CIO Involvement Remains Weak in IT Investments

Posted by Christine Fritsch on January 23, 2018

Coworkers at computer

Last week, the GAO released the report, “Information Technology: Agencies Need to Involve Chief Information Officers in Reviewing Billions of Dollars in Acquisitions.” The watch dog agency sought to inspect two processes: the way in which federal agencies identify IT contracts and the extent to which federal CIOs are reviewing those procurements. To conduct the investigations, the GAO requested 22 of the 24 CFO agencies (DOD and DHS were excluded) to provide a list of IT contract obligations from FY 2016 while the GAO made their own identifications of IT contracts to compare. Likewise, the GAO reviewed 96 IT contracts and requested agencies to provide evidence of CIO review and approval for each.

Unfortunately, but not surprisingly, the results were disappointing.

Per GAO’s request, the 22 agencies identified 78,249 IT-related contracts in FY2016 at approximately $14.7B in obligations combined. The GAO found an additional 31,492 contracts at 21 agencies worth $4.5B, bringing the total for FY 2016 to $19.2B. While some agencies missed only a small percentage of contracts, eight agencies: DOI, DOT, Treasury, NSF, USAID, HHS, GSA and OPM did not identify over 40% of their IT contract obligations in FY 2016! Some of the reasons for the discrepancy in contract identification revolved around defining IT-related PSC and IT definitions, however, GAO found that a majority of the agencies that did not identify the almost $4.5B in IT obligations also did not follow guidance in having acquisition offices identify, or help identify, IT acquisitions for CIO review. 

The 2014 FITARA law stipulates that agencies must implement CIO authority enhancements. Among the requirements, FITARA calls for CIOs to approve agency IT budget requests, confirm implementation of development guidance for IT investments and review/approve contracts for IT acquisitions related to a major investment prior to award. In 2015, OMB followed up with additional guidance describing how agencies are to implement FITARA. It highlighted the need for CIOs to maintain the utmost responsibility for IT acquisition and management decisions.

Of the 96 IT contracts the GAO randomly selected to inspect for CIO approval process, only 11 had been fully reviewed and approved by CIOs as mandated by OMB. The remaining 85 contracts that did not follow proper procedure totaled approximately $23.8B. GAO identified several reasons it found why agencies did not fully comply with OMB requirements:

  • Four agencies reported they were following their own agency approval processes which the GAO determined did not align with OMB requirements
  • 16 contracts were found with no acquisition plans to begin with
  • There were 16 instances where agencies allowed the CIOs to delegate reviews outside of the levels OMB allows
  • CIOs approved acquisition documentation other than what is required by OMB in 26 instances
  • There were two cases where CIO IT review and approval was claimed but documentation was missing

Due to the magnitude of money and amount of IT acquisitions in the federal government, proper approval is of utmost importance. Accountability of the CIO has gained much momentum, particularly since several past IT investments experienced failed or trouble instances. Some of those investments include:

  • OPM Retirement Systems Modernization Program: $231M spent on third attempt to automate claims before cancellation
  • Coast Guard to replace EHR system: $67M spent before cancellation
  • Health.gov website and supporting systems that encountered significant cost increases, schedule slips and delayed functionality

Attention to CIO authority has attracted attention so much so that a potential order from the White House is rumored. Federal News Radio reports that the EO will be one more part of the administration’s IT modernization strategy.  The draft EO states that strengthening CIO visibility and insight into agency IT investments and spending will avoid duplication and failure and help agencies successfully modernize systems, improve security and produce cost savings. 

Categories