Financial Management Systems: Additional Efforts Needed to
Address Key Causes of Modernization Failures (15-MAR-06,
GAO-06-184).
Billions of dollars have been spent governmentwide to modernize
financial management systems that have often exceeded budgeted
cost, resulted in delays in delivery dates and did not provide
the anticipated system functionality when implemented. GAO was
asked to identify (1) the key causes for financial management
system implementation failures, and (2) the significant
governmentwide initiatives currently under way that are intended
to address the key causes of financial management system
implementation failures. GAO was also asked to provide its views
on actions that can be taken to help improve the management and
control of agency financial management system modernization
efforts.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-06-184
ACCNO: A49117
TITLE: Financial Management Systems: Additional Efforts Needed
to Address Key Causes of Modernization Failures
DATE: 03/15/2006
SUBJECT: Cost overruns
Federal enterprise architecture
framework
Financial management
Financial management systems
Human capital management
Information resources management
Performance measures
Risk management
Schedule slippages
Strategic planning
Systems conversions
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-06-184
* Appendix I: Scope and Methodology
* Appendix II: IG Reports Reviewed
* Appendix III: Disciplined Processes
* Appendix IV: Comments from the Office of Management and Budg
* Appendix V: GAO Contacts and Staff Acknowledgments
* Related GAO Products
Report to Congressional Requesters
United States Government Accountability Office
GAO
March 2006
FINANCIAL MANAGEMENT SYSTEMS
Additional Efforts Needed to Address Key Causes of Modernization Failures
Financial Systems Modernization
GAO-06-184
Contents
Letter 1
Results in Brief 3
Background 7
Agencies' Failure to Follow Best Practices in Three Key Areas Has Hampered
Successful Implementation of Financial Management Systems 16
Federal Initiatives Under Way to Improve System Implementations 27
Broad-Based Actions Needed to Implement Financial Management Systems
Governmentwide 35
Conclusions 48
Recommendations for Executive Action 49
Agency Comments and Our Evaluation 50
Appendix I Scope and Methodology 52
Appendix II IG Reports Reviewed 54
Appendix III Disciplined Processes 56
Appendix IV Comments from the Office of Management and Budget 68
Appendix V GAO Contacts and Staff Acknowledgments 79
Related GAO Products 80
Tables
Table 1: Building Blocks for Financial Management Systems Governmentwide
and Summary of Key Issues 6
Table 2: Problems Related to Disciplined Processes in Implementing
Financial Management Systems 17
Table 3: Problems Related to Strategic Human Capital Management in
Implementing Financial Management Systems 22
Table 4: Problems Related to Other IT Management Practices in Implementing
Financial Management Systems 25
Table 5: OMB Initiatives to Reform Federal Financial Management System
Implementations 28
Table 6: Federal Enterprise Architecture Reference Models 29
Figures
Figure 1: Percentage of Effort Associated with Undisciplined Projects 11
Figure 2: Relationship between Requirements Development and Testing 59
Abbreviations
CDC Centers for Disease Control and Prevention CFO chief financial officer
CIO chief information officer COTS commercial off-the-shelf Customs U.S.
Customs and Border Protection DOD Department of Defense ERP enterprise
resource planning FFMIA Federal Financial Management Improvement Act FSIO
Financial Systems Integration Office HHS Department of Health and Human
Services IEEE Institute of Electrical and Electronic Engineers IG
inspector general Interior Department of the Interior IRS Internal Revenue
Service IT information technology JFMIP Joint Financial Management
Improvement Program NASA National Aeronautics and Space Administration
OFFM Office of Federal Financial Management OMB Office of Management and
Budget OPM Office of Personnel Management SEI Software Engineering
Institute VA Department of Veterans Affairs
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
United States Government Accountability Office
Washington, DC 20548
March 15, 2006
The Honorable Todd R. Platts Chairman The Honorable Edolphus Towns Ranking
Minority Member Subcommittee on Government Management, Finance, and
Accountability Committee on Government Reform House of Representatives
The federal government has long been plagued by financial management
system modernization efforts that have failed to meet their cost,
schedule, and performance goals. While agencies anticipate that the new
systems will provide reliable, useful, and timely data to support
managerial decision making, our work and that of others has shown that has
often not been the case. Modernizing financial management systems is
expensive but critical to instituting strong financial management as
called for by the Chief Financial Officers (CFO) Act of 1990,1 Federal
Financial Management Improvement Act of 1996 (FFMIA),2 and other financial
management reform legislation. The CFO Act calls for the improvement of
financial management systems in departments and major agencies throughout
the federal government to achieve the systematic measurement of
performance, the development of cost information, and the integration of
program, budget, and financial information for management reporting. FFMIA
builds on the foundation laid by the CFO Act by reflecting the need for
CFO Act agencies to have financial management systems that can generate
reliable, useful, and timely information with which to make fully informed
decisions and to ensure accountability on an ongoing basis.
Billions of dollars have been spent on developing and implementing
financial management systems throughout the federal government. These
systems support the interrelationships and interdependencies between
budget, cost, and management functions. Financial management systems are
critical for producing complete, reliable, timely, and consistent
financial information for use by the executive branch of the federal
government and the Congress in the financing, management, and evaluation
of federal programs. Many efforts are under way to implement new core
financial systems3 and supporting financial management systems such as
logistics, acquisition, and human resources. However, recent efforts to
modernize financial management systems have often exceeded budgeted cost,
resulted in delays in delivery dates, and did not provide the anticipated
system functionality and performance. For example, as we testified in May
2004,4 the National Aeronautics and Space Administration (NASA) was on its
third attempt in 12 years to modernize its financial management processes
and systems and has spent about $180 million on two failed prior attempts
to implement core financial systems. NASA's current effort is estimated to
cost about $983 million. In another case, the Navy largely wasted
approximately $1 billion on four pilot Enterprise Resource Planning5 (ERP)
program efforts, without marked improvement in its day-to-day operations,
which resulted in four more stove-piped systems that did not enhance
overall efficiency at the Department of Defense (DOD).6 The Navy is now
working on a new project to consolidate these four systems into one at an
additional cost of $800 million.
1Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990).
2Pub. L. No. 104-208, div. A., S: 101(f), title VIII, 110 Stat. 3009,
3009-389 (Sept. 30, 1996).
Because of your concern about failures at some agencies to successfully
modernize or implement financial management systems, you asked us to
identify (1) the key causes for financial management system implementation
failures, which we define as financial management system improvement
efforts that did not meet cost, schedule, or performance goals, and (2)
the significant governmentwide initiatives currently under way that are
intended to address the key causes of financial management system
implementation failures. You also asked us to provide our views on actions
that can be taken to help improve the management and control of agency
financial management system modernization efforts.
3According to systems requirements issued by the former Joint Financial
Management Improvement Program (JFMIP) which remain in effect, core
financial systems are the backbone of an agency's integrated financial
management system. They should provide common processing routines, support
common data for critical financial management functions affecting the
entire agency, and maintain the required financial data integrity control
over financial transactions, resource balances, and other financial
systems. A core financial system should support an agency's general
ledger, funds management, payments, receivables, and basic cost management
functions. Also, the system should receive data from other
financial-related systems, such as inventory and property systems, and
from direct user input. It should also support financial statement
preparation and financial performance measurement and analysis.
4GAO, National Aeronautics and Space Administration: Significant Actions
Needed to Address Long-standing Financial Management Problems, GAO-04-754T
(Washington, D.C.: May 19, 2004).
5An ERP solution is an automated system using commercial off-the-shelf
software and consisting of multiple, integrated functional modules that
perform a variety of business-related tasks such as accounts payable,
general ledger accounting, and supply chain management.
6GAO, DOD Business Systems Modernization: Navy ERP Adherence to Best
Business Practices Critical to Avoid Past Failures, GAO-05-858
(Washington, D.C.: Sept. 29, 2005).
This report is based on our prior reports over the last 5 years that
focused on financial management system implementation efforts. We also
reviewed selected inspector general (IG) reports dealing with financial
management system implementations. We interviewed key CFO Council and
Office of Management and Budget (OMB) officials and reviewed their
existing oversight policies related to financial management systems as
well as related current initiatives under way. We did not evaluate the
federal government's overall information technology (IT) strategy or
whether a particular agency selected the most appropriate financial
management system. Our work for this report was performed in Washington,
D.C., from January 2005 through October 2005 in accordance with U.S.
generally accepted government auditing standards. Details on our scope and
methodology are included in appendix I and a list of related IG reports
that we reviewed are included in appendix II. The background section
describes elements of IT management, including certain disciplined
processes, human capital and other IT management practices, and appendix
III provides additional information on the disciplined processes. Other
related GAO reports are listed at the end of this report.
Results in Brief
From our analysis of prior reports, we identified several key causes of
financial management system implementation failures within three recurring
themes related to agencies not following best practices in (1) systems
development and implementation efforts (commonly referred to as
disciplined processes), (2) human capital management, and (3) other IT
management practices. Although the implementation of any major system will
never be a risk-free proposition, organizations that follow and
effectively implement disciplined processes, along with effective human
capital and other IT management practices, can reduce these risks to
acceptable levels. Our review of over 40 prior GAO and IG reports found
problems associated with the failure to effectively implement disciplined
processes in the areas of requirements management, testing, data
conversion and system interfaces, risk management, and project management
that can impact how a system functions and how it performs. For example,
ill-defined or incomplete requirements have been identified by many
experts as a root cause of system failure. As a case in point, we recently
reported7 that the initial deployment of a new Army system intended to
improve depot operations was still not meeting user needs, and the Army
expected to invest about $1 billion to fully deploy the system. One reason
that users had not been provided with the intended systems capabilities
was a breakdown in the requirements management process. As a consequence,
the Army implemented error-prone, time-consuming manual workarounds to
minimize disruption to critical operations, and the financial management
operations continued to be affected by systems problems. Human capital
management problems were also identified as critical to successfully
implementing a new financial management system. Agencies have faced
challenges in implementing financial management systems due to human
capital management issues related to strategic workforce planning, human
resources, and change management. By not identifying staff with the
requisite skills to implement such systems and by not identifying gaps in
needed skills and filling them, agencies reduced their chances of
successfully implementing and operating new financial management systems.
Finally, deficiencies in other IT management practices have hindered
modernization efforts, including problems related to enterprise
architecture, investment management, and information security management
practices.
As the federal organization with key responsibility for federal financial
management systems, OMB has undertaken a number of initiatives intended to
reduce the risks associated with acquiring and implementing financial
management systems and addressing long-standing financial management
problems. Some of these initiatives are in collaboration with the Chief
Information Officers (CIO) and CFO councils. OMB has recognized the need
for standardization and including key stakeholders in new work groups to
develop systems requirements and processes. While OMB has taken steps to
accomplish its initiatives, they are generally at the early stages of
implementation, and a firm foundation to address the long-standing
problems that have impeded success has not yet been established. OMB
initiatives are under way in the following key areas:
7GAO, Army Depot Maintenance: Ineffective Oversight of Depot Maintenance
Operations and System Implementation Efforts, GAO-05-441 (Washington,
D.C.: June 30, 2005).
o Federal Enterprise Architecture-to build a comprehensive
business-driven (rather than technology focused) blueprint of the
entire federal government.
o Lines of Business-to develop business-driven common solutions
that span across the federal government, such as consolidating
duplicative financial management systems by using centers of
excellence to provide services.
o Joint Financial Management Improvement Program (JFMIP)8
Realignment-to realign responsibilities for overseeing,
developing, testing, and publishing core financial systems
requirements, including the development of standard business
processes.
OMB has developed the Federal Enterprise Architecture, which continues to
evolve, to maximize technology investments, but as we have previously
testified, questions remain about the Federal Enterprise Architecture,
including how it relates to agencies' enterprise architectures.9 Regarding
the financial management line of business, OMB has developed an approach
for outsourcing financial management systems to a limited number of
application service providers,10 such as OMB designated centers of
excellence or private sector entities. With this initiative, OMB has
correctly recognized that enhancing the government's ability to implement
financial management systems that are capable of providing accurate,
reliable, and timely information on the results of operations needs to be
addressed as a governmentwide solution, rather than individual agency
stove-piped efforts designed to meet a given entity's needs. This is a
significant change in how agencies acquire new systems and raises numerous
complex issues that have far-reaching implications for the government and
private sector application service providers. Therefore, strong executive
support will be essential for these modernization efforts. In addition,
the actions resulting from the realignment of the JFMIP in December 2004
can help streamline financial management improvement efforts by providing
additional policy and oversight. However, OMB has not yet fully defined
and implemented the processes necessary to successfully complete the
financial management line of business and JFMIP realignment initiatives.
8JFMIP was formed under the authority of the Budget and Accounting
Procedures Act of 1950, Pub. L. No. 81-784, S: 111(f), 64 Stat. 832, 835
(Sept. 12, 1950) (codified at 31 U.S.C. S: 3511), as a joint and
cooperative undertaking of GAO, the U.S. Department of the Treasury, OMB,
and Office of Personnel Management (OPM), working in cooperation to
improve financial management practices in the federal government.
Leadership and program guidance were provided by the four JFMIP
principals-the Comptroller General of the United States, the Secretary of
the Treasury, and the Directors of OMB and OPM.
9GAO, Information Technology: The Federal Enterprise Architecture and
Agencies' Enterprise Architectures Are Still Maturing, GAO-04-798T
(Washington, D.C.: May 19, 2004).
10An application service provider is a third-party entity that manages and
distributes software-based services and solutions to customers across a
wide area network from a central data center. In essence, application
service providers are a way for agencies to outsource some or almost all
aspects of their information technology needs.
Specifically, based on industry best practices, we identified four key
concepts that are not yet fully developed in OMB's initiatives and related
processes. Careful consideration of these four concepts, each one building
upon the next, will be integral to the success of OMB's initiatives and
will help break the cycle of failure in implementing financial management
systems. The four concepts are: (1) developing a concept of operations,
(2) defining standard business processes, (3) developing a strategy for
ensuring that agencies are migrated to a limited number of application
service providers in accordance with OMB's stated approach, and (4)
defining and effectively implementing disciplined processes necessary to
properly manage the specific projects. Table 1 summarizes the key issues
raised in each of the four areas.
Table 1: Building Blocks for Financial Management Systems Governmentwide
and Summary of Key Issues
Building blocks for financial
management systems
governmentwide Key issues to be addressed
Concept of operations o Defining financial management systems
for consistent use in the federal
government
o Establishing how development will
result in a governmentwide solution
rather than individual agency stove-piped
efforts
o Linking to Federal Enterprise
Architecture in user-friendly terms
o Obtaining reliable information on the
costs of federal financial management
system investments
Standard business processes o Developing governmentwide standard
business processes to meet the needs of
federal agencies based on best practices
o Encouraging agencies to adopt new
processes, rather than automating old
ways of doing business
o Providing consistency across
government agencies and application
service providers
o Supporting the processes of agencies
that have unique needs
Strategy for implementing the o Assisting agencies in adopting a
financial management line of change management strategy that reduces
business the risks of moving to this approach
o Focusing agency financial management
system investment decisions on the
benefits of standard processes and
application service providers
o Facilitating the decision-making
process used by agencies to select a
provider
o Incorporating strategic workforce
planning
Disciplined processes o Incorporating industry standards and
best practices into governmentwide
guidance related to financial management
system implementation efforts
o Reducing the risks and costs
associated with data conversion and
interface efforts
o Developing an oversight process
Source: GAO.
While OMB has taken a number of steps to address these issues, more
remains to be done to facilitate the implementation of the financial
management line of business and JFMIP realignment initiatives across the
government. We make recommendations in this report regarding fully
integrating the four concepts into OMB's approach to help reduce the risks
associated with financial management system implementation efforts. In
written comments on a draft of this report, the Controller of OMB agreed
with our recommendations and described the approach and steps that OMB is
taking to improve financial management system modernization efforts. OMB's
comments are discussed further in the Agency Comments and Our Evaluation
section and reprinted in appendix IV.
Background
OMB plays a central role in setting federal financial management policy
and guidance. The CFO Act of 1990 established OMB's Office of Federal
Financial Management (OFFM), which has responsibility to provide overall
direction and leadership to the executive branch on financial management
matters by establishing financial management policies and requirements,
and by monitoring the establishment and operation of federal government
financial management systems. Among the key issues OFFM addresses in
addition to financial management systems, are agency and governmentwide
financial reporting, asset management, grants management, improper
payments, performance measurement, single audits, and travel and purchase
cards. Within OFFM, the Federal Financial Systems Branch is responsible
for orchestrating all of the elements of the financial systems
governmentwide into a coherent, coordinated architecture. These elements
include
o agency financial management systems and JFMIP standards;
o interfaces between agency financial systems and other systems
that support business processes (e.g., human resources systems,
procurement systems, databases supporting performance management);
o common financial management services, including e-Travel,
e-Learning, Contractor Central Registry, Intragovernmental Payment
and Collection System, and Electronic Certification System; and
o governmentwide accounting and other data consolidation systems.
Another office in OMB, the Office of Electronic Government and Information
Technology, has responsibility for providing overall leadership and
direction to the executive branch on electronic government. In particular,
this OMB office oversees implementation of IT throughout the federal
government, including monitoring and consulting on agency technology
efforts; advising the OMB Director on the performance of IT investments,
as well as identifying opportunities for joint agency and governmentwide
IT projects; and overseeing the development of enterprise architectures
within and across agencies, which is being fulfilled through the Federal
Enterprise Architecture.11 This office also shares statutory IT management
responsibilities with the Office of Information and Regulatory Affairs,
which OMB was required to establish under the Paperwork Reduction Act of
1995.12
Finally, OMB is the preparer of the President's budget and provides
instructions to executive branch agencies to submit budget-related
information in accordance with the requirements of OMB Circular No. A-11,
Preparation, Submission and Execution of the Budget. OMB is responsible
for reviewing and evaluating IT spending across the federal government and
uses the IT spending information submitted by the agencies during the
budget formulation process to review requests for agency financial
management systems and other IT spending. Major agency IT investments are
reported to OMB individually. OMB Circular No. A-11 defines a major IT
investment as a system or project that requires special management
attention because of its importance to an agency's mission, or has
significant program or policy implications, among other criteria.
Financial management systems costing more than $500,000 annually are
considered major IT investments. OMB Circular No. A-11 also requires
agencies to use Exhibit 300, Capital Asset Plan and Business Case, to
describe the business case for the investment, which serves as the primary
means of justifying IT investment proposals as well as managing IT
investments once they are funded.
11OMB was required to establish this office under the E-Government Act of
2002, Pub. L. No. 107-347, S: 101(a), 116 Stat. 2899, 2902-05 (Dec. 17,
2002) (codified at 44 U.S.C. S: 3602(a), (f)).
12Pub. L. No. 104-13, S: 2, 109 Stat. 163, 166 (May 22, 1995) (codified at
44 U.S.C. S: 3503).
Elements of IT Management
Best practices are tried and proven methods, processes, techniques, and
activities that organizations define and use to minimize risks and
maximize chances for success. As we have previously reported,13 using best
practices related to IT acquisitions can result in better
outcomes-including cost savings, improved service and product quality, and
ultimately, a better return on investment. We and others, such as the
Software Engineering Institute (SEI),14 have identified and promoted the
use of a number of best practices associated with acquiring IT systems.
For the purposes of this report, we have identified various elements of IT
management and categorized them as disciplined processes, human capital
and other IT management practices that are critical elements for
minimizing the risks related to financial management system
implementations. These areas are interrelated and interdependent,
collectively providing an agency with a comprehensive understanding both
of current business approaches and of efforts (under way or planned) to
change these approaches and a means to implement those changes.
Understanding the relationships among these areas can help an agency
determine how it is applying its resources, analyze how to redirect these
resources in the face of change, implement such redirections, and measure
success. With this decision-making capability, the agency is better
positioned to deploy financial management systems and direct appropriate
responses to unexpected changes in its environment. The following sections
provide additional background information on the key elements of IT
management discussed in this report, including disciplined processes,
human capital and other IT management practices.
13GAO, Information Technology: DOD's Acquisition Policies and Guidance
Need to Incorporate Additional Best Practices and Controls, GAO-04-722
(Washington, D.C.: July 30, 2004).
14The SEI is a federally funded research and development center operated
by Carnegie Mellon University and sponsored by DOD. The SEI objective is
to provide leadership in software engineering and in the transition of new
software engineering technology into practice.
Disciplined Processes
Disciplined processes are fundamental to successful systems implementation
efforts and have been shown to reduce the risks associated with software
development and acquisition to acceptable levels. A disciplined software
development and acquisition process can maximize the likelihood of
achieving the intended results (performance) within established resources
(costs) on schedule. Although there is no standard set of practices that
will ever guarantee success, several organizations, such as the SEI and
the Institute of Electrical and Electronic Engineers (IEEE),15 as well as
individual experts, have identified and developed the types of policies,
procedures, and practices that have been demonstrated to reduce
development time and enhance effectiveness. The key to having a
disciplined system development effort is to have disciplined processes in
multiple areas, including requirements management, testing, data
conversion and system interfaces, configuration, risk and project
management, and quality assurance. Effective processes should be
implemented in each of these areas throughout the project life cycle
because change is constant. Effectively implementing the disciplined
processes necessary to reduce project risks to acceptable levels is
difficult to achieve because a project must effectively implement several
best practices, and inadequate implementation of any one may significantly
reduce or even negate the positive benefits of the others.
Figure 1 shows how organizations that do not effectively implement the
disciplined processes lose the productive benefits of their efforts as a
project continues through its development and implementation cycle.
Although undisciplined projects show a great deal of what appears to be
productive work at the beginning of the project, the rework associated
with defects begins to consume more and more resources. In response,
processes are adopted in the hopes of managing what later turns out, in
reality, to have been unproductive work. Generally, these processes are
"too little, too late" because sufficient foundations for building the
systems were not done or not done adequately. Experience in both the
private sector and the government has shown that projects for which
disciplined processes are not implemented at the beginning then must be
implemented later, when it takes more time and they are less effective.16
15The IEEE is a nonprofit, technical professional association that
develops standards for a broad range of global industries, including the
IT and information assurance industries and is a leading source for
defining best practices.
Figure 1: Percentage of Effort Associated with Undisciplined Projects
As shown in figure 1, a major consumer of project resources in
undisciplined efforts is rework (also known as thrashing). Rework occurs
when the original work has defects or is no longer needed because of
changes in project direction. Disciplined organizations focus their
efforts on reducing the amount of rework because it is expensive. Fixing a
requirements defect after the system is released costs anywhere from 10 to
100 times the cost of fixing it when the requirements are defined.17
Projects that do not successfully address rework will eventually spend
even more effort on rework and the associated processes rather than on
productive work. In other words, the project will continually require
reworking items.
16Steve McConnell, Rapid Development: Taming Wild Software Schedules
(Redmond, Wash.: Microsoft Press, 1996).
17Steve McConnell, Code Complete, Second Edition (Redmond, Wash.:
Microsoft Press, 2004).
Human Capital Management
People-human capital-are a critical element to transforming organizations
to meet the challenges of the 21st century. Recognizing this, we first
added strategic human capital management as a governmentwide high-risk
issue in January 2001,18 and although progress has been made, continued to
include it on the latest high-risk list issued in January 2005.19
Strategic human capital management for financial management projects
includes organizational planning, staff acquisition, and team development.
Human capital planning is necessary for all stages of the system
implementation. It is important that agencies incorporate strategic
workforce planning by (1) aligning an organization's human capital program
with its current and emerging mission and programmatic goals and (2)
developing long-term strategies for acquiring, developing, and retaining
an organization's total workforce to meet the needs of the future. This
incorporates a range of activities from identifying and defining roles and
responsibilities, to identifying team members, to developing individual
competencies that enhance performance. It is essential that an agency take
the necessary steps to ensure that it has the human resources to design,
implement, and operate a financial management system. In addition,
organizational change management, which is the process of preparing users
for the business process changes that usually accompany implementation of
a new system, is another important human capital element.
Strategic workforce planning is essential for achieving the mission and
goals of financial management system projects. As we have reported,20
there are five key principles that strategic workforce planning should
address:
18GAO, High-Risk Series: An Update, GAO-01-263 (Washington, D.C.: Jan.
2001).
19GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: Jan.
2005).
20GAO, Human Capital: Key Principles for Effective Strategic Workforce
Planning, GAO-04-39 (Washington, D.C.: Dec. 11, 2003).
o Involve top management, employees, and other stakeholders in
developing, communicating, and implementing the strategic
workforce plan.
o Determine the critical skills and competencies that will be
needed to achieve current and future programmatic results.
o Develop strategies that are tailored to address gaps in the
number, deployment, and alignment of human capital approaches for
enabling and sustaining the contributions of all critical skills
and competencies.
o Build the capability needed to address administrative,
educational, and other requirements important to support workforce
planning strategies.
o Monitor and evaluate the agency's progress toward its human
capital goals and the contribution that human capital results have
made toward achieving programmatic results.
Having adequate and sufficient human resources with the requisite training
and experience to successfully implement a financial management system is
another critical success factor. According to OMB, qualified federal IT
project managers are our first line of defense against the cost overruns,
schedule slippage, and poor performance that threaten agencies' ability to
deliver efficient and effective services to citizens. In July 2004, OMB
issued a memorandum21 to help agencies comply with fiscal year 2005 budget
guidance that instructed agencies to ensure "by September 30, 2004, all
major projects are managed by project managers qualified in accordance
with CIO Council guidance."22 The CIO Council's Federal IT Project Manager
Guidance Matrix and Federal IT Project Management Validation define levels
of complexity for IT projects/systems, identify appropriate competencies
and experience, suggest education and training sources, and serve as a
tool for validating IT project manager credentials. IT project managers
are expected to achieve and demonstrate baseline skills in applicable
competency areas listed in the Office of Personnel Management (OPM)
Interpretive Guidance for Project Manager Positions. The OMB memorandum
also required agencies to submit a plan to meet the guidance on project
manager qualifications and document the approach, milestones, and
schedule. The plans should also follow OPM's Workforce Planning Model and
Human Capital Assessment and Accountability Framework.
21OMB, Information Technology Project Manager Qualification Guidance,
M-04-19 (Washington, D.C.: July 21, 2004).
22In July 2004, the CIO Council's Workforce and Human Capital for
Information Technology Committee released the Federal IT Project Manager
Guidance Matrix. The matrix identified the competencies, experience,
education, training, and development that managers should possess for
projects with three different levels of complexity.
Changing an organization's business processes is not an easy task.
Managing culture and process change in large, diverse, organizationally
and geographically decentralized agencies is a much greater challenge.
Frequently, the greatest difficulties lie not in managing the technical or
operational aspects of change, but in managing the human dimensions of
change. Some experts caution that unless planning and accountability for
change management are given a separate focus, the efforts will not be
managed well. Management roles in implementing a new system include
establishing business goals, realistic expectations, accountability, and
leading cultural change necessary to accept the capabilities of a new
system. During the implementation phase especially, agency executives must
be in the forefront in dealing with the social, psychological, and
political resistance to changing the way work is done. Executives must
also recognize that their own roles and responsibilities may need to
undergo change as well.
Other IT Management Practices
Weaknesses in other IT management processes also increase the risks
associated with financial management system implementation efforts.
Developing an enterprise architecture, establishing IT investment
management policies, and addressing information security weaknesses are
critical to ensuring successful system implementation.
OMB Circular No. A-130,23 which establishes executive branch policies
pursuant to the Paperwork Reduction Act of 199524 and the Clinger-Cohen
Act of 199625 among other laws, requires agencies to use architectures. A
well-defined enterprise architecture provides a clear and comprehensive
picture of the structure of any enterprise by providing models that
describe in business and technology terms how the entity operates today
and predicts how it will operate in the future. It also includes a plan
for transitioning to this future state. Enterprise architectures are
integral to managing large-scale programs. Managed properly, an enterprise
architecture can clarify and help optimize the interdependencies and
relationships among an organization's business operations and the
underlying IT infrastructure and applications that support these
operations. Employed in concert with other important management controls,
architectures can greatly increase the chances that organizations'
operational and IT environments will be configured to optimize mission
performance. To aid agencies in assessing and improving enterprise
architecture management, we issued guidance establishing an enterprise
architecture management framework.26 The underpinning of this framework is
a five-stage maturity model outlining steps toward achieving a stable and
mature process for managing the development, maintenance, and
implementation of an enterprise architecture.
23OMB Circular No. A-130, Management of Federal Information Resources
(Washington, D.C.: Nov. 28, 2000).
24Paperwork Reduction Act of 1995, Pub. L. No. 104-13, 109 Stat. 163 (May
22, 1995) (codified at 44 U.S.C. S:S: 3501-3521).
25Clinger-Cohen Act of 1996, Pub. L. No. 104-106, div. E, S: 5125, 110
Stat. 679, 684-85 (Feb. 10, 1996) (codified at 40 U.S.C. S: 11315 (b)).
IT investment management provides for the continuous identification,
selection, control, life-cycle management, and evaluation of IT
investments. The Clinger-Cohen Act lays out specific aspects of the
process that agency heads are to implement to maximize the value of the
agency's IT investments. In addition, OMB and GAO have issued guidance27
for agencies to use in implementing the Clinger-Cohen Act requirements for
IT investment management. For example, we issued guidance establishing an
IT investment management framework.28 This framework is also a maturity
model composed of five progressive stages of maturity that an agency can
achieve in its IT investment management capabilities. These stages range
from creating investment awareness to developing a complete investment
portfolio to leveraging IT for strategic outcomes. The framework can be
used both to assess the maturity of an agency's investment management
processes and as a tool for organizational improvement.
The Federal Information Security Management Act of 200229 provides the
overall framework for ensuring the effectiveness of information security
controls that support federal operations and assets and requires agencies
and OMB to report annually to the Congress on their information security
programs. OMB Circular No. A-130 also requires agencies to protect
information commensurate with the risk and magnitude of the harm that
would result from the loss, misuse, or unauthorized access to or
modification of such information. The reliability of operating
environments, computerized data, and the systems that process, maintain,
and report these data is a major concern to federal entities that have
distributed networks that enable multiple computer processing units to
communicate with each other. Such distributed networks increase the risk
of unauthorized access to computer resources and possible data alteration.
Effective departmentwide information security controls will help reduce
the risk of loss due to errors, fraud, and other illegal acts, disasters,
or incidents that cause systems to be unavailable. Inadequate security and
controls can adversely affect the reliability of the operating
environments in which financial management systems and their applications
operate.
26GAO, Information Technology: A Framework for Assessing and Improving
Enterprise Architecture Management (Version 1.1), GAO-03-584G (Washington,
D.C.: April 2003).
27For example, see GAO, Information Technology Investment Management: A
Framework for Assessing and Improving Process Maturity (Version 1.1),
GAO-04-394G (Washington, D.C.: March 2004); and OMB Circular No. A-130.
28 GAO-04-394G .
29Pub. L. No. 107-347, tit. III, S: 301, 116 Stat. 2946, 2946-55 (Dec. 17,
2002) (codified at 44 U.S.C. S:S: 3541-3549).
Agencies' Failure to Follow Best Practices in Three Key Areas Has Hampered
Successful Implementation of Financial Management Systems
We reviewed numerous prior GAO and IG reports and identified several
problems related to agencies' implementation of financial management
systems in three recurring and overarching themes: disciplined processes,
human capital and other IT management practices. Simply put, the agencies
were not following best practices in these three critical areas. The
predictable result of not effectively addressing these three areas has
been numerous agency systems throughout the federal government that did
not meet their cost, schedule, and performance objectives. We have issued
governmentwide reports on other IT management practices including
agencies' enterprise architecture,30 IT investment management,31 and
information security32 and therefore will not be addressing those issues
further in this report. However, broad-based actions are needed to address
the problems repeatedly experienced at the agencies as they continue to
struggle to implement new financial management systems. Many of the
systems we reviewed had at least one problem in each of the three critical
areas. While there was some overlap in these three areas, we selected
examples that best illustrate the specific problems in each area.
30GAO, Information Technology: Leadership Remains Key to Agencies Making
Progress on Enterprise Architecture Efforts, GAO-04-40 (Washington, D.C.:
Nov. 17, 2003).
31GAO, Information Technology Management: Governmentwide Strategic
Planning, Performance Measurement, and Investment Management Can Be
Further Improved, GAO-04-49 (Washington, D.C.: Jan. 12, 2004).
32GAO, Information Security: Agencies Need to Implement Consistent
Processes in Authorizing Systems for Operation, GAO-04-376 (Washington,
D.C.: June 28, 2004).
Disciplined Processes Have Not Been Fully Used
From our review of over 40 prior reports, we identified a number of key
problem areas in disciplined processes related to requirements management,
testing, data conversion and system interfaces, risk management, and
project management activities. Inadequate implementation of disciplined
processes can manifest itself in many ways when implementing a financial
management system and the failure to properly implement disciplined
processes in one area can undermine the work in all the other areas and
cause significant problems. Table 2 summarizes and provides examples for
some of the problems we identified from prior reports that can be expected
when agencies do not effectively implement the disciplined processes
necessary to manage their financial management system implementation
projects.
Table 2: Problems Related to Disciplined Processes in Implementing
Financial Management Systems
Agency/related
report(s) Key problem area(s) Observations
U.S. Customs and Border Project management More than 3 years into its
Protection (Customs) ( second attempt, Customs had
GAO-05-267 ) relaxed system quality
standards and started new
phases despite system
defects. Correcting such
defects would consume
resources (e.g., people) at
the expense of later system
releases.
Department of Defense Requirements Testing Tobyhanna Army Depot could
Data conversion and not accurately report on its
o Army Logistics system interfaces financial operations, which
Modernization Requirements Project also affect the depot's
Program ( GAO-05-441 management ability to set prices.
) Subsequent deployments of the
o Defense Data conversion and system costing $1 billion
Integrated Military system interfaces have been delayed.
Human Resources Project management
System ( GAO-05-189 DOD accepted the design of
) the first system phase in
o Navy Enterprise November 2004 and was
Resource Planning ( proceeding with development,
GAO-05-858 ) but program responsibility
was diffused and requirements
were not complete.
The Navy largely wasted about
$1 billion in four pilot
efforts that were not
interoperable and started a
new project to converge them
into a single program which
is expected to cost another
$800 million.
Department of Health Requirements Testing HHS had not developed
and Human Services Data conversion and sufficient quantitative
(HHS) ( GAO-04-1008 ) ( system interfaces measures for determining the
GAO-04-1089T ) Risk management impact of many of the process
Project management weaknesses and did not
determine until less than 1
month before the scheduled
deployment date that the $210
million project should be
delayed by 6 months.
Department of the Requirements Testing Over 5 years after the
Interior (Interior) Data conversion and project was first fielded,
(Bureau of Indian system interfaces only one function was
Affairs) ( considered successfully
GAO/AIMD-00-259 ) implemented, and Interior was
looking for a replacement
system.
Internal Revenue Risk management Total life-cycle costs for
Service (IRS) ( Project management full deployment of the
GAO-02-356 ) ( initial release of a new core
GAO-05-46 ) ( accounting system had
GAO-05-566 ) ( increased by almost $74
GAO-05-774 ) million, and project
completion had been delayed
by 15 months because of an
inability to timely resolve
key system design,
integration, and performance
issues.
National Aeronautics Requirements Testing After a total of 12 years and
and Space Project management about $180 million on two
Administration ( prior failed efforts, NASA
GAO-04-255 ) ( was on its third attempt at
GAO-04-754T ) ( modernizing its financial
GAO-05-799R ) systems and still could not
produce auditable financial
statements or specific
information for managing NASA
projects.
Office of Personnel Requirements Risk OPM planned to award the
Management ( GAO-05-237 management Project contract for a system to
) management process retirement claims at
the end of January 2005 with
implementation by the end of
fiscal year 2008 at a total
cost of about $294 million
despite the lack of
disciplined processes in key
areas. OPM had not awarded
the contract at the end of
our field work.
Department of Testing Data The Department of
Transportation conversion and Transportation transitioned
(Transportation IG, system interfaces to a new accounting system in
FI-2001-074 and fiscal year 2004, but the
FI-2005-009) system was not able to
account for expected loan
repayments from grantees,
which were valued at $604
million on September 30,
2004.
Department of Veterans Testing Data Patient services and medical
Affairs (VA) (VA IG, conversion and center operations were
04-01371-177) system interfaces interrupted when supplies
Project management were not available because of
inaccurate inventory data
that had been transferred to
its new financial system.
After numerous problems, VA
halted implementation of the
system for which it reported
to have spent almost $250
million.
Source: GAO analysis based on prior GAO and IG reports.
The following provides more specific details on three of the examples of
financial management system implementation problems related to the lack of
disciplined processes.
o In May 2004, we first reported33 our concerns with the
requirements management and testing processes used by the Army in
the implementation of the Logistics Modernization Program and the
problems being encountered after it became operational in July
2003. At the time of our initial report, the Army decided that
future deployments would not go forward until they had reasonable
assurance that the deployed system would operate as expected for a
given deployment. However, as we reported in June 2005,34 the Army
had not effectively addressed its requirements management and
testing problems and data conversion weaknesses had hampered the
Army's ability to address the problems that need to be corrected
before the system can be fielded to other locations. For example,
the system cannot properly recognize revenue nor bill customers.
Data conversion problems resulted in general ledger account
balances that were not properly converted to the new system in
July 2003, and these differences remained unresolved almost 18
months later. These weaknesses adversely affected the Army's
ability to set the prices for the work performed at the Tobyhanna
Army Depot. In addition, data conversion problems resulted in
excess items being ordered and shipped to Tobyhanna. As noted in
our June 2005 report, three truckloads of locking washers (for
bolts) were mistakenly ordered and received, and subsequently
returned, because of data conversion problems. As a result of the
problems, the Army has implemented error-prone, time-consuming
manual workarounds as a means to minimize disruption to critical
operations; however, the depot's financial management operations
continue to be adversely affected by systems problems.
o NASA has struggled to implement a modern integrated financial
management system. After two failed efforts over 12 years and
about $180 million, NASA embarked on a third effort that is
expected to cost about $983 million. We have previously identified
problems and made recommendations to NASA related to requirements,
testing, and project management as well as problems with human
capital and other IT management issues related to this effort. For
example, NASA had not implemented quantitative metrics to help
gauge the effectiveness of its requirements management process.
Such metrics would be particularly important for NASA to address
the root causes of system defects and be reasonably assured that
its processes would result in a system that meets its business
needs. However, in our September 2005 report,35 we found that
overall progress implementing our recommendations had been slow.
From our perspective, of the 45 recommendations we made in prior
reports, NASA had taken sufficient action to close 3
recommendations and had partially implemented 13, but 29
recommendations remained open. Furthermore, in November 2004,
NASA's independent auditor reported that NASA's new financial
system, which was implemented in June 2003, could not produce
auditable financial statements for fiscal year 2004 and did not
comply with the requirements of FFMIA.36 Key areas of concern
included the core financial module's inability to (1) produce
transaction-level detail in support of financial statement account
balances, (2) identify adjustments or correcting entries, and (3)
correctly and consistently post transactions to the right
accounts.
o In August 2004, the VA IG reported37 that the effect of
transferring inaccurate data to its new core financial system at a
pilot location interrupted patient care and medical center
operations. This raised concerns that similar conversion problems
would occur at other VA facilities if the conditions identified
were not addressed and resolved nationwide prior to roll out. Some
of the specific conditions the IG noted were that contracting and
monitoring of the project were not adequate, and the deployment of
the new system encountered multiple problems including those
related to software testing, data conversion and system
interfaces, and project management. When the new financial system
was deployed at the pilot location in October 2003, it did not
function as project managers had expected because of inaccurate or
incomplete vendor and inventory system data. As a result of these
problems, patient care was interrupted by supply outages and other
problems. The inability to provide sterile equipment and needed
supplies to the operating room resulted in the cancelation of 81
elective surgeries for a week in both November 2003 and February
2004. In addition, the operating room was forced to operate at
two-thirds of its prior capacity. Because of the serious nature of
the problems raised with the new system, VA management decided to
focus on transitioning back to the previous financial management
software at the pilot location and assemble a senior leadership
team to examine the results of the pilot and make recommendations
to the VA Secretary regarding the future of the system.
33GAO, DOD Business Systems Modernization: Billions Continue to Be
Invested with Inadequate Management Oversight and Accountability,
GAO-04-615 (Washington, D.C.: May 27, 2004).
34 GAO-05-441 .
35GAO, Business Modernization: Some Progress Made toward Implementing GAO
Recommendations Related to NASA's Integrated Financial Management Program,
GAO-05-799R (Washington, D.C.: Sept. 9, 2005).
36Section 803 of FFMIA requires the major departments and agencies covered
by the CFO Act to implement and maintain financial management systems that
comply substantially with (1) federal financial management systems
requirements, (2) applicable federal accounting standards, and (3) the
U.S. Government Standard General Ledger at the transaction level.
37Department of Veterans Affairs Office of Inspector General, Issues at VA
Medical Center Bay Pines, Florida and Procurement and Deployment of the
Core Financial and Logistics System, Report 04-01371-177 (Washington,
D.C.: Aug. 11, 2004).
Human Capital Management Problems Impede Financial Systems Development and
Deployment
Effective human capital management is critical to the success of systems
implementations. As we previously reported in our Executive Guide:
Creating Value Through World-class Financial Management,38 having staff
with the appropriate skills is key to achieving financial management
improvements, and managing an organization's employees is essential to
achieving results. By not identifying staff with the requisite skills to
implement such systems and by not identifying gaps in needed skills and
filling them, agencies reduce their chances of successfully implementing
and operating new financial management systems. For example, in our prior
report on building the IT workforce,39 we found that in the 1990s the
initial rounds of downsizing were set in motion without considering the
longer-term effects on agencies' IT performance capacity. Additionally, a
number of individual agencies drastically reduced or froze their hiring
efforts for extended periods. Consequently, following a decade of
downsizing and curtailed investments in human capital, federal agencies
face skills, knowledge, and experience imbalances, especially in their IT
workforces. Without corrective action, this situation will worsen,
especially in light of the numbers of federal civilian workers becoming
eligible to retire in the coming years. In this regard, we are emphasizing
the need for additional focus on key problem areas we identified from
prior reports including strategic workforce planning, human resources, and
change management. Examples for some of the human capital management
problems we identified in prior reports that hamper the implementation of
new financial management systems are summarized in table 3.
38GAO, Executive Guide: Creating Value Through World-class Financial
Management, GAO/AIMD-00-134 (Washington, D.C.: April 2000).
39GAO, Human Capital: Building the Information Technology Workforce to
Achieve Results, GAO-01-1007T (Washington, D.C.: July 31, 2001).
Table 3: Problems Related to Strategic Human Capital Management in
Implementing Financial Management Systems
Agency/related
report(s) Key problem area(s) Observations
U.S. Customs and Strategic workforce A human capital strategy that
Border Protection ( planningHuman provided both near- and
GAO-05-267 ) resources Change long-term solutions to the
management program office's human capital
capacity limitations was
needed. Key change management
actions were not being
implemented. The schedule was
extended by 3 years and
estimated costs increased by
about $1 billion.
Department of Health Strategic workforce Strategic workforce planning
and Human Services ( planningHuman was incomplete and ongoing
GAO-04-1008 ) resources staff shortages had played a
role in key deliverables being
significantly behind schedule.
Department of the Change management Without taking time to
Interior (Bureau of reexamine and revise its
Indian Affairs) ( business processes, Interior
GAO/AIMD-00-259 ) was not able to maximize the
potential benefits of the new
system and instead may
perpetuate outmoded ways of
doing business.
Internal Revenue Strategic workforce IRS had not defined or
Service ( GAO-05-46 ) planningHuman implemented a human capital
( GAO-05-774 ) resources plan for obtaining, developing,
and retaining requisite human
capital resources and
experienced significant cost
increases and schedule delays.
National Aeronautics Human resources Personnel shortages at Marshall
and Space Space Flight Center for several
Administration ( months affected the core
GAO-04-118 ) financial project and resulted
in additional costs of nearly
$400,000 for extra hours
worked.
Office of Personnel Change management OPM had not developed a
Management ( detailed transition plan to
GAO-05-237 ) help prepare users for changes
to their job responsibilities.
The award of the contract for
the new system was delayed
because OMB asked to review a
revised business case for the
new system.
Department of Veterans Human resources Conversion to the new system
Affairs (VA IG, was disrupted because
04-01371-177) management did not ensure that
inventory management staff were
trained as required. The duties
of the Project Director and
Contracting Officer Technical
Representative were too onerous
for one individual to
adequately manage.
Source: GAO analysis based on prior GAO and IG reports.
The following provides more specific details on two of the examples of the
types of human capital management problems we found.
o In May 2002, we first reported40 that the Customs Modernization
Office did not have the people in place to perform critical system
acquisition functions and did not have an effective strategy for
meeting its human capital needs. Customs had decided to compress
its time frame for delivering its new system from 5 to 4 years and
was taking a schedule-driven approach to acquiring the system
because of the system's national importance. This exacerbated the
level of project risk by introducing more overlap among
incremental system releases and stretching critical resources. In
our most recent report issued in March 2005,41 we found that
although Customs had developed a staffing plan, it had not been
approved and was already out of date because the modernization
office subsequently implemented a reorganization that transferred
government and contractor personnel to the modernization office.
We also observed that changes in roles and responsibilities had
the modernization office and the contractor sharing development
duties of the new system. Finally, Customs developed a revised
organizational change approach with new change management
activities, but key actions associated with the revised approach
were not planned for implementation because the funding request
for fiscal year 2005 did not fully reflect the revised approach.
In July 2004, Customs extended delivery of the last release from
fiscal year 2007 to fiscal year 2010, adding a new release for
screening and targeting, and increasing the life-cycle cost
estimate by about $1 billion to $3.1 billion. The new schedule
reflected less overlap between future releases. While Customs,
which is now under the Department of Homeland Security, has taken
important actions to help address release-by-release cost and
schedule overruns that we previously identified, we concluded that
it was unlikely that these actions would prevent the past pattern
of overruns from recurring because the Department of Homeland
Security had relaxed system quality standards, so that milestones
were being passed despite material system defects, and because
correcting these defects will ultimately require the program to
expend resources, such as people and test environments, at the
expense of later system releases (some of which are now under
way).
o We reported, in September 2004,42 that staff shortages and
limited strategic workforce planning resulted in HHS not having
the resources needed to effectively design and operate its new
financial management system. HHS had taken the first steps in
strategic workforce planning. For example, the Centers for Disease
Control and Prevention (CDC), where the first deployment was
scheduled, was the only operating division that had prepared a
competency report, but a skills gap analysis and training plan for
CDC had not been completed. In addition, many government and
contractor positions on the implementation project were not filled
as planned. For example, an independent verification and
validation contractor reported that some key personnel filled
multiple positions and their actual available time was inadequate
to perform the allocated tasks. As a result, some personnel were
overworked, which, according to the independent verification and
validation contractor could lead to poor morale. The organization
chart for the project showed that the project team was
understaffed and that several integral positions were vacant or
filled with part-time detailees. While HHS and the systems
integrator had taken measures to acquire additional human
resources for the implementation of the new financial management
system, we concluded that scarce resources could significantly
jeopardize the project's success and lead to several key
deliverables being significantly behind schedule. In September
2004, HHS decided to delay its first scheduled deployment at CDC
by 6 months in order to address these and other issues identified
with the project.
40GAO, Customs Service Modernization: Management Improvements Needed on
High-Risk Automated Commercial Environment Project, GAO-02-545
(Washington, D.C.: May 13, 2002).
41GAO, Information Technology: Customs Automated Commercial Environment
Program Progressing, but Need for Management Improvements Continues,
GAO-05-267 (Washington, D.C.: Mar. 14, 2005).
42GAO, Financial Management Systems: Lack of Disciplined Processes Puts
Implementation of HHS's Financial System at Risk, GAO-04-1008 (Washington,
D.C.: Sept. 23, 2004).
Other IT Management Practices Were Not Fully Implemented
We identified a number of key problems related to other IT management
practices. Specifically, we found that in planning and developing new
financial management systems, agencies had not adequately considered their
existing IT management processes and framework. Through our research into
IT management best practices and our evaluation of agency IT management
performance, we have identified a set of essential and complementary
management disciplines.43 These include key areas where we found problems
such as enterprise architecture, investment management, and information
security, among others. Using the results of this research and evaluation,
we have developed various management frameworks and guides and reported on
numerous IT management weaknesses at individual agencies. Table 4
summarizes and provides examples for some of the key problems we found
described in prior reports on financial management system implementations
related to other IT management areas not previously discussed.
43 GAO-04-722 .
Table 4: Problems Related to Other IT Management Practices in Implementing
Financial Management Systems
Agency/related
report(s) Key problem area(s) Observations
Department of Enterprise architecture Recent legislation pertaining
Defense ( Investment management to defense business systems,
GAO-04-731R ) ( enterprise architecture,
GAO-05-140T ) ( accountability, and
GAO-05-381 ) ( modernization, if properly
GAO-05-702 ) implemented, should improve
system investment activities.
However, DOD's transformation
efforts have not adequately
addressed key underlying
causes of past reform
failures.
Department of Health Enterprise architecture HHS planned and developed its
and Human Services ( Investment new system using the agency's
GAO-04-1008 ) managementInformation existing IT management
security processes that had known
weaknesses in enterprise
architecture, investment
management, and information
security.
Department of the Enterprise architecture Not having a complete
Interior (Bureau of information systems
Indian Affairs) ( architecture to guide its new
GAO/AIMD-00-259 ) system and other projects was
a major challenge for
Interior.
National Aeronautics Enterprise architecture Key architecture management
and Space processes were not
Administration ( established, the architecture
GAO-04-754T ) ( was missing important
GAO-05-799R ) content, and NASA had already
implemented system components
not mapped to the
architecture.
Office of Personnel Investment OPM lacked policies and
Management ( managementInformation procedures for guiding the
GAO-05-237 ) security investment board's oversight
responsibilities and had not
developed specific security
plans.
Small Business Information security The system was not fully
Administration secure and potential breaches
(SBA/IG-3-32) of security could occur and
go undetected. Due to cost
issues for implementing phase
I, which exceeded the entire
$6.4 million budget for full
implementation, remaining
phases were put on hold.
Source: GAO analysis based on prior GAO and IG reports.
The following provides more specific details on two of the examples of
other problems related to IT management that have had an impact on
financial management system implementation projects.
o For several years, we have reported that deficiencies in DOD's
enterprise architecture and IT investment management policies are
contributing factors to DOD's stovepiped, duplicative, and
nonintegrated systems environment. In May 2004, we reported44 that
we had not seen any significant change in the content of DOD's
architecture or in DOD's approach to investing billions of dollars
annually in existing and new systems. Few actions had been taken
to address prior recommendations, which were aimed at improving
DOD's plans for developing the next version of the architecture
and implementing the institutional means for selecting and
controlling both planned and ongoing business systems investments.
In April 2005, we reported45 that DOD still did not have an
effective departmentwide management structure for controlling
business investments despite DOD requesting over $13 billion in
fiscal year 2005 to operate, maintain, and modernize its existing
duplicative business systems. In addition, because DOD lacked a
well-defined business enterprise architecture and transition plan,
billions of dollars continued to be at risk of being spent on
systems that would be duplicative, not interoperable, cost more to
maintain than necessary, and would not optimize mission
performance and accountability. In July 2005, we reported46 that
despite spending almost 4 years and about $318 million, DOD still
did not have an effective architecture program, and as a result
its modernization program remained a high risk.
o We reported, in February 2005,47 that OPM had implemented
selected processes in the areas of systems acquisition, investment
management, and information security; however, many processes were
not sufficiently developed, were still under development, or were
planned for future development. Although OPM had an executive
steering committee chaired by the deputy associate director of the
Center for Retirement and Insurance Services that acted as an IT
investment management board for the new retirement system, program
officials were not aware of formal policies or procedures guiding
the board's oversight responsibilities or activities. Agency
officials stated that they would define such a governance
structure for the retirement system project during the contract
award process. In addition, the agency had not yet developed
security plans for the licensed technology and data conversion
portions of the new system. Agency officials said they did not
have detailed security requirements for the licensed technology
portion of the new system, although the request for proposals
identified the need for high-level security requirements. They
planned to develop detailed security requirements after awarding
the licensed technology contract to a vendor. Without fully
developed security plans and security requirements for the
licensed technology and data conversion portions of the new
system, OPM increased the risk that both it and its vendors would
not meet information security needs for these portions of the
program expected to be implemented in fiscal year 2008.
44GAO, DOD Business Systems Modernization: Limited Progress in Development
of Business Enterprise Architecture and Oversight of Information
Technology Investments, GAO-04-731R (Washington, D.C.: May 17, 2004).
45GAO, DOD Business Systems Modernization: Billions Being Invested without
Adequate Oversight, GAO-05-381 (Washington, D.C.: Apr. 29, 2005).
46GAO, DOD Business Systems Modernization: Long-standing Weaknesses in
Enterprise Architecture Development Need to Be Addressed, GAO-05-702
(Washington, D.C.: July 22, 2005).
47GAO, Office of Personnel Management: Retirement Systems Modernization
Program Faces Numerous Challenges, GAO-05-237 (Washington, D.C.: Feb. 28,
2005).
Federal Initiatives Under Way to Improve System Implementations
As the federal organization with key responsibility for federal financial
management systems, OMB has undertaken a number of initiatives related to
acquiring and implementing financial management system capabilities. Some
of these initiatives are in collaboration with the CIO and CFO Councils
and are broad-based attempts to reform financial management operations
across the federal government. While reforming federal financial
management is an undertaking of tremendous complexity, it presents great
opportunities for improvements in financial management system
implementations and related business operations.
Notably, OMB has developed and continues to evolve governmentwide Federal
Enterprise Architecture products and has required a mapping of agency
architectures to this federal architecture as part of the budget review
process. Another key OMB initiative is referred to as the lines of
business and promotes streamlining common systems to enhance the
government's performance and services, such as establishing centers of
excellence to consolidate financial management activities for major
agencies through cross-servicing arrangements. The advantages of this
approach are many, including the implementation of standard business
processes and focusing system acquisition, development, and maintenance
activities at select agencies or entities with experience that have the
necessary resources to reduce the risks associated with such efforts.
Furthermore, certain activities and responsibilities performed by JFMIP
prior to its termination have been reassigned to OMB's OFFM, the Financial
Systems Integration Office, and a CFO Council Committee providing guidance
and oversight. However, as discussed in the next section, we identified
four key concepts that are not yet fully developed and integrated in OMB's
initiatives and related processes. Table 5 highlights some of the foremost
initiatives under way at OMB and their potential strengths.
Table 5: OMB Initiatives to Reform Federal Financial Management System
Implementations
Initiative Potential strengths
Federal Enterprise Architecture to build o Business driven
a comprehensive business-driven o Proactive and collaborative
blueprint of the entire federal across the federal government
government. o Architecture improves the
effectiveness and efficiency
of government information
resources
Lines of Business to develop o Enhance process
business-driven common solutions that improvements
span across the federal government, such o Achieve cost savings
as consolidating duplicative financial o Standardize business
management systems using centers of processes and data models
excellence to provide services. o Promote seamless data
exchange between federal
agencies
o Strengthen internal
controls
o Reduce development risks
JFMIP Realignment to realign o Eliminate duplicative roles
responsibilities for overseeing, o Streamline financial
developing, testing, and publishing core management improvement efforts
financial systems requirements, consistent with statutory
including the development of standard requirements
business processes. o Define standard business
processes and system
requirements
o Improve interoperability
and data consistency
Source: GAO analysis.
Federal Enterprise Architecture
In 2002, OMB established the Federal Enterprise Architecture Program
Management Office to develop a Federal Enterprise Architecture according
to a collection of five reference models. These models are intended to
facilitate governmentwide improvement through cross-agency analysis and
the identification of duplicative investments, gaps, and opportunities for
collaboration, interoperability, and integration within and across
government agencies. According to OMB, the result will be a more
citizen-centered, customer-focused government that maximizes technology
investments to better achieve mission outcomes. The Federal Enterprise
Architecture reference models are summarized in table 6.
Table 6: Federal Enterprise Architecture Reference Models
Name Description
Business Reference Model Describes the business operations of the
federal government independent of the agencies
that perform them, including defining the
services provided to state and local
governments.
Service Component Reference Identifies and classifies IT service (i.e.,
Model application) components that support federal
agencies and promotes the reuse of components
across agencies.
Technical Reference Model Describes how technology is supporting the
delivery of service components, including
relevant standards for implementing the
technology.
Performance Reference Model Provides a common set of general performance
outputs and measures for agencies to use to
achieve business goals and objectives.
Data and Information Describes, at an aggregate level, the types of
Reference Model data and information that support program and
business line operations, and the
relationships among these types.
Source: GAO analysis.
In May 2005, the five reference models were combined into the Consolidated
Reference Model document to compose a framework for describing important
elements of the Federal Enterprise Architecture in a common and consistent
way. OMB views the Federal Enterprise Architecture not as a static model,
but as a program, built into the annual budget process to repeatedly and
consistently improve all aspects of government service delivery. OMB
officials acknowledged that they are still mapping out the Federal
Enterprise Architecture and making it more robust and recognized that some
lines of business have fleshed out their areas in more detail than others.
In prior testimony on the Federal Enterprise Architecture,48 we recognized
that OMB and the CIO Council have made important progress, but that hard
work lies ahead to ensure that the Federal Enterprise Architecture is
appropriately described, matured, and used. The development of the Federal
Enterprise Architecture has continued to evolve and OMB has been promoting
the adoption of the Federal Enterprise Architecture. For example, for the
fiscal year 2007 budget submission, agencies will be required49 to use
predetermined codes to link their major IT investments on Exhibit 5350 to
the Federal Enterprise Architecture. For fiscal year 2005, agencies were
required to use the Federal Enterprise Architecture Performance Reference
Model to identify performance measurements for each new major IT
investment. As we have previously testified,51 questions remain regarding
the nature of the Federal Enterprise Architecture, the relationship of
agency enterprise architectures to the Federal Enterprise Architecture,
and the security aspects of the Federal Enterprise Architecture.
Therefore, we will not be addressing these issues further from a
governmentwide perspective in this report.
48 GAO-04-798T .
49OMB Circular No. A-11, Preparation, Submission, and Execution of the
Budget, Section 53 (Washington, D.C.: June 21, 2005).
Lines of Business
Building upon the efforts of the Federal Enterprise Architecture program,
OMB and designated agency task forces have launched the lines of business
initiative. This initiative seeks to develop business-driven common
solutions for six lines of business52 that span across the federal
government. OMB and the lines of business task forces plan to use
enterprise architecture-based principles and best practices to identify
common solutions for business processes or technology-based shared
services to be made available to government agencies. Driven from a
business perspective rather than a technology focus, the solutions are
expected to address distinct business improvements to enhance the
government's performance and services for citizens. The end results of the
lines of business efforts are expected to save taxpayer dollars, reduce
administrative burden, and significantly improve service delivery.
We have long supported and called for such initiatives to standardize and
streamline common systems, which can reduce costs and, if done correctly,
can also improve accountability. OMB officials from both OFFM and the
Electronic Government office told us that they worked collaboratively to
develop the financial management line of business along with an
interagency task force. The interagency task force recommended the
establishment of governmentwide service providers in the areas of
financial management and human resources management. The financial
management line of business raises a number of issues that have
far-reaching implications for the government and private sector
application service providers. This concept has commonly been used in the
private sector where application service providers provide services such
as payroll, sales force automation, and human resource applications to
many corporate clients. The interagency task force analysis estimated that
savings of more than $5 billion can be expected over a 10-year time frame
through consolidation of financial management and human resources systems
and the standardization and optimization of associated business processes
and functions. To help realize these benefits, OMB evaluated agencies'
business cases submitted as part of the fiscal year 2006 budget process.
On the basis of the review, the following four agencies were designated as
governmentwide financial management application service providers, which
OMB refers to as centers of excellence.
50Exhibit 53 lists all of the IT projects and their associated costs
within a federal organization and are to be prepared each year as part of
the budget process in accordance with OMB Circular No. A-11.
51 GAO-04-798T .
52In March 2004, OMB initiated a governmentwide analysis of five lines of
business-financial management, human resources management, grants
management, federal health architecture, and case management-and in March
2005 started a task force to address a sixth line of business on IT
security.
o Department of the Interior (National Business Center)
o General Services Administration
o Department of the Treasury (Bureau of the Public Debt's
Administrative Resource Center)
o Department of Transportation (Enterprise Services Center)
The National Business Center, the General Services Administration, and the
Bureau of the Public Debt have significant experience providing financial
management services to other federal entities. For a number of years,
these entities have provided financial management services-primarily to
smaller federal agencies such as the Nuclear Regulatory Commission, the
Office of Government Ethics, and the Panama Canal Commission. The
Department of Transportation plans to utilize its newly implemented
financial management system to provide services to other agencies. OMB
officials told us that, at a minimum, centers of excellence must be able
to support, or must use, core financial system software that has passed
the most recent qualification test of the Financial Systems Integration
Office, which is the current entity that performs many of the roles and
responsibilities of the former JFMIP Program Management Office as we
discuss below. Centers of excellence may provide related maintenance,
interfaces with feeder systems, and transaction processing. Other services
may also be offered, including hosting53 and other financial applications
such as payroll and travel. OMB also indicated that it plans to explore
using private sector application service providers to serve as centers of
excellence.
OMB expects to manage the migrations of agencies to centers of excellence
using the agencies' business cases submitted as part of the annual budget
process. According to OMB, agencies that submit business cases with
proposals to develop new financial systems or significantly update or
enhance current financial systems are prime candidates for moving to a
financial management center of excellence. The general principle OMB plans
to follow is that agencies should migrate to a financial management center
of excellence when it is cost effective to do so and they have maximized
the return on investment in the current system, which averages about 5 to
7 years. OMB officials told us that several major executive branch
agencies are considering moving to a financial management center of
excellence.
In August 2005, OPM was the first large agency to announce its plans to
move to a designated center of excellence. At the time of our review, OPM
was still in the planning phase; although it had selected the Bureau of
the Public Debt as the provider, it did not yet have a project plan. OPM
officials recognized that moving to a center of excellence at the
beginning of a fiscal year and not converting mid-year was a best practice
they planned to follow. In addition, at the time of our review, the
Environmental Protection Agency was in the planning and acquisition phase
of its Financial System Modernization Project. As part of its best-value
determination, the Environmental Protection Agency was considering the
designated centers of excellence as well as private sector providers for
software, integration, and hosting and had issued a draft request for
quotations. Also, OMB officials stated that they helped the National
Gallery of Art in preparing its solicitation for a new system, and the
agency recently selected a private sector firm as its application service
provider. OMB expects that most agencies will move to a center of
excellence or private sector firm within the next 7 to 8 years. In OMB
Circular No. A-11, for fiscal year 2007 OMB has asked agencies to provide
an overview of their current and future financial management systems
framework, including migration strategies for moving to a financial
management center of excellence.
53Hosting refers to a service provider who manages and provides
availability to a Web site or application, often bound by a service-level
agreement. The hosting entity generally maintains servers with network
support, power backup, fault tolerance, load balancing, and storage
backup.
JFMIP Realignment
In an effort to eliminate duplicative roles and streamline financial
management improvement efforts, the four principals of JFMIP agreed to
realign JFMIP's responsibilities for financial management policy and
oversight as described in a December 2004 OMB memorandum.54 Some of the
former responsibilities of JFMIP, such as issuing systems requirements,
were to be placed under the authority of OFFM and a renamed CFO Council
committee-the Financial Systems Integration Committee. As a result of the
realignment, JFMIP ceased to exist as a separate organization, although
the principals will continue to meet at their discretion consistent with
the Budget and Accounting Procedures Act of 1950 (codified, in part, at 31
U.S.C. S:3511(d)).
Under the realignment announced in December 2004, the JFMIP Program
Management Office was to report to the chair of the CFO Council's
Financial Systems Integration Committee. This reporting relationship
subsequently changed. At the request of the OMB Controller, the CFO at the
Department of Labor now chairs the Financial Systems Integration Committee
and is the leading agency sponsor of the financial management line of
business. Two subcommittees were also established under the announced
realignment:
o Configuration Control Subcommittee-to focus on interface
requirements, and
o Transaction Processing Standardization Subcommittee-to support
interagency development of functional requirements for the
software certification process.
OMB officials indicated that the roles and responsibilities of the two
subcommittees under the Financial Systems Integration Committee will
likely continue to evolve. However, the full committee will periodically
evaluate the subcommittees and whether they are well aligned and still
needed or if additional subcommittees are needed.
54OMB, Realignment of Responsibilities for Federal Financial Management
Policy and Oversight, Memorandum (Washington, D.C.: Dec. 2, 2004).
Other significant responsibilities of the former JFMIP Program Management
Office, which was previously managed by the JFMIP executive director using
funds provided by the CFO Council, were shifted to the Financial Systems
Integration Office (FSIO), which was established with staff from the
original JFMIP Program Management Office. The FSIO will now report to the
FSIO executive director, who will report to the OMB Controller. Before the
realignment, the JFMIP Program Management Office was responsible for the
testing and certification of commercial off-the-shelf (COTS) core
financial systems for use by federal agencies and coordinating the
development and publication of functional requirements for financial
management systems, among other things. OMB officials expect that the FSIO
will continue to focus on core financial systems and still be responsible
for certification and testing of core systems, but they plan to evaluate
the effectiveness of the certification and testing function. In addition,
OMB has recognized the need for standardization and the inclusion of key
stakeholders in developing systems requirements and processes, but
considers it a long-term goal. The FSIO will develop systems requirements
and the Financial Systems Integration Committee will be responsible for
advising OFFM on the systems requirements. OFFM will now be responsible
for issuing new systems requirements.55
According to OMB officials, the FSIO is reassessing the realignment plan
described in the December 2004 OMB memorandum and recently developed
foundational materials including the mission statement, goals, objectives,
performance indicators, scope of activities, prioritization of work,
budget, organizational chart, and communication plan. According to OMB
officials, resources at FSIO will be aligned under the priorities
identified and the office will be structured according to the new
priorities. The FSIO will identify its needs for additional staff and
determine how many are needed and what skill sets are appropriate. The
FSIO will continue defining its priorities and evaluating the
effectiveness of processes and its plans will continue to evolve.56 While
OMB has taken steps to accomplish the Federal Enterprise Architecture,
lines of business, and JFMIP realignment initiatives, as discussed in the
next section, it is generally at the early stages of implementation and a
firm foundation has not yet been established to address the long-standing
problems that have impeded success.
55Subsequent to our review, OMB issued Update on the Financial Management
Line of Business and the Financial Systems Integration Office, Memorandum
(Washington, D.C.: Dec. 16, 2005) which updated the status of the JFMIP
realignment to FSIO. For example, responsibilities for issuing certain
system requirements that had been reassigned to OMB were transitioned to
the Chief Acquisition Council, the Budget Officers Advisory Council, and
the Federal Real Property Council.
56See OMB, Update on the Financial Management Line of Business and the
Financial Systems Integration Office, Memorandum (Washington, D.C.: Dec.
16, 2005).
Broad-Based Actions Needed to Implement Financial Management Systems
Governmentwide
The key for federal agencies to avoid the long-standing problems that have
plagued financial management system improvement efforts is to address the
foremost causes of those problems and adopt solutions that reduce the
risks associated with these efforts to acceptable levels. Although OMB has
articulated an approach for reforming financial management systems
governmentwide under its financial management line of business and JFMIP
realignment initiatives, implementing these initiatives will be complex
and challenging. OMB has correctly recognized that enhancing the
government's ability to implement financial management systems that are
capable of providing accurate, reliable, and timely information on the
results of operations needs to be addressed as a governmentwide solution,
rather than as individual agency stove-piped efforts designed to meet a
given entity's needs. However, OMB has not yet fully defined and
implemented the processes needed to successfully complete these
initiatives. Specifically, based on industry best practices, we identified
four key concepts that are not yet fully developed and integrated in OMB's
initiatives and related processes. While OMB has addressed certain
elements of these best practices in its initiatives, many specific steps
are not yet completed. Careful consideration of these four concepts, each
one building upon the next, will be integral to the success of OMB's
initiatives and will help break the cycle of failure in implementing
financial management systems. The four concepts are (1) developing a
concept of operations, (2) defining standard business processes, (3)
developing a strategy for ensuring that agencies are migrated to a limited
number of application service providers in accordance with OMB's stated
approach, and (4) defining and effectively implementing disciplined
processes necessary to properly manage the specific projects. The
following sections highlight the key issues to be considered for each of
the four areas.
Concept of Operations Provides Foundation
Key Issues
o What is considered a financial management system?
o Who will be responsible for developing a governmentwide concept of
operations and what process will be used to ensure that the resulting
document reflects the governmentwide solution rather than individual
agency stove-piped efforts?
o How will the concept of operations be linked to the Federal
Enterprise Architecture?
o How can the federal government obtain reliable information on the
costs of its financial management systems investments?
A concept of operations defines how an organization's day-to-day
operations are (or will be) carried out to meet mission needs. The concept
of operations includes high-level descriptions of information systems,
their interrelationships, and information flows. It also describes the
operations that must be performed, who must perform them, and where and
how the operations will be carried out. Further, it provides the
foundation on which requirements definitions and the rest of the systems
planning process are built. Normally, a concept of operations document is
one of the first documents to be produced during a disciplined development
effort and flows from both the vision statement and the enterprise
architecture. According to the IEEE standards,57 a concept of operations
is a user-oriented document that describes the characteristics of a
proposed system from the users' viewpoint. The key elements that should be
included in a concept of operations are major system components,
interfaces to external systems, and performance characteristics such as
speed and volume.
In the case of federal financial management systems, another key element
for the concept of operations would be a clear definition and scope of the
financial management activities to be included. One problem with the
current OMB approach for reporting is that systems that have historically
been considered part of financial management, such as payroll and
inventory management, are not captured under the financial management line
of business when a particular agency reports IT investments to OMB as part
of the annual budget submission for inclusion in the Budget of the United
States Government. This is because the Federal Enterprise Architecture
coding structure for agencies to use when transmitting IT investment
information to OMB calls for only IT investments that support certain
financial system functions to be identified as a financial management
system. An effective concept of operations would help identify these
omissions.
57IEEE Std. 1362-1998.
Financial management systems are defined by OMB in Circulars No. A-11 and
A-127 in similar terms to that found in statutes such as FFMIA. This
definition is also similar to that used by DOD to define a defense
business system as provided by the fiscal year 2005 Defense Authorization
Act.58 These various sources generally consider financial management
systems to be financial systems and the financial portion of mixed systems
that support the interrelationships and interdependencies between budget,
cost, and management functions, and the information associated with
business activities. A mixed system is an information system that supports
both financial and nonfinancial functions of the federal government. At
DOD, for example, an estimated 80 percent of the information needed to
prepare annual financial statements comes from mixed systems such as
logistics, personnel, and procurement systems that are outside of the
responsibility of the DOD CFO. In contrast, the Federal Enterprise
Architecture's Business Reference Model defines a financial management
system as one that uses financial information to measure, operate, and
predict the effectiveness and efficiency of an entity's activities in
relation to its objectives. These differences illustrate that a consistent
definition of financial management systems is not being used across the
federal government.
One of the key challenges faced by OMB when evaluating financial
management system implementation efforts is capturing all financial
management system investments and their related costs. The fiscal year
2006 budget requests for IT spending totaled about $65.2 billion. Our
analysis showed that, of this amount, only $3.9 billion, less than 6
percent, is reflected under the financial management mission as defined by
OMB using the definition of a financial management system in its Federal
Enterprise Architecture. A more comprehensive analysis of financial
management system investments using the definition in OMB Circular No.
A-127 that includes mixed systems such as payroll and inventory and
including those considered by DOD as business systems brings the total to
about $20 billion. Payroll and inventory management systems clearly
support financial management activities, but these systems are not
included in the financial management line of business within the Federal
Enterprise Architecture framework. The payroll and inventory systems are
reflected under the human resource management and supply chain management
lines of business, respectively.
58Pub. L. No. 108-375, S: 332, 118 Stat. 1811, 1854 (Oct. 28, 2004)
(codified at 10 U.S.C. S: 2222(j)(2)). The act defines a defense business
system as an information system, other than a national security system,
operated by, for, or on behalf of the department that is used to support
business activities, such as acquisition, financial management, logistics,
strategic planning and budgeting, installations and environment, and human
resources management. The act states that such systems are to include
financial systems, mixed systems, financial data feeder systems, and IT
and information assurance infrastructure.
Because of these differing definitions, the total number of systems and
the respective costs associated with financial management system
implementation efforts are difficult to capture. OMB officials stated that
they are currently revising OMB Circular No. A-127 and will consider
clarifying the definition to ensure that it is consistent with FFMIA. In
addition, an effective concept of operations would help bridge this gap
and facilitate the monitoring of the activity related to financial
management systems. Addressing this issue would be a key factor in
developing a foundation for the lines of business initiative to
consolidate federal financial management systems under a limited number of
application service providers.
An effective concept of operations would describe, at a high level (1) how
all of the various elements of federal financial systems and mixed systems
relate to each other, and (2) how information flows from and through these
systems. Further, a concept of operations would provide a useful tool to
explain how financial management systems at the agency and governmentwide
levels can operate cohesively. It would be geared to a governmentwide
solution rather than individual agency stove-piped efforts. Further, it
would provide a road map that can be used to (1) measure progress and (2)
focus future efforts. OMB officials told us that they had developed a
concept of operations, but did not know when it would be released or if it
meets the criteria in the IEEE standards. Because the federal government
has lacked such a document, a clear understanding of the
interrelationships among federal financial systems and how the application
service provider concept fits into this framework has not yet been
achieved.
While the Federal Enterprise Architecture, when fully populated, could
provide some of this perspective, a concept of operations document
presents these items from a user's viewpoint in nontechnical terms. Such a
document would be invaluable in getting various stakeholders, including
those at the agency and governmentwide levels, the software vendors, and
the three branches of the federal government, to understand how the
financial systems are expected to operate cohesively and how they fit into
"the big picture." A concept of operations from this perspective would
clarify which financial management systems should be operated at an agency
level and which ones would be handled at a governmentwide level and how
those two would integrate. In addition, it could identify the nature and
extent of skills needed to effectively operate these systems. This would
play a part in resolving some of the human capital management problems
discussed previously.
Another key element of a concept of operations is a transition strategy
that is useful for developing an understanding of how and when changes
will occur. Not only is this needed from an investment management point of
view, it is a key element in the human capital problems discussed
previously that revolved around change management strategies. Describing
how to implement OMB's approach for outsourcing financial management
systems and the process that will be used to deactivate legacy systems
that will be replaced or interfaced with a new financial management system
are key aspects that need to be addressed in a transition strategy. This,
in turn, allows the agencies to begin taking the necessary actions to
integrate this approach into their investment management and change
management processes.
Standard Business Processes Promote Consistency
Key Issues
o How can governmentwide standard business processes be developed to
meet the needs of federal agencies?
o How can agencies be encouraged to adopt new processes, rather than
selecting other methods that result in simply automating old ways of
doing business?
o How will the standard business processes be implemented by the
application service providers to provide consistency across government
agencies and among the application service providers?
o What process will be used to determine and validate the processes
needed for agencies that have unique needs?
Business process models provide a way of expressing the procedures,
activities, and behaviors needed to accomplish an organization's mission
and are helpful tools to document and understand complex systems. Business
processes are the various steps that must be followed to perform a certain
activity. For example, the procurement process would start when the agency
defines its needs, issues a solicitation for goods or services and would
continue through contract award, receipt of goods and services, and would
end when the vendor properly receives payment. The identification of
preferred business processes would be critical for standardization of
applications and training and portability of staff, as well as for the
software vendor community to use for software design and implementation
purposes. Without standard processes, the federal government will continue
to spend funds to develop individual agency stove-piped efforts that may
or may not meet a given entity's needs.
To maximize the success of a new system acquisition, organizations need to
consider the redesign of current business processes. As we noted in our
Executive Guide: Creating Value Through World-class Financial
Management,59 leading finance organizations have found that productivity
gains typically result from more efficient processes, not from simply
automating old processes. Moreover, the Clinger-Cohen Act of 1996 requires
agencies to analyze the missions of the agency and, based on the analysis,
revise mission-related and administrative processes, as appropriate,
before making significant investments in information technology used to
support those missions.60 Another benefit of what is often called business
process modeling is that it generates better system requirements, since
the business process models drive the creation of information systems that
fit in the organization and will be used by end users. Other benefits
include (1) providing a foundation for agency efforts to describe the
business processes needed for unique missions, or to develop subprocesses
to support those at the governmentwide level and (2) describing the
business processes of the federal government to the vendor community for
standardization. While in many cases, government business processes will
be identical or very similar to processes used by the private sector,
these standards should also describe processes unique to federal
accounting.
However, according to OMB officials, the lines of business initiative is
moving forward even though this important key issue has not yet been
addressed. OMB officials believed that for standardized processes, it is
important to get buy-in as the processes are developed, and not force the
process from the top. OMB officials we talked with recognized that
standardization of business processes is important, but they did not want
to wait to deploy the financial management line of business initiative
until standard business processes had been developed. OMB planned to task
the newly created CFO Council Transaction Processing Standardization
Subcommittee with the responsibility for developing standard federal
business processes.61 Because this key issue has not been addressed, and
the other key issues flow from it, little has been done to address those
important considerations. From our perspective, adopting standardized
processes is a fundamental step needed for all financial system
implementations, but especially for making the financial management line
of business initiative successful. Otherwise, we believe that there is a
much greater risk of the continued proliferation of nonstandard business
processes that would not result in a marked improvement from the current
environment.
59 GAO/AIMD-00-134 .
60See 40 U.S.C. S: 11303(b)(2)(C).
Strategy for Implementing the Financial Management Line of Business Initiative
Will Be Key
Key Issues
o What guidance will be provided to assist agencies in adopting a
change management strategy that reduces the risks of moving to the
application service provider approach?
o What processes will be put in place to ensure that agency financial
management system investment decisions focus on the benefits of
standard processes and application service providers?
o What process will be used to facilitate the decision-making process
used by agencies to select a given provider?
o How will agencies incorporate strategic workforce planning in the
implementation of the application service provider approach?
Although OMB has a goal of migrating agencies to a limited number of
application service providers within the next 7 to 8 years to deliver the
standard business processes, rather than funding individual agency
efforts, it has not yet articulated a clear and measurable strategy for
achieving this goal. This is important because there has been a historical
tendency for agencies and units within agencies to view their needs as
urgent and resist standardization. Decisive action will be needed to
ensure that agencies adopt the application service provider concept and
that agencies do not continue to attempt to develop and implement their
own financial management systems. OMB has been proactive since the
beginning of the financial management line of business initiative in
describing the goals of the initiative by making speeches, discussing the
initiative with the media, including it in the President's budget request,
and highlighting it on its Web site. However, there are limited tools and
guidance available and OMB has not provided centers of excellence with
standard document templates needed to minimize risk, provide assurance,
and develop understandings with customers on topics such as service level
agreements and concept of operations. A service level agreement is
critical for both the application service providers and the agencies to be
held accountable for their respective parts of the agreement. Much work
remains to develop a change management strategy that addresses key
activities needed to minimize the risk associated with the implementation
of the financial management line of business initiative.
61Subsequent to our review, the responsibility for developing standard
business processes was assigned to the FSIO according to the December 16,
2005, OMB memorandum to CFOs.
Change management in the context of migrating federal agencies to an
application service provider will need to include activities such as (1)
developing specific criteria for requiring agencies to migrate to an
application service provider rather than attempting to develop and
implement their own stove-piped business systems; (2) providing the
necessary information for an agency to make a selection of an application
service provider; (3) defining and instilling new values, norms, and
behaviors within agencies that support new ways of doing work and
overcoming resistance to change; (4) building consensus among customers
and stakeholders on specific changes designed to better meet their needs;
and (5) planning, testing, and implementing all aspects of the transition
from one organizational structure and business process to another.
According to leading IT organizations, organizational change management is
the process of preparing users for the business process changes that will
accompany implementation of a new system. An effective organizational
change management process includes project plans and training that prepare
users for impacts the new system might have on their roles and
responsibilities and a process to manage those changes. We have reported
on various problems with agencies' change management including the failure
to develop transition plans, reengineer business processes, and limit
customization.62 In addition, one CFO Council member told us that from his
perspective systems do not fail, but there is an implementation failure
because of (1) ineffective coordination and communication between the CFO
and CIO offices, (2) excessive modification of COTS systems, (3) business
processes not being reengineered correctly, completely, or timely, and (4)
a lack of authority and leadership for the CFO and project management
offices to make the implementation work.
62For example, see GAO, Indian Trust Funds: Improvements Made in
Acquisition of New Asset and Accounting System But Significant Risks
Remain, GAO/AIMD-00-259 (Washington, D.C.: Sept. 15, 2000); GAO-05-237 ;
and GAO, District of Columbia: Weaknesses in Financial Management System
Implementation, GAO-01-489 (Washington, D.C.: Apr. 30, 2001).
With regard to establishing criteria for transitioning agencies to an
application service provider, we note that providing governmentwide
financial services is not a new concept to the federal government. One of
the 24 Presidential Electronic Government initiatives is e-payroll, which
was intended to consolidate 22 federal payroll systems into 4 federal
payroll providers63 to simplify and standardize federal human
resources/payroll policies and procedures to better integrate payroll,
human resources, and finance functions. Numerous agencies had targeted
their payroll operations for costly modernizations, and according to OMB,
by consolidating duplicative payroll modernization efforts, an estimated
$1.1 billion can be saved over the next decade in future IT investments
given the economies of scale and cost avoidance. Federal agencies already
have or will be migrating to one of the four selected payroll providers to
process payroll and pay employees.
OMB officials told us they learned from the e-payroll initiative that
directing and forcing change as they had done with the e-payroll effort
was not palatable to federal agencies. The agencies preferred having
choices on timing the move and on having options for various providers. As
a result, for the financial management line of business initiative, they
do not plan to establish a migration path or time table. Further,
processes have not been put in place to facilitate agency decisions on
selecting a provider or focusing investment decisions on the benefits of
standard processes and application service providers. It is not clear how
this will impact the adoption of this initiative. Given the pressures to
reduce budgets, discipline with respect to following a clear migration
path will be essential. Without such a migration path, while some agencies
may readily migrate to a center of excellence or application service
provider to minimize the tremendous undertaking of implementing or
significantly upgrading a financial system, other agencies will likely
perpetuate the waste of taxpayer dollars previously described related to
failed system implementation efforts.
63The payroll providers selected are Defense Finance and Accounting
Service, the General Services Administration, the Department of
Agriculture's National Finance Center, and Interior's National Business
Center.
The need for clear criteria on migrating agencies to the financial
management line of business initiative is highlighted by the following
example.
o In fiscal year 2004, the Department of Justice embarked on
implementing a new core financial system and is not planning to
move to a center of excellence. OMB officials stated that they
were not requiring Justice to move to a center of excellence
because it had unique needs and was already far enough along in
its attempt to modernize and consolidate the financial systems
used throughout the agency. OMB officials also speculated that
Justice might eventually become a center of excellence that
focuses on law enforcement agencies and addresses the law
enforcement community's unique needs.64 According to a supporting
document of the Analytical Perspectives, Budget of the United
States Government, Fiscal Year 2006, Justice spent about $6.9
million on modernizing its core financial system in fiscal year
2004. Further, Justice planned to spend $23.1 million for
modernization during fiscal year 2005, and expects fiscal year
2006 modernization costs to more than triple to $72.5 million. In
October 2004, the IG reported that little progress had been made
in implementing the new system and continued to report financial
management and systems as a top management challenge.65 Thus, it
is not clear why Justice should continue with its financial
systems development project when the cost is expected to
significantly escalate and significant challenges remain.
Further, the application service provider concept will still require that
agencies address long-standing human capital problems by incorporating
elements of strategic workforce planning such as (1) aligning an
organization's human capital program with its current and emerging mission
and programmatic goals and (2) developing long-term strategies for
acquiring, developing, and retaining an organization's total workforce to
meet the needs of the future. This includes a range of activities from
identifying and defining roles and responsibilities, to identifying team
members, to developing individual competencies that enhance performance.
To maintain and enhance the capabilities of IT staff, organizations should
develop and implement a human capital strategy that, among other things,
includes assessing competencies and skills needed to effectively perform
IT operations to support agency mission and goals, inventorying the
competencies and skills of current IT staff to identify gaps in needed
capabilities, and developing and implementing plans to fill the gap
between requirements and current staffing.
64Subsequent to our review, OMB officials told us that as part of their
oversight for the Justice project, Justice has agreed to consider an
application service provider solution and does not plan on applying to be
a designated center of excellence.
65Department of Justice Office of the Inspector General, Top Management
Challenges, Memorandum (Washington, D.C.: Oct. 13, 2004).
As we have testified,66 having sufficient numbers of people on board with
the right mix of knowledge and skills can make the difference between
success and failure. This is especially true in the IT area, where
widespread shortfalls in human capital have contributed to demonstrable
shortfalls in agency and program performance. According to Building the
Work Force Capacity to Successfully Implement Financial Systems,67 the
roles needed on an implementation team are consistent across financial
system implementation projects and include a project manager, systems
integrator, functional experts, information technology manager, and IT
analysts. Many of these roles require the dedication of full-time staff
for one or more of the project's phases.
Finally, sustained leadership will be key to a successful strategy for
moving federal agencies towards consolidated financial management systems.
In our Executive Guide: Creating Value Through World-class Financial
Management,68 we found that leading organizations made financial
management improvement an entitywide priority by, among other things,
providing clear, strong executive leadership. We also reported that making
financial management a priority throughout the federal government involves
changing the organizational culture of federal agencies. Although the
views about how an organization can change its culture can vary
considerably, leadership (executive support) is often viewed as the most
important factor in successfully making cultural changes. Top management
must be totally committed in both words and actions to changing the
culture, and this commitment must be sustained and demonstrated to staff.
In addition, a recent best practice guide on shared services69 stated that
it is not enough for management to merely support the financial
operations' shared service implementation-top management must provide the
leadership structure to ensure that the transition is successful. Because
the tenure of political appointees is relatively short, the current and
future administrations must continue a strong emphasis on top-notch
financial management.
66 GAO-01-1007T .
67JFMIP and the CFO Council issued this report in April 2002 that reviewed
human capital challenges related to implementing financial management
systems and identified strategies to meet the challenges.
68 GAO/AIMD-00-134 .
Disciplined Processes Will Help Ensure Successful Implementations
Key Issues
o How can existing industry standards and best practices be
incorporated into governmentwide guidance related to financial
management system implementation efforts, including migrating to an
application service provider?
o What actions will be taken to reduce the risks and costs associated
with data conversion and interface efforts?
o What oversight process will be used to ensure that modernization
efforts effectively implement the prescribed policies and procedures?
Once the concept of operations and standard business processes have been
defined and a migration strategy is in place, individual agencies will
have to work closely with the selected application service provider or
systems integrator to help ensure that the implementation is successful.
Although application service providers may provide a COTS solution,
effective implementation and testing processes are still required to
ensure that the system delivers the desired functionality on time and
within budget. As previously discussed, a partnership between the CIO and
CFO offices, as well as with those program management offices responsible
for financial or mixed systems such as payroll and inventory, is critical
for success. Agencies have frequently struggled to implement key best
practices when implementing COTS financial management systems. The key to
avoiding these long-standing implementation problems is to provide
specific guidance to agencies for financial management system
implementations, incorporating the best practices identified by the SEI,
the IEEE, the Project Management Institute, and other experts that have
been proven to reduce risk in implementing systems. Such guidance should
include the various disciplined processes such as requirements management,
testing, data conversion and system interfaces, risk and project
management, and related activities, which have been problematic in the
financial systems implementation projects we reviewed.
69Association of Government Accountants, Financial Management Shared
Services: A Guide for Federal Users (Alexandria, Va.: July 2005).
Disciplined processes have been shown to reduce the risks associated with
software development and acquisition efforts to acceptable levels and are
fundamental to successful system implementations. The principles of
disciplined IT systems development and acquisition of services apply to
shared services implementation. A disciplined software implementation
process can maximize the likelihood of achieving the intended results
(performance) within established resources (costs) on schedule. For
example, disciplined processes should be in place to address the areas of
data conversion and interfaces, two of the many critical elements
necessary to successfully implement a new system that have contributed to
the failure of previous agency efforts. The former JFMIP provided guidance
on data conversion, and the Configuration Control Subcommittee under the
CFO Council's Financial Systems Integration Committee was tasked with
focusing on interface requirements.70 However, a standard set of practices
will be needed to guide the migration from legacy systems to new systems
and application service providers. Further details on disciplined
processes needed can be found in appendix III.
In addition, oversight to help ensure that the disciplined processes are
in place and operating as intended will be a critical factor in the
success of the implementation of new and consolidated financial management
systems. Currently, OMB guidance71 requires agencies to have qualified
project managers and to use earned value management tools for major IT
investments. However, OMB only performs limited reviews of agencies'
financial management systems implementations. OFFM officials told us that
these reviews vary considerably in scope and that one of their goals is to
provide more structure to the reviews. OMB's review depends on the agency
and the phase of the project, and generally does not focus on
implementation of the disciplined processes used. Industry experts agree
that the best indicator of whether risks have been reduced to an
acceptable level is an assessment of the disciplined processes in place.
For example, in the area of requirements management, disciplined processes
would help ensure (1) the requirements document contains all the
requirements identified by the customer, as well as those needed for the
definition of the system, (2) the requirements fully describe the software
functionality to be delivered, (3) the requirements are stated in clear
terms that allow for quantitative evaluation, and (4) traceability among
various documents is maintained. Proper oversight would entail
verification of these requirements-related disciplined processes.
70Subsequent to our review, the December 16, 2005, OMB memorandum to CFOs
stated that the CFO Council's Financial Systems Integration Committee was
still evaluating its current subcommittee structure to assess whether
changes are needed to best meet its objectives.
71See OMB, Information Technology Project Manager Qualification Guidance,
M-04-19 (Washington, D.C.: July 21, 2004) and OMB Circular No. A-11,
Section 300.
In addition to problems with the structure and scope of OMB's current
system reviews, we noted that OFFM has a staff of only four employees
dedicated to reviewing federal executive branch agency projects to
implement financial management systems. These four staff also have other
time-consuming duties such as developing a coherent, coordinated
architecture and issuing federal financial system requirements. As a
result, the current level of detail in the existing system reviews is
necessarily limited. Moreover, there is limited follow-up by OMB on
suggested improvements they have made to agency officials, and there is
not any impetus for agencies to implement suggested improvements. For
example, OFFM officials told us that they advised an agency that there
were numerous disadvantages to deploying a new financial management system
mid-year. Nonetheless, the agency deployed the system at mid-year and has
faced problems by doing so. The FSIO also has a limited number of staff to
perform its numerous financial management policy and oversight activities
and is currently reassessing its priorities and available resources. Given
the range of OMB's leadership roles and its relatively small size as part
of the Executive Office of the President, it is not realistic to expect
OMB to be able to carry out a comprehensive review function. Instead,
agencies could be required to have their financial management system
projects undergo independent verification and validation reviews to ensure
that the projects adequately implemented the disciplined processes needed
to manage the risks to acceptable levels. OMB could then review reports
produced as a result of the independent verification and validation
process to leverage its oversight efforts. Accordingly, OMB could then
focus its oversight efforts on the projects with the greatest risks.
Conclusions
Because the federal government is one of the largest and most complex
organizations in the world, operating, maintaining, and modernizing its
financial management systems represent a monumental challenge-technically
and cost-wise. The past paradigm must be changed from one in which each
federal agency attempts to implement systems that, in many cases, are to
perform redundant functions and have all too often resulted in failure,
have been delayed, and cost too much. Thus, a more holistic governmentwide
approach as OMB has been advocating is necessary to address the key causes
of failure. OMB has recognized the seriousness of the problems. Its
primary initiative related to the use of a limited number of application
service providers is a step in the right direction. This initiative is in
the early stage and does not yet include basic elements that are integral
to its success. Based on industry best practices, the following four
concepts would help ensure a sound foundation for developing and
implementing a governmentwide solution for long-standing financial
management system implementation failures: (1) developing a concept of
operations that ties in other systems, (2) defining standard business
processes, (3) developing a strategy for ensuring that agencies are
migrated to a limited number of application service providers, and (4)
defining and effectively implementing applicable disciplined processes. As
pressure mounts to do more with less, to increase accountability, and to
reduce fraud, waste, abuse, and mismanagement, and efforts to reduce
federal spending intensify, sustained and committed leadership will be a
key factor in the successful implementation of these governmentwide
initiatives. However, regardless of the approach taken, the adherence to
disciplined processes in systems development and acquisition will be at
the core of successfully addressing the key causes of financial management
system implementation failures.
Recommendations for Executive Action
To help reduce the risks associated with financial management system
implementation efforts and facilitate the implementation of the financial
management line of business and JFMIP realignment initiatives across the
government, we recommend that the Director of OMB take the following 18
actions. This would entail placing a high priority on fully integrating
into its approach the following concepts and underlying key issues, all of
which are related to the fundamental disciplines in systems
implementation:
o Developing a concept of operations. This would include
o identifying the interrelationships among federal
financial systems and how the application service
provider concept fits into this framework,
o prescribing which financial management systems
should be operated at an agency level and which
should be operated at a governmentwide level and how
those would integrate, and
o defining financial management systems in the
Federal Enterprise Architecture to be more consistent
with the similar definitions used in FFMIA and OMB
Circulars No. A-11 and No. A-127.
o Defining standard business processes. This would include
o describing the standard business processes that
are needed to meet federal agencies' needs,
o developing a process to identify those that are
needed to meet unique agency needs,
o requiring application service providers to adopt
standard business processes to provide consistency,
and
o encouraging agencies to embrace new processes.
o Developing a strategy for ensuring that agencies are migrated
to a limited number of application service providers in accordance
with OMB's stated approach. This would include
o articulating a clear goal and criteria for
ensuring agencies are subject to the application
service provider concept and cannot continue
developing and implementing their own stove-piped
systems,
o establishing a migration path or time table for
when agencies should migrate to an application
service provider,
o providing the necessary information for an agency
to select an application service provider, and
o developing guidance to assist agencies in adopting
a change management strategy for moving to
application service providers.
o Defining and effectively implementing disciplined processes
necessary to properly manage the specific projects. This would
include
o providing specific guidance to agencies on
disciplined processes for financial system
implementations,
o providing a standard set of practices to guide the
migrations from legacy systems to new systems and
application service providers, and
o developing processes to facilitate oversight and
review that allow for a more structured review and
follow-up of agencies' financial system
implementation projects.
Agency Comments and Our Evaluation
We received written comments on a draft of this report from the Controller
of OMB, which are reprinted in appendix IV. The Controller agreed with our
recommendations and described the approach and steps that OMB is taking to
improve financial management system modernization efforts. As OMB moves
forward to address the recommendations in our report, it is important that
it prioritize its efforts and focus on the concepts and underlying key
issues we discussed, such as adequately defining and implementing
disciplined processes. We are encouraged that OMB plans to issue
additional guidance outlining the fundamental risk-reduction approaches
that agencies can implement when acquiring and implementing financial
systems. It will be critical that the guidance stresses the importance of
this standard set of practices. We continue to believe that careful
consideration of all the building blocks and key issues we identified will
be integral to the success of OMB's initiatives. OMB also provided
additional oral comments which we incorporated as appropriate.
We are sending copies of this report to the Chairman and Ranking Minority
Member, Senate Committee on Homeland Security and Governmental Affairs,
and other interested congressional committees. We are also sending a copy
to the Director of OMB. Copies will also be made available to others upon
request. The report will also be available at no charge on GAO's Web site
at http://www.gao.gov .
If you or your staff have any questions about this report, please contact
McCoy Williams, Director, Financial Management and Assurance, who may be
reached at (202) 512-9095 or by e-mail at [email protected] , or Keith A.
Rhodes, Chief Technologist, Applied Research and Methods, who may be
reached at (202) 512-6412 or by e-mail at [email protected] . Contact points
for our Offices of Congressional Relations and Public Affairs may be found
on the last page of this report. GAO staff who made major contributions to
this report are listed in appendix V.
McCoy Williams Director Financial Management and Assurance
Keith A. Rhodes Chief Technologist Applied Research and Methods Center for
Engineering and Technology
Appendix I: Scope and Methodology Appendix I: Scope and Methodology
To determine the key causes for financial management system implementation
failures, we conducted database searches of GAO and inspector general (IG)
Web sites to identify reports issued by any GAO teams or IGs that could be
relevant. We summarized and analyzed prior GAO reports on commercial
off-the-shelf financial management system implementations within the last
5 years. We performed a content analysis of the GAO and IG reports to
determine if causes for the financial management system implementation
problems were included. We discussed the relevant GAO report findings and
current status with the key staff that worked on the reports. In addition,
we identified other potential data sources, such as key industry groups
and well-known national experts for information they had on this topic. We
also interviewed key Office of Management and Budget (OMB) officials and
had discussions with other interested parties such as Chief Financial
Officers (CFO) Council representatives.
To identify the significant governmentwide initiatives that are currently
under way that impact financial management systems implementation
failures, we interviewed key OMB officials and reviewed relevant OMB
policies, guidance, and memorandums related to the initiatives. We also
interviewed CFO Council representatives to discuss the initiatives to
reform federal financial management systems. In addition, we interviewed
Office of Personnel Management officials to discuss their plans to migrate
to a financial management center of excellence. We also reviewed reports
from various authors and governmentwide forums where participants provided
their perspectives on governmentwide initiatives.
To provide our views on actions that can be taken to help improve the
management and control of agency financial management system modernization
efforts, we analyzed the GAO and IG reports we had identified as relevant
to the topic to highlight the actions called for in those reports.
Further, we reviewed material from key industry groups and national
experts to identify any potential solutions posed by those groups, lessons
learned, and relevant best practices. We took into consideration those
governmentwide initiatives that were currently under way and the
perspectives provided by authors and participants in governmentwide
forums. In addition, during our consultations with various GAO
stakeholders, and external groups such as OMB and the CFO Council, we
obtained their perspectives on the actions needed to address the problems.
We conducted our work in Washington, D.C., from January 2005 through
October 2005, in accordance with U.S. generally accepted government
auditing standards. We did not evaluate the federal government's overall
IT strategy or whether a particular agency selected the most appropriate
financial management system. Because we have previously provided agencies
with specific recommendations in individual reports, we are not making
additional recommendations to them in this report. We requested comments
on a draft of this report from the Director of OMB or his designee.
Written comments from OMB are reprinted in appendix IV and evaluated in
the Agency Comments and Our Evaluation section.
Appendix II: IG Reports Reviewed Appendix II: IG Reports Reviewed
Department of the Treasury Office of Inspector General. The Modernization
Program Is Establishing a Requirements Management Office to Address
Development and Management Problems. Reference No. 2005-20-023.
Washington, D.C.: January 19, 2005.
Department of Transportation Office of Inspector General. Consolidated
Financial Statements for Fiscal Years 2004 and 2003. Report FI-2005-009.
Washington, D.C.: November 15, 2004.
Department of Housing and Urban Development Office of Inspector General.
Fiscal Year 2004 Review of Information Systems Controls in Support of the
Financial Statements Audit. Report 2005-DP-0001. Washington, D.C.: October
19, 2004.
Department of Justice Office of Inspector General. The Drug Enforcement
Administration's Management of Enterprise Architecture and Information
Technology Investments. Report 04-36. Washington, D.C.: September 2004.
Department of Veterans Affairs Office of Inspector General. Issues at VA
Medical Center Bay Pines, Florida and Procurement and Deployment of the
Core Financial and Logistics System. Report 04-01371-177. Washington,
D.C.: August 11, 2004.
Department of Energy Office of Inspector General. Management of the
Federal Energy Regulatory Commission's Information Technology Program.
Report DOE/IG-0652. Washington, D.C.: June 2004.
Department of Justice Office of Inspector General. The Federal Bureau of
Investigation's Implementation of Information Technology Recommendations.
Report 03-36. Washington, D.C.: September 2003.
Small Business Administration Office of Inspector General. Audit of SBA's
Acquisition, Development and Implementation of the Joint Accounting and
Administrative Management System. Report 3-32. Washington, D.C.: June 30,
2003.
Department of Energy Office of Inspector General. Audit Report on Business
Management Information System. Report DOE/IG-0572. Washington, D.C.:
November 2002.
Department of the Interior Office of Inspector General. Developing the
Department of the Interior's Information Technology Capital Investment
Process: A Framework for Action. Report 2002-I-0038. Washington, D.C.:
August 2002.
Department of Defense Office of Inspector General. Development of the
Defense Finance and Accounting Service Corporate Database and other
Financial Management Systems. Report D-2002-014. Washington, D.C.:
November 7, 2001.
Department of Transportation Office of Inspector General. Implementing a
New Financial Management System. Report FI-2001-074. Washington, D.C.:
August 7, 2001.
Appendix III: D Appendix III: Disciplined Processes
Disciplined Processes Are Key to Successful Financial Management System
Implementation Efforts
Disciplined processes have been shown to reduce the risks associated with
software development and acquisition efforts to acceptable levels and are
fundamental to successful system implementations. A disciplined software
implementation process can maximize the likelihood of achieving the
intended results (performance) within established resources (costs) on
schedule. Although a standard set of practices that will guarantee success
does not exist, several organizations, such as the Software Engineering
Institute (SEI) and the Institute of Electrical and Electronic Engineers
(IEEE), and individual experts, have identified and developed the types of
policies, procedures, and practices that have been demonstrated to reduce
development time and enhance effectiveness. The key to having a
disciplined system development effort is to have disciplined processes in
multiple areas, including requirements management, testing, data
conversion and system interfaces, configuration management, risk
management, project management, and quality assurance.
Requirements Management
Requirements are the specifications that system developers and program
managers use to design, develop, and acquire a system. They need to be
carefully defined, consistent with one another, verifiable, and directly
traceable to higher-level business or functional requirements. It is
critical that they flow directly from the organization's concept of
operations (how the organization's day-to-day operations are or will be
carried out to meet mission needs).1
According to the IEEE, a leader in defining the best practices for such
efforts, good requirements have several characteristics, including the
following:2
o The requirements fully describe the software functionality to
be delivered. Functionality is a defined objective or
characteristic action of a system or component. For example, for
grants management, a key functionality includes knowing (1) the
funds obligated to a grantee for a specific purpose, (2) the cost
incurred by the grantee, and (3) the funds provided in accordance
with federal accounting standards.
o The requirements are stated in clear terms that allow for
quantitative evaluation. Specifically, all readers of a
requirement should arrive at a single, consistent interpretation
of it.
o Traceability among various requirement documents is maintained.
Requirements for projects can be expressed at various levels
depending on user needs. They range from agencywide business
requirements to increasingly detailed functional requirements that
eventually permit the software project managers and other
technicians to design and build the required functionality in the
new system. Adequate traceability ensures that a requirement in
one document is consistent with and linked to applicable
requirements in another document.
o The requirements document contains all of the requirements
identified by the customer, as well as those needed for the
definition of the system.
1According to IEEE Std. 1362-1998, a concept of operations document is
normally one of the first documents produced during a disciplined
development effort since it describes system characteristics for a
proposed system from the user's viewpoint. This is important since a good
concept of operations document can be used to communicate overall
quantitative and qualitative system characteristics to the user,
developer, and other organizational elements. This allows the reader to
understand the user organizations, missions, and organizational objectives
from an integrated systems point of view.
2IEEE Std. 830-1998.
Studies have shown that problems associated with requirements definition
are key factors in software projects that do not meet their cost,
schedule, and performance goals. Examples include the following:
o A 1988 study found that getting a requirement right in the
first place costs 50 to 200 times less than waiting until after
the system is implemented to get it right.3
o A 1994 survey of more than 8,000 software projects found that
the top three reasons that projects were delivered late, over
budget, and with less functionality than desired all had to do
with requirements management.4
o A 1994 study found that, on average, there is about a
25-percent increase in requirements over a project's lifetime,
which translates into at least a 25-percent increase in the
schedule.5
o A 1997 study noted that between 40 and 60 percent of all
defects found in a software project could be traced back to errors
made during the requirements development stage.6
3Barry W. Boehm and Philip N. Papaccio, "Understanding and Controlling
Software Costs," IEEE Transactions on Software Engineering, vol. 14, no.
10 (1988).
4The Standish Group, Charting the Seas of Information Technology (Dennis,
Mass.: The Standish Group, 1994).
Testing
Testing is the process of executing a program with the intent of finding
errors.7 Because requirements provide the foundation for system testing,
they must be complete, clear, and well documented to design and implement
an effective testing program. Absent this, an organization is taking a
significant risk that substantial defects will not be detected until after
the system is implemented. As shown in figure 2, there is a direct
relationship between requirements and testing.
5Caper Jones, Assessment and Control of Software Risks (Englewood Cliffs,
N.J.: Yourdon Press, 1994).
6Dean Leffingwell, "Calculating the Return on Investment from More
Effective Requirements Management," American Programmer (1997).
7Glenford J. Myers, The Art of Software Testing (N.Y.: John Wiley & Sons,
Inc., 1979).
Figure 2: Relationship between Requirements Development and Testing
Although the actual testing occurs late in the development cycle, test
planning can help disciplined activities reduce requirements-related
defects. For example, developing conceptual test cases based on the
requirements derived from the concept of operations and functional
requirements stages can identify errors, omissions, and ambiguities long
before any code is written or a system is configured. Disciplined
organizations also recognize that planning the testing activities in
coordination with the requirements development process has major benefits.
Although well-defined requirements are critical for implementing a
successful testing program, disciplined testing efforts for projects have
several characteristics,8 which include the following:
o Testers who assume that the program has errors are likely to
find a greater percentage of the defects present in the system.
This is commonly called the testing mindset.
o Test plans and scripts that clearly define what the expected
results should be when the test case is properly executed and the
program does not have a defect that would be detected by the test
case. This helps to ensure that defects are not mistakenly
accepted.
o Processes that ensure test results are thoroughly inspected.
o Test cases that include exposing the system to invalid and
unexpected conditions as well as the valid and expected
conditions. This is commonly referred to as boundary condition
testing.
o Testing processes that determine if a program has unwanted side
effects. For example, a process should update the proper records
correctly but should not delete other records.
o Systematic gathering, tracking, and analyzing statistics on the
defects identified during testing.
Although these processes may appear obvious, they are often overlooked in
testing activities.9
8Testing covers a variety of activities. The discussion of the testing
processes in this appendix has been tailored to selected aspects of system
implementation efforts and is not intended to provide a comprehensive
discussion of all the processes that are required or the techniques that
can be used to accomplish a disciplined testing process.
9Glendford J. Myers, The Art of Software Testing.
Data Conversion and System Interfaces
Data conversion is defined as the modification of existing data to enable
them to operate with similar functional capability in a different
environment.10 It is one of the many critical elements necessary to
successfully implement a new system. Because of the difficulty and
complexity associated with financial systems data conversion, highly
skilled staff are needed. There are three primary phases in a data
conversion:
1. Pre-conversion activities prior to and leading up to the
conversion, such as determining the scope and approach or method,
developing the conversion plan, performing data cleanup and
validation, ensuring data integrity, and conducting necessary
analysis and testing.
2. Cutover activities to convert the legacy data to the new
system, such as testing system process and data edits, testing
system interfaces (both incoming and outgoing), managing the
critical path, supervising workload completion, and
reconciliation.
3. Post-installation activities such as verifying data integrity,
conducting final disposition of the legacy system data, and
monitoring the first reporting cycle.
There are also specific issues that apply uniquely to converting data as
part of the replacement of a financial system, including
o identifying specific open transactions and balances to be
established,
o analyzing and reconciling transactions for validation purposes,
and
o establishing transactions and balances in the new system
through an automated or manual process.
Further, consideration of various data conversion approaches and
implications are important. Some considerations to be taken into account
for the system conversion are the timing of the conversion
(beginning-of-the-year, mid-year, or incremental) and other options such
as direct or flash conversions, parallel operations, and pilot
conversions. In addition, agencies should consider different data
conversion options for different categories of data when determining the
scope and time lines such as
10Joint Financial Management Improvement Program, White Paper: Financial
Systems Data Conversion-Considerations (Washington, D.C.: Dec. 20, 2002).
o opting not to conduct a data conversion,
o processing new transactions and activity only,
o establishing transaction balances in the new system for
reporting purposes,
o converting open transactions from the legacy system, and
o recording new activity on closed prior year transactions.
Validation and adjustment of open transactions and data in the legacy
system are essential prerequisites to the conversion process and have
often been problematic. When data conversion is done right, the new system
can flourish. However, converting data incorrectly has lengthy and
long-term repercussions.
System interfaces operate on an ongoing basis linking various systems and
provide data that are critical to day-to-day operations, such as
obligations, disbursements, purchase orders, requisitions, and other
procurement activities. Testing the system interfaces in an end-to-end
manner is necessary so agencies can have reasonable assurance that the
system will be capable of providing the intended functionality. Systems
that lack appropriate system interfaces often rely on manual reentry of
data into multiple systems, convoluted systems, or both. According to the
SEI, a widely recognized model for evaluating the interoperability of
systems is the Levels of Information System Interoperability. This model
focuses on the increasing levels of sophistication of system
interoperability. Efforts at the highest level of this
model-enterprise-based interoperability-are systems that can provide
multiple users access to complex data simultaneously, data and
applications are fully shared and distributed, and data have a common
interpretation regardless of format. This is in contrast to the
traditional interface strategies that are more aligned with the lowest
level of the SEI model. Data exchanged at this level rely on electronic
links that result in a simple electronic exchange of data.
Configuration Management
According to the SEI, configuration management is defined as a discipline
applying technical and administrative direction and surveillance to (1)
identify and document the functional and physical characteristics of a
configuration item, (2) control changes to those characteristics, (3)
record and report change processing and implementation status, and (4)
verify compliance with specified requirements.11 The purpose of
configuration management is to establish and maintain the integrity of
work products. Configuration management involves the processes of
11IEEE Std. 610-1990.
o identifying the configuration of selected work products that
compose the baselines at given points in time,
o controlling changes to configuration items,
o building or providing specifications to build work products
from the configuration management system,
o maintaining the integrity of baselines, and
o providing accurate status and current configuration data to
developers, integrators, and end users.
The work products placed under configuration management include the
products that are delivered to the customer, designated internal work
products, acquired products, tools, and other items that are used in
creating and describing these work products.
For COTS systems, configuration management focuses on ensuring that
changes to the requirements or components of a system are strictly
controlled to ensure the integrity and consistency of system requirements
or components. Two of the key activities for configuration management
include ensuring that (1) project plans explicitly provide for evaluation,
acquisition, and implementation of new, often frequent, product releases12
and (2) modification or upgrades to deployed versions of system components
are centrally controlled, and unilateral user release changes are
precluded. Configuration management recognizes that when using COTS
products, it is the vendor, not the acquisition or implementing
organization, that controls the release of new versions and that new
versions are frequently released.
Risk Management
Risk and opportunity are inextricably related. Although developing
software is a risky endeavor, risk management processes should be used to
manage the project's risks to acceptable levels by taking the actions
necessary to mitigate the adverse effects of significant risks before they
threaten the project's success. If a project does not effectively manage
its risks, then the risks will manage the project.
12Donald J. Reifer, Victor R. Basili, Barry W. Boehm, and Betsy Clark,
"COTS-Based Systems-Twelve Lessons Learned about Maintenance."
(Presentation, 3rd International Conference on COTS-Based Software
Systems, Redondo Beach, Calif., Feb. 4, 2004.)
Risk management is a set of activities for identifying, analyzing,
planning, tracking, and controlling risks. Risk management starts with
identifying the risks before they can become problems. If this step is not
performed well, then the entire risk management process may become a
useless exercise since one cannot manage something that one does not know
anything about. As with the other disciplined processes, risk management
is designed to eliminate the effects of undesirable events at the earliest
possible stage to avoid the costly consequences of rework.
After the risks are identified, they need to be analyzed so that they can
be better understood and decisions can be made about what actions, if any,
will be taken to address them. Basically, this step includes activities
such as evaluating the impact on the project if the risk does occur,
determining the probability of the event occurring, and prioritizing the
risk against the other risks. Once the risks are analyzed, a risk
management plan is developed that outlines the information known about the
risks and the actions, if any, which will be taken to mitigate those
risks. Risk monitoring is a continuous process because both the risks and
actions planned to address identified risks need to be monitored to ensure
that the risks are being properly controlled and that new risks are
identified as early as possible. If the actions envisioned in the plan are
not adequate, then additional controls are needed to correct the
deficiencies identified.
Project Management
Effective project management is the process for planning and managing all
project-related activities, such as defining how components are
interrelated, defining tasks, estimating and obtaining resources, and
scheduling activities. Project management allows the performance, cost,
and schedule of the overall program to be continually measured, compared
with planned objectives, and controlled. Project management activities
include planning, monitoring, and controlling the project.
Project planning is the process used to establish reasonable plans for
carrying out and managing the software project. This includes (1)
developing estimates of the resources needed for the work to be performed,
(2) establishing the necessary commitments, and (3) defining the plan
necessary to perform the work. Effective planning is needed to identify
and resolve problems as soon as possible, when it is the cheapest to fix
them. According to one author, the average project expends about 80
percent of the time on unplanned rework-fixing mistakes that were made
earlier in the project. Recognizing that mistakes will be made in a
project is an important part of planning. According to this author,
successful system development activities are designed so that the project
team makes a carefully planned series of small mistakes to avoid making
large, unplanned mistakes. For example, spending the time to adequately
analyze three design alternatives before selecting one results in time
spent analyzing two alternatives that were not selected. However,
discovering that a design is inadequate after development can result in
code that must be rewritten, at a cost greater than analyzing the three
alternatives in the first place. This same author notes that a good rule
of thumb is that each hour a developer spends reviewing project
requirements and architecture saves 3 to 10 hours later in the project.13
Project monitoring and control help to understand the progress of the
project and determine when corrective actions are needed based on the
project's performance. Best business practices indicate that a key facet
of project management and oversight is the ability to effectively monitor
and evaluate a project's actual performance, cost, and schedule against
what was planned.14 In order to perform this critical task, the
accumulation of quantitative data or metrics is required and can be used
to evaluate a project's performance. An effective project management and
oversight process uses quantitative data or metrics to understand matters
such as (1) whether the project plan needs to be adjusted and (2)
oversight actions that may be needed to ensure that the project meets its
stated goals and complies with agency guidance. For example, an earned
value management system is one metric that can be employed to better
manage and oversee a system project.15 An earned value management system
attempts to compare the value of work accomplished during a given period
with the work scheduled for that period. With ineffective project
oversight, management can only respond to problems as they arise.
13Steve McConnell, Software Project Survival Guide (Redmond, Wash.:
Microsoft Press, 1998).
14GAO, Information Technology: DOD's Acquisition Policies and Guidance
Need to Incorporate Additional Best Practices and Controls, GAO-04-722
(Washington, D.C.: July 30, 2004).
15According to Office of Management and Budget Circular No. A-11, earned
value management is a project (investment) management tool that
effectively integrates the investment scope of work with schedule and cost
elements for optimum investment planning and control. Agencies must
demonstrate use of an earned value management system that meets American
National Standards Institute/ Electronic Industries Alliance Standard 748,
for both government and contractor costs, for those parts of the total
investment that require development efforts (e.g., prototypes and testing
in the planning phase and development efforts in the acquisition phase)
and show how close the investment is to meeting the approved cost,
schedule, and performance goals. In addition, agencies must provide an
explanation for any cost or schedule variances that are more than plus or
minus 10 percent.
Agency management can also perform oversight functions, such as project
reviews and participation in key meetings, to help ensure that the project
will meet the agency needs. Management can use independent verification
and validation reviews to provide it with assessments of the project's
software deliverables and processes. Although independent of the
developer, verification and validation is an integral part of the overall
development program and helps management mitigate risks. This core element
involves having an independent third party-such as an internal audit
function or a contractor that is not involved with any of the system
implementation efforts-verify and validate that the systems were
implemented in accordance with the established business processes and
standards. Doing so provides agencies with needed assurance about the
quality of the system, which is discussed in more detail in the following
section.
Quality Assurance
Quality assurance is defined as a set of procedures designed to ensure
that quality standards and processes are adhered to and that the final
product meets or exceeds the required technical and performance
requirements. Quality assurance is a widely used approach in the software
industry to improve upon product delivery and the meeting of customer
requirements and expectations. The SEI indicates that quality assurance
should begin in the early phases of a project to establish plans,
processes, standards, and procedures that will add value to the project
and satisfy the requirements of the project and the organizational
policies. Quality assurance provides independent assessments, typically
performed by an independent verification and validation or internal audit
team, of whether management process requirements are being followed and
whether product standards and requirements are being satisfied. Some of
the widely used quality assurance activities include defect tracking,
technical reviews, and system testing.
o Defect tracking-keeping a record of each defect found, its
source, when it was detected, when it was resolved, how it was
resolved (fixed or not), and so on.
o Technical reviews-reviewing user interface prototypes,
requirements specifications, architecture, designs, and all other
technical work products.
o System testing-executing software for the purpose of finding
defects, typically performed by an independent test organization
or quality assurance group.
According to one author, quality assurance activities might seem to result
in a lot of overhead, but in actuality, exactly the opposite is true.16 If
defects can be prevented or removed early, a significant schedule benefit
can be realized. For example, studies have shown that reworking defective
requirements, design, and code typically consumes 40 to 50 percent of the
total costs of software development projects.17 An effective quality
assurance approach is to detect as many defects as possible as early as
possible to keep the costs of corrections down. However, enormous amounts
of time can be saved by detecting defects earlier than during system
testing.
16Steve McConnell, Software Project Survival Guide.
17Steve McConnell, Rapid Development: Taming Wild Software Schedules
(Redmond, Wash.: Microsoft Press, 1996).
Appendix IV: Comments from the Office of Management and Budget Appendix
IV: Comments from the Office of Management and Budget
AA Appendix V: GAO Contacts and Staff Acknowledgments
GAO Contacts
McCoy Williams (202) 512-9095 or [email protected] Keith A. Rhodes (202)
512-6412 or [email protected]
Staff Acknowledgments
In addition to the contacts named above, Kay Daly, Assistant Director;
Chris Martin, Senior-Level Technologist; Francine DelVecchio; Mike
LaForge; and Chanetta Reed made key contributions to this report.
Related GAO Products Related GAO Products
DOD Business Systems Modernization: Navy ERP Adherence to Best Business
Practices Critical to Avoid Past Failures. GAO-05-858 . Washington, D.C.:
September 29, 2005.
Financial Management: Achieving FFMIA Compliance Continues to Challenge
Agencies. GAO-05-881 . Washington, D.C.: September 20, 2005.
Business Modernization: Some Progress Made toward Implementing GAO
Recommendations Related to NASA's Integrated Financial Management Program.
GAO-05-799R . Washington, D.C.: September 9, 2005.
Business Systems Modernization: Internal Revenue Service's Fiscal Year
2005 Expenditure Plan. GAO-05-774 . Washington, D.C.: July 22, 2005.
DOD Business Systems Modernization: Long-standing Weaknesses in Enterprise
Architecture Development Need to Be Addressed. GAO-05-702 . Washington,
D.C.: July 22, 2005.
Army Depot Maintenance: Ineffective Oversight of Depot Maintenance
Operations and System Implementation Efforts. GAO-05-441 . Washington,
D.C.: June 30, 2005.
DOD Business Systems Modernization: Billions Being Invested without
Adequate Oversight. GAO-05-381 . Washington, D.C.: April 29, 2005.
Internal Revenue Service: Assessment of the Fiscal Year 2006 Budget
Request. GAO-05-566 . Washington, D.C.: April 27, 2005.
Information Technology: OMB Can Make More Effective Use of Its Investment
Reviews. GAO-05-276 . Washington, D.C.: April 15, 2005.
Information Technology: Customs Automated Commercial Environment Program
Progressing, but Need for Management Improvements Continues. GAO-05-267 .
Washington, D.C.: March 14, 2005.
Office of Personnel Management: Retirement Systems Modernization Program
Faces Numerous Challenges. GAO-05-237 . Washington, D.C.: February 28,
2005.
DOD Systems Modernization: Management of Integrated Military Human Capital
Program Needs Additional Improvements. GAO-05-189 . Washington, D.C.:
February 11, 2005. Department of Defense: Further Actions Are Needed to
Effectively Address Business Management Problems and Overcome Key Business
Transformation Challenges. GAO-05-140T . Washington, D.C.: November 18,
2004.
Business Systems Modernization: IRS's Fiscal Year 2004 Expenditure Plan.
GAO-05-46 . Washington, D.C.: November 17, 2004.
Financial Management: Improved Financial Systems Are Key to FFMIA
Compliance. GAO-05-20 . Washington, D.C.: October 1, 2004.
Financial Management Systems: HHS Faces Many Challenges in Implementing
Its Unified Financial Management System. GAO-04-1089T . Washington, D.C.:
September 30, 2004.
Financial Management Systems: Lack of Disciplined Processes Puts
Implementation of HHS' Financial System at Risk. GAO-04-1008 . Washington,
D.C.: September 23, 2004.
Information Technology: DOD's Acquisition Policies and Guidance Need to
Incorporate Additional Best Practices and Controls. GAO-04-722 .
Washington, D.C.: July 30, 2004.
Department of Defense: Financial and Business Management Transformation
Hindered by Long-standing Problems. GAO-04-941T . Washington, D.C.: July
8, 2004.
Information Security: Agencies Need to Implement Consistent Processes in
Authorizing Systems for Operation. GAO-04-376 . Washington, D.C.: June 28,
2004.
DOD Business Systems Modernization: Billions Continue to Be Invested with
Inadequate Management Oversight and Accountability. GAO-04-615 .
Washington, D.C.: May 27, 2004.
Information Technology: The Federal Enterprise Architecture and Agencies'
Enterprise Architectures Are Still Maturing. GAO-04-798T . Washington,
D.C.: May 19, 2004.
National Aeronautics and Space Administration: Significant Actions Needed
to Address Long-standing Financial Management Problems. GAO-04-754T .
Washington, D.C.: May 19, 2004.
DOD Business Systems Modernization: Limited Progress in Development of
Business Enterprise Architecture and Oversight of Information Technology
Investments. GAO-04-731R . Washington, D.C.: May 17, 2004.
Information Technology: Early Releases of Customs Trade System Operating,
but Pattern of Cost and Schedule Problems Needs to Be Addressed.
GAO-04-719 . Washington, D.C.: May 14, 2004.
Information Technology Investment Management: A Framework for Assessing
and Improving Process Maturity (Version 1.1). GAO-04-394G . Washington,
D.C.: March 2004.
Information Technology Management: Governmentwide Strategic Planning,
Performance Measurement, and Investment Management Can Be Further
Improved. GAO-04-49 . Washington, D.C.: January 12, 2004.
Human Capital: Key Principles for Effective Strategic Workforce Planning.
GAO-04-39 . Washington, D.C.: December 11, 2003.
Business Modernization: NASA's Challenges in Managing Its Integrated
Financial Management Program. GAO-04-255 . Washington, D.C.: November 21,
2003.
Business Modernization: NASA's Integrated Financial Management Program
Does Not Fully Address Agency's External Reporting Issues. GAO-04-151 .
Washington, D.C.: November 21, 2003.
Business Modernization: Disciplined Processes Needed to Better Manage
NASA's Integrated Financial Management Program. GAO-04-118 . Washington,
D.C.: November 21, 2003.
Information Technology: Architecture Needed to Guide NASA's Financial
Management Modernization. GAO-04-43 . Washington, D.C.: November 21, 2003.
Information Technology: Leadership Remains Key to Agencies Making Progress
on Enterprise Architecture Efforts. GAO-04-40 . Washington, D.C.: November
17, 2003.
DOD Business Systems Modernization: Important Progress Made to Develop
Business Enterprise Architecture, but Much Work Remains. GAO-03-1018 .
Washington, D.C.: September 19, 2003. Business Systems Modernization: IRS
Has Made Significant Progress in Improving Its Management Controls, but
Risks Remain. GAO-03-768 . Washington, D.C.: June 27, 2003.
Business Modernization: Improvements Needed in Management of NASA's
Integrated Financial Management Program. GAO-03-507 . Washington, D.C.:
April 30, 2003.
Department of Housing and Urban Development: Status of Efforts to
Implement an Integrated Financial Management System. GAO-03-447R .
Washington, D.C.: April 9, 2003.
Information Technology: A Framework for Assessing and Improving Enterprise
Architecture Management (Version 1.1). GAO-03-584G . Washington, D.C.:
April 2003.
DOD Business Systems Modernization: Continued Investment in Key Accounting
Systems Needs to be Justified. GAO-03-465 . Washington, D.C.: March 28,
2003.
DOD Business Systems Modernization: Improvements to Enterprise
Architecture Development and Implementation Efforts Needed. GAO-03-458 .
Washington, D.C.: February 28, 2003.
Customs Service Modernization: Automated Commercial Environment
Progressing, but Further Acquisition Management Improvements Needed.
GAO-03-406 . Washington, D.C.: February 28, 2003.
Customs Service Modernization: Third Expenditure Plan Meets Legislative
Conditions, but Cost Estimating Improvements Needed. GAO-02-908 .
Washington, D.C.: August 9, 2002.
DOD Financial Management: Important Steps Underway but Reform Will Require
a Long-term Commitment. GAO-02-784T . Washington, D.C.: June 4, 2002.
Customs Service Modernization: Management Improvements Needed on High-Risk
Automated Commercial Environment Project. GAO-02-545 . Washington, D.C.:
May 13, 2002.
Tax Administration: IRS Continues to Face Management Challenges in its
Business Practices and Modernization Efforts. GAO-02-619T . Washington,
D.C.: April 15, 2002.
Business Systems Modernization: IRS Needs to Better Balance Management
Capacity with Systems Acquisition Workload. GAO-02-356 . Washington, D.C.:
February 28, 2002.
Human Capital: Building the Information Technology Workforce to Achieve
Results. GAO-01-1007T . Washington, D.C.: July 31, 2001.
Business Systems Modernization: Results of Review of IRS' March 2001
Expenditure Plan. GAO-01-716 . Washington, D.C.: June 29, 2001.
Information Technology: DLA Should Strengthen Business Systems
Modernization Architecture and Investment Activities. GAO-01-631 .
Washington, D.C.: June 29, 2001.
Customs Service Modernization: Results of Review of First Automated
Commercial Environment Expenditure Plan. GAO-01-696 . Washington, D.C.:
June 5, 2001.
Information Technology: Architecture Needed to Guide Modernization of
DOD's Financial Operations. GAO-01-525 . Washington, D.C.: May 17, 2001.
District of Columbia: Weaknesses in Financial Management System
Implementation. GAO-01-489 . Washington, D.C.: April 30, 2001.
Tax Systems Modernization: Results of Review of IRS' Third Expenditure
Plan. GAO-01-227 . Washington, D.C.: January 22, 2001.
Tax Systems Modernization: Results of Review of IRS' August 2000 Interim
Spending Plan. GAO-01-91 . Washington, D.C.: November 8, 2000.
Indian Trust Funds: Improvements Made in Acquisition of New Asset and
Accounting System But Significant Risks Remain. GAO/AIMD-00-259 .
Washington, D.C.: September 15, 2000.
Tax Systems Modernization: Results of Review of IRS' March 7, 2000,
Expenditure Plan. GAO/AIMD-00-175 . Washington, D.C.: May 24, 2000.
Executive Guide: Creating Value Through World-class Financial Management.
GAO/AIMD-00-134 . Washington, D.C.: April 2000.
Indian Trust Funds: Interior Lacks Assurance That Trust Improvement Plan
Will Be Effective. GAO/AIMD-99-53 . Washington, D.C.: April 28, 1999.
Federal Information System Controls Audit Manual, Volume I: Financial
Statement Audits. GAO/AIMD-12.19.6. Washington, D.C.: January 1999.
District of Columbia: Status of Efforts to Develop a New Financial
Management System. GAO/AIMD-97-101R . Washington, D.C.: July 9, 1997.
Information Security: Opportunities for Improved OMB Oversight of Agency
Practices. GAO/AIMD-96-110 . Washington, D.C.: September 24, 1996.
(192162)
GAO's Mission
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts newly
released reports, testimony, and correspondence on its Web site. To have
GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061
To Report Fraud, Waste, and Abuse in Federal Programs
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: [email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470
Congressional Relations
Gloria Jarmon, Managing Director, [email protected] (202) 512-4400
U.S. Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548
Public Affairs
Paul Anderson, Managing Director, [email protected] (202) 512-4800 U.S.
Government Accountability Office, 441 G Street NW, Room 7149 Washington,
D.C. 20548
*** End of document. ***