GAO, OMB disagree on high-risk projects oversight

Editor's note: This story was updated at 10:20 a.m. July 19, 2006, to correct that Karen Evans, not David Powner, wrote a letter in response to the Government Accountability Office's report.

The agency that sets standards and gives governmentwide guidance needs to apply consistent standards in grading high-risk information technology projects, according to a report released today.

The Government Accountability Office recommended that the Office of Management and Budget direct agencies to apply consistent standards regarding high-risk projects. It should create a single list of high-risk projects and their deficiencies, and OMB should establish a structured process to update those projects, the report states.

OMB disagreed with GAO’s assessment.

“We believe the process and the criteria for designating projects as high risk are clear in the policy, and some flexibility in the application of the criteria is essential,” Karen Evans, OMB's administrator for e-government and IT, wrote in response to the report.

“We do not believe flexibility in the process equals inconsistency in the application of the criteria,” she added.

She wrote that she believes GAO is wrong in implying that agencies will not be able to oversee projects without more guidance. Instead, she wrote that the report suggests agencies use the policy to improve their internal oversight.

Evans also disagreed with the proposal to create an aggregate list of high-risk projects. She said it is unnecessary for OMB to oversee and manage the projects.

Without such a list, GAO said OMB misses an opportunity to analyze governmentwide trends among high-risk projects.


  • Government Innovation Awards
    Government Innovation Awards -

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected