Land Management Systems: BLM's Actions to Improve Information Technology
Management (Letter Report, 02/27/2001, GAO/GAO-01-282).

GAO reviewed steps taken by the Bureau of Land Management (BLM) to
strengthen its information technology (IT) investment management and
acquisition capabilities. The bureau took these actions to address
recommendations made in an earlier report on the failure of the
Automated Land and Mineral Record System (ALMRS) to meet BLM's business
needs. GAO found that since 1999, BLM has been working to implement GAO
recommendations to determine the usefulness of ALMRS and to assess and
strengthen its IT investment management and acquisition capabilities.
Although the bureau has not yet finished these efforts, it has begun to
apply improved management strategies for selecting IT investments,
develop processes and practices for controlling and evaluating
investments, and build a more mature systems acquisition capability.
However, before completing and institutionalizing new investment control
processes, the bureau has begun moving forward with an IT acquisition.
As a result, BLM's efforts may be subject to the same project management
and management oversight risks that adversely affected the
ALMRS/Modernization.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  GAO-01-282
     TITLE:  Land Management Systems: BLM's Actions to Improve
	     Information Technology Management
      DATE:  02/27/2001
   SUBJECT:  Land management
	     Information resources management
	     Information technology
	     ADP procurement
	     Systems design
IDENTIFIER:  BLM Automated Land and Minerals Record System

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-01-282

Report to the Chairman and Ranking Minority Member, Subcommittee on Interior
and Related Agencies, Committee on Appropriations, House of Representatives

February 2001 LAND MANAGEMENT SYSTEMS

BLM's Actions to Improve Information Technology Management

GAO- 01- 282

Lett er

February 27, 2001 The Honorable Joe Skeen Chairman The Honorable Norman D.
Dicks Ranking Minority Member Subcommittee on Interior and Related Agencies
Committee on Appropriations House of Representatives

This report presents the status of actions taken by the Bureau of Land
Management (BLM) to strengthen its information technology (IT) investment
management and acquisition capabilities. The bureau has been taking these
actions to address recommendations we made when we reported that the
Automated Land and Mineral Record System (ALMRS)

Initial Operating Capability (IOC)- the major software component of BLM's
ALMRS/ Modernization- failed to meet BLM's business needs and was not
deployable. 1 We made the recommendations to help BLM reduce the risks that
future IT efforts would fail.

At your request, we reviewed BLM's actions to implement our recommendations
and improve its management of IT. Accordingly, our objectives were to
determine whether BLM (1) has adequately assessed ALMRS IOC and other
alternatives to meet its business needs, (2) has adequately strengthened its
investment management practices, (3) is using

sound system acquisition processes, (4) has integrated its investment
management and systems acquisition improvement projects and developed an
overall plan and schedule for completing this integrated improvement work,
and (5) is planning to undertake any sizable systems acquisition or
development efforts before strengthening its information technology program.
Our objectives, scope, and methodology are presented in appendix I. We
performed our work from February 2000 through

December 2000 in accordance with generally accepted government 1 Land
Management Systems: Major Software Development Does Not Meet BLM's Business
Needs (GAO/ T- AIMD- 99- 102, March 4, 1999) and Land Management Systems:
Status of BLM's Actions to Improve Information Technology Management (GAO/
AIMD- 00- 67, February 24, 2000).

auditing standards. We requested comments on a draft of this report from the
Department of the Interior. The Acting Assistant Secretary for Lands and
Minerals provided us with written comments that are discussed in the
“Agency Comments” section and reprinted in appendix II.

Results in Brief Since 1999, BLM has been working to implement our
recommendations to determine the usefulness of ALMRS IOC and assess and
strengthen its IT investment management and acquisition capabilities.
Although the bureau has not yet finished these efforts, it has begun to
apply improved management strategies for selecting IT investments, develop
processes and practices for controlling and evaluating investments, and
build a more mature systems acquisition capability.

BLM performed a preliminary analysis of ALMRS IOC to determine whether all
or part of the software could be used to meet the bureau's business needs.
As we reported last year, BLM's chief information officer (CIO) plans to
perform a final analysis of ALMRS IOC after the

development of an enterprise architecture. 2 However, the enterprise
architecture is not yet complete, and therefore the final analysis of ALMRS
software has not yet been conducted. BLM is continuing to address our
recommendations to strengthen its investment management processes and
practices and its systems acquisition capabilities. The bureau is developing
an IT investment management program, an enterprise architecture, and IT
acquisition

practices to help avoid future problems and failures similar to ALMRS IOC.
The bureau is also beginning to address our recommendation to integrate all
these improvement projects. Senior BLM officials told us that, as a result
of our follow- up work, the bureau plans additional corrective actions,
including revising its IT capital asset plan, strategic information
resources management (IRM) plan, IRM process improvement plan, and IT

investment management process. However, before completing and
institutionalizing new investment control processes, the bureau has begun
moving forward with an IT acquisition. As a result, BLM's efforts may be
subject to many of the same project 2 An enterprise architecture is the
explicit description of the current and desired

relationships between business and management processes and information
technology. BLM refers to its enterprise architecture as the bureau
architecture.

management and management oversight risks that adversely affected the ALMRS/
Modernization. We are therefore recommending that BLM establish procedures
to ensure that the acquisition project and associated risks are properly
managed and controlled.

Background BLM's mission is to sustain the health, diversity, and
productivity of public lands for the use and enjoyment of present and future
generations. The bureau is responsible for approximately 264 million acres
of public land in 28 states and public resources, including rangelands,
timber, minerals, watersheds, wildlife habitats, wilderness and recreation
areas, and archeological and historical resources. It also manages the
subsurface mineral resources underlying another 300 million acres of land

administered by other government agencies or owned by private interests. The
bureau has 189 offices that maintain over 1 billion paper documents,
including land surveys and surveyor notes, records of land ownership, mining
claims, and oil and gas leases. According to BLM, most of the paper
documents are deteriorating and are becoming increasingly difficult to read.

In the mid- 1980s BLM began planning to acquire a land and mineral case
processing system to keep up with its increasing workload and automate its
manual records and case processing activities. By 1993, BLM decided on the
scope and functionality of the project, called the ALMRS/ Modernization. The
project consisted of three major components: the ALMRS IOC, a geographic
information system, 3 and the modernization of BLM's computer and
telecommunications infrastructure and rehost of selected management and
administrative systems. ALMRS IOC- the flagship of the ALMRS/ Modernization-
was to provide the capability to more efficiently record, maintain, and
retrieve land description, ownership, and use information to support BLM,
other federal programs, and

interested parties. 3 A geographic information system is computer technology
designed to assemble, store, manipulate, and display geographically
referenced data, such as the location of a lake, oil well, or wildlife
habitat.

Since 1995 we have issued several reports and made numerous recommendations
to address the problems and risks that threatened the successful development
and deployment of the ALMRS/ Modernization. 4 In October 1998 an operational
assessment test and evaluation showed that ALMRS IOC was not ready to be
deployed because it did not meet BLM's business needs. The bureau
subsequently stopped the ALMRS project. At the time the project was
terminated, BLM estimated that from 1983 through

1998 it had obligated about $411 million for the ALMRS/ Modernization
project, of which over $67 million was spent to develop ALMRS IOC software.

In 1999, we testified on the long- standing project weaknesses at BLM that
threatened the ALMRS/ Modernization and increased the risks that future
efforts would result in a similar outcome. 5 We recommended that BLM assess
the usefulness of ALMRS IOC and other alternatives to meeting the bureau's
business needs, and strengthen its investment management processes and
systems acquisition capabilities. In February 2000, we reported that BLM was
in the early stages of addressing our recommendations, and we further
recommended that BLM develop a plan to integrate all these corrective
actions and establish a schedule for completing them. 6

4 Land Management Systems: Progress and Risks in Developing BLM's Land and
Mineral Record System (GAO/ AIMD- 95- 180, August 31, 1995), Land Management
Systems: BLM Faces Risks in Completing the Automated Land and Mineral Record
System (GAO/ AIMD- 97- 42, March 19, 1997), Land Management Systems:
Information on BLM's Automated Land and Mineral Record System Release 2
Project (GAO/ AIMD- 97- 109R, June 6, 1997), Land Management Systems:
Actions Needed in Completing the Automated Land and Mineral Record System
Development (GAO/ AIMD- 98- 107, May 15, 1998), and Land Management Systems:
Major Software Development Does Not Meet BLM's Business Needs (GAO/ AIMD-
99- 135, April 30, 1999). 5 Land Management Systems: Major Software
Development Does Not Meet BLM's Business Needs (GAO/ T- AIMD- 99- 102, March
4, 1999). 6 Land Management Systems: Status of BLM's Actions to Improve
Information Technology Management (GAO/ AIMD- 00- 67, February 24, 2000).

Preliminary ALMRS Because of the enormous investment made in ALMRS IOC and
the failure

IOC Analysis of the software to meet BLM's needs, we recommended that the
Secretary of the Interior ensure that BLM thoroughly analyze the ALMRS IOC

Completed; Final software to determine whether it could be cost beneficially
modified to

Analysis Is Still meet the bureau's needs. We pointed out that this analysis
should be part of Planned

an overall effort to identify and assess all alternatives, including (1)
modifying the ALMRS IOC software, (2) modifying existing land and
recordation systems, (3) acquiring commercial, off- the- shelf software, or
(4) developing new systems. We also stated that the alternatives analysis
should clearly identify the risks, costs, and benefits of each alternative
and

should be performed after BLM is assured that it has verified its current
business requirements.

In February 2000, we reported that BLM had prepared a preliminary report on
its technical and functional analysis of ALMRS IOC, and concluded that ALMRS
IOC was not operationally ready for deployment because it did not meet the
bureau's business needs. 7 This conclusion was based on the determination
that ALMRS IOC (1) was difficult to use and labor- intensive, (2) was poorly
integrated into BLM's business processes, (3) was too slow, and (4) would be
difficult and costly to maintain and operate. The bureau stated that
although some of these problems could be solved, ALMRS IOC could not be
repaired without a major technical effort and significant costs. At that
time, BLM's CIO told us that the bureau planned to complete its

analysis of ALMRS IOC and other alternatives after it established the bureau
architecture and its business needs were known. The CIO noted that
establishing an architecture is a necessary precursor to completing the

analysis of ALMRS IOC and other alternatives because the architecture would
document the bureau's business processes and information needs. As part of
its final analysis, BLM planned to determine whether parts of ALMRS IOC
could be useful for future IT efforts.

BLM developed an initial version of the bureau architecture in early 2000.
It has also used non- software portions of ALMRS IOC, such as system
specifications and documentation, to support other, ongoing information
systems efforts. BLM's CIO told us that the bureau does not plan to complete
a final analysis of ALMRS IOC and other alternatives until it finishes
additional work to complete the bureau architecture. The bureau

expects to complete its work on the architecture by the end of 2003. 7 GAO/
AIMD- 00- 67, February 24, 2000.

Corrective Actions to The absence of adequate investment management
processes and practices Strengthen BLM's

at BLM was a significant factor contributing to the failure of ALMRS IOC. To
reduce the risk that future IT efforts would fail and to help establish
Investment disciplined investment management as required by the Clinger-
Cohen Act, 8 Management Practices we recommended that the Secretary of the
Interior ensure that BLM assess Continue and strengthen its investment
management practices to help avoid future problems. Sound investment
management practices include (1) developing a capital asset plan, (2)
developing strategic plans, (3) establishing an investment management board,
(4) developing and implementing

investment selection, control, and evaluation processes, (5) assessing staff
skills, and (6) developing an information technology architecture to help
properly manage new and ongoing IT projects.

IT Capital Asset Planning Is The Clinger- Cohen Act requires agencies to use
capital planning to guide

Under Way, but Not Yet the acquisition and management of IT, and the Office
of Management and

Finished Budget (OMB) has issued guidance to assist agencies in developing a

disciplined capital planning process. 9 OMB's guidance describes the key
elements of an agency capital asset plan, including a statement of the
relevant agency strategic plans, an analysis of existing systems and planned
acquisitions, a gap analysis that identifies the agency objectives that
cannot be met with existing IT assets, and justification for new spending.

BLM approved an IT capital asset plan, dated October 25, 1999, which
outlines capital planning procedures for major IT acquisitions. The plan
specifies the relationship between BLM's IT assets and the program
performance goals identified in its strategic business plan. However, the

plan is not yet complete, in that it does not include an analysis of the IT
assets already owned by the agency and assets being acquired, an analysis of
the gap between actual and planned performance, or justification for new
acquisitions proposed for funding, as recommended by OMB guidance.

According to BLM's Deputy CIO, the bureau expects to revise and restructure
its capital asset plan now that an initial version of the bureau

8 The Clinger- Cohen Act of 1996 seeks to maximize the return on investments
in information systems by requiring agencies to institute sound capital
investment decision- making. Under the act, agencies must design and
implement a process for maximizing the value and assessing and managing the
risks of IT acquisitions. 9 Office of Management and Budget, Capital
Programming Guide, Version 1.0, Supplement to OMB Circular A- 11, July 1997.

architecture has been developed. The Deputy CIO added that BLM is planning
to incorporate OMB's recommended analyses and justifications in its revised
plan. The analyses and justifications should help to guide the acquisition
and management of BLM's IT assets and investments. BLM expects to finish
revising the capital asset plan by the end of fiscal 2001.

Improvements to BLM's The Clinger- Cohen Act requires agencies to ensure
that IT is acquired and

Strategic IRM Plan Are information resources are managed in a manner
consistent with the Under Way, but Not Yet

Paperwork Reduction Act of 1995. The Paperwork Reduction Act requires
Complete

agencies to develop and maintain a strategic IRM plan that integrates IT
investment processes with their processes for making budget, financial, and
program management decisions. OMB has issued guidance to assist agencies in
developing strategic IRM plans that are consistent with the requirements of
the Paperwork Reduction Act. 10 BLM is revising its 1997 2002 strategic IRM
plan, dated March 12, 1998. Our review of a draft of BLM's 2001 2005
strategic IRM plan showed that the draft plan includes a section on
organizational effectiveness. The plan also shows how BLM's IRM goals relate
to, and support, bureauwide goals and objectives. However, the plan is not
yet complete in that it does not describe how IRM activities will help
accomplish BLM's mission, nor does it ensure that IRM decisions are
integrated with decisions on organizational

planning, budget, procurement, financial management, human resources
management, and programs, both of which are recommended by OMB in its
strategic planning guidance. BLM's Deputy CIO told us that the bureau is
revising its draft strategic IRM plan now that an initial version of the
bureau

architecture has been developed. According the Deputy CIO, the revised
strategic IRM plan will be completed by the end of fiscal year 2001 and will
include the information recommended by OMB. Inclusion of the information
recommended by OMB should help ensure that BLM's strategic

IRM plan will support IT investment management at the bureau. 10 Office of
Management and Budget Circular A- 130, Management of Federal Information
Resources, November 30, 2000.

Information Technology The Clinger- Cohen Act requires agencies to manage IT
investments by Investment Board Has Been

using processes and information to ensure that IT projects are Established
and Its Role Is

implemented at acceptable costs and within reasonable and expected time
Evolving

frames, and are contributing to tangible and observable improvements in
mission performance. OMB's and our joint guidance identifies attributes that
are critical for achieving successful investment management practices,

including senior management attention to those practices. 11 Senior managers
should have the authority to make key business and funding decisions on IT
projects and use a disciplined and structured management forum for making
key IT investment decisions with the authority to approve, cancel, or delay
projects, mitigate risks, and validate expected returns. This guidance also
describes key phases that should be part of a

mature IT investment management process that provides for the continual
selection, control, and evaluation of information technology investments.
BLM has established an Information Technology Investment Board (ITIB)
composed of senior- level program, IRM, and financial managers, with a
charter that clearly defines the board's roles, responsibilities, and
functions. For example, the charter specifies that the board is responsible
for decisions regarding the initiation, development, implementation, and

evaluation of major IT investments. The charter also outlines the functions
of the board, including (1) developing an information technology
architecture, (2) selecting IT investments, (3) managing and controlling IT
activities, and (4) evaluating IT investments after implementation. On
August 24, 2000, BLM revised the ITIB charter to help further improve the
bureau's selection, control, and evaluation processes. The charter revisions
included (1) adding project life- cycle costs as selection assessment
criteria, (2) adding progress reports on key project milestones and
expenditures as

part of the ITIB's management and control processes, and (3) plans to better
align the schedule of ITIB meetings and activities with the bureau's budget
cycle.

Since its creation in 1998, BLM's ITIB has approved 17 projects for funding
based on criteria it established to select IT projects. These criteria
include evaluating whether projects (1) support BLM's core business
functions, (2) address work processes that have been simplified or
redesigned to 11 Evaluating Information Technology Investments: A Practical
Guide, Version 1.0, Office of Information and Regulatory Affairs,
Information Policy and Technology Branch, Office of

Management and Budget, November 1, 1995. This guide was prepared
cooperatively by OMB and us.

reduce cost and improve effectiveness, (3) demonstrate a projected return on
investment that is equal to or better than alternative uses of available
resources, (4) are consistent with the bureau architecture, and (5) include
a

risk reduction strategy. While these actions represent improvements, BLM has
not yet established criteria and processes to properly control and evaluate
IT investments. For example, the ITIB reviews ongoing projects at major
project milestones or when additional funding is needed, while our guidance
recommends and

best practices suggest that in the control phase, information should be
continually collected, updated, and provided to decisionmakers so they can
identify projects that are at risk and act early to mitigate those risks or
terminate the project. The ITIB also has not yet developed criteria for the
evaluation phase that would measure actual versus projected performance and
identify benefits that were achieved by an IT investment. Without
identifying control and evaluation criteria and implementing such

processes, BLM does not yet have in place all the elements necessary to
properly manage its IT investments. BLM's CIO told us that the ITIB has
worked to first establish and implement processes to select IT projects and
establish selection criteria, including whether a project adequately
supports the bureau's architecture. Now that those processes and criteria
are in place, the board is beginning to focus on establishing processes to
control ongoing IT projects. For example, the bureau is currently developing
a tracking system to help ensure that the ITIB can review and

control approved projects. The ITIB also has not yet incorporated the
bureau's strategic planning, capital planning, or budget cycle as part of
the project selection, control, or evaluation criteria. For example, the
ITIB charter does not recognize the bureau's strategic or annual performance
plans as part of its selection,

control, or evaluation processes. In addition, although the charter
indicates that the ITIB will use BLM's capital asset plan or strategic plan
as guidance in identifying the bureau's business needs, the charter focuses
only on the bureau's architecture to identify those needs. BLM's CIO told us
that the ITIB's charge, as identified in the board's charter, will be
revised and updated as the bureau's investment management processes mature.
BLM plans to include strategic and capital planning criteria as part of its
selection, control, and evaluation cycle, and also plans to coordinate the

cycle as part of its budget planning process.

Investment Management BLM has drafted a document that is intended to
describe the bureau's IT Processes Are Being

investment management process and provide the bureau with consistent
Documented, but Efforts

and documented policies and procedures for managing information Are Not Yet
Complete

technology investments. The draft document, dated November 28, 2000,
describes roles and responsibilities for investment management, provides
detailed, project- oriented policies and processes for each phase of the

selection, control, and evaluation process, and provides guidance for
developing a business case for an IT project.

The draft document focuses primarily on the management of individual
projects. The document lacks policies and procedures for managing all of
BLM's IT systems and projects as a comprehensive portfolio that would help
ensure that the bureau meets its goals and carries out its mission. For
example, the document focuses on the requirements for managers, sponsors,
and proponents of planned and ongoing projects to manage

projects throughout the selection, control, and evaluation processes. It
does not yet provide comprehensive and strategic policies and procedures for
senior managers and decisionmakers that take into account the budget cycle,
strategic goals and objectives, capital planning, and bureau architecture
with BLM's management of its IT investments. BLM's CIO told us that the
draft investment management document is evolving to describe a more
comprehensive, portfolio- based approach to managing IT investments. The CIO
said the bureau plans to identify its portfolio of investments and plans to
begin more comprehensive reviews of those

investments as part of the annual budget cycle. BLM's IRM Organization and

The Clinger- Cohen Act requires agency CIOs to assess staff IRM knowledge
Staffing Assessment Has

and skills. BLM has assessed its IT staffing and skills needs and Been
Completed

restructured its national IRM organization based on that assessment. BLM's
national IRM organization consists of its IRM headquarters in Washington, D.
C., and National IRM Center (NIRMC) in Denver. In October 1999, BLM's CIO
tasked a team of field managers and technical, program, and personnel
specialists with assessing NIRMC, including its staffing and skill levels,
mission and functions, and organizational structure. The team issued its
final report in January 2000. Subsequently, in April 2000, a team of field
managers and IRM specialists completed an assessment of BLM's headquarters-
based IRM organization. Based on recommendations made

by the assessment teams and validated by a BLM management team, the bureau
made significant changes to its IRM organization.

According to the Director of BLM, implementing these recommendations has
resulted in a new role for NIRMC, a reduction in force, and the reassignment
of key IT functions to the headquarters IRM office. For example, before the
reorganization, BLM's systems operations, systems engineering, and IRM
management functions were located at NIRMC. Now, NIRMC's new role includes
responsibilities for systems operations and systems engineering. The IRM
management functions have been moved to BLM's headquarters offices in
Washington, D. C., and restructured to include an investment management
group and a policy and records group.

A systems coordination group was also created to ensure adherence with
system life- cycle management principles. In addition, two key positions
were added to BLM's IRM organization- a lead information technology
architect and a systems development manager. According to BLM's CIO, the
reorganization and new technical positions will better enable the IRM
organization to meet the information technology needs of the bureau. BLM's
new organization took effect on July 2, 2000.

Work to Develop BLM's The Clinger- Cohen Act requires agency CIOs to
develop, maintain, and

Bureau Architecture facilitate the implementation of a sound and integrated
information technology architecture. 12 The architecture should be an
integrated Continues

framework for evolving or maintaining existing IT and acquiring new
technology to achieve the agency's strategic and IRM goals and better
support its business needs. According to OMB, to develop an enterprise
architecture, agencies should identify and document business processes, 13
information flows and relationships, applications, data descriptions and

relationships, and the agency's technology infrastructure. In addition, OMB
12 An information technology architecture, also referred to as an enterprise
architecture, provides a comprehensive blueprint that systematically details
the breadth and depth of an organization's mission- based mode of operation.
An enterprise architecture provides details first in logical terms, such as
defining business functions, providing high- level descriptions of
information systems and their interrelationships, and specifying information
flows; and

second in technical terms such as specifying hardware, software, data,
communications, security, and performance characteristics. 13 Enterprise
architectures should contain a business process component that describes the
core business processes supporting the organization's mission. The business
process component of the architecture must be developed by senior program
managers in conjunction with IT managers.

recommends that agencies include a technical reference model 14 and
standards profile as part of an architecture. 15

BLM has developed an initial bureau architecture, which contains guiding
principles and descriptions of some of BLM processes, data, and
applications, and six strategic initiatives to improve the architecture and
support its future development. As part of this effort, BLM also developed

the first volume of a technical reference model that contains principles and
recommended best practices for selecting and deploying system and network
hardware and software. In addition, the bureau has developed a plan to
broaden and further develop the bureau architecture over the next 3 years,
because the architecture is not yet complete: It lacks a complete and
accurate inventory of all of BLM's application software, data, business

processes, and network and system hardware and software. For example, major
components of the initial bureau architecture are limited to the 13
information systems that are managed by NIRMC. BLM's acting lead architect
told us that BLM is planning to complete a comprehensive analysis that will
extend and validate the scope of the current bureau architecture for
software applications and for systems and

network hardware and software in all state offices. In addition, many tasks
that are essential to the development of an architecture have yet to be
completed by BLM. For example, BLM has not yet finished the business process
analyses, data architecture and standards, and systems and

network hardware and software standards as recommended by OMB. BLM's
multiyear architecture plan includes these tasks, and shows that the bureau
plans to complete them by the end of 2003.

14 A technical reference model identifies and describes the information
services used throughout the agency, such as database, communications, and
intranet services. 15 Office of Management and Budget Circular A- 130,
Management of Federal Information Resources, November 30, 2000.

Corrective Actions to As stated in our March 4, 1999, testimony, BLM did not
have key

Strengthen Systems management controls in place for the ALMRS IOC project to
help ensure that the project would result in a system that would meet BLM's
business

Acquisition Processes needs. 16 Accordingly, we recommended that the
Secretary of the Interior Are Continuing ensure that BLM obtain an
independent assessment of its systems acquisition capabilities and ensure
that it use sound systems acquisition processes.

BLM subsequently obtained an independent, high- level assessment of its
systems acquisition capabilities, based on the Software Engineering
Institute's (SEI) Software and Software Acquisition Capability Maturity
Models (CMM) SM criteria. 17 BLM's software acquisition processes were found
to be immature- level 1. According to SEI, the characteristics of a

level 1 organization include (1) lack of a stable environment for developing
and maintaining software, (2) overcommitment of staff and resources, and (3)
abandonment of planned procedures when executing projects. Research by SEI
has shown that defined and repeatable processes for managing software
acquisition are critical to an organization's ability to consistently
deliver high- quality information systems on time and within budget. The
critical management process areas that SEI deems necessary

for an organization to reach CMM level 2 18 include (1) software acquisition
planning, (2) solicitation, (3) requirements development and management, (4)
project management, (5) contract tracking and oversight, (6) evaluation, and
(7) transition to support.

BLM is taking action to address weaknesses in its systems acquisition
processes. For example, it has drafted a process improvement plan that
includes improvement activities for all of the 13 key process areas included
in both software and software acquisition CMMs- including the critical
management processes required to reach CMM level 2 (listed above).

According to the plan, the bureau will define activities for each key
process area, define methods, policies, and procedures, obtain tools to
support and

16 Land Management Systems: Major Software Development Does Not Meet BLM's
Business Needs (GAO/ T- AIMD- 99- 102, March 4, 1999). 17 Capability
Maturity Model SM is the service trademark of Carnegie Mellon University,
and CMMï¿½ is registered with the U. S. Patent and Trademark Office. 18 Level
2 organizations are defined as having basic project management processes to
track cost, schedule, and functionality, with the necessary process
discipline in place to repeat earlier successes on projects with similar
applications.

automate the activities in each key process area, and provide training. BLM
plans to complete these efforts in February 2002. The plan indicates that
about 6 months will be devoted to using the improved processes and
demonstrating the attainment of CMM level 2 capabilities.

BLM is also sponsoring a 6- week project- management training program to
further strengthen its system acquisition capabilities. The training program
consists of six courses, including software risk management, software
quality management, and project scheduling and cost control. Thirty- one BLM
staff completed the program in calendar year 2000, and BLM's CIO anticipates
that many more BLM staff, including some not in the IT organization, will
complete this training in 2001. BLM's CIO also told us that the bureau is
committed to training as many BLM staff as necessary to

support the successful management of new projects throughout the agency. An
Integrated Plan and

To help ensure that BLM's improvement actions will succeed, we Schedule Are
Being

recommended that the Secretary of the Interior direct BLM to develop a
comprehensive and integrated information technology investment Developed for
BLM's

management program by integrating the bureau's projects to strengthen its
Investment

investment management and systems acquisition processes and practices.
Management and We also recommended that BLM establish an overall project
plan, schedule,

and milestones for these actions. We have developed a methodology and
Systems Acquisition

guidance, called Information Technology Investment Management (ITIM), to
assist agencies in analyzing IT investment management processes and
Improvement Projects

determining the maturity of those processes. 19 ITIM is structured using a
maturity framework similar to SEI's CMM, and includes a roadmap that
agencies can use for improving their IT investment management processes.

To address our recommendations, the bureau is using a contractor to assist
in integrating its investment management improvement projects and has
drafted an IRM process improvement plan. The draft plan, issued on October
10, 2000, is intended to be the primary planning document for BLM's IRM
process improvement effort and is considered by the bureau to be a document
that will be developed incrementally. The plan contains strategic goals for
BLM's process improvement effort, describes the

organizations responsible for carrying out the effort, contains an
improvement agenda with guiding principles and a process improvement

19 Information Technology Investment Management: A Framework for Assessing
and Improving Process Maturity, Exposure Draft, Version 1 (GAO/ AIMD-
10.1.23, May 2000).

roadmap, discusses risks and BLM's planned responses, and shows highlevel
criteria for the success of the effort. The plan focuses on eight
improvement areas, including BLM's information technology architecture,

investment management, project management, and data management. However, the
draft plan does not yet integrate these individual projects and identify the
interdependencies among the planned improvement areas. For example, BLM's
plans to improve its information technology architecture and its data
management are described separately. Although these efforts are dependent
upon each other, the draft plan does not address the relationships and
management of the interdependencies between the two

improvement efforts. As a result, BLM does not yet have a complete plan that
shows the relationships and interdependencies of the projects aimed at
strengthening its IRM program. BLM's draft process improvement plan also
contains a high- level schedule with milestones for completing its
improvement work. The plan outlines four major objectives to be accomplished
within 18 months: (1) defining an

information technology architecture, (2) establishing stable investment
management processes and practices to attain level 2 of our ITIM framework,
(3) establishing project management and software acquisition best practices
to attain CMM level 2, and (4) establishing policies and procedures to
identify business- critical data sets, measure and improve data quality,
reduce data duplication, and promote reuse of commonly used data.

However, the schedule does not contain the detailed tasks and
interdependencies necessary to ensure that all of BLM's planned process
improvement work could be completed on schedule. For example, the

schedule includes a task to “define policies and procedures” to
help improve the bureau's investment management processes. But the schedule
does not include any of the lower level tasks that would identify exactly
which policies and procedures would be defined, or the time and resources
necessary to carry out the tasks. In addition, the schedule does not include
interdependencies between this task and other related tasks such as
“defining project management policies and procedures” or
“piloting

improved processes.” These details and interdependencies are necessary
to establish milestones and a critical path to help ensure a reliable
schedule. According to BLM's CIO, the bureau will continue its planning
efforts and further define all of its improvement projects and integrate
them.

System Acquisition Is Because of the IT investment management and systems
acquisition

Beginning Before problems identified during the ALMRS/ Modernization, we
recommended that BLM not undertake any sizable systems acquisition or
development Investment efforts until the assessments we recommended were
completed and

Management Processes corrective actions taken.

and Practices Are At the time of our February 2000 report, BLM had
temporarily suspended

Strengthened all major systems acquisition and development projects.
However, the

bureau continued work on several ongoing systems maintenance projects as
well as planning for a major system called the National Integrated Land
System (NILS). NILS is a joint project with the United States Forest Service
to develop a common data model and tools in a geographic information system
environment for managing cadastral 20 and land record data. NILS consists of
four modules called GeoCommunicator, Survey Management, Measurement
Management, and Parcel Management 21 and is estimated to cost about $16.7
million through project completion. Each module is being

planned as a separate project. We reported in February 2000 that, according
to BLM's CIO, planning for NILS would continue but development would not
begin until after the bureau architecture was sufficiently complete and its
business needs documented.

Since that time, BLM has completed the initial bureau architecture and
issued an interim architectural policy for bureauwide IT projects which is
intended to guide and constrain new project development until development
and implementation of the bureau architecture is sufficiently complete. In
addition, BLM has begun work on the first of the four NILS

modules- GeoCommunicator- estimated to cost about $1.9 million. 22 BLM plans
to use GeoCommunicator to establish an Internet web site using its current
information systems to facilitate data sharing and collaborative work among
BLM staff.

20 Cadastral data document the legal boundaries, ownership, extent, and
value of real property. 21 Survey Management will consist of data collection
software packages that will support the capture of land survey data directly
into a geographic information system database format; Measurement Management
will allow users to create a control network for survey data including the
Public Land Survey System with the use of online measurement adjustment
programs; Parcel Management will provide a process for managing land records
and data stored in a database model. 22 On January 29, 2001, the NILS
project manager informed us that BLM is updating the cost estimate and
expects the cost of this module to be significantly reduced.

Although the GeoCommunicator project is a small part of the NILS effort, we
determined whether sufficient controls are in place to properly guide and
manage the project. BLM's initial bureau architecture and interim

policy provide adequate architectural guidance for the NILS GeoCommunicator
module. However, the bureau's investment management processes are not yet
sufficient to properly track and assess the progress of the GeoCommunicator
project. For example, the bureau is only now beginning to identify and
implement the investment processes

and criteria necessary to control approved projects. By moving forward with
development of the GeoCommunicator module before strengthening its
investment management processes and practices, the bureau is increasing the
risk that the project may not adequately meet its needs or be

delivered as planned. In addition, BLM has not assessed the potential risk
and impact of the workload that GeoCommunicator may have on BLM's current
computing environment. GeoCommunicator users will be able to view, download,
and store land data in graphic formats, which would necessitate BLM having
adequate computing capacity to support new hardware and communications
requirements resulting from new uses of BLM land data. In addition,
GeoCommunicator will facilitate the downloading of land record data from
external sources into BLM's databases. BLM users could

then combine external data with BLM's own data, with few controls over the
use or quality of external data, and without timeliness standards for the
external data. Without an understanding of the impact of GeoCommunicator on
BLM's systems and data, BLM has no assurance that the project will produce
expected results and meet the bureau's needs.

Conclusions BLM continues taking corrective actions to implement the
recommendations we made in 1999 and 2000. While these actions are not yet
complete, the changes made thus far should help to improve the acquisition
and management of IT investments. The bureau has begun to improve the
selection and management of its IT investments and develop

more mature systems development and acquisition capabilities. The bureau is
also developing a plan and schedule to integrate its improvement actions,
developing plans and actions to properly control ongoing and evaluate
completed IT projects, and establishing an enterprise architecture.

However, more needs to be done to fully address our recommendations. BLM
recognizes this and said it will continue to work diligently on these areas.

BLM has also taken steps to acquire a component of a major information
system before completing improvement actions to its investment control
processes. Without sufficient management controls in place, BLM is
increasing the risk that this new system effort will fail to meet the
bureau's needs or will not be delivered as planned.

Recommendations We recommend that the Secretary of the Interior direct BLM
to take the following actions to help mitigate risks associated with moving
forward with the GeoCommunicator acquisition:

? Adopt procedures to ensure proper management and control over the
GeoCommunicator project. The procedures should include (1) consistent
project monitoring by senior managers to ensure that cost and schedule are
being controlled, benefits are being accomplished, risks are being managed,
and strategic bureau needs are being met and (2) comparison of interim
results against project estimates through each stage to ensure that the
project is progressing as expected and to indicate when actions should be
taken as problems arise, including modifying, canceling, continuing, or
accelerating the project. ? Determine the additional workload and other
impacts that implementing the GeoCommunicator module will have on BLM's

current computing environment. This assessment should be completed as
quickly as possible and evaluated by the ITIB immediately upon its
completion.

Agency Comments In commenting on a draft of this report, the Acting
Assistant Secretary for Land and Minerals Management stated that the
Department of the Interior concurs with our findings and recommendations.
The department reported

that BLM has been endeavoring to improve IT management, recognizes that
there are areas that need further improvement, and will continue to work
diligently in those areas. The key corrective actions include (1) filling
several important positions in the next 6 months, (2) continuing the efforts
to complete its IT investment management processes, (3) instituting a review
of NILS to more accurately identify the risks, mitigation measures, and
advisability of continuing with the projects as currently planned, and (4)
applying new control and assessment criteria to the GeoCommunicator project.
The department's comments are reprinted in their entirety as appendix II.

We are sending copies of this report to Senator Conrad Burns, Chairman, and
Senator Robert C. Byrd, Ranking Member, Subcommittee on Interior and Related
Agencies, Senate Committee on Appropriations. We are also sending copies of
this report to Mitchell E. Daniels, Jr., Director, Office of Management and
Budget; Gale A. Norton, Secretary of the Interior; and

Nina Rose Hatfield, Acting Director, Bureau of Land Management. Copies will
also be made available to others upon request and will be available on our
home page at http:// www. gao. gov. Should you or your staff have any
questions concerning this report, please contact me at (202) 512- 6240, or
David G. Gill, Assistant Director, at (202) 512- 6250. We can also be
reached by e- mail at koontzl@ gao. gov and gilld@ gao. gov, respectively.
Major contributors to this report are listed in appendix III.

Linda D. Koontz Director, Information Management Issues

Appendi Appendi xes x I

Objectives, Scope, and Methodology As requested by the Subcommittee on
Interior and Related Agencies, Committee on Appropriations, House of
Representatives, our objectives were to determine whether BLM (1) has
adequately assessed the usability of the ALMRS IOC software and other
alternatives to meet its business needs, (2) has adequately strengthened its
investment management

practices, (3) is using sound systems acquisition processes, (4) has
integrated all of its investment management and systems acquisition
improvement projects and developed an overall plan and schedule for
completing this integrated work, and (5) is planning to undertake any
sizable systems acquisition or development efforts prior to strengthening
its information technology program.

To meet our first objective, we reviewed BLM's technical and functional
analysis of ALMRS IOC as well as supporting documentation and reports. We
also interviewed bureau officials to determine BLM's plans to conduct
further analyses.

To meet our second objective, we reviewed BLM's draft IT management plans,
including its capital asset and strategic IRM plans, and compared the plans
to OMB's and our guidance for developing such plans. To assess the
composition and actions of BLM's ITIB, we compared the board's charter to

our investment management guidance, attended ITIB meetings at BLM, and
reviewed the results of the ITIB meetings to determine the extent to which
BLM has implemented a sound investment management process. We also reviewed
BLM's draft investment management process document and compared the bureau's
draft process to our information technology investment management guidance.
We reviewed the bureau's IRM

reorganization and staffing assessment, and compared it with the
ClingerCohen Act's requirement that agency CIOs assess the extent to which
personnel meet the agencies' organizational IRM requirements. To assess
BLM's architecture, we analyzed the bureau's architectural models and

data, and the methodology used to develop the architecture, and compared
them to OMB's guidance for developing and documenting enterprise
architectures. We interviewed BLM officials, including the CIO and Deputy

CIO, acting lead architect, and NILS project manager to identify BLM's
planned and ongoing actions to strengthen its investment management
processes. To address our third objective, we analyzed BLM's plan to
strengthen its investment management capabilities and compared the plan to
the SEI's Software and Software Acquisition CMM criteria. We also
interviewed

bureau officials to determine what actions BLM has taken and plans to take
to strengthen its systems acquisition capabilities.

To address our fourth objective, we analyzed BLM's integrated plan and
schedule for managing all of its investment management and systems
acquisition improvement projects to determine whether the plan fully

integrated these projects and to assess the reliability of the schedule. We
also interviewed bureau officials to determine BLM's plans for further
integrating these projects and establishing a reliable project schedule. To
address our final objective, we analyzed NILS and GeoCommunicator project
plans and documents, and interviewed project and contractor officials. We
also compared the project's progress to BLM's progress in developing and
implementing IT investment management controls to determine whether the
current controls are sufficient to properly track and

control the GeoCommunicator project. We performed our work at BLM and
Department of the Interior headquarters in Washington, D. C., and BLM's
National Information Resources Management Center headquarters in Denver. We
performed our work from February 2000 through December 2000 in accordance
with generally accepted government auditing standards.

Comments From the Department of the

Appendi x II Interior

Appendi x I II

GAO Contact and Staff Acknowledgments GAO Contact David G. Gill, (202) 512-
6250 Acknowledgments In addition to the individual named above, Elizabeth A.
Roach,

E. Randolph Tekeley, and Eric D. Winter made key contributions to this
report.

Related GAO Products Land Management Systems: Status of BLM's Actions to
Improve Information Technology Management (GAO/ AIMD- 00- 67, February 24,
2000).

Land Management Systems: Major Software Development Does Not Meet BLM's
Business Needs (GAO/ AIMD- 99- 135, April 30, 1999). Land Management
Systems: Major Software Development Does Not Meet BLM's Business Needs (GAO/
T- AIMD- 99- 102, March 4, 1999). Land Management Systems: Actions Needed in
Completing the Automated Land and Mineral Record System Development (GAO/
AIMD- 98- 107, May 15, 1998).

Land Management Systems: Information on BLM's Automated Land and Mineral
Record System Release 2 Project (GAO/ AIMD- 97- 109R, June 6, 1997).

Land Management Systems: BLM Faces Risks in Completing the Automated Land
and Mineral Record System (GAO/ AIMD- 97- 42, March 19, 1997).

Land Management Systems: Progress and Risks in Developing BLM's Land and
Mineral Record System (GAO/ AIMD- 95- 180, August 31, 1995).

(511838) Lett er

GAO United States General Accounting Office

Page 1 GAO- 01- 282 BLM's Information Technology Improvements

Contents Letter 3 Appendixes Appendix I: Objectives, Scope, and Methodology
22

Appendix II: Comments From the Department of the Interior 24 Appendix III:
GAO Contact and Staff Acknowledgments 27

Related GAO Products 28

Abbreviations

ALMRS Automated Land and Mineral Record System BLM Bureau of Land Management
CIO chief information officer CMM Capability Maturity Model IOC Initial
Operating Capability IRM information resources management IT information
technology ITIB Information Technology Investment Board ITIM Information
Technology Investment Management NILS National Integrated Land System NIRMC
National Information Resources Management Center OMB Office of Management
and Budget SEI Software Engineering Institute

Page 2 GAO- 01- 282 BLM's Information Technology Improvements

Page 3 GAO- 01- 282 BLM's Information Technology Improvements United States
General Accounting Office

Washington, D. C. 20548 Page 3 GAO- 01- 282 BLM's Information Technology
Improvements

Page 4 GAO- 01- 282 BLM's Information Technology Improvements

Page 5 GAO- 01- 282 BLM's Information Technology Improvements

Page 6 GAO- 01- 282 BLM's Information Technology Improvements

Page 7 GAO- 01- 282 BLM's Information Technology Improvements

Page 8 GAO- 01- 282 BLM's Information Technology Improvements

Page 9 GAO- 01- 282 BLM's Information Technology Improvements

Page 10 GAO- 01- 282 BLM's Information Technology Improvements

Page 11 GAO- 01- 282 BLM's Information Technology Improvements

Page 12 GAO- 01- 282 BLM's Information Technology Improvements

Page 13 GAO- 01- 282 BLM's Information Technology Improvements

Page 14 GAO- 01- 282 BLM's Information Technology Improvements

Page 15 GAO- 01- 282 BLM's Information Technology Improvements

Page 16 GAO- 01- 282 BLM's Information Technology Improvements

Page 17 GAO- 01- 282 BLM's Information Technology Improvements

Page 18 GAO- 01- 282 BLM's Information Technology Improvements

Page 19 GAO- 01- 282 BLM's Information Technology Improvements

Page 20 GAO- 01- 282 BLM's Information Technology Improvements

Page 21 GAO- 01- 282 BLM's Information Technology Improvements

Page 22 GAO- 01- 282 BLM's Information Technology Improvements

Appendix I

Appendix I Objectives, Scope, and Methodology

Page 23 GAO- 01- 282 BLM's Information Technology Improvements

Page 24 GAO- 01- 05 BLM's Information Technology Improvements

Appendix II

Appendix II Comments From the Department of the Interior

Page 25 GAO- 01- 05 BLM's Information Technology Improvements

Appendix II Comments From the Department of the Interior

Page 26 GAO- 01- 05 BLM's Information Technology Improvements

Page 27 GAO- 01- 282 BLM's Information Technology Improvements

Appendix III

Page 28 GAO- 01- 282 BLM's Information Technology Improvements

Ordering Information The first copy of each GAO report is free. Additional
copies of reports are $2 each. A check or money order should be made out to

the Superintendent of Documents. VISA and MasterCard credit cards are
accepted, also. Orders for 100 or more copies to be mailed to a single
address are discounted 25 percent.

Orders by mail: U. S. General Accounting Office P. O. Box 37050 Washington,
DC 20013

Orders by visiting: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW)
U. S. General Accounting Office Washington, DC

Orders by phone: (202) 512- 6000 fax: (202) 512- 6061 TDD (202) 512- 2537

Each day, GAO issues a list of newly available reports and testimony. To
receive facsimile copies of the daily list or any list from the past 30
days, please call (202) 512- 6000 using a touchtone phone. A recorded menu
will provide information on how to obtain these lists.

Orders by Internet: For information on how to access GAO reports on the
Internet, send an e- mail message with “info” in the body to:

info@ www. gao. gov or visit GAO's World Wide Web home page at: http:// www.
gao. gov

To Report Fraud, Waste, or Abuse in Federal Programs

Contact one: ? Web site: http:// www. gao. gov/ fraudnet/ fraudnet. htm ? e-
mail: fraudnet@ gao. gov ? 1- 800- 424- 5454 (automated answering system)

United States General Accounting Office Washington, D. C. 20548- 0001

Official Business Penalty for Private Use $300

Address Correction Requested Presorted Standard

Postage & Fees Paid GAO Permit No. GI00
*** End of document. ***