GAO to Census: Get specific in those 2020 risk management plans
As the next decennial count of the U.S. population draws closer, anything that could jeopardize the Census Bureau’s work is drawing more scrutiny, and the agency’s risk management plan is at the heart of that process.
Per a Government Accountability Office report released on Friday, however, the Bureau’s plan doesn’t always include the information necessary to control or respond to the risks that the agency identifies.
In December 2018, the Census Bureau identified a total of 360 active risks to the 2020 count. The list included all kinds of things, from address canvasing to language capabilities and more. The two areas of greatest risk — with 44 and 37 items, respectively — are “systems engineering and integration” and IT infrastructure.
The GAO was pleased to find that the Census Bureau has contingency and mitigation plans for “most” of the identified risks. However, when the watchdog agency reviewed the plans for six chosen risks, it found that the plans “did not consistently include key information needed to manage them.”
These bits of “key information” include things like a monitoring plan, start and completion dates, an identified individual responsible, a clearly defined “trigger” for when contingency plans should be put into action and more. GAO called the Bureau’s work thus far in laying out this key information “mixed.”
“For two attributes — activity start and completion dates and activity implementation status — we found the Bureau generally included the relevant information across the six selected mitigation plans, which should help ensure that activities are carried out in a timely manner and that agency officials and stakeholders are informed and assured that the risks are being effectively managed,” the report states. “On the other hand, none of the mitigation or contingency plans included a monitoring plan, which would help the Bureau to track whether plans are working as intended.”
GAO makes seven recommendations in its report, including that the Census Bureau add necessary specifics to its risk mitigation and contingency plans and that the agency hold relevant parties accountable for completing their needed risk management activities.
The debate over the readiness and security of the 52 new or legacy IT systems that will be used in the 2020 census has been an ongoing saga. In April, GAO told Congress that “significant work” remains for the Bureau to address cybersecurity and IT challenges. In February 2017, GAO added the 2020 count to its high-risk list.
The Census Bureau, meanwhile, has said that its systems performed well during the 2018 end-to-end test and are now being made ready for prime time.