Proliferating watch lists leave CIOs baffled

Federal officials say they are confused by the assorted watch lists that the Office of Management and Budget and other oversight offices keep, and they want better answers about how to get a project off those lists. They want to know why a project removed from OMB’s High-Risk List remains on the Government Accountability Office’s list.“You wonder if GAO and OMB are communicating at times,” said Scott Charbo, chief information officer at the Homeland Security Department, speaking at a recent AFCEA International breakfast in Bethesda, Md.Charbo and other federal CIOs say the answers they get from OMB and other oversight offices leave them unsure about how to solve the problems that put one or more of their information technology projects on a watch list. “The answer we get back is they are either high-dollar, high-visibility or both,” he said.But although CIOs say information about the watch lists needs to be clearer, many agree that the lists are important in helping focus senior managers’ attention on critical projects and program activities. “The No. 1 reason projects fail, according to firms like Gartner, is poor communication and poor execution,” said Tom Hughes, CIO at the Social Security Administration and a former PricewaterhouseCoopers executive. “Hopefully, the lists bring [a] focus to business managers that says they have to get it right.”However, compiling the lists is not an exact science, Hughes said. For example, OMB allows some discussion about projects on its watch lists.OMB started its Management Watch List in 2002 after noticing that few agencies could make good business cases for the IT projects they proposed, said Mark Forman, a former OMB administrator for e-government and IT and now a principal at KPMG in New York City. But for many years, OMB would not disclose that such a list existed. Sen. Tom Coburn (R-Okla.) forced Bush administration officials to release the agency’s watch lists for the first time this past fall.“Transparency has a wonderful effect of driving management reform in government,” Forman said. “I understand why it is hard to get risky programs off the list. Agencies must understand how they are transforming their business and all the work they must do to manage change,” he added. However, Charbo said a lack of transparency is not the only factor that can put projects on a watch list, adding that certain factors are beyond a CIO’s control. For example, CIOs are responsible for some IT projects for which they can’t make a strong business case, but they also can’t ignore them because Congress wants those projects.  “There are some projects you can’t do much about, but since the CIOs own the score card, [we] have to deal with them,” Charbo said.Other aspects of watch lists draw complaints from senior IT officials. One official, who requested anonymity, said people are frustrated because OMB’s resource management officers don’t use a consistent standard in conducting IT project reviews.“What works at one agency based on their reviewer may not be the same that works for another agency,” the official said, adding that “this is an area of frustration for a lot of folks.”OMB’s Management Watch List identifies projects for which agencies have submitted weak business cases. The agency’s High Risk List identifies projects that need special attention from the agencies’ senior executives. OMB doesn’t publicly publish the criteria it uses for compiling the watch lists. However, Karen Evans, OMB’s administrator for e-government and IT, said the review criteria are not a mystery to agencies. The criteria for getting a project off OMB’s Management Watch List are having adequate information security and a qualified project manager and meeting cost, schedule and performance goals, Evans said.“Agencies can write a good business case to get off the Management Watch List,” she said. OMB and GAO are working together on a plan to address some of the other issues that CIOs have raised about watch lists, Evans said.