GAO: Only 2 of the 10 Most Critical Legacy IT Systems Have Full Modernization Plans

undefined undefined/

The federal watchdog warned that eight of the most important mission-critical modernization efforts could fail without sufficient, documented plans.

Among federal agencies operating the 10 most critical aged IT systems in government, only two have fully developed plans to modernize.

Nearly two years after the Government Accountability Office identified 10 legacy federal systems most critical to the respective agency’s mission and most in need of updating, eight of those agencies have yet to produce workable modernization plans.

The 10 systems range from 8 to 51 years old “and, collectively, cost about $337 million annually to operate and maintain,” according to a GAO report released this week. Beyond cost, the aging systems are “operating with known security vulnerabilities and unsupported hardware and software,” creating risks for the entire federal enterprise.

GAO did not release the names of the systems but offered an update on the planning process during a hearing this week held by the Senate Homeland Security and Government Affairs Subcommittee on Emerging Threats and Spending Oversight.

“The American people pay the price of failing to modernize legacy IT systems,” Subcommittee Chair Sen. Maggie Hassan, D-N.H., said. “The United States government ranks among the lowest industries in customer satisfaction. Over the past year in particular, my office has received hundreds of messages from constituents struggling to access” government services.

“Of the 10 agencies responsible for these legacy systems, GAO reported in June 2019 that seven agencies—the departments of Defense, Homeland Security, the Interior, the Treasury; as well as the Office of Personnel Management; Small Business Administration; and Social Security Administration—had documented plans for modernizing the systems,” the report states.

While most of the agencies developed a plan, only two—plans developed by the departments of Defense and Interior—covered “all of the key elements identified in best practices,” including specific milestones, a detailed description of modernization work required and plans to decommission the older systems.

Agencies with incomplete plans offered several reasons, most of which centered on a lack of resources, including budget and leadership.

While leadership changes are unavoidable, GAO did not let agencies off the hook when it came to funding constraints.

“We recognize that system modernizations are dependent on funding,” the report states, “however, it is important for agencies to prioritize funding for the modernization of these critical legacy systems.”

Three agencies—the departments of Education, Transportation and Health and Human Services—have yet to develop modernization plans for their major systems.

Each had their reasons.

“Education’s modernization plans were pending the results of a comprehensive IT visualization and engineering project that would determine which IT systems and services could be feasibly modernized, consolidated or eliminated,” according to GAO. Similarly, “HHS had entered into a contract to begin a modernization initiative, but had not yet completed its plans,” and “Transportation had solicited information from industry to determine whether the agency’s ideas for modernization were feasible.”

Despite these efforts, GAO urged agencies to move ahead and finalize their plans quickly.

“GAO stressed that, until the eight agencies established complete plans, their modernizations would face an increased risk of cost overruns, schedule delays, and project failure,” the report states. “It is essential that agencies implement GAO’s recommendations and these plans in order to meet mission needs, address security risks, and reduce operating costs.”