Why GAO Did This Study
“Each year, the federal government invests over $90 billion in IT. Even so, IT investments have too often failed or contributed little to mission-related outcomes. Increasingly sophisticated threats and frequent cyber incidents also underscore the need for effective information security. To focus attention on these concerns, GAO has included both the management of IT acquisitions and operations and cybersecurity on its high-risk list…”
What GAO Found
“Federal agencies and the Office of Management and Budget (OMB) have taken steps to improve the management of information technology (IT) acquisitions and operations and ensure the nation’s cybersecurity through a series of initiatives. As of July 2020, federal agencies had fully implemented 64 percent of the 1,376 IT management-related recommendations that GAO has made to them since fiscal year 2010. Likewise, agencies had implemented 79 percent of the 3,409 security-related recommendations that GAO has made since fiscal year 2010. However, significant actions remain to be completed to build on this progress.”
- “Chief Information Officer (CIO) responsibilities. Laws such as the Federal Information Technology Acquisition Reform Act (FITARA) and related guidance assign 35 key responsibilities to agency CIOs to help address longstanding IT management challenges. In August 2018, GAO reported that none of the 24 selected agencies had established policies that fully addressed the role of their CIO. GAO recommended that OMB and the 24 agencies take actions to improve the effectiveness of CIOs’ implementation of their responsibilities. Although most agencies agreed or did not comment, only four of the 27 recommendations have been implemented.”
- “CIO IT acquisition review. According to FITARA, covered agencies’ CIOs are required to review and approve IT contracts. Nevertheless, in January 2018, GAO reported that most of the CIOs at 22 covered agencies were not adequately involved in reviewing billions of dollars of IT acquisitions. Since then, agencies implemented 29 out of 39 recommendations made to improve CIO oversight for these acquisitions. Implementing the remaining 10 could increase CIOs’ authority and improve the management of IT contracts…”
What GAO Recommends
“Since fiscal year 2010, GAO has made 1,376 recommendations to OMB and agencies to address shortcomings in IT acquisitions and operations, as well as 3,409 recommendations to agencies to improve the security of federal systems. These recommendations addressed, among other things, implementation of CIO responsibilities, oversight of the data center consolidation initiative, management of software licenses, and the efficacy of security programs. Implementing these recommendations is essential to strengthening federal agencies’ IT acquisitions, operations, and cybersecurity efforts…”
Access the full 38-page report here.
Source: Federal Agencies and OMB Need to Continue to Improve Management and Cybersecurity – August 3, 2020. GAO.
