recommended reading

Agencies Aren't Honest About Tech Spending and Risks, Auditor Says

David Powner, director of Information Technology Management Issues at GAO, said that OMB had failed to force agencies to be sufficiently transparent about IT spending.

David Powner, director of Information Technology Management Issues at GAO, said that OMB had failed to force agencies to be sufficiently transparent about IT spending. // Committee On Oversight & Government Reform

Better information technology management could save taxpayers $10 billion within five years, the government's top technology auditor told lawmakers Tuesday. But getting there will require agencies to be more open about what they're spending on IT and what they're actually getting for that investment. 

David Powner, director of Information Technology Management Issues at the Government Accountability Office, told members of the Senate Homeland Security and Governmental Affairs Committee that the Office of Management and Budget had failed to force agencies to be sufficiently transparent about IT spending. He also faulted OMB for not setting clear enough goals. In a recent reboot to the three-year-old White House initiative to consolidate federal data centers, for instance, OMB set different goals for “core” and “non-core” data centers” but didn’t sufficiently define the terms, making it difficult for auditors to judge whether agencies are making good decisions.

Powner also criticized agencies, especially the Defense Department, for not being candid about the riskiness of major IT acquisitions in reports to the Federal IT Dashboard transparency site. Defense Chief Information Officer Teri Takai does not describe any of her department’s projects on the dashboard as “high risk,” which Powner said is contrary to GAO’s own observation.

The committee’s ranking member, Sen. Tom Coburn, R-Okla., lashed out at the DOD rankings, calling the IT Dashboard “a farce.”

Federal CIO Steven VanRoekel, testifying at the same hearing, declined to describe the defense reports as inaccurate but said his office looks at performance data rather than qualitative assessments, such as an agency CIO’s ranking when determining whether to give that project additional oversight.

VanRoekel’s office is also automatically notified when agencies change a project’s expected completion date or cost inside the dashboard, he said. Re-baselining can sometimes trigger a review, he said.

VanRoekel’s two main oversight mechanisms for agency IT spending oversight are TechStat reviews -- meetings with senior agency executives about a particular project that is significantly over budget or past deadline -- and PortfolioStat reviews, which examine the overall structure of agency IT spending, particularly how an agency purchases commodity items such as mobile phones and Internet.

He noted that there is an “ongoing” TechStat of the Veterans Affairs and Defense department’s long-troubled project to create a joint electronic health record.

Agencies have saved roughly $4 billion from TechStat reviews, OMB has said, and $300 million so far from PortfolioStat. VanRoekel expects that $300 million, which does not include reported savings from some agencies, to be “a drop in the bucket” but doesn’t want to report savings that aren’t fully vetted, he said Tuesday.

Powner praised both TechStat and PortfolioStat as methods to increase transparency and efficiency.

In response to a question from Coburn, VanRoekel said increased pay for federal technologists might help retain the most talented people at lower levels in an agency, especially cybersecurity professionals. Pay that is not competitive with the private sector is less of a concern at the top levels of an agency, he said, because the government offers other benefits such as the opportunity to manage a large budget and complex organization.

The greatest thing dissuading young technologists from entering or remaining in the government, he said, is sequestration and the fear of furloughs. 

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.