Information Technology

Management and Oversight of Projects Totaling Billions of Dollars Need Attention Gao ID: GAO-09-624T April 28, 2009

Billions of taxpayer dollars are spent on federal information technology (IT) projects each year; for fiscal year 2009, federal IT spending has risen to an estimated $71 billion. Given the size of these investments and their significance to the health, economy, and security of the nation, it is important that that the Office of Management and Budget (OMB) and federal agencies are providing adequate oversight and ensuring transparency of these programs. Appropriate oversight and transparency will help ensure that programs are delivered on time, within budget, and with the promised capabilities. During the past several years, GAO has issued numerous reports and testimonies on OMB's initiatives to highlight troubled projects, justify IT investments, and use project management tools. For example, OMB has used a Management Watch List to identify major projects that were poorly planned and has required agencies to identify high-risk projects that have performance shortfalls. GAO made many recommendations to improve these initiatives and further enhance oversight and transparency of IT projects. GAO was asked to testify on key OMB efforts to improve the oversight and transparency of federal IT projects. In preparing this testimony, GAO relied on its prior reports and testimonies. GAO also followed up with OMB to determine the status of its efforts to implement past recommendations.

OMB has made progress implementing several initiatives aimed at improving oversight and transparency of federal IT investments, but as GAO previously reported and recommended, more attention needs to be placed on improving these initiatives. For example, OMB's Management Watch List identified poorly planned projects, and the office also identified and listed high-risk projects failing to meet one of four performance evaluation criteria. OMB took steps to improve the identification of the poorly planned and performing projects by, for example, issuing a central list of Management Watch List projects and publicly disclosing these projects' deficiencies. With regard to the high-risk list, OMB clarified the project criteria and started publicly releasing aggregate lists of high-risk projects on its Web site in September 2006. However, more needs to be done by both OMB and the agencies to address recommendations GAO has previously made, such as identifying and publicizing performance shortfalls on high-risk projects. Additionally, the future of the Management Watch List and high-risk list is uncertain because OMB officials stated that they have not decided if the agency plans to continue to use these lists. As another step aimed at increasing oversight of agencies' IT investments, OMB required agencies to provide investment justifications for major IT projects to demonstrate both to agency management and to OMB that the projects are well planned. However, GAO raised concerns about the accuracy and reliability of the information agencies used to comply with this requirement and recommended changes to the reporting process. In response, OMB required agencies to disclose weaknesses in their information. OMB also required the use of earned value management, an approach to project management that can provide insight into project status, warning of schedule delays and cost overruns, and unbiased estimates of total costs. However, GAO identified weaknesses in agencies' use of this management tool. For example, the Federal Aviation Administration was using earned value management to manage IT acquisition programs, but not all programs ensured that their earned value data were reliable. GAO made a number of recommendations to federal agencies to clarify and expand their earned value management policies and strengthen their oversight processes at the program level. Until agencies expand and enforce their earned value management policies, it will be difficult for them to optimize the effectiveness of this management tool. Building on successes and looking for more efficient and comprehensive ways to bolster oversight and transparency of the federal IT budget will help ensure that federal IT dollars are wisely spent and agency mission performance is enhanced. Accordingly, OMB needs to decide if it is going to continue to use its Management Watch list and high-risk list. If OMB decides not to use these tools, it should promptly implement other appropriate mechanisms to help oversee IT investments.

GAO-09-624T, Information Technology: Management and Oversight of Projects Totaling Billions of Dollars Need Attention This is the accessible text file for GAO report number GAO-09-624T entitled 'Information Technology: Management and Oversight of Projects Totaling Billions of Dollars Need Attention' which was released on April 29, 2009. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony: Before the Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Committee on Homeland Security and Governmental Affairs, U.S. Senate. For Release on Delivery: Expected at 2:30 p.m. EDT: April 28, 2009: Information Technology: Management and Oversight of Projects Totaling Billions of Dollars Need Attention: Statement of David A. Powner: Director, Information Technology Management Issues: GAO-09-624T: GAO Highlights: Highlights of GAO-09-624T, a testimony before the Subcommittee on Federal Financial Management, Government Information, Federal Services, & International Security, Committee on Homeland Security & Governmental Affairs, U.S. Senate. Why GAO Did This Study: Billions of taxpayer dollars are spent on federal information technology (IT) projects each year; for fiscal year 2009, federal IT spending has risen to an estimated $71 billion. Given the size of these investments and their significance to the health, economy, and security of the nation, it is important that the Office of Management and Budget (OMB) and federal agencies are providing adequate oversight and ensuring transparency of these programs. Appropriate oversight and transparency will help ensure that programs are delivered on time, within budget, and with the promised capabilities. During the past several years, GAO has issued numerous reports and testimonies on OMB‘s initiatives to highlight troubled projects, justify IT investments, and use project management tools. For example, OMB has used a Management Watch List to identify major projects that were poorly planned and has required agencies to identify high-risk projects that have performance shortfalls. GAO made many recommendations to improve these initiatives and further enhance oversight and transparency of IT projects. GAO was asked to testify on key OMB efforts to improve the oversight and transparency of federal IT projects. In preparing this testimony, GAO relied on its prior reports and testimonies. GAO also followed up with OMB to determine the status of its efforts to implement past recommendations. What GAO Found: OMB has made progress implementing several initiatives aimed at improving oversight and transparency of federal IT investments, but as GAO previously reported and recommended, more attention needs to be placed on improving these initiatives. For example, OMB‘s Management Watch List identified poorly planned projects, and the office also identified and listed high-risk projects failing to meet one of four performance evaluation criteria. OMB took steps to improve the identification of the poorly planned and performing projects by, for example, issuing a central list of Management Watch List projects and publicly disclosing these projects‘ deficiencies. With regard to the high-risk list, OMB clarified the project criteria and started publicly releasing aggregate lists of high-risk projects on its Web site in September 2006. However, more needs to be done by both OMB and the agencies to address recommendations GAO has previously made, such as identifying and publicizing performance shortfalls on high-risk projects. Additionally, the future of the Management Watch List and high-risk list is uncertain because OMB officials stated that they have not decided if the agency plans to continue to use these lists. As another step aimed at increasing oversight of agencies‘ IT investments, OMB required agencies to provide investment justifications for major IT projects to demonstrate both to agency management and to OMB that the projects are well planned. However, GAO raised concerns about the accuracy and reliability of the information agencies used to comply with this requirement and recommended changes to the reporting process. In response, OMB required agencies to disclose weaknesses in their information. OMB also required the use of earned value management, an approach to project management that can provide insight into project status, warning of schedule delays and cost overruns, and unbiased estimates of total costs. However, GAO identified weaknesses in agencies‘ use of this management tool. For example, the Federal Aviation Administration was using earned value management to manage IT acquisition programs, but not all programs ensured that their earned value data were reliable. GAO made a number of recommendations to federal agencies to clarify and expand their earned value management policies and strengthen their oversight processes at the program level. Until agencies expand and enforce their earned value management policies, it will be difficult for them to optimize the effectiveness of this management tool. Building on successes and looking for more efficient and comprehensive ways to bolster oversight and transparency of the federal IT budget will help ensure that federal IT dollars are wisely spent and agency mission performance is enhanced. Accordingly, OMB needs to decide if it is going to continue to use its Management Watch list and high-risk list. If OMB decides not to use these tools, it should promptly implement other appropriate mechanisms to help oversee IT investments. View [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-09-624T] or key components. For more information, contact David A. Powner at (202) 512- 9286 or pownerd@gao.gov. [End of section] Mr. Chairman and Members of the Subcommittee: I am pleased to be here today to discuss efforts to improve oversight and transparency of information technology (IT) investments. As you know, billions of taxpayer dollars are spent on these projects each year; federal IT spending has now risen to an estimated $71 billion for fiscal year 2009. Given the size of these investments and the criticality of many of the systems to the health, economy, and security of the nation, it is important that the Office of Management and Budget (OMB) and federal agencies are providing appropriate oversight and that there is adequate transparency into these programs. During the past several years, we have issued numerous reports and testimonies on OMB's initiatives to highlight troubled projects, [Footnote 1] justify IT investments,[Footnote 2] and use project management tools.[Footnote 3] We made many recommendations to OMB and to federal agencies to improve these initiatives to further enhance the oversight and transparency of IT projects. You asked us to testify on OMB's key efforts to improve the oversight and transparency of federal IT projects. Specifically, my testimony covers key oversight mechanisms OMB used to highlight troubled projects, justify IT investments, and manage costs and schedule growth. In preparing this testimony, we relied on prior GAO reports and testimonies that assessed the government's management of IT investments, including management of projects identified as poorly planned and/or performing, justification of IT investments, and use of project management tools. We also followed up with OMB and federal agencies to determine the status of their efforts to implement our past recommendations. We performed our work in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective. Background: Each year, OMB and federal agencies work together to determine how much the government plans to spend on IT projects and how these funds are to be allocated. OMB plays a key role in overseeing the implementation and management of federal IT investments. To improve this oversight, Congress enacted the Clinger-Cohen Act in 1996, expanding the responsibilities delegated to OMB and agencies under the Paperwork Reduction Act.[Footnote 4] Among other things, Clinger-Cohen requires agencies to better link their IT planning and investment decisions to program missions and goals and to implement and enforce IT management policies, procedures, standards, and guidelines. The act also requires that agencies engage in capital planning and performance and results- based management.[Footnote 5] OMB's responsibilities under the act include establishing processes to analyze, track, and evaluate the risks and results of major capital investments in information systems made by executive agencies. OMB must also report to Congress on the net program performance benefits achieved as a result of these investments. [Footnote 6] In response to the Clinger-Cohen Act and other statutes, OMB developed a policy for the planning, budgeting, acquisition, and management of federal capital assets. This policy is set forth in OMB Circular A-11 (section 300) and in OMB's Capital Programming Guide (supplement to Part 7 of Circular A-11), which direct agencies to develop, implement, and use a capital programming process to build their capital asset portfolios. Among other things, OMB's Capital Programming Guide directs agencies to: * evaluate and select capital asset investments that will support core mission functions and demonstrate projected returns on investment that are clearly equal to or better than alternative uses of available public resources, * institute performance measures and management processes that monitor actual performance and compare it to planned results, and: * establish oversight mechanisms that require periodic review of operational capital assets to determine if mission requirements have changed and whether the assets continue to fulfill those requirements and deliver their intended benefits. To further support the implementation of IT capital planning practices as required by statute and directed in OMB's Capital Programming Guide, we have developed an IT investment management framework[Footnote 7] that agencies can use in developing a stable and effective capital planning process. It is a tool that can be used to determine both the status of an agency's current IT investment management capabilities and the additional steps that are needed to establish more effective processes. Mature and effective management of IT investments can vastly improve government performance and accountability, while poor management can result in wasteful spending and lost opportunities for improving the delivery of services to the public. In addition, OMB has used key oversight mechanisms to highlight troubled projects, justify IT investments, and manage cost and schedule growth. These mechanisms include: * a Management Watch List to identify major IT projects that are poorly planned; * a list of high-risk projects that are performing poorly; * investment justifications for major IT projects that agency officials were required to prepare to demonstrate both to their management and to OMB that the projects were well planned; and: * use of earned value management (EVM), which is a project management tool that can provide insight into project status, warning of schedule delays and cost overruns, and unbiased estimates of total costs. Among other initiatives, OMB also developed and oversaw the implementation of policies, principles, standards, and guidelines for information security, and reviewed agency information security programs at least annually. In addition, OMB was responsible for overseeing enterprise architecture[Footnote 8] development within and across agencies. OMB, the National Institute of Standards and Technology, and the federal Chief Information Officers (CIO) Council issued frameworks that define the scope and content of architectures.[Footnote 9] OMB used these frameworks to assess agencies' enterprise architecture activities. In addition, OMB has issued a collection of five reference models[Footnote 10] (Business, Performance, Data/Information, Service, and Technical) that are intended to facilitate governmentwide improvement through cross-agency analysis and the identification of duplicative investments, gaps, and opportunities. The Clinger-Cohen Act also requires agency heads to designate Chief Information Officers to lead reforms to help control system development risks, better manage technology spending, and achieve real, measurable improvements in agency performance through better management of information resources. As such, the responsibility for directly managing IT projects and implementing OMB's guidance lies with agency heads and their Chief Information Officers. OMB Initiatives Have Improved Oversight and Transparency, but More Work Remains: OMB has established initiatives aimed at increasing oversight and transparency of federal IT projects. However as we have previously reported and recommended, more attention needs to be placed on improving these initiatives. Specifically, * OMB took steps to improve the identification of poorly planned and performing IT projects, but projects totaling billions of dollars require more attention; * OMB has taken steps to enhance oversight of agencies' investment justifications, but accuracy and reliability concerns remain; and: * OMB has required the use of EVM, but agencies' earned value management policies and implementation need improvement. OMB Has Taken Steps to Improve the Identification of Poorly Planned and Performing IT Projects, but Projects Totaling Billions of Dollars Still Require Oversight: Beginning in 2004, OMB identified major projects that were poorly planned by placing them on a quarterly Management Watch List. The list was derived based on a detailed review of each investment's Capital Asset Plan and Business Case, also known as the exhibit 300. OMB began using its Management Watch List as a means to oversee the justification for and planning of agencies' IT investments. Over the past 4 years we testified on the hundreds of projects, totaling billions of dollars that OMB placed on the Management Watch List. For example, in 2008 we testified that OMB determined that 352 projects--totaling about $23.4 billion--were poorly planned.[Footnote 11] According to OMB's evaluation of the exhibit 300s, investments were placed on the watch list primarily because of weaknesses in the way they addressed (1) cost, schedule, and performance; (2) security; (3) privacy; and (4) acquisition strategy. In order for OMB to take advantage of the potential benefits of using the Management Watch List as a tool for analyzing and following up on IT investments on a governmentwide basis, in 2005 we recommended that the agency: (1) publicly disclose the deficiencies of projects on the Management Watch List; (2) use the list as the basis for selecting projects for follow-up and for tracking follow-up activities (including developing specific criteria for prioritizing the IT projects included on the list, taking into consideration such factors as their relative potential financial and program benefits, as well as potential risks); (3) analyze the prioritized list to develop governmentwide and agency assessments of the progress and risks of IT investments, identifying opportunities for continued improvement; and (4) report to Congress on progress made in addressing risks of major IT investments and management areas needing attention.[Footnote 12] OMB took steps to address our recommendations by publicly disclosing the deficiencies of projects and developing governmentwide and agency assessments. Specifically, OMB started disclosing projects' deficiencies (i.e., the reasons for inclusion on the Management Watch List) in April 2008. In addition, OMB performed governmentwide and agency-specific analyses of projects' deficiencies, which it reported to Congress and disclosed publicly in April and July of 2008. The Management Watch List has been instrumental in helping prioritize projects that require follow-up action and in informing Congress on management areas needing attention. However, the future of the Management Watch List is uncertain because OMB officials recently stated that the agency has not decided if it plans to continue to use this list. As defined by OMB, high-risk projects were those that agencies identified as requiring special attention from oversight authorities and the highest levels of agency management. These projects were not necessarily at risk of failure, but may be on the list for a variety of reasons such as that the agency had not consistently demonstrated the ability to manage complex projects. To identify high-risk projects, staff from each agency's Office of the Chief Information Officer compared criteria against their portfolio to determine which projects met OMB's definition for high-risk and performance shortfalls. They then submitted the list to OMB for review. High risk projects failing to meet one of four performance evaluation criteria were considered to have "performance shortfalls." In our analysis of the high-risk projects in June 2008, we found that of the 472 IT projects that were categorized as high risk, at least 87 had performance shortfalls--collectively totaling about $4.8 billion in funding requested for fiscal year 2009. Agencies reported cost and schedule variances that exceeded 10 percent as the most common shortfall. To improve the identification and oversight of the high-risk projects, we recommended, among other things, that OMB establish a structured, consistent process to update the list of high-risk projects on a regular basis, including identifying new projects and removing previous ones to ensure that the list is current and complete.[Footnote 13] We also recommended that OMB develop a single aggregate list of high-risk projects and their deficiencies and use that list to report to Congress the progress made in correcting high-risk problems, actions under way, and further actions that may be needed. OMB took several steps to address these recommendations. The agency clarified the high-risk project criteria in 2008. It also asked agencies to identify, in their quarterly reports, reasons for placement on the list and reasons for removal, thereby adding structure and consistency to the process for updating the list. In addition, OMB also started publicly releasing aggregate lists of the high-risk projects in September 2006, and had been releasing them on its Web site quarterly. As we previously testified,[Footnote 14] OMB had not identified the deficiencies (i.e., performance shortfalls) associated with the high- risk projects. Doing so would allow OMB and others to better analyze the reasons projects are performing poorly, take corrective actions, and track these projects on a governmentwide basis. Such information would also help to highlight progress made by agencies or projects, identify management issues that transcend individual agencies, and highlight the root causes of governmentwide issues and trends. In addition, OMB has not released an update to the high-risk list since the first quarter of fiscal year 2009, and, as with the Management Watch List, OMB officials indicated that the agency has not decided if it plans to continue the use of the high-risk list. OMB Took Steps to Enhance Oversight of Agencies' Investment Justifications, but Accuracy and Reliability Concerns Remain: As another step aimed at increasing oversight of agencies' IT investments, OMB--in response to the Clinger-Cohen Act and other statutes--required agencies to prepare investment justifications for major IT projects, referred to as the exhibit 300. The exhibit 300 is a reporting mechanism intended to enable an agency to demonstrate to its own management, as well as to OMB, that a major project is well planned in that it has employed the disciplines of good project management; developed a strong business case for the investment; and met other administration priorities in defining the cost, schedule, and performance goals proposed for the investment. In January 2006, we noted that the underlying support for information provided in the exhibit 300s was often inadequate and that, as a result, the Management Watch List may be undermined by inaccurate and unreliable data.[Footnote 15] For example, documentation of the information either did not exist or did not fully agree with specific areas of all exhibit 300s. We recommended, among other things, that OMB provide more specific guidance to the agencies and direct agencies to improve the accuracy and reliability of exhibit 300 information. To address our recommendations, in June 2006 OMB modified exhibit 300 requirements and provided more guidance for specific sections. Also in June, OMB directed agencies to post their exhibit 300s on their Web sites within two weeks of the release of the President's budget request for fiscal year 2008. As part of the 2010 budget cycle, OMB asked agencies to disclose weaknesses in the accuracy and reliability of information reported in their exhibit 300s. Ensuring the reliability of these investment justification documents is essential to enable effective strategic planning, performance measurement, and investment management, which, in turn, make it more likely that the billions of dollars in government IT investments will be wisely spent. OMB Has Required Use of Earned Value Management, but Agencies' Earned Value Management Policies and Implementation Need Improvement: Pulling together essential cost, schedule, and technical information in a meaningful, coherent fashion is a challenge for most programs. Without meaningful and coherent cost and schedule information, program managers can have a distorted view of a program's status and risks. Earned Value Management (EVM) is a project management approach that, if implemented appropriately, provides objective reports of project status, produces early warning signs of impending schedule delays and cost overruns, and provides unbiased estimates of a program's total costs. In August 2005, OMB issued guidance outlining steps that agencies must take for all major and high-risk development projects to better ensure improved execution and performance and to promote more effective oversight through the implementation of EVM.[Footnote 16]Among other things, this guidance directed agencies to develop comprehensive policies to ensure that agencies use this management tool to plan and manage development activities for major IT investments. In reviewing agencies' implementation of OMB's EVM guidance, we identified weaknesses with policies and implementation at several major departments. Examples include the following: * The Department of the Treasury had an EVM policy that clearly defined criteria for which programs were to use the management tool. However, this policy did not require and enforce earned value management training for personnel with investment oversight and program management responsibilities, nor did it adequately address key elements for ensuring reliability of earned value data--including program EVM compliance with the national standard.[Footnote 17] * The Federal Aviation Administration (FAA) was using EVM to manage IT acquisition programs, but not all programs were ensuring that their earned value data were reliable.[Footnote 18] One program did not adequately validate contractor performance data. We found anomalies in which the contractor reported spending funds without accomplishing work and others in which the contractor reported accomplishing work while crediting funds to the government. We made a number of recommendations to each of these agencies to clarify and expand their EVM policies and strengthen their oversight processes at the program level. The Treasury has recently implemented some of our recommendations to improve its earned value management policies and practices. For example, in September 2008, the agency issued a new EVM policy stating that each bureau shall develop, implement, and use a standard earned value management process. In response to our recommendations to FAA, the agency reported that it has initiatives under way to improve its EVM oversight processes, including work to ensure that all contract provisions specific to this management tool are being met. Until these agencies expand and enforce their EVM policies, it will be difficult for them to optimize the effectiveness of this management tool. Furthermore, without robust oversight of earned value management at the program level, these same agencies face an increased risk that managers are not getting the information they need to effectively manage the programs. We are currently evaluating for this subcommittee the state of EVM implementation at eight major agencies and plan to report on this work later this year. In summary, OMB made progress implementing several initiatives aimed at improving oversight and transparency of federal IT investments, such as the Management Watch and high-risk lists and governmentwide use of EVM. Nevertheless, more needs to be done by the executive branch to further increase the oversight and transparency of IT projects. The executive branch needs to build on its successes and also look for more efficient and comprehensive ways to bolster oversight and transparency. Accordingly, OMB needs to decide if it is going to continue to use its Management Watch list and high-risk list to track poorly planned and performing projects. If OMB decides not to use these tools, it should promptly implement other appropriate mechanisms to help oversee IT investments. Without adequate oversight and transparency of IT projects the federal government risks wasting potentially billions of taxpayer dollars. Mr. Chairman, this concludes my statement. I would be happy to answer any questions at this time. Contact and Staff Acknowledgements: If you should have any questions about this testimony, please contact me at (202) 512-9286 or by e-mail at pownerd@gao.gov. Individuals who made key contributions to this testimony are Carol Cha, Assistant Director; Shannin O'Neill, Assistant Director; Sabine Paul, Assistant Director; Bradley Becker; Lee McCracken; Kevin Walsh; and Eric Winter. [End of section] Footnotes: [1] GAO, Information Technology: Treasury Needs to Better Define and Implement Its Earned Value Management Policy, [hyperlink, http://www.gao.gov/products/GAO-08-951] (Washington, D.C.: Sept. 22, 2008); Information Technology: Further Improvements Needed to Identify and Oversee Poorly Planned and Performing Projects, [hyperlink, http://www.gao.gov/products/GAO-07-1211T] (Washington, D.C.: Sept. 20, 2007); Information Technology: Improvements Needed to More Accurately Identify and Better Oversee Risky Projects Totaling Billions of Dollars, [hyperlink, http://www.gao.gov/products/GAO-06-1099T] (Washington, D.C.: Sept. 7, 2006); Information Technology: Agencies and OMB Should Strengthen Processes for Identifying and Overseeing High Risk Projects, [hyperlink, http://www.gao.gov/products/GAO-06-647] (Washington, D.C.: June 15, 2006). [2] GAO, Information Technology: OMB Can Make more Effective Use of Its Investment Reviews, [hyperlink, http://www.gao.gov/products/GAO-05-276] (Washington, D.C.: April 15, 2005). [3] GAO, Air Traffic Control: FAA Uses Earned Value Techniques to Help Manage Information Technology Acquisitions, but Needs to Clarify Policy and Strengthen Oversight, [hyperlink, http://www.gao.gov/products/GAO-08-756] (Washington, D.C.: July 18, 2008); GAO, Information Technology: Treasury Needs to Better Define and Implement Its Earned Value Management Policy, [hyperlink, http://www.gao.gov/products/GAO-08-951] (Washington, D.C.: September 22, 2008). [4] 44 U.S.C. � 3504(h) & 3506(h). [5] 40 U.S.C. � 11312 &11313. [6] 40 U.S.C. � 11302 &11303. [7] GAO, Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity, [hyperlink, http://www.gao.gov/products/GAO-04-394G] (Washington, D.C.: March 2004). [8] An enterprise architecture is an organizational blueprint that defines--in logical or business terms and in technology terms--how an organization operates today, intends to operate in the future, and intends to invest in technology to transition to this future state. [9] OMB, Circular A-130; National Institute of Standards and Technology, Information Management Directions: The Integration Challenge, Special Publication 500-167 (September 1989); and CIO Council, Federal Enterprise Architecture Framework, Version 1.1 (September 1999). [10] The Business Reference Model is intended to describe the business operations of the federal government independent of the agencies that perform them, including defining the services provided to state and local governments. The Performance Reference Model is to provide a common set of general performance outputs and measures for agencies to use to achieve business goals and objectives. The Data and Information Reference Model is to describe, at an aggregate level, the type of data and information that support program and business line operations, and the relationships among these types. The Service Component Reference Model is to identify and classify IT service (i.e., application) components that support federal agencies and promote the reuse of components across agencies. The Technical Reference Model is to describe how technology is supporting the delivery of service components, including relevant standards for implementing the technology. [11] [hyperlink, http://www.gao.gov/products/GAO-08-1051T]. [12] [hyperlink, http://www.gao.gov/products/GAO-05-276]. [13] [hyperlink, http://www.gao.gov/products/GAO-06-647]. [14] [hyperlink, http://www.gao.gov/products/GAO-08-1051T]. [15] [hyperlink, http://www.gao.gov/products/GAO-06-250]. [16] OMB Memorandum, M-05-23 (Aug. 4, 2005). [17] [hyperlink, http://www.gao.gov/products/GAO-08-951]. [18] [hyperlink, http://www.gao.gov/products/GAO-08-756]. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO‘s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO‘s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: