<DOC>
[109th Congress House Hearings]
[From the U.S. Government Printing Office via GPO Access]
[DOCID: f:20953.wais]
OMB MANAGEMENT WATCH LIST: $65 BILLION REASONS TO ENSURE THE FEDERAL
GOVERNMENT IS EFFECTIVELY MANAGING INFORMATION TECHNOLOGY INVESTMENTS
=======================================================================
HEARING
before the
COMMITTEE ON
GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED NINTH CONGRESS
FIRST SESSION
__________
APRIL 21, 2005
__________
Serial No. 109-20
__________
Printed for the use of the Committee on Government Reform
Available via the World Wide Web: http://www.gpo.gov/congress/house
http://www.house.gov/reform
______
U.S. GOVERNMENT PRINTING OFFICE
20-953 WASHINGTON : 2005
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512ÿ091800
Fax: (202) 512ÿ092250 Mail: Stop SSOP, Washington, DC 20402ÿ090001
COMMITTEE ON GOVERNMENT REFORM
TOM DAVIS, Virginia, Chairman
CHRISTOPHER SHAYS, Connecticut HENRY A. WAXMAN, California
DAN BURTON, Indiana TOM LANTOS, California
ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York
JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York
JOHN L. MICA, Florida PAUL E. KANJORSKI, Pennsylvania
GIL GUTKNECHT, Minnesota CAROLYN B. MALONEY, New York
MARK E. SOUDER, Indiana ELIJAH E. CUMMINGS, Maryland
STEVEN C. LaTOURETTE, Ohio DENNIS J. KUCINICH, Ohio
TODD RUSSELL PLATTS, Pennsylvania DANNY K. DAVIS, Illinois
CHRIS CANNON, Utah WM. LACY CLAY, Missouri
JOHN J. DUNCAN, Jr., Tennessee DIANE E. WATSON, California
CANDICE S. MILLER, Michigan STEPHEN F. LYNCH, Massachusetts
MICHAEL R. TURNER, Ohio CHRIS VAN HOLLEN, Maryland
DARRELL E. ISSA, California LINDA T. SANCHEZ, California
GINNY BROWN-WAITE, Florida C.A. DUTCH RUPPERSBERGER, Maryland
JON C. PORTER, Nevada BRIAN HIGGINS, New York
KENNY MARCHANT, Texas ELEANOR HOLMES NORTON, District of
LYNN A. WESTMORELAND, Georgia Columbia
PATRICK T. McHENRY, North Carolina ------
CHARLES W. DENT, Pennsylvania BERNARD SANDERS, Vermont
VIRGINIA FOXX, North Carolina (Independent)
------ ------
Melissa Wojciak, Staff Director
David Marin, Deputy Staff Director/Communications Director
Rob Borden, Parliamentarian
Teresa Austin, Chief Clerk
Phil Barnett, Minority Chief of Staff/Chief Counsel
C O N T E N T S
----------
Page
Hearing held on April 21, 2005................................... 1
Statement of:
Evans, Karen, Administrator, Electronic Government and
Information Technology, Office of Management and Budget;
David Powner, Director, Information Technology Management
Issues, Government Accountability Office, accompanied by
Lester Diamond, Assistant Director......................... 9
Evans, Karen............................................. 9
Powner, David A.......................................... 18
Matthews, Dan, Chief Information Officer, U.S. Department of
Transportation, accompanied by Darren B. Ash; Robert
McFarland, Assistant Secretary for Information Technology,
U.S. Department of Veterans Affairs; Rosita Parkes, Chief
Information Officer, U.S. Department of Energy; and Lisa
Schlosser, Chief Information Officer, U.S. Department of
Housing and Urban Development.............................. 40
Matthews, Dan............................................ 40
McFarland, Robert........................................ 48
Parkes, Rosita O......................................... 51
Schlosser, Lisa.......................................... 54
Letters, statements, etc., submitted for the record by:
Cummings, Hon. Elijah E., a Representative in Congress from
the State of Maryland, prepared statement of............... 64
Davis, Chairman Tom, a Representative in Congress from the
State of Virginia, prepared statement of................... 3
Evans, Karen, Administrator, Electronic Government and
Information Technology, Office of Management and Budget,
prepared statement of...................................... 12
Matthews, Dan, Chief Information Officer, U.S. Department of
Transportation, prepared statement of...................... 43
McFarland, Robert, Assistant Secretary for Information
Technology, U.S. Department of Veterans Affairs, prepared
statement of............................................... 49
Parkes, Rosita, Chief Information Officer, U.S. Department of
Energy, prepared statement of.............................. 52
Porter, Hon. Jon C., a Representative in Congress from the
State of Nevada, prepared statement of..................... 67
Powner, David, Director, Information Technology Management
Issues, Government Accountability Office, prepared
statement of............................................... 20
Schlosser, Lisa, Chief Information Officer, U.S. Department
of Housing and Urban Development, prepared statement of.... 55
Waxman, Hon. Henry A., a Representative in Congress from the
State of California, prepared statement of................. 6
OMB MANAGEMENT WATCH LIST: $65 BILLION REASONS TO ENSURE THE FEDERAL
GOVERNMENT IS EFFECTIVELY MANAGING INFORMATION TECHNOLOGY INVESTMENTS
----------
THURSDAY, APRIL 21, 2005
House of Representatives,
Committee on Government Reform,
Washington, DC.
The committee met, pursuant to notice, at 10:10 a.m., in
room 2154, Rayburn House Office Building, Hon. Tom Davis
(chairman of the committee) presiding.
Present: Representatives Davis, Porter, Marchant, Waxman,
Cummings, Kucinich, Watson, Ruppersberger, and Norton.
Staff present: Melissa Wojciak, staff director; David
Marin, deputy staff director/communications director; Rob
White, press secretary; Drew Crockett, deputy director of
communications; Victoria Proctor, senior professional staff;
Jaime Hjort, professional staff member; Teresa Austin, chief
clerk; Sarah D'Orsie, deputy clerk; Corinne Zaccagnini, chief
information officer; Chas Phillips, policy counsel; Kristin
Amerling, minority deputy chief counsel; Karen Lightfoot,
minority communications director, senior policy advisor; Adam
Bordes and Nancy Scola, minority professional staff members;
Earley Green, minority chief clerk; and Jean Gosa, minority
assistant clerk.
Chairman Davis. Good morning. A quorum being present, the
committee will come to order.
I want to welcome everybody to today's hearing on the OMB
watch list. The President's fiscal year 2006 IT budget request
for the Federal Government is over $65 billion, and that figure
is expected to rise continually throughout the rest of the
decade. Given this fact, it is essential that the Federal
Government manage IT investments efficiently. The Federal
Government must acquire systems and services that not only
provide the highest quality for Government employees, but also
provide the best value for the taxpayer dollar.
Under the Clinger-Cohen Act, OMB is required to establish
processes to analyze, track, and evaluate the risks and results
of major capital investments in information systems made by
Federal agencies. For fiscal year 2005, OMB established a
management watch list of mission-critical projects that have
exhibited shortfalls in performance measures, project
management, IT security, or overall justification. According to
OMB's testimony before this committee last year, agencies with
projects on the watch list are required to correct weaknesses
and deficiencies or risk OMB placing limits on their spending.
Of the $60 billion dedicated for Federal IT spending in
fiscal year 2005, $22 billion represented projects on the watch
list. This is over half of all Federal IT initiatives. This
year there are more than 1,000 IT projects. OMB reported there
are 342 projects, representing about $15 billion on the watch
list. This represents a significant improvement, one I hope we
can continue.
I want to commend OMB for creating this management tool to
address significant challenges facing the Federal Government.
But at the same time, I want to make sure that it is being used
effectively. There is some concern that OMB has not fully
exploited the opportunity to use the watch list as a tool for
analyzing IT investments on a government-wide basis. I am
concerned that there is no aggregate list, per se.
It is my understanding that OMB did not develop a single
list of projects meeting their watch list criteria, but instead
relied on individual analysts to evaluate the agencies and
simply compile the results. Without a comprehensive list of
projects and their identified weaknesses, we are apprehensive
about OMB's ability to effectively followup with these agencies
to determine whether they have addressed the weaknesses
associated with projects on the watch list.
Now today's primary purpose is to get a better
understanding of OMB's use of the watch list. In particular,
the committee is interested in determining if the concept of
the watch list could be more effectively utilized by the
Federal Government as a tool to manage information technology
investments. Additionally, the committee looks forward to
learning how OMB coordinates with individual agencies to
identify and resolve IT-related challenges.
In a report requested by the committee last year, the GAO
evaluated OMB's processes regarding placing projects on the
watch list and following up on corrective actions established
for projects on the watch list. GAO will be releasing this
report to the public today, and we look forward to discussing
the results of their research.
We have two distinguished panels of witnesses. Our first
panel, we will hear from Karen Evans again from OMB, and David
Powner from the Government Accountability Office, and we will
discuss the watch list from a government-wide perspective. Our
second panel features representatives from the Department of
Transportation, Housing and Urban Development, Energy, and
Veterans Affairs. These representatives will explain the nature
of their projects on the watch list as well as efforts they
have taken to resolve the issues that have led to their
placement on the watch list.
I want to welcome the witnesses to today's hearing. I look
forward to your testimony.
[The prepared statement of Chairman Tom Davis follows:]
[GRAPHIC] [TIFF OMITTED] T0953.001
[GRAPHIC] [TIFF OMITTED] T0953.002
Chairman Davis. Mr. Waxman.
Mr. Waxman. Thank you, Mr. Chairman. I am pleased that the
committee is continuing its efforts to oversee the way in which
the Federal Government is managing its information technology
investments. The Federal Government has made a considerable
investment in information technology. The President's budget
for fiscal year 2006 includes more than 1,000 major IT projects
that will cost the Federal Government more than $65 billion.
The White House Office of Management and Budget has a
statutory responsibility to evaluate and track the Federal
Government's enormous investment in information technology.
Unfortunately, it is not meeting its responsibility.
For the past few years, OMB has been reporting that it
tracks problem IT projects on what it calls a management watch
list. Last year, OMB reported that more than a third of the
Federal Government's major IT projects were on this list.
However, when members of this committee asked OMB to provide
basic information on what specific projects were on the watch
list and how it was being used, OMB was not responsive.
It is difficult to have confidence that OMB is fulfilling
its responsibilities to monitor IT spending by the Federal
Government when OMB fails to provide essential information
about its tracking methodology.
Now, GAO has taken a closer look at the management watch
list and it has found that OMB does not maintain an aggregate
list of troubled projects. Rather, what OMB calls its watch
list is an ad hoc compilation of lists maintained by a few
individual OMB analysts. No business with $65 billion at stake
would ever manage itself this way. But apparently, different
standards are fine when it is taxpayer money at risk.
GAO is recommending that OMB create and maintain a
government-wide watch list concerning major Federal IT projects
to provide a mechanism for tracking whether problems that have
been identified in any given year have been addressed.
Incredibly, the administration is opposing even this minimal
level of responsibility. I understand OMB disagrees with this
recommendation.
I know we can do better. And I look forward to hearing from
today's witnesses about the merits of having an aggregate
management watch list so that we can gain understanding of how
OMB and other individual Government agencies can improve
management of Federal information technology projects.
Mr. Chairman, I want to make the comment to our witnesses,
on the floor today is the energy bill that has come out of
primarily the Energy and Commerce Committee and this committee.
Later, we will have an amendment from this committee.
Unfortunately, I am not going to be here for a lot of the
testimony, but I will have a chance to review the testimony,
and my staff, of course, is here to follow the issue very
carefully.
[The prepared statement of Hon. Henry A. Waxman follows:]
[GRAPHIC] [TIFF OMITTED] T0953.003
[GRAPHIC] [TIFF OMITTED] T0953.004
[GRAPHIC] [TIFF OMITTED] T0953.005
Chairman Davis. Thank you. We have a Davis-Waxman amendment
and at least one of us is going to have to be there for that.
Mr. Waxman. Better you.
Chairman Davis. Any other Members wishing to make opening
statements? If not, I am going to swear in the first panel. If
you would rise with me and raise your right hands.
[Witnesses sworn.]
Chairman Davis. Let the record reflect that all witnesses
responded in the affirmative.
Mr. Powner, who is the gentleman behind you so we can
identify him for the record?
Mr. Powner. Mr. Lester Diamond, Assistant Director.
Chairman Davis. Thank you very much for being here. I look
forward to your testimony.
Karen, why not start with you, and then we will go to Mr.
Powner. If you can keep it to 5 minutes. But it is a short
panel, I want to make sure you get everything in. Your entire
statement is part of the record. Thank you.
STATEMENTS OF KAREN EVANS, ADMINISTRATOR, ELECTRONIC GOVERNMENT
AND INFORMATION TECHNOLOGY, OFFICE OF MANAGEMENT AND BUDGET;
DAVID POWNER, DIRECTOR, INFORMATION TECHNOLOGY MANAGEMENT
ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE, ACCOMPANIED BY LESTER
DIAMOND, ASSISTANT DIRECTOR
STATEMENT OF KAREN EVANS
Ms. Evans. Good morning, Mr. Chairman and members of the
committee. My remarks will focus on the administration's
strategy and progress to date in planning, managing, and
measuring the results of the Government's technology
investments. You asked me to specifically address OMB's use of
the tool we refer to as the management watch list, and I will
do so, but first I will discuss the overall context within
which this list and our many other oversight tools are used.
For fiscal year 2006, the President is proposing to spend
roughly $65 billion for information technology and associated
services to support the multiple and wide-ranging missions of
the Federal Government. These IT investments help improve the
ability of the Government's programs and operations to more
effectively deliver services, products, and information.
OMB executes its responsibility using various methods such
as reviewing agencies' annual budget submissions, remaining
engaged with agencies throughout the year using the President's
management agenda, and issuing policies and guidance. Each
year, OMB updates issues and guidance to the agencies on
preparing their budget submissions as well as instructions on
budget execution.
Of the more than 40 sections within our guidance, 2 provide
specific additional guidance about IT funding requests. These
sections provide guidance for Federal capital assets. To submit
an investment request for a major IT project, agencies must use
the exhibit 300, also called Capital Asset Plan and Business
Case.
Please note, business cases are primarily planning
documents and used an indicator, but it is not a measurement of
the agency's ability to execute or manage an IT project. This
is an important distinction. OMB reviews and evaluates business
cases as part of its overall evaluation of the entire agency
budget submission. If, based upon OMB's evaluation, a business
case does not successfully meet the evaluation criteria, it is
placed on the management watch list.
The information included in each business case helps OMB
and the agencies ensure correctly planned IT investments. The
President's budget for fiscal year 2005 included approximately
1,200 major IT projects, totaling about $60 billion. Of this
number, OMB reported slightly over half, 621 projects,
representing about $22 billion, as being on the management
watch list.
In my March 3rd testimony of last year about the Federal IT
portfolio, I described this list as consisting of mission-
critical projects needing improved overall justification,
performance measures, project management, or IT security.
Agencies were required to correct identified project weaknesses
and business case deficiencies. Those failing to do so were
subject to additional oversight and requirements prior to
spending. We did place conditions on agency spending in five
instances last year.
This year we continue to use the management watch list as
one of the many tools to oversee agencies' planning for IT
investments and drive improved portfolio management. A total of
1,087 business cases were submitted this year and less than one
third, 342, valued at approximately $15 billion, did not meet
the criteria for success. In November 2004, the 342 investments
were placed on this year's management watch list. As they did
last year, agencies have until the end of the fiscal year to
correct all deficiencies or risk limits on their spending. I am
pleased to report that this year's list currently at this time
has been reduced to 248 projects.
Let me now describe how other tools are used to monitor
actual project execution and performance. In doing so, one will
see, as OMB does, over-emphasis on the management watch list
may lead to unintended consequences.
Although business cases include information design to
identify whether the agency appropriately considered project
performance as part of the project planning, they are but a
snapshot in time and they are not designed to be nor are they
used for measuring project performance. Managing and measuring
project performance is first and foremost an agency
responsibility. OMB then oversees the agencies' activities
under the President's management agenda and its associated
quarterly reporting process.
Each agency receives a scorecard about their progress and
their status in achieving the government-wide goals, such as
achieving 10 percent of cost, schedule, and performance for
their IT portfolio. We deliberately included the criterion for
``acceptable business cases'' to underscore the need for good
capital planning processes to be in place within an agency in
order to produce good business cases.
However, we recognize the business case as an output
measurement. The acceptability of the business cases is just
one of a number of the critical components agencies must
satisfy to get to green or yellow for the E-Government
scorecard. If the business case criteria are not successfully
met, agencies cannot move forward regardless of their
performance on other elements.
Followup is dependent on particular issues identified and
tends to focus on strategic issues or problems existing at a
government-wide or agency-wide programmatic level, not tactical
ones residing with an individual investment.
I appreciate the opportunity to discuss the
administration's strategy in this area. The management watch
list represents just one example of such opportunity and helps
call attention to concerns within the planning for major IT
projects. I will be happy to answer any questions at the
appropriate time.
[The prepared statement of Ms. Evans follows:]
[GRAPHIC] [TIFF OMITTED] T0953.006
[GRAPHIC] [TIFF OMITTED] T0953.007
[GRAPHIC] [TIFF OMITTED] T0953.008
[GRAPHIC] [TIFF OMITTED] T0953.009
[GRAPHIC] [TIFF OMITTED] T0953.010
[GRAPHIC] [TIFF OMITTED] T0953.011
Chairman Davis. Thank you very much.
Mr. Powner.
STATEMENT OF DAVID A. POWNER
Mr. Powner. Chairman Davis, Ranking Member Waxman, and
members of the committee, we appreciate the opportunity to
testify on our report, completed at your request, Mr. Chairman,
on OMB's management watch list. This morning I will summarize
three key points in this report.
First, OMB annually identifies hundreds of IT projects
representing tens of billions of dollars that are at risk;
meaning, there are significant questions about how these
projects are planned and managed. In doing so, it identifies
tremendous opportunities to strengthen investments.
Second, OMB does not have a list. It does not aggregate a
single list that identifies each project and its weaknesses,
and therefore is missing an opportunity to analyze IT
investments on a government-wide basis.
Third, OMB does not consistently monitor the followup
performed, and therefore was unable to tell us progress in
addressing government-wide as well as project-specific
weaknesses. Again, it is missing an opportunity to ensure that
agencies address project weaknesses and that the Government's
investment in IT is not wasted.
Expanding on each of these, first, OMB should be commended
for its analysis of agencies' IT project business cases which
now collectively total over $60 billion annually. In the 2005
budget, OMB highlighted that of approximately 1,200 IT
projects, about half, 620 projects, valued at $22 billion, were
on its management watch list. In the 2006 budget, OMB again
stated that of approximately 1,100 IT projects, about a third,
342, valued at $15 billion, were on its list.
OMB uses a comprehensive scoring process to evaluate each
business case which consists of evaluating 10 categories
associated with project planning and management. These
categories include the project's acquisition strategy, security
plans and processes, and cost and schedule performance.
Projects were placed on the management watch list if they
scored poorly overall or in specific categories that OMB
emphasizes. Either way, being placed on the management watch
list means that these projects clearly have weaknesses in
project planning and management. Thus, OMB identifies
tremendous opportunities to strengthen investments totaling
billions of dollars.
However, a single, aggregate list identifying the projects
and their weaknesses does not exist. To derive the total number
of management watch list projects reported in the President's
budget, OMB poled its individual analysts who have specific
agency responsibilities and compiled the numbers and their
combined value. By not aggregating the projects and weaknesses,
OMB is missing an opportunity for analyzing IT investments on a
government-wide basis.
In addition, OMB does not consistently monitor the followup
performed, and therefore was unable to tell us progress in
addressing government-wide and project-specific weaknesses.
Some projects were followed up during budget preparation. In
addition, OMB officials told us that followup of some
management watch list projects was done through the quarterly
e-gov scorecards associated with the President's management
agenda.
However, OMB could not tell us which of the 621 watch list
projects for 2005 were followed up on. Nor could they describe
the relationship between its followup activities and changes in
the number of projects on the watch list between 2005 and 2006.
In our opinion, the current followup that does occur may
leave unattended weak projects consuming significant budget
dollars. In addition, Mr. Chairman, OMB's ability to report to
the Congress on progress in addressing critical areas needing
attention is limited by not having an aggregate list and
coordinated followup.
To take full advantage of the management watch list, we
make several recommendations, including: developing a central
list, using the list to guide prioritized followup, and
reporting to the Congress on progress in addressing risks in
areas needing additional attention.
In summary, the management watch list creates an ideal
opportunity to improve the Federal Government's IT investments
and ensure that taxpayers' dollars are wisely invested.
However, this opportunity is not being fully exploited because
the list is not aggregated nor are there assurances that
followup is adequate.
This concludes my statement. I would be pleased to respond
to any questions that you or members of the committee have at
this time.
[Note.--The GAO report entitled, ``Information Technology,
OMB Can Make More Effective Use of Its Investment Reviews,''
may be found in committee files.]
[The prepared statement of Mr. Powner follows:]
[GRAPHIC] [TIFF OMITTED] T0953.012
[GRAPHIC] [TIFF OMITTED] T0953.013
[GRAPHIC] [TIFF OMITTED] T0953.014
[GRAPHIC] [TIFF OMITTED] T0953.015
[GRAPHIC] [TIFF OMITTED] T0953.016
[GRAPHIC] [TIFF OMITTED] T0953.017
[GRAPHIC] [TIFF OMITTED] T0953.018
[GRAPHIC] [TIFF OMITTED] T0953.019
[GRAPHIC] [TIFF OMITTED] T0953.020
[GRAPHIC] [TIFF OMITTED] T0953.021
[GRAPHIC] [TIFF OMITTED] T0953.022
[GRAPHIC] [TIFF OMITTED] T0953.023
[GRAPHIC] [TIFF OMITTED] T0953.024
Chairman Davis. Thank you both.
Ms. Evans, given the effort you have put into creating and
using the watch list, it seems that the small additional
investment of creating an aggregate list of projects and
weaknesses could yield significant opportunities and a means to
track progress on agency corrective actions. What is it about
an aggregate management watch list that you either object to or
have not seen reason to move ahead on? Am I missing something?
Ms. Evans. We have had a lot of discussion----
Chairman Davis. I mean, a lot of the criticism in the paper
and GAO's----
Ms. Evans. There is a lot of criticism about----
Chairman Davis. I am just trying to understand your
perspective.
Ms. Evans. Yes, sir. Really, what it comes down to is what
would be the intended outcome of having the aggregate watch
list. We have gone back and forth over what would be the
result, what would change, and what would be the outcome, what
do we really want to achieve.
And when we look at this, is the outcome to have good
business cases, is it to have a passing business case to ensure
that everything that is written down on the business case meets
our criteria? Or is the outcome to really achieve what is
described in the business case; that is, what the dollars are
intended to be invested in?
That really is what we are focusing our efforts on, is does
the agency have the right management practices in place to
ensure what that investment is supposed to achieve. So we work
on it by a portfolio basis.
It is not that I am against having an aggregate list. What
we are actually looking back and forth at, as you would any
investment, is what are the pros and cons associated with that,
and would we drive certain behaviors where people would just
turn in ``a good term paper,'' but not really address what the
problem is that is happening in that agency.
Chairman Davis. Over the years, this is long before you got
there and I got here, the Government had lost tens of billions
of dollars in IT systems that have just not worked out and so
on. It seems to me that just having a list up there tracking
these areas, where you can go back, it not only gives it a
level of transparency, but it would make it easier to manage. I
do not hear you really objecting. You are just saying that you
think the way you are doing it handles it.
Ms. Evans. Yes, sir. Because of the way that we are looking
at it, what we do not want to drive is certain behavior where
people are just checking off the boxes and not really
addressing the problem. And the problem is really what
management practices do you need to have in place to ensure
that the progress hits the milestones?
Chairman Davis. Let me ask this question.
Ms. Evans. Sure.
Chairman Davis. You stated in previous testimony before the
committee or subcommittee that agencies with projects on the
list would be required to address these weaknesses or else face
OMB placing limits on their spending. Is that right?
Ms. Evans. Yes, sir.
Chairman Davis. Can you tell us how many projects and what
total dollar value has been held back as a result of agencies
not addressing projects?
Ms. Evans. We did provide a chart last year based on the
five agencies that we did hold back the money that we took the
specific action on. We can provide that again to the committee
this year. I can go back and do that. But I would like to
stress, part of what we are trying to do here is that is the
action that we take. There are actions that the agencies take
themselves that we do not have to take.
And so we would not be able to provide that information.
That would have to come from an agency-by-agency basis. But
there are specific actions that were taken by the agencies
where they prohibited the spending of the project themselves
without us having to intervene.
Chairman Davis. Mr. Powner, what does OMB lose by not
developing a single, aggregate management watch list?
Mr. Powner. Several things, Mr. Chairman. First of all,
having an aggregate list allows you to analyze government-wide
IT weaknesses more effectively. The other thing that it
provides an opportunity for, that you pointed out, is that it
then provides a mechanism to monitor and track those
investments.
One additional example, knowing the differences between the
2005 and 2006 list would be very important. So having aggregate
lists where we could compare those aggregate lists and look at
projects that continue to be on that list from year to year
would be very valuable from an oversight perspective.
Chairman Davis. Now, are we talking about a sophisticated
data base that would capture all investment information, or
something less complex?
Mr. Powner. Our recommendation was just to aggregate the
list. This can probably be done with applications that
currently reside on desktops today. So we are not talking about
anything too sophisticated here.
Chairman Davis. OK. In addition to your recommendations, do
you have any suggestions for how we can all work together--I am
talking about OMB, I am talking about the agencies, and
Congress--work together collectively to improve these critical
IT investments?
Mr. Powner. Yes, I do. First of all, I think OMB should be
commended for 12 analysts that identify all these weaknesses
with all these projects. That is a heck of an effort up front.
And to expect them to followup on 600 or 350 projects is asking
a lot. A couple thoughts would be, to involve some of the
accountability agencies, IGs could get involved in following up
with some watch list projects, GAO would gladly look at the top
30, 40 projects, and in addition, hearings such as these, Mr.
Chairman, where you call up to the table the top five or six
agencies that either have the most projects on the list or the
highest dollar value helps further the rigor associated with
the management of these projects.
Chairman Davis. OK. Thank you very much.
Mr. Ruppersberger.
Mr. Ruppersberger. Thank you, Mr. Chairman. First, Ms.
Evans. Last year, your office designated 621 Federal technology
projects as management watch list projects. This year your
office designated 342 on this watch list. Is that correct?
Ms. Evans. Yes, sir.
Mr. Ruppersberger. Now this is a considerable number of
projects. And it appears from the GAO report that OMB has just
a dozen or so analysts overseeing these hundreds of troubled
projects. First, does OMB have a system for prioritizing these
projects to ensure that attention is paid to mission-critical
and other important systems?
Ms. Evans. The short answer is, yes. And it is more----
Mr. Ruppersberger. The second question is, can you describe
the system and why you think it works?
Ms. Evans. Yes. I am getting ready to do that. But I would
like to clarify one thing. The initial analysis on the business
cases are done by the 12 analysts that Mr. Powner had
mentioned. But the followup on these actions are a joint effort
done by everyone within OMB. So there is a joint team that we
do through the scorecard process with the budget examiners as
well as the IT analysts.
So there is a process, there is a consistent process. And
because this question has arisen about what we should followup
on and do we need to have better clarification, we are in the
process of finalizing our guidance out to the agencies of what
we would then call the ``high risk'' projects that are included
on the management watch list. And then those would be then
singled out for us to followup on directly through the
scorecard process and have more rigor in those.
But we do followup on all of them, all the business cases
through the scorecard process. And the agencies have to
remediate the weaknesses and tell us what actions they are
going to do. And this year, they have to have it done by June
30, so that there is enough time for us to analyze are those
adequate before they start spending money before the start of
the next fiscal year.
Mr. Ruppersberger. Getting back to my issue. It is about
resources sometimes. You have a lot of projects that are out
there and some have to be prioritized, as we should, but there
are some that maybe need to be prioritized that are not. Do you
feel that you have the tools and the resources to oversee these
projects and do it in the right way?
Ms. Evans. Yes, sir, I feel that we do. Because what we do
is we analyze not the project itself, but all the projects that
are in a portfolio to see if there is a pervasive or a systemic
problem. It could be something as simple as there is not the
right leadership at the top level to give the agency itself the
resources that it needs to succeed.
Mr. Ruppersberger. Let me get into a specific project.
Ms. Evans. Sure.
Mr. Ruppersberger. We recently saw as part of the Trilogy
project the IPI spent $170 million to develop a new case
management system that they will never use. It certainly seems
that at some point in a multiyear process of developing the
system someone should have noticed that this project was
seriously off course. Now, was the Trilogy project on the
management watch list this year or last year, do you know,
both?
Ms. Evans. Yes. And because it is a high risk, high
visibility project, internally within OMB when that happens,
especially on a project of that nature given the critical
mission that it is supporting, there are additional above and
beyond activities that we do outside of the scorecard process.
And in that particular case, we had monthly meetings and then
went to bi-weekly meetings to talk and work with the team to
understand what was going on and to give them the resources
that they would need, as well as to understand what we needed
to do to improve that so that project could go forward and be
successful.
Mr. Ruppersberger. Let me ask you this. Why do you think
the Federal Government's investment review process did not
catch the problems with this project? Now I know there are a
lot of other issues, you have the private contractor, you had a
lot, but bottom line, I think we need to discuss, that is a
perfect example, where did we go wrong, where did your process
go wrong that we did not get involved earlier and try to bring
it to the table.
Ms. Evans. And I would like to address that. I believe that
up until within these last 2 years, especially with our
implementation of earned value management through the
President's management agenda on the scorecard, a lot of our
activities are focused on planning. And the failure of the
Trilogy project was actually in the execution--the problems
with the contractor, project management, did they have the
right focus, requirements creep, everything that you read in
the press.
Those are things that are tracked through the earned value
management activities. That earned value is the actual numbers,
like you would then start seeing, if I said it was going to
take 10 weeks to accomplish a certain deliverable and it takes
12, that sets up a flag. We at OMB were not collecting a lot of
that data and working with the agencies directly in managing it
at that level.
Mr. Ruppersberger. What do you think OMB could have done
better in order to get more involved so that we could have
addressed this issue sooner? Looking at you and looking at your
operation, what do you think you could have done better just
specifically on the Trilogy project with the FBI? Or do you
think you were perfect?
Ms. Evans. No, I do not. And I think that hearings such as
this gives us clearer guidance on what the expectations are
from the Hill as well. But I believe that we have learned from
that project, continuously learn from many of the IT projects.
Right now, we are focused on implementing and giving
clearer guidance to the agencies on earned valued which is
focused on the execution, how the agencies are actually going
about and achieving, executing out on the project plant to
ensure that they have their project managers in place, that
they have clearly defined the right deliverables, and is there
spending. That is what we call 10 percent of cost, schedule,
and performance. We are measuring those activities now. We were
not measuring those previously. So I do agree that there were
things that we needed to do better in an oversight capacity.
Mr. Ruppersberger. OK. Thank you.
Chairman Davis. Questions, Mr. Porter? No? Ms. Watson, any
questions?
Ms. Watson. Thank you, Mr. Chairman. I am not sure that I
heard clearly or that I was able to decipher the response when
asked what is needed to be able to do the management watch that
is necessary. And I also want to know how long is the
evaluation after you put a particular project on the watch
list, how long do you followup? Is there a long-range follow
through? I was trying to read through our information to see if
it stated what that period of time would be, but maybe you can
respond. And this question is to Ms. Evans.
Ms. Evans. Sure. We would followup, depending on what the
problem is that we would identify within an agency, through the
life cycle. So if an investment is going to go 3 to 5 years, we
continuously work with the agency through that period. So it
would depend on what you identify as the issue.
Say, for example, if everything in the agency we failed a
business case because they had bad cyber security, they just
did not have a good cyber security plan, that is something that
this committee measures as well, and say the agency had an F on
the cyber security from your scorecard, we would continue to
work on the issue of cyber security within that agency and then
work with them then to see how and ensure that what they are
putting in their program then cascades down through the
management practices they have for projects. So if they say
that they are doing something in the security area, you
followup to make sure that it is actually followed through in
the actual projects as they execute out multiple projects
within the agency.
So it would depend on what the problem is. But we
continuously followup. When we talk about the management watch
list specifically as we look at these numbers, 342, 621, we try
to address what is the over-arching problem there--is it a
leadership problem, is it a risk management problem, is it a
cyber security problem--and then work at that high level and
then work with the agency to have processes in place so that it
will perpetuate throughout the organization so that they can
move forward on that.
I do not know if that is getting to all the issues, but it
is always ongoing. We do not just say, OK, this one is good to
go and then walk away from that. We continuously work with the
agency on the problems that we would identify.
Ms. Watson. Thank you. I heard you respond that you thought
you had the resources to do this long-term. The way you explain
it, it would take various units depending on where the problem
really resides. Do you have the personnel, do you have the
resources to do that kind of in-depth followup?
Ms. Evans. And the short answer again is, yes. Because part
of what we do is we work with the agency, we identify areas, we
offer suggestions and recommendations, but the hard work of
remediating the problems and ensuring things are done at the
agencies. The agencies are the ones who have to change their
management practices, the agencies are the ones who have to
take the corrective action, and then we work with them. The
hard work is actually fixing the problem and that is where the
resources are needed, and that is with the agencies.
Ms. Watson. So many of these agencies seem to be short-
changed in recent budgets. So that is where my interest is, do
we have the resources? Thank you very much. I appreciate your
response.
Chairman Davis. Ms. Evans, let me just ask, what is the No.
1 problem you see out there in the agencies with administering
IT programs? Do we have enough competent procurement officers?
Is it the coordination between the agency sometimes and the
contracting officers? Are we not holding the contractors tight
enough? Is there one theme, or is it just a number of themes
that sometimes have these contracts go awry?
Ms. Evans. This is going to seem like a very simple answer
to a complex question. All those things that you have described
are symptoms of the problem. It goes back to very basic project
management. Many times as a project starts there is not a clear
vision of what the outcome of that project is supposed to
achieve. So if we use the Trilogy project again, it started
down the path and it had one outcome but it changed multiple
times.
So as that change occurs, that is where then the disconnect
happens like what you are talking about, where a procurement
officer may not necessarily put the right contract vehicle in
place because they think they are going down to achieve one
outcome when they really needed to achieve another. So it is
communications and having a clear vision of what that project
is supposed to achieve.
Chairman Davis. But what we ought to be doing is catching
these early, right?
Ms. Evans. Yes, sir.
Chairman Davis. That is the goal. Obviously, in some of
these complex procurements the needs are going to change as you
get into it a little bit. The key is catching it early and not
having it run a $30 million, $100 million bill before you get
there.
Ms. Evans. And the other part of that, and I would say is
back to us at OMB, is if you said that you were going down and
the original vision is like a two-sentence vision, and this is
what we ask now from agencies, to clearly articulate in two
sentences, three sentences or less what you are going to get
out of this project. If they cannot do that, there is a
problem.
And then as a follow-on activity, we need to continuously
followup to ensure that they have not lost sight of that
original goal. If they do, and that is what we need to do from
an oversight capacity, if they need to change it, then they
have to be able to justify the changes.
And so we have other indicators that we are putting in
place to try to catch it sooner before there is so much
invested in it. And those are the other tools that we have been
implementing to try to monitor that and catch it.
Chairman Davis. We will fight on the House floor, sometimes
spend hours fighting over a $30, $40, $50 million program. But
an IT project goes awry, it could be a lot more than that. So,
really, when you talk about savings in government and
efficiency in government, it is overseeing some of these areas.
And we can blame the agencies, but at the end of the day it
starts and stops with OMB. That is why the watch list is so
important. I just wonder what other tools that we may need in a
government-wide perspective in terms of being able to get good
program managers in, and pay them accordingly. Do you see any
specific concerns with that?
Ms. Evans. Well, as we have outlined before, project
management, again, is the key to success because that project
manager is the front line defense. The Federal CIO Council took
that issue on last year as a result of this analysis and made
recommendations to us, we finalized the guidance back out to
the agencies. And what it did was help the agencies identify
what type of project manager, the level of complexity of the
project. We continue to develop these tools. We just issued
recent guidance jointly with OPM to look at the work force so
that you have the right resources and the right people in
place.
Chairman Davis. And the right training?
Ms. Evans. And the right training. And what are the gaps,
what do you currently have, what do you need, and are you
adequately funded for that. Because the problem is just within
one agency and it is two to three staff people that you need,
that is a different solution than if we see, gosh, we need
1,000 project managers at a certain proficiency level across
the entire government. We need to have that information ahead
of time. And you are right, that is an OMB responsibility to
ensure that the agencies have adequate resources to accomplish
that.
Chairman Davis. At DOD there have been cuts in procurement
officials. That is one of the ways they try to save money. And
sometimes it looks on the line like you are cutting dollars,
but if a procurement goes awry, it ends up costing you 10
times, that could be an outcome of that. That is what we need
to be careful about.
Mr. Powner, do you have any comments on that?
Mr. Powner. Just piggybacking off of your comment on
catching some of the risk areas early. I do not want to
downplay the importance of the watch list in the categories
that we look at. Many things that we discuss associated with
Trilogy, I know we do work for you on secure flight at TSA, a
couple of the categories that are highlighted in the analysis
for the watch list are program management, project management,
and risk management. Clearly, if you have rigorous processes in
place associated with project management and risk management,
it would help to catch some of these issues that ultimately
result in some of these projects failing.
Chairman Davis. Thank you very much. Any other questions
from Members?
Thank you very much. We appreciate your being here.
We will now move to our next panel. We have here Mr. Dan
Matthews, the Chief Information Officer of the U.S. Department
of Transportation; Mr. Robert McFarland, Assistant Secretary
for Information Technology at the U.S. Department of Veterans
Affairs; Ms. Rosita Parkes, the Chief Information Officer at
the U.S. Department of Energy; and Lisa Schlosser, CIO at the
Department of Housing and Urban Development.
Thank you very much for being with us this morning. If you
would stand with me and raise your right hands, I will swear
you in.
[Witnesses sworn.]
Chairman Davis. Let the record reflect that all witnesses
have responded in the affirmative.
Thank you. We have a gentleman back here.
Mr. Ash. Darren Ash, with the Department of Transportation.
Chairman Davis. Thank you very much for being with us. Let
the record show that you were also sworn should we have to call
on you for any questions.
Mr. Matthews, we will start with you, and then we will work
on down. Your entire statement is in the record. Thank you.
STATEMENTS OF DAN MATTHEWS, CHIEF INFORMATION OFFICER, U.S.
DEPARTMENT OF TRANSPORTATION, ACCOMPANIED BY DARREN B. ASH;
ROBERT MCFARLAND, ASSISTANT SECRETARY FOR INFORMATION
TECHNOLOGY, U.S. DEPARTMENT OF VETERANS AFFAIRS; ROSITA PARKES,
CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF ENERGY; AND LISA
SCHLOSSER, CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF
HOUSING AND URBAN DEVELOPMENT
STATEMENT OF DAN MATTHEWS
Mr. Matthews. Thank you, Mr. Chairman. Mr. Chairman and
members of the committee, thank you for the opportunity to
appear today to discuss the Office of Management and Budget's
watch list.
As the Department's Chief Information Officer, I oversee
the U.S. Department of Transportation's information technology
investment guidance, cyber security, and operational
responsibility for the departmental network and communications
infrastructure. I also serve as the vice chair of the Federal
CIO Council.
As I begin my remarks, let me stipulate that the OMB watch
list is a management tool that DOT uses to gauge the
effectiveness of our IT investment program. DOT recognizes that
to comply with the Clinger-Cohen Act and other statutory
requirements, external and internal oversight efforts
necessitate creating watch lists for IT investments.
OMB's watch list happens to be a well-known tool throughout
the Government, as it uses defined requirements and multiple
categories to identify troubled programs and agency-wide
challenges. OMB's use of a published scoring approach creates a
level playing field for Federal agency initiatives. Any
individual program in any departmental agency may have
deficiencies in any one or more measurement categories. Over
the last several years, DOT has significantly reduced the
number of our programs on OMB's watch list.
To address how OMB's watch list has affected DOT's
operations, I noted that we use it as one of several critical
management and oversight tools. DOT also uses the FISMA
metrics, IG and GAO audit reports, and quarterly earned value
management data reports to identify at-risk programs.
What differentiates the OMB watch and these other tools is
that while unique concerns about an individual program may be
raised in an audit report, the watch list, through its use of
defined requirements in specific categories, provides a same
measure view from program to program. In short, this same
measure view allows us to see where we perform well and where
we need to concentrate our efforts in order to strengthen our
stewardship of the IT investments made at DOT.
DOT's internal IT management and oversight controls,
including the OMB watch list, are used to designate under-
performing investments as at-risk. Either the Departmental
Investment Review Board or the operating administration review
board must review any at-risk program. The reviewing board can
direct corrective actions within a required timeframe, and can
make a decision to modify, rebaseline, or possibly cancel the
program.
Because the criteria for OMB's watch list are applied
across the department's investments, they help DOT focus on
those critical program management issues that warrant agency-
wide attention. For example, 2 years ago a significant number
of DOT's business cases found their way onto the watch list due
to security weaknesses. DOT could have relied exclusively on
FISMA-related metrics to increase management attention on our
IT investments. Instead, we used an accumulated effect
approach, letting the business case cores, FISMA measures, and
the weight of the President's management agenda scorecard focus
our attention on weaknesses, direct additional resources and
guidance to resolve those issues, and ultimately to
substantially alleviate the security weaknesses.
The watch list provides more than department level
visibility. Programs in and of themselves benefit from the
measures inherent in the tool. For example, the department's
largest agency and the one with the most IT expenditures, the
FAA, has programs that have been on the watch list and have
therefore made changes. In particular, on April 18th, the Air
Traffic Controllers Association kicked off its annual technical
conference with a special session on the OMB Exhibit 300, the
basis on which capital programs are assessed and by which they
make their way either on to or off of the watch list.
At the ATCA meeting, a senior program manager indicated
that being on the watch list forced him to be clearer about who
the program's customers were and how the program benefited
those customers. That manager had to improve program
justifications and results. Through the scoring process
weaknesses identified in earned value management and life cycle
costing required improved budgeting and planning. The manager
responded by employing the useful segments approach.
In effect, by being on the watch list, the program manager
was forced to conduct a total program review--not just improve
the business case to get off the watch list. This is an example
of the watch list having a positive impact on an individual
program manager. If we stack enough of these individual program
success stories together we can drive better results from our
IT investments across the Government.
As long as I am mentioning stacking these success stories
together, I offer the following suggestion, which I intend to
pursue with OMB and the Federal CIO Council.
The Federal CIO Council can use agency-by-agency and
subject area information to identify those agencies excelling,
for example, in risk management and use those approaches as
best practices. The Federal CIO Council would then focus
efforts to help individual agencies struggling in this area
implement these best practices. Programs on the watch list
should be expected, encouraged, and directed to reach out for
best practices, adapt and implement them, and be therefore more
inclined to operate effectively.
In conclusion, DOT believes OMB's watch list is one
important component of an overall management and oversight
process which is valuable within the individual agencies and
for OMB. From its cross agency perspective OMB sees the good
and the bad. Let us keep the watch list and capture from that
process our best practices. It is my observation and experience
at DOT that OMB has been a willing and useful partner in
helping more effectively manage our IT resources.
Again, I thank you for the opportunity to comment, and I
look forward to answering your questions. Thank you.
[The prepared statement of Mr. Matthews follows:]
[GRAPHIC] [TIFF OMITTED] T0953.025
[GRAPHIC] [TIFF OMITTED] T0953.026
[GRAPHIC] [TIFF OMITTED] T0953.027
[GRAPHIC] [TIFF OMITTED] T0953.028
[GRAPHIC] [TIFF OMITTED] T0953.029
Chairman Davis. Thank you, Mr. Matthews.
Mr. McFarland.
STATEMENT OF ROBERT MCFARLAND
Mr. McFarland. Thank you, Mr. Chairman. I am pleased to
appear before this committee today, representing the Secretary
and the department's information technology program.
Like other Federal agencies, VA submits budget materials to
the Office of Management and Budget every year. As part of this
annual process, VA documents and justifies its expenditures for
its major IT investments. We do this on OMB's form, Exhibit
300, the Capital Asset Plan. VA's major IT investments will
amount to nearly $2 billion in IT spending for fiscal year
2006.
OMB reviews and evaluates our Exhibit 300's against 10
criteria, with a top score of 5 for each of the criteria. All
10 criteria are listed in the Government Accountability
Office's draft report on the Exhibit 300 process as well as in
OMB Circular A-11, section 300.
OMB created a management watch list to monitor Federal
agencies' major IT investments that fail to meet OMB's
standards for adequacy. When OMB places a particular IT
investment on the management watch list, the owner agency must
take certain specified actions, on a case-by-case basis
depending on the investment, or submit remediation plans before
spending the funds.
We must modify our Exhibit 300 Capital Asset Plans to
address OMB's concerns with our business cases currently on the
management watch list before we can spend fiscal year 2006
funds on those investments. I would like to note here that, as
stated in the GAO report, if a score of 3 or less is received
in the area of security, then the project is placed on the
watch list. Consequently, we are focusing our energies and
resources on meeting certification and accreditation
requirements before the end of this fiscal year. The management
watch list has also focused attention on VA's other
infrastructure-type efforts such as Enterprise Architecture.
If we do not successfully remediate our business cases
before fiscal year 2006 begins, we are uncertain exactly what
impact this will have on our day-to-day operations; however, we
understand there will be increased scrutiny over all activities
associated with the expenditures of funds for these particular
investments.
In closing, I would like to say that VA recognizes the
importance of OMB overseeing how we spend taxpayers' funds. In
the 14 months I have been at the department, we have been
looking at our major projects with a strong business eye and
have added external program assessments earlier in the life
cycle. We look forward to continuing to strengthen VA's IT
Capital Asset Plans and our overall IT portfolio management
process.
I would be happy to answer any questions you may have
later, sir.
[The prepared statement of Mr. McFarland follows:]
[GRAPHIC] [TIFF OMITTED] T0953.030
[GRAPHIC] [TIFF OMITTED] T0953.031
Chairman Davis. Thank you very much.
Ms. Parkes.
STATEMENT OF ROSITA O. PARKES
Ms. Parkes. Thank you, Mr. Chairman and members of the
committee, for this invitation to appear before your committee
today to discuss the OMB investment management watch list.
At the Department of Energy, the management watch list is
an integral part of our continual efforts to ensure that IT
investments meet their performance objectives within their
established schedules and cost thresholds. Agencies understand
that watch list investments are of particular importance, and
require special attention and effort. I am proud to inform you
that the Department of Energy does not currently have any
investments on the watch list.
Much of our success is attributable to our partnership with
our DOE stakeholders, as well as our continual interaction with
OMB on watch list investments. With our DOE stakeholders, we
developed and institutionalized a well-defined set of criteria
against which to measure progress. Further, we
institutionalized regular communications with all levels of the
organization throughout the process.
The watch list initiative also yields benefits for DOE's
internal investment management and budgetary review process.
Investments on the watch list are carefully monitored, and
their status is integrated into the department's internal
evaluation process, which aligns with the President's
management agenda. The watch list is a very useful tool to
ensure that information technology investments are tracked
against cost, schedule, and performance.
Thank you, and I will be happy to answer any questions that
you might have.
[The prepared statement of Ms. Parkes follows:]
[GRAPHIC] [TIFF OMITTED] T0953.032
[GRAPHIC] [TIFF OMITTED] T0953.033
Mr. Marchant [presiding]. Thank you very much.
Ms. Schlosser.
STATEMENT OF LISA SCHLOSSER
Ms. Schlosser. Mr. Chairman and members of the committee,
thank you for the opportunity to appear today to discuss the
effect of OMB's watch list on the Department of Housing and
Development's operations.
I have been the Chief Information Officer with HUD since
February 2005. As the department's CIO, I oversee HUD's
information technology investment management process, IT
security program, and have operational responsibility for HUD's
network, communications, and application hosting
infrastructure.
Our vision for HUD is to capitalize on the power of IT to
support our primary business objectives of increasing home
ownership, supporting community development, increasing access
to affordable housing free from discrimination, and creating
internal management efficiencies. HUD recognizes that we must
institute effective IT capital planning and performance
management controls to help us meet these business objectives.
In formulating our strategy on how to continuously improve
IT management controls, HUD has found that external oversight
tools such as the President's management agenda scorecard, the
Federal Information Security Management Act scorecard, and the
OMB watch list have provided effective independent validations
of prioritized areas for improvement. Specifically, having
projects on the OMB watch list has prompted us to conduct
extensive conversations with OMB to establish how we could
improve identified weaknesses.
Based on this independent feedback, HUD has rapidly been
implementing a plan to improve these specific areas agency-
wide, and we are prioritizing the execution of these
improvements in the projects identified on OMB's watch list.
For example, over the past several months HUD has improved our
performance management process by reviewing all of our programs
using earned value management on a monthly basis, escalating
programs that were exceeding cost or schedule goals to an
executive review board for monitoring and oversight, and
completing an enterprise architecture, and most importantly,
accelerating our process to complete security certification and
accreditation of our systems.
In sum, HUD is capitalizing on various oversight tools such
as the President's management agenda, the FISMA scorecard, and
the OMB watch list to identify opportunities for agency-wide
process improvements in the way we manage our critical IT
investments. We are committed to implementing these
improvements and anticipate that many programs will be removed
from the OMB watch list over the next year. Most importantly,
through the use of the watch list and other internal and
external oversight tools, HUD will ensure that our IT
investments effectively support our core business requirements.
I thank the committee for its attention. I look forward to
your questions.
[The prepared statement of Ms. Schlosser follows:]
[GRAPHIC] [TIFF OMITTED] T0953.034
[GRAPHIC] [TIFF OMITTED] T0953.035
[GRAPHIC] [TIFF OMITTED] T0953.036
[GRAPHIC] [TIFF OMITTED] T0953.037
[GRAPHIC] [TIFF OMITTED] T0953.038
[GRAPHIC] [TIFF OMITTED] T0953.039
Mr. Marchant. Thank you very much. The chairman wished for
me to extend his apologies. We are in the midst of the energy
bill on the House floor, there are 16 amendments being debated
and worked on at this very moment, and this committee has some
important parts of that bill.
I have a few questions for each of you. Ms. Parkes, in your
testimony you noted that you currently have no projects on the
watch list. What steps did you take to get projects removed? Or
have you not had any?
Ms. Parkes. Oh, we had projects on the watch list, sir. In
budget year 2005, we had 45 out of 68 of our projects on the
watch list, and in budget year 2006, 12 out of 48.
What we did was, first of all, we worked with our program
offices--I do need to note that most of the business cases that
are developed in the Department of Energy are not developed in
the headquarters, they are developed by our site offices at our
sites. So what we did was we, first of all, worked with our
program offices that are responsible for the sites. We trained
up front on business case development; we literally held hands
with our program offices and the project managers responsible
for generating the business cases. We created an internal
scorecard that mirrored the OMB scorecard so that we could
identify early the weaknesses that were in the business cases
before we passed them over to OMB. And then once they went to
OMB and where the scores were indeed weak in certain areas, we
came back and used a remediation process, again holding hands
with the project managers and the program offices to ensure
that those weaknesses, the content of the business case, those
weaknesses were strengthened. So we did that. And we continue
to do that. We continue to provide training, we continue to use
our information technology council and various working groups
to help get those business cases, where they need remediation,
remediated.
Mr. Marchant. And what incentives or disincentives are
given to get these off the watch list? Is there a ``or else,''
or is there a----
Ms. Parkes. The Department of Energy has a management
council that consists of the assistant secretaries and is
chaired by the deputy secretary and review of the entire
President's management agenda occurs at this monthly management
council meeting. And the review of the e-Gov initiative under
the PMA is part of that management agenda and business cases
that are on the watch list are reviewed monthly by the
assistant secretaries. So there is deputy secretary attention
to the watch list.
And also, quite frankly, the watch list is part of our
corporate budget review. So, as Ms. Evans stated earlier,
within the agency as well as at OMB, funding is at risk if that
watch list business case does not get remediated. So that is an
incentive I think, you too?
Mr. Marchant. Yes, I think so. Ms. Schlosser, with your
experience at the DOT, what best practices are you bringing to
HUD?
Ms. Schlosser. I was fortunate to serve with my colleague
Mr. Matthews as an associate CIO with DOT and was able to
observe a lot of best practices DOT has put in place. We have
already adopted and implemented several of those practices at
HUD over the past couple months. One, we have implemented and
updated performance measurement process and, like Ms. Parkes,
we are reviewing all of our projects on a monthly basis with an
internal executive review board chaired by our deputy secretary
so we can identify any projects that are heading toward a
variance in cost and schedule.
Second, we have completed enterprise architecture to make
sure that all of our investments meet our primary business
objectives. Third, and perhaps most importantly, we have
accelerated a process using best practice methodologies to
complete security certification and accreditation of our
systems. We feel that by adopting and implementing these best
practices we are positioned to really improve our IT management
and controls internally, and, in fact, have already done so.
Thank you, sir.
Mr. Marchant. Thank you.
Mr. Matthews, is the Federal CIO Council offering any
advice to agencies on how to get projects removed from the
watch list?
Mr. Matthews. This year, sir, the CIO Council stood up a
best practices form into which the participating agencies can
put their best practices. That is being made available to the
agencies online as well as contact information, so one agency
can call another. I do believe that we can capture more best
practices by identifying those agencies that are consistently
green in one of those criteria areas, post them to the Web
site, and then work with the agencies to help them install
those best practices. So the facility is there and we look
forward to working with the agencies to raise all boats with
that single tide.
Mr. Marchant. Do you find that agencies that begin to have
problems go through a period of not wanting those problems to
exactly be known by other agencies at the very beginning, and
they might try to solve their own problems for a while before
they finally admit we have a problem here, we need help?
Mr. Matthews. Yes, sir, I believe human nature drives us to
try and solve our own problems. But certainly by publishing
best practices, part of that I would envision CIOs just
reaching out to that data base to see what is there and then
calling a fellow CIO and saying, hey, how did you go about
doing this? I think we are trying to facilitate that so people
can reach out and get expert opinions and advice without the
need to feel unwanted pressure or recriminations for trying to
solve problems.
Mr. Marchant. Mr. McFarland, are there unique challenges at
the VA that other agencies do not face that you feel like you
are having to face?
Mr. McFarland. Well, after 14 months, sir, I would say yes.
First off, I think it is fair to say we are a work in progress.
We are the second largest agency in Government, about 230,000
employees, another 200,000 contractors. So scale is a huge
problem for us. And as we have run into problems, the scale of
those problems is quite a management challenge. We also suffer
from lack of centralized management, which we are investigating
a change on.
But we are basically a large decentralized organization
with funding directly to those organizations. We suffer from
what I would call large legacy IT programs that truly need to
be taken out of the stovepipe manner and put into some degree
of enterprise architecture, which we have not done a good job
of developing over the last few years.
We have also suffered from what I would call lack of
program management. We are in the process of establishing an
enterprise project management office very similar to what DOD
uses to manage large, complex projects. Because many of our
projects are $100 million projects, not $10 million projects,
the risk that we run by not managing them properly is a huge
financial risk.
But I believe that with the current management team in
place, and the benefit of having I would consider the
Government's best mission, which is to take care of our
veterans, I think we have a lot of incentive to change the way
we have managed the agency in the past from an IT perspective
and move forward with some change.
Mr. Marchant. I think I will just ask one more followup
question before we conclude. You heard the earlier discussion
between OMB and GAO. Do you have feelings about whether there
ought to be a published list, or do you feel like the way it is
being handled now is preferable to the agencies?
Mr. Matthews. I believe sharing the information so that we
can garner the best practices is in the interest of the Federal
Government. The use of the term ``publish'' remains to be seen
how far we publish it. Do we list, for instance, if security is
a measure, do we actually want to publicly list these major
programs and whether they have ``security problems'' or not.
Probably that is not in our best interest. But taking the
information and stacking it together so we can find those areas
that have routinely performed well and capitalize on them I
believe is something that we should do.
Mr. Marchant. I would like to thank both panels for
appearing today. The chairman has asked me to thank you for
being here. We look forward to having you appear before the
committee again.
The committee now stands adjourned.
[Whereupon, at 11:17 a.m., the committee was adjourned.]
[The prepared statement of Hon. Elijah E. Cummings
follows:]
[GRAPHIC] [TIFF OMITTED] T0953.040
[GRAPHIC] [TIFF OMITTED] T0953.041
[GRAPHIC] [TIFF OMITTED] T0953.042
[GRAPHIC] [TIFF OMITTED] T0953.043
<all>
�