Are CIOs being frank with the IT dashboard?
- By Zach Noble
- Jun 02, 2016
CIOs in various agencies are undercutting the usefulness of the federal IT dashboard, Government Accountability Office watchdogs warn.
The dashboard is meant to offer feds and the public alike a way to keep tabs on how IT investments are likely to proceed, but in a report released June 2, GAO found that many agency CIOs are giving green "low risk" ratings to projects that are actually medium- or high-risk.
GAO estimated risk ratings for 95 IT investments, and asserted that its projections determined higher risk ratings than agency CIOs gave for 65 percent of those projects.
In some cases, agencies didn't update assessments often enough, while in others they ignored active risks, GAO said.
"Consequently, the associated risk rating processes used by the agencies generally are understating the level of risk, raising the likelihood that critical federal investments in IT are not receiving the appropriate levels of oversight," the report stated.
The Defense Department was among the worst offenders. GAO concluded that more than a dozen projects to which the DOD had given green, low-risk ratings actually deserved red, high-risk scores. (This has long been a problem for the Pentagon, according to GAO.) DOD also failed to update ratings for any of its 25 projects that GAO reviewed in April.
Under current Office of Management and Budget guidance, agencies are required to update their ratings at least once a month, but DOD is one of a few agencies -- along with the Social Security Administration and Education Department -- that does not meet this standard.
GAO's report took a dim view of the fact that OMB plans to eliminate the monthly update requirement for fiscal 2018, noting that regular review is key to accurate risk assessments.
Across 17 agencies, GAO found mixed approaches to calculating CIO dashboard ratings.
Nine agencies used all six of OMB's recommended criteria: risk management, requirements management, contractor oversight, historical performance, human capital and "other."
The rest picked and chose.
The Health and Human Services Department's sparse formula drew only on historical performance and "other" criteria from OMB's list.
Most agencies agreed with GAO's recommendations to consider active risks and update their ratings more regularly.
The Homeland Security Department, DOD and Environmental Protection Agency, on the other hand, defended their existing risk assessment schema against GAO's recommendations.
Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.
Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.
Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.
Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.