GAO warns Census IT efforts are lagging

The Census Bureau may miss targets on a major IT modernization plan ahead of the 2020 population count, according to a Government Accountability Office report made public Sept. 8.

Census plans employ more technology for the 2020 enumeration than ever, and is simultaneously working toward a more streamlined agency-wide IT system under its Census Enterprise Data Collection and Process program. CEDCaP will centralize data collection for all census activity.

However, GAO is worried that the 2020 Census and CEDCaP are tied together in important ways that are not reflected in a coordinated strategy, even as end-to-end testing is slated to begin in August 2017.

The report states two programs have disparate dependency schedules, rather than a single, integrated one, which has led to the misalignment of milestones. Specifically, seven of CEDCaP's 13 major releases are intended to match the operations of the 2020 Census, but the two schedules do not use the same software, do not automatically update to any changes and are not planned through the entirety of census operations.

The programs also lack similar integration in recognizing program risks. Because there is no collaborative, comprehensive risk catalog, certain risks that could impact both programs have been inconsistently identified.

Additionally, the Bureau's Office of Innovation and Implementation, which serves as the bridge between the requirements of the 2020 Census and CEDCaP programs, has not finalized its plan for soliciting and managing stakeholder input, and does not plan to do so until January 2017.

Furthermore, the Bureau lacks specific definitions relating to its validations of non-ID response. The report stated this is "especially concerning, as incomplete and late definition of requirements proved to be serious issues for the 2010 Census."

Auditors also assessed three CEDCaP projects the Bureau considered "the highest priority" for their compliance with best practices. Generally, the projects meet best practices for correcting potential performance deviations, but do not for identifying those deviations.

This is not the first time GAO has probed into CEDCaP operations. July the watchdog questioned why Census excluded CEDCaP from its operational cost estimate.

Moreover, auditors noted that Census faces critical information security challenges associated with the expanded reliance on IT, including phishing threats, secure storage of sensitive data collected from participants and adequate protection of mobile devices and training of the Bureau's workforce.

GAO made eight recommendations to the Department of Commerce, the Bureau's parent agency, to improve CEDCaP delivery, including determining the CEDCaP program office's current cost estimate, improving coordination between 2020 Census and CEDCaP programs and providing clear definitions to outstanding requirements.

Commerce agreed with all of the recommendations and indicated it would take action to address them.