Oversight

Are CIOs being frank with the IT dashboard?

question mark made of dollar

CIOs in various agencies are undercutting the usefulness of the federal IT dashboard, Government Accountability Office watchdogs warn.

The dashboard is meant to offer feds and the public alike a way to keep tabs on how IT investments are likely to proceed, but in a report released June 2, GAO found that many agency CIOs are giving green "low risk" ratings to projects that are actually medium- or high-risk.

GAO estimated risk ratings for 95 IT investments, and asserted that its projections determined higher risk ratings than agency CIOs gave for 65 percent of those projects.

In some cases, agencies didn't update assessments often enough, while in others they ignored active risks, GAO said.

"Consequently, the associated risk rating processes used by the agencies generally are understating the level of risk, raising the likelihood that critical federal investments in IT are not receiving the appropriate levels of oversight," the report stated.

The Defense Department was among the worst offenders. GAO concluded that more than a dozen projects to which the DOD had given green, low-risk ratings actually deserved red, high-risk scores. (This has long been a problem for the Pentagon, according to GAO.)  DOD also failed to update ratings for any of its 25 projects that GAO reviewed in April.

Under current Office of Management and Budget guidance, agencies are required to update their ratings at least once a month, but DOD is one of a few agencies -- along with the Social Security Administration and Education Department -- that does not meet this standard.

GAO's report took a dim view of the fact that OMB plans to eliminate the monthly update requirement for fiscal 2018, noting that regular review is key to accurate risk assessments.

Across 17 agencies, GAO found mixed approaches to calculating CIO dashboard ratings.

Nine agencies used all six of OMB's recommended criteria: risk management, requirements management, contractor oversight, historical performance, human capital and "other."

The rest picked and chose.

The Health and Human Services Department's sparse formula drew only on historical performance and "other" criteria from OMB's list.

Most agencies agreed with GAO's recommendations to consider active risks and update their ratings more regularly.

The Homeland Security Department, DOD and Environmental Protection Agency, on the other hand, defended their existing risk assessment schema against GAO's recommendations.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.