Legacy systems still power much of government

Federal agencies spend about 70 percent of their IT budgets on legacy systems and 30 percent on developing new systems, according to a Government Accountability Office report released in November.

Let those numbers sink in: In fiscal 2011, 26 agencies spent $79 billion on IT, and $54 billion of it went to existing systems, leaving just $25 billion to develop new applications and technology.

Bob Woods, president of Topside Consulting Group and former commissioner of the General Services Administration’s Federal Technology Service, likens agencies’ current IT spending to an iceberg: The operations and maintenance (O&M) chunk is the bottom of the iceberg, hidden below the water, and the money spent on development is the part of the iceberg above the surface.

“That iceberg is sinking,” Woods said. “The O&M percentage is increasing, and agencies have been struggling with this. They need money to invest and do development right, and they need to do it right to preserve applications and mission support. But in many cases, they don’t have it, and they keep feeding O&M systems that are sucking up their money.”

Many federal systems still run Common Business-Oriented Language (COBOL), a programming language first developed in 1959, according to officials at several agencies.

Most officials involved in federal IT admit that legacy systems are a major challenge. GSA CIO Casey Coleman recently told an Association for Federal Information Resources Management audience that legacy systems were “really our challenge,” and Department of Homeland Security CIO Richard Spires told the same group that “a significant amount of legacy brings a significant amount of solutions with it," asking: "How do we migrate from that state to a better state?" But solutions aren’t always easy to implement, Woods said.

Agencies sometimes avoid virtualizing servers out of fear of losing ownership of older applications, and they continue financially supporting some older systems — like those running COBOL — because they don’t want to get rid of systems that have a history of reliability.

“Sometimes you have to kill systems that are obsolete, and that can be hard to do,” Woods said. “These systems have functionality of some sort, and someone thinks they have to have it. But you could either move that functional service to somewhere else or you could find a simpler commercial package that can be customized for an agency.”

But agencies first need to take a closer look at what they have and what they’re using it for. “A lot of this requires a re-engineering of the business process,” Woods said. “You get services from different sources. Sometimes you kill something and keep its functional parts, but it requires action. It requires someone to go in and take a look at the business processes at work here. There are lots of options, but lots of times IT shops are reluctant to get into the rough business process. But you know, business people are always smart about what’s available in IT.”

In other words, following the same old approach in IT spending won’t work, Woods said, and he’s not the only IT expert making that argument.

“These are tough financial times, and what tends to happen is we hunker down on that which we know,” said Dave Wennergren, the Defense Department’s assistant deputy chief management officer, speaking at a FedInsider Executive Leadership Forum Nov. 27.

“What’s easier: the new idea or the idea we know well?” Wennergren asked. “We need strategies that allow us to turn the status quo on its head.”

A good start would be for agencies to begin fully following existing investment oversight policies. GAO’s recent report shows that many agencies fail to annually assess the performance of their investments in legacy IT systems, or so-called steady-state investments.

GAO focused on five big-spending departments — DOD, DHS, Health and Human Services, Treasury, and Veterans Affairs — and found more than $3 billion in steady-state investments in fiscal 2011 that had not undergone the required operational analyses.

Furthermore, the report states that DOD, VA and Treasury did not have a policy in place or perform analyses on 23 major steady-state investments totaling $2.1 billion.

“We didn’t see a single operational analysis done,” said David Powner, director of IT management issues at GAO. “It was kind of big news there. If that much money is going toward O&M, we want to make sure it is continuing to meet mission needs.”

Officials from VA and DOD responded in the GAO report that operational analyses were not always necessary because the departments already develop plans and business cases called Exhibit 300s.

But GAO said those reports don’t highlight important metrics such as how a steady-state investment is performing, and auditors recommended that agencies report the results of operational analyses on the IT Dashboard.

“It should be great transparency,” Powner said. “If we do these operational analyses, maybe we can move some money from that 70 percent bucket into that 30 percent bucket, and spend more money on modernizing the government and less on keeping old systems going.”