Information Technology: Census Bureau Needs to Improve Its Risk
Management of Decennial Systems (05-OCT-07, GAO-08-79).						 
                                                                 
Automation and information technology (IT) are expected to play
a critical role in the 2010 decennial census. The Census Bureau
plans to spend about $3 billion on automation and technology
that are to improve the accuracy and efficiency of census
collection, processing, and dissemination. The Bureau is
holding what it refers to as a Dress Rehearsal, during which it
plans to conduct operational testing that includes the decennial
systems. In view of the importance of IT acquisitions to the
upcoming census, GAO was asked to (1) determine the status and
plans for four key IT acquisitions, including schedule and cost,
and (2) assess whether the Bureau is adequately managing
associated risks. To achieve its objectives, GAO analyzed
acquisition documents and the projects' risk management
activities and compared these activities to industry standards.	 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-08-79						        
    ACCNO:   A77127						        
  TITLE:     Information Technology: Census Bureau Needs to
Improve Its Risk Management of Decennial Systems							 
     DATE:   10/05/2007 
  SUBJECT:   2010 Decennial Census
             Census
             Cost analysis
             Data collection
             IT acquisitions
             Information technology
             Operational testing
             Program evaluation
             Risk assessment
             Risk management
             Schedule slippages
             Source data automation
             Strategic planning

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-08-79



This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to [email protected]. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

GAO Highlights: 

Highlights of GAO-08-79, a report to the Subcommittee on Federal 
Financial Management, Government Information, Federal Services, and 
International Security, Committee on Homeland Security and Governmental 
Affairs, U.S. Senate. 

Why GAO Did This Study: 

Automation and information technology (IT) are expected to play a 
critical role in the 2010 decennial census. The Census Bureau plans to 
spend about $3 billion on automation and technology that are to improve 
the accuracy and efficiency of census collection, processing, and 
dissemination. The Bureau is holding what it refers to as a Dress 
Rehearsal, during which it plans to conduct operational testing that 
includes the decennial systems. In view of the importance of IT 
acquisitions to the upcoming census, GAO was asked to (1) determine the 
status and plans for four key IT acquisitions, including schedule and 
cost, and (2) assess whether the Bureau is adequately managing 
associated risks. To achieve its objectives, GAO analyzed acquisition 
documents and the projectsï¿½ risk management activities and compared 
these activities to industry standards. 

What GAO Found: 

Three key systems acquisitions for the 2010 Census are in process, and 
a fourth contract was recently awarded. The ongoing acquisitions show 
mixed progress in meeting schedule and cost estimates. Currently, two 
of the projects are not on schedule, and the Bureau plans to delay 
certain functionality. The award of the fourth contract, originally 
scheduled for 2005, was awarded in September 2007. In addition, one 
project has incurred cost overruns and increases to its projected life-
cycle cost. As a result of the schedule changes, the full complement of 
systems and functionality that were originally planned will not be 
available for the Dress Rehearsal operational testing. This limitation 
increases the importance of further system testing to ensure that the 
decennial systems work as intended. 

The Bureauï¿½s project teams for each of the four IT acquisitions have 
performed many practices associated with establishing sound and capable 
risk management processes, but critical weaknesses remain. Three 
project teams had developed a risk management strategy that identified 
the scope of the risk management effort. However, not all project teams 
had identified risks, established mitigation plans, or reported risks 
to executive-level officials. For example, one project team did not 
adequately identify risks associated with performance issues 
experienced by mobile computing devices. In addition, three project 
teams developed mitigation plans that were often untimely or included 
incomplete activities and milestones for addressing the risks. Until 
the project teams implement key risk management activities, they face 
an increased probability that decennial systems will not be delivered 
on schedule and within budget or perform as expected. 

Table: Performance of Risk Management Activities by Key Census 
Acquisition Projects: 

Specific practices: Preparing for risk management: Determine risk 
sources and categories; 
Acquisition Project: 1: Practice Partially Implemented; 
Acquisition Project: 2: Practice Fully Implemented; 
Acquisition Project: 3: Practice Fully Implemented; 
Acquisition Project: 4: Practice Fully Implemented. 

Specific practices: Preparing for risk management: Define risk 
parameters; 
Acquisition Project: 1: Practice Fully Implemented; 
Acquisition Project: 2: Practice Fully Implemented; 
Acquisition Project: 3: Practice Fully Implemented; 
Acquisition Project: 4: Practice Fully Implemented. 

Specific practices: Preparing for risk management: Establish and 
maintain a risk management strategy; 
Acquisition Project: 1: Practice Partially Implemented; 
Acquisition Project: 2: Practice Fully Implemented; 
Acquisition Project: 3: Practice Fully Implemented; 
Acquisition Project: 4: Practice Fully Implemented. 

Specific practices: Preparing for risk management: Identify and involve 
the relevant stakeholders; 
Acquisition Project: 1: Practice Partially Implemented; 
Acquisition Project: 2: Practice Partially Implemented; 
Acquisition Project: 3: Practice Fully Implemented; 
Acquisition Project: 4: Practice Partially Implemented. 

Specific practices: Identify and analyze risks: Identify and document 
the risks; 
Acquisition Project: 1: Practice Fully Implemented; 
Acquisition Project: 2: Practice Partially Implemented; 
Acquisition Project: 3: Practice Fully Implemented; 
Acquisition Project: 4: Practice Partially Implemented. 

Specific practices: Identify and analyze risks: Evaluate, categorize, 
and prioritize risks; 
Acquisition Project: 1: Practice Partially Implemented; 
Acquisition Project: 2: Practice Fully Implemented; 
Acquisition Project: 3: Practice Fully Implemented; 
Acquisition Project: 4: Practice Fully Implemented. 

Specific practices: Mitigate risks: Develop risk mitigation plans; 
Acquisition Project: 1: Practice Partially Implemented; 
Acquisition Project: 2: Practice Partially Implemented; 
Acquisition Project: 3: Practice Fully Implemented; 
Acquisition Project: 4: Practice Not Implemented. 

Specific practices: Mitigate risks: Monitor status and implement risk 
mitigation plans; 
Acquisition Project: 1: Practice Partially Implemented; 
Acquisition Project: 2: Practice Partially Implemented; 
Acquisition Project: 3: Practice Fully Implemented; 
Acquisition Project: 4: Practice Partially Implemented. 

Specific practices: Executive oversight: Review status with executive-
level management; 
Acquisition Project: 1: Practice Not Implemented; 
Acquisition Project: 2: Practice Not Implemented; 
Acquisition Project: 3: Practice Fully Implemented; 
Acquisition Project: 4: Practice Not Implemented. 

Sources: GAO analysis of Census project data against industry 
standards. 

[End of table] 

What GAO Recommends: 

GAO is recommending that the Bureau strengthen its systems testing and 
risk management activities, including risk identification and 
oversight. The Bureau agreed to examine additional ways to manage 
risks, but disagreed with the view that a full complement of systems 
would not be tested in a census-like environment, stating it planned to 
do so during the Dress Rehearsal or later; however, the test plans have 
not been finalized and it remains unclear whether this testing will be 
done. 

To view the full product, including the scope and methodology, click on 
GAO-08-79. For more information, contact David A. Powner at (202) 512-
9286 or [email protected]. 

[End of section] 

Report to the Subcommittee on Federal Financial Management, Government 
Information, Federal Services, and International Security, Committee on 
Homeland Security and Governmental Affairs, U.S. Senate: 

United States Government Accountability Office: 

GAO: 

October 2007: 

Information Technology: 

Census Bureau Needs to Improve Its Risk Management of Decennial 
Systems: 

Information Technology: 

GAO-08-79: 

Contents: 

Letter1: 

Results in Brief: 

Background: 

Decennial IT Acquisitions Are at Various Stages of Development and Show 
Mixed Progress against Schedule and Cost Baselines: 

The Bureau Is Making Progress in Risk Management Activities, but 
Critical Weaknesses Remain: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Objectives, Scope, and Methodology: 

Appendix II: Key 2010 Census Information Technology Acquisitions: 

Appendix III: Comments from the Department of Commerce: 

GAO Comments: 

Appendix IV: GAO Contacts and Staff Acknowledgments: 

Tables: 

Table 1: Four Key IT Acquisitions Supporting Census 2010: 

Table 2: Comparison of FDCA Original and Revised Schedules: 

Table 3: FDCA Life-Cycle Cost Estimates: 

Table 4: Comparison of DRIS Original and Current Schedules: 

Table 5: DRIS Cost Estimates for Phase I (as of March 2006): 

Table 6: Risk Management Preparation Activities Completed for the Key 
2010 Census Systems: 

Table 7: Risk Identification and Evaluation Activities Completed for 
the Key 2010 Census Systems: 

Table 8: Risk Mitigation Activities Completed for Key 2010 Census 
Systems: 

Table 9: Executive-Level Risk Oversight Activities Completed for the 
Key 2010 Decennial Systems: 

Figures: 

Figure 1: Key 2010 Census Systems and Interfaces: 

Figure 2: Description and Examples of Key Risk Practice Areas: 

Abbreviations: 

CMMIï¿½: Capability Maturity Modelï¿½ Integration: 

DADSII: Data Access and Dissemination System II: 

DRIS: Decennial Response Integration System: 

FDCA: Field Data Collection Automation: 

IT: information technology: 

MAF: Master Address File: 

MTAIP: MAF/TIGER Accuracy Improvement Project: 

SEI: Software Engineering Institute: 

TIGER: Topologically Integrated Geographic Encoding and Referencing: 

United States Government Accountability Office: 

Washington, DC 20548: 

October 5, 2007: 

The Honorable Thomas R. Carper: 
Chairman: 
The Honorable Tom Coburn: 
Ranking Member: 
Subcommittee on Federal Financial Management, Government Information, 
Federal Services, and International Security: 
Committee on Homeland Security and Governmental Affairs: 
United States Senate: 

As you know, the decennial census is mandated by the U.S. Constitution 
and provides data that are vital to the nation. These data are used to 
reapportion the seats of the U.S. House of Representatives; realign the 
boundaries of the legislative districts of each state; allocate 
billions of dollars in federal financial assistance; and provide a 
social, demographic, and economic profile of the nation's people to 
guide policy decisions at each level of government. 

Carrying out the census is the responsibility of the department of 
Commerce's Census Bureau, which is now preparing for the 2010 Census. 
The Bureau is required to begin the population count on April 1, 2010, 
and the Secretary of Commerce is required to report to the President on 
the tabulation of total population by state within 9 months of that 
date.[Footnote 1] 

The Bureau plans to rely on automation and technology to improve the 
coverage, accuracy, and efficiency of the 2010 Census. Specifically, it 
has awarded four information technology (IT) contracts. It is also 
holding what it refers to as a Dress Rehearsal, a period centering 
around a mock Census Day on April 1, 2008. Planned Dress Rehearsal 
activities include operational testing of the 2010 Census systems in a 
census-like environment. The Bureau estimates that its IT acquisitions 
will spend about $3 billion of the total $11.5 billion cost of the 
entire census. 

Given the importance of these IT acquisitions, you asked us to (1) 
determine the status and plans, including schedule and costs, for four 
key IT acquisitions, and (2) assess whether the Bureau is adequately 
managing the risks facing these key system acquisitions. 

To address the first objective, we analyzed system documentation, 
including project plans, deliverables, cost estimates, earned value 
management data,[Footnote 2] other acquisition-related documents, as 
well as interviewed Bureau officials and contractors. To address the 
second objective, we identified sound industry standards and compared 
them to the Bureau's practices for the key acquisitions. We performed 
our work from December 2006 through August 2007 in accordance with 
generally accepted government auditing standards. Appendix I contains 
details about our objectives, scope, and methodology. 

Results in Brief: 

Three key systems acquisitions for the 2010 Census are in process, and 
a fourth contract was recently awarded. The status of each acquisition 
and the Census Bureau's plans are as follows: 

* In one project, the Bureau is modernizing the database that provides 
address lists, maps, and other geographic support services for the 
census. Currently, this project is on schedule to complete improvements 
by the end of fiscal year 2008 and is meeting cost estimates. 

* In a second project, the Bureau is acquiring systems, equipment, and 
infrastructure for field staff to use in collecting census data. 
Deliverables provided to date include mobile computing devices and 
installation of key support infrastructure. However, the schedule for 
this acquisition has been revised, resulting in delays in system 
development and testing of interfaces. Also, the life-cycle cost 
estimates for this program have increased, and we project an $18 
million cost overrun by December 2008. According to the contractor, the 
overrun is occurring primarily because of an increase in the number of 
system requirements. 

* In a third project, the Bureau is acquiring a system for integrating 
paper, telephone responses, and field operations. The software 
development and testing are currently on schedule to provide, by 
December 2007, an initial system to process the major census forms 
during the Dress Rehearsal activities. However, the schedule was 
revised in October 2005, which is delaying some functionality. For 
example, a telephone-assistance system that was originally intended to 
be completed by fiscal year 2008 has been delayed. This acquisition is 
meeting current cost estimates. 

* Finally, a contract to replace the current systems used to tabulate 
and disseminate census data was recently delayed by about a year from a 
previously deferred date. The Bureau awarded this contract in September 
2007. As a result, the Dress Rehearsal will use the current tabulation 
and dissemination system rather than a modernized version. 

Delays in functionality mean that the Dress Rehearsal operational 
testing will take place without the full complement of systems and 
functionality that was originally planned. As a result, further system 
testing will be necessary to ensure that the decennial systems work as 
intended. However, Bureau officials have not finalized their plans for 
testing all the systems, and it is not clear whether these plans will 
include testing to address all interrelated systems and functionality, 
such as end-to-end testing.[Footnote 3] According to officials, these 
plans will not be finalized until February 2008. Without sufficient 
testing of all systems and their functionality, the Bureau increases 
the risk that costs will increase further, that decennial systems will 
not perform as expected, or both. 

The Bureau has taken action to manage the risks facing the four 
acquisitions; that is, the four project teams managing the acquisitions 
have performed many practices associated with establishing sound and 
capable risk management processes; however, critical weaknesses remain. 
Specifically, three of the four project teams had developed risk 
management strategies identifying the scope of their risk management 
efforts; however, three project teams had weaknesses in identifying 
risks, establishing mitigation plans that identified planned actions 
and milestones, and reporting risk status to executive-level officials. 
For example, one project team did not adequately identify risks 
associated with performance issues experienced by mobile computing 
devices. In addition, three project teams developed mitigation plans 
that were often untimely or included incomplete activities and 
milestones for addressing the risks. Also, two projects did not provide 
evidence of reporting risk status to executive-level officials. As we 
have previously reported, a root cause of weaknesses in completing key 
risk management activities is the lack of policies for managing major 
acquisitions at the Bureau.[Footnote 4] Until the project teams 
implement key risk management activities, they face an increased 
probability that decennial systems will not be delivered on schedule 
and within budget or perform as expected. 

Because the entire complement of systems will not be available for 
Dress Rehearsal activities as originally planned, we are recommending 
that the Census Bureau plan for and perform end-to-end testing so that 
all systems are tested in a census-like environment. To help ensure 
that the three key acquisitions for the 2010 Census operate as 
intended, we are also recommending that the project teams strengthen 
risk management activities, including those associated with risk 
identification, mitigation, and oversight. 

In response to a draft of this report, the Under Secretary for Economic 
Affairs of Commerce provided written comments from the department. 
These comments are reproduced in appendix III. Specifically, with 
regard to risk management, the department said it plans to examine 
additional ways to manage risks and will prepare a formal action plan 
in response to our final report. However, the department said it had a 
major disagreement with our findings with regard to operational 
testing, stating it plans to test all critical systems and interfaces 
during the Dress Rehearsal or later. Nonetheless, the Bureau's test 
plans have not been finalized, and it remains unclear whether testing 
will address all interrelated systems and functionality in a census- 
like environment, as would be provided by end-to-end testing. 
Consistent with our recommendation, following up with documented test 
plans to do end-to-end testing will help ensure that decennial systems 
will work as intended. The department also provided technical comments 
that we incorporated where appropriate. 

Background: 

The Census Bureau's mission is to serve as the leading source of high- 
quality data about the nation's people and economy. The Bureau's core 
activities include conducting decennial, economic, and government 
censuses, conducting demographic and economic surveys, managing 
international demographic and socioeconomic databases, providing 
technical advisory services to foreign governments, and performing such 
other activities as producing official population estimates and 
projections. 

Conducting the decennial census is a major undertaking involving 
considerable preparation, which is currently under way. A decennial 
census involves: 

* identifying and correcting addresses for all known living quarters in 
the United States (known as "address canvassing"); 

* sending questionnaires to housing units; 

* following up with nonrespondents through personal interviews; 

* identifying people with nontraditional living arrangements; 

* managing a voluminous workforce responsible for follow-up activities; 

* collecting census data by means of questionnaires, calls, and 
personal interviews; 

* tabulating and summarizing census data; and: 

* disseminating census analytical results to the public. 

Role of IT in the Decennial Census: 

The Bureau estimates that it will spend about $3 billion on automation 
and IT for the 2010 Census, including four major systems acquisitions 
that are expected to play a critical role in improving its coverage, 
accuracy, and efficiency. Figure 1 shows the key systems and interfaces 
supporting the 2010 Census; the four major IT systems involved in the 
acquisitions are highlighted. As the figure shows, these four systems 
are to play important roles with regard to different aspects of the 
process. 

Figure 1: Key 2010 Census Systems and Interfaces: 

[See PDF for image] 

Source: U.S. Census Bureau. 

Note: Shaded boxes indicate systems discussed in the report. 

[End of figure] 

To establish where to count (as shown in the top row of fig. 1), the 
Bureau will depend heavily on a database that provides address lists, 
maps, and other geographic support services. The Bureau's address list, 
known as the Master Address File (MAF), is associated with a geographic 
information system containing street maps; this system is called the 
Topologically Integrated Geographic Encoding and Referencing (TIGERï¿½) 
database.[Footnote 5] The MAF/TIGER database, highlighted in fig. 1, is 
the object of the first major IT acquisition--the MAF/TIGER Accuracy 
Improvement Project (MTAIP). The project is to provide corrected 
coordinates on a county-by-county basis for all current features in the 
TIGER database. The vital role of this database in the census 
operations is the reason that MTAIP is a key acquisition, even though 
it is relatively small in scale (compared with the other three key IT 
acquisitions) and will not result in new systems. 

To collect respondent information (see the middle row of fig. 1), the 
Bureau is pursuing two initiatives. First, the Field Data Collection 
Automation (FDCA) program is expected to provide automation support for 
field data collection operations as well as reduce costs and improve 
data quality and operational efficiency. This acquisition includes the 
systems, equipment, and infrastructure that field staff will use to 
collect census data, such as mobile computing devices.[Footnote 6] 

Second, the Decennial Response Integration System (DRIS) is to provide 
a system for collecting and integrating census responses from all 
sources, including forms, telephone interviews, and mobile computing 
devices in the field. DRIS is expected to improve accuracy and 
timeliness by standardizing the response data and providing it to other 
Bureau systems for analysis and processing. 

To provide results, the Data Access and Dissemination System II (DADS 
II) acquisition (see the bottom row of fig. 1) is to replace legacy 
systems for tabulating and publicly disseminating data. The DADS II 
program is expected to provide comprehensive support to DADS. 
Replacement of the legacy systems is expected to: 

* maximize the efficiency, timeliness, and accuracy of tabulation and 
dissemination products and services; 

* minimize the cost of tabulation and dissemination; and: 

* increase user satisfaction with related services. 

Table 1 provides a brief overview of the four acquisitions. 

Table 1: Four Key IT Acquisitions Supporting Census 2010: 

IT acquisition: MAF/TIGER Accuracy Improvement Project (MTAIP); 
Purpose: Modernize the system that provides the address list, maps, and 
other geographic support services for the Census and other Bureau 
surveys. 

IT acquisition: Field Data Collection Automation (FDCA); 
Purpose: Provide automated resources for supporting field data 
collection, including the provision of handheld mobile computing 
devices to collect data in the field, including address and map data. 

IT acquisition: Decennial Response Integration System (DRIS); 
Purpose: Provide a solution for data capture and respondent assistance. 

IT acquisition: Data Access and Dissemination System (DADS II); 
Purpose: Develop a replacement for the DADS legacy tabulation and 
dissemination systems. 

Source: GAO analysis of Census Bureau data. 

[End of table] 

Responsibility for these acquisitions lies with the Bureau's Decennial 
Management Division and the Geography Division. Each of the four 
acquisitions is managed by an individual project team staffed by Bureau 
personnel. Additional information on the contracts for these four 
systems is provided in appendix II. 

In preparation for the 2010 Census, the Bureau plans a series of tests 
of its operations and systems (new and existing) in different 
environments, as well as to conduct what it refers to as the Dress 
Rehearsal. During the Dress Rehearsal period, which runs from February 
2006 through June 2009, the Bureau plans to conduct development and 
testing of systems, run a mock Census Day, and prepare for Census 2010, 
which will include opening offices and hiring staff. 

As part of the Dress Rehearsal activities, the Bureau began address 
canvassing[Footnote 7] in April 2007 and plans to distribute 
questionnaires in February 2008 in preparation for the mock Census Day 
on April 1, 2008. It plans to begin performing nonresponse follow-up 
activities immediately afterwards. These Dress Rehearsal activities are 
to provide an operational test of the available system functionalities, 
in a census-like environment, as well as other operational and 
procedural activities. 

Prior IT Management Reviews of Census Activities: 

We have previously reported on weaknesses in the Bureau's IT 
acquisition management. In June 2005, we reported on the Bureau's 
progress in five IT areas--investment management, systems development 
and management, enterprise architecture management, information 
security, and human capital.[Footnote 8] These areas are important 
because they have substantial influence on the effectiveness of 
organizational operations and, if implemented effectively, can reduce 
the risk of cost and schedule overruns and performance shortfalls. We 
reported that while the Bureau had many practices in place, much 
remained to be done to fully implement effective IT management 
capabilities. To improve the Bureau's IT management, we made several 
recommendations. The Bureau agreed with the recommendations but is 
still in the process of implementing them. 

In March 2006, we presented testimony on the Bureau's progress in 
implementing acquisition and management capabilities for two key IT 
system acquisitions for the 2010 Census--FDCA and DRIS.[Footnote 9] We 
testified that although the project offices responsible for these two 
contracts had carried out initial acquisition management activities, 
neither office had the full set of capabilities needed to effectively 
manage the acquisitions, including a full risk management process. 
Effective management of major IT programs requires that organizations 
use sound acquisition and management processes, including project and 
acquisition planning, solicitation, requirements development and 
management, and risk management. We recommended that the Bureau 
implement key activities needed to effectively manage acquisitions. For 
example, we recommended that the Bureau establish and enforce a system 
acquisition management policy that incorporates best practices, 
including those for risk management. The Bureau agreed with our 
recommendations and is in the process of implementing them. 

Decennial IT Acquisitions Are at Various Stages of Development and Show 
Mixed Progress against Schedule and Cost Baselines: 

Three key systems acquisitions for the 2010 Census are in process, and 
a fourth contract was recently awarded. The ongoing acquisitions are 
showing mixed progress in providing deliverables while adhering to 
planned schedules and cost estimates. Currently, two of the three 
projects have experienced schedule delays, and the date for awarding 
the fourth contract was postponed several times. In addition, we 
estimate that one of the three ongoing projects (FDCA) will incur about 
$18 million in cost overruns. In response to schedule delays as well as 
other factors, including cost, the Bureau has made schedule adjustments 
and plans to delay certain system functionality. As a result, Dress 
Rehearsal operational testing will not address the full complement of 
systems and functionality that was originally planned, and the Bureau 
has not yet finalized its plans for further system tests. Delaying 
functionality increases the importance of system testing after the 
Dress Rehearsal operational testing to ensure that the decennial 
systems work as intended. 

MTAIP Is Completing Improvements on Schedule and at Estimated Cost: 

MTAIP is a project to improve the accuracy of the MAF/TIGER database, 
which contains information on street locations, housing units, rivers, 
railroads, and other geographic features. MTAIP is to provide corrected 
coordinates on a county-by-county basis for all current features in the 
TIGER database. Features not now in TIGER are to be added with accurate 
coordinates and required attributes. 

Currently, the acquisition is in the second and final phase of its life 
cycle. During Phase I, from June 2002 through December 2002, the 
contractor identified technical requirements and established the 
production approach for Phase II activities. In Phase II, which began 
in January 2003 and is ongoing, the contractor is developing improved 
maps for all 3,037 counties in the United States; to date, it has 
delivered more than 75 percent of these maps, which are due by 
September 2008. Beginning in fiscal year 2008, maintenance for the 
contract will begin. The contract closeout activities are scheduled for 
fiscal year 2009. 

MTAIP is on schedule to complete improvements by the end of fiscal year 
2008 and is meeting cost estimates. The following is the status of 
MTAIP's schedule and cost estimates: 

* The MTAIP acquisition is on schedule for the deliverables for Phases 
I and II. According to Bureau documents, as of September 2006, the 
contractor (Harris Corporation) had delivered (as required) 2,000 
improved county maps out of the 3,037. As of March 2007, Bureau 
documents showed that the contractor had completed 338 of the 694 
counties expected to be complete by the end of fiscal year 2007. The 
contractor is scheduled to complete the remaining 356 counties by the 
end of fiscal year 2007. 

* Cost estimates for Phase I and Phase II are $4.8 million and $205.2 
million, respectively, for a total contract value of $210 million. The 
contract met cost estimates for Phase I, and based on cost performance 
reports, we project no cost overruns by September 2008. As of June 
2007, the Bureau had obligated $178 million through September 2010. 

FDCA Has Provided Deliverables, but It Has Delayed Functionality and Is 
Experiencing Cost Increases: 

FDCA is to provide the systems, equipment, and infrastructure that 
field staff will use to collect census data. It is to establish office 
automation for the 12 regional census centers, the Puerto Rico area 
office, and approximately 450 temporary local census offices. It is to 
provide the telecommunications infrastructure for headquarters, 
regional and local offices, and mobile computing devices for field 
workers. FDCA also is to facilitate integration with other 2010 Census 
systems and to provide development, deployment, technical support, de- 
installation, and disposal services. At the peak of the 2010 Census, 
about 4,000 field operations supervisors, 40,000 crew leaders, 500,000 
enumerators and address listers, and several thousand office employees 
are expected to use or access FDCA components. 

The FDCA acquisition is currently in the first phase of execution, 
since it has completed its baseline planning period in June 2006. The 
contractor is currently in the process of developing and testing FDCA 
software for the Dress Rehearsal Census Day. In future phases, the 
project will continue development, deploy systems and hardware, support 
census operations, and perform operational and contract closeout 
activities. 

However, as shown in table 2, according to the Bureau it revised its 
original schedule and delayed or eliminated some key functionality that 
was expected to be ready during Execution Period 1. The Bureau, said it 
revised the schedule because it realized it had underestimated the 
costs for the early stages of the contract, and that it could not meet 
the level of first-year funding because the fiscal year 2006 budget was 
already in place. According to the Bureau, this initial underestimation 
led to schedule changes and overall cost increases. 

Table 2: Comparison of FDCA Original and Revised Schedules: 

Phase: Baseline Planning Period; 
Dates: March 31-June 30, 2006; 
Original schedule (March 2006): 
* Develop project oversight documentation; 
Revised schedule (July 2006): No change. 

Phase: Execution Period 1; 
Dates: July 1, 2006-December 31, 2008; 
Original schedule (March 2006): 
* Deliver consolidated approach to software development; 
Revised schedule (July 2006): Deliver software development activities 
into an incremental approach. 

Phase: Execution Period 1; 
Dates: July 1, 2006-December 31, 2008; 
Original schedule (March 2006): 
* Develop a space tracking system; 
Revised schedule (July 2006): Eliminated. 

Phase: Execution Period 1; 
Dates: July 1, 2006-December 31, 2008; 
Original schedule (March 2006): 
* Develop an automated software distribution system; 
Revised schedule (July 2006): Delayed to Execution Period 2. 

Phase: Execution Period 1; 
Dates: July 1, 2006-December 31, 2008; 
Original schedule (March 2006): 
* Provide mobile computing devices; 
Revised schedule (July 2006): Delivered in March 2007 for Dress 
Rehearsal address canvassing. 

Phase: Execution Period 2; 
Dates: January 1, 2009-September 30, 2011; 
Original schedule (March 2006): 
* Deploy the 2010 FDCA solution; 
Revised schedule (July 2006): No change. 

Phase: Execution Period 2; 
Dates: January 1, 2009-September 30, 2011; 
Original schedule (March 2006): 
* Complete operational testing; 
Revised schedule (July 2006): No change. 

Phase: Execution Period 2; 
Dates: January 1, 2009-September 30, 2011; 
Original schedule (March 2006): 
* Conduct 2010 Census operations; 
Revised schedule (July 2006): No change. 

Phase: Execution Period 2; 
Dates: January 1, 2009-September 30, 2011; 
Original schedule (March 2006): [Empty]; 
Revised schedule (July 2006): Added delayed activities. 

Phase: Execution Period 3; 
Dates: August 1, 2010-end of contract; 
Original schedule (March 2006): 
* Perform operational and contract closeout activities; 
Revised schedule (July 2006): No change. 

Source: GAO analysis of Census Bureau data. 

[End of table] 

In the revised schedule, the Bureau delayed or eliminated some key 
functionality from the Dress Rehearsal, including the automated 
software distribution system. Further, the revised software development 
schedule stretches from two to seven increments over a longer period of 
time. Delivery of these increments ranges from December 2006 through 
December 2008. As of May 2007, the contractor reported that the 
increment development schedule continues to be aggressive. 

The project is meeting all planned milestones on the revised schedule. 
The contractor has delivered 1,388 mobile computing devices to be used 
in address canvassing for the Dress Rehearsal. Also, key FDCA support 
infrastructure has been installed, including the Network Operations 
Center, Security Operation Center, and the Data Processing Centers. 
According to the department, all Regional Census Centers and Puerto 
Rico area offices have been identified and are on schedule to open in 
January 2008. 

The project life-cycle costs have already increased. At contract award 
in March 2006, the total cost of FDCA was estimated not to exceed $596 
million. However, in September 2006, the project life-cycle cost was 
increased to about $624 million. In May 2007, the life-cycle cost rose 
by a further $23 million because of increasing system requirements, 
which resulted in an estimated life-cycle cost of about $647 million. 
Table 3 shows the current life-cycle cost estimates for FDCA. 

Table 3: FDCA Life-Cycle Cost Estimates: 

Dollars in millions. 

Baseline planning period; 
Start date: March 31, 2006; 
End date: June 30, 2006; 
Cost estimates: September 2006: $11; 
Cost estimates: May 2007: $11. 

Execution Period 1; 
Start date: July 1, 2006; 
End date: December 31, 2008; 
Cost estimates: September 2006: 200; 
Cost estimates: May 2007: 225. 

Execution Period 2; 
Start date: January 1, 2009; 
End date: September 30, 2011; 
Cost estimates: September 2006: 319; 
Cost estimates: May 2007: 318. 

Execution Period 3; 
Start date: August 1, 2010; 
End date: End of contract; 
Cost estimates: September 2006: 10; 
Cost estimates: May 2007: 10. 

Leased equipment; 
Start date: N/A; 
End date: N/A; 
Cost estimates: September 2006: 12; 
Cost estimates: May 2007: 12. 

Management reserve; 
Start date: N/A; 
End date: N/A; 
Cost estimates: September 2006: 7; 
Cost estimates: May 2007: 5. 

Award fee; 
Start date: N/A; 
End date: N/A; 
Cost estimates: September 2006: 65; 
Cost estimates: May 2007: 65. 

Total; 
Start date: [Empty]; 
End date: [Empty]; 
Cost estimates: September 2006: $624; 
Cost estimates: May 2007: $647. 

Source: GAO analysis of Census Bureau data. 

Note: Total may not add due to rounding. 

[End of table] 

In addition, the FDCA project has already experienced $6 million in 
cost overruns, and more are expected. Both our analysis and the 
contractor's analysis expect FDCA to experience additional cost 
overruns. Based on our analysis of cost performance reports (from July 
2006 to May 2007), we project that the FDCA project will experience 
further cost overruns by December 2008. The FDCA cost overrun is 
estimated between $15 million and $19 million, with the most likely 
overrun to be about $18 million. Harris, in contrast, estimates about a 
$6 million overrun by December 2008. 

According to Harris, the major cause of projected cost overruns is the 
system requirements definition process. For example, in December 2006, 
Harris indicated that the requirements for the Dress Rehearsal Paper 
Based Operations in Execution Period 1 had increased significantly. 
According to the cost performance reports, this increase has meant that 
more work must be conducted and more staffing assigned to meet the 
Dress Rehearsal schedule. 

The schedule changes to FDCA have increased the likelihood that the 
systems testing at the Dress Rehearsal will not be as comprehensive as 
planned. The inability to perform comprehensive operational testing of 
all interrelated systems increases the risk that further cost overruns 
will occur and that decennial systems will experience performance 
shortfalls. 

After a Schedule Revision, DRIS Is Delivering Reduced Functionality at 
Projected Cost: 

DRIS is to provide a system for collecting and integrating census 
responses, standardizing the response data, and providing it to other 
systems for analysis and processing. The DRIS functionality is critical 
for providing assistance to the public via telephone and for monitoring 
the quality and status of data capture operations. 

The DRIS acquisition is currently in the first of three overlapping 
project phases. In Phase I, which extends from March 2006 to September 
2008, the project is performing software development and testing of 
DRIS. By December 2007, it is to provide an initial system to be used 
for the Dress Rehearsal Census Day, during which DRIS will process 14 
census forms (out of 84 possible forms). In October 2007, the project 
is to begin Phase II, in which it is to deploy the completed system and 
perform other activities to support census operations. The final phase 
is to be devoted to data archiving and equipment disposal. 

Although DRIS is currently on schedule to meet its December 2007 
milestone, the Bureau revised the original DRIS schedule after the 
contract was awarded in October 2005. Under the revised schedule (see 
table 4), the Bureau delayed or eliminated some functionality that was 
expected to be ready for the Dress Rehearsal Census Day. 

Table 4: Comparison of DRIS Original and Current Schedules: 

Phase and dates: Phase 1: March 2006-September 2008; 
Original schedule: Deliver solution design and documentation; 
Revised schedule: Reduced scope. 

Phase and dates: Phase 1: March 2006-September 2008; 
Original schedule: 
* Requirements definition; 
Revised schedule: Eliminated. 

Phase and dates: Phase 1: March 2006-September 2008; 
Original schedule:  
* Workflow segment cross-program testing; 
Revised schedule: Eliminated. 

Phase and dates: Phase 1: March 2006-September 2008; 
Original schedule: Develop, test, and deploy the DRIS Dress Rehearsal 
solution; 
Revised schedule: Reduced scope. 

Phase and dates: Phase 1: March 2006-September 2008; 
Original schedule: 
* Telephone Questionnaire Assistance System; 
Revised schedule: Delayed to Phase 2. 

Phase and dates: Phase 1: March 2006-September 2008; 
Original schedule: Capture all questionnaire forms; 
Revised schedule: Delayed to Phase 2. 

Phase and dates: Phase 1: March 2006-September 2008; 
Original schedule: Conduct Dress Rehearsal; 
Revised schedule: Reduced scope. 

Phase and dates: Phase 1: March 2006-September 2008; 
Original schedule: Site selection, design, build-out,[A] and fit-up[B] 
of data centers for the 2010 Census; 
Revised schedule: Delayed to Phase 2. 

Phase and dates: Phase 2: October 2007-January 2011; 
Original schedule: Deploy the 2010 DRIS solution; 
Revised schedule: No change. 

Phase and dates: Phase 2: October 2007-January 2011; 
Original schedule: Complete operational testing; 
Revised schedule: No change. 

Phase and dates: Phase 2: October 2007-January 2011; 
Original schedule: Conduct 2010 Census operations; 
Revised schedule: No change. 

Phase and dates: Phase 2: October 2007-January 2011; 
Original schedule: Shut down the data centers; 
Revised schedule: No change. 

Phase and dates: Phase 2: October 2007-January 2011; 
Original schedule: [Empty]; 
Revised schedule: Added delayed activities. 

Phase and dates: Phase 3: July 2010-end of contract: 
Original schedule: Archive DRIS data and image per NARA guidelines; 
Revised schedule: No change. 

Phase and dates: Phase 3: July 2010-end of contract: 
Original schedule: Dispose of all DRIS equipment; 
Revised schedule: No change. 

Source: GAO analysis of Census Bureau data. 

[A] Build-out is the upgrading of facilities in order to prepare them 
for the installation of equipment, telecommunications, etc. 

[B] Fit-up is the process of setting up facilities with computer 
equipment, furniture, water, power, heating, ventilation, air 
conditioning, etc., for the 2010 Census operations. 

[End of table] 

According to Bureau officials, they delayed the schedule and eliminated 
functionality for DRIS when they realized they had underestimated the 
fiscal year 2006 through 2008 costs for development. As shown in table 
5, the government's funding estimates for DRIS Phase I were 
significantly lower than the contractor's. 

Table 5: DRIS Cost Estimates for Phase 1 (as of March 2006): 

Dollars in millions. 

Fiscal year: 2006; 
Cost estimates: Contractor: $18.6; 
Cost estimates: Government: $11.2. 

Fiscal year: 2007; 
Cost estimates: Contractor: 53.3; 
Cost estimates: Government: 23.8. 

Fiscal year: 2008; 
Cost estimates: Contractor: 48.7; 
Cost estimates: Government: 31.5. 

Total; 
Cost estimates: Contractor: $120.6; 
Cost estimates: Government: $66.5. 

Source: GAO analysis of Census Bureau data. 

[End of table] 

Originally, the DRIS solution was to include paper, telephone, 
Internet, and field data collection processing; selection of data 
capture sites; and preparation and processing of 2010 Census forms. 
However, the Bureau reduced the scope of the solution by eliminating 
the Internet functionality. In addition, the Bureau has stated that it 
will not have a robust telephone questionnaire assistance system in 
place for the Dress Rehearsal. The Bureau is also delaying selecting 
sites for data capture centers, preparing data capture facilities, and 
recruiting and hiring data capture staff. 

Although Bureau officials told us that the revisions to the schedule 
should not affect meeting milestones for the 2010 Census, the delays 
mean that more systems development and testing will need to be 
accomplished later. Given the immovable deadline of the decennial 
census, the Bureau is at risk of reducing functionality or increasing 
costs to meet its schedule. 

The government's estimate for the DRIS project was $553 million through 
the end of fiscal year 2010. In October 2005, at contract award, the 
Phase I and Phase II value was $484 million. 

The DRIS project is not experiencing cost overruns, and our analysis of 
cost performance reports from April 2006 to May 2007 projects no cost 
overruns by December 2008. As of May 2007, the Bureau had obligated $37 
million, and the project was 44 percent completed. As of May 2007, the 
DRIS contract value had not increased. 

DADS II Contract Was Recently Awarded after a Delay: 

The DADS II acquisition is to replace the legacy DADS systems, which 
tabulate and publicly disseminate data from the decennial census and 
other Bureau surveys.[Footnote 10] The DADS II contractor is also 
expected to provide comprehensive support to the Census 2000 legacy 
DADS systems. 

In January 2007, the Bureau released the DADS II request for proposal. 
The contract was awarded in September 2007. 

However, the Bureau had delayed the DADS II contract award date 
multiple times. The award date was originally planned for the fourth 
quarter of 2005, but the date was changed to August 2006. On March 8, 
2006, the Bureau estimated it would delay the award of the DADS II 
contract from August to October 2006 to gain a clearer sense of budget 
priorities before initiating the request for proposal process. The 
Bureau then delayed the contract award again by about another year. 
Because of these delays, DADS II will not be developed in time for the 
Dress Rehearsal. Instead, the Bureau will use the legacy DADS system 
for tabulation during the Dress Rehearsal. However, the Bureau's plan 
is to have the DADS II system available for the 2010 Census. 

No cost information on the DADS II contract was available because it 
was recently awarded. 

Delayed Functionality Increases the Importance of Further Operational 
Testing: 

Operational testing helps verify that systems function as intended in 
an operational environment. For system testing to be comprehensive, 
system functionality must be completed. Further, for multiple 
interrelated systems, end-to-end testing is performed to verify that 
all interrelated systems, including any external systems with which 
they interface, are tested in an operational environment. 

However, as described above, two of the projects have delayed planned 
functionality to later phases, and one project contract was recently 
awarded (September 2007). As a result, the operational testing that is 
to occur during the Dress Rehearsal period around April 1, 2008, will 
not include tests of the full complement of decennial census systems 
and their functionality. According to Bureau officials, they have not 
yet finalized their plans for system tests. If further delays occur, 
the importance of these system tests will increase. Delaying 
functionality and not testing the full complement of systems increase 
the risk that costs will rise further, that decennial systems will not 
perform as expected, or both. 

The Bureau Is Making Progress in Risk Management Activities, but 
Critical Weaknesses Remain: 

The project teams varied in the extent to which they followed 
disciplined risk management practices. For example, three of the four 
project teams had developed strategies to identify the scope of the 
risk management effort. However, three project teams had weaknesses in 
identifying risks, establishing adequate mitigation plans, and 
reporting risk status to executive-level officials. These weaknesses in 
completing key risk management activities can be attributed in part to 
the absence of Bureau policies for managing major acquisitions, as we 
described in our earlier report.[Footnote 11] Without effective risk 
management practices, the likelihood of project success is decreased. 

According to the Software Engineering Institute (SEI), the purpose of 
risk management is to identify potential problems before they occur. 
When problems are identified, risk-handling activities can be planned 
and invoked as needed across the life of a project in order to mitigate 
adverse impacts on objectives. Effective risk management involves early 
and aggressive risk identification through the collaboration and 
involvement of relevant stakeholders. Based on SEI's Capability 
Maturity Modelï¿½ Integration (CMMIï¿½), risk management activities can be 
divided into four key areas (see fig. 2): 

* preparing for risk management, 

* identifying and analyzing risks, 

* mitigating risks, and: 

* executive oversight. 

Figure 2: Description and Examples of Key Risk Practice Areas: 

[See PDF for image] 

Source: GAO analysis of CMMI criteria. 

[End of figure] 

The discipline of risk management is important to help ensure that 
projects are delivered on time, within budget, and with the promised 
functionality. It is especially important for the 2010 Census, given 
the immovable deadline. 

Project Teams Usually Established Risk Preparation Activities, but 
Improvements Are Possible: 

Risk preparation involves establishing and maintaining a strategy for 
identifying, analyzing, and mitigating risks. The risk management 
strategy addresses the specific actions and management approach used to 
perform and control the risk management program. It also includes 
identifying and involving relevant stakeholders in the risk management 
process. Table 6 shows the status of the four project teams' 
implementation of key risk preparation activities.[Footnote 12] 

Table 6: Risk Management Preparation Activities Completed for the Key 
2010 Census Systems: 

Specific practices: Determine risk sources and categories; 
MTAIP: Practice Partially Implemented; 
FDCA: Practice Fully Implemented; 
DRIS: Practice Fully Implemented; 
DADS: Practice Fully Implemented. 

Specific practices: Define parameters used to analyze and categorize 
risks and parameters used to control risk management efforts; 
MTAIP: Practice Fully Implemented; 
FDCA: Practice Fully Implemented; 
DRIS: Practice Fully Implemented; 
DADS: Practice Fully Implemented. 

Specific practices: Establish and maintain the strategy to be used for 
risk management; 
MTAIP: Practice Partially Implemented; 
FDCA: Practice Fully Implemented; 
DRIS: Practice Fully Implemented; 
DADS: Practice Fully Implemented. 

Specific practices: Identify and involve the relevant stakeholders of 
the risk management process as planned; 
MTAIP: Practice Partially Implemented; 
FDCA: Practice Partially Implemented; 
DRIS: Practice Fully Implemented; 
DADS: Practice Partially Implemented. 

Source: GAO analysis of project data. 

[End of table] 

As the table shows, three project teams have established most of the 
risk management preparation activities. However, the MTAIP project team 
implemented the fewest practices. The team did not adequately determine 
risk sources and categories, or adequately develop a strategy for risk 
management. As a result, the project's risk management strategy is not 
comprehensive and does not fully address the scope of the risk 
management effort, including discussing techniques for risk mitigation 
and defining adequate risk sources and categories. 

In addition, three project teams (MTAIP, FDCA, and DADS II) had 
weaknesses regarding stakeholder involvement. The three teams did not 
provide sufficient evidence that the relevant stakeholders were 
involved in risk identification, analysis, and mitigation activities; 
reviewing the risk management strategy and risk mitigation plans; or 
communicating and reporting risk management status. In addition, the 
FDCA project team had not identified relevant stakeholders. These 
weaknesses can be attributed in part to the absence of Bureau policies 
for managing major acquisitions, as we described in our earlier 
reports.[Footnote 13] Without adequate preparation for risk management, 
including establishing an effective risk management strategy and 
identifying and involving relevant stakeholders, project teams cannot 
properly control the risk management process. 

The Project Teams Identified and Analyzed Risks, but Not All Key Risks 
Were Identified: 

Risks must be identified and described in an understandable way before 
they can be analyzed and managed properly. This includes identifying 
risks from both internal and external sources and evaluating each risk 
to determine its likelihood and consequences. Analyzing risks includes 
risk evaluation, categorization, and prioritization; this analysis is 
used to determine when appropriate management attention is required. 
Table 7 shows the status of the four project teams' implementation of 
key risk identification and evaluation activities. 

Table 7: Risk Identification and Evaluation Activities Completed for 
the Key 2010 Census Systems: 

Specific practices: Identify and document the risks; 
MTAIP: Practice Fully Implemented; 
FDCA: Practice Partially Implemented; 
DRIS: Practice Fully Implemented; 
DADS: Practice Partially Implemented. 

Specific practices: Evaluate and categorize each identified risk using 
the defined risk categories and parameters, and determine its relative 
priority; 
MTAIP: Practice Partially Implemented; 
FDCA: Practice Fully Implemented; 
DRIS: Practice Fully Implemented; 
DADS: Practice Fully Implemented. 

Source: GAO analysis of project data. 

[End of table] 

As of July 2007, the MTAIP and DRIS project teams were adequately 
identifying and documenting risks, including system interface risks. 
For example, these teams were able to identify the following: 

* The MTAIP project identified significant risks regarding potential 
changes in funding and the turnover of contractor personnel as the 
program nears maturity. 

* The DRIS project identified significant risks regarding new system 
security regulations, changes or increases to Phase II baseline 
requirements, and new interfaces after Dress Rehearsal. 

However, the FDCA and DADS II project teams did not identify all risks, 
including specific system interface risks. For example: 

* The FDCA project had not identified any significant risks related to 
the handheld mobile computing devices, for the project office to 
monitor and track, despite problems arising during the recent address 
canvassing component of the Dress Rehearsal.[Footnote 14] However, it 
did identify significant risks for the contractor to manage; these 
risks were associated with using the handheld mobile computing devices 
including usability and failure rates. Responsibility for mitigating 
these risks was transferred to the contractor. 

* The FDCA and DADS II projects did not provide evidence that specific 
system interface risks are being adequately identified to ensure that 
risk handling activities will be invoked should the systems fail during 
2010 Census. For example, although the DADS II will not be available 
for the Dress Rehearsal, the project team did not identify any 
significant interface risks associated with this system. 

One reason for these weaknesses, as mentioned earlier, is the absence 
of Bureau policies for managing major acquisitions. Failure to 
adequately identify and analyze risks could prevent management from 
taking the appropriate actions to mitigate those risks; this increases 
the probability that the risks will materialize and magnifies the 
extent of damage incurred in such an event. 

Three of Four Project Teams' Risk Mitigation Plans and Monitoring 
Activities Were Incomplete: 

Risk mitigation involves developing alternative courses of action, 
workarounds, and fallback positions, with a recommended course of 
action for the most important risks to the project. Mitigation includes 
techniques and methods used to avoid, reduce, and control the 
probability of occurrence of the risk; the extent of damage incurred 
should the risk occur; or both. Examples of activities for mitigating 
risks include documented handling options for each identified risk; 
risk mitigation plans; contingency plans; a list of persons responsible 
for tracking and addressing each risk; and updated assessments of risk 
likelihood, consequence, and thresholds. Table 8 shows the status of 
the four project teams' implementation of key risk mitigation 
activities. 

Table 8: Risk Mitigation Activities Completed for Key 2010 Census 
Systems: 

Specific practices: 
Develop a risk mitigation plan for the most important risks to the 
project, as defined by the risk management strategy. 
MTAIP: Practice Partially Implemented; 
FDCA: Practice Partially Implemented; 
DRIS: Practice Fully Implemented; 
DADS: Practice Not Implemented.

Specific practices: 
Monitor the status of each risk periodically and implement the risk 
mitigation plan as appropriate. 
MTAIP: Practice Partially Implemented; 
FDCA: Practice Partially Implemented; 
DRIS: Practice Fully Implemented; 
DADS: Practice Partially Implemented.

Source: GAO analysis of project data. 

[End of table] 

Three project teams (MTAIP, FDCA, and DADS II) developed mitigation 
plans that were often untimely or included incomplete activities and 
milestones for addressing the risks. Some of these untimely and 
incomplete activities and milestones included the following: 

* Although the MTAIP project team developed mitigation plans, the plans 
were not comprehensive and did not include thresholds defining when 
risk becomes unacceptable and should trigger the execution of the 
mitigation plan. 

* The FDCA project team had developed mitigation plans for the most 
significant risks, but the plans did not always identify milestones for 
implementing mitigation activities. Moreover, the plans did not 
identify any commitment of resources, several did not establish a 
period of performance, and the team did not always update the plans 
with the latest information on the status of the risk. In addition, the 
FDCA project team did not provide evidence of developing mitigation 
plans to handle the other significant risks as described in their risk 
mitigation strategy. (These risks included a lack of consistency in 
requirements definition and insufficient FDCA project office staffing 
levels.) 

* The mitigation plans for DADS II were incomplete, with no associated 
future milestones and no evidence of continual progress in working 
towards mitigating a risk. In several instances, DADS II mitigation 
plans were listed as "To Be Determined." 

With regard to the second practice in the table (periodically 
monitoring risk status and implementing mitigation plans), the MTAIP, 
FDCA, and DADS II project teams were not always implementing the 
mitigation plans as appropriate. For example, although the MTAIP 
project team has periodically monitored the status of risks, its 
mitigation plans do not include detailed action items with start dates 
and anticipated completion dates; thus, the plans do not ensure that 
mitigation activities are implemented appropriately and tracked to 
closure. The FDCA and DADS II project teams did not identify system 
interface risks nor prepare adequate mitigation plans to ensure that 
systems will operate as intended. In addition, the DADS II risk reviews 
showed no evidence of developing risk-handling action items, tracking 
any existing open risk-handling action items, or regularly discussing 
mitigation steps with other risk review team members. 

Because they did not develop complete mitigation plans, the MTAIP, 
FDCA, and DADS II project teams cannot ensure that for a given risk, 
techniques and methods will be invoked to avoid, reduce, and control 
the probability of occurrence. 

Project Teams Are Inconsistent in Reporting Risk Status to Executive- 
Level Management: 

Reviews of the project teams' risk management activities, status, and 
results should be held on a periodic and event-driven basis. The 
reviews should include appropriate levels of management, such as key 
Bureau executives, who can provide visibility into the potential for 
project risk exposure and appropriate corrective actions. Table 9 shows 
the status of the four project teams' implementation of activities for 
senior-level risk oversight. 

Table 9: Executive-Level Risk Oversight Activities Completed for the 
Key 2010 Decennial Systems: 

Specific practices: 
Review the activities, status, and results of the risk management 
process with executive-level management, and resolve issues; 
MTAIP: Practice Not Implemented; 
FDCA: Practice Not Implemented; 
DRIS: Practice Fully Implemented; 
DADS: Practice Fully Implemented. 

Source: GAO analysis of project data. 

[End of table] 

The project teams were inconsistent in reporting the status of risks to 
executive-level officials. DRIS and DADS II did regularly report risks; 
however, the FDCA and MTAIP projects did not provide sufficient 
evidence to document that these discussions occurred or what they 
covered. Although presentations were made on the status of the FDCA and 
MTAIP projects to executive-level officials, presentation documents did 
not include evidence of discussions of risks and mitigation plans. 
Failure to report a project's risks to executive-level officials 
reduces the visibility of risks to executives who should be playing a 
role in mitigating them. 

Conclusions: 

The IT acquisitions planned for 2010 Census will require continued 
oversight to ensure that they are achieved on schedule and at planned 
cost levels. Although the MTAIP and DRIS acquisitions are currently 
meeting cost estimates, FDCA is not. In addition, while the Bureau is 
making progress developing systems for the Dress Rehearsal, it is 
deferring certain functionality, with the result that the Dress 
Rehearsal operational testing will address less than a full complement 
of systems. Delaying functionality increases the importance of later 
development and testing activities, which will have to occur closer to 
the census date. It also raises the risk of cost increases, given the 
immovable deadline for conducting the 2010 Census. 

The Bureau's project teams for each of the four acquisitions have 
implemented many practices associated with establishing sound and 
capable risk management processes, but they are not always consistent: 
the teams have not always identified risks, developed complete risk 
mitigation plans, or briefed senior-level officials on risks and 
mitigation plans. Among risks that were not identified are those 
associated with the FDCA mobile computing devices and systems testing. 
Also, mitigation plans were often untimely or incomplete. Further, no 
evidence was available of senior-level briefings to discuss risks and 
mitigation plans. One reason for these weaknesses is the absence of 
Bureau policies for managing major acquisitions, as we pointed out in 
earlier work. Until the project teams and the Decennial Management 
Division implement appropriate risk management activities, they face an 
increased probability that decennial systems will not be delivered on 
schedule and within budget or perform as expected. 

Recommendations for Executive Action: 

To ensure that the Bureau's four key acquisitions for the 2010 Census 
operate as intended, we are making four recommendations. First, to 
ensure that the Bureau's decennial systems are fully tested, we 
recommend that the Secretary of Commerce require the Director of the 
Census Bureau to direct the Decennial Management Division and Geography 
Division to plan for and perform end-to-end testing so that the full 
complement of systems is tested in a census-like environment. 

To strengthen risk management activities for the decennial census 
acquisitions, the Secretary should also direct the Director of the 
Census Bureau to ensure that project teams: 

* identify and develop a comprehensive list of risks for the 
acquisitions, particularly those for system interfaces and mobile 
computing devices, and analyze them to determine probability of 
occurrence and appropriate mitigating actions; 

* develop risk mitigation plans for the significant risks, including 
defining the mitigating actions, milestones, thresholds, and resources; 
and: 

* provide regular briefings on significant risks to senior executives, 
so that they can play a role in mitigating these risks. 

We are not making recommendations at this time regarding the Bureau's 
policies for managing major acquisitions, as we have already done so in 
previous reports.[Footnote 15] 

Agency Comments and Our Evaluation: 

In response to a draft of this report, the Under Secretary for Economic 
Affairs of Commerce provided written comments from the department. 
These comments are reproduced in appendix III. 

The department disagreed with our conclusion about operational testing 
during the 2008 Dress Rehearsal. According to the department, although 
some minimal functionalities are not a part of the Dress Rehearsal, all 
critical systems and interfaces would be tested during the 2008 Dress 
Rehearsal. It planned to conduct additional fully integrated testing of 
all systems and interfaces after the Dress Rehearsal, including the 
functionalities not included in the Dress Rehearsal itself. It also 
planned to incorporate lessons learned from the Dress Rehearsal in this 
later testing. Nonetheless, the Bureau's test plans have not been 
finalized. Further, the Dress Rehearsal will not include two critical 
systems (the DRIS telephone system and the DADS II tabulation system). 
Thus, it remains unclear whether testing will in fact address all 
interrelated systems and functionality in a census-like environment. 
Consistent with our recommendation, following up with documented test 
plans to do end-to-end testing would help ensure that decennial systems 
will work as intended. 

With regard to risk management, the department said it plans to examine 
additional ways to manage risks and will prepare a formal action plan 
in response to our final report. However, it disagreed with our 
assessment with regard to risk identification, pointing out that one 
project identified risks associated with handheld mobile computing 
devices and assigned responsibility for these to the contractor. In 
addition, the project identified systems interfaces as a risk. However, 
the project did not identify significant risks for the project office 
to monitor and track related to problems arising during the address 
canvassing component of the Dress Rehearsal. Also, although this 
project identified a general risk related to system interfaces, it did 
not identify specific risks related to particular interfaces. 

The department also provided technical comments that we incorporated 
where appropriate. 

We are sending copies of this report to the Chairman and Ranking Member 
of the Committee on Homeland Security and Governmental Affairs. We are 
also sending copies to the Secretary of Commerce, the Director of the 
U.S. Census Bureau, and other appropriate congressional committees. We 
will make copies available to others on request. In addition, this 
report will be available at no charge on the GAO Web site at 
[hyperlink, http://www.gao.gov]. 

If you have any questions about this report, please contact David A. 
Powner at (202) 512-9286 or [email protected] or Madhav S. Panwar at 
(202) 512-6228 or [email protected]. Contact points for our Offices of 
Congressional Relations and Public Affairs may be found on the last 
page of this report. GAO staff who made major contributions to this 
report are listed in appendix IV. 

Signed by: 

David A. Powner: 
Director, Information Technology Management Issues: 

and: 

Madhav S. Panwar: 
Senior Level Technologist, Center for Technology and Engineering: 

[End of section] 

Appendix I: Objectives, Scope, and Methodology: 

Our objectives were to (1) determine the status and plans, including 
schedule and costs, for four key information technology (IT) 
acquisitions, and (2) assess whether the Census Bureau is adequately 
managing the risks facing these key system acquisitions. 

To determine the status and plans, we reviewed documents related to the 
major 2010 Census acquisitions, including requests for proposals, 
acquisition contracts, project plans, schedules, cost estimates, 
program review reports, earned value management data, test plans, and 
other acquisition-related documents. We analyzed earned value 
management data obtained from the contractors to assess the 
contractor's cost and schedule performance. We also interviewed program 
officials to determine the current status of the acquisitions' 
schedules and cost estimates. 

To assess the status of risk management, we evaluated the practices for 
key areas (establishing a risk strategy, risk identification, 
mitigation, and reporting) and compared these to industry standards-- 
specifically, the Capability Maturity Modelï¿½ Integration (CMMIï¿½). The 
CMMI model was developed by Carnegie Mellon University's Software 
Engineering Institute (SEI) and includes criteria to evaluate risk 
management for development and maintenance activities. We adapted these 
CMMI criteria and performed a Class B Standard CMMI Appraisal Method 
for Process Improvement[Footnote 16] to evaluate the risk management of 
program teams and contractors involved in the decennial system 
acquisitions and development initiatives. In doing so, we selected 
leading practices within the areas of preparing for risk management, 
identifying and analyzing risks, mitigating risks, and executive 
oversight. We evaluated the practices as fully implemented, partially 
implemented, or not implemented. Specifically, a blank circle indicates 
that practices are not performed at all or are performed on a 
predominantly ad hoc basis; a half circle indicates that the while 
selected key practices have been performed, others remain to be 
implemented; and a solid circle indicates that practices adhere to 
industry standards. 

To evaluate the extent to which the Bureau and contractors followed 
these leading practices, we reviewed relevant documents such as risk 
management plans, risk reports, mitigation plans, meeting minutes from 
risk review meetings; we also interviewed knowledgeable officials about 
their risk management activities. Specifically, we met with project 
team officials for the four key decennial system acquisitions and their 
primary contractors (Harris Corporation and Lockheed Martin), as 
applicable. We also reviewed the lists of risks identified by each of 
the project teams and their primary contractors and assessed their 
accuracy and completeness, including whether the risks were associated 
with the acquisition's development plans. 

We conducted our work from December 2006 through August 2007 in the 
Washington, D.C., metropolitan area in accordance with generally 
accepted government auditing standards. 

[End of section] 

Appendix II: Key 2010 Census Information Technology Acquisitions: 

Table 10: 

IT acquisition: MAF/TIGER Accuracy Improvement Project (MTAIP); 
Contractor: Harris Corporation; 
Purpose: Modernize the system that provides the address list, maps, and 
other geographic support services for the Census and other Bureau 
surveys; 
Contract type: Cost plus award fee; 
Contract award: June 2002. 

IT acquisition: Field Data Collection Automation (FDCA); 
Contractor: Harris Corporation; 
Purpose: Provide automated resources for supporting field data 
collection, including the provision of handheld mobile computing 
devices to collect data in the field, including address and map data; 
Contract type: Cost plus award fee with some firm fixed price elements; 
Contract award: March 2006. 

IT acquisition: Decennial Response Integration System (DRIS); 
Contractor: Lockheed Martin Corporation; 
Purpose: Provide a solution for data capture and respondent assistance; 
Contract type: Cost plus award fee with some firm fixed price elements; 
Contract award: October 2005. 

IT acquisition: Data Access and Dissemination System (DADS II); 
Contractor: IBM; 
Purpose: Develop a replacement for the DADS legacy tabulation and 
dissemination systems; 
Contract type: To be determined; 
Contract award: September 2007. 

Source: GAO analysis of Census Bureau data. 

[End of table] 

[End of section] 

Appendix III Comments from the Department of Commerce: 

United States Department Of Commerce: 
The Under Secretary for Economic Affairs: 
Washington, D.C. 20230: 
Mr. David Powner: 
Director: 
IT Management Issues: 

United States Government Accountability Office: 
Washington, DC 20548: 

Dear Mr. Powner: 

The U.S. Department of Commerce appreciates the opportunity to comment 
on the United States Government Accountability Office's Draft Report 
Entitled Information Technology: Census Bureau Needs to Improve Its 
Risk Management of Decennial Systems ï¿½ (GAO-08-79). The Department's 
comments on this report are enclosed. 

Sincerely, 

Signed by: 

Cynthia A. Glassman: 

U.S. Department of Commerce: 
Comments on the: 
United States Government Accountability Office: 
Draft Report Entitled Information Technology: Census Bureau Needs to 
Improve Its: 
Risk Management of Decennial Systems -- (GAO-08-79) September 2007: 

The U.S. Census Bureau appreciates the United States Government 
Accountability Office's (GAO) efforts to review our contract management 
processes for key information technology systems planned for the 2010 
Census and also appreciates this opportunity to review the draft 
report. 

We believe we have made significant efforts to date in successfully 
managing these major Information Technology (IT) contracts. Certainly, 
additional efforts to manage risks can improve the likelihood of 
success, and we will examine ways to do that in preparing our formal 
action plan in response to the final version of this report. 

We do have one major disagreement with the GAO's various statements (on 
pages 5 and 12, for example) and conclusion (on page 29) about limited 
operational testing. Although some minimal functionalities are not part 
of the 2008 Census Dress Rehearsal, all critical systems and interfaces 
are part of the Dress Rehearsalï¿½our best Census-like environment to 
conduct such testing. In addition, after the Dress Rehearsal we will 
conduct additional, fully integrated, testing of all systems and 
interfaces, including the functionalities not included in the Dress 
Rehearsal, and incorporate any lessons learned from the Dress 
Rehearsal. 

Specific Comments on the Draft Report: 

Page 5: The draft report states that for the Field Data Collection 
Automation (FDCA) Program, ".the life-cycle cost estimates for this 
program have increased, and we project an $I8 million cost overrun by 
December 2008. According to the contractor, the overrun is occurring 
primarily because of an increase in the number of system requirements." 

Census Bureau Comment: As written, this statement could be interpreted 
as an indication that the Census Bureau has conveyed a number of 
previously unstated requirements to the contractor, and that the 
contractor is overrunning its estimated costs. That is not entirely 
accurate. We have added some new requirements, mostly regarding IT 
systems security. Some cost growth has resulted from the process of 
decomposing high level functional requirements (those stated in Section 
C of the contract) into more detailed and specific requirements (system 
requirements and software requirements). 

Pages 5-6: The draft report states: "Delays in functionality mean that 
the Dress Rehearsal operational testing will take place without the 
full complement of systems and functionality that was originally 
planned. As a result, further system testing will be important to 
ensure that the decennial systems work as intended. However, Bureau 
officials have not finalized their plans for testing of all systems, 
and it is not clear whether these plans will include testing to address 
all interrelated systems and functionality, such as end-to-end 
testing." 

Census Bureau Comment: As stated in our major comment above, all 
critical systems and interfaces are part of the Dress Rehearsal, and we 
will conduct additional, fully integrated, testing of all systems and 
interfaces, including the minor functionalities not part of the Dress 
Rehearsal, and any lessons learned from the Dress Rehearsal. 

Page 5: The draft report states: ".schedule for this acquisition has 
been revised, resulting in delays.life-cycle cost estimates for this 
program have increased." 

Census Bureau Comment: None of the discussions on this page about 
schedule revisions and cost changes provide any context about the cause 
of the changes. For example, regarding the FDCA contract, after 
contract award, detailed discussions with the contractor revealed that 
our original life-cycle cost estimates for this effort had allocated 
too much money to later years, and not enough to the earlier years of 
the contract. Furthermore, because our FY 2006 budget was already in 
place at that point, we could not meet the level of first-year funding 
required under the solution the contractor had bid. Therefore, we had 
to develop a re-plan with the contractor. This resulted in some 
schedule changes and cost increase overall, because the contractor 
would have less time to develop its solutions and still meet our 
deadlines. This same comment applies to the statement in the third 
paragraph on page 14, that the Census Bureau ".revised the schedule 
because it had initially underestimated costs." Also, the draft 
report's discussion on page 6 follows the description of schedule and 
cost changes, and thus impliesï¿½incorrectlyï¿½that the changes to date 
resulted from poor or insufficient risk management. 

Page 9: The draft reports states: "...the Field Data Collection 
Automation (FDCA) Program is to provide automation support for directly 
capturing information collected during personal interviews, as well as 
eliminating the need for paper maps and address lists for the major 
file data collection operations. " 

Census Bureau Comment: To clarify, the FDCA contract only provides for 
automated data collection for three personal-visit operations (Address 
Canvassing, Nonresponse Follow-up [including Vacant/Delete Follow-up], 
and Coverage Measurement Personal Interviewing), and only eliminates 
the need for paper maps for Address Canvassing and Nonresponse Follow-
up. Also, in this same quote, the word "file" should be corrected to 
read 'field. " 

Page 12: The draft report states: ".As a result, Dress Rehearsal 
operational testing will not address the full complement of systems and 
functionality that was originally planned."

Census Bureau Comments: As stated in our major comment above, all 
critical systems and interfaces are part of the Dress Rehearsal, and we 
will conduct additional, fully integrated, testing of all systems and 
interfaces, including the minor functionalities not part of the Dress 
Rehearsal, and any lessons learned from the Dress Rehearsal. 

Page 14: For clarification, in the discussion at the top of the page 
about the number of staff expected to use or access FDCA components, we 
assume this refers to all FDCA equipment, infrastructure, and systems, 
not just the hand-held computers (HHC). Also, the draft report's 
reference to "National Operations Center" in the second paragraph, 
should be corrected to read Network Operations Center. 

Pages 14-15: In Table 2, for clarification, the transition of the 
Decennial Applicant Personnel and Payroll System (DAPPS) to the FDCA 
environment only was delayed until after the Dress Rehearsal, and we 
developed and are testing the FDCA/DAPPS Interface in the Dress 
Rehearsal. Also, the development of a space tracking system by the FDCA 
contractor was eliminated, not delayed to Period 2, and the development 
of an automated software distribution system was delayed to Period 2, 
not eliminated. Under Execution Period 2, the reference to "Perform 
delayed activities" is not clear, so perhaps that should be more 
specific (or footnoted). 

Page 15: The second paragraph of the draft report states: ".all sites 
for Regional Census Centers were to have been identified by April 2007, 
but this activity has not yet been fully completed. This delay may 
result in further delays, as described in recent FDCA performance 
reports. Because not all Regional Census Center sites have yet been 
identified, the risk is increased that the project will not meet the 
deployment date for these centers and the Puerto Rico Area Office by 
January 31, 2008." 

Census Bureau Comment: All sites for the Regional Census Centers and 
Puerto Rico Area Office have been identified, leases have been signed, 
and build-out is underway. We are on schedule to open all these offices 
in January 2008. Also, the FDCA contractor had no responsibility for 
identifying the sites nor in securing leasesï¿½those tasks were conducted 
by the U.S. General Services Administration. 

Page 15: The last paragraph of the draft report states: ". cost of the 
[FDCA] contract rose by a further $23 million, because of increasing 
system requirements." 

Census Bureau Comment: As stated above in our comment regarding page 5, 
we have added some new requirements, mostly regarding security of IT 
systems. Some cost growth has resulted from the process of decomposing 
high-level functional requirements (those stated in Section C of the 
contract) into more detailed and specific requirements, (system 
requirements and software requirements). 

Page 16: In both paragraphs of the draft report, reference is made to 
"cost overruns" of the FDCA contract.

Census Bureau Comment: We do not believe the term "cost overrun" is 
accurate in the context of what the GAO had described in this draft 
report. There has been some cost growth due to the new security 
requirements, and to the decomposition of high-level functional 
requirements, but "overrun" usually means a contractor originally 
underestimated its cost to perform a specific set of tasks. 

Page 19: The draft report states "At contract award in October 2005, 
the total cost of the DRIS project was not to exceed $553 million. In 
December 2005, the Bureau adjusted the life-cycle cost to $484 
million." 

Census Bureau Comment: The life-cycle cost of $484 million is 
incorrect. The $553 figure represents the government estimate of the 
DRIS contract costs through the end of FY 2010. This has always been 
our estimate, and it was not reduced at contract award. The figure of 
$484 million just represents the initial Phase I and Phase II value at 
award. This $484 million figure was based on the contractor's original 
proposal, which in turn, was based on simplified pricing instructions 
contained in the original request for proposal issued in 2005.
Page 20: Although this information was not available when this draft 
report was prepared, we note for the record that the DADS H contract 
was awarded on schedule the week of September 10 to IBM. 

Page 25: The draft report states "....the FDCA project office did not 
identify any significant risks associated with using the handheld 
mobile computing devices. In addition, neither FDCA nor the DADS II 
project team provided evidence that system interface risks are being 
adequately identified . 

and: 

Page 29 (Conclusions): The draft report states... "Among risks that 
were not identified are those associated with the FDCA mobile computing 
devices." 

Census Bureau Comment: We disagree with GAO's assertions that we did 
not identify risks associated with the HHCs or system interfaces. 

The FDCA risk management process identified the following HHC-related 
risks: HHC usability (risk ID #14), HHC failure rates (#18), HHC 
bandwidth (#20), and HHC supply chain (#32). The FDCA RRB transferred 
these technical (or solution) risks to the contractor as provided in 
Section 3.4.2.1 of the FDCA Risk Management Plan (providing a 
"Transfer" risk response strategy). "HHC Performance for Decennial 
Operations" is currently the highest-scored contractor risk; mitigation 
strategies have been identified and activated within the contractor's 
risk management process. 

The FDCA risk management process also identified Interface Management 
(Risk ID #15) as a project risk, a risk still carried on the FDCA Risk 
Register. The current response strategy for this risk is "Track," as 
Dress Rehearsal Address Canvassing interfaces were identified within 
the Decennial Census Architecture, documented in signed Interface 
Control Documents, and implemented as planned. 

Page 28: The draft report states "...FDCA and MTAIP did not provide 
evidence of regular [risk] reporting to higher level officials. 
Specifically...their reports did not include discussions of risks and 
mitigation plans." 

Census Bureau Comment: The FDCA and MTAIP project offices report 
through the following supervisory chain: Chief, Decennial Automation 
Contracts Management Office or Chief; Decennial Systems and Contracts 
Management Office; Assistant; Director for ACS and Decennial Census; 
Associate Director for Decennial Census; Deputy Director and Chief 
Operating Officer; and Director. Each of these higher-level officials, 
together with the Chiefs of Decennial Management, Field, and Geography 
Divisions, and other stakeholder divisions and offices, regularly 
receive information on FDCA and MTAIP project issues and risks, and 
generally via more than one communication channel. 

We have provided GAO with slide decks from presentations to the 
Commerce IT Review Board, Decennial Leadership Group ("internal Program 
Management Reviews"), and Census Integration Group. We have also 
provided examples of biweekly "briefing sheets" provided to inform 
upper management of issues relating to major decennial contracts. 
Additional discussion of FDCA risks occurs at weekly FDCA strategy 
sessions and at monthly contractor-conducted PMRs (we have also 
provided copies of chart decks from the latter events). Each of these 
regularly-scheduled vehicles includes at least two (and in most cases 
several) higher-level officials beyond the FDCA project office. While 
we understand from interactions with the GAO audit team that this 
finding is intended to point out that our artifacts do not (in GAO's 
view) clearly document "discussions" of risks and mitigation plans, we 
disagree emphatically with their characterization of this array of 
communication channels as "practice not implemented." 

Page 29 (Conclusions): The draft report states ".the Dress Rehearsal 
operational testing will address less than a full complement of 
systems. " 

Census Bureau Comment: As stated in our major comment above, although 
some minimal functionalities are not part of the 2008 Census Dress 
Rehearsal, all critical systems and interfaces are part of the Dress 
Rehearsal, and we will conduct additional, fully integrated testing of 
all systems and interfaces, including the minor functionalities not 
part of the Dress Rehearsal, and any lessons learned from the Dress 
Rehearsal. 

Page 33 (Appendix II): The draft report states the MTAIP contract type 
is "Cost plus award fee with some fixed priced elements." 

Census Bureau Comment: The MTAIP contract type is simply "Cost plus 
award fee" or CPAF. The original contract for Phase I was CPAF with the 
government anticipating Phase II being a hybrid with some fixed-price 
elements. However, fixed-price elements were never used, and the 
contract was modified to exclude them. Therefore, the MTAIP contract 
remained as it startedï¿½a CPAF. The report should be amended to reflect 
this. 

The following are GAO's comments on the department's letter dated 
September 25, 2007. 

GAO Comments: 

1. Although the department states that it plans to test all critical 
systems and interfaces either during or after the Dress Rehearsal, we 
are aware of two critical systems (the DRIS telephone system and the 
DADS II tabulation system) that are not to be included in the Dress 
Rehearsal, and the Bureau's plans are not yet finalized. As a result, 
we stand by our characterization that operational testing would take 
place during the Dress Rehearsal without the full complement of systems 
and functionality originally planned. Consistent with our 
recommendation, following up with documented test plans to do end-to- 
end testing would help ensure that systems work as intended. 

2. The department said that our statement could be interpreted that 
cost increases resulted from an increase in the number of system 
requirements. It said this is not entirely accurate because although 
some requirements were added (generally related to security), other 
cost increases were due to the process of developing detailed 
requirements from high-level functional requirements. However, it is 
our view that the process of developing detailed requirements from high-
level functional requirement does not inevitably lead to cost increases 
if the functional requirements were initially well-defined. 

3. See comment 1. 

4. We have modified our report to reflect this additional information. 
However, although our discussion of schedule and cost changes preceded 
our discussion of risk management, we did not intend to imply that risk 
management weaknesses had contributed to these changes. We revised our 
report to help clarify this. 

5. We have revised our report to clarify the use of automation for data 
collection for all FDCA components. 

6. See comment 1. 

7. We agree that this statement is referring to all FDCA equipment, 
infrastructure, and systems. 

8. We have revised our report to update the status of the systems. 

9. We have revised our report to reflect the status of the office site 
selections. 

10. See comment 2. 

11. We disagree with the department's comment that "cost overrun" 
refers to a contractor originally underestimating costs. We use "cost 
overrun" to refer to any increase in costs from original estimates. 

12. We have revised our report to reflect this information. 

13. We have revised our report to add this information. 

14. We agree that the FDCA project identified certain risks, as the 
department describes. However, although it identified risks associated 
with handheld mobile computing devices and assigned responsibility for 
these to the contractor, it did not identify significant risks for the 
project office to monitor and track related to problems arising during 
the address canvassing component of the Dress Rehearsal. In addition, 
although this project identified interface management as a risk, it did 
not identify specific risks related to other systems. Accordingly, 
although we modified our report to reflect this information, we did not 
change our overall evaluation. 

15. The department stated that for the FDCA and MTAIP projects, risk 
status is regularly discussed with executive-level officials at 
Commerce and the Bureau, and that it provided us with briefing slides 
to support this statement. It said that it also uses other 
communication channels to report project issues and risks. However, the 
evidence provided did not show that FDCA and MTAIP risks were regularly 
discussed with executive-level officials. For example, while the FDCA 
project provided two presentations in October 2006 and March 2007, 
these presentations did not have discussions of risk and mitigation 
plans. Similarly, our review of the MTAIP project teams' presentations 
during quarterly reviews did not show that risk status was discussed. 
Therefore, we still conclude that these projects, unlike the other two, 
did not have sufficient evidence that executive-level officials were 
being regularly briefed on risk status. 

17. See comment 2. 

17. We have revised our report to reflect this information. 

[End of section] 

Appendix IV: GAO Contacts and Staff Acknowledgments: 

GAO Contacts: 

David A. Powner, (202) 512-9286 or [email protected]: 

Madhav Panwar, (202) 512-6228 or [email protected]: 

Staff Acknowledgments: 

In addition to the contacts named above, individuals making 
contributions to this report included Cynthia Scott (Assistant 
Director), Mathew Bader, Carol Cha, Barbara Collier, Neil Doherty, Karl 
Seifert, Niti Tandon, Amos Tevelow, and Jonathan Ticehurst. 

[End of section] 

Footnotes: 

[1] 13 U.S.C. 141 (a) and (b). 

[2] Earned value management integrates the investment scope of work 
with schedule and cost elements for investment planning and control. 
The method compares the value of work accomplished during a given 
period with that of work expected in the period. Differences in 
expectations are measured in both cost and schedule variances. The 
Office of Management and Budget requires agencies to use earned value 
management as part of their performance-based management system for any 
investment under development or with system improvements under way. 

[3] End-to-end testing is a form of operational testing that is 
performed to verify that a defined set of interrelated systems that 
collectively support an organizational core business function 
interoperate as intended in an operational environment. The 
interrelated systems include not only those owned and managed by the 
organization, but also the external systems with which they interface. 

[4] GAO, Census Bureau: Important Activities for Improving Management 
of Key 2010 Decennial Acquisitions Remain to be Done, GAO-06-444T 
(Washington, D.C.: Mar. 1, 2006). 

[5] TIGER is a registered trademark of the U.S. Census Bureau. 

[6] Mobile computing devices will be used to update the Bureau's 
address list, to perform follow-up at addresses for which no 
questionnaire was returned, and to perform activities to measure census 
coverage. 

[7] Address canvassing is a field operation to build a complete and 
accurate address list. In this operation, census field workers go door 
to door verifying and correcting addresses for all households and 
street features contained on decennial maps. 

[8] GAO, Information Technology Management: Census Bureau Has 
Implemented Many Key Practices, but Additional Actions Are Needed, GAO-
05-661 (Washington, D.C.: June 16, 2005). 

[9] GAO-06-444T. 

[10] The DADS II contract was originally planned to establish a new Web-
based system that would serve as a single point for public access to 
all census data and integrate many dissemination functions currently 
spread across multiple Bureau organizations. 

[11] GAO-06-444T. 

[12] This analysis primarily addresses project teams' implementation of 
risk management processes. According to our analysis, the contractors 
for the three contracts awarded (MTAIP, FDCA, and DRIS) had implemented 
adequate risk management processes involving risk preparation, risk 
identification and analysis, and risk mitigation. 

[13] GAO-06-444T and GAO-05-661. 

[14] GAO, 2010 Census: Preparations for the 2010 Census Underway, but 
Continued Oversight and Risk Management Are Critical, GAO-07-1106T 
(Washington, D.C.: July 17, 2007). 

[15] GAO-06-444T and GAO-05-661. 

[16] CMMIï¿½ is registered in the U.S. Patent and Trademark Office by 
Carnegie Mellon University. Class B appraisals are recommended for 
initial assessments in organizations that do not have mature process 
improvement activities. 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, DC 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: [email protected]: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, [email protected]: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548: 

Public Affairs: 

Susan Becker, Acting Manager, [email protected]: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548: 

*** End of document. ***