The GAO analyzed IT project data from June 2009 to March 2012 reported by six agencies: The National Science Foundation; the Office of Personnel Management; and the departments of Defense, Health and Human Services, Homeland Security, and Interior. Agency CIOs rate their projects on a scale of high risk to low risk.
Neither the DOD nor the NSF rated any of their investments as being of high risk or moderately high risk. The agency with the highest percentage of IT investments rated high risk was OPM, at 12%. CIOs were much more inclined to rate their projects as being of low risk or moderately low risk. The NSF rated every one of its IT investments at the low end of the risk scale. The GAO also found that nearly half (47%) of the agency self-assessments were suspiciously static, staying the same throughout the rating periods.
[ Read about earlier watchdog complaints. Watchdogs Criticize Federal Data Dashboard Accuracy. ]
In several cases, the DOD's risk ratings didn't match the GAO's analysis. For example, the DOD designated several projects as low to moderately low risk, even though the GAO had found them to be behind schedule, over budget, or otherwise at risk of overrunning costs.
Case in point: The Air Force's Defense Enterprise Accounting and Management System project was two years behind schedule and $500 million over budget. The DOD's inspector general reported in July that the delays "were likely to diminish the cost savings it would provide, and would jeopardize the department's goals for attaining an auditable financial statement."
DOD officials rationalized their more favorable risk ratings by pointing to the relative size of the military's IT budget and the fact that the military's major IT programs take seven years, on average, to complete. "DOD is masking significant investment risks, has not employed its own risk management guidance, and has not delivered the transparency intended by the Dashboard," said the GAO report. Pentagon officials concurred with the GAO findings and promised to better incorporate OMB evaluation factors into their risk assessments.
The six agencies analyzed by GAO represent about 65% of spending on IT investments in 2011. Despite imperfections with the dashboard reporting system, several agencies reported that increased oversight led to better program management and risk mitigation, lowering risk levels. In other cases, increased oversight led to a better understanding of risk factors, leading to higher risk ratings.
More than half of federal agencies are saving money with cloud computing, but security, compatibility, and skills present huge problems, according to our survey. Also in the Cloud Business Case issue of InformationWeek Government: President Obama's record on IT strategy is long on vision but short on results. (Free registration required.)