WIXLIB

time, OMB launched the IT Dashboard website in 2009. The federalgovernment also established OMB’s U.S. Digital Service (USDS) and theGeneral Services Administration’s (GSA) 18F programs in 2014 to helpaddress agencies’ troubled IT efforts. 4 Both programs have similarmissions of improving public-facing federal digital services, such as onlineforms and benefits applications on federal agencies’ websites and mobileapplications. 5The Modernizing Government Technology Act of 2017 included aprovision for GAO to assess the number of IT procurement, development,and modernization programs, offices, and entities in the federalgovernment, including USDS and 18F. 6 The provision also called for us toassess the extent to which they duplicate work. 7Our specific objectives for this review were to (1) describe theprocurement, development, and modernization investments identified onthe federal IT Dashboard; (2) summarize prior GAO recommendationsand current implementation status on IT duplication and managementroles and responsibilities; and (3) determine the extent to which USDSand 18F coordinate IT services to avoid overlap and duplication.4SeeGAO, Digital Service Programs: Assessing Results and Coordinating with ChiefInformation Officers Can Improve Delivery of Federal Projects, GAO-16-602 (Washington,D.C.: Aug. 15, 2016).5OMBdefines digital services as the delivery of digital information (data or content) andtransactional services (e.g., online forms and benefits applications) across a variety ofplatforms, devices, and delivery mechanisms (e.g., websites, mobile applications, andsocial media).6Thename of the 18F program refers to its office location, which is in northwestWashington, D.C., at 18th and F Streets.7ModernizingGovernment Technology provisions of the National Defense AuthorizationAct for Fiscal Year 2018, Pub. L. No. 115-91, Div. A, Title X, Subtitle G, 131 Stat. 1283,1568 (2017), 41 U.S.C. 11301 note. The provision for the GAO assessment is at sec.1078(b)(7)(B)(iv), 131 Stat. 1591, 1592.Page 2GAO-22-104492 Information Technology

To address the first objective, we analyzed the investments reported by26 agencies on the IT Dashboard for fiscal year 2021. 8 In doing so, weidentified and summarized the 7,806 IT investments that agencies hadreported on the dashboard, by IT portfolio categories and investmenttypes.Specifically, we determined the total number of investments and plannedfiscal year 2021 spending reported across all of the 26 agencies for eachof the three portfolio categories and five investment types, according toOMB’s guidance for fiscal year 2021 IT budget reporting. We alsodetermined the total number of investments reported by each agency,and the number of investments each agency reported by investment type,according to OMB’s guidance—non-major, standard IT infrastructure,major, funding transfer, or non-standard infrastructure.In addition, we summarized the number of investments and plannedspending that agencies reported by service category, according to thedashboard data. Specifically, agencies used the Business ReferenceModel, which is part of OMB’s Federal Enterprise Architecture, to classifyeach investment by service category to describe how the federalgovernment uses or intends to use the investment. OMB’s model has 225service categories. We determined the 25 service categories with thehighest number of investments reported across all investment types andagencies, as well as the 25 service categories with the highest amount ofplanned fiscal year 2021 spending.We also determined the service categories with the highest number ofinvestments and highest planned spending for the investments reportedby the 26 agencies as a major investment type. 9 Finally, we determinedthe five service categories with the highest amount of planned spending8The26 federal agencies are the Departments of Agriculture, Commerce, Defense,Education, Energy, Health and Human Services, Homeland Security, Housing and UrbanDevelopment, Justice, the Interior, Labor, State, Transportation, the Treasury, VeteransAffairs; the Environmental Protection Agency; the General Services Administration; theNational Aeronautics and Space Administration; National Archives and RecordsAdministration; National Science Foundation; Nuclear Regulatory Commission; Office ofPersonnel Management; Small Business Administration; Social Security Administration;U.S. Agency for International Development; and the U.S. Army Corps of Engineers.9Accordingto OMB guidance, major investments are mission delivery or mission supportinvestments that require special management attention because of their importance to themission or function of the government; significant program or policy implications; highexecutive visibility; high development, operating, or maintenance costs; or unusual fundingmechanism; or because they are otherwise defined as major by the agency.Page 3GAO-22-104492 Information Technology

reported on the dashboard, across all investments and agencies, for (1)development, modernization, and enhancement of new systems orcapabilities; and (2) operations and maintenance of existing systems orcapabilities.To address the second objective, we identified prior GAO reports whichfocused on IT development or acquisition efforts that were governmentwide in scope or that involved multiple federal agencies. We reviewed thefindings and recommendations in these reports to identify thoserecommendations that we made to OMB or federal agencies to addressissues related to (1) efforts to avoid duplicative IT or (2) IT managementroles and responsibilities. We identified 16 reports that GAO issued from2011 through 2020 with a total of 392 relevant recommendations.We then identified the number of recommendations to address issuesrelated to duplicative IT and IT management roles and responsibilities,and the number of agencies that received the recommendations in eachof these reports. Next, we determined the current status of agencies’implementation of these recommendations, as of October 2021, andsummarized the number of recommendations not yet implemented, andthe number of agencies that had not yet implemented therecommendations.To address the third objective, we compared the coordination activities ofUSDS and 18F to avoid overlap and duplication with leading collaborationpractices, according to our prior work on managing fragmentation,overlap, and duplication. 10 We also used the steps recommended byGAO’s fragmentation, overlap, and duplication evaluation guide to identifywhether there was any fragmentation, overlap, or duplication in USDS’sand 18F’s activities. 11 We also considered control activities related to twokey internal control principles when USDS and 18F had not addressedleading collaboration practices to avoid duplication. The key internalcontrol principles are that management should (1) design control activities10GAO,Results-Oriented Government: Practices That Can Help Enhance and SustainCollaboration among Federal Agencies, GAO-06-15 (Washington, D.C.: Oct. 21, 2005)and Fragmentation, Overlap, and Duplication: An Evaluation and Management Guide,GAO-15-49SP (Washington, D.C.: Apr. 14, 2015).11GAO-15-49SP.Page 4GAO-22-104492 Information Technology

to achieve objectives and respond to risks and (2) implement controlactivities through policies. 12First, we reviewed USDS and 18F documents and websites and our priorreport on these programs 13 to identify their mission, roles, responsibilities,and goals. Based on this review, we determined that the two programsengage in three common activities. Each of the programs works withagencies on IT projects; recruits and hires IT experts; and plans,develops, and issues IT guidance.For each of these activities, we interviewed USDS and 18F officials ontheir efforts to coordinate with each other, and analyzed relevantdocumentation. We then compared the efforts to leading collaborationpractices, according to our prior work. Specifically, we assessed theextent to which these entities had developed ways for operating acrossagency boundaries, identifying opportunities to address resource needsand leverage each other’s resources, and documented their commitmentto work collaboratively. 14We also obtained and reviewed USDS’s and 18F’s complete project lists,as of February 2021, to identify any potentially duplicative work. Weidentified potentially duplicative work if both lists included projects withsimilar project names. In cases where we identified potentially duplicativework, we reviewed additional information from 18F, such as the program’sinteragency agreements describing the project, and from USDS, such asreports on its projects, to determine if the work was actually duplicative.To assess the extent to which USDS and 18F have coordinated to recruitand hire IT experts, we interviewed USDS and 18F officials about theirefforts, and obtained and reviewed supporting documentation, whichincluded a USDS June 2021 candidate referral report. We compared theefforts to leading collaboration practices, according to our prior work,which calls for programs to establish ways to operate across agencyboundaries and identify opportunities to address resource needs.Additionally, we reviewed USDS’s and 18F’s guidance documentspublished on their respective websites, as of March 2021; we categorized12GAO,Standards for Internal Control in the Federal Government, GAO-14-704G(Washington, D.C.: Sept. 10, 2014).13GAO-16-602.14GAO-06-15.Page 5GAO-22-104492 Information Technology

the documents according to topic, such as guiding principles, acquisitionof digital services using agile methods, and agile development. We thencompared the purpose and contents of the documents to identify anyoverlap or duplication. A more detailed description of our objectives,scope, and methodology can be found in appendix I.We conducted this performance audit from August 2020 to December2021 in accordance with generally accepted government auditingstandards. Those standards require that we plan and perform the audit toobtain sufficient, appropriate evidence to provide a reasonable basis forour findings and conclusions based on our audit objectives. We believethat the evidence obtained provides a reasonable basis for our findingsand conclusions based on our audit objectives.BackgroundFederal IT DashboardOMB launched the IT Dashboard website in 2009 to provide federalagencies, the public, and other stakeholders the ability to view details offederal IT investments and track their progress over time. OMB requiresagencies to report their IT budget data to OMB, which releases certain ITbudget data publicly on the dashboard. We have previously reported thatthe IT Dashboard addresses a requirement in FITARA for OMB andagencies to make publicly available detailed information on federal ITinvestments. 15According to OMB guidance for fiscal year 2021 IT budget reporting,agencies were required to categorize their investments in several differentways. For example, agencies were to assign each of their investments toone of three IT portfolio categories. IT infrastructure, security, and management. Investments relatedto IT security and compliance; IT management; provisioning of anenterprise-wide network; data center or cloud computing capability; orend user capability, among others. Mission delivery. Investments that directly support the delivery of theagency’s mission.1540 U.S.C. 11302(c)(3)(A). GAO-16-494, IT Dashboard: Agencies Need to Fully ConsiderRisks When Rating Their Major Investments (Washington, D.C.: June 2, 2016).Page 6GAO-22-104492 Information Technology

Mission support services. Investments that support activitiescommon across all agencies such as financial management, humanresources, contracting, travel, and grants management.Further, agencies were to select one investment type for each of theirinvestments, and the investment type depended on the assigned portfoliocategory. For IT infrastructure, security, and management investments,agencies were to select one of two investment types: standard ITinfrastructure or funding transfer. For mission delivery and missionsupport services investments, agencies were to select one of fourinvestment types: funding transfer, major, migration, or non-major. Standard IT infrastructure. Investments for IT goods and servicesthat are common to all agencies and not mission-specific. Funding transfer. Contributions made by an agency to anotheragency’s IT investment. Major. IT investments that require special management attentionbecause of their importance to the mission or function of thegovernment; significant program or policy implications; high executivevisibility; high development, operating, or maintenance costs; orunusual funding mechanism; or because they are otherwise definedas major by the agency. Migration. Costs associated with systems in a partner agency thatare not captured by the lead agency, when the partner agency ismigrating to the lead agency’s shared service system. Non-major. Investments that do not fit into one of the otherinvestment types.OMB’s IT budget reporting guidance also required agencies to classifyeach investment listed on the dashboard using the Business ReferenceModel, which is part of OMB’s Federal Enterprise Architecture. 16 Themodel is a three-layered taxonomy consisting of: (1) ten mission sectors(e.g., Defense and Security, Environmental and Natural Resources, andGeneral Government); (2) 40 business functions (e.g., Homeland SecurityIntelligence Operations, Water Resources, and Support Delivery ofFederal Services); and (3) 225 services (e.g., Command and Control,Water Resource Management, and Provide and Maintain IT16Accordingto OMB, the Federal Enterprise Architecture is intended to help identifyduplicative IT investments, gaps, and opportunities for collaboration, interoperability, andintegration within and across agency programs.Page 7GAO-22-104492 Information Technology

Infrastructure). The IT Dashboard contains data related to the serviceslayer, which is the most detailed layer and describes how the federalgovernment uses or intends to use the investment (i.e., the investment’spurpose).In addition, agencies were to identify planned spending on development,modernization, and enhancement of new systems or capabilities for eachof their IT investments reported on the IT Dashboard. Agencies were alsoto identify planned spending on operations and maintenance of existingsystems or capabilities.IT Management Roles andResponsibilitiesAs part of their effort to reform the government-wide management of IT,Congress and the President enacted FITARA in December 2014. 17 Thelegislation was to improve covered agencies’ acquisitions of IT andenable Congress to monitor agencies’ progress and hold themaccountable for reducing duplication and achieving cost savings. 18FITARA established roles and responsibilities for the Chief InformationOfficers (CIO) of covered agencies. 19 Specifically: The CIO is to have a significant role in the decision processes for allannual or multi-year planning, programming, budgeting, and executiondecisions; related reporting requirements; and reports related to IT;and in the management, governance, and oversight processes relatedto IT.17Carl Levin and Howard P. ‘Buck’ McKeon National Defense Authorization Act for FiscalYear 2015, Pub. L. No. 113-291, Div. A, Title VIII, Subtitle D, 128 Stat. 3292, 3438-3450(Dec. 19, 2014).18The FITARA provisions generally apply to the agencies covered by the Chief FinancialOfficers Act of 1990, 31 U.S.C. § 901(b), except for limited application to the Departmentof Defense. The covered agencies are the Departments of Agriculture, Commerce,Defense, Education, Energy, Health and Human Services, Homeland Security, Housingand Urban Development, Justice, Labor, State, the Interior, the Treasury, Transportation,and Veterans Affairs; the Environmental Protection Agency, General ServicesAdministration, National Aeronautics and Space Administration, National ScienceFoundation, Nuclear Regulatory Commission, Office of Personnel Management, SmallBusiness Administration, Social Security Administration, and U.S. Agency for InternationalDevelopment.19Carl Levin and Howard P. ‘Buck’ McKeon National Defense Authorization Act for FiscalYear 2015, Pub. L. No. 113-291, Div. A, Title VIII, Subtitle D, 128 Stat. 3439, 3440 (Dec.19, 2014). The FITARA provisions generally have limited applicability to DOD.Page 8GAO-22-104492 Information Technology

The agency may not enter into an IT contract or agreement withoutthe review and approval of the agency’s CIO. The duties of the CIO are not delegable, unless related to a non-majorIT acquisition. In such a situation, the CIO may delegate theirresponsibilities to a subordinate who reports directly to them. The agency is to review its IT investment portfolio annually in order to,among other things, increase efficiency and effectiveness and identifypotential waste and duplication.In June 2015, OMB released guidance, which expanded upon FITARAwith regard to CIOs’ review and approval of IT contracts and to identifyingand reducing waste in agencies’ IT portfolios. 20 Specifically, according tothe guidance:USDS’s Mission, Roles,Responsibilities, Goals,and Organization CIOs can designate other agency officials to act as theirrepresentatives, but the CIOs must retain accountability; Chief Acquisition Officers are responsible for ensuring that all ITcontract actions are consistent with CIO-approved acquisitionstrategies and plans; Chief Acquisition Officers are to indicate to the CIOs when plannedacquisition strategies and acquisition plans include IT; and CIOs are to hold PortfolioStat sessions on a quarterly basis with OMBand other attendees to discuss and update a multi-year strategy toidentify and reduce duplication and waste within the agency’s ITportfolio.In 2014, the President established USDS within OMB, to improve thefederal government’s most important public-facing digital services. 21 Itsmission is to deliver better government services to the American peoplethrough technology and design. According to OMB, USDS applies bestpractices in product design and engineering to improve the usefulness,user experience, and reliability of the most important public-facing federaldigital services.20OMB, Management and Oversight of Federal Information Technology, Memorandum M15-14 (Washington, D.C.: June 10, 2015).21OMBdefines digital services as the delivery of digital information (data or content) andtransactional services (e.g., online forms and benefits applications) across a variety ofplatforms, devices, and delivery mechanisms (e.g., websites, mobile applications, andsocial media).Page 9GAO-22-104492 Information Technology

USDS is an OMB office led by an Administrator and DeputyAdministrator, who report to the Deputy Director of Management andBudget. As of April 2021, USDS had 180 employees. Additionally, OMBestablishes teams of detailed personnel at agencies that have longerterm engagements with USDS. OMB considers these agency digitalservice teams to be extensions of its USDS office. As of February 2021,USDS had digital service teams detailed at three agencies—theDepartments of Health and Human Services, Homeland Security, andVeterans Affairs. 22USDS has four goals: Transform critical public-facing services. Rethink how the federal government buys digital services. Expand the use of common platforms, services, and tools. Bring top technical talent into public service. 23To carry out i

Table 6: Fiscal Year (FY) 2021 Information Technology (IT) Spending Reported on the IT Dashboard, by Investment Service Category 19 Table 7: Number and Percent of Major Information Technology (IT) Investments Reported on the IT Dashboard, by Service Category, in Fiscal Year (FY) 2021 20 Table 8: Planned Fiscal Year (FY) 2021 Major Information