Information Technology Management: Census Bureau Has Implemented 
Many Key Practices, but Additional Actions Are Needed (16-JUN-05,
GAO-05-661).							 
                                                                 
The Census Bureau's mission is to serve as the leading source of 
high quality data about the American people and the economy. This
information is used to determine congressional and state	 
legislative districts and to distribute hundreds of billions of  
dollars in federal funds each year. Information technology (IT)  
plays a critical role in the bureau's ability to carry out its	 
missions by supporting data collection, analysis, and		 
dissemination activities. In the past, the bureau has experienced
problems with the development, acquisition, and implementation of
IT systems. GAO was asked to (1) provide an IT profile of the	 
Census Bureau, including an overview of information technology	 
management and plans for the 2010 decennial census and (2)	 
evaluate the adequacy of the bureau's IT policies, procedures,	 
and practices in the areas of investment management, system	 
development/management, enterprise architecture management,	 
information security, and human capital.			 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-05-661 					        
    ACCNO:   A26759						        
  TITLE:     Information Technology Management: Census Bureau Has     
Implemented Many Key Practices, but Additional Actions Are Needed
     DATE:   06/16/2005 
  SUBJECT:   Census						 
	     Enterprise architecture				 
	     Human capital management				 
	     Information resources management			 
	     Information security management			 
	     Information technology				 
	     Management information systems			 
	     Policy evaluation					 
	     Program evaluation 				 
	     Risk management					 
	     Strategic information systems planning		 
	     Strategic planning 				 
	     Systems evaluation 				 
	     Policies and procedures				 
	     2010 Decennial Census				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-05-661

                 United States Government Accountability Office

GAO Report to Congressional Requesters

June 2005

                                  INFORMATION
                                   TECHNOLOGY
                                   MANAGEMENT

  Census Bureau Has Implemented Many Key Practices, but Additional Actions Are
                                     Needed

                                       a

GAO-05-661

[IMG]

June 2005

INFORMATION TECHNOLOGY MANAGEMENT

Census Bureau Has Implemented Many Key Practices, but Additional Actions Are
Needed

                                 What GAO Found

The Census Bureau has a decentralized approach to IT management. The chief
information officer is responsible for establishing policy and strategies
and shares responsibility for implementing policies and managing systems
and staff with the associate directors for different bureau program areas.
In its 5-year strategic IT plan, the bureau identified 10 major
investments that are currently estimated to total about $4 billion through
2009. Three of the bureau's 10 major investments-estimated to cost $2.7
billion-are expected to support the 2010 decennial census. For example,
the bureau plans to invest about $1.8 billion in the 2010 Testing,
Evaluation, and Systems Design program-an effort to redesign procedures
and increase the use of automation planned for the 2010 decennial census
through a multiyear effort of planning, development, and testing.

The bureau has developed policies and procedures and initiated key
practices in many of the areas that are important to successfully managing
IT, including investment management, system development/management,
enterprise architecture management, information security, and human
capital management. However, many of these practices are not fully and
consistently performed (see figure). For example, in the IT investment
management area, the bureau has established executive-level investment
boards, but it lacks written procedures outlining how the investment
boards are to operate and ensuring a consistent and repeatable approach to
investment management and decision making. As a result of this and other
weaknesses, the bureau is at increased risk of not adequately managing
major IT investments and is more likely to experience cost and schedule
overruns and performance shortfalls. Because the bureau plans to spend
billions of dollars on information technology to prepare for the 2010
decennial census, building in sound IT practices now is more critical than
ever.

Number of Key Information Technology Management Activities Implemented

Source: GAO.
aDenotes areas assessed at less than full maturity within a maturity
framework.

United States Government Accountability Office

Contents

      Letter                                                                1 
                                             Recommendations                3 
                                   Agency Comments and Our Evaluation       5 
    Appendixes                                                            
                    Appendix I:              Briefing Slides                7 
                   Appendix II: Comments from the Department of Commerce   82 
                Appendix III:     GAO Contact and Staff Acknowledgments    86 

Related Products by GAO and the Department of Commerce's Inspector General

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

A

United States Government Accountability Office Washington, D.C. 20548

June 16, 2005

The Honorable Tom Davis
Chairman
Committee on Government Reform
House of Representatives

The Honorable Michael R. Turner
Chairman
Subcommittee on Federalism and the Census
Committee on Government Reform
House of Representatives

The Honorable Adam H. Putnam
House of Representatives

The Census Bureau's mission is to serve as the leading source of high
quality data about the American people and the economy. These data are
used to determine congressional and state legislative districts and to
distribute hundreds of billions of dollars in federal funds each year.
Also,
federal agencies use census data to evaluate the effectiveness of
government programs, while businesses use census data to target new
services and products and to tailor existing ones to demographic changes.
Information technology (IT) plays a critical role in the bureau's ability
to
carry out its missions by supporting data collection, analysis, and
dissemination activities throughout the organization.

The bureau is currently planning the decennial census-the nation's oldest
and most comprehensive source of population and housing information.
The bureau estimates that the 2010 decennial census will cost $11.3
billion,
including $2.7 billion for IT investments. Because the bureau has
experienced problems with the development, acquisition, and
implementation of systems in preparing for past censuses, you requested
that we examine whether it is employing effective information technology
management practices. Our objectives were to (1) provide an IT profile of
the Census Bureau, including an overview of information technology
management and plans for the 2010 decennial census and (2) evaluate the
adequacy of the bureau's IT policies, procedures, and practices in the
areas
of investment management, system development/management, enterprise
architecture management, information security, and human capital.

To provide an overview of the bureau's information technology management,
we assessed its documentation, including IT operational and strategic
plans, and we interviewed bureau officials to identify management roles
and responsibilities, organization, staffing, and investments. To evaluate
the adequacy of the bureau's information technology management, we
reviewed the bureau's policies and procedures in each of five key IT
areas-investment management, system development/management, enterprise
architecture management, information security, and human capital-and we
compared them against applicable laws, federal guidelines, and industry
standards. We also reviewed selected projects, to determine whether the
bureau's practices were consistent with its own policies and procedures as
well as with industry standards. More detailed descriptions of the scope
and methodology for each of the five IT areas are provided in the segments
of this briefing that address each area. We performed our work at the
Department of Commerce in Washington, D.C., and at Census Bureau
headquarters, in Suitland, Maryland, from August 2004 to February 2005, in
accordance with generally accepted government auditing standards.

In mid-April 2005, we provided a detailed briefing to your subcommittee
and committee staffs on the results of this work. The briefing slides are
included in appendix I. The purpose of this letter is to formally publish
the briefing slides and to officially transmit our recommendations to the
Secretary of Commerce.

In brief, we reported that the bureau has a decentralized approach to IT
management. The chief information officer is responsible for establishing
policy and strategies and shares responsibility for implementing policies
and managing systems and staff with the associate directors for different
bureau program areas. In its 5-year strategic IT plan, the bureau
identifies 10 major investments that are currently estimated to cost about
$4 billion through 2009. Three of the bureau's 10 major
investments-estimated to cost $2.7 billion-are expected to support the
2010 decennial census. For example, the bureau plans to invest $1.8
billion in the 2010 Testing, Evaluation, and Systems Design program-an
effort to redesign procedures and increase the use of automation planned
for the 2010 decennial census through a multiyear effort of planning,
development, and testing.

The bureau has developed policies and procedures and has initiated key
practices in many of the areas that are important to successfully managing
IT-including investment management, system development/management,

enterprise architecture management, information security, and human
capital management. However, many of these practices are not fully and
consistently performed. For example, in the IT investment management area,
the bureau has established executive-level investment boards, but it lacks
written procedures outlining how the investment boards are to operate and
ensuring a consistent and repeatable approach to investment management and
decision making. As a result of this and other weaknesses we found, the
bureau is at increased risk of not adequately managing major IT
investments and is therefore more likely to experience the cost and
schedule overruns and performance shortfalls that plague other major IT
investments and acquisitions. Because the bureau plans to spend billions
of dollars on information technology to prepare for the 2010 decennial
census, building in sound IT practices now is more critical than ever.

Recommendations	To improve the Census Bureau's ability to effectively
manage information technology, we are making 13 recommendations to the
Secretary of Commerce to direct the bureau to address weaknesses we found
in each of the IT management areas.

To strengthen the bureau's ability to manage IT investments, we recommend
that the Secretary of Commerce direct the bureau to

o 	develop written procedures to guide its IT investment boards'
operations and use these procedures to ensure consistent investment
management and decision-making practices,

o 	develop well-defined and disciplined written procedures that outline
the process for selecting new IT proposals and reselecting ongoing
investments and use these procedures in investment decision making,

o 	develop and implement defined criteria and documented policies and
procedures for monitoring the progress of all IT projects and systems, and

o 	create a comprehensive repository that collects investment information
that is up to date and accessible to decision makers.

To strengthen agencywide system development and management capabilities,
we recommend that the Secretary of Commerce direct the bureau to
institutionalize a process improvement initiative, such as the Capability
Maturity Model Integration framework, and establish goals for

projects to reach successive capability levels in selected process areas,
including project planning, project monitoring and control, requirements
management, process and product quality assurance, configuration
management, measurements and analysis, verification, and risk management.

To support the bureau in its efforts to develop and implement an effective
enterprise architecture (EA), we recommend that the Secretary of Commerce
direct the bureau to

o 	determine an adequate level of resources to accomplish planned EA
activities in order to ensure continued improvements to the bureau's EA
model and

o 	establish a written policy endorsing and enforcing the bureau's
enterprise architecture.

To improve information security, we recommend that the Secretary of
Commerce direct the bureau to

o 	establish milestones for identifying staff with special security
training needs and developing an effective training program for them;

o 	establish milestones for identifying system penetration tools to aid
network access security and for testing network controls using these
tools; and

o 	monitor progress against these milestones and the milestones that have
already been established to address weaknesses in risk assessments,
information system security controls, and oversight management tools, in
order to ensure that these activities are completed in a timely manner.

To improve the bureau's ability to manage its IT workforce, we recommend
that the Secretary of Commerce direct the bureau to

o 	annually assess IT knowledge and skills to determine whether they meet
current requirements and

o 	use the planned gap analysis to identify workforce strategies to fill
skills gaps and then evaluate these strategies to determine their
effectiveness in improving human capital management.

Agency Comments and Our Evaluation

We received comments on a draft of this report from the Department of
Commerce (see app. II). In these comments, the Acting Deputy Secretary of
Commerce stated that the agency agrees with our recommendations and that
our findings are accurate, but noted that the report did not acknowledge
steps that the Census Bureau is taking to address the report's findings
and other IT issues. In particular, the deputy secretary noted that the
bureau is taking a very proactive and aggressive movement toward change
and that it is in the process of introducing a corporate IT
environment-which is expected to lead to improvements in IT management.
Commerce also commented that only 1 of 40 activities we evaluated was
found to be incomplete or obsolete.

The bureau's steps to act on our recommendations should put it in a better
position to manage information technology in the future. However, it is
important to note that while only 1 of 40 activities was rated as
incomplete or obsolete, there were 21 other activities that did not have
key policies and/or practices in place. For example, while we found that
the bureau collects information about IT projects, it does not have a
comprehensive and consistent repository of IT investment information that
provides decision makers with data for evaluating the impacts and
opportunities created by IT investments. We plan to assess the bureau's
recent, ongoing, and planned steps to improve its IT management practices
as part of our follow-up on open recommendations.

As agreed with your offices, unless you publicly announce the contents of
this report earlier, we plan no further distribution of it until 30 days
from the report date. At that time, we will send copies of this report to
interested congressional committees, the Secretary of Commerce, and other
interested parties. In addition, this report will be available at no
charge on GAO's Web site at www.gao.gov.

If you have any questions on matters discussed in this report, please
contact me at (202) 512-9286 or [email protected]. Contact points for our
Offices of Congressional Relations and Public Affairs may be found on the
last page of this report. GAO staff who made major contributions to this
report are listed in appendix III.

David A. Powner Director, Information Technology Management

Appendix I

Briefing Slides

                                 Census Bureau
                       Information Technology Management

                                Briefing for the
                   Subcommittee on Federalism and the Census
                         Committee on Government Reform
                            House of Representatives
                                 April 20, 2005

                                       1

Purpose:

o 	To provide an overview and our analysis of the Census Bureau's
information technology (IT) management

Outline: Page:

o  Objectives 3

o  Scope and Methodology 4

o  Results in Brief 6

o  Background 8

o  Census Bureau's IT Profile-Overview and Plans 12

o  Census Bureau's IT Policies, Procedures, and Practices 22

o  IT Investment Management 26

o  System Development/Management 34

o  Enterprise Architecture Management 47

o  Information Security 60

o  IT Human Capital 69

o  Agency Comments 75

2

o 	To provide an IT profile of the Census Bureau, including an overview of
information technology management and IT plans for the 2010 decennial
census

o 	To evaluate the adequacy of the bureau's IT policies, procedures, and
practices in the areas of investment management, system
development/management, enterprise architecture management, information
security, and human capital

                                       3

o 	To identify the bureau's IT profile, we assessed agency documentation,
including IT operational and strategic plans, and we interviewed bureau
officials to determine IT management roles and responsibilities,
organization, staffing, and investments.

o 	We analyzed GAO's and the Department of Commerce's Inspector General's
reports to identify past IT management issues that affected the 2000
census, and we reviewed bureau documentation and interviewed agency
officials to determine plans for IT systems during the 2010 decennial
census.

o 	To evaluate the adequacy of the bureau's IT management, we reviewed the
bureau's IT policies and procedures for investment management, system
development/management, enterprise architecture management, information
security, and human capital, and we compared them with applicable laws and
regulations, federal guidelines, and industry standards. More detailed
descriptions of the scope and methodology for each of the five IT areas is
provided in the segments of this briefing that address each area.

                                       4

o 	We reviewed selected IT projects to determine whether practices
complied with the agency's policies and procedures, federal guidance, and
industry standards, and we sought work products documenting these
practices, where applicable. Given the importance of IT to the decennial
census effort, we selected projects that support decennial census
activities.

o 	We conducted this review at the Department of Commerce in Washington,
D.C. and at Census Bureau headquarters in Suitland, Maryland. We conducted
our work from August 2004 through February 2005, in accordance with
generally accepted government auditing standards.

                                       5

The Census Bureau has a decentralized approach to IT management. The
Information Technology directorate, led by the Chief Information Officer,
is responsible for establishing IT policy and strategies, while multiple
program directorates are responsible for implementing policies and
managing IT systems and staff.

The bureau's 5-year strategic plan identifies 10 major IT investments that
are currently estimated to cost about $4 billion through 2009, of which
three investments support the reengineering of the 2010 decennial census.
The bureau is reengineering its approach to IT support for the decennial
census and plans to test new technologies and systems in 2006 and 2008.

The bureau has established policies or procedures and initiated key
practices in many of the areas that are important to successfully managing
IT, including investment management, system development and management,
enterprise architecture management, information security, and human
capital management. However, many of the key practices are not fully and
consistently performed. As a result, the bureau is at increased risk of
not adequately managing major IT investments and is more likely to
experience the cost and schedule overruns and performance shortfalls that
plague other major IT investments and acquisitions.

                                       6

Since the bureau plans to spend billions of dollars on information
technology to prepare for the 2010 decennial census, building in sound IT
practices now is more critical than ever.

In order to improve the bureau's ability to effectively manage IT
investments, we are making recommendations to the Secretary of Commerce to
direct the Census Bureau to address weaknesses we found in each of the IT
management areas.

In commenting on a draft of this briefing, Census Bureau officials,
including the Chief Information Officer, the Comptroller, and the Chief of
the Information Systems Support and Review Office, stated that they agreed
with our findings and recommendations.

                                       7

The bureau's mission is to serve as the leading source of high quality
data about the nation's people and economy. Core activities include

o  conducting decennial, economic, and government censuses;

o  conducting demographic and economic surveys;

o 	managing international demographic and socioeconomic databases and
providing technical advisory services to foreign governments; and

o 	performing other activities such as producing official population
estimates and projections.

Public and private decision makers use census population and socioeconomic
data for various purposes. For example, decennial census data are used to
determine congressional and state legislative districts and to distribute
hundreds of billions of dollars of federal funds each year. Also, federal
agencies use census data to evaluate the effectiveness of established
programs, while businesses use census data to target new services and
products and to tailor existing ones to demographic changes.

IT plays a critical role in the bureau's ability to carry out its
missions, supporting data collection, analysis, and dissemination
throughout the organization.

                                       8

The bureau is a large and complex organization. A conceptual view of the
agency includes three core organizations, two auxiliary organizations that
provide guidance and operational support for the core organizations, and
three support organizations that provide administrative and technical
support for the entire bureau. Each of these organizations is headed by an
associate director who reports to the Deputy Director of the Census
Bureau.

                                       9

The bureau's decennial census is the nation's oldest and most
comprehensive source of population and housing information.

Conducting a decennial census involves

o 	identifying and correcting addresses for all known living quarters in
the United States,

o  sending questionnaires to housing units,

o  following up with non-respondents through personal interviews,

o  trying to identify people with non-traditional living arrangements,

o 	managing a voluminous workforce that is responsible for follow-up
activities,

o 	collecting census data using questionnaires, phone calls, and personal
interviews,

o  summarizing and tabulating census data, and

o  disseminating analytical results from the census to the public.

                                       10

Information technology is critical to a successful decennial census. We
and Commerce's Inspector General have reported on several issues that
arose as the bureau developed and used IT systems for the 2000 census.1
These issues included

o  untimely and inaccurate management information,

o 	lack of mature and effective software and systems development
processes,

o  inadequate testing of key systems,

o  inadequate security controls, and

o 	insufficient number of experienced staff to manage expensive and
complex system projects.

Both we and the Inspector General have made a series of recommendations to
address these issues, and the bureau has initiated efforts to address
them.

1See attachment for a list of relevant reports by us and by the Inspector
                                  General. 11

The bureau's Associate Director for Information Technology-who is also the
Chief Information Officer (CIO)-and the other associate directors share
key responsibilities for IT management.

o 	The CIO is responsible for bureauwide IT technical support and
leadership, including

o 	managing the investment management process to ensure that all IT
investments support desired mission outcomes;

o 	establishing standards for system development and management of IT
projects;

o 	defining and directing enterprise architecture development, education
and compliance; and

o  ensuring the information security of systems and networks.

                                       12

o 	The Associate Director for Administration, who is also the Chief
Financial Officer, is responsible for providing bureauwide administrative
and financial management for the agency, including conducting human
capital strategic planning for IT and other personnel.

o 	The associate directors for the other organizations are responsible for
managing system acquisitions and IT staff to support their programs and
goals.

                                       13

As of February 2005, the bureau reported having about 1,100 IT staff in
its approximately 12,000-person workforce. These staff are spread
throughout the bureau, to support the bureau's organizations as follows:

The bureau also has about 500 on-site contractor staff who perform a
variety of activities, including systems design and programming, systems
integration, studies, and analyses.

                                       14

                                                             Estimated Total  
                                                             Life Cycle Costs 
Investment Name                   Description             (in millions)    
                          a system that supports expedited                    
                         monthly statistics on international 
     Automated Export      trade, remedies shortcomings in   
     Trade Statistics      export statistics, and helps to              $42.5
          System          control the export of weapons or   
                         other hazardous items that could be 
                          a threat to our national security  
                                or the public welfare        
      Data Access and       a system that provides portal                     
Dissemination System    access to the largest and most              $265.9
             2                popular census data sets       
                            systems that account for and                      
        Demographic        provide tools for managing the    
Statistics IT Support      costs associated with the                $123.0
          Systems         demographic surveys division's IT  
                             infrastructure maintenance      
                          a project to provide statistical                    
Economic Census,        programs that count and profile             $462.5
Government Census,      U.S. businesses and government    
and Surveys                      organizations            

2Bureau officials stated that they are evaluating whether to extend the
Data Access and Dissemination System through 16
the 2010 census or to acquire a new capability, called the Integrated
Dissemination System. The cost, schedule, and
scope of the Integrated Dissemination System have not yet been determined.

                                                             Estimated Total  
                                                             Life Cycle Costs 
      Investment Name                Description             (in millions)    
                              an initiative to support                        
       E-Government       e-government services by letting              $17.1
                          businesses file electronically in  
                             any current economic survey     
                             an initiative that involves                      
                              developing, testing, and       
                          maintaining automated systems for  
                           data collection, tracking, and    
Field Support Systems  training for the critical current            $246.0
                         survey programs and for maintaining 
                             IT infrastructure for field     
                          headquarters and twelve regional   
                                       offices               
                         systems that provide the integrated                  
    Geographic Support      and automated computer-based     
          Systems        geographic support that is crucial            $175.0
                            to all censuses and household    
                                       surveys               

                                       17

Three of the 10 major IT investments in the bureau's strategic IT plan
(comprising $2.7 billion, or 67 percent, of the $4 billion in planned IT
investments) are expected to support the reengineering of the 2010
decennial census:

o  American Community Survey

o  MAF/TIGER Enhancement Program

o  2010 Testing, Evaluation, and Systems Design

The bureau is reengineering the 2010 decennial census by changing
procedures, increasing the use of automation, and using new technologies.
These initiatives are expected to lead to a simpler decennial census which
is more efficient and cost effective, provides richer information,
improves coverage accuracy, and reduces operational risk.

                                       18

Key elements of this reengineering include

o 	moving away from using the long form during the decennial census (by
substituting the American Community Survey in its place),

o 	improving the accuracy and reliability of address data (via MAF/TIGER
Enhancements), and

o 	redesigning procedures and increasing the use of automation planned for
the 2010 decennial census through a multiyear effort of planning,
development, testing, revision, and retesting (via the 2010 Testing,
Evaluation, and Systems Design program).

                                       19

More specifically, the 2010 Testing, Evaluation, and Systems Design
program includes the following:

o  Field data collection activities:

o 	exploring improved integration and automation of field data collection
activities, including new technologies such as hand-held computers;

o 	awarding a contract to design and develop field data collection
processes and systems by April 2006; the cost of this contract, called the
Field Data Collection Automation program, has not yet been finalized.

o  Public response activities:

o 	identifying new approaches to providing assistance to the public and
capturing census data from telephone, paper, and internet sources;

o 	awarding a contract by October 2005 to develop a system for providing
assistance to the public and capturing data; according to bureau
officials, this contract, called the Decennial Response Integration
System, is estimated to cost over $669 million through 2013.

                                       20

The 2010 Testing, Evaluation, and Systems Design program also includes a
series of tests in the years leading up to the decennial census.

2004:	The bureau tested critical field operations using systems under
conditions similar to those that will be used during the decennial census.
In particular, the agency studied the feasibility of using handheld mobile
computing devices equipped with Global Positioning System capability to
conduct nonresponse follow-up operations. We recently reported on lessons
learned during this test.3

2006:	The bureau plans to test the methodology and functions of the
integration of systems that will be needed to carry out the reengineered
census, focusing on efforts to automate nonresponse follow-up activities
and on initiatives to update the address list.

2008:	The bureau plans to conduct a final operational test of the entire
complement of methodological, procedural, and systems innovations for the
2010 decennial census.

3GAO, 2010 CENSUS: Basic Design Has Potential, but Remaining Challenges
Need Prompt 21 Resolution, GAO-05-9 (Washington, D.C.: January 12, 2005).

To evaluate IT management, we focused on five key areas that encompass
major IT functions and are recognized by public and private entities as
having substantial influence on the effectiveness of IT operations:

o 	IT investment management processes and practices are used to select,
control, and evaluate investments in order to help ensure that they
increase business value and mission performance. In 2004, we issued a
framework for assessing federal agencies' IT investment management
practices.4 This framework identifies critical processes for making
successful IT investments; it is organized into five increasingly mature
stages. The framework's five maturity stages represent steps toward
achieving a stable and mature IT investment process. By determining the
current stage of maturity of an organization, managers are better able to
identify specific steps that would contribute to improving IT management.

o 	System development/management capabilities help organizations acquire,
develop, and manage information systems and technology successfully-that
is, they help reduce the risk of cost overruns, schedule delays, and
performance shortfalls. The Software Engineering Institute has established
a framework for organizations to use to assess and improve system
management capabilities in different process areas, such as project
planning, project monitoring and control, requirements management,
configuration management, and risk management. By determining a project's
or organization's current capabilities, managers can identify steps for
improving the processes that can contribute to successful project results.

4GAO, Information Technology Investment Management: A Framework for
Assessing and Improving 22 Process Maturity (Version 1.1), GAO-04-394G
(Washington, D.C.: March 2004).

o 	Effective use of an enterprise architecture (EA), or a modernization
blueprint, is a trademark of successful public and private organizations.
An EA connects an organization's strategic plan with program and system
solutions by providing the fundamental information details needed to guide
and constrain investments in a consistent, coordinated, and integrated
fashion-thereby improving interoperability and reducing duplicative
efforts. As such, it should provide a clear and comprehensive view of an
entity, including descriptions of the entity's current or "as is"
environment, its target or "to be" environment, and a capital investment
road map for transitioning from the current to the target environment. In
2003, we updated our framework for assessing and improving an
organization's EA management.5

o 	Information security helps protect the integrity, confidentiality, and
availability of an agency's data and systems by reducing the risks of
tampering, unauthorized intrusions and disclosures, and serious
disruptions of operations. Information security activities include
conducting risk assessments, promoting awareness and training,
implementing controls, performing evaluations, and providing centralized
coordination and oversight of all security activities.

o 	IT human capital management helps provide employees with the
appropriate knowledge and skills to effectively execute critical IT
functions. Key processes for human capital management involve assessing IT
knowledge and skills requirements, inventorying existing staff's knowledge
and skills and assessing them against requirements, developing strategies
and plans to fill any gaps between requirements and existing staffing, and
evaluating and reporting on progress in filling any gaps in knowledge and
skills.

5U.S. GAO, Information Technology: A Framework for Assessing and Improving
Enterprise Architecture 23

     Management (Version 1.1), GAO-03-584G (Washington, D.C.: April 2003).

IT investment management provides a framework for implementing the
processes that are critical to the effective selection, control, and
evaluation of a portfolio of IT investments. The maturity stages, listed
below, represent steps toward achieving a stable and mature IT investment
management process.

                                       26

Critical processes in stages 1 and 2 include:

Stage 1

o 	IT spending without disciplined investment processes-characterizes
organizations that are not yet involved in ITIM activities

Stage 2

o 	Instituting the investment board-entails creating and defining the
membership andguiding policies, operations, roles, responsibilities, and
authorities for one or more IT investment boards within the organization.

o 	Meeting business needs-entails ensuring that IT projects and systems
support the organization's business needs and meet users' needs. It
involves identifying businessand users' needs for each IT project and
having users participate in project management throughout the project's
life cycle.

o 	Selecting an investment-entails ensuring that a well-defined and
disciplined processbe used to select new IT proposals and reselect ongoing
investments.

o 	Providing investment oversight-entails monitoring the progress of all
IT projects and systems relative to cost, schedule,risk, and benefit
expectations and taking corrective action when these expectations are not
being met.

o 	Capturing investment information-involves identifying IT assets and
creating a comprehensive repository of investment information for decision
makers to use to evaluate the impacts and opportunities created by
proposed (or continuing) ITinvestments.

                                       27

We evaluated the bureau's IT investment management using GAO's guide,

Information Technology Investment Management: A Framework for

Assessing and Improving Process Maturity.6

We reviewed the bureau's current IT investment management practices. We
also evaluated the investment processes used on the Data Access and
Dissemination System and Field Support Systems.

We assessed the bureau's investment processes at maturity stage 2. We did
not evaluate maturity stage 1 because it is characterized by a lack of
processes, and the bureau has passed that stage. We also did not evaluate
maturity stages 3, 4, or 5 because bureau officials reported that they are
working to achieve maturity stage 2 and had not yet implemented critical
processes associated with the higher maturity stages.

6GAO, Information Technology Investment Management: A Framework for
Assessing and Improving 28 Process Maturity (Version 1.1), GAO-04-394G
(Washington, D.C.: March 2004).

Activity (Critical process)              Assessment          Comments      

Activity (Critical process)              Assessment          Comments      

Activity (Critical process)              Assessment          Comments      

Taking steps to improve the shortfalls listed above is important for the
following reasons:

o 	Without written procedures, the bureau lacks assurance that the IT
investment boards will provide investment management oversight and
decision making in a consistent and repeatable manner.

o 	Without a well-defined and disciplined organizationwide policy for
selecting new IT proposals and reselecting ongoing investments, the bureau
cannot ensure that it is selecting and funding the IT investments that
best result in mission-focused benefits.

o 	Without defined criteria and documented policies and procedures for
monitoring the progress of all IT projects and systems, the bureau lacks
assurance that consistent and appropriate actions will be taken when cost,
schedule, and performance expectations are not met.

o 	Without a comprehensive repository of up-to-date investment
information, the bureau cannot ensure that decision makers have the
information they need to effectively manage the organization's IT
investments.

                                       32

The Census Bureau has initiated basic IT investment management processes,
but much remains to be done. Specifically, the bureau lacks a
comprehensive, consistent, and repeatable approach to IT investment
management. Until it develops and implements such an approach, the bureau
cannot ensure that it is effectively and efficiently managing million and
billion dollar investments in IT.

To strengthen its ability to manage IT investments, we recommend that the

Secretary of Commerce direct the bureau to:  o  develop written procedures
to guide its IT investment boards' operations and use these procedures to
ensure consistent investment management and decision-making practices,

o 	develop well-defined and disciplined written procedures that outline
the process for selecting new IT proposals and reselecting ongoing
investments and use these procedures in investment decision making,

o 	develop and implement defined criteria and documented policies and
procedures for monitoring the progress of all IT projects and systems, and

o 	create a comprehensive repository that collects investment information
that is up to date and accessible to decision makers.

                                       33

Many organizations rely on software-intensive systems to perform their
missions. The quality of this software and these systems is governed
largely by the quality of the processes involved in acquiring, developing,
managing, and maintaining them. Carnegie Mellon University's Software
Engineering Institute (SEI), recognized for its expertise in software and
system processes, has developed the Capability Maturity ModelR Integration
(CMMISM)7 model and a CMMI appraisal methodology to evaluate, improve, and
manage system and software development and engineering processes.

The CMMI model and appraisal methodology provide a logical framework for
measuring and improving key processes that are needed for achieving
highquality software and systems. The model can help an organization set
process improvement objectives and priorities and to improve its
processes. SEI has found that organizations that implement such process
improvements can achieve better project cost and schedule performance and
develop higher quality products.

7CMM is registered in the U.S. Patent and Trademark Office by Carnegie
Mellon University. CMMI is a 34 service mark of the Carnegie Mellon
University.

The CMMI appraisal methodology calls for assessing up to 25 different
process areas-clusters of related activities such as project planning,
requirements management, and quality assurance-by determining whether key
practices have been implemented and whether overarching goals have been
satisfied.

Successful implementation of these practices and satisfaction of these
goals result in the achievement of successive capability levels. CMMI
capability levels range from 0 to 5. Level 0 means the process is either
not performed or is only partially performed; level 1 means the basic
process is performed; level 2 means the process is managed; level 3 means
the process is defined throughout the organization; level 4 means the
process is quantitatively managed; and level 5 means the process is
optimized.

                                       35

To evaluate system development/management capabilities, we appraised two
projects, the Decennial Master Address File pilot and the Master Address
File/Topologically Integrated Geographic Encoding and Referencing system
redesign.

We applied the CMMI model and its related appraisal methodology. Our
appraisers were all SEI-trained software and information systems
specialists. We evaluated the projects' processes at capability level 2,
because bureau officials had set a goal of achieving level 2. In
conjunction with project officials, we selected eight core process areas
that are critical to sound program management:

o  project planning  o  configuration management

o  project monitoring and control  o  measurements and analysis8

o  requirements management  o  verification

o  process and product quality assurance  o  risk management

8We did not perform a full appraisal of measurement and analysis on the
Decennial Master Address 36 File project because project officials
reported that they had not yet implemented this process area.

The process areas we evaluated address key aspects of system development/
management.

o 	Project planning: The purpose of this process area is to establish and
maintain plans that define the project activities. This process area
involves developing and maintaining a plan, interacting with stakeholders,
and obtaining commitment to the plan.

o 	Project monitoring and control: The purpose of this process area is to
provide an understanding of the project's progress, so that appropriate
corrective actions can be taken if actual performance deviates
significantly from the plan. Key activities include monitoring the
project, communicating status, taking corrective action, and determining
progress.

o 	Requirements management: The purpose of this process area is to manage
the product components and to identify inconsistencies among requirements
and the project's plans and work products. This process area includes
managing all technical and nontechnical requirements and any changes to
these requirements as they evolve.

                                       37

o 	Process and product quality assurance: The purpose of this process area
is to provide staff and management with objective insights into processes
and associated work products. This includes the objective evaluation of
project processes and products against approved descriptions and
standards. Through quality assurance, the project team is able to identify
and document noncompliance issues and provide appropriate feedback to
project staff.

o 	Configuration management: The purpose of configuration management is to
establish and maintain the integrity of work products. This process area
includes both the functional processes used to establish and track work
product changes and the technical systems used to manage these changes.
Through configuration management, accurate status information and data are
provided to developers, end users, and customers.

o 	Measurements and analysis: The purpose of this process area is to
develop and sustain a measurement capability that is used to support
management information needs. This process area includes identifying
measures, performing data collection, analysis, and storage of the
measures, and reporting these values. This process allows users to
objectively plan and estimate project activities and to identify and
resolve potential issues.

                                       38

o 	Verification: The purpose of verification is to ensure that selected
work products meet specified requirements. This process area involves
preparing for and performing tests and identifying corrective actions.
Verification of work products substantially increases the likelihood that
the product will meet the customer, product, and product-component
requirements.

o 	Risk management: The purpose of this process area is to identify
potential problems before they occur, so that risk-handling activities may
be planned and invoked as needed across the life of the product or project
in order to mitigate adverse impacts on achieving objectives. Early and
aggressive detection of risk is important, because it is typically easier,
less costly, and less disruptive to make changes and correct work efforts
during the early phases of the project.

                                       39

        Activity (Process area)            Assessment           Comments      

        Activity (Process area)            Assessment           Comments      

        Activity (Process area)            Assessment           Comments      

        Activity (Process area)            Assessment           Comments      

               System Development/Management-Impact of Weaknesses

Taking steps to improve the shortfalls listed above is important for the
following reasons:

o 	Without an adequate project planning process, the bureau lacks
assurance that reasonable plans and tools for managing projects-including
project life-cycle phases and schedules-have been developed and are in
use.

o 	Without an adequate project monitoring and control process, the bureau
lacks assurance that management can effectively monitor projects' actual
progress and take appropriate corrective action if performance deviates
significantly from plans.

o 	Without an adequate requirements management process, the bureau cannot
ensure that it will be able to identify inconsistencies between
requirements and plans, increasing the likelihood that products will not
meet customer needs.

o 	Without an adequate process and product quality assurance process, the
Bureau cannot ensure that it will be able to provide staff and management
with objective insight into processes throughout the project's life cycle.

                                       44

                                    Further:

o 	Without an adequate configuration management process, the bureau cannot
ensure the integrity of plans and other work products throughout a
project's life cycle.

o 	Without an adequate measurement and analysis process, the bureau cannot
ensure that project information provided to management is measured,
analyzed, and recorded so that management can effectively monitor actual
performance and take appropriate corrective actions.

o 	Without an adequate verification process, the bureau cannot ensure that
products will be built to meet the customer and product requirements,
increasing the likelihood that products will not meet customer needs.

o 	Without an adequate risk management process, the bureau cannot ensure
that risks are identified, analyzed, tracked, and mitigated. Therefore,
potential problems are more likely to become actual problems and have
adverse effects on objectives.

                                       45

Individual project teams within the bureau have taken the initiative to
improve their system development and management processes but have not yet
fully implemented many of the key practices that make up a sound project
management process. Unless the bureau adopts a consistent approach to
improving system development and management processes, project teams will
continue to manage systems in an ad hoc manner and risk the cost overruns,
schedule slippages, and performance shortfalls that plague other
government system development projects.

To strengthen agencywide system development and management capabilities,
we recommend that the Secretary of Commerce direct the bureau to
institutionalize a process improvement initiative, such as the CMMI
maturity framework, and establish goals for projects to reach successive
capability levels in selected process areas, including

o  project planning  o  configuration management

o  project monitoring and control  o  measurements and analysis

o  requirements management  o  verification

o  process and product quality assurance  o  risk management

                                       46

An enterprise architecture (EA) serves as a blueprint to guide and
constrain systems modernization efforts. The maturity stages listed below
represent incremental steps toward advancing an organization's ability to
manage the development, maintenance, and implementation of an EA.

Stage 1: Creating EA awareness

The organization is becoming aware of the value of an EA, but has not yet
established

the management foundation needed to develop one. Stage 2: Building the EA
management foundation

The organization moves from basic awareness to building the foundation for
effectively

managing the development, maintenance, and implementation of an EA. Stage
3: Developing EA products

The organization moves from building the EA management foundation to
developing

EA products. Stage 4: Completing EA products

The organization moves from developing to completing EA products.

Stage 5: Leveraging the EA for managing change

The organization uses EA products to guide and constrain investment
decisions in a

way that effectively supports achievement of business and systems
modernization.

                                       47

IT Policies, Procedures, and Practices Enterprise Architecture
Management-Overview

EA Maturity Stage and Core Elements:

                            Written and approved organization policy exists   
                                          for EA maintenance.                 
                              EA products and management processes undergo    
                                independent verification and validation.      
                           EA products describe the "as is" environment, the  
                              "to be" environment, and a sequencing plan.     
                            EA products describe the enterprise's business,   
                                     performance, information/data,           
Stage 4: Completing EA     application/service, and the technology that    
products                                  supports them.                   
                                Business, performance, information/data,      
                            application/service, and technology descriptions  
                                           address security.                  
                               Organization chief information officer has     
                                    approved current version of EA.           
                           Committee or group representing the enterprise or  
                            the investment review board has approved current  
                                             version of EA.                   
                            Quality of EA products is measured and reported.  
                               Written and approved policy exists for IT      
                                     investment compliance with EA.           
                              Process exists to formally manage EA change.    
                               EA is integral component of IT investment      
Stage 5: Leveraging the                management process.                 
EA for managing change        EA products are periodically updated.        
                                     IT investments comply with EA.           
                           Organization head has approved current version of  
                                                  EA.                         
                           Return on EA investment is measured and reported.  
                              Compliance with EA is measured and reported.    

                                       49

We evaluated the bureau's policies and management of its IT enterprise
architecture using GAO's EA assessment guide.9 We assessed the Bureau's
enterprise architecture at maturity stages 1, 2, and 3.

We did not evaluate maturity stages 4 or 5 because bureau officials
reported that they had not yet implemented all of the core elements for
these stages. However, they noted that they had begun to implement some of
the core elements in these advanced maturity stages.

9GAO-03-548G.

50

        Activity (Core element)            Assessment           Comments      

Activity (Core Element)                 Assessment           Comments      

        Activity (Core Element)            Assessment           Comments      

        Activity (Core Element)            Assessment           Comments      

Activity (Core Element)                 Assessment           Comments      

        Activity (Core Element)            Assessment           Comments      

        Activity (Core Element)            Assessment           Comments      

                     IT Policies, Procedures, and Practices

Taking steps to improve the two EA shortfalls described above is important
for the following reasons:

o 	Without adequate resources, the bureau's EA office will not be able to
accomplish its goals of expanding and improving the architecture.

o 	Without a written policy endorsing the EA, the bureau may not be able
to get the support it needs to fully implement the EA and to realize its
benefits. A written policy could lead to enhanced support for the EA and
increased use and benefits throughout the agency. Based on our experience
in reviewing other agencies, not having an effective architecture program
can be attributable to limited senior management understanding and
commitment and to cultural resistance to using an architecture. The result
can be an inability to implement modernized systems in a way that
minimizes overlap and duplication and maximizes integration and mission
support.

                                       58

The bureau has made important progress in managing its enterprise
architecture program and has identified critical next steps to further
expand, use, and achieve benefits from its architecture. However, the EA
initiative lacks the senior management commitment-both in terms of
resources and policy endorsement-that it needs to be truly effective.
Unless the bureau demonstrates this senior level commitment, the EA
initiative will likely be limited in how much progress it can continue to
make.

To support the agency in its efforts to develop and implement an effective
enterprise architecture, we recommend that the Secretary of Commerce
direct the bureau to

o 	determine an adequate level of resources to accomplish planned EA
activities in order to ensure continued improvements to the bureau's EA
model and

o 	establish a written policy endorsing and enforcing the bureau's
enterprise architecture.

                                       59

Information security protects an organization's computer-supported
resources and assets. Such protection ensures the integrity, appropriate
confidentiality, and availability of an organization's data and systems.
Integrity means that data have not been altered or destroyed in an
unauthorized manner. Confidentiality means that information is not made
available or disclosed to unauthorized individuals, entities, or
processes. Availability means that data will be accessible or usable upon
demand by an authorized entity.

Key activities for managing information security risks include:

o 	Risk assessment-identifying security threats and vulnerabilities to
information assets and operational capabilities, ranking risk exposures,
and identifying cost-effective controls

o 	Awareness and training-promoting awareness of security risks and
educating users about security policies and procedures, as well as
providing security training to staff

                                       60

Key activities, continued:

o 	Controls-implementing the controls necessary to deal with identified
risks to information systems, physical facilities, and networks, in order
to protect them

o 	Evaluation-monitoring the effectiveness of controls and awareness
activities through periodic evaluation

o 	Central management-coordinating security activities through a
centralized group

Information security is of special importance to the Census Bureau because
under law, with certain limited exceptions, the bureau must protect from
disclosure the data it collects about individuals and establishments.10
Specifically, the bureau may not disclose or publish any private
information that identifies an individual or establishment.

                      10U.S. Code, Title 13, Section 9. 61

We evaluated the bureau's policies and procedures on information security
by comparing them to the requirements in the Federal Information Security
Management Act of 200211 and to guidelines issued by OMB and the National
Institute of Standards and Technology. We assessed selected bureau
systems' security plans, risk assessments, and certification and
accreditation packages. We interviewed bureau and Commerce security
officials on security policies and practices. We also analyzed reports on
the bureau's information security program by the Department of Commerce's
Office of the Inspector General.

11 Federal Information Security Management Act of 2002, Title III,
E-Government Act of 2002, 62P.L. 107-347, Dec. 17, 2002.

           Activity                Assessment                Comments         

           Activity                Assessment                Comments         

           Activity                Assessment                Comments         

           Activity                Assessment                Comments         

The bureau has activities under way and planned to address each of the
security areas, but the agency has not established milestones for
completing all of its planned activities.

o 	Until the bureau identifies individuals who need specialized training
and provides that training, it faces increased risk that individuals
accessing systems may not have the information they need to protect these
systems.

o 	Until the bureau identifies the tools it needs to test and verify
network security controls, system owners risk being unaware of potential
security threats and vulnerabilities, and they may not have adopted the
controls they need to address them.

                                       67

The bureau has policies and processes in place to manage information
security, but important steps for ensuring that systems are secure remain
to be carried out. Until the bureau completes these system security
initiatives, it cannot ensure that information, systems, and networks are
adequately protected from disclosure or attack.

In order to improve information security, we recommend that the Secretary
of Commerce direct the bureau to

o  establish milestones for

o 	identifying staff with special security training needs and developing
an effective training program for them,

o 	identifying system penetration tools to aid network access security and
testing network controls using these tools, and

o 	monitor progress against these milestones and the milestones that have
already been established to address weaknesses in risk assessments,
information system security controls, and oversight management tools, to
ensure that these activities are completed in a timely manner.

                                       68

Human capital centers on viewing people as assets whose value to an
organization can be enhanced by investing in them. As the value of people
increases, so does the performance capacity of the organization-and
therefore its value to clients and other stakeholders.

According to the Clinger-Cohen Act of 1996, to maintain and enhance the
capabilities of IT staff, an organization should conduct four basic
activities:

o 	Requirements-annually assess the knowledge and skills that an agency
needs to effectively perform its IT operations to support its mission and
goals

o 	Inventory-determine the knowledge and skills of current IT staff to
identify gaps in needed capabilities

o 	Workforce strategies and plans-develop strategies and implement plans
for hiring, training, and professional development to fill any gap between
requirements and current staffing

o 	Progress evaluation-evaluate the progress made in improving IT human
capital capability, and use the results of these evaluations to
continuously improve the organization's human capital strategies

                                       69

We compared the bureau's policies and procedures for IT human capital to
the Clinger-Cohen Act12 and to our guide, Human Capital: A Self-Assessment
Checklist for Agency Leaders.13 We reviewed IT human capital practices in
the areas of skills and knowledge requirements, skills and knowledge
inventories, workforce strategies, and progress evaluations.

12 Clinger-Cohen Act of 1996, 40 U.S.C. 11101-11704.

13 U.S. GAO, Human Capital: A Self-Assessment Checklist for Agency
Leaders, GAO/OCG-00-14G 70

(Washington, D.C.: September 2000).

           Activity                Assessment                Comments         

           Activity                Assessment                Comments         

Taking steps to improve the shortfalls listed above is important for the
following reasons:

o 	Until the bureau regularly assesses its IT requirements, it risks not
identifying needed skills and knowledge in its IT workforce.

o 	Until the bureau completes a gap analysis, it lacks assurance that it
is optimizing the use of its current IT workforce and therefore is unable
to implement workforce strategies to fill any identified gaps. As a
result, the bureau is at increased risk that it lacks the trained staff it
needs to fulfill its mission objectives.

                                       73

The Census Bureau has implemented steps to manage its IT human capital,
but more remains to be done to update requirements for IT skills and
knowledge and to develop and implement strategies for filling any skill
gaps. Until the bureau completes these activities, it is at increased risk
that it will not have the skills it needs to effectively develop and
manage its million-and billion-dollar investments in information systems
and technology.

In order to improve the bureau's ability to manage its IT workforce, we
recommend that the Secretary of Commerce direct the bureau to

o 	annually assess IT knowledge and skills to determine whether they meet
current requirements, and

o 	use the planned gap analysis to identify workforce strategies to fill
skills gaps and then evaluate these strategies to determine their
effectiveness in improving human capital management.

                                       74

In commenting on a draft of this briefing, Census Bureau officials,
including the Chief Information Officer, Comptroller, and Chief,
Information System Support and Review Office, stated that the bureau
concurs with our findings and our recommendations.

                                       75

Appendix II

Comments from the Department of Commerce

Appendix II
Comments from the Department of
Commerce

Appendix II
Comments from the Department of
Commerce

Appendix II
Comments from the Department of
Commerce

Appendix III

                     GAO Contact and Staff Acknowledgments

GAO Contact David A. Powner, (202) 512-9286 or [email protected]

Acknowledgments	In addition to the person named above, John Dale, Lester
Diamond, Joanne Fiorino, Mark Fostek, Tonia Johnson, Deborah Lott, Teresa
Neven, Tammi Nguyen, Madhav Panwar, Colleen Phillips, Cynthia Scott, Karl
Seifert, Niti Tandon, Teresa Tucker, and Michael Virga made key
contributions to this report.

Related Products by GAO and the Department of Commerce's Inspector General

GAO Products	2010 Census: Basic Design Has Potential, but Remaining
Challenges Need Prompt Resolution. GAO-05-09. Washington, D.C.: January
12, 2005.

Data Quality: Census Bureau Needs to Accelerate Efforts to Develop and
Implement Data Quality Review Standards. GAO-05-86. Washington, D.C.:
November 17, 2004.

Census 2000: Design Choices Contributed to Inaccuracies in Coverage
Evaluation Estimates. GAO-05-71. Washington, D.C.: November 12, 2004.

American Community Survey: Key Unresolved Issues. GAO-05-82. Washington,
D.C.: October 8, 2004.

2010 Census: Counting Americans Overseas as Part of the Decennial Census
Would Not Be Cost-Effective. GAO-04-898. Washington, D.C.: August 19,
2004.

2010 Census: Overseas Enumeration Test Raises Need for Clear Policy
Direction. GAO-04-470. Washington, D.C.: May 21, 2004.

2010 Census: Cost and Design Issues Need to Be Addressed Soon. GAO04-37.
Washington, D.C.: January 15, 2004.

Decennial Census: Lessons Learned for Locating and Counting Migrant and
Seasonal Farm Workers. GAO-03-605. Washington, D.C.: July 3, 2003.

Decennial Census: Methods for Collecting and Reporting Hispanic Subgroup
Data Need Refinement. GAO-03-228. Washington, D.C.: January 17, 2003.

Decennial Census: Methods for Collecting and Reporting Data on the
Homeless and Others Without Conventional Housing Need Refinement.

GAO-03-227. Washington, D.C.: January 17, 2003.

2000 Census: Lessons Learned for Planning a More Cost-Effective 2010
Census. GAO-03-40. Washington, D.C.: October 31, 2002.

The American Community Survey: Accuracy and Timeliness Issues.

GAO-02-956R. Washington, D.C.: September 30, 2002.

2000 Census: Refinements to Full Count Review Program Could Improve Future
Data Quality. GAO-02-562. Washington, D.C.: July 3, 2002.

Related Products by GAO and the Department of Commerce's Inspector General

2000 Census: Coverage Evaluation Matching Implemented as Planned, but
Census Bureau Should Evaluate Lessons Learned. GAO-02-297. Washington,
D.C.: March 14, 2002.

2000 Census: Best Practices and Lessons Learned for More Cost-Effective
Nonresponse Follow-up. GAO-02-196. Washington, D.C.: February 11, 2002.

2000 Census: Coverage Evaluation Interviewing Overcame Challenges, but
Further Research Needed. GAO-02-26. Washington, D.C.: December 31, 2001.

2000 Census: Analysis of Fiscal Year 2000 Budget and Internal Control
Weaknesses at the U.S. Census Bureau. GAO-02-30. Washington, D.C.:
December 28, 2001.

2000 Census: Significant Increase in Cost Per Housing Unit Compared to
1990 Census. GAO-02-31. Washington, D.C.: December 11, 2001.

2000 Census: Better Productivity Data Needed for Future Planning and
Budgeting. GAO-02-4. Washington, D.C.: October 4, 2001.

2000 Census: Review of Partnership Program Highlights Best Practices for
Future Operations. GAO-01-579. Washington, D.C.: August 20, 2001.

Decennial Censuses: Historical Data on Enumerator Productivity Are
Limited. GAO-01-208R. Washington, D.C.: January 5, 2001.

2000 Census: Headquarters Processing System Status and Risks. GAO01-1.
Washington, D.C.: October 17, 2000.

2000 Census: Update on Data Capture Operations and Systems. AIMD-00324R.
Washington, D.C.: September 29, 2000.

2000 Census: Status of Nonresponse Follow-up and Key Operations.
T-GGD/AIMD-00-164. Washington, D.C.: May 11, 2000.

2000 Census: New Data Capture System Progress and Risks. AIMD-00-61.
Washington, D.C.: February 4, 2000.

2000 Census: Contingency Planning Needed to Address Risks That Pose a
Threat to a Successful Census. GGD-00-6. Washington, D.C.: December 14,
1999.

Related Products by GAO and the Department of Commerce's Inspector General

Inspector General Reports	Improving Our Measure of America: What the 2004
Census Test Can Teach Us in Planning for the 2010 Decennial Census,
OIG-16949-1, (Washington, D.C.: September 2004).

Weaknesses in Census Bureau's Certification and Accreditation Process
Leave Security of Critical Information Systems in Question, OSE-16519,
(Washington, D.C.: August 2004).

MAF/TIGER Redesign Project Needs Management Improvements to Meet Its
Decennial Goals and Cost Objective, OSE-15725, (Washington, D.C.:
September 2003).

Selected Aspects of Census 2000 Accuracy and Coverage Evaluation Need
Improvements Before 2010, IG-14226, (Washington, D.C.: March 2002).

Improving Our Measure of America: What Census 2000 Can Teach Us in
Planning for 2010, OIG-14431, (Washington, D.C.: Spring 2002).

Actions to Address the Impact on the Accuracy and Coverage Evaluation of
Suspected Duplicate Persons in the 2000 Decennial Census, OSE13812,
(Washington, D.C.: March 2001).

A Better Strategy Is Needed for Managing the Nation's Master Address File,
OSE-12065, (Washington, D.C.: September 2000).

Telephone Questionnaire Assistance Contract Needs Administration and
Surveillance Plan, OSE-12376, (Washington, D.C.: August 2000).

PAMS/ADAMS Should Provide Adequate Support for the Decennial Census, but
Software Practices Need Improvement, ESD-11684, (Washington, D.C.: March
2000).

Improvements Needed in Multiple Response Resolution to Ensure Accurate,
Timely Processing for the 2000 Decennial Census, OSE-10711, (Washington,
D.C.: September l999).

Dress Rehearsal Quality Check Survey Experience Indicates Improvements
Needed for 2000 Decennial, ESD-11449, (Washington, D.C.: September l999).

Related Products by GAO and the Department of Commerce's Inspector General

Method for Archiving 2000 Decennial Data and Procedures for Disposing of
Questionnaires Should Be Finalized, OSE-10758, (Washington, D.C.:
September 1999).

Headquarters Information Processing Systems for 2000 Decennial Census
Require Technical and Management Plans and Procedures, OSE10034,
(Washington, D.C.: November l997).

GAO's Mission	The Government Accountability Office, the audit, evaluation
and investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of The fastest and easiest way to obtain copies of GAO
documents at no cost

is through GAO's Web site (www.gao.gov). Each weekday, GAO postsGAO
Reports and newly released reports, testimony, and correspondence on its
Web site. To Testimony have GAO e-mail you a list of newly posted products
every afternoon, go to

www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone	The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone:	Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud, Contact:
Waste, and Abuse in Web site: www.gao.gov/fraudnet/fraudnet.htm

E-mail: [email protected] Programs Automated answering system: (800)
424-5454 or (202) 512-7470

Congressional	Gloria Jarmon, Managing Director, [email protected] (202)
512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125

Relations Washington, D.C. 20548

Public Affairs	Paul Anderson, Managing Director, [email protected] (202)
512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548
*** End of document. ***