GAO: OMB, federal CIO need to be more involved in high-priority IT projects

An audit found that the Office of Management and Budget has discontinued or de-emphasized regular reporting and oversight on high-priority IT projects and could be passing up billions in cost savings across the federal government.

Shutterstock. Photo credit: Tupungato

The Office of Management and Budget has discontinued or de-emphasized regular reporting and oversight on high-priority IT projects and could be passing up billions in cost savings across the federal government.

That's the conclusion of a Government Accountability Office report released Nov. 21, which also found that the federal CIO has become less involved in overseeing major IT projects, some of which have been plagued by significant delays and cost overruns.

"Until OMB ensures that the federal CIO is more directly involved in the oversight of these high priority programs, it may be missing a key opportunity to improve accountability and achieve positive results," auditors wrote.

Since 2015, Congress has required OMB to issue quarterly updates on the top 10 IT projects across the federal government designated as "high-priority," either because of their cost, importance in carrying out an agency's mission or the project's potential impact on the public at large. This was in part due to what GAO called "prior IT expenditures [that] have often resulted in significant cost overruns, schedule delays, and questionable mission-related achievements." Auditors flagged examples such as the botched rollout and cost and schedule delays associated with the Department of Veterans Affairs electronic health records system.

While OMB issued two high-priority IT project reports in June 2015 and June 2016, it discontinued issuing such reports. OMB officials attributed the halt to changing guidance from Congress following the Consolidated Appropriations Act of 2016, which imposed requirements on the U.S. Digital Services to also provide quarterly updates on high-priority projects.

However, those requirements only related to projects under the USDS umbrella, and there is some confusion as to whether Congress intended those reports to replace OMB's analyses. Auditors argued that while OMB may no longer be legally required to continue issuing updates on high-priority IT projects across government, it should continue to do so anyway, citing cost and oversight benefits associated with the practice.

"GAO's conclusions are based on the view that continued identification and reporting on the top 10 high priority programs, and not just USDS projects, would help to enhance congressional oversight."

Auditors also claimed that the role of the federal CIO in the process has been de-emphasized in the past two years, noting that in the case of the TechStat review program, "Federal CIO-led reviews of troubled projects … resulted in $3 billion in savings in 2010."

According to GAO, that changed in 2015 following OMB guidance that shifted responsibility for those reviews to individual agencies. The guidance also changed another review process, dubbed PortfolioStat, to no longer require attendance by the federal CIO.

OMB responded that "GAO's findings and conclusions are rooted in an incorrect legal interpretation of OMB's annual appropriation" and that it has worked to provide information to Congress on a quarterly basis outside of the reports cited in the audit. OMB also disputed that a lack of involvement by the federal CIO led to inadequate oversight.

Former Federal CIO Tony Scott told FCW in an emailed response that he disagreed with the report "in several respects" and said GAO auditors did not reach out to contact him during their investigation.

"I think it is an incorrect conclusion to say that the federal CIO role was de-emphasized in terms of oversight. What we did was focus more heavily on projects that were in trouble, and make those high priority for review at the Federal CIO level," Scott said.  "We strengthened the TechStat process to ensure better data was coming in, and then chose specific areas where the Federal CIO would engage.  And, while I did not attend every PortfolioStat meeting (due largely to a focus on cybersecurity issues) I reviewed the material for each one, and followed up with staff and the agency where needed."

Scott did say that the report correctly identifies "the need for clarity" in terms of whether USDS or OMB is now responsible for the top 10 IT priorities report, adding that the current situation is "quite confusing."

The GAO recommended OMB continue issuing its own reports on high-priority IT projects, ensure the federal CIO is "directly involved" in oversight and continue reporting on the status of USDS projects. The report noted that OMB did not comment on whether it formally concurred with those recommendations.