Agencies failing key agile test

Most agencies are failing to certify implementation of incremental development on major software projects, despite a FITARA requirement that they do so, according to a new oversight report.

The Government Accountability Office looked at 166 major software development investments posted on the federal IT Dashboard, and found that most did not include certification from the agency CIO that incremental development was being used.

Only four agencies -- the Departments of Commerce, Energy, Homeland Security and Transportation -- got top marks for including a description of the CIO role in certification, a description of documentation, a definition for incremental development and details on the time frames used in software tests and releases.

Several other agencies -- the Departments of Agriculture, Housing and Urban Development, Justice, State and Treasury, along with the Environmental Protection Agency -- bombed the GAO test, failing to report a 'yes' in any of those categories.

In some cases, agencies cited a lack of expertise, overtaxed staff, inefficient governance and procurement delays as explanations for the lack of documentation.

Other instances, though, point to how the peculiar demands of federal systems can make a bad fit with the quick cycles of agile development.

At Treasury, IRS systems are subject to changes in tax law and other legislation, and modifications can't be made on precise delivery schedules. At the Social Security Administration, old, unstructured code with interdependencies across systems makes it difficult to modernize legacy applications on six-month cycles. At Justice, most of the major projects involve telecommunications and network infrastructure, and aren't treated like IT for oversight purposes.

Officials at the federal CIO's office acknowledged these issues, according to the report. The Office of Management and Budget plans to stop requiring CIO certification in the business case reports for major IT investments. Instead, OMB will ask agencies to provide details on compliance with the incremental development provisions of FITARA separately starting in fiscal year 2018.

According to GAO, "OMB's fiscal year 2018 capital planning guidance was a step backward, and OMB could not demonstrate how the guidance ensured that agencies provided the certifications specifically called for in [FITARA]." The report notes that new guidance for fiscal year 2019, released in August, recognizes "the importance of providing clear direction to CIOs and how critical it is for agencies to create IT systems that add value while reducing the risks associated with low-value and wasteful investments."

Most agencies agreed with the GAO's recommendations. USAID, NASA, and the Nuclear Regulatory Commission each set out deadlines for adding CIO certification of incremental development. The Department of Veterans Affairs noted that its existing Veteran-focused Implementation Process is effectively a stand-in for the certification GAO is seeking, and said it would document this for GAO auditors.