OMB needs larger role in IT project oversight, GAO says
Agencies have changed cost or schedule estimates for many at-risk projects without sufficient guidance from the OMB, a GAO official told a Senate subcommittee.
The Office of Management and Budget needs to take a bigger role in helping agencies develop more accurate estimates or baselines for the cost and schedule plans of their information technology projects, the Government Accountability Office said. Agencies have re-baselined or changed estimates for 48 percent of all major IT projects without sufficient OMB guidance, said David Powner, GAO’s director of IT management issues. He testified at a hearing July 31 of the Senate Homeland Security and Governmental Affairs Committee’s Federal Financial Management, Government Information, Federal Services and International Security Subcommittee. Baselines assist agencies in tracking if their projects are progressing according to plan despite potential risks, he noted. “Re-baselining reports raise the question whether we’re getting an accurate picture of performance. It should not be used to mask schedule and cost overruns,” Powner said. The Senate panel produced a report card of IT project performance by agency that said half the major agencies failed at planning and implementing their IT investments in fiscal 2008. Those agencies oversee $57 billion in IT investments, said Sen. Tom Carper, (D-Del.), the subcommittee's chairman. The $57 billion represents 81 percent of the fiscal 2009 IT budget request, while 19 percent or $13 billion worth of IT investments received a passing grade. The findings were based on information the subcommittee received in March, Carper said Powner and Carper advocated seeking more transparency and public disclosure of agency shortfalls. “I don’t think you can fix shortfalls without fully disclosing all your problems. We highlight the high-risk projects to fix the shortfall,” Powner said. Half of projects are re-baselined and half of those multiple times, and none of the projects are performing at the threshold that OMB’s President’s Management Agenda requires, he said. Carper said part of Congress’ oversight role when agencies don’t perform adequately is to embarrass by having them testify at hearings . “Sometimes people need a swift kick in the pants,” he said. Karen Evans, OMB’s administrator for e-government and IT cautioned that publishing comprehensive data could drive agencies to do whatever it took to reach compliance instead of focusing on results. “This is a balance my office has struggled with. How much shame and embarrassment do you bring on agencies? We’re supposed to be helping them,” Evans said. Powner said there have been some recent successes with individual projects being on time and on budget because they focused on governance and putting in place centers of excellence for assistance. “They aren’t perfect, but there are pockets of success in those agencies,” he said. Evans cited the CIO Council’s Best Practices Committee, which is identifying problems from past complex projects and sharing them so agencies can avoid them. OMB and agencies have identified 413 IT projects, which total about $25.2 billion in expenditures for fiscal 2008, as being poorly planned or poorly performed or both through the Management Watch List and high-risk projects processes, Powner said. Since September, OMB has improved identification of those projects, including publicly disclosing the reasons for being on the lists and clarifying high-risk project criteria, he said. Since last year, Evans said OMB has added evaluation criteria for the business cases for IT investments to better communicate the importance of IT project management. OMB also provided feedback to agencies on a case-by-case basis when they fell short of its evaluation criteria, published the evaluation results by section for each business case on the Management Watch List and published the criteria OMB uses to assign scores for each section of the bus iness case, she said. Powner recommended that OMB issue guidance for re-baselining policies that would include a minimum set of key elements and criteria, such as describing the process for developing a new baseline and requiring new baseline validation and management review.
NEXT STORY: Coast Guard said to fall short on IT security