Department of State IRM: Modernization Program at Risk Absent Full
Implementation of Key Best Practices (Letter Report, 09/29/1998,
GAO/NSIAD-98-242).

The State Department is spending hundreds of millions of dollars to
replace its antiquated information technology with modern hardware and
software. In January 1997, the Department issued its five-year, $2.7
billion information resource management (IRM) strategic plan designed to
achieve several key goals by the end of fiscal year 2001. These goals
include (1) installing Year 2000 compliant hardware and software
throughout State, (2) upgrading State's information technology
infrastructure, and (3) instituting professional management principles
in all aspects of State's information technology operations. In light of
disappointing results from State's earlier modernization efforts and
widely publicized accounts of failed and costly modernization programs
at other federal agencies, this report examines the soundness of State's
approach to modernizing its information technology infrastructure. GAO
provides information and analysis on State's progress in implementing
key information technology oversight and investment planning
requirements mandated by law and Office of Management and Budget
guidance. GAO also examines the soundness of the five-year cost estimate
included in the Department's IRM strategic plan and whether this amount
incorporates potential cost savings and efficiencies from State's
modernization efforts.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  NSIAD-98-242
     TITLE:  Department of State IRM: Modernization Program at Risk
	     Absent Full Implementation of Key Best Practices
      DATE:  09/29/1998
   SUBJECT:  Private sector practices
	     ADP
	     Projections
	     Systems design
	     Cost effectiveness analysis
	     Information resources management
	     Information technology
	     Strategic information systems planning
	     Systems conversions
IDENTIFIER:  Y2K

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************
GAO/NSIAD-98-242

Cover
================================================================ COVER

Report to Congressional Requesters

September 1998

DEPARTMENT OF STATE IRM -
MODERNIZATION PROGRAM AT RISK
ABSENT FULL IMPLEMENTATION OF KEY
BEST PRACTICES

GAO/NSIAD-98-242

State IRM Modernization

(711268)

Abbreviations
=============================================================== ABBREV

  IRM - Information Resource Management
  IT - information technology
  OMB - Office of Management and Budget

Letter
=============================================================== LETTER

B-280832

September 29, 1998

The Honorable Harold Rogers
Chairman, Subcommittee on Commerce, Justice,
 State, the Judiciary, and Related Agencies
Committee on Appropriations
House of Representatives

The Honorable Benjamin Gilman
Chairman, Committee on International Relations
House of Representatives

The Department of State is spending hundreds of millions of dollars
to replace its antiquated information technology (IT) infrastructure
with modern hardware and software systems.  In January 1997, the
Department of State issued its 5-year, $2.7-billion information
resource management (IRM) strategic plan which is designed to achieve
a number of key goals by the end of fiscal year 2001, including (1)
installing Year 2000 compliant hardware and software systems
throughout State, (2) upgrading State's IT infrastructure, and (3)
instituting professional management principles in all facets of
State's IT operations.  State's strategic plan is accompanied by a
tactical plan that describes the 65 modernization projects designed
to achieve the Department's strategic plan objectives.

In light of disappointing results from prior State modernization
efforts and widely publicized accounts of failed and costly
modernization programs at several other federal agencies, you asked
us to examine the soundness of State's approach to modernizing its IT
infrastructure.  This report provides information and analysis on the
progress made by State in implementing key IT management oversight
and investment planning requirements mandated in recent federal
legislation and related Office of Management and Budget (OMB)
guidance.  We also examined the soundness of the 5-year cost estimate
included in the Department's IRM strategic plan and whether this
estimate incorporates potential cost savings and efficiencies from
State's modernization efforts.

   BACKGROUND
------------------------------------------------------------ Letter :1

The Department faces the difficult and challenging task of replacing
its classified and unclassified systems with hardware and software
systems that are Year 2000 compliant and fully satisfy the
Department's information resource needs.\1 With an IT workforce of
over 3,400 individuals, State manages a complex mix of approximately
260 discrete information systems designed to support a broad range of
diplomatic and administrative functions.  The Department relies on
these systems for much of its operations including diplomatic
messaging, visa and passport processing, and administrative functions
such as financial, personnel, and logistics management.  In fiscal
year 1998, State has budgeted $573 million to conduct its IT
operations, of which $293 million is budgeted for its modernization
efforts.  Key modernization projects include upgrading the
unclassified IT infrastructure at posts worldwide, instituting a
series of messaging system improvements, modernizing the Department's
financial management systems, and launching a number of IT management
improvements in such areas as IT architecture planning, project
planning and management, human resource planning, and IRM training.

State has recognized for years that its IT hardware and software
platforms are aging and inefficient, making it difficult to conduct
business in today's information-driven society.  Beginning in the
early 1990s, State has experienced difficulties in achieving its
short and long-term modernization goals.  For example, in August
1994, we reported that State's attempt to modernize its financial
management systems was subject to a high risk of failure because the
Department's management and planning for this effort had been
inadequate.\2

Subsequently, in 1995, State ended this effort and adopted a revised
approach to modernizing its domestic and overseas financial systems.
In December 1994, we reported that State had placed several major
modernization efforts at risk by not following a number of IRM
management best practices, including the need to develop an
integrated information technology architecture to help guide the
Department's investment decisions.\3 In July 1995, State issued a
report on its modernization efforts that noted that accelerating the
pace of implementation would require that systematic changes be made
to the Department's IT management practices.\4

The 1995 Paperwork Reduction Act,\5 the 1996 Clinger-Cohen Act,\6 and
related OMB guidance lay out a number of required best practices
designed to help federal agencies better manage their IT resources.
The Paperwork Reduction Act is the "umbrella" IT legislation for the
federal government, while the Clinger-Cohen Act requires that federal
agencies establish a disciplined approach to managing IT resources.
This legislation and guidance requires that the head of each
executive agency design and implement a process for maximizing the
value, and assessing and managing the risks, of IT acquisitions.  Key
actions called for include appointing a Chief Information Officer,
preparing an IRM strategic plan, establishing a rigorous planning and
investment process, and developing an integrated information
architecture to ensure that agency resources are utilized in the most
effective manner possible.  These and other IT management
requirements are summarized in OMB's July 1997 capital programming
guide and our February 1997 IT investment guide.\7

Consistent with federal legislation and OMB guidance, State appointed
a Chief Information Officer, prepared an IRM strategic plan and
related tactical plans, and developed a conceptual IT planning and
investment framework consisting of three IRM oversight boards to
manage its IT planning and investment process.  The conceptual
framework called for an IRM Program Board to review project proposals
and periodically assess the implementation status of ongoing
projects, an IRM Technical Review Board to ensure that IT projects
are technically sound and that adequate architectural and budget
planning takes place, and an IRM Configuration Control Board to
ensure that existing and planned systems will effectively operate
together.

State's conceptual framework requires that all three governing boards
coordinate their activities to achieve the goals of the IT planning
and investment process.  These goals include (1) ensuring that IRM
decisions are integrated with the organization's structure and
budget, (2) assessing the knowledge and skills of the Department's IT
workforce relative to perceived requirements, (3) establishing
performance measures, (4) analyzing mission and related business
processes, (5) evaluating investments, and (6) measuring progress
against established implementation goals.  Key anticipated "outputs"
from State's conceptual framework include an information technology
architecture, a strategic plan, a tactical plan listing approved
projects, a human resource plan for IT workers, and long-term funding
estimates developed through the use of a "cost model." Figure 1
illustrates the component parts of State's conceptual framework.

   Figure 1:  State's IT Planning
   and Investment Framework

   (See figure in printed
   edition.)

   Source:  Department of State.

   (See figure in printed
   edition.)

--------------------
\1 On January 1, 2000, computer systems that are not Year 2000
compliant will malfunction or produce inaccurate information because
the year 2000 will be indistinguishable from the year 1900.  This
problem is rooted in the fact that many computer systems use only two
digits to designate the year.  We recently reported on State's
progress in addressing Year 2000 issues.  See Year 2000 Computing
Crisis:  State Department Needs to Make Fundamental Improvements to
Its Year 2000 Program (GAO/AIMD-98-162, Aug.  28, 1998).

\2 Financial Management:  State's Systems Planning Needs to Focus on
Correcting Long-standing Problems (GAO/NSIAD-94-141, Aug.  12, 1994).

\3 Department of State:  Strategic Approach Needed to Better Support
Agency Mission and Business Needs (GAO/AIMD-95-20, Dec.  22, 1994).

\4 Accelerating Modernization at the Department of State:  A Report
of the Strategic Management Initiative Information Technology Team
(Office of the Chief Information Officer, U.S.  Department of State,
July 17, 1995).

\5 Public Law 104-13, 109 Stat.  163.

\6 Public Law 104-106, 110 Stat.  679.

\7 Capital Programming Guide (Washington, D.C.:  OMB, July 1997) and
Assessing Risks and Returns:  A Guide for Evaluating Federal
Agencies' IT Investment Decision-Making (GAO/AIMD-10.1.13, Feb.
1997).

   RESULTS IN BRIEF
------------------------------------------------------------ Letter :2

State has developed an information technology planning and investment
framework for managing its IT resources that is consistent with the
intent of applicable federal guidance.  However, full implementation
of the framework does not appear to be a top management priority.
Without a fully functioning framework, State cannot be assured that
it is making the most cost-effective decisions as it modernizes its
information technology operations, that systems will perform as
expected, or that its information technology cost estimates are
sound.  As a result, there is substantial risk that State's
modernization program will not achieve desired results, will cost
more than anticipated, and will take longer to put in place.

State's oversight mechanisms are not fully functioning as envisioned
in its conceptual framework.  While an IRM Program Board has been
established, it has not yet adopted the more disciplined project
management processes called for by the Clinger-Cohen Act and related
OMB guidance.  The IRM Technical Review Board and IRM Configuration
Control Board remain to be fully established.  State also does not
yet have an agency-approved information technology architecture to
help guide the Department's investment decisions.  The Department has
not established a specific action plan or related timetable to
implement these remaining components of the framework.  Department
officials attributed delays in implementing this framework to a
number of factors, including senior management turnover, internal
reorganization, competing priorities such as the Year 2000 and
computer security issues, staffing shortages, and the absence of an
agreed upon vision regarding the Department's technical direction and
operational requirements.

State's 5-year cost estimate, prepared in October 1996 and referenced
in State's strategic plan submitted to the Congress, is speculative.
First, the estimate was not based on a rigorous analysis of
information technology requirements and related project funding
needs.  Second, an estimated $600 million in Consular Affairs'
information technology costs were not included in the estimate.
Third, some of the requirements and associated costs included in the
original estimate have changed.  Finally, State's original budget
estimate and related planning documents do not identify or quantify
potential cost savings opportunities associated with its ongoing
information technology support and IRM modernization activities.

   KEY COMPONENTS OF STATE'S IT
   PLANNING AND INVESTMENT PROCESS
   REMAIN TO BE IMPLEMENTED
------------------------------------------------------------ Letter :3

Although State appointed a Chief Information Officer and established
an IRM Program Board, its other two governing boards--the IRM
Technical Review Board and IRM Configuration Control Board--are not
fully functioning.  In addition, while State does have an active IRM
Program Board, this board is not yet functioning as intended by the
Clinger-Cohen Act and related OMB guidance.  Moreover, State has not
put in place a Department-approved information technology
architecture, a key output referred to in its conceptual framework.

      IRM MANAGEMENT OVERSIGHT
      BOARDS NOT ADEQUATELY
      IMPLEMENTED
---------------------------------------------------------- Letter :3.1

According to State's conceptual framework, the IRM Program Board has
primary responsibility for the project management and coordination
process, which focuses on approving and monitoring projects, devising
acquisition plans, and periodically assessing State's total IT
portfolio.  This portfolio includes existing projects, pending
projects, and ongoing support activities.  The board, consisting of
senior-level managers, was established in 1995.

The IRM Program Board has not yet adopted a "portfolio-based"
approach to managing the Department's IT resources.  This approach
requires adopting specific evaluation criteria for comparing and
prioritizing alternate investment options as called for by the
Clinger-Cohen Act and related OMB guidance.  According to senior
officials familiar with the operations of the IRM Program Board, the
board has not yet systematically prioritized State's tactical plan
projects or reviewed the overall mix of funded projects, proposed
projects, and ongoing support expenses.  Although State officials
noted that projects that clearly relate to the Year 2000 issue are
afforded top priority, they agreed that ultimately all existing and
proposed projects will have to receive a carefully considered
priority ranking.

Until recently, the IRM Program Board had not mandated a standard
approach to developing project papers or required the inclusion of
certain analytical tools such as cost-benefit analyses;
return-on-investments calculations; alternatives analyses, including
the potential use of outsourcing; risk assessments; and consideration
of the need for business process reengineering.  To address these
concerns, State's Chief Information Officer released an August 1998
memorandum detailing the Department's new requirements regarding a
standardized format for project proposals.  These requirements
include a list of expected analyses that cover the areas outlined
above.  This is a positive first step.  However, the quality and
rigor of analyses prepared in response to these requirements will
ultimately determine their utility to the Department and the IT
planning and investment process.

The IRM Technical Review Board has primary responsibility for the IT
architecture management process.  This process focuses on developing
key planning documents such as the information technology
architecture, security and technical standards, and a cost model to
chart long-term funding needs and trends.  The IRM Technical Review
Board held an organizing meeting in February 1998 and as of August
1998 had not held a subsequent meeting.  The absence of a functioning
IRM Technical Review Board has hampered State's ability to prepare
adequate IRM planning documents, such as an information technology
architecture, and reduced the level of technical scrutiny project
proposals receive.

According to State's conceptual framework, the IRM Configuration
Control Board has primary responsibility for maintaining an inventory
of agency information resources, monitoring all proposed hardware and
software proposals for compatibility with State's existing systems,
and ensuring that all proposed changes conform to the Department's
information technology architecture.  Although State has established
a number of project-specific control boards whose activities should
be coordinated by the overall board, the IRM Configuration Control
Board has never been formally constituted.  The absence of the board
increases the risks that State's new systems will have compatibility
problems due to the implementation of conflicting technical
standards.

      STATE LACKS AN INTEGRATED
      INFORMATION TECHNOLOGY
      ARCHITECTURE
---------------------------------------------------------- Letter :3.2

State has not implemented an information technology architecture as
required by federal legislation and related OMB guidance.  As
computer systems have become larger and more complex over the last
decade, the importance of, and reliance on, information systems
architectures has grown steadily.  These comprehensive "blueprints"
systematically detail the full breadth and depth of an organization's
mission and methods of operation in (1) logical terms, such as
defining business functions and providing high-level descriptions of
information systems and their interrelationship and (2) technical
terms, such as specifying hardware, software, data communications,
security, and performance characteristics.  Without an architecture
to guide and structure a modernization program, there is no
systematic way to prevent either inconsistent system design and
development decisions or the resulting suboptimal performance and
added cost associated with incompatible systems.

The Congress and OMB have recognized the importance of agency
information systems architectures.  The Clinger-Cohen Act, for
example, requires Chief Information Officers to develop, maintain,
and facilitate the implementation of an integrated information
technology architecture.  In addition, OMB has issued guidance that,
among other things, requires agencies' information systems
investments to be consistent with such architectures.  OMB has also
issued guidance on the development and implementation of agency
information technology architectures.\8

State began developing an information technology architecture in 1996
and prepared its most recent draft in May 1996.  State's first
tactical plan called for the Department to have a key component of
its information technology architecture in place and validated by the
end of fiscal year 1997.  However, almost a year later, the documents
describing the architecture are incomplete and have not been endorsed
by management or validated by affected offices and bureaus across the
Department.

--------------------
\8 Funding Information Systems Investments, OMB Memorandum M-97-02
(Washington, D.C.:  OMB,
Oct.  25, 1996) and Information Technology Architectures, OMB
Memorandum M-97-16 (Washington, D.C.:  OMB, June 18, 1997).

      IMPLEMENTATION OF THE IT
      FRAMEWORK HAS NOT BEEN A TOP
      PRIORITY
---------------------------------------------------------- Letter :3.3

The Department has not made its IT planning and investment framework
a top priority.  Evidence to support this view includes the fact that
State did not respond to OMB's request to all federal agencies to
report by May 1, 1997, on progress in implementing the IT planning
and investment processes required by the Clinger-Cohen Act.  Of the
28 executive agencies identified in OMB's memorandum, State was the
only agency that did not respond to OMB's request.  Also, we noted
that a senior manager with lead responsibility for implementing
State's modernization program was not aware that the Department had
prepared a draft information technology architecture until we brought
it to his attention.

State officials attributed delays in implementing the framework to a
number of additional factors, including senior management turnover,
internal reorganizations, competing priorities such as the Year 2000
and computer security issues, staffing shortages, and a general lack
of vision regarding the Department's technical direction and
operational requirements.  Specifically, State officials noted:

  -- Since March 1996, State has had two Under Secretaries for
     Management, one Acting Chief Information Officer, and two Chief
     Information Officers.  The most recent Chief Information Officer
     was appointed in May 1998.  In addition, a major reorganization
     of the Office of Information Management occurred in early 1997,
     and a second major reorganization took place in March 1998 when
     the Office of Information Management was placed under the Chief
     Information Officer, thus eliminating a long-standing division
     between policy development and operations.

  -- Year 2000 and computer security concerns have largely consumed
     the Department's resources and attention.

  -- Chronic staffing shortages have contributed to implementation
     delays, for example, State's IT architecture function was
     supposed to be supported by eight full-time staff members;
     however, until recently, only one full-time employee was
     dedicated to this function.

  -- The Department lacks a clear sense of technical direction and
     operational requirements.  The absence of a clear and reasonable
     technical direction, that is widely articulated and agreed to by
     senior Department officials, is hampering State's ability to
     properly plan its IT investments and evaluate its IT projects.

State's Chief Information Officer recently told us that he is
committed to implementing the Department's IT planning and investment
framework and has taken steps to ensure that this occurs.  For
example, the Chief Information Officer has drafted an IRM vision
statement for the Department and has called for the IRM Technical
Review Board to hold its first operational meeting this September.

   COST ESTIMATE IN THE STRATEGIC
   PLAN IS SPECULATIVE
------------------------------------------------------------ Letter :4

State's projected 5-year IRM costs of $2.7 billion are speculative
for a number of reasons.  First, the estimate is not based on a
rigorous analysis of project requirements as anticipated in State's
conceptual IT planning and investment framework.  Rather, the cost
estimate in State's strategic plan was largely developed by the
Office of the Chief Information Officer on the basis of certain
operating assumptions, which were developed in the absence of a fully
functioning IT planning and investment process that should have
included an independent assessment of these assumptions and cost data
by a technical review group as called for in State's framework.

In addition to this basic shortcoming, State's estimate did not
include about $600 million in Consular Affairs' related IT costs.
For fiscal
year 1998, Consular Affairs has been allocated a total of $139
million for IT-related activities, including its visa processing and
name check systems that are installed at posts around the world.
Consular Affairs' costs would have added approximately $600 million
to State's original $2.7 billion estimate.  State officials told us
that these costs were left out of the estimate because they assumed
that the costs would be offset by expected revenues from
machine-readable visa fees.  However, State's conceptual framework
suggests that all costs should be included in the Department's
long-term IT funding projections.

After State released its IRM cost estimate in October 1996, the
Department determined that its requirements and cost estimates for
some key items will have to be revised.  Five key requirements in
State's 5-year funding estimate that will likely need updating are
(1) bandwidth,\9 (2) classified local area networks overseas, (3) a
change in State's messaging platform plans, (4) capital replacement
needs, and (5) anticipated changes to State's communication networks.
In addition, the potential adoption of a new worldwide communication
system could have cost implications for State.  The following
discussion provides data on the magnitude of these new requirements
and, where available, the potential cost implications.

  -- State's original estimate assumed that $393 million would be
     needed to meet projected bandwidth requirements over the 5-year
     planning period.  According to State documents, this estimate
     was largely an "educated best guess." State subsequently
     launched a separate tactical plan project designed to more
     accurately gauge, among other items, the Department's long-term
     bandwidth requirements.  Preliminary survey results from this
     project for fiscal year 2000 suggest the Department needs to
     update its projected bandwidth requirements.

  -- State's original cost estimate did not specifically identify the
     cost or number of classified local area networks required at
     overseas posts.  However, State's current tactical plan has
     identified the potential need for 200 classified local area
     networks overseas (which is double the current number) at a
     total projected cost of $167 million.

  -- One of the core assumptions in State's cost estimate was that
     State would implement a new messaging system based on the
     Defense Messaging System at an estimated cost of $127 million.
     The Defense Messaging System is designed to handle both
     classified and unclassified messaging needs.  However, State has
     deferred its implementation of the system pending full adoption
     of the system by the Department of Defense.  State's IRM
     tactical plan estimates that the Defense Messaging System may
     not become fully operational until 2005 and estimates that its
     interim messaging system will cost $37.2 million through fiscal
     year 2004.

  -- State's cost estimate does not include all of the Department's
     latest IT equipment and software replacement requirements as
     defined in the February 1998 tactical plan.  A formal
     replacement schedule and related budget estimates will need to
     be developed to include such items as network servers, routers,
     hubs, gateways, printers, and operating system software.  These
     costs could amount to millions of dollars annually.

  -- State is currently considering a number of options to streamline
     the operations of the three separate communication networks
     described in the cost model.  These changes will have cost
     ramifications not anticipated in State's original cost estimate.

In addition, the Diplomatic Telecommunications Service Program
Office, which provides overseas telecommunications services to State
and 46 other federal agencies, is currently testing a new
communication system known as the Black Router Network.  Full
implementation costs for this network have not yet been identified
but will run in the millions.  If it is adopted, State would have to
pay a significant portion of these costs.

--------------------
\9 "Bandwidth" is a measure of the amount of information that can be
carried over a communication line at any given moment.

      COST SAVINGS AND
      EFFICIENCIES FROM
      MODERNIZATION NOT IDENTIFIED
---------------------------------------------------------- Letter :4.1

State has not identified or quantified potential cost savings or
efficiencies from its modernization program.  State's IRM strategic
plan lists the achievement of greater economies in IT resource
management as a major goal.  However, no clearly identified and
quantified cost savings opportunities are discussed in its cost
estimate or plans.  In addition, State has not attempted to benchmark
the performance of its IT operations, including the
cost-effectiveness of its operations, against comparable public and
private sector organizations as called for by the Clinger-Cohen Act.

State officials acknowledge that there are opportunities to reduce
costs and achieve efficiencies in IT operations through the
modernization effort.  State officials cited consolidation of local
area network servers, mainframe centers, network operating centers,
and help desks; remote system management; and the closing of
communication centers as prospects for achieving potential cost
savings or instituting efficient operations.  However, in these and
other cases, State has not developed specific cost-saving strategies
or estimates.  For example, the potential for closing communication
centers overseas in response to the introduction of desktop cable
delivery systems has long been debated as a potential cost-cutting
measure in State.\10 However, these discussions have never progressed
to the stage where actual strategies and expected results have been
laid out.  The practical impact of implementing such a reform was
described by Canadian Foreign Ministry officials we spoke with who
explained that their adoption of a modern messaging system led to the
closure of all overseas communication centers and the termination,
retirement, or reassignment of 160 communication workers.

State has generally not benchmarked the cost-effectiveness of its
operations against comparable public and private sector organizations
as suggested by the Clinger-Cohen Act.  This type of analysis is
referred to as "metrics benchmarking" and entails the use of
quantitative measures such as reference points for comparison against
prior experience, industry norms, or best-in-class organizations.
Metrics benchmarking can range from broad comparisons using such
measures as the percent of total operating costs devoted to IT
activities to more finely drawn comparisons, such as the average cost
to respond to a help desk call.  Once specific cost comparisons are
made and problem areas are identified, best practices benchmarking
can be used to identify the practices and techniques employed by top
organizations to realize cost savings or to operate more efficiently
in these target areas.

--------------------
\10 State's overseas communication centers are staffed with an
estimated 530 employees.  According to a State official, these
employees generally have additional duties, such as assisting with
mail and pouch activities, which are not connected with the
communication center's operations.

   CONCLUSIONS AND RECOMMENDATIONS
------------------------------------------------------------ Letter :5

State has launched an ambitious modernization program in support of
its IRM strategic plan.  Under its current approach, State's
modernization effort may not achieve desired goals within reasonable
costs and timeframes.  To date, the Department has not made the full
implementation of its IT planning and investment framework a top
priority and significant portions of the framework remain to be
implemented.  Absent a fully implemented framework and the adoption
of the best practices included in recent federal legislation and
related guidance from OMB and GAO, State's large IT modernization
program is at risk.  In addition, State's has failed to adequately
identify the current scope and costs of its IT operations over a
5-year period.  Such projections should include explicit
consideration of expected cost savings from streamlined operations,
the deployment of advanced technology, and the utilization of more
efficient work processes and methods.

We recommend that the Secretary of State make the development of a
fully implemented IT planning and investment process a top priority.
The Secretary's implementation strategy should include

  -- establishing a fully functioning IRM Technical Review Board and
     IRM Configuration Control Board,

  -- establishing a validated information technology architecture to
     help guide the Department's IRM modernization and ongoing IT
     support decisions,

  -- revising (once the boards and architecture are in place) the
     strategic and tactical plans and 5-year cost estimate and
     identifying potential cost savings or efficiencies expected from
     the modernization effort, and

  -- establishing specific milestones for completing the full
     implementation of the IT planning and investment process, and a
     mechanism to measure progress against these milestones.

   AGENCY COMMENTS AND OUR
   EVALUATION
------------------------------------------------------------ Letter :6

In written comments on a draft of this report, State concurred with
the overall thrust of our report and noted that several steps had
recently been initiated to implement many of our recommendations.
State noted that they are (1) reconstituting and reconvening the IRM
Technical Review Board; (2) ordering the formation of a
Departmentwide Configuration Control Board; (3) drafting an IT vision
paper that will serve as the foundation for, among other key planning
documents, an agency-validated information technology architecture;
and (4) planning to release a revised long-term IT funding estimate
that will include actual and potential cost savings resulting from
State's modernization efforts.  We believe these steps are positive
indicators of the Department's intentions to fully implement its IT
planning and investment framework.

State commented that our report did not sufficiently describe State's
IT modernization initiatives and accomplishments.  It noted that its
IT planning process has been improved and progress has been made in
modernizing its infrastructure.  State highlighted two projects that
it considers to be successful--its efforts to modernize its
unclassified computer and communication systems and its consular
affairs systems.  We recognize that State has implemented several
modernization projects; in fact, our report specifically states that
the Department has a number of key modernization projects underway.
However, as our report notes, we did not evaluate the progress or
effectiveness of individual projects.

State also noted that our report cites only "one example" of a failed
modernization program--its efforts to modernize its financial
management system--as evidence that State has experienced
difficulties in achieving its short- and long-term modernization
goals.  We cite this example to illustrate the difficulties and risks
associated with implementing a large-scale, complex IRM project in
the absence of a rigorous planning and investment framework.  We
believe that State's difficulties in implementing a key modernization
program such as financial management are significant and point to the
need for full implementation of State's IT planning and investment
framework.

Our report objectives, scope, and methdology are described in
appendix I, and the Department of State's written comments are
reprinted in their entirety in appendix II.

---------------------------------------------------------- Letter :6.1

We are providing copies of this report to the Secretary of State, the
Director of OMB, and to other interested congressional committees.
Copies will also be sent to others upon request.

Please contact me on (202) 512-4128 if you or your staff have any
questions concerning this report.  Other contributors to this report
are listed in appendix III.

Benjamin F.  Nelson, Director
International Relations and Trade Issues

OBJECTIVES, SCOPE, AND METHODOLOGY
=========================================================== Appendix I

To provide information and analysis on the progress made by State in
implementing key information technology (IT) management processes
mandated by recent federal legislation and related guidance, we
compared State's IT management framework to criteria described in the
Office of Management and Budget's (OMB) recently issued Capital
Programming Guide\1 and our guide for assessing IT investment
decisions.\2 These documents outline a disciplined approach to
managing IT resources and embody the best practices incorporated in
several recent pieces of federal legislation, including the 1995
Paperwork Reduction Act\3 and the 1996 Clinger-Cohen Act.\4 We met
with State officials to determine their interpretation and
implementation of these various legislated requirements.  We focused
on State's overall IT planning and investment management process and
how policy and tactical-level funding decisions are made.  We did not
review individual IT projects for adherence with specific best
practices or whether these projects have been satisfactorily managed.

To provide information and analysis on the extent to which State has
developed a sound 5-year funding estimate, we reviewed the October
1996 cost model prepared by State to justify its $2.7-billion cost
projection as outlined in its 1997 strategic plan for fiscal years
1997-2001.  We spoke with State Department officials responsible for
developing this estimate and reviewed the methodology used to compile
the data in the cost model.  We also obtained and analyzed available
cost data and funding analyses prepared after the release of the cost
model in October 1996 to determine what impact they might have on
long-term cost trends and planning assumptions.  Where possible, we
attempted to quantify the potential impact of major planning changes.
For example, we sought to identify the dollar cost associated with
State's revised communication bandwidth requirements needed to
support its modernized information systems.  Finally, we reviewed the
latest version of the information resource management (IRM) tactical
plan, which includes funding projections for individual modernization
projects, to determine if baseline funding estimates for certain cost
model items had been significantly revised.

To analyze whether State had identified and implemented potential
cost-cutting opportunities, we reviewed State's 1997 IRM strategic
plan, each of the summary project statements included in the IRM
tactical plan, and tactical plan project papers.  We analyzed each of
these documents to determine if specific cost-cutting measures were
discussed and to what extent attempts were made to quantify any
expected cost savings.

We met with a broad range of State officials, a former Chief
Information Officer, a former Acting Chief Information Officer, the
Deputy Assistant Secretary for Information Management, tactical plan
project managers, technical personnel, bureau IT representatives, and
representatives from State's Office of Inspector General.  We also
met with IT professionals from the U.S.  Agency for International
Development, the U.S.  Information Agency, and the Diplomatic
Telecommunications Service Program Office, and with Foreign Ministry
representatives from Australia, Canada, and New Zealand.  To obtain
additional outside views on State's IT modernization program, we met
with officials from the Central Intelligence Agency and OMB.  We also
met with government contractors from Lockheed Martin to discuss the
Defense Messaging System that State had originally proposed to
implement.  We also met with Mobil Oil Corporation's Chief
Information Officer to discuss Mobil's recent IRM modernization
effort, which has been highlighted in IT literature as a "model"
reform effort.

We reviewed a wide number of prior reports and studies that have
examined State's IRM operations, including our December 1994 report\5

on State's information management practices, our August 1998 report\6

on State's Year 2000 remediation efforts, and our June and July 1998
reports on the status of State's Results Act planning efforts.  \7

We performed our work at State's headquarters in Washington, D.C.,
and visited Ottawa, Canada, to meet with IT officials from the
Canadian Foreign Ministry to discuss their ongoing IRM modernization
program and to tour the U.S.  embassy's IT operations in Ottawa.

We conducted our review between April 1997 and May 1998 in accordance
with generally accepted government auditing standards.

(See figure in printed edition.)Appendix II

--------------------
\1 Capital Programming Guide (Washington, D.C.:  OMB, July 1997).

\2 Assessing Risks and Returns:  A Guide for Evaluating Federal
Agencies' IT Investment Decision-making (GAO/AIMD-10.1.13, Feb.
1997).

\3 Public Law 104-13, 109 Stat.  163.

\4 Public Law 104-106, 110 Stat.  679.

\5 Department of State:  Strategic Approach Needed to Better Support
Agency Mission and Business Needs (GAO/AIMD-95-20, Dec.  22, 1994).

\6 On January 1, 2000, computer systems that are not Year 2000
compliant will malfunction or produce inaccurate information because
the year 2000 will be indistinguishable from the year 1900.  This
problem is rooted in the fact that many computer systems use only two
digits to designate the year.  We recently reported on State's
progress in addressing Year 2000 issues.  See Year 2000 Computing
Crisis:  State Department Needs to Make Fundamental Improvements to
Its Year 2000 Program (GAO/AIMD-98-162, Aug.  28, 1998).

\7 The Government Performance and Results Act of 1993 (P.L.  103-62,
107 Stat.  285), commonly referred to as the Results Act, requires
that all federal agencies set goals, measure performance, and report
on their accomplishments.  As such, an agency's IT investments should
directly support the accomplishment of these goals, and agency
Results Act planning documents should clearly establish this linkage.
See The Results Act:  Observations on the Department of State's May
1997 Draft Strategic Plan (GAO/NSIAD-97-198R, July 18, 1997) and The
Results Act:  Observations on the Department of State's Fiscal Year
1999 Annual Performance Plan (GAO/NSIAD-98-210R, June 17, 1998).

COMMENTS FROM THE DEPARTMENT OF
STATE
=========================================================== Appendix I

(See figure in printed edition.)

(See figure in printed edition.)

(See figure in printed edition.)

(See figure in printed edition.)

(See figure in printed edition.)

(See figure in printed edition.)

(See figure in printed edition.)

(See figure in printed edition.)

(See figure in printed edition.)

MAJOR CONTRIBUTORS TO THIS REPORT
========================================================= Appendix III

NATIONAL SECURITY AND
INTERNATIONAL AFFAIRS DIVISION,
WASHINGTON, D.C.

Jess T.  Ford
Diana M.  Glod
Michael M.  ten Kate
Edward D.  Kennedy

ACCOUNTING AND INFORMATION
MANAGEMENT DIVISION, WASHINGTON,
D.C.

Jack L.  Brock, Jr.
Franklin W.  Deffer
*** End of document ***