STATEMENT OF THE
HONORABLE KAREN EVANS
ADMINISTRATOR FOR ELECTRONIC GOVERNMENT AND
OFFICE OF MANAGEMENT AND BUDGET
BEFORE THE SUBCOMMITTEE ON FEDERAL FINANCIAL MANAGEMENT,
GOVERNMENT INFORMATION, FEDERAL SERVICES,
AND INTERNATIONAL SECURITY
SENATE HOMELAND AND GOVERNMENTAL AFFAIRS COMMITTEE
September 20, 2007
Good afternoon, Mr. Chairman and Members of the Subcommittee. My remarks will focus on the Administration’s strategy and progress in tracking, analyzing and evaluating the Federal government’s information technology (IT) investments.
The President proposed to spend roughly $66 billion in FY2008 for IT and associated support services to bolster the multiple and wide-ranging missions of the Federal government. When well executed these IT investments help improve the ability of the government’s programs and operations to more effectively deliver services, products, and information to the public.
OMB facilitates the process by which agencies successfully and securely plan, implement, and manage their IT investments. In particular, you have requested a discussion of the effectiveness of the tools we employ throughout the year to oversee major capital investments in information technology. After providing you with an overview of the entire process, I would then like to discuss two specific tools used -- the “Management Watch List” and our “high-risk list”. In general, OMB executes its responsibilities using various methods such as:
- Reviewing agencies’ annual budget submissions;
- Engaging with agencies throughout the year on such issues as the electronic government scorecard of the President’s Management Agenda (PMA); and
- Monitoring specific projects of interest to OMB.
IT Investments and The Budget Cycle
Each year, OMB updates and issues guidance, called Circular A-11, to the agencies for preparing, submitting and executing the budget.1 Agency submissions must reflect the policies of the President, including implementation of the President’s Management Agenda initiatives.
Two sections of this Circular provide additional guidance about IT funding requests specifically targeted at agency project planning.2 Agencies must answer direct questions on performance goals and measures, project management, alternative analysis, Enterprise Architecture earned value management, security plans, and privacy impact assessments.
Agencies must also include in their response supporting details in a “Capital Asset Plan and Business Case” (business case), or OMB Exhibit 300. Please note business cases are primarily executive summaries of detailed planning documents. Performance information is obtained and evaluated via other metrics which I will describe shortly. OMB reviews and evaluates these business cases as a part of our overall assessments of an agency's entire budget submission. Our summary of where agencies stand with their planning for IT investments is reported as part of Analytical Perspectives, Chapter 9, “Integrating Services with Information Technology” in the President's FY2008 Budget.3
This report is an OMB requirement under the Clinger-Cohen Act. As I have discussed in previous testimony on similar topics, the Clinger-Cohen Act establishes processes for executive agencies to analyze, track, and evaluate the risks and results of major capital investments for information systems.
It is important to note, OMB is but one of the intended audiences for the business case – the primary audiences are the agency officials and their investment review boards. These managers should use the business cases to effectively manage their own IT portfolios and submit to OMB only those investment requests meeting criteria specified in law and or OMB policies and supporting the priorities of the Administration.
Agencies submit their overall Agency IT Investment Portfolio as OMB Exhibit 53. For the FY 09 budget cycle, we have modified the exhibit 53 adding a “High Risk Project designations” as a new investment category for projects that are only portions of a larger consolidated investment. For the first time agencies will also identify whether or not each individual investment in their exhibit 53 is included on their quarterly High Risk List report.
Using the President’s Management Agenda Scorecard to Assist Oversight
Each quarter agencies receive a scorecard reporting their progress and status in achieving Government-wide goals under the PMA. OMB analyzes information provided on business cases when evaluating agencies’ activities pertaining to the Electronic Government component of the scorecard.
We deliberately included a criterion for “acceptable business cases” to emphasize its importance in effective IT investment management. It is just one of a number of components agencies must satisfy to get to green (or yellow) for the scorecard. Agency scores are posted quarterly at http://results.gov/agenda/scorecard.html.
The Management Watch List in the President’s FY2008 Budget
The information included in each business case ultimately helps OMB and the agencies ensure effectively planned IT investments and improve portfolio management. Business cases reflecting one or more planning weaknesses are placed on the “management watch list” and are targeted for follow-up.
The FY2008 President’s budget proposes approximately $66 billion for IT and associated support services. Of the 840 business cases submitted this year, there were initially 346, valued at least $14.4 billion, not meeting the criteria for success as defined in the President’s Management Agenda Scorecard. However, agencies, with the support of OMB, have an opportunity to remediate these deficiencies and monitor progress after the initial reporting period. This year, OMB collaborated with the President’s Council on Integrity and Efficiency as well as relevant agency Inspector Generals to assist with the independent verification and validation for areas of concern. I am pleased to report that as of August 2007, there were 136 business cases remaining on the Management Watch List with at least $8.6 billion in projected IT spending for FY2008, a decrease of $5.8 billion from the list published in February 2007.
Improving Project Performance with the High-Risk List
Having described a business case as a planning document and the Management Watch List as a tool used by OMB to track agency project planning, I would also like to describe another indicator – the high risk list. The high risk list is used to analyze and evaluate actual project execution and performance.
Over the past several years, agencies have striven to improve the quality of their IT project planning and justification, but the realization that it is important to continue this improvement during the execution phase of the IT project is a more recent development. OMB guidance4 now describes specific procedures to assist agencies’ improvement of project planning and implementation of earned value management.
The objective of our analysis is to manage the risk associated with the IT project each quarter to achieve the intended outcomes. Each quarter agencies evaluate and report to us on the performance of high risk projects. These projects are considered high-risk, requiring special attention from the highest level of agency management and oversight authorities due to the size, complexity, and/or nature of the risk of the project, but are not necessarily at-risk. For example, a successfully performing project may still be classified as high-risk due to exceptionally high costs and or complexity. For example, all e-government initiatives have been determined to be “high risk” and therefore are reported on agency quarterly reports.
Oversight authorities and agency management have tangible data on the performance of projects at least quarterly to better ensure improved execution and performance. Agency managers and oversight authorities should know within 90 days if a project is not performing well. OMB then works in partnership with agencies and GAO to address deficiencies in high-risk programs. It is therefore a collaborative effort to manage project risk and avoid problems should they occur or catch them early before taxpayers’ dollars are wasted.
The "high risk list" approach is separate and distinct from the “management watch list” since it presents oversight authorities with information differing in focus, timing, and expected results. It is not designed to replace pre-existing oversight and internal agency processes, but rather to supplement and complement them. This concludes my presentation of the Administration’s strategy and progress to date in analyzing, tracking, and evaluating the results of the government’s IT investments.
1 Circular A-11, “Preparation, Submission, and Execution of the Budget”, /omb/budget/fy2008/.