Information Technology: Agencies and OMB Should Strengthen
Processes for Identifying and Overseeing High Risk Projects
(15-JUN-06, GAO-06-647).
In August 2005, the Office of Management and Budget (OMB) issued
a memorandum directing agencies to identify high risk information
technology (IT) projects and provide quarterly reports on those
with performance shortfalls--projects that did not meet criteria
established by OMB. GAO was asked to (1) provide a summary
identifying by agency the number of high risk projects, their
proposed budget for fiscal year 2007, agency reasons for the high
risk designation, and reported performance shortfalls; (2)
determine how high risk projects were identified and updated and
what processes and procedures have been established to
effectively oversee them; and (3) determine the relationship
between the high risk list and OMB's Management Watch List--those
projects that OMB determines need improvements associated with
key aspects of their budget justifications.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-06-647
ACCNO: A55604
TITLE: Information Technology: Agencies and OMB Should
Strengthen Processes for Identifying and Overseeing High Risk
Projects
DATE: 06/15/2006
SUBJECT: Evaluation criteria
Information technology
Performance management
Program evaluation
Risk management
Strategic planning
Reporting requirements
Performance measures
Corrective action
Policies and procedures
OMB High Risk List
OMB Management Watch List
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-06-647
* PDF6-Ordering Information.pdf
* Order by Mail or Phone
United States Government Accountability Office
Report to the Chairman, Committee on
GAO
Government Reform, House of Representatives
June 2006
INFORMATION TECHNOLOGY
Agencies and OMB Should Strengthen Processes for Identifying and Overseeing High
Risk Projects
GAO-06-647
INFORMATION TECHNOLOGY
Agencies and OMB Should Strengthen Processes for Identifying and
Overseeing High Risk Projects
What GAO Found
In response to OMB's August 2005 memorandum, the 24 major agencies
identified 226 IT projects as high risk, totaling about $6.4 billion in
funding requested for fiscal year 2007. Agencies identified most projects
as high risk because their delay or failure would impact the essential
business functions of the agency. In addition, agencies reported that
about 35 percent of the high risk projects-or 79 investments-had a
performance shortfall, meaning the project did not meet one or more of
these four criteria: establishing clear baselines, maintaining cost and
schedule variances within 10 percent, assigning a qualified project
manager, and avoiding duplication with other investments (see figure).
Number of High Risk Projects with and without Performance Shortfalls (as
of March 2006) Number of projects
30 25 20 15 10 5
DASU
DefEducatione
y
SHHtatS
eDOLDOJDOIHUDSDHASGASNAOPMNRC BASNS
F
SSDA
ce
tation y
A
VA
sen
gEnerursrea
EP
AISU
er
Comm
porsran
T
T
Agency
Source: GAO analysis of 24 CFO agencies' March 2006 high risk reports.
Although agencies, with OMB's assistance, generally evaluated their IT
portfolio against the criteria specified by OMB to identify their high
risk projects, the criteria were not always consistently applied.
Accordingly, GAO identified several projects that appeared to meet OMB's
definition for high risk but were not determined by agencies to be high
risk. In addition, OMB does not define a process for updating high risk
projects. As a result, agencies had inconsistent updating procedures.
Regarding oversight of these projects, agencies either established special
procedures or used their existing investment management processes. OMB
staff stated that they review the projects' performance and corrective
actions planned. However, OMB has not compiled the projects into a single
aggregate list, which would serve as a tool to analyze and track the
projects on a governmentwide basis.
High risk projects and Management Watch List projects are identified using
different criteria. The former is meant to track the management and
performance of projects, while the latter focuses on an agency's project
planning. Both sets of projects require attention because of their
importance in supporting critical functions and the likelihood that their
performance problems could potentially result in billions of taxpayers'
dollars being wasted if the problems are not detected early.
United States Government Accountability Office
Contents
Letter 1
Results in Brief 3 Background 5 Federal Agencies Identified 226 Projects
as High Risk 11 Processes Exist to Identify and Oversee High Risk
Projects, but
Opportunities Exist to Improve These Processes 16 High Risk and Management
Watch List Projects Identified Using
Different Criteria 22 Conclusions 23 Recommendations for Executive Action
24 Agency Comments and Our Evaluation 25
Appendix I Objectives, Scope, and Methodology
Appendix II Comments from the Office of Management and Budget
Appendix III Summary of High Risk IT Projects by Department or Agency
Appendix IV GAO Contact and Staff Acknowledgments
Tables
Table 1: Management Watch List Budget for Fiscal Years 2004,
2005, 2006, and 2007 8 Table 2: Number of Projects on Management Watch
List for Fiscal
Years 2004, 2005, 2006, and 2007 9 Table 3: Number of High Risk Projects
and Funding by
Department/Agency 12 Table 4: Reasons for High Risk Designation by
Department/Agency 13 Table 5: Summary of High Risk Projects for the
Department of
Agriculture 31 Table 6: Summary of High Risk Projects for the Department
of
Commerce 33 Table 28: Summary of High Risk Projects for the U.S. Agency
for International Development
Table 7: Summary of High Risk Projects for the Department of
Defense 34
Table 8: Summary of High Risk Projects for the Department of
Education 36
Table 9: Summary of High Risk Projects for the Department of
Energy 38
Table 10: Summary of High Risk Projects for the Department of
Health and Human Services 39
Table 11: Summary of High Risk Projects for the Department of
Homeland Security 41
Table 12: Summary of High Risk Projects for the Department of
Housing and Urban Development 44
Table 13: Summary of High Risk Projects for the Department of
Interior 45
Table 14: Summary of High Risk Projects for the Department of
Justice 46
Table 15: Summary of High Risk Projects for the Department of
Labor 47
Table 16: Summary of High Risk Projects for the Department of
State 48
Table 17: Summary of High Risk Projects for the Department of
Transportation 50
Table 18: Summary of High Risk Projects for the Department of
Treasury 52
Table 19: Summary of High Risk Projects for the Department of
Veterans Affairs 53
Table 20: Summary of High Risk Projects for the Environmental
Protection Agency 57
Table 21: Summary of High Risk Projects for the General Services
Administration 58
Table 22: Summary of High Risk Projects for the National
Aeronautics and Space Administration 59
Table 23: Summary of High Risk Projects for the National Science
Foundation 61
Table 24: Summary of High Risk Projects for the Nuclear
Regulatory Commission 62
Table 25: Summary of High Risk Projects for the Office of
Personnel Management 63
Table 26: Summary of High Risk Projects for Small Business
Administration 66
Table 27: Summary of High Risk Projects for the Social Security
Administration 68
Figures
Figure 1: Reported Data for Projects with Performance 15
Shortfalls
Figure 2: Number of Agencies High Risk Projects with and
without
Performance Shortfalls (as of March 2006) 16
Abbreviations
CFO chief financial officer
CIO chief information officer
EVM earned value management
IT information technology
LOB line of business
OMB Office of Management and Budget
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
United States Government Accountability Office Washington, DC 20548
June 15, 2006
The Honorable Tom Davis Chairman Committee on Government Reform House of
Representatives
Dear Mr. Chairman:
The federal government increasingly relies on information technology (IT)
systems to provide essential services affecting the health, economy, and
defense of the nation. To assist in providing these important services,
the President's budget request for fiscal year 2007 proposed approximately
$64 billion for IT projects. In the budget request, the Office of
Management and Budget (OMB) stated that about 30 percent of 857 major IT
projects needed improvements in key aspects of their budget justifications
and consequently were placed on the Management Watch List. OMB began using
this tool, initially referred to as the At-Risk List, in the fiscal year
2004 budget request, as a means to monitor the performance of agencies' IT
investments.
In April 2005,1 we reported on OMB's processes and criteria for including
IT projects on its Management Watch List. We reported that although these
processes allowed OMB to identify opportunities to strengthen investments
and promote improvements in IT management, OMB had not compiled a single,
aggregate list identifying these projects and their weaknesses, nor had it
developed a structured, consistent process for deciding how to follow up
on corrective actions. Accordingly, we recommended that OMB develop a
central list of projects and their deficiencies.
To continue to ensure that taxpayers' dollars were being invested wisely,
in August 2005 OMB issued a memorandum directing federal agencies to
identify high risk IT projects-those requiring special attention from
oversight authorities and the highest level of agency management because
of one or more of four reasons. The reasons are (1) the agency failed to
1
GAO, Information Technology: OMB Can Make More Effective Use of Its
Investment Reviews, GAO-05-276 (Washington, D.C.: April 15, 2005).
Page 1 GAO-06-647 High Risk IT Projects
demonstrate the ability to manage complex projects; (2) the projects had
exceptionally high development, operating, or maintenance costs; (3) the
projects are addressing deficiencies in the agencies' ability to perform
mission critical business functions; or (4) the projects' delay or failure
would impact the agencies' essential business functions. The memorandum
also required agencies to begin, in September 2005, to provide quarterly
reports to OMB on identified high risk projects that had performance
shortfalls, meaning that they did not meet one or more of four performance
evaluation criteria. The performance criteria are (1) establishing
baselines with clear cost, schedule, and performance goals;
(2) maintaining the project's cost and schedule variances within 10
percent; (3) assigning a qualified project manager; or (4) avoiding
duplication by leveraging interagency and governmentwide investments.
To gain insight into the processes for identifying and overseeing these
high risk projects, our objectives were to (1) provide a summary of high
risk projects that identifies by agency the number of high risk projects,
their proposed budget for fiscal year 2007, agency reasons for the high
risk designation, and reported performance shortfalls; (2) determine how
high risk projects were identified and updated and what processes and
procedures have been established to effectively oversee them; and (3)
determine the relationship between the high risk list and OMB's Management
Watch List. To address these objectives, we reviewed quarterly performance
reports on high risk projects from each of the 24 chief financial officer
(CFO) departments and agencies.2 These reports were self-reported, and we
did not independently verify the data. However, we asked all agencies to
confirm the data in appendix III on their high risk projects. We also
reviewed and analyzed OMB's policies and procedures and interviewed
officials from OMB's Office of E-Government and Information Technology.
Moreover, we obtained information from each of the 24 CFO agencies to
determine how high risk projects were identified and updated and what
policies and procedures had been established to effectively monitor the
projects. We performed our work from October 2005 through May 2006 in
accordance with generally accepted government
The 24 CFO agencies are the Departments of Agriculture, Commerce, Defense,
Education, Energy, Health and Human Services, Homeland Security, Housing
and Urban Development, the Interior, Justice, Labor, State,
Transportation, the Treasury, and Veterans Affairs; and the Environmental
Protection Agency, General Services Administration, National Aeronautics
and Space Administration, National Science Foundation, Nuclear Regulatory
Commission, Office of Personnel Management, Small Business Administration,
Social Security Administration, and U.S. Agency for International
Development.
Results in Brief
auditing standards. Appendix I contains details about our objectives,
scope, and methodology.
In response to OMB's memorandum, the 24 CFO agencies identified 226 IT
projects as high risk, totaling about $6.4 billion and representing about
10 percent of the President's total IT budget request for fiscal year
2007. According to the agencies, these projects were identified as such
mainly because of one or more of the four reasons provided in OMB's August
2005 memorandum. The most frequent reason reported by agencies for a
project being designated as high risk was because its delay or failure
would impact the agency's essential business functions, comprising about
70 percent of the projects identified. In addition, agencies reported that
79 of the 226 high risk projects, representing about 35 percent or
collectively totaling about $2.2 billion in fiscal year 2007 planned
funding, had a performance shortfall primarily in one of the four
performance areas to be reported on-maintaining the project's cost and
schedule variances within 10 percent.
Although agencies, with OMB's assistance, generally evaluated their IT
portfolio against the four criteria specified by OMB to identify their
high risk projects, the criteria were not always consistently applied. In
addition, OMB has not defined a process for updating the list,
specifically,
o OMB's criteria were not always consistently applied. As a result, some
agencies reported using reasons other than OMB's criteria to identify
high risk projects. Further, we identified several projects that
appeared to meet OMB's criteria for high risk, but agencies did not
identify them as such.
o OMB's guidance does not define a process for updating high risk
projects, including identifying new projects and removing current
ones. As a result, agencies had different procedures for updating the
list.
To oversee high risk projects, agencies reported having either established
special procedures or using existing investment management processes.
However, we have previously reported on numerous weaknesses associated
with agencies' existing investment management processes and made several
recommendations to improve them. Until these recommendations are
implemented, agencies may not be able to effectively monitor their
investments' performance. To perform oversight of high risk projects, OMB
analysts review the quarterly performance reports of these projects to
determine how well the projects are progressing and whether the actions
described in the planned improvement efforts are adequate. However, OMB
does not compile a single aggregate list of high risk projects. By not
maintaining a single list, OMB is not fully exploiting the opportunity to
use the quarterly reports as a tool for analyzing high risk projects on a
governmentwide basis and is limiting its ability to identify and report on
the full set of IT investments across government that requires special
oversight and greater agency management attention.
The high risk projects and the Management Watch List projects are
identified using different sets of criteria. The high risk projects are
meant to track the execution of projects while the Management Watch List
focuses on project planning. However, agencies identified 37 high risk
projects that were also on OMB's Management Watch List. While the criteria
for the two types of projects differ, both require close attention because
of their importance in supporting critical functions and the likelihood
that performance problems associated with them could potentially result in
billions of taxpayers' dollars being wasted if they are not detected
early.
To improve the way high risk projects are identified and updated, we are
recommending that the Director of OMB direct agencies to ensure that they
are consistently applying the criteria for the high risk designation. We
also recommend the Director of OMB establish a process for agencies to
update high risk projects on a regular basis. Finally, we are recommending
OMB develop a single aggregate list of high risk projects aimed at
improving the reporting and oversight of high risk projects on a
governmentwide basis.
In commenting on a draft of this report, OMB's Administrator for
E-Government and Information Technology stated that she appreciated our
careful review of OMB's process for identifying and overseeing high risk
projects. However, OMB disagreed with our recommendations. Specifically,
regarding our recommendations to direct agencies to consistently apply the
criteria for designating projects as high risk and to establish a
structured, consistent process to update the initial list of high risk
projects, OMB stated that the process and criteria for designating
projects as high risk are clear and that some flexibility in the
application of the criteria is essential. While some flexibility in the
application of the criteria may be appropriate, we believe these criteria
should be applied more consistently so that projects that clearly appear
to meet them, such as those we mention in the report, are identified.
Background
OMB also disagreed with our recommendation to develop a single aggregate
list of projects and their deficiencies to perform adequate oversight and
management. As noted in the report, we believe that, by not having this
list, OMB is not fully exploiting the opportunity to use the agencies'
quarterly reports as a tool for analyzing high risk projects on a
governmentwide basis and for tracking governmentwide progress. In
addition, OMB is limiting its ability to identify and report on the full
set of IT investments across the federal government that require special
oversight and greater agency management attention.
Each year, OMB and federal agencies work together to determine how much
government plans to spend for IT and how these funds are to be allocated.
Over the past decade, federal IT spending has risen to an estimated $64
billion in fiscal year 2007.
OMB plays a key role in overseeing these IT investments and how they are
managed, stemming from its predominant mission: to assist the President in
overseeing the preparation of the federal budget and to supervise budget
administration in Executive Branch agencies. In helping to formulate the
President's spending plans, OMB is responsible for evaluating the
effectiveness of agency programs, policies, and procedures; assessing
competing funding demands among agencies; and setting funding priorities.
OMB also ensures that agency reports, rules, testimony, and proposed
legislation are consistent with the President's budget and with
administration policies. In carrying out these responsibilities, OMB
depends on agencies to collect and report accurate and complete
information; these activities depend, in turn, on agencies having
effective IT management practices.
To drive improvement in the implementation and management of IT projects,
Congress enacted the Clinger-Cohen Act in 1996 to further expand the
responsibilities of OMB and the agencies under the Paperwork Reduction
Act.3 In particular, the act requires agency heads, acting through agency
chief information officers (CIO), to, among other things, better link
their IT planning and investment decisions to program missions and goals
and to implement and enforce IT management policies, procedures,
standards, and guidelines. OMB is required by the Clinger-Cohen Act to
establish processes to analyze, track, and evaluate the risks and results
of
3
44 U.S.C. S: 3504(a)(1)(B)(vi)(OMB); 44 U.S.C. S: 3506(h)(5) (agencies).
Prior Review on Governmentwide IT Investment Management Has Identified
Weaknesses
major capital investments in information systems made by executive
agencies. OMB is also required to report to Congress on the net program
performance benefits achieved as a result of major capital investments in
information systems that are made by executive agencies.4
OMB is aided in its responsibilities by the Chief Information Officers
Council as described by the E-Government Act of 2002.5 The council is
designated the principal interagency forum for improving agency practices
related to the design, acquisition, development, modernization, use,
operation, sharing, and performance of federal government information
resources. Among the specific functions of the CIO Council are the
development of recommendations for the Director of OMB on government
information resources management policies and requirements and the sharing
of experiences, ideas, best practices, and innovative approaches related
to information resources management.
Only by effectively and efficiently managing their IT resources through a
robust investment management process can agencies gain opportunities to
make better allocation decisions among many investment alternatives and
further leverage their investments. However, the federal government faces
enduring IT challenges in this area. For example, in January 2004 we
reported on mixed results of federal agencies' use of IT investment
management practices.6 Specifically, we reported that although most of the
agencies had IT investment boards responsible for defining and
implementing the agencies' IT investment management processes, no agency
had fully implemented practices for monitoring the progress of its
investments. Executive-level oversight of project-level management
activities provides organizations with increased assurance that each
investment will achieve the desired cost, benefit, and schedule results.
Accordingly, we made several recommendations to agencies to improve their
practices.
4
These requirements are specifically described in the Clinger-Cohen Act, 40
U.S.C. S: 11302 (c).
5
44 U.S.C. S: 3603.
6
GAO, Information Technology Management: Governmentwide Strategic Planning,
Performance Measurement, and Investment Management Can Be Further
Improved, GAO-04-49 (Washington, D.C.: Jan. 12, 2004).
Page 6 GAO-06-647 High Risk IT Projects
OMB's Management Watch List Intended to Correct Project Weaknesses and
Business Case Deficiencies
In carrying out its responsibilities to assist the President in overseeing
the preparation of the federal budget, OMB reported in the President's
fiscal year 2004 budget that there were 771 IT investment projects on what
was called the At-Risk List (later referred to as the Management Watch
List). This list included mission-critical projects that did not
successfully demonstrate sufficient potential for success based on the
agency Capital Asset Plan and Business Case, also known as the exhibit
300, or did not adequately address IT security. To identify projects for
inclusion on the Management Watch List, OMB used scoring criteria
contained in OMB Circular A-117 that the agency established for evaluating
the justifications for funding that federal agencies submitted for major
investments8 and for ensuring that agency planning and management of
capital assets is consistent with OMB policy and guidance. This evaluation
is carried out as part of OMB's responsibility to help ensure that
investments of public resources are justified and that public resources
are wisely invested.
In presenting the fiscal year 2005 budget, OMB reported that there were
621 major projects on the Management Watch List, consisting of
missioncritical projects that needed to improve performance measures,
project management, and IT security. OMB staff described this assessment
as again being based on evaluations of the exhibit 300s that agencies
submitted to justify project funding. Agencies were required to
successfully correct identified project weaknesses and business case
deficiencies; otherwise, they risked OMB's placing limits on their
spending.
In April 2005,9 we reported on OMB's development of its Management Watch
List. We concluded that OMB's scoring of the exhibit 300s
7
These scoring criteria are presented in Office of Management and Budget
Circular A-11, Part 7, Planning, Budgeting, Acquisition, and Management of
Capital Assets (June 2005). The criteria consist of 10 categories,
including acquisition strategy, project management, enterprise
architecture, alternative analysis, risk management, performance goals,
security and privacy, performance-based management system (including the
earned value management system), life-cycle costs formulation, and support
for the President's Management Agenda. A total composite score of all the
categories is also derived.
8
OMB Circular A-11 defines a major IT investment as an investment that
requires special management attention because of its importance to an
agency's mission or because it is an integral part of the agency's
enterprise architecture, has significant program or policy implications,
has high executive visibility, or is defined as major by the agency's
capital planning and investment control process.
9GAO-05-276.
addressed many critical IT management areas and promoted the improvement
of investments. However, because OMB did not compile a single aggregate
list10 and had not developed a structured, consistent process for deciding
how to follow up on corrective actions being taken by the agencies, the
agency missed the opportunity to use its scoring process more effectively
to identify management issues that transcended individual agencies, to
prioritize follow-up actions, and to ensure that highpriority deficiencies
were addressed. To take advantage of this potential benefit, we
recommended that OMB compile a single aggregate list and use the list as
the basis for selecting projects for follow up and for tracking follow-up
activities by developing specific criteria for prioritizing the IT
projects included on the list.
OMB has continued to report on its Management Watch List in the most
recent President's budget request. Table 1 shows the budget information
for projects on the Management Watch List for fiscal years 2004, 2005,
2006, and 2007.
Table 1: Management Watch List Budget for Fiscal Years 2004, 2005, 2006, and
2007
Percentage of IT budget for budget for Management Management Watch List
Watch List Fiscal years (in billions) Total IT budget projects projects
Fiscal year 2004 budget $59.0 $20.9 35%
Fiscal year 2005 budget $60.0 $22.0 37%
Fiscal year 2006 budget $65.0 $15.0 23%
Fiscal year 2007 budget request $64.0 $9.9 15%
Source: GAO analysis of OMB data.
According to OMB management, individual analysts were responsible for
evaluating projects and determining which projects met the criteria to be
on the Management Watch List for their assigned agencies. To derive the
total number of projects on the list that were reported for fiscal year
2005, OMB polled the individual analysts and compiled the numbers. OMB
staff said that they did not aggregate these projects into a single list
describing projects and their weaknesses. According to these officials,
they did not construct a single list of projects meeting their Watch List
criteria because they did not see such an activity as necessary in
performing OMB's predominant mission: to assist in overseeing the
preparation of the federal budget and to supervise agency budget
administration.
Table 2 shows the number of projects on the Management Watch List for
fiscal years 2004, 2005, 2006, and 2007.
Table 2: Number of Projects on Management Watch List for Fiscal Years
2004, 2005, 2006, and 2007
Total IT Fiscal year projects
Percentage of Management projects on Watch List Management projects Watch
List
Fiscal year 2004 1400 771 55%
Fiscal year 2005 1200 621 52%
Fiscal year 2006 1087 342 31%
Fiscal year 2007 (proposed) 857 263 31%
Source: GAO analysis of OMB data.
OMB's August 2005 To continue improving IT project planning and execution,
OMB issued a memorandum in August 2005 to all federal chief information
officers,
Memorandum on
Improving Performance of directing them to begin taking steps to identify
IT projects that are high risk and to report quarterly on their
performance. As originally defined in
High Risk IT Projects OMB Circular A-11 and subsequently reiterated in the
August 2005 memorandum, high risk projects are those that require special
attention from oversight authorities and the highest levels of agency
management because of one or more of the following four reasons:
o The agency has not consistently demonstrated the ability to manage
complex projects.
o The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
o The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function
of the agency, a component of the agency, or another organization.
o Delay or failure of the project would introduce for the first time
unacceptable or inadequate performance or failure of an essential
mission function of the agency, a component of the agency, or another
organization.
As directed in the memorandum, by August 15, 2005, agencies in
collaboration with OMB were required to initially identify their high risk
IT projects using these criteria. In addition, OMB subsequently provided
additional instructions through e-mails to agencies. Through these
instructions, OMB directed agencies to declare all e-government and line
of business (LOB) initiatives managed by their agency11 as high risk. In
addition, the instructions specified that partner agencies12 consider
investments associated with migrations to an e-government or LOB
initiative as high risk until they have completed migration or OMB
determines they should no longer be designated as high risk.
For the identified high risk projects, beginning September 15, 2005, and
quarterly thereafter, CIOs were to assess, confirm, and document projects'
performance. Specifically, agencies were required to determine, for each
of their high risk projects, whether the project was meeting one or more
of four performance evaluation criteria: (1) establishing baselines with
clear cost, schedule, and performance goals; (2) maintaining the project's
cost and schedule variances within 10 percent; (3) assigning a qualified
project manager; and (4) avoiding duplication by leveraging inter-agency
and governmentwide investments. If a high risk project meets these four
performance evaluation criteria, agencies are instructed to document this
using a standard template provided by OMB and provide this template to
oversight authorities (e.g., OMB, agency inspectors general, agency
management, and GAO) on request.
If any of the identified high risk projects have performance shortfalls,
meaning that the project did not meet one or more of the four performance
evaluation criteria, agencies are required to document the information on
these projects on the standard template and provide it to OMB along with
copies to the agency inspector general. For each of these projects,
agencies must specify, using the template, (1) the specific
11
In 2001, under the leadership of OMB, a team known as the E-Government
Task Force identified a set of high-profile initiatives to lead the
federal government's drive toward egovernment transformation. These
initiatives-now numbering 25-cover a wide spectrum of government
activities, ranging from centralizing various types of government
information on the Web to eliminating redundant, nonintegrated business
operations and systems. For additional details on these e-government
initiatives see GAO, Electronic Government: Federal Agencies Have Made
Progress Implementing the E-Government Act of 2002, GAO-05-12 (Washington,
D.C: Dec. 10, 2004).
12
For each initiative, OMB designated a specific agency to be the
initiative's "managing partner," responsible for leading the initiative,
and assigned other federal agencies as "partners" in carrying out the
initiative.
Federal Agencies Identified 226 Projects as High Risk
performance shortfalls, (2) the specific cause of the shortfall, (3) a
plan of action and milestones actions needed to correct each shortfall,
and (4) the amount and source of additional funding needed to improve
performance.
In response to OMB's August 2005 memorandum, as of March 2006, the 24 CFO
agencies identified 226 IT projects as high risk, totaling about $6.4
billion and representing about 10 percent of the President's total IT
budget request for fiscal year 2007. According to the agencies, these
projects were identified as such mainly because of one or more of the four
reasons provided in OMB's memorandum. About 70 percent of the projects
identified were reported as high risk because their delay or failure would
impact the agency's essential business functions. Moreover, about 35
percent of the high risk projects-or 79 investments, totaling about $2.2
billion in fiscal year 2007 planned funding, were reported as having
performance shortfalls primarily because of cost and schedule variances
exceeding 10 percent.
High Risk Projects Identified Total About $6.4 Billion for Fiscal Year 2007
As of March 2006, the 24 CFO agencies identified 226 IT investments as
high risk. Collectively, five agencies-the Small Business Administration,
National Aeronautics and Space Administration, Office of Personnel
Management, and the Departments of Veterans Affairs and Homeland
Security-identified about 100 of these projects.13
According to the President's most recent budget, about $6.4 billion has
been requested for fiscal year 2007 by the 24 CFO agencies for the 226
high risk projects. Five of these agencies-the Departments of Defense,
Homeland Security, Transportation, Veterans Affairs, and Justice, account
for about 70 percent of the total high risk budget, totaling about $4.5
billion. Table 3 shows the number of high risk projects and associated
funding reported by each of the 24 CFO agencies.
13
Among these five agencies, many of their projects were either e-government
or line of business initiatives.
Page 11 GAO-06-647 High Risk IT Projects
Table 3: Number of High Risk Projects and Funding by Department/Agency
Number of high risk Total high risk projects (as of FY2007 request (in
Department/agency March 2006) millions)
Department of Agriculture 12 $133.5
Department of Commerce 4 183.0
Department of Defense 6 782.2
Department of Education 12 157.1
Department of Energy 5 82.2
Department of Health and Human Services 9 458.0
Department of Homeland Security 17 910.7
Department of Housing and Urban Development 3 18.0
Department of Interior 3 67.4
Department of Justice 9 503.3
Department of Labor 8 62.3
Department of State 5 43.8
Department of Transportation 13 1,385.6
Department of Treasury 8 266.9
Department of Veterans Affairs 33 871.7
Environmental Protection Agency 6 46.6
General Services Administration 9 97.4
National Aeronautics and Space Administration 16 55.1
National Science Foundation 1 2.5
Nuclear Regulatory Commission 4 1.7
Office of Personnel Management 15 116.7
Small Business Administration 21 15.2
Social Security Administration 6 106.8
U.S. Agency for International Development 1 11.4
Total 226 $6,379.1
Source: GAO analysis of agencies' March 2006 high risk performance reports.
Most Projects Reported as Agencies reported 195 of the 226 projects as
meeting one or more of the High Risk Because Their reasons defined by OMB.
Specifically, more than half of the agencies Delay or Failure Could
reported that their IT projects were identified as high risk because delay
or failure of the project would result in inadequate performance or
failure Impact Mission of an essential mission function. About one fourth
of the projects were Performance determined to be high risk because of
high development, operating, or
maintenance costs. In addition, three agencies identified 11 projects as
high risk because of the inability to manage complex projects. Table 4
summarizes the OMB reasons for high risk designations.
Table 4: Reasons for High Risk Designation by Department/Agency
Reasonsa
The agency has The project has The project was The projects' delay not
consistently exceptionally high addressing deficiencies or failure would
demonstrated the development, in the agencies' ability to impact the
agencies' ability to manage operating, or perform mission critical
essential business Department/agency complex projects maintenance costs
business functions functionsb
Department of Agriculture 6 2 1 3
Department of Commerce 0 3 0 4
Department of Defense 0 6 6 6
Department of Education 0 3 5 9
Department of Energy 0 2 1 3
Department of Health and Human Services 0 5 4 8
Department of Homeland Security 0 0 0 3
Department of Housing and Urban Development 0 0 2 0
Department of Interior 0 1 1 3
Department of Justice 0 4 6 1
Department of Labor 1 3 0 6
Department of State 0 1 1 4
Department of Transportation 0 4 0 4
Department of Treasury 4 4 3 4
Department of Veterans Affairs 0 3 1 31
Environmental Protection Agency 00 0 6
General Services Administration 0 2 0 6
National Aeronautics and Space Administration 0 2 2 14
National Science Foundation 0 0 0 1
Reasons a
The project The
The agency has The project has was projects'
delay
not consistently exceptionally addressing or failure
high deficiencies would
demonstrated the development, in the impact the
agencies' agencies'
ability to
ability to operating, or perform essential
manage maintenance mission business
complex costs critical functionsb
projects business
Department/agency functions
Nuclear Regulatory 0 0 0 4
Commission
Office of Personnel
Management 0 1 1 14
Small Business 0 2 0 19
Administration
Social Security 0 3 0 1
Administration
U.S. Agency for
International
Development 0 0 1 0
Totals 11 51 35 154
Agencies Identified 79 Projects with Performance Shortfalls
Source: GAO analysis based on agency information.
a
In selected cases, departments or agencies identified more than one reason
for the designated high risk projects.
b
According to OMB staff, projects identified as high risk per OMB's
additional instructions on egovernment or lines of business initiatives
met this reason.
A total of 31 projects were identified as high risk using rationale other
than OMB's four criteria. In these cases, agencies reasons included that
the business cases had weaknesses or approved baselines were not
established.
Agencies identified about 35 percent of the high risk projects as having
performance shortfalls. Specifically, for the last reporting quarter-March
2006-agencies identified 79 investments, totaling about $2.2 billion in
fiscal year 2007 planned funding, as having performance shortfalls. The
most frequent reason provided for the shortfalls was cost and schedule
variances exceeding 10 percent. By contrast, only two projects were
reported by agencies as having an overlapping or duplicative IT
investment.
Since September 2005, the number of projects with performance shortfalls
has increased-from 58 projects in September 2005 to 67 projects in
December 2005 to the 79 in March 2006. For the September and December 2005
and March 2006 reporting periods, figure 1 illustrates that agencies have
reported that most of the weaknesses were in cost and schedule variances
not within 10 percent and that there was an increase in projects that do
not have clear baseline information on cost, schedule, and performance
goals.
Figure 1: Reported Data for Projects with Performance Shortfalls
Percentage 30
25
20
15
10
5
0
Unclear baselinesCost and schedule Project manager Duplication variance
exceedingnot qualified 10 percent
Performance shortfalls
September 2005
December 2005
March 2006 Source: GAO analysis of 24 CFO agencies' September and December
2005 and March 2006 high risk reports.
Figure 2 illustrates the number of agency high risk projects with and
without shortfalls as of March 2006. The majority of the agencies reported
that their high risk projects did not have performance shortfalls in any
of the four areas identified by OMB. In addition, six agencies-the
departments of Commerce, Energy, Housing and Urban Development, and Labor,
and the National Aeronautics and Space Administration and the National
Science Foundation-reported that none of their high risk projects
experienced any performance shortfalls.
Figure 2: Number of Agencies High Risk Projects with and without
Performance Shortfalls (as of March 2006)
Number of projects35
30 25 20 15 10 5
DASU
DefEducatione
y
SHHSDHInteriorHUDticesJutateLaborSASGASNA
F
NRC OPM
BAS
SSA D
e
tation y
A
VA
sen
c
gEnerSN
ursa
EP
AISU
Commer
porsn
e
Tr
a
Tr
Agency
Projects with no performance shortfalls
Projects with performance shortfallsSource: GAO analysis of 24 CFO
agencies' March 2006 high risk reports.
For the identification of all high risk projects by agency including
funding, reasons for the high risk designation, specific performance
shortfalls, and planned improvement efforts, see appendix III.
Although agencies, with OMB's assistance, generally identified their high
risk projects by evaluating their IT portfolio against the four criteria
specified by OMB, the criteria were not always consistently applied. In
addition, OMB did not define a process for updating the list. To oversee
high risk projects, agencies reported having investment management
practices in place; however, we have previously reported on agencies'
maturing investment management processes and have made several
recommendations to improve them. OMB staff perform their oversight of high
risk projects by reviewing the quarterly performance reports, but they do
not have a single aggregate list to analyze projects and for tracking
progress on a governmentwide basis. Unless they address the issues
Processes Exist to Identify and Oversee High Risk Projects, but Opportunities
Exist to Improve These Processes
regarding the identification, update, and oversight of high risk projects,
OMB and agencies could be missing opportunities to perform these
activities more effectively.
High Risk Projects Identified Primarily Using OMB's Criteria, but the Criteria Not Always
Agencies primarily used the criteria defined in OMB's
August 2005 memorandum in determining the
initial list of high risk projects; however,
criteria were not always consistently applied. Specifically, most
agencies reported that officials from the Office of the CIO compared the
criteria against their current portfolio to determine
which projects met Consistently Applied OMB's definition. They then
submitted the list to OMB for review.
According to OMB and agency officials, after the submission of the initial
list, examiners at OMB worked with individual agencies to identify or
remove projects as appropriate. According to most agencies, the final list
was then approved by their CIO.
However, OMB's criteria for identifying high risk projects were not always
consistently applied.
o In several cases, agencies did not use OMB's criteria to identify high
risk projects. As previously discussed, some agencies reported using
other reasons to identify a total of 31 high risk projects. For
example, the Department of Homeland Security reported investments that
were high risk because they had weaknesses associated with their
business cases based on the evaluation by OMB. The Department of
Transportation reported projects as high risk because two did not have
approved baselines, and four had incomplete or poor earned value
management14 (EVM) assessments.
o Regarding the first criterion for high risk designation-the agency has
not demonstrated the ability to manage complex projects-only three
agencies reported having projects meeting this criterion. This appears
to be somewhat low, considering that we and others have previously
reported on weaknesses in numerous agencies' ability to manage complex
projects. For example, we have reported in our high risk series on
major programs and operations that need urgent attention and
transformation in order to
14
EVM is a project management tool that integrates the investment scope of
work with schedule and cost elements for investment planning and control.
This method compares the value of work accomplished during a given period
with that of the work expected in the period. Differences in expectations
are measured in both cost and schedule variances. OMB requires agencies to
use EVM as part of their performance-based management system for any
investment under development or with system improvements under way.
Page 17 GAO-06-647 High Risk IT Projects
ensure that our federal government functions in the most economical,
efficient, and effective manner possible.15 Specifically, the Department
of Defense's efforts to modernize its business systems have been hampered
because of weaknesses in practices for (1) developing and using an
enterprise architecture, (2) instituting effective investment management
processes, and (3) establishing and implementing effective systems
acquisition processes. We concluded that the Department of Defense, as a
whole, remains far from where it needs to be to effectively and
efficiently manage an undertaking with the size, complexity, and
significance of its departmentwide business systems modernization. We also
reported that, after almost 25 years and $41 billion, efforts to modernize
the air traffic control program of the Federal Aviation Administration,
the Department of Transportation's largest component, are far from
complete and that projects continue to face challenges in meeting cost,
schedule, and performance expectations.16 However, neither the Department
of Defense nor the Department of Transportation identified any projects as
being high risk because of their inability to manage complex projects.
o While agencies have reported a significant number of IT projects as
high risk, we identified other projects on which we have reported and
testified that appear to meet one or more of OMB's criteria for high risk
designation including high development or operating costs and recognized
deficiencies in adequate performance but were not identified as high risk.
Examples we have recently reported include the following projects:
o The Decennial Response Integration System of the Census Bureau is
intended to integrate paper, Internet, and telephone responses. Its high
development and operating costs are expected to make up a large portion of
the $1.8 billion program to develop, test, and implement decennial census
systems. In March 2006,17 we testified that the component agency has
established baseline requirements for the acquisition, but the bureau has
not yet validated the requirements or implemented a process for managing
them. We concluded that, until these and other basic contract management
activities are fully implemented, this project faced increased risks that
the system would experience cost overruns, schedule delays, and
performance shortfalls.
15GAO, High-Risk Series: An Update , GAO-05-207 (Washington, D.C., Jan.
2005).
16 GAO-05-207.
GAO, Census Bureau: Important Activities for Improving Management of Key
2010 Decennial Acquisitions Remain to be Done, GAO-06-444T (Washington,
D.C.: Mar. 1, 2006).
Page 18 GAO-06-647 High Risk IT Projects
o The National Polar-Orbiting Operational Environmental Satellite
System-an initiative managed by the Departments of Commerce and
Defense and the National Aeronautics and Space Administration-is to
converge two satellite programs into a single satellite program
capable of satisfying both civilian and military requirements. In
November 2005,18 we reported that the system was a troubled program
because of technical problems on critical sensors, escalating costs,
poor management at multiple levels, and the lack of a decision on how
to proceed with the program. Over the last several years, this system
has experienced continual cost increases to about $10 billion and
schedule delays, requiring difficult decisions about the program's
direction and capabilities. More recently, we testified19 that the
program is still in trouble and that its future direction is not yet
known. While the program office has corrective actions under way, we
concluded that, as the project continues, it will be critical to
ensure that the management issues of the past are not repeated.
o The Rescue 21 project is a planned coastal communications system of
the Department of Homeland Security. We recently reported20 that
inadequacies in several areas contributed to Rescue 21 cost overruns
and schedule delays. These inadequacies occurred in requirements
management, project monitoring, risk management, contractor cost and
schedule estimation and delivery, and executive level oversight.
Accordingly, the estimated total acquisition cost has increased from
$250 million in 1999 to $710.5 million in 2005, and the timeline for
achieving full operating capability has been extended from 2006 to
2011.
For the projects we identified as appearing to meet OMB's criteria for
high risk, the responsible agencies reported that they did not consider
these investments to be high risk projects for reasons such as (1) the
project was not a major investment; (2) agency management is experienced
in overseeing projects; or (3) the project did not have weaknesses in its
18
GAO, Polar-Orbiting Operational Environmental Satellites: Technical
Problems, Cost Increases, and Schedule Delays Trigger Need for Difficult
Trade-Off Decisions, GAO-06-249T (Washington, D.C.: Nov. 16, 2005).
19GAO, Polar-Orbiting Operational Environmental Satellites: Cost Increases
Trigger Review and Place Program's Direction on Hold, GAO-06-573T
(Washington, D.C.: Mar. 30, 2006).
20
GAO, United States Coast Guard: Improvements Needed in Management and
Oversight of Rescue System Acquisition, GAO-06-632 (Washington, D.C.: May
31, 2006).
Process for Updating High Risk Projects Is Not Defined
business case. In particular, one agency stated that their list does not
include all high risk projects, it includes only those that are the
highest priority of the high risk investments. However, none of the
reasons provided are associated with OMB's high risk definition.
While OMB staff acknowledged that the process for identifying high risk
projects might not catch all projects meeting the criteria, they stated
that they have other mechanisms for determining the performance of all IT
projects, including high risk projects, such as the review of earned value
management data. Nevertheless, without consistent application of the high
risk criteria, OMB and executives cannot have the assurance that all
projects that require special attention have been identified.
OMB's guidance does not define a process for updating high risk projects
that have been identified including identifying new projects and removing
current ones. In the absence of such guidance, agencies use different
procedures, for example, for removing projects from the list.
Specifically, some agencies reported removing projects from the list if
they no longer meet OMB's criteria and other agencies reported removing a
project if it
(1) is completed or moves into operations; (2) has become compliant with
its cost and schedule baseline goals; (3) is no longer considered a major
IT investment; (4) becomes on track and maintains this status within
specific cost, schedule and performance for a minimum of two quarters; or
(5) addresses major weaknesses such as earned value management
requirements.
While OMB staff acknowledge that there is no defined process for updating
the set of projects, they stated that agencies are in constant
communication with individual analysts at OMB through e-mails, phone
calls, or meetings to identify new high risk projects if they meet the
definition or remove old ones if they no longer meet the criteria.
Nevertheless, without guidance for updating high risk projects on a
continuing basis, OMB and agency executives cannot be assured they have
identified the appropriate projects that should be designated as high
risk.
OMB and Agencies Can Further Improve Oversight of High Risk Projects
All 24 CFO agencies reported having procedures for overseeing high risk
projects. While some agencies reported using their current investment
management processes for specific oversight, other agencies established
additional oversight procedures. For example, one agency developed and
documented specific procedures for sending a quarterly data call to the
program offices that have high risk investments. The program office then
Page 20 GAO-06-647 High Risk IT Projects
completes a template capturing current performance information and sends
it to the Office of the CIO for review and feedback. The CIO office
forwards it to OMB, as required. In contrast, some other agencies reported
that these projects are managed as part of their current investment review
process-requiring the investment review board to perform control reviews
along with other investments.
While procedures for overseeing high risk projects are positive steps, we
have previously reported that agencies generally have weaknesses in
project oversight. In particular, we reported that agencies did not always
have important mechanisms in place for agencywide investment management
boards to effectively control investments, including decision-making rules
for project oversight, early warning mechanisms, and/or requirements that
corrective actions for underperforming projects be agreed upon and
tracked.21 To remedy these weaknesses, we have made several
recommendations to improve processes for effective oversight, many of
which remain open. Until agencies establish the practices needed to
effectively manage IT investments including those that are high risk, OMB,
agency executives, and Congress cannot be assured that investments are
being properly managed.
OMB's oversight of high risk projects, in turn, entails reviewing the
performance reports on a quarterly basis. Specifically, according to OMB
staff, individual analysts review the quarterly performance reports of
projects with shortfalls to determine how well the projects are
progressing and whether the actions described in the planned improvement
efforts are adequate. These officials also stated that the OMB analysts
review the quarterly reports for completeness and consistency with other
performance data already received on IT projects. This includes quarterly
e-Gov Scorecards,22 earned value management data, and the exhibit 300. For
projects without shortfalls, officials stated that while the memorandum
does not direct agencies to submit these reports, agencies communicate the
status of these projects to the appropriate officials. According to OMB,
the reporting requirement for high risk projects
21GAO-04-49.
The quarterly e-Gov Scorecards are reports that use a red/yellow/green
scoring system to illustrate the results of OMB's evaluation of agencies'
implementation of e-government criteria in the President's Management
Agenda. The scores are determined in quarterly reviews, where OMB
evaluates agency progress toward agreed-upon goals along several
dimensions, and provides input to the quarterly reporting on the
President's Management Agenda.
High Risk and Management Watch List Projects Identified Using Different
Criteria
enhances oversight by capturing all key elements in a single report and
providing oversight authorities and agency management early indicators of
any problems or shortfalls since the reporting is conducted on a quarterly
basis.
However, OMB does not maintain a single aggregate list of high risk
projects. OMB staff told us they do not construct a single list because
they did not see such an activity as necessary in achieving the intent of
the guidance-to improve project planning and execution. Consistent with
our Management Watch List observations and recommendations,23 we believe
that by not having a single list, OMB is not fully exploiting the
opportunity to use the quarterly reports as a tool for analyzing high risk
projects on a governmentwide basis and for tracking governmentwide
progress. It is limiting its ability to identify and report on the full
set of IT investments across the federal government that require special
oversight and greater agency management attention.
The high risk projects and Management Watch List projects are identified
using different sets of criteria. In addition, while the identification of
high risk projects centers on an agency's oversight of the project's
performance, the Management Watch List focuses more on a project's
planning.
As discussed previously, the high risk list consists of projects
identified by the agencies with the assistance of OMB, using specific
criteria established by OMB, including memorandum M-05-23. As discussed
previously, these projects are reported quarterly by the agencies to OMB
on a template focusing on each project's performance in four specified
areas24 and noted shortfalls. The agencies are also to report planned
corrective actions addressing the shortfalls.
On the other hand, OMB determines projects to be included on its
Management Watch List based on an evaluation of exhibit 300 business cases
that agencies submit for major projects as part of the budget development
process. This evaluation is part of OMB's responsibility for
23GAO-05-276.
24
As discussed earlier, these four areas are (1) baseline with clear goals,
(2) cost and schedule variance within 10 percent, (3) qualified project
manager, and (4) avoiding duplication.
Page 22 GAO-06-647 High Risk IT Projects
Conclusions
helping to ensure that investments of public resources are justified and
that public resources are wisely invested. Each exhibit 300 is assigned a
score in 10 different categories, the results of which determine whether
an individual project (or investment) warrants being included on the
Management Watch List. This may result in OMB's asking the agency to
submit a remediation plan to address the weaknesses identified in the
agency's business case.
While the criteria for identifying the Management Watch List projects and
high risk projects differ, Management Watch List projects can also be high
risk. For example, of the 226 total number of high risk projects, agencies
identified 37 of these projects as being on OMB's Management Watch List,25
with 19 of these projects having performance shortfalls. According to OMB
staff, identifying and addressing poorly planned projects as part of the
Management Watch List process could result in fewer projects with
performance shortfalls over time. Nevertheless, both types of projects
require close attention because of their importance in supporting critical
functions and the likelihood that performance problems associated with
them could potentially result in billions of taxpayers' dollars being
wasted if they are not detected early.
OMB and agencies' efforts to identify 226 high risk projects are important
steps in helping focus management attention on critically important IT
projects. Although many projects were appropriately identified as high
risk initiatives consistent with OMB's guidance, OMB's criteria were not
always consistently applied. As a result, projects that appear to be high
risk were not always identified as such. Further, because OMB has not
provided guidance on how the initial set of high risk projects list should
be updated, agencies do not have a consistent process for doing so.
Agencies and OMB have both taken actions to ensure oversight of the high
risk projects. Specifically, agencies are using existing oversight
procedures or ones they have specifically established for the high risk
projects and OMB is reviewing quarterly reports. However, weaknesses
remain: agencies need to implement specific recommendations we have
previously made to improve their practices for overseeing projects.
Finally, OMB has not developed a single aggregate list of high risk
projects
25
Two of the 24 agencies did not identify how many of their high risk
projects were also on the Management Watch List.
Page 23 GAO-06-647 High Risk IT Projects
to track progress, perform governmentwide analysis, and report the results
to Congress.
While the criteria for high risk projects and those on the Management
Watch List differ, both types of projects support critical business
functions and could experience performance problems that could become
costly to address if they are not detected early. Given this, the
Management Watch List projects and the high risk projects both require
continued attention.
In order for OMB to take advantage of the potential benefits of using the
Recommendations for
quarterly performance reports as a tool for identifying and overseeing
high Executive Action risk projects on a governmentwide basis, we are
recommending that the
Director of OMB take the following three actions:
o Direct federal agency CIOs to ensure that they are consistently
applying the criteria defined by OMB.
o Establish a structured, consistent process to update the initial list
of high risk projects on a regular basis, including identifying new
projects and removing previous ones to ensure the list is current and
complete.
o Develop a single aggregate list of high risk projects and their
deficiencies and use that list to report to Congress progress made in
correcting high risk problems, actions under way, and further actions
that may be needed. OMB could consider using the information we have
developed in appendix III as a starting point for developing this
single list. In implementing these recommendations, OMB should
consider working with the CIO Council to help ensure governmentwide
acceptance of these actions.
Because we have outstanding recommendations aimed at (1) improving
agencies' investment management practices26 and (2) using the Management
Watch List as a tool for analyzing, setting priorities, and following up
on IT projects,27 we are not making any new recommendations in this report
regarding these issues.
26GAO-04-49. 27 GAO-05-276.
Page 24 GAO-06-647 High Risk IT Projects
Agency Comments and Our Evaluation
OMB's Administrator for the E-Government and Information Technology
provided written comments on a draft of this report (reprinted in app.
II). In these comments, OMB stated that it appreciated our careful review
of OMB's process for identifying and overseeing high risk projects.
However, the agency disagreed with our recommendations and made other
observations.
In its comments, OMB stated that it is concerned about our interpretation
of the goals and intent of the high risk process in comparison to GAO's
high risk list. Our intent is not to confuse the goals and intent of the
two efforts. Nevertheless, as noted in our report, some major programs and
operations have been placed on our high risk list because of weaknesses in
key agency management practices, and this is consistent with OMB's first
criterion for high risk designation-the agency has not demonstrated the
ability to manage complex projects.
In its comments, OMB also observed that the policy for identifying and
overseeing high risk projects is separate and apart from OMB's Management
Watch List and presents oversight authorities with information that
differs in focus, timing, and expected results. While we agree with OMB
that the two policies are different and acknowledge this in our report, we
also noted in the report that Management Watch List projects can also be
high risk. We believe projects from both lists warrant close attention
because of their importance in supporting critical functions and the
likelihood that performance problems associated with them could
potentially result in billion of taxpayers' dollars being wasted if they
are not detected early.
Regarding our recommendations to direct agencies to consistently apply the
criteria for designating projects as high risk and to establish a
structured, consistent process to update the initial list of high risk
projects, OMB stated that the process and criteria for designating
projects as high risk are clear and that some flexibility in the
application of the criteria is essential. While some flexibility in the
application of the criteria may be appropriate, we believe these criteria
should be applied more consistently so that projects that clearly appear
to meet them, such as those we mention in the report, are identified.
OMB also disagreed with our recommendation to develop a single aggregate
list of projects and their deficiencies to perform adequate oversight and
management. As noted in the report, we believe that, by not having this
list, OMB is not fully exploiting the opportunity to use the agencies'
quarterly reports as a tool for analyzing high risk projects on a
governmentwide basis and for tracking governmentwide progress. In
addition, OMB is limiting its ability to identify and report on the full
set of IT investments across the federal government that requires special
oversight and greater agency management attention.
As agreed with your offices, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days from
the date of this letter. At that time, we will send copies to other
interested congressional committees, the Director of the Office of
Management and Budget, and other interested parties. Copies will also be
made available at no charge on our Web site at www.gao.gov.
If you have any questions on matters discussed in this report, please
contact me at (202) 512-9286 or at [email protected] . Contact points for
our Offices of Congressional Relations and Public Affairs may be found on
the last page of this report. GAO staff who made major contributions to
this report are listed in appendix IV.
Sincerely yours,
Director, Information Technology Management Issues
Appendix I: Objectives, Scope, and Methodology
Our objectives were to (1) provide a summary of high risk projects that
identifies by agency the number of high risk projects, their proposed
budget for fiscal year 2007, agency reasons for the high risk designation,
and reported performance shortfalls; (2) determine how high risk projects
were identified and updated and what processes and procedures have been
established to effectively oversee them; and (3) determine the
relationship between the high risk list and OMB's Management Watch List.
We conducted our work at OMB and the 24 chief financial officer (CFO)
agencies in Washington, D.C. The 24 agencies are the departments of
Agriculture, Commerce, Defense, Education, Energy, Health and Human
Services, Homeland Security, Housing and Urban Development, the Interior,
Justice, Labor, State, Transportation, the Treasury, and Veterans Affairs;
and the Environmental Protection Agency, General Services Administration,
National Aeronautics and Space Administration, National Science
Foundation, Nuclear Regulatory Commission, Office of Personnel Management,
Small Business Administration, Social Security Administration, and U.S.
Agency for International Development.
To address the first objective, we requested and reviewed documentation
that identifies, for each agency, the number of high risk projects, their
proposed budget for fiscal year 2007, agency reasons for the high risk
designation, and reported performance shortfalls. In particular, we
reviewed agency performance reports on high risk projects for September
and December 2005 and March 2006 that identified high risk projects and
planned improvement efforts, if any. We did not independently verify the
information contained in these performance reports. However, we asked all
24 CFO agencies to confirm the data in appendix III regarding their high
risk projects. Furthermore, we obtained the funding information for all
high risk projects for fiscal years 2005, 2006, and 2007 from the Report
on IT Spending for the Federal Government, Exhibit 53. We did not verify
these data.
To address the second objective, we used a structured data collection
instrument to better understand the 24 CFO agencies' processes and
procedures for identifying and overseeing high risk projects. All 24
agencies responded to our structured questionnaire. We did not verify the
accuracy of the agencies' responses; however, we reviewed supporting
documentation that selected agencies provided to validate their responses.
We contacted agency officials when necessary for follow-up information. We
then analyzed the agencies' responses.
Appendix I: Objectives, Scope, and Methodology
Moreover, we identified and reviewed prior GAO reports on projects with
weaknesses that met OMB's high risk definition. Finally, to gain insight
into OMB's processes and procedures to oversee the high risk list, we
reviewed related policy guidance, including its Memorandum on Improving IT
Project Planning and Execution (M-05-23, dated August 4, 2005), and the
Clinger-Cohen Act. We also interviewed OMB staff including the chief of
the Information Technology and Policy Branch.
To address the third objective, we interviewed OMB staff who are
responsible for developing and monitoring the high risk list and
Management Watch List, including the chief of the Information Technology
and Policy Branch. In addition, we reviewed our prior work on OMB's
Management Watch List, (GAO-05-276), to better understand the processes
for placing projects on the Management Watch List and following up on
their corrective actions. Finally, we requested information from the 24
CFO agencies on which of their high risk projects were also on the
Management Watch List. Two of the 24 agencies did not identify how many of
their high risk projects were also on the Management Watch List.
We conducted our work in Washington, D.C., from October 2005 through May
2006 in accordance with generally accepted government auditing standards.
Appendix II: Comments from the Office of Management and Budget
Appendix III: Summary of High Risk IT Projects by Department or Agency
Page 31 GAO-06-647 High Risk IT Projects
Table 5: Summary of High Risk Projects for the Department of Agriculture
FY2005 FY2006 FY2007 Reasons for Planned
Investment actuals enacted request (in high risk Performance improvement
(in (in
Investment name type millions) millions) millions) designationa shortfall efforts
National Animal major $7.5 $7.8 $4.9 C No N/A
performance
Identification shortfall
System
Financial major 0.0 0.0 52.7 B No N/A
performance
Management shortfall
Modernization
Initiative
Financial major 1.1 0.9 1.3 A No N/Ab
performance
Management shortfall
Systems
Corporate major 5.3 4.4 5.0 A No N/Ab
Insurance performance
Information shortfall
Systems
Infrastructure major N/A 11.0 9.2 A No N/Ab
performance
Modernization, shortfall
Support, and
Training
Strategic major 2.1 3.8 3.8 A No N/Ab
Data performance
Analysis shortfall
Emerging major 0.6 1.0 2.7 A No N/A
performance
Information shortfall
Technology
Architecture
Common Information major 0.0 0.0 0.0 A Unclear Component
Management System baselines, agency has 20
schedule people
currently
variance not enrolled in
within 10 project
percent,
and management
qualified
project training and
manager
is not in revising
place.
business case.
The investment
has been
elevated to
the
Undersecretary
level to
address
management
issues.
Action date:
ongoing
FY2005 FY2006 FY2007 Reasons for Planned
Investment actuals enacted request high risk Performance improvement
(in (in (in
Investment type millions) millions) millions) designationa shortfall efforts
name
Modernize major $0.0 $2.2 $16.6 B Unclear Revising
and
Innovate the baselines, business case
Delivery
of schedule and
Agricultural addressing
Systems variance project
not
within 10 management
percent,
and qualified issues.
project Action
manager is date:
not in place. ongoing
ConnectHR major 12.2 36.5 28.0 D Duplication Component
with
other investments agency
has
signed
agreements for
conversion to
enterprise
human resource
integration.
Action date:
9/30/06
Human major 4.5 9.8 8.3 D No N/A
Resources performance
LOB: Service shortfall
Center
Human major 2.5 4.6 1.0 D No N/A
Resources performance
LOB: shortfall
ePayroll
migration
Source: OMB FY2007 Exhibit 53 and Department of Agriculture documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
b
While USDA officials reported that there are no specific performance
shortfalls in these investments, they stated that, due to poor project
management, these business cases have been consistently weak and that they
are continuing to try and remediate the weaknesses in the documentation.
Table 6: Summary of High Risk Projects for the Department of Commerce
FY2005 FY2006 FY2007 Reasons for Planned
Investment actuals (in enacted request high risk Performance improvement
(in (in
Investment name type millions) millions) millions) designationa shortfall efforts
Master Address major $81.2 $79.6 $73.7 B, D No N/A
performance
File/Topologically shortfall
Integrated
Geographic
Encoding and
Referencing
Enhancements
Advanced Weather major 49.5 46.8 50.3 B, D No N/A
performance
Interactive shortfall
Processing System
Field Data major 5.5 35.5 59.0 B, D No N/A
performance
Collection shortfall
Automation
e-Travel IT migration 0.0 0.2 0.0 D No N/A
investment performance
shortfallb
portion of a
larger asset
Source: OMB FY2007 Exhibit 53 and Department of Commerce documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
b
According to agency officials, this initiative is on hold.
Table 7: Summary of High Risk Projects for the Department of Defense
Page 34 GAO-06-647 High Risk IT Projects
FY2005 FY2006 FY2007 Reasons for
Investment actuals enacted request high risk Performance Planned
Investment type (in (in (in designationa shortfall improvement
name millions) millions) millions) efforts
Joint major $131.0 $191.7 $10.7 B, C, D Defense
Tactical Acquisition
Radio Executive
System- Cost and established
Cluster 1 schedule a Joint
variances Program
not within Executive
10 Officer with
percent acquisition
authority
across all
product
lines in 2nd
quarter
fiscal year
2005. This
officer
commissioned
an
independent
assessment
of
program
cost,
schedule,
and
performance,
and
technical
maturity in
spring 2005.
The Defense
Acquisition
Executive
last
reviewed
progress on
the
project's
planning on
November 22,
Defense Integrated major 68.0 104.1 51.4 B, C, D Cost and 2005. On
Military Human schedule December 1,
Resources System variances not 2005, Deputy
within 10 Secretary of
percent Defense
determined
project is a
viable solution
for Army
personnel and
pay and
transferred the
program to the
new Business
Transformation
Agency.
Air Force
assessment
will be briefed
to the
Defense
Business
Systems
Management
Committee on
March
23, 2006. The
Navy assessment
will start
March 13, 2006,
followed by the
Marine Corps in
fiscal year
2007.
Completion date
is to be
determined.
FY2005 FY2006 FY2007 Reasons for Planned
actuals enacted request high risk Performance improvement
Investment name (in (in (in designationa shortfall efforts
Investment type millions) millions) millions)
Expeditionary major $54.0 $80.5 $212.4 B, C, D Schedule Systems
Combat variance Integrator
Support not within Source
System 10 percent Selection
under way.
Program
will
realign
schedule
subsequent
to systems
integrator
contract
award in
June 2006.
Global Combat Support System- 141.2 219.8 B, C, D No performance shortfall
Army major 182.9 Logistics 111.2 109.5 N/Ab B, C, D Unclear baselines An
Modernization Program major Army 3-star level review was
65.6 conducted on February 1, 2006, and
the Office of the Secretary of
Defense, Networks and Information
Integration, Overarching Integrated
Product Team was briefed on February
2, 2006. The program office will
undergo another Overarching
Integrated Product Team review in
June 2006 and will submit for Office
of the Secretary of Defense approval
a baseline that includes metrics for
cost, schedule, and performance.
Navy major 66.0 115.4 178.4 B, C, Cost and The prime contract
Enterprise D
Resource schedule was fully defined
Planning on
variances not January 2, 2006.
The
within 10 program
rebaselining
percent is planned to be
completed in the
3rd
quarter of fiscal
year
2006.
Source: OMB FY2007 Exhibit 53 and Department of Defense documents.
a
Reasons for high risk designation include: A=The agency has not
consistently demonstrated the ability to manage complex projects.
Page 35 GAO-06-647 High Risk IT Projects
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
b
This program is undergoing predevelopment activity and awaiting approval
to begin development. Program to be restructured to fit within budget.
Table 8: Summary of High Risk Projects for the Department of Education
Page 36 GAO-06-647 High Risk IT Projects
FY2005 FY2006 FY2007 Reasons for
Investment high risk
Investment actuals (in enacted (in request (in Performance
Planned
name type millions) millions) millions) designationa
shortfall
improvement
efforts
Advance (Aid major $92.9 $145.1 $95.9 B Cost and The use
of earned
Delivery) schedule value
management
variances not
techniques will
closely
within 10 monitor
the project's
percent
development and
production
schedule.
Project schedule
agreed to by upper
management,
constantly
overseen.
Action date:
6/15/06
Common major 33.9 31.3 28.1 B, D No N/A
Services for performance
Borrowers shortfall
Data Strategy major 2.2 3.0 5.0 B, D No N/A
performance
shortfall
E-Joint effort 0.7 2.8 0.3 D Project The
project manager
Authentication for manager is is
more attending IT
project
than one not yet manager
certification
agency qualified program.
Action date:
6/15/06
C Cost and
ID Access major 1.2 1.5 0.5 Rebaseline the
cost
Control schedule and
schedule based
System variances not on
changing
within 10
requirements.
percent Action
date: 6/15/06
FY2005 FY2006 FY2007 Reasons for
Investment Investment actuals enacted request high risk Performance Planned
(in (in (in
name type millions) millions) millions) designationa shortfall improvement
efforts
Education major $6.4 $6.7 $6.7 C No N/A
Resource performance
Information shortfall
Center
Education major 14.7 5.7 5.4 C, D Cost and The project
manager
Data schedule is serving in a
Exchange variances temporary
not capacity as
Network within 10 the office is
going
percent and through
project reorganization.
manager is Action date:
not 6/15/06
qualified.
Financial major 8.5 12.3 5.4 D No N/A
Management performance
Support shortfall
System
Grants major 2.7 2.3 2.8 C, D Project The project
manager
Administration manager is is attending IT
project
and Payment not manager
qualified. certification
System program.
Action date:
6/15/06
G5-Grants major 0.6 2.5 3.3 D Cost and The project
manager
Management schedule is scheduled to
Re-Design variances complete IT
not project
within 10 manager
certification
percent and program.
project Action date:
manager is 6/15/06
not
qualified.
Migrant major 0.8 3.8 2.5 C, D Project The project
manager
Student manager is is attending IT
project
Information not manager
qualified. certification
Exchange program.
Action date:
6/15/06
Travel major 0.5 1.9 1.2 D No N/A
Management performance
System shortfall
Source: OMB FY2007 Exhibit 53 and Department of Education documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 9: Summary of High Risk Projects for the Department of Energy
FY2005 FY2006 FY2007 Reasons for Planned
Investment actuals enacted request high risk Performance
(in (in (in improvement
Investment type millions) millions) millions) designationa shortfall efforts
name
EE State major $1.8 $1.8 $1.7 D No N/A
Grants
Administration performance
shortfall
Integrated major 34.1 29.8 27.2 D No N/A
Management performance
Navigation System shortfall
Advanced Simulation major 0.0 0.0 25.0 B No N/A
and Computing performance
Future
Platform shortfall
Integrated Cyber major 10.4 23.5 25.0 B, C No N/A
Security Initiative performance
shortfall
Integrated major 3.3 3.3 3.3 D No N/A
Security
System performance
shortfall
Source: OMB FY2007 Exhibit 53 and Department of Energy documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 10: Summary of High Risk Projects for the Department of Health and Human
Services
FY2005 FY2006 FY2007 Reasons for Planned Investment actuals (in enacted
(in request (in high risk Performance improvement Investment name type
millions) millions) millions) designationa shortfall efforts
CDC Public Health major $50.0 Information Network: BioSense
$49.5 $47.5 B, C, D No N/A performance shortfall
CMS Healthcare major 99.4 Integrated General Ledger Accounting System
149.9 139.4 B, C, D No N/A performance shortfall
CMS MMA Title I major 108.5 114.9 103.7 B, D No N/A
and II performance
applications shortfall
HHS Unified major 62.5 57.9 64.0 B, No N/A
Financial C, D performance
Management shortfall
System
IHS Resource major 47.1 45.3 54.6 D Unclear Baseline
and Patient baselines and revision is
Management project completed and
System manager is will be
not submitted to
qualified. the agency
Investment
Review Board
for
review/approval
3/14/06.
Project manager
has completed 2
courses of a 7
course master's
certification
program.
NIH OD Electronic Research major 44.9 42.1 43.4 B, C No performance N/A
Administration shortfall
Federal Health Architecture- major 2.2 2.3 3.4 D No performance N/A
Managing Partner shortfall
Grants.gov-Find and Apply major 1.9 0.8 1.9 D No performance N/A
shortfall
FY2005 FY2006 FY2007 Reasons for Planned
Investment actuals enacted request high risk Performance improvement
Investment type (in (in (in designationa shortfall efforts
name millions) millions) millions)
HHS Human Joint $0.1 $0.1 $0.1 D Unclear Governance
effort
Resources for more baselines issues remain
Line of
Business than one unclear.
(LOB) agency Specifically,
it is
imperative
that a
financing
strategy be
in place and
that
migrations be
adequately
funded before
the
Shared
Service
Centers start
servicing new
customers.
Source: OMB FY2007 Exhibit 53 and Department of Health and Human Services
documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 11: Summary of High Risk Projects for the Department of Homeland Security
Page 41 GAO-06-647 High Risk IT Projects
FY2005 FY2006 FY2007 Reasons for Planned
Investment actuals enacted request high risk Performance improvement
Investment type (in (inmillions) (inmillions) designationa shortfall efforts
name millions)
United major $341.0 $341.0 $407.4 E Weaknesses No N/A
States in business performance
Visitor and case shortfall
Immigrant
Status
Indicator
Technology
SBInet major 84.7 38.5 139.3 E Weaknesses Project
in business Project is manager
case in initial enrolled in
phase; training to
therefore, achieve level
baselines III
have not certification.
been
approved
and earned
value
management
is not yet
required.
Program
eNEMIS major 14.0 13.9 14.0 manager is
not
E Weaknesses qualified. Corrective
in business Unclear actions not
case baselines reported.
Disaster major 14.2 10.9 10.3 E Weaknesses Program Certification
Management in business manager is application to
case not be submitted to
qualified. DHS by 1/31/06.
Homeland major 9.0 20.5 22.8 E Weaknesses Unclear Conducting
Security in business baselines internal
Information case and Investment
Network program Review Board
manager is making "within
not threshold
qualified. adjustments" to
key work
breakdown
structure by
6/1/06 and
assign a fully
qualified
project manager
by 3/15/06.
National major 12.6 12.6 12.6 E Weaknesses Unclear Appropriate
Asset Data in business baselines resources have
Base case and been contacted
program to complete the
manager is approval of the
not baseline
qualified. documentation
and project
manager
certification
by 5/24/06.
Page 42 GAO-06-647 High Risk IT Projects
FY2005 FY2006 FY2007 Reasons for
Investment actuals enacted request high risk Performance Planned
(in (in (in
Investment name type millions) millions) millions) designationa shortfall improvement
efforts
Priority major $116.6 $118.2 $120.3 E Unclear Submit baseline
Telecommunications baselines, documents by
Service Weaknesses project 3/1/06 and
in business manager is project manager
case not certification
qualified, by 2/15/06 to
prepare for the
and Investment
Review
duplication Board briefing
exists scheduled for
4/26/06.
between
other
investments.
Information major 0.0 0.0 0.0 D No N/A
Systems
Security LOB performance
shortfallb
Create
SAFECOM non-IT 8.5 0.0 0.0 D, E Cost and detailed
project
Weakness in schedule plans to
the area of variances satisfy earned
performance not within value
goals. 10 percent management
criteria.
Action date:
10/1/05
Alien Flight major 9.1 10.0 10.0 E Cost and Briefing to
Student the
Program schedule component
variances agency's
Weaknesses not within administrator
in business 10 on need for
case funding.
percent Action date:
4/14/06
Hazmat Threat major 10.1 28.1 27.8 E Program Project
manager has
Assessment Program Weaknesses manager is developed and
in business not is
case qualified. implementing a
training plan
to achieve
certification.
Action date: 7/31/07
Registered major 15.0 23.0 35.1 E Program Training plan
Traveler in place
manager is and program
not office is
Weaknesses qualified. looking to
in business backfill
case position.
Action date: 12/30/06
Transportation major 5.0 10.0 20.0 E Unclear Revised
deployment
Worker baselines schedule is
Identification Weaknesses and schedule contingent on
Credentialing in business variance not completing the
case within 10 investment
review
process.
percent Action date:
fiscal year
2006, 3rd quarter
Secure Flightc IT 44.9 94.3 54.7 E Unclear Currently
program rebaselining
Weaknesses baselines program
in business Action date:
3/25/06
case
FY2005 FY2006 FY2007 Reasons for
Investment actuals enacted request high risk Performance Planned
type (in (in (in designationa shortfall improvement
Investment name millions) millions) millions) efforts
Crew Vettingc major c c c E Weaknesses in Component
business case agency
officials are
giving
technical
assistance to
develop and
present an
approved
baseline to
DHS by
3/15/06 and
project
manager
certification
to be
granted April
2006.
Corrective
Nationwide major 24.0 27.3 19.1 E Unclear actions not
Automatic Weaknesses baselines reported.
Identification in business
System case
eMerge2 major 49.0 17.8 17.3 D Project Since current
project
manager is manager is
acting,
not qualified DHS will hire an
individual with
appropriate
certification
level.
Source: OMB FY2007 Exhibit 53 and Department of Homeland Security
documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project exceptionally high development, operating, or maintenance
costs, either in absolute terms or as a percentage of the agency's total
IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
b
According to agency officials, this investment is in the initial concept
phase and therefore has not been approved or funded.
According to agency officials, since Secure Flight and Crew Vetting were
considered as one investment in the fiscal year 2007 budget submission,
the 2005 actuals, 2006 enacted and 2007 request are the same for both
projects. They will be separate investments in fiscal year 2008.
Table 12: Summary of High Risk Projects for the Department of Housing and Urban Development
FY2005 FY2006 FY2007 Planned
Investment Investment actuals enacted request Reasons for Performance improvement
(in (in (in high
type millions) millions) millions) risk shortfall efforts
name designation
a
FHA major $11.8 $11.9 $6.8 C No N/A
performance
Subsidiary shortfall
Ledger
HUD major 4.4 4.7 9.0 C No performance N/A
Integrated shortfall
Financial
Management
Project
Enterprise major 4.5 2.6 2.2 E No N/A
performance
Income Supports the shortfall
Verification presidential
initiative
for a citizen
centered, results
oriented, market
based government.
Source: OMB FY2007 Exhibit 53 and Department of Housing and Urban
Development documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 13: Summary of High Risk Projects for the Department of Interior
FY2005 FY2006 FY2007 Reasons for
Investment Investment actuals enacted request high risk Performance Planned
(in (in (in improvement
name type millions) millions) millions) designationa shortfall efforts
Recreation major $0.3 $5.7 $11.0 D No performance N/A
One-Stop shortfall
Geospatial major 9.1 6.2 3.7 D No performance N/A
One-Stop shortfall
Financial major 50.2 49.7 52.7 B, C, Schedule New contract was
Business D variance not awarded that
Management within 10 includes requirement
System percent for contractor to
use an ANSI Standard
748-compliant EVMS.
An Integrated
Baseline Review is
under
way and will be
completed by March
31, 2006. Project
will request DOI
Investment Review
Board approval of
new baseline in
April.
Source: OMB FY2007 Exhibit 53 and Department of Interior documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 14: Summary of High Risk Projects for the Department of Justice
FY2005 FY2006 FY2007 Reasons for
Investment Investment actuals enacted request high risk Performance Planned
(in (in (in improvement
name type millions) millions) millions) designationa shortfall efforts
Integrated Joint $159.0 $89.7 $180.0 B No N/A
effort performance
Wireless for more shortfall
Network than one
agency
Unified major 66.0 82.1 118.0 B, C No N/A
performance
Financial shortfall
Management
System
Litigation major 2.5 6.5 13.2 C No N/A
performance
Case shortfall
Management
System
Grants.gov major 0.6 0.5 0.8 D No N/A
performance
(managing shortfall
partner)
Sentinel major 4.3 197.6 100.0 B, C No N/A
performance
shortfall
Next major 14.1 60.0 57.4 B No N/A
performance
Generation shortfall
IAFIS
Law major 28.3 15.9 24.6 C Unclear The planned
contract
Enforcement baselines award of the
development
National contract is
January
2007.
Data The
ANSI/EIA-748
Exchange compliance
will occur
in
April 2007.
Action date:
1/22/07
Regional major 5.0 5.0 5.0 C No N/A
performance
Data shortfall
Exchange
Terrorist major 3.2 3.9 4.3 C No N/A
performance
Screening shortfall
Database
Upgrade
Source: OMB FY2007 Exhibit 53 and Department of Justice documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 15: Summary of High Risk Projects for the Department of Labor
FY2005 FY2006 FY2007
actuals enacted request Planned Investment Investment (in (in (in Reasons
for high risk Performance improvement name type millions) millions)
millions) designationa shortfall efforts
New Core major $9.9 $6.2 $14.0 B, D No performance N/A Financial shortfall
Management System
GovBenefits major 5.5 4.5 4.5 D No performance N/A shortfall
EFAST major 19.2 21.9 19.9 B No performance N/A shortfall
EFAST2 major 0.0 0.0 17.8 B No performance N/A shortfallb
Technical non-major 0.4 0.2 0.0 D No performance N/A Information shortfall
Retrieval System
E-Grants major 2.0 0.6 1.2 A, D No performance N/A shortfall
Enterprise HR major 0.9 2.0 4.3 D No performance N/A Integration shortfall
E-Travel non-major 1.4 0.6 0.6 D No performance N/A shortfall
Source: OMB FY2007 Exhibit 53 and Department of Labor documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
b
According to agency officials, this investment is not an active program.
Table 16: Summary of High Risk Projects for the Department of State
FY2005 FY2006 FY2007
actuals enacted request Reasons for Planned
Investment Investment (in (in (in high risk Performance improvement
name type millions) millions) millions) designationa shortfall efforts
State major $32.1 $39.7 $3.9 B, C, D Schedule On October 17,
Messaging variance 2005, the Under
and not within Secretary for
Archive 10 percent Management
Retrieval signed a task
Toolset order
authorizing the
initiation of a
detailed
contingency
planning effort
for this
investment. A
report on this
planning effort
was submitted
by the Chief
Information
Officer to
the Under Secretary for Management on February 13, 2006. Joint Financial Management System
major 7.9 16.2 13.2 E Interagency No performance shortfall N/A
OMB and the
e-Travel Joint effort 0.1 0.0 0.0 D Cost variance General
Services
for more than not within 10 Administration,
one agency percent the managing
partner of this
e-government
initiative,
have been
consistently
apprised of the
problems with
the vendor's
software and
the efforts
the Department
of State has
made to help
the vendor
design the
needed
functionality.
The
international
version of the
software is
scheduled to be
released by the
vendor near the
end of fiscal
year 2006.
Department of
State
anticipates a
significant
amount of
testing prior
to using the
international
capabilities of
this software
in a production
environment. As
a result, this
will push the
first overseas
pilot into
fiscal year
2007.
FY2005 FY2006 FY2007
actuals enacted request Reasons for Planned
Investment Investment (in (in (in high risk Performance improvement
name type millions) millions) millions) designationa shortfall efforts
Consolidated major $5.5 $5.5 $1.5 D Schedule The National
American variance Finance Center
Payroll not within is assessing
System and 10 percent the impact of
Interagency system
e-Payroll modifications
Migration to meet the
Department of
State's
payroll
processing
requirements.
System
development
efforts by the
National
Finance Center
will determine
the
implementation
schedule for
the agency and
the center's
migration
activities and
overall costs
for both
agencies.
The National
Finance Center
has
committed to
providing a
written cost
estimate by
March 17,
2006.
Integrated major 23.0 24.0 25.2 D No N/A
Personnel performance
Management shortfall
System
Source: OMB FY2007 Exhibit 53 and Department of State documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The projects is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 17: Summary of High Risk Projects for the Department of Transportation
FY2005 FY2006 FY2007 actuals enacted request Planned Investment (in (in
(in Reasons for high risk Performance improvement Investment name type
millions) millions) millions) designationa shortfall efforts
Advanced Technologies major $106.6 $91.7 $82.2 E No N/A and Oceanic
Incomplete EVM performance Procedures assessment, behind shortfall
schedule
En Route Automation major 261.6 330.1 376.2 B, D No N/A Modernization
performance shortfall
Wide Area major 122.6 117.4 133.1 B, E No N/A Augmentation System
Incomplete EVM performance assessment and shortfall historically behind
schedule and/or over cost
Terminal Automation major 0.0 19.8 32.1 D No N/A Mod. & Rep. performance
shortfall
Terminal Radar major 93.0 Digitizing, Replacement, and Establishment
69.7 77.4 E No N/A
Poor EVM quality performance shortfall
Automated Weather major 27.4 25.8 27.3 E No N/A Observation Poor EVM
quality performance System/Automated shortfall Surface Observing System
FAA major 143.3 232.5 246.0 B, E Schedule Corrective Telecommunications
Poor EVM quality, out variance not actions taken to Infrastructure of
variance within 10 put the program
percent back on track to meet fiscal year 2007 target date for full
implementation.
Next Generation Vhf major 29.5 34.1 26.9 E Schedule Program Air/Ground Out
of variance variance not rebaselined in Communications within 10 December
2005 (Segment 1) percent and corrective
actions taken
that bring it
within variance
limits.
Traffic Flow major 48.2 92.6 106.5 E No N/A Management-
Out of variance performance
Modernization shortfall
FY2005 FY2006 FY2007
actuals enacted request Planned
Investment (in (in (in Reasons for Performance improvement
high risk
Investment type millions) millions) designationa shortfall efforts
name millions)
Standard major $132.9 $119.5 $86.6 B, D, E No N/A
Terminal
Automation Poor EVM performance
Replacement quality shortfall
System
Consolidated major 65.7 63.6 50.3 D No N/A
Financial
Management performance
shortfall
System-Wide major 7.9 13.9 24.0 E Investment Requires a
Information No approved Review baseline
Management baselines Board has Action
not date:
baselined 6/2006
this
project.
Automatic major 7.9 22.0 117.0 E Investment Requires a
Dependent
Surveillance- No approved Review baseline
Broadcast baselines Board has Action
not date:
baselined 6/2006
this
project.
Source: OMB FY2007 Exhibit 53 and Department of Transportation documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 18: Summary of High Risk Projects for the Department of Treasury
FY2005 FY2006 FY2007
actuals enacted request Reasons for
Investment Investment (in (in (in high risk Performance Planned
improvement
name type millions) millions) millions) designationa shortfall efforts
BSA Direct major $9.6 $7.2 $3.4 D No N/A
performance
shortfall
Customer major 105.9 113.8 120.5 A, B, C No N/A
performance
Account Data shortfall
Engine
Filing and major 0.2 32.6 20.0 A, B, C No N/A
performance
Payment shortfall
Compliance
(Blended)
HR Connect major 23.6 24.0 23.9 D No N/A
performance
shortfall
Integrated major 9.4 18.5 18.5 A, B Cost The
variance development,
Financial not within modernization,
10
System/CORE percent enhancement
costs are
Financial expected to
fall within
System tolerance as a
result of
closeout costs
being
reported.
Modernized major 69.2 67.7 55.4 A, B, C No N/A
performance
e-File shortfall
Oracle Federal major 2.9 3.3 4.0 D No N/A
performance
Financial shortfall
Systems
Treasury major 3.5 16.2 21.2 D Schedule The corrective
action for
Foreign variance the schedule
not variance is
Intelligence within 10 being handled
as part of
Network the
percent restructuring
and re
planning
activity in
1st
quarter fiscal
year 2006.
Source: OMB FY2007 Exhibit 53 and Department of Treasury documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Page 53 GAO-06-647 High Risk IT Projects
Table 19: Summary of High Risk Projects for the Department of Veterans Affairs
FY2005 FY2006 FY2007
actuals enacted request Reasons for
Investment Investment (in (in (in high risk Performance Planned
improvement
name type millions) millions) millions) designationa shortfall efforts
Health Admin major $9.7 $13.3 $11.3 D No N/A
performance
Center shortfall
IT Operations-
2007
Unclear This
Fee Basis major 8.6 7.6 0.0 D baselines, project is
being
Replacement- and cost terminated.
and
2007 schedule
variances
not
within 10
percent
VistA Legacy- major 437.7 451.9 460.3 B No N/A
performance
2007 shortfall
VistA Imaging- major 79.7 67.6 51.6 D Unclear A new
baselines, performance
2007 and cost measurement
and baseline
with
schedule associated
cost and
variances schedule
not variances
will
within 10 be
percent submitted
for OMB
approval.
Scheduling major 18.7 12.8 12.9 D Unclear A new
baselines, performance
Replacement and cost measurement
and baseline
Project-2007 schedule with
associated
cost and
variances schedule
not variances
will
within 10 be
percent submitted
for OMB
approval.
Health Data major 40.3 24.2 26.8 D Unclear A new
baselines, performance
Repository- and cost measurement
and baseline
2007 schedule with
associated
cost and
variances schedule
not variances
will
within 10 be
percent submitted
for OMB
approval.
Enrollment major 12.9 14.9 11.8 D Unclear A new
baselines, performance
(Includes and cost measurement
and baseline
Income schedule with
associated
cost and
variances schedule
Verification)- not variances
will
2007 within 10 be
percent submitted
for OMB
approval.
VistA major 5.2 3.3 18.4 D Unclear A new
baselines, performance
Laboratory IS and cost measurement
and baseline
System Re schedule with
associated
cost and
engineering- variances schedule
not variances
will
2007 within 10 be
percent submitted
for OMB
approval.
Page 54 GAO-06-647 High Risk IT Projects
FY2005 FY2006 FY2007
actuals enacted request Reasons for
Investment Investment (in (in (in high risk Performance Planned
improvement
name type millions) millions) millions) designationa shortfall efforts
HealtheVet major $45.7 $42.9 $71.6 D Unclear A new
baselines, performance
VistA-2007 and cost measurement
and baseline
with
schedule associated
cost and
variances schedule
not variances
will
within 10 be
percent submitted
for OMB
approval.
MyHealtheVet- major 21.4 13.1 16.6 B, C, D Unclear A new
baselines, performance
2007 and cost measurement
and baseline
with
schedule associated
cost and
variances schedule
not variances
will
within 10 be
percent submitted
for OMB
approval.
Medical and major 20.4 23.1 23.0 D Unclear A new
baselines, performance
Prosthetic and cost measurement
and baseline
with
Research- schedule associated
cost and
variances schedule
2007 not variances
will
within 10 be
percent submitted
for OMB
approval.
Decision major 19.3 19.3 19.5 D No N/A
performance
Support System shortfall
Legacy-2007
Allocation major 4.8 2.9 2.9 D No N/A
performance
Resource shortfall
Center-2007
Patient major 36.7 9.4 0.0 B Unclear A new
baselines, performance
Financial and cost measurement
and baseline
with
Services schedule associated
cost and
variances schedule
System-2007 not variances
will
within 10 be
percent submitted
for OMB
approval.
Unclear This
Decision major 2.5 0.5 0.0 D baselines, project is
being
Support System and cost terminated.
and
Modernization- schedule
2007 variances
not
within 10
percent
Pharmacy Re major 17.8 16.0 16.9 D Unclear A new
baselines, performance
Engineering and cost measurement
and and baseline
IT Support- schedule with
associated
cost and
2007 variances schedule
not variances
will
within 10 be
percent submitted
for OMB
approval.
Payroll/HR major 12.3 14.1 14.2 D No N/A
performance
Systems-2007 shortfall
Financial major 13.9 16.0 16.1 D No N/A
performance
Management shortfall
System-2007
Page 55 GAO-06-647 High Risk IT Projects
FY2005 FY2006 FY2007
actuals enacted request Reasons for
Investment Investment (in (in (in high risk Performance Planned
improvement
name type millions) millions) millions) designationa shortfall efforts
e-Payroll-2007 IT $6.1 $5.5 $7.1 D Unclear A new
migration baselines, performance
investment and cost measurement
and baseline
portion of with
a schedule associated
cost and
larger variances schedule
asset not variances
will
within 10 be
percent submitted
for OMB
approval.
VA wide e major 2.4 4.2 3.6 D Unclear A new
baselines, performance
Travel and cost measurement
and baseline
with
Solution-2007 schedule associated
cost and
variances schedule
not variances
will
within 10 be
percent submitted
for OMB
approval.
VA-Learning major 1.9 0.9 5.4 D Unclear A new
baselines, performance
Management and cost measurement
and baseline
System-2007 schedule with
associated
cost and
variances schedule
not variances
will
within 10 be
percent submitted
for OMB
approval.
Federal Health major 4.6 4.8 4.9 D No N/A
performance
Information shortfall
Exchange-
2007
BDN major 20.8 21.8 21.8 D Unclear A new
baselines, operational
Maintenance and cost baseline
and with
associated
and schedule cost and
schedule
Operations- variances variances
not will be
2007 within 10 submitted
percent for OMB
approval.
Unclear An
BIRLS/VADS- major 2.7 2.5 2.5 D baselines, operational
baseline
2007 and cost with
and associated
cost and
schedule
schedule variances
will
variances be
not submitted
for OMB
within 10 approval.
percent
C&P major 54.4 17.9 15.8 D Schedule No planned
variance improvement
Maintenance not within efforts
10 reported.
and Operations percent
(non-BDN)-
2007
Unclear An
Education major 1.1 7.4 1.8 D baselines, operational
baseline
Maintenance and cost with
and associated
cost and
schedule
and Operations schedule variances
will
(non-BDN)- variances be
not submitted
for OMB
2007 within 10 approval.
percent
FY2005 FY2006 FY2007
actuals enacted request Reasons for
Investment Investment (in (in (in high risk Performance Planned
improvement
name type millions) millions) millions) designationa shortfall efforts
Insurance major $8.5 $7.3 $7.9 D No N/A
performance
System shortfall
Maintenance
and
Operations-
2007
Loan Guaranty major 9.1 10.3 10.0 D Unclear A new
baselines, operational
Maintenance and cost baseline
and with
associated
and schedule cost and
schedule
Operations- variances variances
not will be
2007 within 10 submitted
percent for OMB
approval.
Unclear An
Program major 10.9 9.8 9.5 D baselines, operational
baseline
Integrity/Data and cost with
and associated
cost and
Management- schedule schedule
variances
will
2007 variances be
not submitted
for OMB
within 10 approval.
percent
The Education major 1.8 3.3 3.2 D Unclear A new
baselines, performance
Expert and cost measurement
and baseline
System-2007 schedule with
associated
cost and
variances schedule
not variances
will
within 10 be
percent submitted
for OMB
approval.
Unclear An
VR&E major 5.4 2.7 2.7 D baselines, operational
baseline
Maintenance and cost with
and associated
cost and
schedule
and Operations schedule variances
will
(non-BDN)- variances be
not submitted
for OMB
2007 within 10 approval.
percent
Burial major 1.0 1.0 1.0 D No N/A
performance
Operations shortfall
Support
System-2007
Automated major 0.6 0.7 0.6 D No N/A
performance
Monument shortfall
Application
System-2007
Source: OMB FY2007 Exhibit 53 and Department of Veterans Affairs
documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 20: Summary of High Risk Projects for the Environmental Protection Agency
FY2005 FY2006 FY2007
actuals enacted request Reasons for Investment Investment (in (in (in high
risk Performance Planned improvement name type millions) millions)
millions) designationa shortfall efforts
PeoplePlus- major $3.9 $2.6 $2.9 D No performance N/A HR shortfall
e-Rulemaking major 10.7 1.2 1.8 D Cost variance not A rebaseline will be
within 10 percent requested and monitored by operational analysis rather
than earned value management until development funds are reauthorized.
EZ-Hire non-major 0.6 0.4 0.4 D No performance N/A shortfall
Financial major 19.5 28.2 37.0 D No performance N/A Replacement shortfall
System
Integrated major 2.3 3.0 3.0 D No performance N/A Contracts shortfall
Management System
Integrated major 2.4 1.6 1.5 D No performance N/A Grants shortfall
Management System
Source: OMB FY2007 Exhibit 53 and Environmental Protection Agency
documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 21: Summary of High Risk Projects for the General Services Administration
FY2005 FY2006 FY2007 Reasons for
Investment Investment actuals enacted request high risk Performance Planned
(in (in (in
name type millions) millions) millions) designationa shortfall improvement
efforts
CHRIS major $5.7 $7.2 $6.3 D No N/A
performance
shortfall
eAuthentication major 2.1 2.3 3.1 D No N/A
performance
shortfall
Enterprise major 12.5 17.4 18.4 E No N/A
performance
Customer This is a shortfall
Relationship large
Management System project in
the initial
stage.
eTravel major 10.2 9.9 9.1 D No N/A
performance
shortfall
Federal Asset major 2.8 2.4 1.8 D No N/A
performance
Sales Program shortfall
FMLoB major 28.9 39.9 40.1 B No N/A
performance
COE/Pegasys shortfall
GSA Preferred non-major 10.6 18.0 3.0 B Unclear Based on
the results
baselines, of an
cost, independent
and assessment,
schedule GSA
variances has
not determined
that
this
within 10 investment
is not
percent and meeting the
current
project and future
manager business
is not objectives.
qualified. As a
result, GSA
is
terminating
this
investment.
GSA has
initiated a
data
migration
initiative
that will
enable
migration
of
the two
regions to
the
legacy
system.
Will
provide
quarterly
updates on
progress
of
migration
activity.
Action
date:
fiscal
year 2007,
4th
FY2005 FY2006 FY2007 Reasons for
Investment Investment actuals enacted request high risk Performance Planned
name type (in (in (in designationa shortfall improvement
millions) millions) millions) efforts
Integrated major $9.4 $4.3 $3.9 D Cost Update task
Acquisition variance planned start
Environment not within and end dates
10 percent on protest
and project resolution
manager is and project
not manager will
qualified. continue
required
training to
meet CIO
program
manager
certification
criteria.
Action date:
fiscal
year 2006,
4th
quarter
USA Services major 11.3 11.5 11.7 D No performance N/A shortfall
Source: OMB FY2007 Exhibit 53 and General Services Administration
documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 22: Summary of High Risk Projects for the National Aeronautics and Space
Administration
FY2005 FY2006 FY2007 Planned Investment actuals (in enacted (in request
(in Reasons for high Performance improvement Investment name type
millions) millions) millions) risk designationa shortfall efforts
E-Rulemaking Joint effort for $0.2 more than one agency
$0.4 $0.3 D No N/A performance shortfall
Business Gateway Joint effort for 0.0 more than one agency
0.1 0.1 D No N/A performance shortfall
Geospatial One-Joint effort for 0.2 Stop more than one
agency
0.3 0.0 D No N/A performance shortfall
Grants.Gov Joint effort for 0.5 more than one agency
0.5 0.5 D No N/A performance shortfall
FY2005 FY2006 FY2007 Planned
Investment actuals enacted request Reasons for Performance
(in (in (in high improvement
Investment name type millions) millions) millions) risk shortfall efforts
designation
a
Joint
E-Training effort $1.0 $0.0 $0.0 D No N/A
for
more performance
than
one
agency shortfall
Joint
Recruitment One effort 0.0 0.0 0.0 D No N/A
for
Stop more performance
than
one
agency shortfall
Joint
E-Payroll effort 1.0 0.0 0.0 D No N/A
for
more performance
than
one
agency shortfall
Joint
E-Travel effort 0.2 0.5 0.0 D No N/A
for
more performance
than
one
agency shortfall
Joint
Integrated effort 1.8 1.3 1.4 D No N/A
for
Acquisition more performance
than
one
Environment agency shortfall
Joint
E-Records effort 0.0 0.0 0.0 D No N/A
for
Management more performance
than
one
agency shortfall
Joint
E-Authentication effort 0.4 0.5 0.6 D No N/A
for
more performance
than
one
agency shortfall
Joint
Financial effort 0.1 0.1 0.1 D No N/A
for
Management Line more performance
than
one
of Business agency shortfall
Joint
Human Resource effort 0.0 0.0 0.1 D No N/A
for
Management more performance
than
one
Lines of agency shortfall
Business
Joint
Information effort 0.0 0.0 0.0 D No N/A
for
Systems Security more performance
than
one
Line of Business agency shortfall
Core Financial major 38.3 87.3 37.9 B, C No N/A
performance
shortfall
Contract major 16.6 37.4 14.1 B, C No N/A
Management performance
Module shortfall
Source: OMB FY2007 Exhibit 53 and National Aeronautics and Space
Administration documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 23: Summary of High Risk Projects for the National Science Foundation
FY2005 FY2006 FY2007
actuals enacted request Reasons for Planned
Investment Investment (in (in (in high risk Performance improvement
name type millions) millions) millions) designationa shortfall efforts
E-Human major $0.7 $1.6 $2.5 D No N/A
performance
Capital shortfall
Source: OMB FY2007 Exhibit 53 and National Science Foundation documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 24: Summary of High Risk Projects for the Nuclear Regulatory Commission
FY2005 FY2006 FY2007 Reasons for Planned
Investment Investment actuals enacted request high risk Performance improvement
(in (in (in
name type millions) millions) millions) designationa shortfall efforts
e-Travel non-major $0.1 $0.5 $0.3 D No N/A
performance
shortfall
Disaster Joint effort N/A N/A N/A D No N/A
performance
Management for more shortfall
Information than one
System agency
Learning non-major 0.5 0.5 0.5 D Cost and Complete
security
Management schedule certification
and
System variance accreditation
not
within 10 process
percent Action date:
pending
Electronic major 0.8 0.7 0.9 D No N/A
performance
Information shortfall
Exchange
Source: OMB FY2007 Exhibit 53 and Nuclear Regulatory Commission documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project exceptionally high development, operating, or maintenance
costs, either in absolute terms or as a percentage of the agency's total
IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 25: Summary of High Risk Projects for the Office of Personnel Management
FY2005 actuals FY2006 FY2007 Reasons for Planned (in enacted (in request
(in high risk Performance improvement Investment name Investment type
millions) millions) millions) designationa shortfall efforts
Information Systems Joint effort for $0.0 $0.0 $0.0 D Unclear The Office
of
Security Line of more than one baselines, cost Personnel
Business agency and schedule Management's
variances not project coordinator
within 10 will work with OMB
percent, and staff and
project manager interagency
is not qualified. Information
Systems Security
Line of Business
participants to
clarify
governmentwide
and agency goals.
Once the goals are
clarified, the
baseline cost and
schedule will be
developed. Agency
will assess the
project manager
against the
agency's
qualification
guidelines.
Retirement Systems major 5.4 52.7 43.2 B, C, D Unclear This project is
still
Modernization baselines, and in the planning cost and phase and a schedule
baseline is being variance not developed. within 10 percent
Financial Joint effort for 0.0 0.1 0.1 D Cost and Corrective actions
Management Line of more than one schedule not reported.
Business agency variance not
within 10
percent
Human Resources major 5.8 8.0 6.7 D No performance N/A Management Line of
shortfall Business
Enterprise Human major 12.8 36.8 36.4 D No performance N/A Resources
shortfall Integration
FY2005
actuals FY2006 FY2007 Reasons for Planned
(in enacted request high risk Performance improvement
Investment Investment millions) (in (in designationa shortfall efforts
name type millions) millions)
E-Training major $3.0 $3.1 $3.1 D Schedule The Human
variance Resources
not
within 10 Management
percent Line of
Business/Human
Resource
Development
Project
Management
Office will
closely
monitor the
delivery of
activities on
the
enterprise
architecture,
Workforce
Development
Roadmap, and
performance
management
subprojects.
OPM requested
the completion
of remaining
baseline
corrections to
resolve
located
schedule
errors.
Recruitment One major 6.9 7.6 7.9 D No N/A
Stop/USA Jobs performance
shortfall
E-Clearance major 6.1 5.4 5.6 D Cost and For both the
schedule cost/ and
schedule
variances variances, the
not within agency is
10 percent. updating out
estimate to
complete to
reflect a
realistic
timeline
given the
current
circumstances
with
external
stakeholders.
Personnel major 9.9 12.9 13.3 No N/A
Investigations E performance
Processing Designated shortfall
Systems by OMB
e-Rulemaking Joint effort for 0.0 0.2 0.2 D No performance N/A
more than one shortfall
agency
FY2005
actuals FY2006 FY2007 Reasons for Planned
(in enacted request high risk Performance improvement
(in (in
Investment Investment millions) millions) millions) designationa shortfall efforts
name type
Fed Asset Joint $0.0 $0.0 $0.0 D No performance N/A
Sales effort for
more than shortfall
one
agency
Business Joint 0.0 0.2 0.1 D No performance N/A
Gateway effort for
more than shortfall
one
agency
Disaster Joint 0.0 0.0 0.0 D No performance N/A
effort
Management for more shortfall
than one
agency
E-Travel IT 0.0 0.0 0.0 D No performance N/A
migration
investment shortfall
portion of
a
larger
asset
E- IT 0.0 0.5 0.1 D No performance N/A
migration
Authentication investment shortfall
portion of
a
larger
asset
Source: OMB FY2007 Exhibit 53 and Office of Personnel Management
documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project exceptionally high development, operating, or maintenance
costs, either in absolute terms or as a percentage of the agency's total
IT portfolio.
C=The projects is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Page 66 GAO-06-647 High Risk IT Projects
Table 26: Summary of High Risk Projects for Small Business Administration
FY2005 FY2006 FY2007
actuals request request Reasons for Planned
Investment (in (in (in high risk Performance improvement
Investment name type millions) millions) millions) designationa shortfall efforts
GovBenefits.gov Joint N/A N/A $0.1 D No N/A
effort for performance
more than shortfall
one agency
USA Services Joint 0.0 0.0 0.0 D No N/A
effort for performance
more than shortfall
one agency
E-Rulemaking Joint 0.2 0.2 0.2 D No N/A
effort for performance
more than shortfall
one agency
Federal Asset Joint 0.0 0.0 0.0 D No N/A
Sales effort for performance
more than shortfall
one agency
Geospatial Joint 0.0 0.0 0.0 D No N/A
One-Stop effort for performance
more than shortfall
one agency
Disaster Joint 0.0 0.0 0.0 D No N/A
Management effort for performance
more than shortfall
one agency
Grants.gov Joint 0.0 0.2 0.1 D No N/A
effort for performance
more than shortfall
one agency
E-Training Joint 0.0 0.0 0.0 D No N/A
effort for performance
more than shortfall
one agency
Recruitment Joint N/A N/A N/A D No N/A
One-Stop effort for performance
more than shortfall
one agency
Enterprise Human Joint 0.0 0.0 0.0 D No N/A
Resources effort for performance
Integration more than shortfall
one agency
E-Clearance Joint N/A N/A N/A D No N/A
effort for performance
more than shortfall
one agency
E-Travel Joint 0.0 0.3 0.0 D No N/A
effort for performance
more than shortfall
one agency
E-Authentication Joint 0.4 0.5 0.1 D No N/A
effort for performance
more than shortfall
one agency
Financial Joint 0.1 0.1 0.1 D No N/A
Management Line effort for performance
of Business more than shortfall
one agency
FY2005 FY2006 FY2007
actuals request request Reasons for
Investment (in (in (in high risk Performance Planned
improvement
Investment type millions) millions) millions) designationa shortfall efforts
name
Human Joint Original
Resources effort $0.0 $0.1 $0.7 D Project project
for deliverable
Management more manager is for fiscal
Line than not year 2006
was
of Business one yet deferred,
agency qualified. with no
project
manager
required.
New
project
manager is
receiving
training as
part of
Office of
CIO
directed
formal
training
activity.
WinZip Joint
SmartBUY effort N/A N/A N/A D No N/A
for
more performance
than
one shortfall
agency
Joint
Grants effort 0.0 0.0 0.0 D No N/A
for
Management more performance
LOB than
one shortfall
agency
Joint
Integrated effort 0.0 0.0 0.1 D No N/A
for
Acquisition more performance
than
Environment one shortfall
agency
Business Joint
Gateway effort 0.1 0.1 0.1 D No N/A
for
(e-GOV) more performance
than
one shortfall
agency
Business major 8.9 10.3 7.9 B No N/A
Gateway
(Managing performance
Partner)b shortfall
Disaster major 5.0 5.6 5.8 B No N/A
Credit
Management performance
Systemb shortfall
Source: OMB FY2007 Exhibit 53 and Small Business Administration documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
b
According to agency officials, the fiscal year 2006 request was enacted
for these investments.
Table 27: Summary of High Risk Projects for the Social Security Administration
FY2005 FY2006 FY2007
actuals enacted request Reasons for Investment Investment (in (in (in high
risk Performance Planned improvement name type millions) millions)
millions) designationa shortfall efforts
E-Vital major $1.1 $1.0 $0.8 D Cost variance not None, as fixed price
contract within 10 percent cost variances at successful project completion
will be zero
e-Dib major 79.3 22.7 8.4 B No performance N/A shortfall
Disability major 6.2 Process Improvements 35.0 28.5 E No performance N/A
Improve SSA's shortfall Disability Service
Medicare major 99.0 61.4 7.6 E No performance N/A Modernization
Legislation shortfall
IT Operations major 0.4 22.6 28.0 B Cost variance not Contract to be
awarded for Assurance within 10 percent the second data center facility
Action date: pending
Voice over IP major 0.4 41.1 33.5 B No performance N/A shortfall
Source: OMB FY2007 Exhibit 53 and Social Security Administration
documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Table 28: Summary of High Risk Projects for the U.S. Agency for International
Development
FY2005 FY2006 FY2007 actuals enacted request Reasons for Investment (in
(in (in high risk Performance Planned improvement Investment name type
millions) millions) millions) designationa shortfall efforts
Joint Acquisition and major & $0.0 & Assistance non-major 10.6 Management
System/Procurement System Improvement Project $6.0 & $11.4 & C Baselines
not yet To collect information
0.0 0.0 established and from various sources at cost and the agency and
the schedule Department of State in variances not order to validate within
10 milestones.
percent. Action date: 6/1/06
Source: OMB FY2007 Exhibit 53 and U.S. Agency for International
Development documents.
a
Reasons for high risk designation include:
A=The agency has not consistently demonstrated the ability to manage
complex projects.
B=The project has exceptionally high development, operating, or
maintenance costs, either in absolute terms or as a percentage of the
agency's total IT portfolio.
C=The project is being undertaken to correct recognized deficiencies in
the adequate performance of an essential mission program or function of
the agency, a component of the agency, or another organization.
D=The projects' delay or failure would introduce for the first time
unacceptable or inadequate performance or failure of an essential mission
function of the agency, a component of the agency, or another
organization. (Note: According to OMB staff, projects identified as high
risk per OMB's additional instructions on e-government or lines of
business initiatives met this reason.)
E=Other.
Appendix IV: GAO Contact and Staff Acknowledgments
David A. Powner, (202) 512-9286, [email protected]
GAO Contact
In addition to the contact named above, the following people made key
contributions to this report: William G. Barrick, Nancy Glover, Nnaemeka
Okonkwo, Sabine Paul, and Niti Tandon.
(310805)
*** End of document. ***