recommended reading

OMB scolded over its list of high-risk IT projects

The Office of Management and Budget should provide more information on information technology projects that face management troubles, including cost overruns, schedule delays and performance issues, the Government Accountability Office told a Senate panel on Thursday.

Comment on this article in The Forum.At issue was OMB's list of high-risk IT projects, which includes projects that are not necessarily experiencing management problems but rather are high-profile IT investments with such broad impact on an agency's operations that if problems arise, they could have costly and dire consequences. These projects require special attention from the agency's senior managers.

OMB also compiles the management watch list, which tracks IT projects that have failed to meet standards. David Powner, director of information technology management issues at GAO, told the Senate's Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security that the watch list was useful, but he called the high-risk list "not that important." Powner said the Bush administration is reluctant to highlight projects with performance shortfalls so to avoid embarrassing agencies.

He also said the number of projects on the high-risk list that have performance shortfalls is much higher than OMB reports. In his testimony, Powner identified 87 projects on the list worth about $4.8 billion as poorly performing but said the number likely was much higher because OMB does not release enough information to determine whether a project is troubled. In its report, GAO found 352 projects valued at about $23.4 billion on the management watch list to be poorly planned, according to documents released before the hearing.

Karen Evans, administrator of the office of e-government at OMB, said the watchdog agency chose not to release detailed information on high-risk projects because singling out agencies for problems tends to discourage them from providing accurate, in-depth data on their projects. Evans said OMB was more interested in helping agencies improve the management of the projects than chastising them.

"How much shame and embarrassment do you bring to an agency? We're supposed to be helping them," she said, adding that OMB was an agency designed to help the executive branch accomplish its mission, not operate as an auditor.

In response, subcommittee chairman Tom Carper, D-Del., said, "I think the time comes when folks need a swift kick." He said sometimes agencies "need to be embarrassed."

Powner said disclosing which parts of a project an agency is handling poorly would lead to improved IT management. "You can't fix the shortfalls without fully disclosing the problem," he said. Powner encouraged OMB to highlight all projects on the high-risk list that face cost or schedule shortfalls.

Evans said the process of disclosing information on the progress of IT investments is still immature and highlighting problem projects would lead agencies to hide poorly performing ones. She said she would single out a failing project but only after making every effort to help the agency get it back on track.

"Once I believe I've done everything I can, I have no problem putting it out there," Evans said. "But agencies should be rewarded for coming forward and disclosing the information they have."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.