A GAO report has found that have only implemented 61 percent of the IT-related recommendations made by GAO since 2010, and 66 percent of the approximately 2,700 security-related recommendations, and to better manage acquisition operations and cybersecurity more need to be completed.
Some of the significant recommendations that remain outstanding include:
Chief Information Officer (CIO) responsibilities. Laws such as the Federal Information Technology Acquisition Reform Act (FITARA) and related guidance assigned 35 key IT management responsibilities to CIOs to help address longstanding challenges. However, in a draft report on CIO responsibilities, GAO’s preliminary results suggest that none of the 24 selected agencies have policies that fully address the role of their CIO, as called for by federal laws and guidance. GAO intends to recommend that OMB and each of the selected 24 agencies take actions to improve the effectiveness of CIO’s implementation of their responsibilities.
IT contract approval. According to FITARA, covered agencies’ CIOs are required to review and approve IT contracts. Nevertheless, in January 2018, GAO reported that most of the CIOs at 22 selected agencies were not adequately involved in reviewing billions of dollars of IT acquisitions. Consequently, GAO made 39 recommendations to improve CIO oversight over IT acquisitions.
Consolidating data centers. OMB launched an initiative in 2010 to reduce data centers, which was codified and expanded in FITARA. According to agencies, data center consolidation and optimization efforts have resulted in approximately $3.9 billion of cost savings through 2018. Even so, additional work remains. GAO has made 160 recommendations to OMB and agencies to improve the reporting of related cost savings and to achieve optimization targets; however, as of May 2018, 80 of the recommendations have not been fully addressed.
Managing software licenses. Effective management of software licenses can help avoid purchasing too many licenses that result in unused software. In May 2014, GAO reported that better management of licenses was needed to achieve savings, and made 135 recommendations to improve such management. Four years later, 78 of the recommendations remained open.
Improving the security of federal IT systems. While the government has acted to protect federal information systems, agencies need to improve security programs, cyber capabilities, and the protection of personally identifiable information. Over the last several years, GAO has made about 2,700 recommendations to agencies aimed at improving the security of federal systems and information. These recommendations identified actions for agencies to take to strengthen their information security programs and technical controls over their computer networks and systems. As of May 2018, about 800 of the information security-related recommendations had not been implemented.
GAO carried out this study because the federal government plans to invest almost $96 billion in IT in fiscal year 2018 and historically, IT investments have too often failed or contributed little to mission-related outcomes.