by the Senate Subcommittee on Oversight of
Government Management and the District of Columbia, chaired by
Senator Cohen, and in GAO's work on the information management
practices of leading public and private sector organizations.
The working group also offered a number of recommendations to address
these findings, including the following:
Revise OMB Circular A-11 to emphasize the importance of basing IT
investment decisions on an analysis of business needs;
comparative measures of cost, benefits, and risks among IT
projects; and performance measurement.
Establish two separate interagency groups to (1) advise OMB and GSA
on the initial approval and subsequent management of large,
complex, or risky IT investments and (2) identify opportunities,
suggest technical and organizational approaches, and set
priorities for cross-agency or governmentwide use. In reviewing
funding requests, OMB would not recommend funding for IT
investment proposals that were inconsistent with the advice of
the groups, unless the requesting agency made a reasonable
counter-argument.
Draft legislation and revise OMB Circular A-109, "Major System
Acquisitions," to promote and support modular acquisitions;
maximize reliance on purchasing commercial off-the-shelf
technologies; and ensure that acquisition programs set realistic
cost, schedule, and performance goals.
Continue GSA's Time Out program to revoke or condition delegation
of procurement for system development projects experiencing
serious trouble that are not being effectively managed by the
agency.
OMB and GSA are currently responding to agencies' comments on the
working group's findings and recommendations as a step toward
implementing the group's proposal.
THE NEED FOR FUTURE ACTION
------------------------------------------------------------ Letter :5
Recognizing the far-reaching importance of this issue, we have made
IT investment a major issue in our ongoing work. We are working
closely with OMB to prepare a guide for agencies to use in evaluating
IT investments. And we are currently developing a framework for
making IT investment decisions. This framework can be used by
agencies to guide their decision-making process and to help implement
a disciplined approach for maximizing mission benefits and managing
risks.
Given the importance of this issue to overall government reform, it
is important that the Congress maintain its scrutiny over IT spending
and continue to identify areas where unsound investments are being
made. This needs to be done, not only from a governmentwide
perspective, but also on an agency-by-agency level, where the
spending decisions are being made. Agencies must be encouraged to
establish an outcome-oriented, integrated strategic information
management process that is focused on improving service delivery and
product responsiveness, and on costs and quality--based on customer
needs. Mission planning, program budgeting, and IT investment
decisions should be clearly linked to the achievement of these
performance goals. Accordingly, the congressional committees for
oversight, budget, and appropriations all need to be active in
ensuring that agencies can justify IT investments, based on each
project's costs, risks, and benefits for meeting critical mission
needs.
We look forward to providing additional assistance to the Committee
in this important area. If you have questions about the information
in this letter, please contact me at (202) 512-6406. Major
contributors to this report are listed in appendix III.
Sincerely yours,
Christopher W. Hoenig
Director, Information Resources Management/
Policies and Issues
OMB'S OLD A-11, SECTION 43
REPORTING REQUIREMENTS
=========================================================== Appendix I
For reporting prior to FY 1996, circular A-11 required agencies to
report IT-related obligations under five major categories:
Capital Investment: obligations incurred for real and personal
property, including the purchase of computer hardware and
software, telephones, and site construction and modifications to
support computer facilities.
Personnel: work-years and related obligations for civilian and
military compensation, benefits, and travel for personnel whose
principal duties are directly related to information technology
systems.
Equipment rental, space, and other operating costs: obligations
for those costs incurred for government-owned,
government-operated facilities, including the lease of hardware
and software.
Commercial services: obligations for network services or
facilities where payments are made directly to private industry,
including certain types of contracts for computer system time;
voice and data communications; operations and maintenance
services; systems analysis, programming, design, and engineering
services; management studies; and other contractual obligations
that make significant use of data-processing equipment.
Transfer Payments: obligations for payments and offsetting
collections for information technology services (1) between
executive branch agencies, (2) within individual agencies, and
(3) provided to or received from the judicial and legislative
branches, the Postal Service, state and local governments, and
several other entities.
Table I.1 presents a dollar breakout of the five major categories by
subcategories.
Table I.1
IT-Related Obligations According to Old
Categories
(Dollars in thousands)
Fiscal Fiscal Fiscal
year year year
1991 1993 1995
Category (actual) (actual) (planned)
------------------------ ---------- ---------- ----------
Capital Investment
Equipment $4,602,569 $4,906,738
Software, other $3,914,902 720,970 789,758
equipment 644,447 442,262 388,166
Site or facility 338,659
Personnel 5,159,845 5,640,706 5,892,135
Compensation, benefits,
travel
Equipment, Rental, 376,252 283,705 264,291
Space, Other 124,056 127,344 130,384
Equipment lease 190,864 266,161 332,200
Software lease 869,929 865,830 909,669
Space
Supplies, other
Commercial Services 178,767 176,178 161,984
ADP equipment time 2,317,726 2,190,784 2,233,561
Voice communication 975,198 1,412,673 1,477,690
Data communication 3,745,147 3,963,971 4,383,480
Operations, 2,556,338 2,911,975 3,445,545
maintenance 504,158 765,241 895,082
System design, 383,972 511,248 541,871
analysis
Studies, other
Significant use of IT
Transfer Payments -214,837 -677,357 -720,271
Inter-agency services 36,091 -187,280 -80,133
Intra-agency services -29,807 957,400 1,354,527
Other services
============================================================
Total $22,071,70 $24,974,38 $27,306,67
7 0 7
------------------------------------------------------------
Source: Office of Management and Budget.
IT-RELATED OBLIGATIONS FOR FY 1991
THROUGH FY 1996
========================================================== Appendix II
(Dollars in thousands)
Fiscal Fiscal Fiscal Fiscal Fiscal Fiscal
year year year year year year
Agency 1991 1992 1993 1994 1995 1996
-------- ---------- ---------- ---------- ---------- ---------- ----------
Air
Force
$2,658,679 $2,374,296 $2,410,126 $2,091,316 $1,912,591
Planned 2,231,397 2,391,751 2,287,567 1,957,019 $1,792,235
\a 2,740,445 2,479,963 2,341,445 1,715,367 1,808,441
Estimat
ed\b
Actual\
c
Army
2,261,849
2,951,049 2,821,008 2,561,964 2,153,579 2,147,499 1,802,341
Planned 2,569,493 2,703,519 2,306,318 1,890,485 1,807,988
Estimat 2,612,430 2,586,209 2,322,378
ed
Actual
Navy
2,421,836
2,433,291 2,614,436 2,584,182 2,232,384 2,305,940 2,210,516
Planned 2,584,287 2,502,527 2,492,873 2,189,701 2,195,823
Estimat 2,563,562 2,574,335 2,383,948
ed
Actual
Defense-
Other 2,716,038
1,481,431 1,733,138 1,993,029 3,175,537 3,536,576 3,155,043
1,357,413 1,874,447 2,797,405 3,068,141 3,040,959
Planned 1,650,071 2,246,943 2,709,481
Estimat
ed
Actual
Agricult
ure 827,350
817,417 873,955 773,946 1,085,694 1,173,974 1,130,657
822,885 825,336 757,523 934,200 988,272
Planned 640,920 696,521 904,243
Estimat
ed
Actual
Commerce 620,952
453,056 570,162 513,846 629,907 717,544 791,998
474,992 521,054 541,764 593,051 690,892
Planned 458,051 535,174 569,887
Estimat
ed
Actual
Educatio
n 247,594
103,595 98,859 120,990 216,121 311,040 385,979
91,981 95,460 128,749 205,002 285,425
Planned 100,110 106,118 137,639
Estimat
ed
Actual
Energy
1,407,486 1,792,404
1,561,106 1,688,299 1,858,846 1,881,580 1,987,790 1,564,050
Planned 1,666,621 1,768,392 1,737,434 1,422,196 1,497,850
Estimat 1,697,403 1,881,404
ed
Actual
HHS
857,817 1,787,843
1,278,590 1,390,761 1,493,694 2,825,347 2,910,042 2,268,510\
Planned 1,315,855 1,420,620 1,521,410 2,404,481 3,012,366 d
Estimat 1,417,405 2,366,989
ed
Actual
HUD
165,758 152,907
119,654 140,508 149,252 139,245 157,450 152,430
Planned 131,575 143,122 121,329 138,535 175,851
Estimat 131,849 128,192
ed
Actual
441,054 517,588 521,865
Interior 454,699 471,643 534,471
449,225 498,383 490,041 517,428 540,162 533,895
497,795 534,836
Planned 455,144
Estimat
ed
Actual
Justice 621,946 903,892 897,586
619,838 788,233 884,856
663,627 802,258 832,735 953,264 957,727 971,832
Planned 866,680 922,608
Estimat 677,602
ed
Actual
Labor 145,865 153,189 170,130
142,949 165,966 156,261
143,944 157,591 169,917 142,198 182,983 189,180
Planned 156,386 164,112
Estimat 170,130
ed
Actual
State 386,099 351,831 337,635
335,046 329,719 346,231
344,791 358,219 347,369 315,230 382,871 340,307
Planned 345,211 316,834
Estimat 318,774
ed
Actual
Transpor 429,790 3,045,650 2,482,504
tation 1,806,122 2,296,129 1,957,579
1,679,363 2,057,854 1,750,399 2,122,400 2,179,851 2,653,200
1,856,569 2,331,600
Planned 2,187,464
Estimat
ed
Actual
1,340,522 2,051,344 1,772,869
Treasury 1,321,616 1,777,469 1,800,648
1,330,186 1,653,551 1,722,587 1,588,313 2,132,296 2,119,695
1,742,273 1,621,846
Planned 1,473,549
Estimat
ed
Actual
VA 516,189 604,927 613,278
574,290 675,827 661,286
571,797 608,531 642,019 703,523 684,229 835,012
Planned 635,198 739,784
Estimat 603,655
ed
Actual
NASA 1,803,739 1,917,746 2,127,654
1,722,373 2,066,247 1,763,821
1,588,667 1,966,729 2,002,034 1,604,458 1,752,469 1,576,493
Planned 1,781,677 1,525,870
Estimat 1,776,679
ed
Actual
Others 1,575,782 1,403,746 1,398,158
1,404,395 1,356,760 1,398,890
1,420,193 1,517,627 1,271,673 948,758 1,453,999 1,895,870
Planned 1,628,826 1,165,850
Estimat 1,384,179
ed
Actual
================================================================================
Total $20,544,46 $25,409,78 $25,241,76
1 8 8
$21,485,04 $23,951,41 $24,620,36 $25,800,45 $27,306,67 $26,489,59
Planned 7 5 5 6 7 9
Estimat $22,071,70 $23,754,22 $24,974,38 $23,456,73 $24,827,20
ed 7 9 0 1 7
Actual $23,530,36
9
--------------------------------------------------------------------------------
\a Planned refers to the estimated obligations contained in the
budget request for the fiscal year.
\b Estimated refers to obligations estimated for the fiscal year
underway that are contained in the budget request for the upcoming
fiscal year.
\c Actual refers to actual obligations incurred.
\d The fiscal year 1996 planned obligations for HHS do not include
$765,490,000 in planned obligations by the Social Security
Administration, which became an independent agency effective March
31, 1995.
Source: Office of Management and Budget.
MAJOR CONTRIBUTORS TO THIS REPORT
========================================================= Appendix III
ACCOUNTING AND INFORMATION
MANAGEMENT DIVISION, WASHINGTON,
D.C.
John P. Finedore, Assistant Director
Mark T. Bird, Senior Evaluator
*** End of document. ***