Coast Guard's small IT programs suffer from inconsistent oversight policy, GAO finds
The Government Accountability Office found inconsistent evaluations of baseline goals, like cost changes, for the Coast Guard's non-major IT acquisition programs which led to inaccurate estimates of cost increases.
The Coast Guard has been working to improve oversight of its IT systems in recent years, but it's still hampered by inconsistent management of the cost and schedule goals for programs under $300 million, according to a recent report.
The Coast Guard developed a process in 2017 to determine whether an IT system should be considered and managed as a non-major acquisition, which means the assets cost less than $300 million. But the Government Accountability Office found inconsistent evaluations of baseline goals, like cost changes, for the Coast Guard's non-major IT acquisition programs which led to inaccurate estimates of cost increases over time.
The Coast Guard's process includes evaluating markers like technical and legal concerns, but "it does not provide definitions for what constitutes these levels of risks for acquisition officials to use," GAO found in its report released on May 26. And that means "the Coast Guard cannot ensure that its acquisition professionals are making risk-based decisions when designating IT systems as non-major acquisition programs."
The GAO also found that it was unclear how officials should evaluate a program's risks to determine whether it should be managed as a non-major acquisition and assign the proper oversight level.
The report also states that management of these programs were "hindered" because baselines, such as creating, revising, and communicating cost and schedule goals, were inconsistent in 75% of the non-major IT acquisition programs with approved baselines.
"For example, one program used a different dollar measurement to calculate baseline costs when it revised its goals in 2021. This measurement did not accurately capture the almost $300 million increase from its initial cost baseline," the GAO wrote. "This approach could make it difficult for the Coast Guard to track how programs are performing against their cost and schedule goals."
To improve that, the watchdog organization recommended the Coast Guard better define risk levels used to evaluate potential non-major acquisition programs and communicate baseline information consistently.
"The lack of clarity on risk levels in the Coast Guard's non-major acquisition policy increases the likelihood of inconsistent evaluations when designating acquisition programs," the GAO report states.
"Having guidance that defines and clarifies how risks should be evaluated as low, medium, or high will improve the Coast Guard's ability to effectively discern which IT systems should be managed as non-major acquisition programs and the level of oversight."