GAO criticizes IT spending at HHS, CMS

CMS Needs to Establish Critical Investment Management Capabilities

Related Links

HHS report

In two reports, the Government Accountability Office has criticized the Department of Health and Human Services and the Centers for Medicaid and Medicare Services, an HHS agency, for poor management of information technology spending.

Both reports, issued Nov. 28, conclude that HHS and CMS executives do a better job of evaluating plans for new IT systems than of monitoring what happens after system development is approved.

HHS is spending about $5 billion on IT this year. About $3 billion of the total will go to state governments for development and operation of systems for administering HHS-sponsored programs, such as Medicaid. But GAO said the HHS-funded systems projects carried out by states get less systematic oversight than spending within the federal agency.

In addition, according to the HHS report, “the department’s senior investment board does not regularly review component agencies’ IT investments, leaving close to 90 percent of its discretionary investments without an appropriate level of executive oversight.”

The reports did not cite specific examples of waste or abuse. Instead, the two reports focused on the processes in place to manage IT investments. The reports were requested by Sen. Charles Grassley (R-Iowa), chairman of the Senate Finance Committee.

The auditors took particular issue with the processes at CMS, which is in the midst of setting up the kind of careful review process recommended by GAO. For example, CMS has an IT investment review board (ITIRB), the report said, “but the board has not yet been involved in systematically controlling investments. In addition, the board has not been actively maintaining the organization’s documented IT investment management process.”

The auditors added: “For the fiscal year 2006/2007 budget cycle, CMS’s ITIRB developed and used criteria, including alignment with IT strategic goals and primary business drivers, for the selection process. However, these criteria did not include cost, benefit, schedule, and risk factors.”

While HHS officials generally accepted GAO’s findings, CMS Administrator Mark McClellan took issue with the report on his agency. In his official response, McClellan called it misleading and wrote, “effective management of IT investments is a critical priority at CMS. This includes many improvements to our IT investment process that were not fully reflected in GAO’s report.”


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.