Agencies are meeting milestones for cybersecurity, project management and reducing costs, but IT managers’ skills still a concern.
The Office of Management and Budget on Thursday issued a mostly upbeat report on improving information technology management governmentwide, with three-quarters of agencies having complied with initiatives the office has issued to tighten security, improve project management and reduce the cost of IT.
Of the 27 agencies OMB assessed, 23 had completed as of March 2007 enterprise architectures that guide and inform what IT equipment and services agencies should invest in. Agencies saved money or avoided spending funds on IT equipment and services by completing what OMB called "segment architectures," which are subsets of the enterprise IT architecture and focus on improving IT processes for a single mission, business or enterprise service, such as financial management or information sharing.
"We took the opportunity to introduce some new concepts with the federal enterprise architecture," said Karen Evans, administrator of the Office of E-Government and Information Technology at OMB and the Bush administration's top technology executive. "Now that the agencies have this good foundation in place, we'll be able to better manage investments and look at results to ensure the transition strategy [to an enterprise architecture] is successful."
Evans said OMB met its fiscal 2007 goal to have 90 percent or more of federal computer systems certified and accredited, with 92 percent of all systems having achieved that status.
Still some security milestones have not progressed as far as OMB had targeted. Only two-thirds of agencies have completed security remediation plans that have been verified as effective by the inspector general. In addition, agencies had posted a privacy impact assessment -- a report on how they collect, stores, share and manage the public's personal information in each federal system -- for 84 percent of affected systems, which was 6 percent below OMB's goal.
Evans said the agencies' work to tighten security was a continuation of the effort to better manage security after a laptop computer was stolen from the home of an analyst who worked for the Veterans Affairs Department. The laptop contained the Social Security numbers of 26.5 million veterans and their family members. "All agencies were going back through all their information collections," she said. "That's why it's taken a little longer. I'm actually excited, because at two years, we're [already this far], while it's taken nine years to get over 90 percent of systems certified and accredited. Agencies are moving forward aggressively."
OMB also fell short of its 90 percent goal to have complete business cases written for IT projects. The cases must include what the project is, how it aligns with the agency's mission, and what benefits it provides. As of Sept. 30, 2007, 13 of the 27 agencies, or 48 percent, had acceptable fiscal 2008 business cases, and 44 percent -- or 12 of 27 -- had more than half of the agency's business cases considered acceptable.
Agencies made progress in using earned value management to control IT costs, Evans said. According to the report, 48 percent of agencies (13 out of 27) implemented earned value management by the close of fiscal 2007, meaning operational costs and schedule overruns and performance shortfalls averaged within 10 percent of the IT portfolio. Twelve out of 27 agencies, or 44 percent, were using some level of earned value management to track costs and schedules, and the remaining two agencies had a plan of action and milestones to incorporate earned value management into processes.
Where OMB has fallen short is in its effort to improve IT employees' skills, according to Evans. Without a better trained IT workforce, she said, none of the other efforts will be successful. In March, the federal Chief Information Officers Council released results of the 2006 Information Technology Workforce Capability Assessment, which showed that employees' lacked core competencies in IT project management skills.
The gap in skills is narrowing, Evans said, because of OMB's efforts to offer standardized certification training and to emphasize project management experience when hiring. Similar efforts are now under way to close the skills gap for cybersecurity professionals.
"Right now I'm falling short, because I can't clearly demonstrate that we've closed those gaps," Evans said.