Information Technology
Departmental Leadership Crucial to Success of Investment Reforms at Interior Gao ID: GAO-03-1028 September 12, 2003The Department of the Interior is responsible for diverse and complex missions ranging from managing America's public lands, mineral and water resources, and wildlife to providing satellite data to the military and scientific communities. To fulfill these responsibilities, Interior invests over $850 million annually--about 6 percent of its total annual budget--in communications and computing projects and systems. Interior's Office of the Secretary and its Chief Information Officer (CIO) are responsible for overseeing processes for managing these investments to ensure that funds are expended in the most cost-effective way in support of the agency's mission needs. GAO was asked to evaluate (1) departmental capabilities for managing the agency's information technology (IT) investments and (2) the department's actions and plans to improve these capabilities.
The Department of the Interior has limited capability to manage its IT investments. Based on GAO's IT Investment Management (ITIM) Framework, which measures the maturity of an organization's investment management processes, the department is carrying out few of the activities that support critical foundational processes. As an initial step to improve its investment management capability, the department has issued a Capital Planning and Investment Control Guide, which describes its approach to IT investment management. However, it has thus far implemented few of the processes described in its own guide. In addition, it has yet to develop an adequate approach to identify existing projects and systems. In order to ensure strong investment management at all levels, the department has also specified a requirement for certifying bureau-level investment processes, but certification has not yet begun. Finally, in order to strengthen the CIO's ability to manage IT investments at all levels, the Secretary of the Interior has issued an order establishing the authority of the bureau-level CIOs; however, the order has not been fully implemented. In order to improve investment management processes, an organization needs to develop and implement a coherent plan, supported by senior management, which defines and prioritizes enhancements to its investment processes. While Interior has undertaken a number of initiatives designed to improve its investment management processes, the department has not yet developed a unified, comprehensive plan to achieve its objective of establishing effective investment management processes, nor has it committed the resources to successfully implement the necessary reforms. Without a well-defined process improvement plan and controls for implementing it, Interior will continue to be challenged in its ability to make informed and prudent investment decisions.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-03-1028, Information Technology: Departmental Leadership Crucial to Success of Investment Reforms at Interior
This is the accessible text file for GAO report number GAO-03-1028
entitled 'Information Technology: Departmental Leadership Crucial to
Success of Investment Reforms at Interior' which was released on
September 12, 2003.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Subcommittee on Interior and Related Agencies, Committee
on Appropriations, House of Representatives:
September 2003:
Information Technology:
Departmental Leadership Crucial to Success of Investment Reforms at
Interior:
[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-03-1028] GAO-03-
1028:
GAO Highlights:
Highlights of GAO-03-1028, a report to Chairman and Ranking Minority
Member of the Subcommittee on Interior and Related Agencies, House
Committee on Appropriations
Why GAO Did This Study:
The Department of the Interior is responsible for diverse and complex
missions ranging from managing America‘s public lands, mineral and
water resources, and wildlife to providing satellite data to the
military and scientific communities. To fulfill these
responsibilities, Interior invests over $850 million annually”about 6
percent of its total annual budget”in communications and computing
projects and systems. Interior‘s Office of the Secretary and its Chief
Information Officer (CIO) are responsible for overseeing processes for
managing these investments to ensure that funds are expended in the
most cost-effective way in support of the agency‘s mission needs. GAO
was asked to evaluate (1) departmental capabilities for managing the
agency‘s information technology (IT) investments and (2) the
department‘s actions and plans to improve these capabilities.
What GAO Found:
The Department of the Interior has limited capability to manage its IT
investments. Based on GAO‘s IT Investment Management (ITIM) Framework,
which measures the maturity of an organization‘s investment management
processes, the department is carrying out few of the activities that
support critical foundational processes (see table below). As an
initial step to improve its investment management capability, the
department has issued a Capital Planning and Investment Control Guide,
which describes its approach to IT investment management. However, it
has thus far implemented few of the processes described in its own
guide. In addition, it has yet to develop an adequate approach to
identify existing projects and systems. In order to ensure strong
investment management at all levels, the department has also specified
a requirement for certifying bureau-level investment processes, but
certification has not yet begun. Finally, in order to strengthen the
CIO‘s ability to manage IT investments at all levels, the Secretary of
the Interior has issued an order establishing the authority of the
bureau-level CIOs; however, the order has not been fully implemented.
In order to improve investment management processes, an organization
needs to develop and implement a coherent plan, supported by senior
management, which defines and prioritizes enhancements to its
investment processes. While Interior has undertaken a number of
initiatives designed to improve its investment management processes,
the department has not yet developed a unified, comprehensive plan to
achieve its objective of establishing effective investment management
processes, nor has it committed the resources to successfully
implement the necessary reforms. Without a well-defined process
improvement plan and controls for implementing it, Interior will
continue to be challenged in its ability to make informed and prudent
investment decisions.
What GAO Recommends:
To strengthen the department‘s investment management capability, GAO
recommends that the Secretary of the Interior direct Interior‘s CIO to
develop and implement a plan aimed at addressing the weaknesses
discussed in this report, including a timetable and specific
milestones for implementation of appropriate investment management
processes at all levels of the agency. In commenting on a draft of
this report, Interior concurred with GAO‘s recommendations.
www.gao.gov/cgi-bin/getrpt?GAO-03-1028.
To view the full product, including the scope and methodology, click
on the link above. For more information, contact Linda Koontz at (202)
512-6240 or koontzl@gao.gov.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
Scope and Methodology:
Interior's Capacity to Effectively Manage IT Investments Is Limited:
Department's Efforts to Improve Investment Management Processes and
Oversight Are Fragmented and Inadequate:
Conclusions:
Recommendations:
Agency Comments and Our Evaluation:
Appendixes:
Appendix I: Bureau Missions, Functions, and IT Investments:
Appendix II: Comments from the Department of the Interior:
Appendix III: GAO Contact and Staff Acknowledgments:
GAO Contact:
Acknowledgments:
Tables Tables:
Table 1: Stage 2 Critical Processes--Building the Investment
Foundation:
Table 2: Status of Stage 2 Critical Processes:
Table 3: Investment Board Operation:
Table 4: IT Project and System Identification:
Table 5: IT Project Oversight:
Table 6: Business Needs Identification:
Table 7: Proposal Selection:
Table 8: Stage 3 Critical Processes--Developing a Complete Investment
Portfolio:
Table 9: Status of Stage 3 Critical Processes:
Figures:
Figure 1: Interior's Organizational Structure:
Figure 2: The Five Stages of Maturity within ITIM:
Abbreviations:
ALMRS: Automated Land and Mineral Record System:
BIA: Bureau of Indian Affairs:
BLM: Bureau of Land Management:
CIO: Chief Information Officer:
CPIC: Capital Planning and Investment Control:
IT: Information Technology:
ITIM: Information Technology Investment Management:
MMS: Minerals Management Service:
NBC: National Business Center:
NPS: National Park Service:
OCIO: Office of Chief Information Officer:
OIG: Office of the Inspector General:
OMB: Office of Management and Budget:
OSM: Office of Surface Mining Reclamation and Enforcement:
PMB: Policy, Management and Budget:
SAIC: Science Applications International Corporation:
TAAMS: Trust Asset and Accounting Management System:
USBR: United States Bureau of Reclamation:
USFWS: United States Fish and Wildlife Service:
USGS: United States Geological Survey:
Letter September 12, 2003:
The Honorable Charles H. Taylor
Chairman
The Honorable Norman D. Dicks
Ranking Minority Member
Subcommittee on Interior and Related Agencies
Committee on Appropriations
House of Representatives:
The Department of the Interior is responsible for diverse and complex
missions ranging from managing America's public lands, mineral and
water resources, and wildlife to providing satellite data to the
military and scientific communities. To fulfill these responsibilities,
Interior invests over $850 million annually--about 6 percent of its
total annual budgetary resources--in communications and computing
projects and systems. The Secretary of the Interior and Interior's
Chief Information Officer (CIO) are responsible for overseeing
processes for managing these investments at all levels of the
organization to ensure that funds are expended in the most cost-
effective way in support of the agency's mission needs.
This report is one of two in response to your request that we evaluate
the Department of the Interior's information technology investment
management capabilities.[Footnote 1] As agreed with your offices, our
objectives were to evaluate (1) departmental capabilities for managing
the agency's information technology (IT) investments, including its
ability to effectively oversee bureau processes, and (2) the
department's actions and plans to improve these capabilities.
Results in Brief:
The Department of the Interior has limited capacity to effectively
manage its planned and ongoing IT investments. Over the past few years,
Interior has undertaken several initiatives to better understand its
current capabilities and to implement the organizational processes
required for the department to exercise its responsibility to select,
control, and evaluate IT investments. For example, the department has
issued a Capital Planning and Investment Control (CPIC) Guide, which
describes its approach to IT investment management. In addition, in
order to support the implementation of effective investment management
practices throughout the department, the Secretary has issued an order
aligning bureau CIOs with the department CIO and specifying that the
bureau CIOs will have authority over IT expenditures within their
bureaus. This order acknowledges that effective bureau processes are
necessary to support effective investment management throughout the
department. However, efforts to implement the CPIC Guide and the
secretarial order have not moved forward as specified in implementing
memoranda. Interior has much to accomplish before it can have
confidence that its mix of IT investments best meets its mission and
business needs.
* The first step toward establishing effective investment management is
to put in place foundational, project-level control and selection
processes. Interior has implemented few of these processes. While the
CPIC Guide describes the approach Interior intends to take, and the
department-level boards have begun operating, few other key practices
have been instituted at this time. Until processes are established that
enable executives to select and oversee investments using reliable
information, they cannot be assured that they are consistently
selecting and managing IT investments that meet Interior's needs and
priorities.
* The second major step toward effective investment management is to
continually assess proposed and ongoing projects as an integrated and
competing portfolio of investment options. Interior officials
acknowledge that the agency has made little progress in managing
investments as a complete portfolio. As a result, Interior executives
are unable to adequately assess the relative merits of investment
proposals and make trade-offs among options.
Interior has undertaken a number of initiatives designed to improve its
investment management processes; however, it has not coordinated these
efforts, nor has it assigned the resources to effectively carry them
out. Without a well-defined process improvement plan and controls for
implementing it, it is unlikely that the agency will establish a mature
investment management capability. As a result, Interior will continue
to be challenged in its ability to make informed and prudent investment
decisions in managing its IT investments to meet its mission
objectives.
To strengthen the department's investment management capability, we are
making a number of recommendations aimed at addressing the weaknesses
discussed in this report. In addition, we are recommending that the
department develop and implement a plan that includes (1) provisions to
improve investment management practices agencywide and (2) a timetable
and milestones for certifying bureau CPIC processes and for
implementing the secretarial order aligning CIO authorities and
responsibilities.
In commenting on a draft of this report, the Department of the Interior
concurred with our recommendations and identified actions that it plans
to take to improve IT investment management processes throughout the
department. Among other things, the department stated that it intends
to develop and implement a comprehensive plan, approved by its senior
investment decision-making board, to address specific weaknesses that
we identified in its foundational investment management practices and
to move to strengthen the role of the CIO in oversight and resource
allocation.
Background:
Interior Has Diverse Missions and IT Investments:
The Department of the Interior, created by Congress in 1849, is a
multitiered organization that currently employs approximately 70,000
people in about 2,400 locations throughout the United States. The
Secretary of the Interior heads the agency, which comprises
approximately 30 offices and committees and eight bureaus. Five
Assistant Secretaries support the Secretary of the Interior at the
department level. One of these is responsible for Policy, Management
and Budget. The others are responsible for mission-related matters
including Land and Minerals Management, Indian Affairs, Fish and
Wildlife and Parks, and Water and Science.
At the next level of the organization, eight bureaus,[Footnote 2]
aligned with these Assistant Secretaries, are responsible for achieving
Interior's diverse missions. Interior's missions include managing
approximately 500 million acres of land--about one-fifth of the total
U.S. land mass--and about 1.8 billion acres of the Outer Continental
Shelf; fulfilling the government's trust responsibility to American
Indians and Alaska Natives; conserving and protecting fish and
wildlife; offering recreational opportunities; managing the National
Park System; providing stewardship of energy and mineral resources;
fostering the sound use of land and water resources; helping with the
management of the National Fire Plan; ensuring the reclamation and
restoration of surface mining sites; and providing scientific
information on resource, natural hazard, and earth science issues.
Figure 1 shows how Interior is organized.
Figure 1: Interior's Organizational Structure:
[See PDF for image]
[End of figure]
Information technology (IT) investments play a vital role in Interior's
ability to fulfill its missions. Given the diversity of these missions
and operating environments, the character of these investments also
varies substantially. For example, the department uses a land mobile
radio infrastructure to support geographically dispersed public safety
and protection missions. These missions include law enforcement on
federal and tribal lands, urban and wildland firefighting, seismic
monitoring, wildlife tracking management of national parks, and water
reclamation activities. In contrast, Interior's Minerals Management
Service owns systems that track oil and gas production on public lands
and maintains records on royalties that are due to the federal
government and to American Indian tribes. Interior's bureaus and
associated program offices propose, fund, and manage these kinds of
investments, while certain departmental offices--such as the Offices of
Financial Management and Personnel Policy--propose and manage other
systems that support administrative functions. Interior's National
Business Center is responsible for managing and operating departmental
information systems on a fee-for-service basis and for providing other
kinds of administrative support, such as facilities management.
In fiscal year 2003, Interior invested over $850 million in IT--about 6
percent of its total budget. While the Secretary of the Interior has
the ultimate responsibility for managing these investments--including
overseeing and guiding the development, management, and use of
information resources and information technology throughout the
department--Interior's CIO is responsible for providing leadership and
oversight for IT investment management processes throughout the agency.
To that end, Interior's CIO serves as the chair of the department's IT
Management Council, which oversees "major" investments in IT.[Footnote
3] About 2,255 of Interior's staff of about 70,000 are classified as IT
professionals. Thirty-four staff provided direct support to the CIO in
the department's Office of the CIO during fiscal year 2003.
Appendix I provides additional information about each bureau's
missions, functions, staffing, and total expenditures on IT for fiscal
year 2003.
Reviews Identified Need for Improving IT Investment Management:
Prior reviews of IT projects performed at Interior over the past
decade--by GAO and the Office of Management and Budget (OMB) as well as
Interior's Office of the Inspector General (OIG)--have revealed
significant weaknesses in IT investment management practices at both
the department and the bureau levels. Over the last several years, we
have issued a series of reports on Interior's major IT investments and
associated management practices. In April and July of 1999, we reported
that Interior had not followed sound management practices in the early
stages of its effort to acquire the Trust Asset and Accounting
Management System,[Footnote 4] a system designed to manage Indian
assets and land records. We also reported that, as a result of poor
planning, Interior could not ensure that the system would meet
financial management needs cost effectively or mitigate system
development risks adequately. In September 2000, we reported that
Interior still needed to address significant remaining risks.[Footnote
5] Among other things, we recommended that Interior take steps to
strengthen its software development and acquisition processes and that
it regularly assess the progress being made in implementing this
system.
Between 1995 and 2001, we reported on Interior's efforts to acquire a
land and mineral case processing system called Automated Land and
Mineral Record System(ALMRS)/Modernization and raised concerns about
the Bureau of Land Management's (BLM) and the prime contractor's
abilities to complete, integrate, and test the new software system and
complete the current schedule.[Footnote 6] Among other things, we
recommended that BLM take steps to strengthen its IT investment
management processes and systems acquisition capabilities. ALMRS was
terminated in 1999, but many of the management weaknesses we had
identified remained. In 2000 and 2001, we reported that BLM had been
working to implement our recommendations, and we further recommended
that BLM develop a plan to integrate all of the corrective actions
necessary to implement our recommendations and establish a schedule for
completing them.
In August 2002, Interior's OIG reported that the department did not
have a process to ensure that IT capital investments or projects
focused on departmental mission objectives or federal government goals
and initiatives--principally because of its decentralized approach to
IT investment management.[Footnote 7] The OIG further stated that only
20 investment projects--representing over 24 percent of the total--were
subject to departmental review and approval in fiscal years 2002 and
2003 through submission of capital asset plans. Therefore, about $1
billion in Interior IT investment projects were not subject to
department-level review and approval during those 2 years.
Consistent with these reports, OMB reported in the President's fiscal
year 2003 budget that Interior was putting large sums of public funds
at high risk for failure and that it had not complied with applicable
legislative requirements that were established in the Paperwork
Reduction Act of 1995 and the Clinger-Cohen Act of 1996.[Footnote 8]
OMB also reported that the department had not been able to adequately
identify major projects within its IT portfolio or to demonstrate
through adequate business cases the need for all of the major projects
that it did identify. In addition, out of the 23 federal agencies
included in the fiscal year 2003 budget supplemental document entitled
Performance Information for Major IT Investments, the Department of the
Interior was one of only two agencies that were unable to provide the
type of information on the actual performance of their IT investments.
In the Presidentís fiscal year 2004 budget, OMB reported that Interior
had made significant strides toward more fully identifying its IT
investments and strengthening the business cases that it developed for
major IT projects, although 20 of its 35 initial submissions remained
on OMB's at-risk list.[Footnote 9]
Information Technology Investment Management Maturity Framework:
Our IT Investment Management (ITIM) maturity framework,[Footnote 10]
issued in May 2000, is a useful tool that can help Interior to improve
its IT investment management capabilities. The ITIM framework can be
used to determine both the status of an agency's current IT investment
management capabilities and what additional steps need to be taken to
put more effective processes in place. The ITIM framework establishes a
hierarchical set of five maturity stages. Each stage builds upon the
lower stages and represents increased capabilities toward achieving
both stable and effective (and thus mature) IT investment management
processes. Except for the first stage--which largely reflects ad hoc,
undefined, and undisciplined decision and oversight processes--each
maturity stage is composed of critical processes that are essential to
satisfying the requirements of that stage. These critical processes are
defined by key practices that include organizational commitments (e.g.,
policies and procedures), prerequisites (e.g., resource allocation),
and activities (e.g., implementing procedures). Key practices are the
specific conditions that must be in place and tasks that must be
performed for an organization to effectively implement the necessary
critical processes.
Figure 2 shows the five ITIM stages and a brief description of each
stage.
Figure 2: The Five Stages of Maturity within ITIM:
[See PDF for image]
[End of figure]
While the ITIM framework defines critical processes and key practices
in general terms, our work at multitiered organizations, such as the
Postal Service and the Department of Justice,[Footnote 11] showed that
specific roles and responsibilities may vary by organizational tier.
For example, in such organizations, department-level management has
overall responsibility for a process, while component-level management
is responsible for ensuring that applicable requirements defined by the
department are met and that operational units such as program offices
take primary responsibility for performing the day-to-day activities
that are described by ITIM, in accordance with management expectations.
In such an environment, the presence of well-established and managed
processes at lower levels of the organization can provide a level of
assurance to the department concerning the quality and reliability of
proposals for new investments, information reported on the actual
performance of projects, and budget requests.
In an agency like Interior, in which organizations at different levels
execute various aspects of IT investment management, it is essential
that top agency management establish and oversee processes throughout
the agency to ensure that effective investment management practices are
being adhered to. Over the past decade, Congress has enacted a series
of laws that require centralized management and performance reporting
to ensure that agencies can demonstrate that they are making the best
funding decisions to support their mission needs. The Clinger-Cohen Act
of 1996 specifically requires that the head of each agency designate a
CIO to implement a process that maximizes the value and assesses and
manages the risk of IT investments. Under the Clinger-Cohen Act, the
Department of the Interior's CIO has the ultimate responsibility for
ensuring the cost-effectiveness of decisions made by program managers
to expend funds on IT in support of the agency's mission needs.
Therefore, even though individual bureaus have CIOs or similar
officers, the department's CIO must monitor and evaluate the
performance of its IT investment portfolio as a whole and report to the
Secretary on compliance with applicable laws and policies.
Scope and Methodology:
To determine the department's capabilities for managing its information
technology (IT) investments, including its ability to effectively
oversee bureau processes, we used several different criteria. To
evaluate the underlying investment management processes we used our
Information Technology Investment Management: A Framework for Assessing
and Improving Process Maturity, Exposure Draft (ITIM
Framework).[Footnote 12] We applied the framework as it is described in
the exposure draft, except that we used a revised version of the IT
Asset Inventory critical process, called IT Project and System
Identification, after discussion with departmental officials at the
beginning of this engagement. This revised critical process has been
used in our evaluations since June 2001. At the start of our
evaluation, we requested that the department conduct a self-assessment
using the ITIM as criteria. Using this self-assessment and the
supporting documentation as a starting point, we worked with Interior
officials to further support their conclusions. Based on the
department's acknowledgement that it had only executed two of the key
practices in Stage 3, we did not independently assess the capabilities
at this stage or at Stages 4 and 5 of the framework. In our evaluation,
an ITIM key practice was rated as "executed" only when we found
sufficient evidence that the practice was already in place at the time
of the review. We rated all other key practices as "not executed.":
To gain additional insight into the department's ability to oversee its
components' IT investment management processes, we reviewed
documentation and conducted interviews on the department's efforts to
put the necessary management structures in place, whether the
department had clearly defined what was expected of the bureaus, and
whether it held the bureaus accountable to the necessary standards. In
order to evaluate the success of the department's oversight activities,
we also assessed the capabilities of Interior's components. To
determine the capabilities of the components, we collected
documentation describing bureau CPIC and investment management
processes and spoke with responsible officials at eight bureaus (the
Bureau of Indian Affairs, the Bureau of Land Management, the Bureau of
Reclamation, the Minerals Management Service, the National Park
Service, the Office of Surface Mining Reclamation and Enforcement, the
U.S. Fish and Wildlife Service, and the U.S. Geological Survey) and the
National Business Center.
To assess Interior's plans for improving its IT investment management
processes--including oversight of bureau processes--and to identify
potential barriers to their implementation, we obtained and evaluated
documents showing what management actions had been taken and what
initiatives had been planned by the department. In addition, we
interviewed officials in the Offices of Acquisition and Property
Management, Budget, and the Chief Information Officer.
We conducted our work at Interior's headquarters offices in Washington,
D.C; bureaus headquarters offices in Arlington, Virginia; Reston,
Virginia; and Lakewood, Colorado; and at the National Business Center
in Englewood, Colorado, from November 2002 through July 2003, in
accordance with generally accepted government auditing standards.
Interior's Capacity to Effectively Manage IT Investments Is Limited:
In order to have the capabilities to effectively manage IT investments,
a department should (1) have basic, project-level control and selection
practices in place and (2) manage its projects as a portfolio of
investments, treating them as an integrated package of competing
investment options and pursuing those that best meet the department's
strategic goals, objectives, and mission. These practices may be
executed at various organizational levels of the agency--including the
bureau level--although overall responsibility for their success remains
at the department level.
The Department of the Interior is executing only 7 of the 38 key
practices that are required by the ITIM framework to establish a
foundation for IT investment management and only 2 of the 38 key
practices required to manage investments as a portfolio. In addition,
the department's ability to oversee the successful implementation and
execution of the required practices is limited, although a number of
initiatives have been undertaken to address this issue. However,
efforts to implement the reform initiatives have not moved forward as
specified in implementing memoranda.[Footnote 13] Until Interior
successfully implements stable investment management practices
throughout the department, it will lack essential management controls
over its IT investments, and it will be unable to ensure that the mix
of investments it is pursuing is the best to meet the department's
strategic goals, objectives, and mission.
Department Demonstrates Few Capabilities for IT Investment Management:
At the ITIM framework's Stage 2 level of maturity, an organization has
attained repeatable, successful investment control processes and basic
selection processes at the project level. Through these processes, the
organization can identify expectation gaps early and take appropriate
steps to address them. According to the ITIM framework, critical
processes at Stage 2 include (1) defining investment board operations,
(2) collecting information about existing investments, (3) developing
project-level investment control processes, (4) identifying the
business needs for each IT project, and (5) developing a basic process
for selecting new IT proposals. Table 1 describes the purpose for each
of the Stage 2 critical processes.
Table 1: Stage 2 Critical Processes--Building the Investment
Foundation:
Critical process: IT investment board operation; Description: To define
and establish the governing board(s) responsible for selecting,
controlling, and evaluating investments.
Critical process: IT project oversight; Description: To regularly
determine each IT project's progress toward cost and schedule
milestones, using established criteria, and to take corrective actions
when milestones are not achieved.
Critical process: IT project and system identification; Description: To
create and maintain an IT project and system inventory to assist in
managerial decision making.
Critical process: Business needs; identification; Description: To
ensure that each IT program and project supports the organization's
business needs and meets users' needs.
Critical process: Proposal selection; Description: To ensure that an
established, structured process is used to select new IT proposals.
Source: GAO.
[End of table]
In a multitiered organization like Interior, the department is
responsible for providing leadership and oversight for foundational
critical processes by ensuring that written policies and procedures are
established, repositories of information are created that support IT
investment decision making, resources are allocated, responsibilities
are assigned, and all of the activities are properly carried out where
they may be most effectively executed. In such an organization, the CIO
is specifically responsible for ensuring that the organization is
effectively managing its IT investments at every level. If Interior's
bureaus do not have investment management processes in place that
adequately support the department's investment management process, its
CIO must take action to ensure that the department is expending funds
on IT investments that will fulfill its mission needs.
The department is executing 7 of the 38 key practices associated with
Stage 2 critical processes (or about 18 percent), primarily as a result
of issuing the IT and Construction Capital Planning and Investment
Control (CPIC) Guide in December 2002 and assigning responsibility for
IT investment management functions to three oversight boards. Among
other things, the CPIC Guide clearly describes the structure of the
department's IT investment review boards and how authority is to be
aligned among bureau-and department-level boards; it assigns
responsibility to the boards for its proposal selection process.
However, the department has not executed most of the crucial key
practices at the Stage 2 level. For example, information about the
expected and actual cost and schedule for Interior's IT projects, which
could form the basis for selection decisions, is not being provided to
the investment review boards. In addition, the department has few
capabilities for overseeing IT projects and ensuring that business
needs are adequately identified. Finally, in July 2003 Interior had not
yet implemented most of the investment management processes that it
describes in its CPIC Guide, and thus the members of its boards lacked
direct experience in the execution of ITIM critical processes.
Table 2 summarizes the status of the department's Stage 2 critical
processes, showing how many associated key practices the agency has
executed. The department's actions toward implementing each of the
critical processes are discussed in the sections that follow.
Table 2: Status of Stage 2 Critical Processes:
Critical process: IT investment board operation; Key practices
executed: 2; Total required by critical process: 6; Percentage of key
practices executed: 33.
Critical process: IT project and system identification; Key practices
executed: 0; Total required by critical process: 7; Percentage of key
practices executed: 0.
Critical process: IT project oversight; Key practices executed: 1;
Total required by critical process: 11; Percentage of key practices
executed: 9.
Critical process: Business needs identification; Key practices
executed: 2; Total required by critical process: 8; Percentage of key
practices executed: 25.
Critical process: Proposal selection; Key practices executed: 2; Total
required by critical process: 6; Percentage of key practices executed:
33.
Critical process: Cumulative; Key practices executed: 7; Total required
by critical process: 38; Percentage of key practices executed: 18.
Source: GAO.
[End of table]
Boards Are Operating but Have Limited Experience:
To help ensure executive management accountability and adequate
oversight for IT capital planning and investment decisions, an
organization should establish a governing board or boards with
responsibility for selecting, controlling, and evaluating IT
investments. According to the ITIM framework, effective operation of an
IT investment board requires, among other things, that (1) board
members have both IT and business knowledge, (2) board members
understand the investment board's policies and procedures and exhibit
core competencies in using the agency's IT investment policies and
procedures, (3) the organization's executives and line managers support
and carry out board decisions, (4) the organization develop
organization-specific process guidance that includes policies and
procedures to direct the board's operations, and (5) the investment
board operates according to written policies and procedures. (The full
list of key practices is provided later in table 3.):
The department is executing two of the six key practices needed for its
IT investment boards to operate effectively, as specified in the ITIM
framework. Interior's new CPIC Guide provides a conceptual framework
for the operation of IT investment boards and a description of a five-
phase investment process. It also specifies the membership of
Interior's IT investment boards in a way that should ensure the
integration of technical and business knowledge as well as the
appointment of senior-level executives to the boards.
In its new CPIC Guide, Interior provides a conceptual overview of the
department-and bureau-level review boards that are now responsible for
overseeing IT investments. At the department level, these boards and
their decision thresholds include the following:
* the Management Excellence Council, which is responsible for
validating recommendations made to it by the Management Initiatives
Team on IT investments;
* the Management Initiatives Team, which is responsible for reviewing,
evaluating, and approving investments that are expected to cost $35
million or more, and other investments that are otherwise considered to
be major; and:
* the IT Management Council, which is responsible for reviewing,
evaluating, and approving IT investments that are expected to cost
between $5 million and $35 million.
The Management Excellence Council, chaired by the Secretary of the
Interior and comprising Assistant Secretaries and bureau heads, was
created to provide leadership, direction, and accountability in meeting
the administration's goals and to provide overall direction for and
oversight of the department's management reform activities. Its IT
investment management activities include validating the Management
Initiatives Team's recommendations and recommending strategic
investments for the Secretary's approval. The Management Initiatives
Team, chaired by the Assistant Secretary for Policy, Management and
Budget and comprising Deputy Assistant Secretaries and Deputy Bureau
Directors, was established to support the Management Excellence Council
in its broad activities. In the context of IT investment management,
the Management Initiatives Team's responsibilities include
articulating investment strategy, validating scoring by the IT
Management Council, and resolving duplication of effort. The IT
Management Council, chartered in the CPIC Guide, is cochaired by the
department CIO and a rotating cochair who is elected by IT Management
Council annually; it is composed of the bureau CIOs and representatives
from several departmental offices. The IT Management Council is
responsible for scoring potential investments against a predetermined
set of criteria, maintaining the planning process and the investment
portfolio, and identifying duplication of effort.
The department has taken steps to ensure that investment boards are
established at the bureau level also. For example, Interior's CPIC
Guide requires that investment review boards be established by each of
its bureaus to provide oversight for IT investments that are funded by
Interior. This multilayered review of investments is designed to
increase the likelihood that Interior's IT investments will meet
mission needs.
However, at the time that we concluded our work in July 2003, the
department could not assert that board members exhibited core
competencies in using the IT investment approach because department
level boards had very limited experience with IT proposal selection
processes. Until the department implements an effective IT investment
board process that is well established and understood throughout the
agency, executives cannot be adequately assured that decisions made by
the boards are being well supported and carried out by its executives
and line managers or that each board is operating according to
established policies and procedures.
Table 3 summarizes our ratings for each key practice and the specific
evidence that supports the ratings.
Table 3: Investment Board Operation:
Type of practice: Organizational commitments;
Key practice: 1. An
organization-specific IT investment process guide is created to direct
each board's operations; Rating: Executed; Summary of evidence: The
department issued a Capital Planning and Investment Control Guide
(CPIC) Guide in December 2002 that defined department-and bureau-level
IT investment boards and specified their authorities, procedures,
membership, roles, and responsibilities.
Key practice: 2. Organization executives and line managers support and
carry out IT investment board decisions; Rating: Not executed; Summary
of evidence: The CPIC Guide describes a number of controls or processes
for ensuring that executives and line managers carry out the decisions
of the IT investment boards. These include entry and exit criteria for
five investment management phases defined in the CPIC Guide and a
description of how CPIC and budget processes are to be linked. However,
at the time of our review these boards had limited experience and their
activities focused on OMB budget reporting.
Type of practice: Prerequisites;
Key practice: 1. Adequate resources
are provided for operating each IT investment board; Rating: Not
executed; Summary of evidence: The department indicated in its self-
assessment that this key practice had not been executed.
Key practice: 2. Board members understand the investment board's
policies and procedures and exhibit core competencies in using the IT
investment approach through training, education, or experience;
Rating: Not executed; Summary of evidence: The department's IT
investment boards are composed of departmental and bureau office
executives who are capable of making investment board decisions.
However, at the time of this review, Interior's department-level boards
had limited experience with the processes described in its new CPIC
Guide.
Type of practice: Activities;
Key practice: 1. Each IT investment board
is created and defined with board membership integrating both IT and
business knowledge; Rating: Executed; Summary of evidence: Interior
has three department-level IT investment boards, including the IT
Management Council, the Management Initiatives Team, and the Management
Excellence Council. The IT Management Council reviews IT investments
from a technical perspective for all three boards, and its members
include both IT and business representatives. The Management
Initiatives Team includes representatives from the bureaus, as well as
the department's Offices of the Chief Information Officer, Financial
Management, and Planning and Performance Management. Finally, the
Management Excellence Council is made up of Assistant Secretaries
responsible for Interior's programs and the heads of its bureaus.
Key practice: 2. Each IT investment board operates according to written
policies and procedures in the organization-specific IT investment
process guide; Rating: Not executed; Summary of evidence: Although the
department issued a CPIC Guide in December 2002 that contains written
policies and procedures for the organization's IT investment management
process, Interior's IT investment boards had not yet fully implemented
these at the time of this review.
Source: GAO.
[End of table]
No Project and System Inventory Exists to Support Investment Decision
Making:
Agency boards, managers, and staff at all levels who are responsible
for decisions about IT investment management must have at their
disposal information about existing investments as well as new ones
that are being proposed. Besides the fundamental business justification
for each of the individual investments, decision makers must also
consider the interaction of each continuing or proposed project with
other projects that comprise the agency's overall IT environment. In
addition, opportunities to consolidate projects or systems and avoid
redundant investments may be found when proposals are evaluated in this
context. The information that could be used in this analysis includes
current and planned system functions, physical location, organizational
owners, and how funds are being expended toward acquiring, maintaining,
and deploying these assets.
A project and system inventory can take many forms and does not have to
be centrally located or consolidated. The guiding principles for
developing the inventory are that the information maintained should be
both accessible--located where it is of the most value to investment
decision makers--and relevant to the management processes and decisions
that are being made. In multitiered organizations, information from an
IT project and system inventory should be accessible and relevant to
the decision processes of boards at all levels of the organization that
are responsible for ITIM activities. An IT project and system inventory
is also essential to successfully implementing certain other critical
processes, including IT Project Oversight and Proposal Selection, and
developing a comprehensive IT investment portfolio.
According to the ITIM framework,[Footnote 14] organizations at the
Stage 2 level of maturity allocate adequate resources for tracking IT
projects and systems, designate responsibility for managing the project
and system identification process, and develop related written policies
and procedures. Resources required for this purpose typically include
managerial attention to the process; staff; supporting tools, such as
an inventory database; inventory reporting, updating, and query tools;
and a method for communicating inventory changes to affected parties.
Stage 2 organizations also maintain information on their IT projects
and systems in one or more inventories according to written procedures,
recording changes in data as required, and maintaining historical
records. Access to this information is provided on demand to decision
makers and other affected parties. (The full list of key practices is
provided in table 4.):
However, the department is not executing any of the seven key practices
in this critical process. It does not have any written standards or
existing repositories of information on Interior's IT investments that
meet ITIM standards, and it has not assigned responsibility or
allocated resources for this purpose. In April 2003, departmental
officials indicated that they are planning to use the Exhibit 53 report
they prepared for OMB as their IT project and system inventory.
However, according to the same officials, the current Exhibit 53 report
for Interior does not constitute a comprehensive list of its IT
investments. Moreover, this report does not include information on
actual project cost and schedule or other information needed to support
IT investment decisions.
Developing an adequate project and system inventory has only recently
become a priority at Interior. As a result, Interior's IT investment
boards do not currently have the information they need to make well-
informed decisions regarding selecting, controlling, and evaluating
investment decisions. Without information from such an inventory, the
department-and bureau-level boards cannot ensure that duplication among
existing and proposed IT investments is eliminated. In addition, the
boards cannot compare actual project performance with expectations and
determine whether corrective actions should be taken.
Table 4 summarizes our ratings for each key practice.
Table 4: IT Project and System Identification:
Type of practice: Organizational commitments;
Key practice: 1. The
organization has written policies and procedures for identifying its IT
projects and systems and collecting, in an inventory, information about
the IT projects and systems that is relevant to the investment
management process; Rating: Not executed; Summary of evidence: The
department indicated that it plans to use its Exhibit 53 report to OMB
as its IT project and system inventory. While the Exhibit 53 is
designed to list all of Interior's IT projects and systems, this report
does not contain sufficient information to constitute an IT project and
system inventory as described by the ITIM framework. Therefore, any of
the department's current policies and procedures on the Exhibit 53 do
not meet the requirements of this key practice.
Key practice: 2. An official is assigned responsibility for managing
the IT project and system identification process and ensuring that the
inventory meets the needs of the investment management process;
Rating: Not executed; Summary of evidence: Although the department has
assigned responsibility for preparing the Exhibit 53 to the Office of
the Budget, the Exhibit 53 does not provide sufficient information to
support the investment management process as described in the ITIM
framework.
Type of practice: Prerequisite;
Key practice: 1. Adequate resources are
provided for identifying IT projects and systems and collecting
relevant information into an inventory; Rating: Not executed; Summary
of evidence: The department indicated in its self-assessment that this
key practice had not been executed.
Type of practice: Activities;
Key practice: 1. The organization's IT
projects and systems are identified, and specific information about
them is collected in an inventory; Rating: Not executed; Summary of
evidence: The department indicated in its self-assessment that it
intends to merge several inventories of IT projects and systems into
the Exhibit 53 in order to develop a comprehensive list of investments.
However, the Exhibit 53 does not include all of the kinds of
information that are required to support IT investment management
decisions.
Key practice: 2. Changes to IT projects and systems are identified, and
change information is maintained in the inventory; Rating: Not
executed; Summary of evidence: The department does not have an adequate
inventory in which changes to information on IT projects and systems
can be identified.
Key practice: 3. Information from the inventory is available on demand
to decision makers and other affected parties; Rating: Not executed;
Summary of evidence: The department plans to use the Exhibit 53 as its
investment inventory, but this document does not include the necessary
information to constitute an adequate IT project and system inventory,
according to the ITIM framework.
Key practice: 4. The IT project and system inventory and its
information records are maintained to contribute to future investment
selections and assessments; Rating: Not executed; Summary of evidence:
The department does not maintain an IT project and system inventory
with records that could contribute to future IT investment board
decisions.
Source: GAO.
[End of table]
Department Lacks Fundamental Capabilities for IT Project Oversight:
According to the ITIM framework, effective project oversight requires,
among other things, (1) having written policies and procedures for
project management; (2) developing and maintaining an approved
management plan for each IT project; (3) having written policies and
procedures for oversight of IT projects; (4) making up-to-date cost and
schedule data for each project available to the oversight boards;
(5) reviewing each project's performance by regularly comparing actual
cost and schedule data to expectations; (6) ensuring that corrective
actions for each under-performing project are documented, agreed to,
implemented, and tracked until the desired outcome is achieved; and
(7) using information from the IT projects and systems inventory. (The
complete list of key practices is provided in table 5.) For all IT
projects, performance reviews should be conducted at least at each
major life cycle milestone. In an organization such as Interior, it is
essential that the department provide leadership and oversight of IT
project management even though the day-to-day management of IT
investments may be handled by bureau-level staff and the National
Business Center.
The department is executing 1 of the 11 key practices in this critical
process by operating department-level IT investment boards. However,
the other 10 key practices are not being executed, such as those
requiring the development of written policies and procedures for
project management or management oversight of IT projects. Moreover,
the department currently has no consistent way of knowing the extent to
which project management plans are being developed, approved,
maintained, and reviewed. As a result, the department has no mechanisms
for ensuring that up-to-date information on actual costs and schedule
are being provided to the IT investment boards. Finally, Interior lacks
an IT projects and systems inventory to capture performance information
that can be used by its boards in the investment decision process.
According to Interior officials, the department is not executing many
of the key practices for Stage 2 IT project oversight because it
currently relies on the bureaus to perform these management functions.
However, since the department has not developed policies and procedures
for the bureaus to follow in conducting IT project oversight, Interior
is running the risk that under performing projects will not be reported
to the appropriate IT investment board. In the absence of effective
board oversight, Interior executives do not have adequate assurance
that projects are being developed on schedule and within budget.
Table 5 summarizes our ratings for each key practice and the evidence
that supports the ratings.
Table 5: IT Project Oversight:
Type of practice: Organizational commitments;
Key practice: 1. The
organization has written policies and procedures for IT project
management; Rating: Not executed; Summary of evidence: The department
has not developed any written policies and procedures for IT project
management.
Key practice: 2. The organization has written policies and procedures
for management oversight of IT projects; Rating: Not executed; Summary
of evidence: The department has not developed any written policies and
procedures for management oversight of IT projects.
Type of practice: Prerequisites;
Key practice: 1. Adequate resources
are provided to assist the board(s) in overseeing IT projects; Rating:
Not executed; Summary of evidence: The department indicated in its
self-assessment that this key practice had not been executed.
Key practice: 2. Each IT project has and maintains an approved project
management plan that includes cost and schedule controls; Rating: Not
executed; Summary of evidence: The department does not have any
guidance or requirements for developing, approving, or maintaining IT
project plans to ensure that these exist and that they include cost and
schedule controls. The department also lacks a reporting mechanism to
determine which existing IT projects may now have such a plan.
Key practice: 3. An IT investment board is operating; Rating:
Executed; Summary of evidence: The department's IT Management Council,
Management Initiatives Team, and Management Excellence Council began
operating in support of the new CPIC processes in July 2002 and
reviewing Exhibit 300 reports for IT investments during the fiscal year
2004 budget formulation process.
Key practice: 4. Information from the IT project and system inventory
is used by the IT investment board as applicable; Rating: Not
executed; Summary of evidence: The department does not have an IT
project and system inventory.
Type of practice: Activities;
Key practice: 1. Each project's up-to-
date cost and schedule data are provided to the appropriate IT
investment board; Rating: Not executed; Summary of evidence: Up-to-
date cost and schedule data for all IT investments had not been
provided to the department's boards at the time of our review. The
boards did, however, receive information on major investments shown in
the Exhibit 300 reports that are prepared annually for OMB.
Key practice: 2. Using established criteria, the IT investment board
oversees each IT project's performance regularly by comparing actual
cost and schedule data to expectations; Rating: Not executed; Summary
of evidence: At the time of our review, Interior's IT investment boards
did not oversee the performance of all IT projects because information
on actual cost and schedule for some investments was not available for
review.
Key practice: 3. The IT investment board performs special reviews of
projects that have not met predetermined performance standards;
Rating: Not executed; Summary of evidence: At the time of our review,
Interior's department-level IT investment boards had not performed
special reviews of any IT projects.
Key practice: 4. Appropriate corrective actions for each under-
performing project are defined, documented, and agreed to by the IT
investment board and the project manager; Rating: Not executed;
Summary of evidence: Since the department level boards had not
conducted reviews of IT project performance, corrective actions had not
been defined.
Key practice: 5. Corrective actions are implemented and tracked until
the desired outcome is achieved; Rating: Not executed; Summary of
evidence: Corrective actions for underperforming IT projects had not
been defined by department-level IT investment boards at the time of
our review.
Source: GAO.
[End of table]
Department Is Not Able to Clearly Link IT Investments to Business
Needs:
Defining business needs for each project helps to ensure that projects
support the organization's mission goals and meet users' needs. This
critical process creates the link between the organization's business
objectives and its IT management strategy. According to our ITIM
framework, effectively identifying business needs requires, among other
things, (1) defining the organization's business needs or stated
mission goals, (2) identifying users for each project who will
participate in the project's development and implementation,
(3) training IT staff adequately in identifying business needs, and
(4) defining business needs for each project. (The complete list of key
practices is provided in table 6.):
The department is responsible for providing leadership and oversight
for the identification and documentation of business needs for IT
investments by issuing written guidance for this critical process and
executing the associated key practices. However, given that knowledge
of the actual business needs of Interior's departmental offices and
programs resides in the sponsors of IT investments, much of the work of
identifying business processes must necessarily be performed at those
levels of the organization.
The department is executing two of the eight key practices for this
critical process by defining mission goals in strategic planning
documents and by ensuring that appropriately trained individuals
identify the needs for its IT projects. However, the department is not
executing the remaining key practices, such as those that involve
ensuring that adequate resources are being provided and identifying all
of its IT projects and systems in an inventory. As a result, the
department could not identify specific users and business needs for all
of Interior's IT investments at the time of our review.
In April 2003, the department provided training in linking projects to
Interior's IT strategic plan, but written policies and procedures for
business needs identification have not been formalized. Also, the
Exhibit 300 reports on IT investments that the department produces for
OMB in support of the President's budget--and which it identifies as
the mechanism for capturing business needs--are not required for
nonmajor IT investments. Because nonmajor projects comprised
approximately 67 percent of Interior's projects and 45 percent of its
total IT expenditures in fiscal year 2003, business needs were not
captured for many of Interior's projects. The department was also
unable to demonstrate that identified users participated in project
management throughout a project's life cycle.
Office of Chief Information Officer (OCIO) officials explained that the
department has not provided oversight of the process of identifying
business needs, because it has historically relied on its IT investment
sponsors to determine the business needs of the investments. However,
until the department provides adequate leadership and oversight for
this critical process that is well established and understood
throughout the agency, executives cannot be adequately assured that
sponsors of IT investments are consistently and objectively identifying
user needs and linking investment proposals to the agency's strategic
goals.
Table 6 summarizes our ratings for each key practice and the evidence
that supports the ratings.
Table 6: Business Needs Identification:
Type of practice: Organizational commitment;
Key practice: 1. The
organization has written policies and procedures for identifying the
business needs (and the associated users) of each IT project; Rating:
Not executed; Summary of evidence: Written policies and procedures for
identifying business needs have not been formally approved, although
training has been initiated which includes identifying business needs
for major projects, to familiarize individuals with the preparation of
OMB Exhibit 300s.
Type of practice: Prerequisites;
Key practice: 1. Adequate resources
are provided for identifying business needs and associated users;
Rating: Not executed; Summary of evidence: The department indicated in
its self-assessment that this key practice had not been executed.
Key practice: 2. The organization has defined business needs or stated
mission goals; Rating: Executed; Summary of evidence: The department
issued a Strategic Plan for FY 2000-2005 and a draft Strategic Plan for
FY 2003-2008. Both of these documents contain information on Interior's
stated mission goals and business needs.
Key practice: 3. IT staff are trained in business needs
identification; Rating: Executed; Summary of evidence: Since
individuals responsible for identifying business needs and preparing
Exhibit 300 reports work in departmental and bureau offices that
sponsor IT investments, their work experience gives them sufficient
knowledge regarding the business needs of those units. In addition, the
department has provided supplemental training in business needs
identification for major projects.
Key practice: 4. IT projects and systems are identified in the IT
project and system inventory; Rating: Not executed; Summary of
evidence: The department indicated in its self-assessment that this key
practice had not been executed. The department does not have an IT
project and system inventory.
Type of practice: Activities;
Key practice: 1. The business needs for
each IT project are clearly identified and defined; Rating: Not
executed; Summary of evidence: Business needs are identified for major
projects in Exhibit 300 reports that are prepared annually for OMB.
However, these reports are not prepared for nonmajor IT investments.
Key practice: 2. Specific users are identified for each IT project;
Rating: Not executed; Summary of evidence: Exhibit 300 reports include
a section for identifying users of IT systems. However, these are not
prepared for nonmajor IT investments.
Key practice: 3. Identified users
participate in project management throughout a project's life cycle;
Rating: Type of practiceRating: Not executed; Summary of evidence: Type
of practiceSummary of evidence: The department indicated in its self-
assessment that this key practice had not been executed. In addition,
the department lacks written policies and procedures for IT project
management that could help ensure that users participate in project
management throughout a project's life cycle.
Source: GAO.
[End of table]
Selection Process Is Established, but Boards Lack Implementation
Experience:
Selecting new IT proposals requires an established and structured
process to ensure informed decision making and management
accountability. According to our ITIM framework, this critical process
requires, among other things, (1) making funding decisions for new IT
proposals according to an established process, (2) providing adequate
resources for proposal selection activities, (3) using an established
proposal selection process, (4) analyzing and ranking new IT proposals
according to established selection criteria--including cost and
schedule criteria--and (5) designating an official to manage the
proposal selection process. While initial selection decisions may be
made at the bureau level, the department should have in place clear,
established criteria for selection and guidance regarding the structure
and content of IT proposals. (The complete list of key practices is
provided in table 7.):
The department is executing two of the six key practices for this
critical process by identifying the IT Management Council cochairs as
the responsible authorities for the proposal selection process and by
using the CPIC Guide's funding process to make decisions on IT
proposals. These achievements notwithstanding, the department has yet
to implement most key practices--such as using established criteria to
analyze each investment and prioritizing these investments accordingly.
The CPIC Guide does contain requirements that address several of the
objectives of the critical process for proposal selection, such as
establishing a consistent approach to assessing the costs and benefits
of proposed investments and developing clear performance expectations
with quantifiable performance measures. If implemented, the CPIC Guide
would satisfy many of the requirements of the key practices in this
critical process.
Until now, the department has focused on other aspects of its IT
investment management process, such as the review of OMB Exhibit 300s
for each major project, without using the selection criteria that are
defined in the CPIC Guide. Moreover, while fundamental processes for
proposal selection are described in the CPIC Guide, these had not been
fully implemented at the time of our review. In the meantime,
Interior's bureaus have retained responsibility for selecting IT
investments--without benefit of departmental review. Until the
department implements the key practices described in the ITIM
framework, and they are well established and understood throughout the
agency, Interior cannot be adequately assured that it is consistently
and objectively developing and selecting proposals that best meet the
needs and priorities of the agency.
Table 7 summarizes our ratings for the proposal selection critical
process.
Table 7: Proposal Selection:
Type of practice: Organizational commitments;
Key practice: 1.
Executives and managers follow an established selection process;
Rating: Not executed; Summary of evidence: The department's CPIC Guide
established a selection process for IT investments. However, because
the department only began implementing this process in 2002, to
formulate its request for fiscal year 2004 funding, executives and
managers have not yet fully implemented the selection process.
Key practice: 2. An official is designated to manage the proposal
selection process; Rating: Executed; Summary of evidence: The
department's self-assessment states that the cochairs of the IT
Management Council review board are designated as the responsible
officials for the proposal selection process.
Type of practice: Prerequisite;
Key practice: 1. Adequate resources are
provided for proposal selection activities; Rating: Not executed;
Summary of evidence: The department indicated in its self-assessment
that this key practice had not been executed.
Type of practice: Activities;
Key practice: 1. The organization uses a
structured process to develop new IT proposals; Rating: Not executed;
Summary of evidence: The department's CPIC Guide established a
structured process for developing IT proposals. However, the department
had not implemented this process at the time of our review.
Key practice: 2. Executives analyze and prioritize new IT proposals
according to established selection criteria; Rating: Not executed;
Summary of evidence: The department's CPIC Guide established criteria
for prioritizing IT proposals. However, the department had not used
these criteria to prioritize new IT proposals at the time of our
review.
Key practice: 3. Executives make funding decisions for new IT proposals
according to an established process; Rating: Executed; Summary of
evidence: The department's CPIC Guide established a process for making
funding decisions for IT proposals, which the department used in its
2004 budget formulation process.
Source: GAO.
[End of table]
Department Is Not Managing Interior IT Investments as a Portfolio:
An IT investment portfolio is an integrated, agencywide collection of
investments that are assessed and managed collectively based on common
criteria. Managing investments within the context of such a portfolio
is a conscious, continuous, and proactive approach to expending limited
resources on an organization's competing initiatives in light of the
relative benefits expected from these investments. Taking an agencywide
perspective enables an organization to consider its investments
comprehensively, so that collectively the investments optimally address
the organization's missions, strategic goals, and objectives. Managing
IT investments with a portfolio approach also allows an organization to
determine priorities and make decisions about which projects to fund
based on analyses of the relative organizational value and risks of all
projects, including projects that are proposed, under development, and
in operation.
According to the ITIM framework, Stage 3 maturity includes (1) defining
portfolio selection criteria, (2) engaging in project-level investment
analysis, (3) developing a complete portfolio based on the investment
analysis, (4) maintaining oversight over the investment performance of
the portfolio, and (5) aligning the authority of the IT investment
boards.
Table 8 summarizes the purposes of each of the critical processes in
Stage 3.
Table 8: Stage 3 Critical Processes--Developing a Complete Investment
Portfolio:
Critical process: Authority alignment of IT investment boards;
Description: To ensure that IT investments are selected and managed by
the appropriate investment board.
Critical process: Portfolio selection criteria definition;
Description: To ensure that the organization develops and maintains IT
portfolio selection criteria that support its mission, organizational
strategies, and business priorities.
Critical process: Investment analysis; Description: To ensure that all
IT investments are consistently analyzed and prioritized according to
the organization's portfolio selection criteria.
Critical process: Portfolio development; Description: To ensure that an
optimal IT investment portfolio with manageable risks and returns is
selected and funded.
Critical process: Portfolio performance oversight; Description: To
ensure that each IT investment portfolio achieves its cost, benefit,
schedule, and risk expectations.
Source: GAO.
[End of table]
The department provided evidence that it is executing 2 of the 38 key
practices for Stage 3 by establishing and maintaining in its CPIC Guide
written policies and procedures and associated criteria for aligning
the decision-making authority of its IT investment review boards. In
its self-assessment, Interior did not claim to be fully executing any
other Stage 3 key practices.
At the time of our review, the department's efforts to implement ITIM
were in the initial stages, since the CPIC Guide had been issued in
December 2002. Moreover, OCIO efforts at IT management reform had to
compete for resources with other ongoing priorities. Until now,
Interior has focused its improvement activities in the preselect and
select phases described by its CPIC Guide. Until the department fully
implements the foundational critical processes in Stage 2 and then the
critical processes for portfolio management in Stage 3, it will lack
the capability to consider Interior's investments in a comprehensive
manner and determine whether it has the mix of IT investments that best
meet the agency's mission needs and priorities.
Table 9 summarizes the status of the department's Stage 3 critical
processes, showing how many associated key practices the agency has
executed.
Table 9: Status of Stage 3 Critical Processes:
Critical process: Authority alignment of IT investment boards; Key
practices executed: 2; Total required by critical process: 7;
Percentage of key practices executed: 29.
Critical process: Portfolio selection criteria definition; Key
practices executed: 0; Total required by critical process: 6;
Percentage of key practices executed: 0.
Critical process: Investment analysis; Key practices executed: 0; Total
required by critical process: 7; Percentage of key practices executed:
0.
Critical process: Portfolio development; Key practices executed: 0;
Total required by critical process: 9; Percentage of key practices
executed: 0.
Critical process: Portfolio performance oversight; Key practices
executed: 0; Total required by critical process: 9; Percentage of key
practices executed: 0.
Critical process: Cumulative; Key practices executed: 2; Total required
by critical process: 38; Percentage of key practices executed: 5.
Source: GAO.
[End of table]
Department Has Limited Ability to Oversee IT Investments in the
Bureaus:
The ability of a department-level CIO to effectively oversee IT
investment management processes throughout the agency depends on the
existence of appropriate management structures with adequate
authorities and sufficient guidance. To its credit, Interior has taken
several crucial initial steps to make this possible; it conducted a
study of existing organizational structures, issued a secretarial order
providing broad authorities to its CIOs, and issued a capital planning
and investment control guide that provided a conceptual framework for
improvements to the IT investment management process. However,
Interior's CIO has taken limited action to ensure that the secretarial
order was implemented and that other required improvements to the
process were made. The department had envisioned a certification
process through which it would hold bureaus accountable for improving
their investment management capabilities, but it has yet to implement
this concept. Until sound management structures and a certification
process are in place, the department's ability to oversee the bureaus'
practices for investment management will be limited.
Department and Bureau CIOs Are Not Positioned to Provide Leadership for
IT Investment Processes:
Under the Clinger-Cohen Act of 1996, the CIO of each agency is
responsible for effectively managing all of the agency's IT
resources.[Footnote 15] To comply with the act, Interior's CIO is
responsible for ensuring that the bureaus are implementing effective
investment management processes that are appropriately aligned with the
department's processes. Our report on Maximizing the Success of Chief
Information Officers[Footnote 16] describes the principles of
successful CIO management in leading organizations. In such
organizations, the CIO has been positioned for success, having been
assigned clearly defined roles, responsibilities, and
accountabilities. Because Interior has multiple levels of IT investment
management authority, it is especially critical that the roles,
responsibilities, and accountabilities of all the CIOs be clearly
defined.
In 2002, Interior contracted with Science Applications International
Corporation (SAIC) to study the department and bureau CIO organizations
and determine whether it was in compliance with the requirements of the
Clinger-Cohen Act. SAIC concluded that, in the current environment,
Interior's CIO did not have adequate power--or the leverage of a formal
structure with clear lines of authority and control of resources--to
carry out its responsibilities under the act. The study pointed to a
general lack of authority and resource control at the bureau level as
well, which further inhibited the CIO's ability to function. According
to SAIC, in most of the bureaus, the CIOs lacked the authority to
effect change among their subordinate IT staff and decision areas
because they cannot allocate or withdraw funds and do not control
hiring, training, or performance appraisals. On the basis of these
findings, SAIC recommended that Interior establish formal lines of
authority from the department's CIO to the bureau CIOs and to IT staff
at lower levels.
On the basis of the SAIC study, and because of its desire to comply
with the Clinger-Cohen Act, Interior issued Secretarial Order
3244,[Footnote 17] which acknowledged that authority and control over
management of IT resources had not been fully established or
coordinated in the department, resulting in significant variability
among bureaus and offices in implementing IT functions and setting
funding priorities. To rectify this situation, the order provides broad
authorities to all of Interior's CIOs. Among other things, the order
requires all bureaus[Footnote 18]to standardize their IT functional
areas to achieve continuity of responsibility and accountability
throughout the department. Specifically, the order calls for
establishing a function described as technology management, which
encompasses IT investment management.[Footnote 19]
The order assigns approval authority and management responsibility for
all IT assets to bureau CIOs. On the basis of the order, every Interior
organization with 5,000 or more employees must have a separate CIO
position at the Senior Executive Service level. The individual in this
position must be a fully participating member of the executive
leadership/management teams and must report to the Deputy Director or
Director of the bureau. For any office that reports directly to the
Secretary or the Deputy Secretary of the Interior, the department's CIO
will serve as the CIO if those offices have not designated one.
Consistent with the Clinger-Cohen Act, the order states that the
department's CIO is responsible for approving all IT expenditures.
Interior's CIO issued specific direction to the bureaus in November
2002 and in January 2003, indicating how to implement Secretarial Order
3244 and establishing a process for monthly status reporting, which was
to begin on January 31, 2003. However, at the time of our review, only
two bureaus had provided the required monthly status reports, and none
of the bureaus had fully implemented the order. This lack of
responsiveness is consistent with concerns described in the SAIC report
that Interior's CIO currently lacks adequate support from bureau CIOs
to ensure that departmental efforts at improving IT investment
management will be effectively implemented.
Department Does Not Follow Through with Certification of the Bureaus'
IT Investment Management Processes:
According to the Clinger-Cohen Act and Interior's own CPIC Guide, the
department should take steps to ensure that Interior's bureaus
implement effective capital planning and investment control processes.
To execute this responsibility according to project management best
practices, the department should clearly define its expectations for
these processes and then hold the bureaus accountable to the standards
it has established.
At the time of our review, the department had specified initial
expectations for the bureaus' processes. On January 15, 2003, the
department CIO issued a memorandum that called for the bureaus to
immediately begin implementing more formal IT processes, using the CPIC
Guide. The department held training sessions in which bureaus were
informed that the Exhibit 300s they provide to the department for
review as part of the annual budget formulation process must first be
reviewed by their own IT investment review boards. The department
emphasized during these sessions that the bureaus should work on making
their Exhibit 53 reports on IT investments more complete and reliable.
Although the Exhibit 53 reports do not include adequate information for
IT investment management purposes--according to the ITIM framework--
improving the reports will bring Interior one step closer to
identifying and tracking IT projects and systems. This is a critical
aspect of the investment management process that will provide better
visibility of all IT projects to the department.
Despite this initial instruction on its expectations, the department
has yet to fully implement a certification process through which it can
hold bureaus accountable for their IT investment management processes.
With the issuance of its CPIC Guide in December 2002, the department
began to define some criteria for certification of these processes. The
guide states that, at a minimum, a bureau's investment review board
must maintain a documented description or charter outlining the
bureau's CPIC process and the roles and responsibilities of the board,
the bureau offices, and any other entities that are involved in CPIC.
In addition, the guide outlines other departmental expectations--such
as six steps that need to be accomplished in the short term, along with
establishing a bureau-level investment review board--but it does not
explicitly state whether these are required for certification. During
our interviews with staff from Interior's IT Portfolio Management
Division, officials confirmed that the certification process is still
only a concept at Interior and that it has not been well defined. More
specifically, the department has not established a date for the
certification to begin or specified what corrective action will be
taken if a bureau fails to be certified. Implementation of an effective
certification process will provide the department with a mechanism for
ensuring that the bureaus are operating in a manner that is consistent
with the policies and procedures it establishes for ITIM key practices.
Departmental officials confirmed that at the time of our review, OCIO
efforts were concentrated on providing training for the preparation of
bureau Exhibit 300 reports, discussed above, rather than on
implementing the CPIC Guide's provisions for a certification process.
Until the department focuses resources on defining and enforcing
standards for certifying bureau processes, the risk is high that
bureaus may implement IT investment management processes that do not
sufficiently support the departmental investment management process.
Only by institutionalizing effective processes at both the department
and the bureau levels can Interior ensure that it is optimizing its
investments in IT and effectively assessing and managing the risks of
these investments.
Department's Efforts to Improve Investment Management Processes and
Oversight Are Fragmented and Inadequate:
Achieving successful reform of IT management requires an organization
to develop a complete and well-prioritized plan for systematically
correcting weaknesses in its existing capabilities. To properly focus
and target this plan, an organization should first fully identify and
assess current strengths and weaknesses (i.e., create an investment
management capability baseline). As we have previously
reported,[Footnote 20] this plan should, at a minimum, (1) specify
measurable goals, objectives, milestones, and needed resources and (2)
clearly assign responsibility and accountability for accomplishing
well-defined tasks. The plan should also be documented and approved by
agency leadership. In implementing such a plan, it is important that
the organization measure and report progress against planned
commitments and take appropriate corrective action to address
deviations.
In order to develop a focus for its reform efforts, Interior has made
several attempts to document existing conditions and identify
weaknesses in its organization. Between 2001 and 2003, OCIO hired three
different contractors to perform studies of existing IT projects and
systems, organizational reporting relationships and functions, and IT
investment management practices. The META Group performed the first
study, after which the SAIC study, described earlier, was completed to
assess the earlier results. G&B Solutions was then contracted to
further elaborate and validate the earlier work, focusing on technical
solutions and CIO authorities. In a separate effort in 2002, the
department directed the bureaus to rate themselves in a number of areas
that correspond to areas evaluated by OMB in the budget process.
Further, on January 15, 2003, OCIO issued a memorandum that required
bureaus to submit descriptions of their capital planning and investment
control processes and IT investment board charters and to perform self-
assessments of their IT investment management capabilities. However,
the effectiveness of this particular effort was limited because no
specific instructions were given on how to perform the self-
assessments; this will lead to difficulties in comparing results across
bureaus.
The Department of the Interior has indicated that it intends to create
a comprehensive reform plan with target goals and measurement criteria,
but this plan has not been fully developed. In November 2002, the
department created a Program Management Office to implement IT
management reforms by pulling together various improvement efforts and
prioritizing them. However, as of July 2003, the Program Management
Office did not have a formal charter or a budget, and its manager did
not have a clearly defined role. In addition, this individual's
attention was being diverted away from issues of IT investment
management to address other concerns, such as Interior's court-ordered
efforts to resolve issues with the Indian Trust Fund and related
information security problems.
The lack of clear accountability and responsibility for improvement
efforts that an office such as this would have provided has resulted in
initiatives that are not well integrated and do not support a unified
plan. For example, no steps have been taken to integrate the
requirements of Secretarial Order 3244 for CIO organizations with the
bureau certification process established in the CPIC Guide. In
addition, the multiple efforts to develop an understanding of current
conditions and identify weaknesses in the existing organization,
described above, have not yielded a coherent view, despite the
expenditure of considerable resources.
Without committing to a plan that allows it to systematically
prioritize, sequence, and evaluate improvement efforts, Interior
jeopardizes its ability to establish mature investment processes, which
include selection and control capabilities that would result in greater
certainty about the outcomes of future IT investments.
Conclusions:
The Department of the Interior lacks most of the fundamental IT
investment management practices necessary to effectively and
efficiently manage its IT resources. Only by effectively and
efficiently managing these resources can the department gain
opportunities to further leverage its IT investments and make better
allocation decisions among many investment alternatives. Recent moves
by senior executives to define an IT investment management approach--
and to align the IT investment decision review process with the CIOs at
both the department and bureau levels--demonstrate Interior's
realization that reform is necessary. Nonetheless, the department still
finds itself without many of the capabilities it needs to ensure that
Interior's mix of IT investments best meets the agency's mission and
business priorities.
Interior's ability to guide and oversee investment practices throughout
the agency is limited by its lack of mature investment management
processes. The department has recognized that it needs to oversee
bureau activities, and it has begun to establish the authority of
bureau CIOs to manage IT investments and to implement certification of
standard investment processes in the bureaus. However, until the
department is able to ensure mature investment management capabilities
at all levels, its ability to wisely select and effectively manage IT
investments will be limited.
Interior's success in resolving the weaknesses described in this report
will depend on the department's ability to plan and execute the
implementation of robust investment management and related practices
throughout the agency. However, the department's efforts have suffered
from a lack of unified planning, clear implementation guidance,
supporting resources, and follow-up on requirements that have been
established by the CIO. Until the department develops a comprehensive
plan, supported by top management, that delineates performance
expectations for process improvements, Interior's prospects will remain
limited for successfully developing the management capabilities that
are necessary to make prudent decisions that maximize the benefits and
minimize the risks of its IT investments.
Recommendations:
To strengthen Interior's capabilities for IT investment management and
address the weaknesses discussed in this report, we recommend that the
Secretary of the Interior direct Interior's CIO to do the following:
* Develop a unified, comprehensive plan for implementing departmentwide
improvements to the IT investment management process that are based on
the Stage 2 and Stage 3 critical processes of our ITIM framework.
* Ensure that the plan focuses first on the weaknesses that this report
identifies in the Stage 2 critical processes, before addressing those
associated with higher stages of ITIM maturity, because Stage 2
processes collectively provide the foundation for building a mature IT
investment management process. Specifically:
* Establish a timetable for the IT Management Council, Management
Initiatives Team, and Management Excellence Council to begin operating
according to the guidance described in the CPIC Guide.
* Develop and issue policies and procedures to guide the IT project
oversight as described by our ITIM framework, including the review of
actual performance information against expected performance by the
investment boards and the implementation of corrective actions when
performance falls below acceptable levels. Implement these policies and
procedures to accomplish the purpose of project oversight.
* Develop and issue policies and procedures to guide the project and
system identification processes as described by the ITIM framework,
including the specification of information required by the investment
management process, the sources of such information, and the methods
for collecting and retaining this information. Implement these policies
and procedures to accomplish the purpose of IT project and system
identification.
* Develop and issue policies and procedures to guide the identification
of business needs as described by the ITIM framework, including the
identification of business needs for all projects and the inclusion of
users in project management throughout a project's life cycle.
Implement these policies and procedures to accomplish the purpose of
identifying business needs.
* Establish a timetable for implementing IT proposal selection as
described by Interior's CPIC Guide.
* Ensure that the plan next focuses on Stage 3 critical processes,
which are necessary for portfolio management, because, along with the
Stage 2 foundational processes, these processes are necessary for
effective management of IT investments.
* To further strengthen the department's ability to oversee bureau
investment management processes so that it may ensure that investment
management is effectively carried out throughout the organization, the
plan should also:
* establish a timetable and specific implementation milestones for
Secretarial Order 3244, and:
* describe acceptable criteria for certification of bureau CPIC
processes and establish a time frame for the certification of these
processes at all bureaus.
* Ensure that the plan establishes a baseline of the agency's
capabilities, specifies measurable goals and time frames, and
establishes review milestones.
* Establish a well-defined management structure for directing and
controlling the unified plan with clear authority and responsibility.
* Ensure that the Management Excellence Council, which holds
responsibility for department management reform activities, approves
the plan.
* Implement the approved plan and report on progress made against the
plan's goals and time frames to the Secretary of the Interior every 6
months.
Agency Comments and Our Evaluation:
The Department of the Interior's Assistant Secretary for Policy,
Management and Budget provided written comments on a draft of this
report (reprinted in appendix II). In these comments, the Department of
the Interior concurred with our recommendations and identified actions
that it plans to take to improve IT investment management processes
throughout the department. Specifically, it intends to leverage lessons
learned in BLM's implementation of the ITIM framework to accelerate the
maturing of department practices. It also intends to develop and
implement a comprehensive plan, approved by the Management Excellence
Council, to address specific weaknesses that we identified in its
foundational investment management practices and to move to full
implementation of Secretarial Order 3244.
In response to the department's comments, we removed all descriptions
of national critical infrastructure or Trust. In its comments the
department also provided us with additional information that reflects
the ongoing progress it is making in implementing more mature
investment management practices. As we have described in this report,
Interior's progress has been evident and is ongoing. In particular, the
establishment of the ITMC and the release of the CPIC Guide have
provided an organizational point of focus and a set of procedures to
guide IT investment management. This has enabled the department to
begin to implement new practices with a departmentwide scope. The
information the department provided to us in its comments on the
completed evaluation reflects the continuing implementation of plans
described in this report. We strongly support this ongoing progress,
and we will reflect the successful execution of key practices in
following up on our recommendations.
:
We are sending copies of this report to interested committees of
Congress, to the Secretary of the Department of the Interior, and to
the Chief Information Officer of the Department of the Interior. Copies
will be made available to others upon request. In addition, the report
will be made available at no charge on the GAO Web site at [Hyperlink,
http://www.gao.gov.] http://www.gao.gov.
If you have any questions regarding this report, please contact me at
202-512-6240 or at [Hyperlink, koontzl@gao.gov]. Additional GAO contact and staff
acknowledgments are listed in appendix III.
Linda D. Koontz
Director,
Information Management Issues:
Signed by Linda D. Koontz:
[End of section]
Appendixes:
Appendix I: Bureau Missions, Functions, and IT Investments:
Dollars in millions.
Bureau of Indian Affairs (BIA); Mission: To
fulfill BIA's trust responsibilities and promote self-determination on
behalf of Tribal Governments, American Indians, and Alaska Natives;
IT Investments FY 2003[A]: $32.6; Budget authority FY 2003[B]:
$2,252.0; FTEs FY 2003 estimate: 9,667; Description: BIA
provides federal services to approximately 1.4 million American Indians
and Alaska Natives who are members of 562 federally recognized tribes
in the 48 contiguous United States and in Alaska. The bureau
administers 43,450,267 acres of tribally owned land, 11,000,000 acres
of individually owned land, and 443,000 acres of federally owned land
held in trust status. The bureau's mission is to promote and support
tribes on their future path through self-determination and to reduce
administration by the bureau in nontrust areas.
Bureau of Land Management (BLM); Mission: To
sustain the health, diversity, and productivity of the public lands for
the use and enjoyment of present and future generations; IT Investments
FY 2003[A]: $88.2; Budget authority FY 2003[B]: $1,660.0; FTEs FY
2003 estimate: 10,739; Description: BLM administers
over 264 million surface acres of public land, about one-eighth of the
land in the U.S., and approximately 700 million acres of federal
subsurface mineral estate. Most of these lands are in the West and
Alaska, and they are dominated by extensive grasslands, forests, high
mountains, arctic tundra, and deserts. BLM is responsible for the
management and use of a variety of resources on these lands, including
energy and minerals, timber, forage, wild horse and burro populations,
fish and wildlife habitat, recreation sites, wilderness areas, and
archeological and historical sites. BLM balances the goals of providing
opportunities for environmentally responsible recreation and
commercial activities; preserving natural and cultural heritage
resources; reducing threats to public health, safety, and property;
providing land, resource, and title information; providing economic and
technical assistance to Indian tribes and island communities;
understanding and planning for the condition and use of the public
lands; and restoring at-risk resources and maintaining functioning
systems.
U.S. Fish and Wildlife Service (USFWS); Mission:
To work with others to conserve, protect, and enhance fish, wildlife,
plants and their habitats for the continuing benefit of the American
people; IT Investments FY 2003[A]: $3.5; Budget authority FY 2003[B]:
$1,281.0; FTEs FY 2003 estimate: 8,928;
Description: USFWS is the primary federal agency responsible for the
protection, conservation, and renewal of fish, wildlife, plants, and
their habitats. It manages migratory bird populations, restores
interjurisdictional fisheries, conserves and restores wildlife
habitat, administers the Endangered Species Act, and assists foreign
governments with their conservation efforts. USFWS oversees the Federal
Aid in Fish and Wildlife Restoration Programs, which distribute
hundreds of millions of dollars earned from excise taxes on fishing and
hunting equipment to state fish and wildlife agencies. USFWS is the
steward for nearly 93 million acres of public lands, including 529
refuges of the National Wildlife Refuge System, and it manages 67
national fish hatcheries for the restoration of the nation's fishery
resources. USFWS also works closely with partnership activities for
assisting voluntary habitat development and fostering aquatic
conservation for fish and wildlife habitat on nonfederal lands.
Minerals Management Service (MMS); Mission: To
manage the mineral resources on the Outer Continental Shelf in an
environmentally sound and safe manner and to timely collect, verify,
and distribute mineral revenues from federal and Indian lands; IT
Investments FY 2003[A]: $29.6;
Budget authority FY 2003[B]: $170.0; FTEs FY 2003
estimate: 1,747; Description: MMS manages the
nation's natural gas, oil, and other mineral resources on the Outer
Continental Shelf. The agency also collects, accounts for, and
disburses more than $5 billion per year in revenues from federal
offshore mineral leases and from onshore mineral leases on federal and
Indian lands. MMS includes two major programs, Offshore Minerals
Management and Minerals Revenue Management. Offshore Minerals
Management manages the mineral resources on the Outer Continental Shelf
and has three regions: Alaska, the Gulf of Mexico, and the Pacific.
Minerals Revenue Management collects, accounts for, and distributes
revenues associated with mineral production from leased federal and
Indian lands.
National Park Service (NPS); Mission: To preserve
unimpaired the natural and cultural resources and values of the
national park system for the enjoyment, education, and inspiration of
this and future generations. The Park Service cooperates with partners
to extend the benefits of natural and cultural resource conservation
and outdoor recreation throughout this country and the world; IT
Investments FY 2003[A]: $36.3;
Budget authority FY 2003[B]: $2,354.0; FTEs FY
2003 estimate: 20,369; Description: NPS manages
379 parks and various historic preservation, conservation and
recreation programs, and hosts 287 million visitors annually. The
National Park System encompasses approximately 83.6 million acres in
over three hundred areas, of which more than 4.3 million acres remain
in private ownership. There are three principal categories used in
classification: natural areas, historical areas, and recreational
areas. NPS's four goal categories are to preserve park resources; to
provide for the public enjoyment and visitors' experience of parks; to
strengthen and preserve natural and cultural resources and enhance
recreational opportunities managed by partners; and to ensure
organizational effectiveness in supporting NPS's mission.
Office of Surface Mining (OSM); Mission: To carry
out the requirements of the Surface Mining Control and Reclamation Act
in cooperation with states and tribes; IT
Investments FY 2003[A]: $1.3; Budget authority FY
2003[B]: $279.0; FTEs FY 2003 estimate: 630;
Description: OSM is the lead federal agency for
carrying out the mandates of the Surface Mining Control and Reclamation
Act, whose goal is to protect society and the environment from the
adverse effects of surface coal mining operations. OSM's mission goal
of Environmental Restoration addresses mining that occurred prior to
the passage of Surface Mining Control and Reclamation Act in 1977,
while its goal of Environmental Protection addresses mining since 1977.
Environmental Restoration is accomplished through the Abandoned Mine
Land Program, whose main purpose is to restore a safe and clean
environment. As part of this, the Appalachian Clean Streams Initiative
supports local efforts to eliminate environmental and economic impacts
of acid mine drainage from abandoned coal mines. Environmental
Protection focuses on current coal mining and is accomplished with the
Surface Mining Program, which oversees 4.4 million acres of surface
coal mines in 26 states and on the lands of three Indian tribes. The
principal means of delivering environmental protection is through 24
primacy states that receive federal grant funding.
U.S. Bureau of Reclamation (USBR); Mission: To
manage, develop, and protect water and related resources in an
environmentally and economically sound manner in the interest of the
American public; IT Investments FY 2003[A]: $9.8;
Budget authority FY 2003[B]: $855.0; FTEs FY 2003 estimate: 5,628;
Description: USBR has developed and manages a limited natural water
supply in the 17 western states. USBR works to meet the increasing
water demands while protecting the environment and the public's
investment. USBR has 348 reservoirs with a total storage capacity of
245 million acre-feet of water, 58 hydroelectric power plants, and over
300 recreation sites. USBR is the nation's second largest producer of
hydroelectric power in the western United States, generating more than
40 billion kilowatt hours of energy annually. USBR is the nation's
largest water wholesaler; its water usage includes irrigation for one
out of every five western farmers (140,000)--about 10 million acres of
irrigated land; 10 trillion gallons of municipal, rural, and industrial
water for over 31 million people; habitat support for wildlife refuges,
migratory waterfowl, fish, and threatened and endangered species; and
irrigation projects and potable water supplies for Indian tribes. USBR
provides flood control benefits and drought contingency planning and
assistance, and it provides water-based recreation activities for about
90 million visitors a year.
U.S. Geological Survey (USGS); Mission: The USGS
serves the nation by providing reliable scientific information to
describe and understand the Earth; minimize loss of life and property
from natural disasters; manage water, biological, energy, and mineral
resources; and enhance and protect our quality of life; IT Investments
FY 2003[A]: $198.6;
Budget authority FY 2003[B]: $867.0; FTEs FY 2003
estimate: 9,397; Description: USGS is the nation's
principal natural science and information agency. USGS conducts
research, monitoring, and assessments to contribute to understanding
the natural world--lands, water, and biological resources. USGS
provides reliable, impartial information in the form of maps, data, and
reports containing analyses and interpretations of water, energy,
mineral and biological resources, land surfaces, marine environments,
geologic structures, natural hazards, and dynamic processes of the
Earth; this information is used to understand, respond to, and plan for
changes in the environment. USGS describes, documents, and gains
understanding of natural hazards and their risks through the study of
earthquakes, volcanoes, landslides, geomagnetic field changes, floods,
droughts, coastal erosion, tsunamis, wild land fire, and wildlife
disease. Environmental and natural resources activities deal with
physical, chemical, biological, and geological processes in nature and
the impact of human actions on natural systems through studies
including data collection, long-term assessments, ecosystems analysis,
and the forecasting of future changes.
Total; IT Investments FY 2003[A]: $399.9; Budget authority
FY 2003[B]: $9,718.0; FTEs FY 2003 estimate: 67,105.
Source: Department of the Interior (data), GAO (presentation).
[A] Department of the Interior's Exhibit 53, Agency IT Investment
Portfolio for fiscal year 2003.
[B] Department of the Interior, Fiscal Year 2004: The Interior Budget
in Brief.
[End of table]
[End of section]
Appendix II: Comments from the Department of the Interior:
THE ASSOCIATE DEPUTY SECRETARY OF THE INTERIOR WASHINGTON, D.C. 20240:
AUG 27 2003:
MEMORANDUM:
To: Managing Director:
Information and Technology Team:
From: Assistant Secretary:
Policy, Management and Budget:
Subject: Interior Response to the Draft General Accounting Office (GAO)
Report - "Information Technology, Departmental Leadership Crucial to
Success on Investment Reform at Interior" (GAO-03-1028).
Thank you for the opportunity to review the GAO draft report entitled,
"Information Technology, Departmental Leadership Crucial to Success on
Investment Reform at Interior" (GAO-03-1028). In the report, GAO
acknowledges that Interior has taken decisive steps over the past year
toward improving management of information technology (IT) resources.
Noted accomplishments include implementation of a capital planning and
investment control (CPIC) management process, the issuance of the CPIC
guide, and establishment and operation of IT investment review boards
at both the bureau and department levels. Other achievements include
the issuance of a Secretarial Order to establish the authority of the
bureau-level Chief Information Officers.
Within Interior, the Bureau of Land Management (BLM) aligned resources
and authority to implement GAO recommendations, resulting in BLM
reaching Stage 2 of the IT investment management (ITIM) framework in 3
years. As reported in the GAO draft report entitled, "BLM, Plan Needed
to Sustain Progress in Establishing IT Investment Management
Capabilities" (GAO-03-1025), BLM established most of the Stage 2 Key
Practices and initiated efforts to manage its investments as a
portfolio. Using this proven methodology, the Department is leveraging
the lessons from BLM implementation of the ITIM framework to progress
more rapidly toward Stage 2.
In order to continue the strong progress Interior has made in the past
year, the report recommends strengthening the oversight and resource
allocation role of the Chief Information Officer, directing resources
to implementation, and integrating ongoing and future ITIM improvement
initiatives. This is to be accomplished through the development and
implementation of a comprehensive plan, approved by the Management
Excellence Council, covering specific weaknesses in Stage 2 of the ITIM
framework, full implementation of the Secretarial Order, and progress
toward Stage 3. The plan is to include baselines, performance measures
and a defined management structure. Interior concurs with these
recommendations.
In some areas the report does not sufficiently recognize progress
Interior has made toward implementing the ITIM framework. The earlier
self-assessment indicated that many key practices had not yet been
fully executed. To the extent GAO based their assessment on the earlier
incomplete information, Interior provides the attached supplemental
information. The Department requests reconsideration of the ratings for
the key practices addressed in the attachment. Interior is also
continuing to provide information to the GAO ITIM self-assessment team,
which would be valuable in documenting progress.
Interior requests deletion in the final report of any description of
national critical infrastructure or Trust systems, as this could
potentially cause security concerns.
Interior appreciates GAO's review of ITIM implementation to date, and
the opportunity to provide comments and additional information. The
combination of this report and the Department's self-assessments serve
as a baseline to establish management processes to maximize the
effectiveness of IT expenditures. Interior will use this report to
baseline and incorporate metrics, time frames, and review milestones in
its improvement plan. Finally, Interior will push forward in ensuring
bureau compliance with the Capital Planning and Investment Control
(CPIC) Guide, and the Secretarial Order.
For additional information please contact W. Hord Tipton at 202-208-
6194.
Attachment:
[End of section]
Appendix III: GAO Contact and Staff Acknowledgments:
GAO Contact :
Lester Diamond, (202) 512-7957, [Hyperlink, diamondl@gao.gov]
diamondl@gao.gov:
Acknowledgments:
In addition to the individual named above, William G. Barrick, Joanne
Fiorino, Peggy A. Hegg, Alison Jacobs, Mary Beth McClanahan, and Nik
Rapelje made key contributions to this report.
(310356):
FOOTNOTES
[1] U.S. General Accounting Office, Bureau of Land Management: Plan
Needed to Sustain Progress in Establishing IT Investment Management
Capabilities, GAO-03-1025 (Washington, D.C. Sept. 12, 2003).
[2] Interior uses the term "bureau" to refer to bureaus and offices
and, in some instances, to its departmental offices.
[3] Major information technology investments include those with total
life cycle costs greater than $35 million; financial systems with a
life cycle cost greater than $500,000; multiple bureau and/or agency
projects; investments mandated by legislation or executive order or
identified by the Secretary as critical; those reported as major on
Exhibit 53 reports submitted to OMB; those requiring a common
infrastructure investment; department strategic-and mandatory-use
systems; those that differ significantly from or affect department
infrastructure, architecture, or standards and guidelines; high risk
investments as determined by OMB, GAO, Congress and/or the CIO;
investments that directly support the President's Management Agenda
items of "high executive visibility;" and those that are related to
electronic government or that use E-business technologies.
[4] U.S. General Accounting Office, Indian Trust Funds: Interior Lacks
Assurance That Trust Improvement Plan Will Be Effective, GAO/AIMD-99-53
(Washington, D.C. Apr. 28, 1999) and U.S. General Accounting Office,
Indian Trust Funds: Challenges Facing Interior's Implementation of New
Trust Asset and Accounting Management System, GAO/T-AIMD-99-238
(Washington, D.C. July 14, 1999).
[5] U.S. General Accounting Office, Indian Trust Funds: Improvements
Made in Acquisition of New Asset and Accounting System But Significant
Risks Remain, GAO/AIMD-00-259 (Washington, D.C. Sept. 15, 2000).
[6] U.S. General Accounting Office, Land Management Systems: Progress
and Risks in Developing BLM's Land and Mineral Record System, GAO/AIMD-
95-180 (Washington, D.C. Aug. 31, 1995); U.S. General Accounting
Office, Land Management Systems: BLM Faces Risks in Completing the
Automated Land and Mineral Records System, GAO/AIMD-97-42 (Washington,
D.C. Mar. 19, 1997); U.S. General Accounting Office, Land Management
Systems: Information on BLM's Automated Land and Mineral Record System
Release 2 Project, GAO/AIMD-97-109R (Washington, D.C. June 6, 1997);
U.S. General Accounting Office, Land Management Systems: Major Software
Development Does Not Meet BLM's Business Needs, GAO/AIMD-99-135
(Washington, D.C. Apr. 30, 1999); U.S. General Accounting Office, Land
Management Systems: Status of BLM's Actions to Improve Information
Technology Management, GAO/AIMD-00-67 (Washington, D.C. Feb. 24,
2000); and U.S. General Accounting Office, Land Management Systems:
BLM's Actions to Improve Information Technology Management, GAO-01-282
(Washington, D.C. Feb. 27, 2001).
[7] U.S. Department of the Interior, Advisory Report, Developing the
Department of the Interior's Information Technology Capital Investment
Process: A Framework for Action, No. 2002-I-0038, August 2002.
[8] The Paperwork Reduction Act of 1995 requires each agency to define
its information needs and develop strategies, systems, and capabilities
to support programs and to improve productivity, efficiency, and
effectiveness. The Clinger-Cohen Act requires agencies to link IT
investments to agency accomplishments and establish a process to
select, manage, and control IT investments.
[9] Office of Management and Budget, Analytical Perspectives Budget of
the United States Government, Fiscal Year 2004.
[10] U.S. General Accounting Office, Information Technology Investment
Management: A Framework for Assessing and Improving Process Maturity
(Exposure Draft), GAO/AIMD-10.1.23 (Washington, D.C. May 2000).
[11] U.S. General Accounting Office, United States Postal Service:
Opportunities to Strengthen IT Investment Management Capabilities, GAO-
03-3 (Washington, D.C. Oct. 15, 2002) and U.S. General Accounting
Office, Information Technology: Justice Plans to Improve Oversight of
Agency Projects, GAO-03-135 (Washington, D.C. Nov. 22, 2002).
[12] U.S. General Accounting Office, Information Technology Investment
Management: A Framework for Assessing and Improving Process Maturity
(Exposure Draft), GAO/AIMD-10.1.23 (Washington, D.C. May 2000).
[13] U.S. Department of the Interior, "Follow-on Guidance on
Implementation of Secretarial Order Requirements," Memorandum from W.
Hord Tipton (Jan. 31, 2003) and U.S. Department of the Interior,
"Capital Asset Investment Management Clarification," Memorandum from P.
Lynn Scarlett (Mar. 13, 2003).
[14] For this critical process, we used a revised version of the IT
Asset Inventory critical process included in the Exposure Draft of the
ITIM framework. We discussed the revision with departmental officials
at the start of this engagement, and they agreed to use it as the basis
for our review of Interior's IT investment management capabilities.
[15] The fiscal year 1997 Omnibus Consolidated Appropriations Act, Pub.
L. 104-208, renamed both Divisions D and E of the 1996 DOD
Authorization Act, Pub. L. 104-106, the Clinger-Cohen Act of 1996.
[16] U.S. General Accounting Office, Maximizing the Success of Chief
Information Officers: Learning From Leading Organizations, GAO-01-376G
(Washington, D.C. Mar. 1, 2001).
[17] U.S. Department of the Interior, Standardization of Information
Technology Functions and Establishment of Funding Authorities, Office
of the Secretary Order No. 3244 (Washington, D.C. Nov. 12, 2002).
[18] For purposes of this order, "bureaus and offices" refers
collectively to the bureaus of the department, the Secretarial Offices,
and the immediate offices of the Secretary and the Deputy Secretary.
[19] Secretarial Order 3244 requires that each bureau CIO organization
include the following IT management functions: technology, security,
information management, telecommunications, inventory and asset
management, strategic planning, project management, and IT career and
skills management. Technology management is defined to include
enterprise architecture, capital planning and investment control
processes, and IT acquisition.
[20] U.S. General Accounting Office, Information Technology: DLA Needs
to Strengthen Its Investment Management Capability, GAO-02-314
(Washington, D.C. Mar. 15, 2002).
GAO's Mission:
The General Accounting Office, the investigative arm of Congress,
exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. General Accounting Office
441 G Street NW,
Room LM Washington,
D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.
General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.
20548:
