Why you can’t decide (And what to do about it)
May 27, 2016
Commentary: The rapidly changing digital world can leave tech executives feeling overwhelmed when they're faced with charting the course of their company's cybersecurity strategy.
David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.
Federal agencies need to strengthen oversight of the $54 billion it spends annually on operations and maintenance of information technology investment, the Government Accountability Office said in a new report.
Of the $79 billion federal agencies budgeted for IT in 2011, $54 billion (about 69 percent) was reported to have been spent on the operations and maintenance of existing legacy IT systems commonly referred to as steady state investments.
Office of Management and Budget guidance calls for agencies to develop an operational analysis policy and perform such analyses annually to ensure steady state investments continue to meet agency needs. The guidance also includes 17 key factors, such as cost, schedule, customer satisfaction and innovation, that are to be assessed.
The GAO reviewed five federal agencies to see the extent to which each carried out these tasks.
The Departments of Homeland Security and Health and Human Services developed a policy that included all OMB assessment factors and performed OAs. However, they did not include all investments and key factors. In particular, DHS analyzed 16 of its 44 steady state investments, meaning 28 investments with annual budgets totaling $1 billion were not analyzed. HHS analyzed seven of its eight steady state investments.
According to GAO, the Departments of Defense, Treasury and Veterans Affairs did not develop a policy and did not perform analyses on their 23 major steady state investments with annual budgets totaling $2.1 billion. DOD and VA officials said that they did not have a policy or perform analyses because they measure the performance of steady state investments via development of plans and business cases submitted to OMB as part of the budget process.
Treasury officials stated that they did not to perform OAs in 2011 and instead decided to use the time to develop a policy. However, the officials stated that they did not anticipate the policy to be completed until the end of this calendar year, GAO said.