GAO report highlights high-risk IT projects

OMB data may paint incomplete picture of spending, program delays

Related Links

Risky business

We do not believe flexibility in the process equals inconsistency in the application of the criteria.'

'Karen Evans, OMB

Rick Steele

For David Powner, the problem with the Office of Management and Budget's data on at-risk IT projects is not so much what the information contains, but rather, what it does not.

Powner, director of IT management issues at the Government Accountability Office, said that while the White House does a commendable job in collecting information on major IT projects that are in danger of running late, missing performance goals or being over budget, OMB is only getting a limited view because of how it assembles the data.

'The watch lists are very valuable because they identify projects that are poorly performing,' Powner said. But 'we have some concerns about OMB's criteria not being consistently applied.' Powner recently drafted a report on the Management Watch List and urged OMB to tighten its oversight policies (,

Dual tools

OMB currently uses two tools for tracking agency IT spending: its Management Watch List, which the administration started in fiscal 2002, and its high-risk quarterly reports, in which agencies identify mission-critical IT projects that are behind schedule and over budget.

Both tools rely largely on the agencies to apply certain criteria against their IT projects and provide OMB with the data.

In a response to GAO's report, OMB officials disagreed with the audit agency's conclusions, saying its oversight is supplemental to what agencies already are doing.

OMB requires agencies to classify a project as 'high risk' if:
  • The agency has not demonstrated the ability to manage complex projects

  • The projects have unusually high development, operating and maintenance costs

  • The projects are addressing deficiencies in an agency's ability to perform mission-critical business functions

  • The project's delay or failure would affect an agency's essential business functions.

  • In GAO's recent report, auditors found that agencies are inconsistently applying the OMB criteria and are not including several projects that the congressional watchdog service believes qualify as high risk.

    As an example, Powner pointed to a discrepancy between the number of at-risk projects reported at the Veterans Affairs Department'33'and the Defense Department, which only reported six high-risk projects even though DOD's IT budget is almost 17 times larger than VA's.

    Specifically, GAO noted that it has found numerous problems in previous reports on Defense's Business System Modernization effort, which auditors said has been hampered by project management problems. GAO also has criticized the Transportation Department's modernization programs at the Federal Aviation Administration, which according to agency officials have no projects that are at risk.

    Moreover, OMB does not have a clear policy for how agencies can update the list and add or subtract projects, again letting agencies set their own policies for doing so, GAO said.

    OMB could get a much bigger and clearer picture of agency IT project processes by directing agencies to more consistently apply its criteria, auditors said.

    'Until these recommendations are implemented, agencies may not be able to effectively monitor their investments' performance,' the report said.

    Karen Evans, OMB's administrator of E-Government and IT, disputed GAO's concerns. She said that the administration's policy is lenient for a reason and gives agencies necessary flexibility as OMB's tools serve as a supplement to the oversight work agencies are already performing.

    'We do not believe flexibility in the process equals inconsistency in the application of the criteria,' Evans said in comments on the report. 'The report incorrectly implies agencies will not be able to oversee their own projects without additional guidance on this narrowly focused process, when, in fact, the report itself suggests agencies are using this policy as an opportunity to improve their internal oversight.'

    Evans also objected to GAO's recommendation that OMB consolidate the Management Watch List with the quarterly high-risk reports.

    GAO proposed this recommendation last year, and in its report stated that maintaining a central repository would give the administration a clearer picture.
    'We disagree with your assessment that an aggregated governmentwide list is necessary for OMB to perform adequate oversight and management,' Evans said. '[T]he intent of the policy is to ensure agency and oversight authority efforts result in improved execution and performance. OMB uses the high-risk reports in the larger context of OMB's budget and program oversight processes.'


    • Records management: Look beyond the NARA mandates

      Pandemic tests electronic records management

      Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

    • boy learning at home (Travelpixs/

      Tucson’s community wireless bridges the digital divide

      The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

    Stay Connected