<DOC> [109th Congress House Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:20953.wais] OMB MANAGEMENT WATCH LIST: $65 BILLION REASONS TO ENSURE THE FEDERAL GOVERNMENT IS EFFECTIVELY MANAGING INFORMATION TECHNOLOGY INVESTMENTS ======================================================================= HEARING before the COMMITTEE ON GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED NINTH CONGRESS FIRST SESSION __________ APRIL 21, 2005 __________ Serial No. 109-20 __________ Printed for the use of the Committee on Government Reform Available via the World Wide Web: http://www.gpo.gov/congress/house http://www.house.gov/reform ______ U.S. GOVERNMENT PRINTING OFFICE 20-953 WASHINGTON : 2005 _____________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512ÿ091800 Fax: (202) 512ÿ092250 Mail: Stop SSOP, Washington, DC 20402ÿ090001 COMMITTEE ON GOVERNMENT REFORM TOM DAVIS, Virginia, Chairman CHRISTOPHER SHAYS, Connecticut HENRY A. WAXMAN, California DAN BURTON, Indiana TOM LANTOS, California ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York JOHN L. MICA, Florida PAUL E. KANJORSKI, Pennsylvania GIL GUTKNECHT, Minnesota CAROLYN B. MALONEY, New York MARK E. SOUDER, Indiana ELIJAH E. CUMMINGS, Maryland STEVEN C. LaTOURETTE, Ohio DENNIS J. KUCINICH, Ohio TODD RUSSELL PLATTS, Pennsylvania DANNY K. DAVIS, Illinois CHRIS CANNON, Utah WM. LACY CLAY, Missouri JOHN J. DUNCAN, Jr., Tennessee DIANE E. WATSON, California CANDICE S. MILLER, Michigan STEPHEN F. LYNCH, Massachusetts MICHAEL R. TURNER, Ohio CHRIS VAN HOLLEN, Maryland DARRELL E. ISSA, California LINDA T. SANCHEZ, California GINNY BROWN-WAITE, Florida C.A. DUTCH RUPPERSBERGER, Maryland JON C. PORTER, Nevada BRIAN HIGGINS, New York KENNY MARCHANT, Texas ELEANOR HOLMES NORTON, District of LYNN A. WESTMORELAND, Georgia Columbia PATRICK T. McHENRY, North Carolina ------ CHARLES W. DENT, Pennsylvania BERNARD SANDERS, Vermont VIRGINIA FOXX, North Carolina (Independent) ------ ------ Melissa Wojciak, Staff Director David Marin, Deputy Staff Director/Communications Director Rob Borden, Parliamentarian Teresa Austin, Chief Clerk Phil Barnett, Minority Chief of Staff/Chief Counsel C O N T E N T S ---------- Page Hearing held on April 21, 2005................................... 1 Statement of: Evans, Karen, Administrator, Electronic Government and Information Technology, Office of Management and Budget; David Powner, Director, Information Technology Management Issues, Government Accountability Office, accompanied by Lester Diamond, Assistant Director......................... 9 Evans, Karen............................................. 9 Powner, David A.......................................... 18 Matthews, Dan, Chief Information Officer, U.S. Department of Transportation, accompanied by Darren B. Ash; Robert McFarland, Assistant Secretary for Information Technology, U.S. Department of Veterans Affairs; Rosita Parkes, Chief Information Officer, U.S. Department of Energy; and Lisa Schlosser, Chief Information Officer, U.S. Department of Housing and Urban Development.............................. 40 Matthews, Dan............................................ 40 McFarland, Robert........................................ 48 Parkes, Rosita O......................................... 51 Schlosser, Lisa.......................................... 54 Letters, statements, etc., submitted for the record by: Cummings, Hon. Elijah E., a Representative in Congress from the State of Maryland, prepared statement of............... 64 Davis, Chairman Tom, a Representative in Congress from the State of Virginia, prepared statement of................... 3 Evans, Karen, Administrator, Electronic Government and Information Technology, Office of Management and Budget, prepared statement of...................................... 12 Matthews, Dan, Chief Information Officer, U.S. Department of Transportation, prepared statement of...................... 43 McFarland, Robert, Assistant Secretary for Information Technology, U.S. Department of Veterans Affairs, prepared statement of............................................... 49 Parkes, Rosita, Chief Information Officer, U.S. Department of Energy, prepared statement of.............................. 52 Porter, Hon. Jon C., a Representative in Congress from the State of Nevada, prepared statement of..................... 67 Powner, David, Director, Information Technology Management Issues, Government Accountability Office, prepared statement of............................................... 20 Schlosser, Lisa, Chief Information Officer, U.S. Department of Housing and Urban Development, prepared statement of.... 55 Waxman, Hon. Henry A., a Representative in Congress from the State of California, prepared statement of................. 6 OMB MANAGEMENT WATCH LIST: $65 BILLION REASONS TO ENSURE THE FEDERAL GOVERNMENT IS EFFECTIVELY MANAGING INFORMATION TECHNOLOGY INVESTMENTS ---------- THURSDAY, APRIL 21, 2005 House of Representatives, Committee on Government Reform, Washington, DC. The committee met, pursuant to notice, at 10:10 a.m., in room 2154, Rayburn House Office Building, Hon. Tom Davis (chairman of the committee) presiding. Present: Representatives Davis, Porter, Marchant, Waxman, Cummings, Kucinich, Watson, Ruppersberger, and Norton. Staff present: Melissa Wojciak, staff director; David Marin, deputy staff director/communications director; Rob White, press secretary; Drew Crockett, deputy director of communications; Victoria Proctor, senior professional staff; Jaime Hjort, professional staff member; Teresa Austin, chief clerk; Sarah D'Orsie, deputy clerk; Corinne Zaccagnini, chief information officer; Chas Phillips, policy counsel; Kristin Amerling, minority deputy chief counsel; Karen Lightfoot, minority communications director, senior policy advisor; Adam Bordes and Nancy Scola, minority professional staff members; Earley Green, minority chief clerk; and Jean Gosa, minority assistant clerk. Chairman Davis. Good morning. A quorum being present, the committee will come to order. I want to welcome everybody to today's hearing on the OMB watch list. The President's fiscal year 2006 IT budget request for the Federal Government is over $65 billion, and that figure is expected to rise continually throughout the rest of the decade. Given this fact, it is essential that the Federal Government manage IT investments efficiently. The Federal Government must acquire systems and services that not only provide the highest quality for Government employees, but also provide the best value for the taxpayer dollar. Under the Clinger-Cohen Act, OMB is required to establish processes to analyze, track, and evaluate the risks and results of major capital investments in information systems made by Federal agencies. For fiscal year 2005, OMB established a management watch list of mission-critical projects that have exhibited shortfalls in performance measures, project management, IT security, or overall justification. According to OMB's testimony before this committee last year, agencies with projects on the watch list are required to correct weaknesses and deficiencies or risk OMB placing limits on their spending. Of the $60 billion dedicated for Federal IT spending in fiscal year 2005, $22 billion represented projects on the watch list. This is over half of all Federal IT initiatives. This year there are more than 1,000 IT projects. OMB reported there are 342 projects, representing about $15 billion on the watch list. This represents a significant improvement, one I hope we can continue. I want to commend OMB for creating this management tool to address significant challenges facing the Federal Government. But at the same time, I want to make sure that it is being used effectively. There is some concern that OMB has not fully exploited the opportunity to use the watch list as a tool for analyzing IT investments on a government-wide basis. I am concerned that there is no aggregate list, per se. It is my understanding that OMB did not develop a single list of projects meeting their watch list criteria, but instead relied on individual analysts to evaluate the agencies and simply compile the results. Without a comprehensive list of projects and their identified weaknesses, we are apprehensive about OMB's ability to effectively followup with these agencies to determine whether they have addressed the weaknesses associated with projects on the watch list. Now today's primary purpose is to get a better understanding of OMB's use of the watch list. In particular, the committee is interested in determining if the concept of the watch list could be more effectively utilized by the Federal Government as a tool to manage information technology investments. Additionally, the committee looks forward to learning how OMB coordinates with individual agencies to identify and resolve IT-related challenges. In a report requested by the committee last year, the GAO evaluated OMB's processes regarding placing projects on the watch list and following up on corrective actions established for projects on the watch list. GAO will be releasing this report to the public today, and we look forward to discussing the results of their research. We have two distinguished panels of witnesses. Our first panel, we will hear from Karen Evans again from OMB, and David Powner from the Government Accountability Office, and we will discuss the watch list from a government-wide perspective. Our second panel features representatives from the Department of Transportation, Housing and Urban Development, Energy, and Veterans Affairs. These representatives will explain the nature of their projects on the watch list as well as efforts they have taken to resolve the issues that have led to their placement on the watch list. I want to welcome the witnesses to today's hearing. I look forward to your testimony. [The prepared statement of Chairman Tom Davis follows:] [GRAPHIC] [TIFF OMITTED] T0953.001 [GRAPHIC] [TIFF OMITTED] T0953.002 Chairman Davis. Mr. Waxman. Mr. Waxman. Thank you, Mr. Chairman. I am pleased that the committee is continuing its efforts to oversee the way in which the Federal Government is managing its information technology investments. The Federal Government has made a considerable investment in information technology. The President's budget for fiscal year 2006 includes more than 1,000 major IT projects that will cost the Federal Government more than $65 billion. The White House Office of Management and Budget has a statutory responsibility to evaluate and track the Federal Government's enormous investment in information technology. Unfortunately, it is not meeting its responsibility. For the past few years, OMB has been reporting that it tracks problem IT projects on what it calls a management watch list. Last year, OMB reported that more than a third of the Federal Government's major IT projects were on this list. However, when members of this committee asked OMB to provide basic information on what specific projects were on the watch list and how it was being used, OMB was not responsive. It is difficult to have confidence that OMB is fulfilling its responsibilities to monitor IT spending by the Federal Government when OMB fails to provide essential information about its tracking methodology. Now, GAO has taken a closer look at the management watch list and it has found that OMB does not maintain an aggregate list of troubled projects. Rather, what OMB calls its watch list is an ad hoc compilation of lists maintained by a few individual OMB analysts. No business with $65 billion at stake would ever manage itself this way. But apparently, different standards are fine when it is taxpayer money at risk. GAO is recommending that OMB create and maintain a government-wide watch list concerning major Federal IT projects to provide a mechanism for tracking whether problems that have been identified in any given year have been addressed. Incredibly, the administration is opposing even this minimal level of responsibility. I understand OMB disagrees with this recommendation. I know we can do better. And I look forward to hearing from today's witnesses about the merits of having an aggregate management watch list so that we can gain understanding of how OMB and other individual Government agencies can improve management of Federal information technology projects. Mr. Chairman, I want to make the comment to our witnesses, on the floor today is the energy bill that has come out of primarily the Energy and Commerce Committee and this committee. Later, we will have an amendment from this committee. Unfortunately, I am not going to be here for a lot of the testimony, but I will have a chance to review the testimony, and my staff, of course, is here to follow the issue very carefully. [The prepared statement of Hon. Henry A. Waxman follows:] [GRAPHIC] [TIFF OMITTED] T0953.003 [GRAPHIC] [TIFF OMITTED] T0953.004 [GRAPHIC] [TIFF OMITTED] T0953.005 Chairman Davis. Thank you. We have a Davis-Waxman amendment and at least one of us is going to have to be there for that. Mr. Waxman. Better you. Chairman Davis. Any other Members wishing to make opening statements? If not, I am going to swear in the first panel. If you would rise with me and raise your right hands. [Witnesses sworn.] Chairman Davis. Let the record reflect that all witnesses responded in the affirmative. Mr. Powner, who is the gentleman behind you so we can identify him for the record? Mr. Powner. Mr. Lester Diamond, Assistant Director. Chairman Davis. Thank you very much for being here. I look forward to your testimony. Karen, why not start with you, and then we will go to Mr. Powner. If you can keep it to 5 minutes. But it is a short panel, I want to make sure you get everything in. Your entire statement is part of the record. Thank you. STATEMENTS OF KAREN EVANS, ADMINISTRATOR, ELECTRONIC GOVERNMENT AND INFORMATION TECHNOLOGY, OFFICE OF MANAGEMENT AND BUDGET; DAVID POWNER, DIRECTOR, INFORMATION TECHNOLOGY MANAGEMENT ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE, ACCOMPANIED BY LESTER DIAMOND, ASSISTANT DIRECTOR STATEMENT OF KAREN EVANS Ms. Evans. Good morning, Mr. Chairman and members of the committee. My remarks will focus on the administration's strategy and progress to date in planning, managing, and measuring the results of the Government's technology investments. You asked me to specifically address OMB's use of the tool we refer to as the management watch list, and I will do so, but first I will discuss the overall context within which this list and our many other oversight tools are used. For fiscal year 2006, the President is proposing to spend roughly $65 billion for information technology and associated services to support the multiple and wide-ranging missions of the Federal Government. These IT investments help improve the ability of the Government's programs and operations to more effectively deliver services, products, and information. OMB executes its responsibility using various methods such as reviewing agencies' annual budget submissions, remaining engaged with agencies throughout the year using the President's management agenda, and issuing policies and guidance. Each year, OMB updates issues and guidance to the agencies on preparing their budget submissions as well as instructions on budget execution. Of the more than 40 sections within our guidance, 2 provide specific additional guidance about IT funding requests. These sections provide guidance for Federal capital assets. To submit an investment request for a major IT project, agencies must use the exhibit 300, also called Capital Asset Plan and Business Case. Please note, business cases are primarily planning documents and used an indicator, but it is not a measurement of the agency's ability to execute or manage an IT project. This is an important distinction. OMB reviews and evaluates business cases as part of its overall evaluation of the entire agency budget submission. If, based upon OMB's evaluation, a business case does not successfully meet the evaluation criteria, it is placed on the management watch list. The information included in each business case helps OMB and the agencies ensure correctly planned IT investments. The President's budget for fiscal year 2005 included approximately 1,200 major IT projects, totaling about $60 billion. Of this number, OMB reported slightly over half, 621 projects, representing about $22 billion, as being on the management watch list. In my March 3rd testimony of last year about the Federal IT portfolio, I described this list as consisting of mission- critical projects needing improved overall justification, performance measures, project management, or IT security. Agencies were required to correct identified project weaknesses and business case deficiencies. Those failing to do so were subject to additional oversight and requirements prior to spending. We did place conditions on agency spending in five instances last year. This year we continue to use the management watch list as one of the many tools to oversee agencies' planning for IT investments and drive improved portfolio management. A total of 1,087 business cases were submitted this year and less than one third, 342, valued at approximately $15 billion, did not meet the criteria for success. In November 2004, the 342 investments were placed on this year's management watch list. As they did last year, agencies have until the end of the fiscal year to correct all deficiencies or risk limits on their spending. I am pleased to report that this year's list currently at this time has been reduced to 248 projects. Let me now describe how other tools are used to monitor actual project execution and performance. In doing so, one will see, as OMB does, over-emphasis on the management watch list may lead to unintended consequences. Although business cases include information design to identify whether the agency appropriately considered project performance as part of the project planning, they are but a snapshot in time and they are not designed to be nor are they used for measuring project performance. Managing and measuring project performance is first and foremost an agency responsibility. OMB then oversees the agencies' activities under the President's management agenda and its associated quarterly reporting process. Each agency receives a scorecard about their progress and their status in achieving the government-wide goals, such as achieving 10 percent of cost, schedule, and performance for their IT portfolio. We deliberately included the criterion for ``acceptable business cases'' to underscore the need for good capital planning processes to be in place within an agency in order to produce good business cases. However, we recognize the business case as an output measurement. The acceptability of the business cases is just one of a number of the critical components agencies must satisfy to get to green or yellow for the E-Government scorecard. If the business case criteria are not successfully met, agencies cannot move forward regardless of their performance on other elements. Followup is dependent on particular issues identified and tends to focus on strategic issues or problems existing at a government-wide or agency-wide programmatic level, not tactical ones residing with an individual investment. I appreciate the opportunity to discuss the administration's strategy in this area. The management watch list represents just one example of such opportunity and helps call attention to concerns within the planning for major IT projects. I will be happy to answer any questions at the appropriate time. [The prepared statement of Ms. Evans follows:] [GRAPHIC] [TIFF OMITTED] T0953.006 [GRAPHIC] [TIFF OMITTED] T0953.007 [GRAPHIC] [TIFF OMITTED] T0953.008 [GRAPHIC] [TIFF OMITTED] T0953.009 [GRAPHIC] [TIFF OMITTED] T0953.010 [GRAPHIC] [TIFF OMITTED] T0953.011 Chairman Davis. Thank you very much. Mr. Powner. STATEMENT OF DAVID A. POWNER Mr. Powner. Chairman Davis, Ranking Member Waxman, and members of the committee, we appreciate the opportunity to testify on our report, completed at your request, Mr. Chairman, on OMB's management watch list. This morning I will summarize three key points in this report. First, OMB annually identifies hundreds of IT projects representing tens of billions of dollars that are at risk; meaning, there are significant questions about how these projects are planned and managed. In doing so, it identifies tremendous opportunities to strengthen investments. Second, OMB does not have a list. It does not aggregate a single list that identifies each project and its weaknesses, and therefore is missing an opportunity to analyze IT investments on a government-wide basis. Third, OMB does not consistently monitor the followup performed, and therefore was unable to tell us progress in addressing government-wide as well as project-specific weaknesses. Again, it is missing an opportunity to ensure that agencies address project weaknesses and that the Government's investment in IT is not wasted. Expanding on each of these, first, OMB should be commended for its analysis of agencies' IT project business cases which now collectively total over $60 billion annually. In the 2005 budget, OMB highlighted that of approximately 1,200 IT projects, about half, 620 projects, valued at $22 billion, were on its management watch list. In the 2006 budget, OMB again stated that of approximately 1,100 IT projects, about a third, 342, valued at $15 billion, were on its list. OMB uses a comprehensive scoring process to evaluate each business case which consists of evaluating 10 categories associated with project planning and management. These categories include the project's acquisition strategy, security plans and processes, and cost and schedule performance. Projects were placed on the management watch list if they scored poorly overall or in specific categories that OMB emphasizes. Either way, being placed on the management watch list means that these projects clearly have weaknesses in project planning and management. Thus, OMB identifies tremendous opportunities to strengthen investments totaling billions of dollars. However, a single, aggregate list identifying the projects and their weaknesses does not exist. To derive the total number of management watch list projects reported in the President's budget, OMB poled its individual analysts who have specific agency responsibilities and compiled the numbers and their combined value. By not aggregating the projects and weaknesses, OMB is missing an opportunity for analyzing IT investments on a government-wide basis. In addition, OMB does not consistently monitor the followup performed, and therefore was unable to tell us progress in addressing government-wide and project-specific weaknesses. Some projects were followed up during budget preparation. In addition, OMB officials told us that followup of some management watch list projects was done through the quarterly e-gov scorecards associated with the President's management agenda. However, OMB could not tell us which of the 621 watch list projects for 2005 were followed up on. Nor could they describe the relationship between its followup activities and changes in the number of projects on the watch list between 2005 and 2006. In our opinion, the current followup that does occur may leave unattended weak projects consuming significant budget dollars. In addition, Mr. Chairman, OMB's ability to report to the Congress on progress in addressing critical areas needing attention is limited by not having an aggregate list and coordinated followup. To take full advantage of the management watch list, we make several recommendations, including: developing a central list, using the list to guide prioritized followup, and reporting to the Congress on progress in addressing risks in areas needing additional attention. In summary, the management watch list creates an ideal opportunity to improve the Federal Government's IT investments and ensure that taxpayers' dollars are wisely invested. However, this opportunity is not being fully exploited because the list is not aggregated nor are there assurances that followup is adequate. This concludes my statement. I would be pleased to respond to any questions that you or members of the committee have at this time. [Note.--The GAO report entitled, ``Information Technology, OMB Can Make More Effective Use of Its Investment Reviews,'' may be found in committee files.] [The prepared statement of Mr. Powner follows:] [GRAPHIC] [TIFF OMITTED] T0953.012 [GRAPHIC] [TIFF OMITTED] T0953.013 [GRAPHIC] [TIFF OMITTED] T0953.014 [GRAPHIC] [TIFF OMITTED] T0953.015 [GRAPHIC] [TIFF OMITTED] T0953.016 [GRAPHIC] [TIFF OMITTED] T0953.017 [GRAPHIC] [TIFF OMITTED] T0953.018 [GRAPHIC] [TIFF OMITTED] T0953.019 [GRAPHIC] [TIFF OMITTED] T0953.020 [GRAPHIC] [TIFF OMITTED] T0953.021 [GRAPHIC] [TIFF OMITTED] T0953.022 [GRAPHIC] [TIFF OMITTED] T0953.023 [GRAPHIC] [TIFF OMITTED] T0953.024 Chairman Davis. Thank you both. Ms. Evans, given the effort you have put into creating and using the watch list, it seems that the small additional investment of creating an aggregate list of projects and weaknesses could yield significant opportunities and a means to track progress on agency corrective actions. What is it about an aggregate management watch list that you either object to or have not seen reason to move ahead on? Am I missing something? Ms. Evans. We have had a lot of discussion---- Chairman Davis. I mean, a lot of the criticism in the paper and GAO's---- Ms. Evans. There is a lot of criticism about---- Chairman Davis. I am just trying to understand your perspective. Ms. Evans. Yes, sir. Really, what it comes down to is what would be the intended outcome of having the aggregate watch list. We have gone back and forth over what would be the result, what would change, and what would be the outcome, what do we really want to achieve. And when we look at this, is the outcome to have good business cases, is it to have a passing business case to ensure that everything that is written down on the business case meets our criteria? Or is the outcome to really achieve what is described in the business case; that is, what the dollars are intended to be invested in? That really is what we are focusing our efforts on, is does the agency have the right management practices in place to ensure what that investment is supposed to achieve. So we work on it by a portfolio basis. It is not that I am against having an aggregate list. What we are actually looking back and forth at, as you would any investment, is what are the pros and cons associated with that, and would we drive certain behaviors where people would just turn in ``a good term paper,'' but not really address what the problem is that is happening in that agency. Chairman Davis. Over the years, this is long before you got there and I got here, the Government had lost tens of billions of dollars in IT systems that have just not worked out and so on. It seems to me that just having a list up there tracking these areas, where you can go back, it not only gives it a level of transparency, but it would make it easier to manage. I do not hear you really objecting. You are just saying that you think the way you are doing it handles it. Ms. Evans. Yes, sir. Because of the way that we are looking at it, what we do not want to drive is certain behavior where people are just checking off the boxes and not really addressing the problem. And the problem is really what management practices do you need to have in place to ensure that the progress hits the milestones? Chairman Davis. Let me ask this question. Ms. Evans. Sure. Chairman Davis. You stated in previous testimony before the committee or subcommittee that agencies with projects on the list would be required to address these weaknesses or else face OMB placing limits on their spending. Is that right? Ms. Evans. Yes, sir. Chairman Davis. Can you tell us how many projects and what total dollar value has been held back as a result of agencies not addressing projects? Ms. Evans. We did provide a chart last year based on the five agencies that we did hold back the money that we took the specific action on. We can provide that again to the committee this year. I can go back and do that. But I would like to stress, part of what we are trying to do here is that is the action that we take. There are actions that the agencies take themselves that we do not have to take. And so we would not be able to provide that information. That would have to come from an agency-by-agency basis. But there are specific actions that were taken by the agencies where they prohibited the spending of the project themselves without us having to intervene. Chairman Davis. Mr. Powner, what does OMB lose by not developing a single, aggregate management watch list? Mr. Powner. Several things, Mr. Chairman. First of all, having an aggregate list allows you to analyze government-wide IT weaknesses more effectively. The other thing that it provides an opportunity for, that you pointed out, is that it then provides a mechanism to monitor and track those investments. One additional example, knowing the differences between the 2005 and 2006 list would be very important. So having aggregate lists where we could compare those aggregate lists and look at projects that continue to be on that list from year to year would be very valuable from an oversight perspective. Chairman Davis. Now, are we talking about a sophisticated data base that would capture all investment information, or something less complex? Mr. Powner. Our recommendation was just to aggregate the list. This can probably be done with applications that currently reside on desktops today. So we are not talking about anything too sophisticated here. Chairman Davis. OK. In addition to your recommendations, do you have any suggestions for how we can all work together--I am talking about OMB, I am talking about the agencies, and Congress--work together collectively to improve these critical IT investments? Mr. Powner. Yes, I do. First of all, I think OMB should be commended for 12 analysts that identify all these weaknesses with all these projects. That is a heck of an effort up front. And to expect them to followup on 600 or 350 projects is asking a lot. A couple thoughts would be, to involve some of the accountability agencies, IGs could get involved in following up with some watch list projects, GAO would gladly look at the top 30, 40 projects, and in addition, hearings such as these, Mr. Chairman, where you call up to the table the top five or six agencies that either have the most projects on the list or the highest dollar value helps further the rigor associated with the management of these projects. Chairman Davis. OK. Thank you very much. Mr. Ruppersberger. Mr. Ruppersberger. Thank you, Mr. Chairman. First, Ms. Evans. Last year, your office designated 621 Federal technology projects as management watch list projects. This year your office designated 342 on this watch list. Is that correct? Ms. Evans. Yes, sir. Mr. Ruppersberger. Now this is a considerable number of projects. And it appears from the GAO report that OMB has just a dozen or so analysts overseeing these hundreds of troubled projects. First, does OMB have a system for prioritizing these projects to ensure that attention is paid to mission-critical and other important systems? Ms. Evans. The short answer is, yes. And it is more---- Mr. Ruppersberger. The second question is, can you describe the system and why you think it works? Ms. Evans. Yes. I am getting ready to do that. But I would like to clarify one thing. The initial analysis on the business cases are done by the 12 analysts that Mr. Powner had mentioned. But the followup on these actions are a joint effort done by everyone within OMB. So there is a joint team that we do through the scorecard process with the budget examiners as well as the IT analysts. So there is a process, there is a consistent process. And because this question has arisen about what we should followup on and do we need to have better clarification, we are in the process of finalizing our guidance out to the agencies of what we would then call the ``high risk'' projects that are included on the management watch list. And then those would be then singled out for us to followup on directly through the scorecard process and have more rigor in those. But we do followup on all of them, all the business cases through the scorecard process. And the agencies have to remediate the weaknesses and tell us what actions they are going to do. And this year, they have to have it done by June 30, so that there is enough time for us to analyze are those adequate before they start spending money before the start of the next fiscal year. Mr. Ruppersberger. Getting back to my issue. It is about resources sometimes. You have a lot of projects that are out there and some have to be prioritized, as we should, but there are some that maybe need to be prioritized that are not. Do you feel that you have the tools and the resources to oversee these projects and do it in the right way? Ms. Evans. Yes, sir, I feel that we do. Because what we do is we analyze not the project itself, but all the projects that are in a portfolio to see if there is a pervasive or a systemic problem. It could be something as simple as there is not the right leadership at the top level to give the agency itself the resources that it needs to succeed. Mr. Ruppersberger. Let me get into a specific project. Ms. Evans. Sure. Mr. Ruppersberger. We recently saw as part of the Trilogy project the IPI spent $170 million to develop a new case management system that they will never use. It certainly seems that at some point in a multiyear process of developing the system someone should have noticed that this project was seriously off course. Now, was the Trilogy project on the management watch list this year or last year, do you know, both? Ms. Evans. Yes. And because it is a high risk, high visibility project, internally within OMB when that happens, especially on a project of that nature given the critical mission that it is supporting, there are additional above and beyond activities that we do outside of the scorecard process. And in that particular case, we had monthly meetings and then went to bi-weekly meetings to talk and work with the team to understand what was going on and to give them the resources that they would need, as well as to understand what we needed to do to improve that so that project could go forward and be successful. Mr. Ruppersberger. Let me ask you this. Why do you think the Federal Government's investment review process did not catch the problems with this project? Now I know there are a lot of other issues, you have the private contractor, you had a lot, but bottom line, I think we need to discuss, that is a perfect example, where did we go wrong, where did your process go wrong that we did not get involved earlier and try to bring it to the table. Ms. Evans. And I would like to address that. I believe that up until within these last 2 years, especially with our implementation of earned value management through the President's management agenda on the scorecard, a lot of our activities are focused on planning. And the failure of the Trilogy project was actually in the execution--the problems with the contractor, project management, did they have the right focus, requirements creep, everything that you read in the press. Those are things that are tracked through the earned value management activities. That earned value is the actual numbers, like you would then start seeing, if I said it was going to take 10 weeks to accomplish a certain deliverable and it takes 12, that sets up a flag. We at OMB were not collecting a lot of that data and working with the agencies directly in managing it at that level. Mr. Ruppersberger. What do you think OMB could have done better in order to get more involved so that we could have addressed this issue sooner? Looking at you and looking at your operation, what do you think you could have done better just specifically on the Trilogy project with the FBI? Or do you think you were perfect? Ms. Evans. No, I do not. And I think that hearings such as this gives us clearer guidance on what the expectations are from the Hill as well. But I believe that we have learned from that project, continuously learn from many of the IT projects. Right now, we are focused on implementing and giving clearer guidance to the agencies on earned valued which is focused on the execution, how the agencies are actually going about and achieving, executing out on the project plant to ensure that they have their project managers in place, that they have clearly defined the right deliverables, and is there spending. That is what we call 10 percent of cost, schedule, and performance. We are measuring those activities now. We were not measuring those previously. So I do agree that there were things that we needed to do better in an oversight capacity. Mr. Ruppersberger. OK. Thank you. Chairman Davis. Questions, Mr. Porter? No? Ms. Watson, any questions? Ms. Watson. Thank you, Mr. Chairman. I am not sure that I heard clearly or that I was able to decipher the response when asked what is needed to be able to do the management watch that is necessary. And I also want to know how long is the evaluation after you put a particular project on the watch list, how long do you followup? Is there a long-range follow through? I was trying to read through our information to see if it stated what that period of time would be, but maybe you can respond. And this question is to Ms. Evans. Ms. Evans. Sure. We would followup, depending on what the problem is that we would identify within an agency, through the life cycle. So if an investment is going to go 3 to 5 years, we continuously work with the agency through that period. So it would depend on what you identify as the issue. Say, for example, if everything in the agency we failed a business case because they had bad cyber security, they just did not have a good cyber security plan, that is something that this committee measures as well, and say the agency had an F on the cyber security from your scorecard, we would continue to work on the issue of cyber security within that agency and then work with them then to see how and ensure that what they are putting in their program then cascades down through the management practices they have for projects. So if they say that they are doing something in the security area, you followup to make sure that it is actually followed through in the actual projects as they execute out multiple projects within the agency. So it would depend on what the problem is. But we continuously followup. When we talk about the management watch list specifically as we look at these numbers, 342, 621, we try to address what is the over-arching problem there--is it a leadership problem, is it a risk management problem, is it a cyber security problem--and then work at that high level and then work with the agency to have processes in place so that it will perpetuate throughout the organization so that they can move forward on that. I do not know if that is getting to all the issues, but it is always ongoing. We do not just say, OK, this one is good to go and then walk away from that. We continuously work with the agency on the problems that we would identify. Ms. Watson. Thank you. I heard you respond that you thought you had the resources to do this long-term. The way you explain it, it would take various units depending on where the problem really resides. Do you have the personnel, do you have the resources to do that kind of in-depth followup? Ms. Evans. And the short answer again is, yes. Because part of what we do is we work with the agency, we identify areas, we offer suggestions and recommendations, but the hard work of remediating the problems and ensuring things are done at the agencies. The agencies are the ones who have to change their management practices, the agencies are the ones who have to take the corrective action, and then we work with them. The hard work is actually fixing the problem and that is where the resources are needed, and that is with the agencies. Ms. Watson. So many of these agencies seem to be short- changed in recent budgets. So that is where my interest is, do we have the resources? Thank you very much. I appreciate your response. Chairman Davis. Ms. Evans, let me just ask, what is the No. 1 problem you see out there in the agencies with administering IT programs? Do we have enough competent procurement officers? Is it the coordination between the agency sometimes and the contracting officers? Are we not holding the contractors tight enough? Is there one theme, or is it just a number of themes that sometimes have these contracts go awry? Ms. Evans. This is going to seem like a very simple answer to a complex question. All those things that you have described are symptoms of the problem. It goes back to very basic project management. Many times as a project starts there is not a clear vision of what the outcome of that project is supposed to achieve. So if we use the Trilogy project again, it started down the path and it had one outcome but it changed multiple times. So as that change occurs, that is where then the disconnect happens like what you are talking about, where a procurement officer may not necessarily put the right contract vehicle in place because they think they are going down to achieve one outcome when they really needed to achieve another. So it is communications and having a clear vision of what that project is supposed to achieve. Chairman Davis. But what we ought to be doing is catching these early, right? Ms. Evans. Yes, sir. Chairman Davis. That is the goal. Obviously, in some of these complex procurements the needs are going to change as you get into it a little bit. The key is catching it early and not having it run a $30 million, $100 million bill before you get there. Ms. Evans. And the other part of that, and I would say is back to us at OMB, is if you said that you were going down and the original vision is like a two-sentence vision, and this is what we ask now from agencies, to clearly articulate in two sentences, three sentences or less what you are going to get out of this project. If they cannot do that, there is a problem. And then as a follow-on activity, we need to continuously followup to ensure that they have not lost sight of that original goal. If they do, and that is what we need to do from an oversight capacity, if they need to change it, then they have to be able to justify the changes. And so we have other indicators that we are putting in place to try to catch it sooner before there is so much invested in it. And those are the other tools that we have been implementing to try to monitor that and catch it. Chairman Davis. We will fight on the House floor, sometimes spend hours fighting over a $30, $40, $50 million program. But an IT project goes awry, it could be a lot more than that. So, really, when you talk about savings in government and efficiency in government, it is overseeing some of these areas. And we can blame the agencies, but at the end of the day it starts and stops with OMB. That is why the watch list is so important. I just wonder what other tools that we may need in a government-wide perspective in terms of being able to get good program managers in, and pay them accordingly. Do you see any specific concerns with that? Ms. Evans. Well, as we have outlined before, project management, again, is the key to success because that project manager is the front line defense. The Federal CIO Council took that issue on last year as a result of this analysis and made recommendations to us, we finalized the guidance back out to the agencies. And what it did was help the agencies identify what type of project manager, the level of complexity of the project. We continue to develop these tools. We just issued recent guidance jointly with OPM to look at the work force so that you have the right resources and the right people in place. Chairman Davis. And the right training? Ms. Evans. And the right training. And what are the gaps, what do you currently have, what do you need, and are you adequately funded for that. Because the problem is just within one agency and it is two to three staff people that you need, that is a different solution than if we see, gosh, we need 1,000 project managers at a certain proficiency level across the entire government. We need to have that information ahead of time. And you are right, that is an OMB responsibility to ensure that the agencies have adequate resources to accomplish that. Chairman Davis. At DOD there have been cuts in procurement officials. That is one of the ways they try to save money. And sometimes it looks on the line like you are cutting dollars, but if a procurement goes awry, it ends up costing you 10 times, that could be an outcome of that. That is what we need to be careful about. Mr. Powner, do you have any comments on that? Mr. Powner. Just piggybacking off of your comment on catching some of the risk areas early. I do not want to downplay the importance of the watch list in the categories that we look at. Many things that we discuss associated with Trilogy, I know we do work for you on secure flight at TSA, a couple of the categories that are highlighted in the analysis for the watch list are program management, project management, and risk management. Clearly, if you have rigorous processes in place associated with project management and risk management, it would help to catch some of these issues that ultimately result in some of these projects failing. Chairman Davis. Thank you very much. Any other questions from Members? Thank you very much. We appreciate your being here. We will now move to our next panel. We have here Mr. Dan Matthews, the Chief Information Officer of the U.S. Department of Transportation; Mr. Robert McFarland, Assistant Secretary for Information Technology at the U.S. Department of Veterans Affairs; Ms. Rosita Parkes, the Chief Information Officer at the U.S. Department of Energy; and Lisa Schlosser, CIO at the Department of Housing and Urban Development. Thank you very much for being with us this morning. If you would stand with me and raise your right hands, I will swear you in. [Witnesses sworn.] Chairman Davis. Let the record reflect that all witnesses have responded in the affirmative. Thank you. We have a gentleman back here. Mr. Ash. Darren Ash, with the Department of Transportation. Chairman Davis. Thank you very much for being with us. Let the record show that you were also sworn should we have to call on you for any questions. Mr. Matthews, we will start with you, and then we will work on down. Your entire statement is in the record. Thank you. STATEMENTS OF DAN MATTHEWS, CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF TRANSPORTATION, ACCOMPANIED BY DARREN B. ASH; ROBERT MCFARLAND, ASSISTANT SECRETARY FOR INFORMATION TECHNOLOGY, U.S. DEPARTMENT OF VETERANS AFFAIRS; ROSITA PARKES, CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF ENERGY; AND LISA SCHLOSSER, CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT STATEMENT OF DAN MATTHEWS Mr. Matthews. Thank you, Mr. Chairman. Mr. Chairman and members of the committee, thank you for the opportunity to appear today to discuss the Office of Management and Budget's watch list. As the Department's Chief Information Officer, I oversee the U.S. Department of Transportation's information technology investment guidance, cyber security, and operational responsibility for the departmental network and communications infrastructure. I also serve as the vice chair of the Federal CIO Council. As I begin my remarks, let me stipulate that the OMB watch list is a management tool that DOT uses to gauge the effectiveness of our IT investment program. DOT recognizes that to comply with the Clinger-Cohen Act and other statutory requirements, external and internal oversight efforts necessitate creating watch lists for IT investments. OMB's watch list happens to be a well-known tool throughout the Government, as it uses defined requirements and multiple categories to identify troubled programs and agency-wide challenges. OMB's use of a published scoring approach creates a level playing field for Federal agency initiatives. Any individual program in any departmental agency may have deficiencies in any one or more measurement categories. Over the last several years, DOT has significantly reduced the number of our programs on OMB's watch list. To address how OMB's watch list has affected DOT's operations, I noted that we use it as one of several critical management and oversight tools. DOT also uses the FISMA metrics, IG and GAO audit reports, and quarterly earned value management data reports to identify at-risk programs. What differentiates the OMB watch and these other tools is that while unique concerns about an individual program may be raised in an audit report, the watch list, through its use of defined requirements in specific categories, provides a same measure view from program to program. In short, this same measure view allows us to see where we perform well and where we need to concentrate our efforts in order to strengthen our stewardship of the IT investments made at DOT. DOT's internal IT management and oversight controls, including the OMB watch list, are used to designate under- performing investments as at-risk. Either the Departmental Investment Review Board or the operating administration review board must review any at-risk program. The reviewing board can direct corrective actions within a required timeframe, and can make a decision to modify, rebaseline, or possibly cancel the program. Because the criteria for OMB's watch list are applied across the department's investments, they help DOT focus on those critical program management issues that warrant agency- wide attention. For example, 2 years ago a significant number of DOT's business cases found their way onto the watch list due to security weaknesses. DOT could have relied exclusively on FISMA-related metrics to increase management attention on our IT investments. Instead, we used an accumulated effect approach, letting the business case cores, FISMA measures, and the weight of the President's management agenda scorecard focus our attention on weaknesses, direct additional resources and guidance to resolve those issues, and ultimately to substantially alleviate the security weaknesses. The watch list provides more than department level visibility. Programs in and of themselves benefit from the measures inherent in the tool. For example, the department's largest agency and the one with the most IT expenditures, the FAA, has programs that have been on the watch list and have therefore made changes. In particular, on April 18th, the Air Traffic Controllers Association kicked off its annual technical conference with a special session on the OMB Exhibit 300, the basis on which capital programs are assessed and by which they make their way either on to or off of the watch list. At the ATCA meeting, a senior program manager indicated that being on the watch list forced him to be clearer about who the program's customers were and how the program benefited those customers. That manager had to improve program justifications and results. Through the scoring process weaknesses identified in earned value management and life cycle costing required improved budgeting and planning. The manager responded by employing the useful segments approach. In effect, by being on the watch list, the program manager was forced to conduct a total program review--not just improve the business case to get off the watch list. This is an example of the watch list having a positive impact on an individual program manager. If we stack enough of these individual program success stories together we can drive better results from our IT investments across the Government. As long as I am mentioning stacking these success stories together, I offer the following suggestion, which I intend to pursue with OMB and the Federal CIO Council. The Federal CIO Council can use agency-by-agency and subject area information to identify those agencies excelling, for example, in risk management and use those approaches as best practices. The Federal CIO Council would then focus efforts to help individual agencies struggling in this area implement these best practices. Programs on the watch list should be expected, encouraged, and directed to reach out for best practices, adapt and implement them, and be therefore more inclined to operate effectively. In conclusion, DOT believes OMB's watch list is one important component of an overall management and oversight process which is valuable within the individual agencies and for OMB. From its cross agency perspective OMB sees the good and the bad. Let us keep the watch list and capture from that process our best practices. It is my observation and experience at DOT that OMB has been a willing and useful partner in helping more effectively manage our IT resources. Again, I thank you for the opportunity to comment, and I look forward to answering your questions. Thank you. [The prepared statement of Mr. Matthews follows:] [GRAPHIC] [TIFF OMITTED] T0953.025 [GRAPHIC] [TIFF OMITTED] T0953.026 [GRAPHIC] [TIFF OMITTED] T0953.027 [GRAPHIC] [TIFF OMITTED] T0953.028 [GRAPHIC] [TIFF OMITTED] T0953.029 Chairman Davis. Thank you, Mr. Matthews. Mr. McFarland. STATEMENT OF ROBERT MCFARLAND Mr. McFarland. Thank you, Mr. Chairman. I am pleased to appear before this committee today, representing the Secretary and the department's information technology program. Like other Federal agencies, VA submits budget materials to the Office of Management and Budget every year. As part of this annual process, VA documents and justifies its expenditures for its major IT investments. We do this on OMB's form, Exhibit 300, the Capital Asset Plan. VA's major IT investments will amount to nearly $2 billion in IT spending for fiscal year 2006. OMB reviews and evaluates our Exhibit 300's against 10 criteria, with a top score of 5 for each of the criteria. All 10 criteria are listed in the Government Accountability Office's draft report on the Exhibit 300 process as well as in OMB Circular A-11, section 300. OMB created a management watch list to monitor Federal agencies' major IT investments that fail to meet OMB's standards for adequacy. When OMB places a particular IT investment on the management watch list, the owner agency must take certain specified actions, on a case-by-case basis depending on the investment, or submit remediation plans before spending the funds. We must modify our Exhibit 300 Capital Asset Plans to address OMB's concerns with our business cases currently on the management watch list before we can spend fiscal year 2006 funds on those investments. I would like to note here that, as stated in the GAO report, if a score of 3 or less is received in the area of security, then the project is placed on the watch list. Consequently, we are focusing our energies and resources on meeting certification and accreditation requirements before the end of this fiscal year. The management watch list has also focused attention on VA's other infrastructure-type efforts such as Enterprise Architecture. If we do not successfully remediate our business cases before fiscal year 2006 begins, we are uncertain exactly what impact this will have on our day-to-day operations; however, we understand there will be increased scrutiny over all activities associated with the expenditures of funds for these particular investments. In closing, I would like to say that VA recognizes the importance of OMB overseeing how we spend taxpayers' funds. In the 14 months I have been at the department, we have been looking at our major projects with a strong business eye and have added external program assessments earlier in the life cycle. We look forward to continuing to strengthen VA's IT Capital Asset Plans and our overall IT portfolio management process. I would be happy to answer any questions you may have later, sir. [The prepared statement of Mr. McFarland follows:] [GRAPHIC] [TIFF OMITTED] T0953.030 [GRAPHIC] [TIFF OMITTED] T0953.031 Chairman Davis. Thank you very much. Ms. Parkes. STATEMENT OF ROSITA O. PARKES Ms. Parkes. Thank you, Mr. Chairman and members of the committee, for this invitation to appear before your committee today to discuss the OMB investment management watch list. At the Department of Energy, the management watch list is an integral part of our continual efforts to ensure that IT investments meet their performance objectives within their established schedules and cost thresholds. Agencies understand that watch list investments are of particular importance, and require special attention and effort. I am proud to inform you that the Department of Energy does not currently have any investments on the watch list. Much of our success is attributable to our partnership with our DOE stakeholders, as well as our continual interaction with OMB on watch list investments. With our DOE stakeholders, we developed and institutionalized a well-defined set of criteria against which to measure progress. Further, we institutionalized regular communications with all levels of the organization throughout the process. The watch list initiative also yields benefits for DOE's internal investment management and budgetary review process. Investments on the watch list are carefully monitored, and their status is integrated into the department's internal evaluation process, which aligns with the President's management agenda. The watch list is a very useful tool to ensure that information technology investments are tracked against cost, schedule, and performance. Thank you, and I will be happy to answer any questions that you might have. [The prepared statement of Ms. Parkes follows:] [GRAPHIC] [TIFF OMITTED] T0953.032 [GRAPHIC] [TIFF OMITTED] T0953.033 Mr. Marchant [presiding]. Thank you very much. Ms. Schlosser. STATEMENT OF LISA SCHLOSSER Ms. Schlosser. Mr. Chairman and members of the committee, thank you for the opportunity to appear today to discuss the effect of OMB's watch list on the Department of Housing and Development's operations. I have been the Chief Information Officer with HUD since February 2005. As the department's CIO, I oversee HUD's information technology investment management process, IT security program, and have operational responsibility for HUD's network, communications, and application hosting infrastructure. Our vision for HUD is to capitalize on the power of IT to support our primary business objectives of increasing home ownership, supporting community development, increasing access to affordable housing free from discrimination, and creating internal management efficiencies. HUD recognizes that we must institute effective IT capital planning and performance management controls to help us meet these business objectives. In formulating our strategy on how to continuously improve IT management controls, HUD has found that external oversight tools such as the President's management agenda scorecard, the Federal Information Security Management Act scorecard, and the OMB watch list have provided effective independent validations of prioritized areas for improvement. Specifically, having projects on the OMB watch list has prompted us to conduct extensive conversations with OMB to establish how we could improve identified weaknesses. Based on this independent feedback, HUD has rapidly been implementing a plan to improve these specific areas agency- wide, and we are prioritizing the execution of these improvements in the projects identified on OMB's watch list. For example, over the past several months HUD has improved our performance management process by reviewing all of our programs using earned value management on a monthly basis, escalating programs that were exceeding cost or schedule goals to an executive review board for monitoring and oversight, and completing an enterprise architecture, and most importantly, accelerating our process to complete security certification and accreditation of our systems. In sum, HUD is capitalizing on various oversight tools such as the President's management agenda, the FISMA scorecard, and the OMB watch list to identify opportunities for agency-wide process improvements in the way we manage our critical IT investments. We are committed to implementing these improvements and anticipate that many programs will be removed from the OMB watch list over the next year. Most importantly, through the use of the watch list and other internal and external oversight tools, HUD will ensure that our IT investments effectively support our core business requirements. I thank the committee for its attention. I look forward to your questions. [The prepared statement of Ms. Schlosser follows:] [GRAPHIC] [TIFF OMITTED] T0953.034 [GRAPHIC] [TIFF OMITTED] T0953.035 [GRAPHIC] [TIFF OMITTED] T0953.036 [GRAPHIC] [TIFF OMITTED] T0953.037 [GRAPHIC] [TIFF OMITTED] T0953.038 [GRAPHIC] [TIFF OMITTED] T0953.039 Mr. Marchant. Thank you very much. The chairman wished for me to extend his apologies. We are in the midst of the energy bill on the House floor, there are 16 amendments being debated and worked on at this very moment, and this committee has some important parts of that bill. I have a few questions for each of you. Ms. Parkes, in your testimony you noted that you currently have no projects on the watch list. What steps did you take to get projects removed? Or have you not had any? Ms. Parkes. Oh, we had projects on the watch list, sir. In budget year 2005, we had 45 out of 68 of our projects on the watch list, and in budget year 2006, 12 out of 48. What we did was, first of all, we worked with our program offices--I do need to note that most of the business cases that are developed in the Department of Energy are not developed in the headquarters, they are developed by our site offices at our sites. So what we did was we, first of all, worked with our program offices that are responsible for the sites. We trained up front on business case development; we literally held hands with our program offices and the project managers responsible for generating the business cases. We created an internal scorecard that mirrored the OMB scorecard so that we could identify early the weaknesses that were in the business cases before we passed them over to OMB. And then once they went to OMB and where the scores were indeed weak in certain areas, we came back and used a remediation process, again holding hands with the project managers and the program offices to ensure that those weaknesses, the content of the business case, those weaknesses were strengthened. So we did that. And we continue to do that. We continue to provide training, we continue to use our information technology council and various working groups to help get those business cases, where they need remediation, remediated. Mr. Marchant. And what incentives or disincentives are given to get these off the watch list? Is there a ``or else,'' or is there a---- Ms. Parkes. The Department of Energy has a management council that consists of the assistant secretaries and is chaired by the deputy secretary and review of the entire President's management agenda occurs at this monthly management council meeting. And the review of the e-Gov initiative under the PMA is part of that management agenda and business cases that are on the watch list are reviewed monthly by the assistant secretaries. So there is deputy secretary attention to the watch list. And also, quite frankly, the watch list is part of our corporate budget review. So, as Ms. Evans stated earlier, within the agency as well as at OMB, funding is at risk if that watch list business case does not get remediated. So that is an incentive I think, you too? Mr. Marchant. Yes, I think so. Ms. Schlosser, with your experience at the DOT, what best practices are you bringing to HUD? Ms. Schlosser. I was fortunate to serve with my colleague Mr. Matthews as an associate CIO with DOT and was able to observe a lot of best practices DOT has put in place. We have already adopted and implemented several of those practices at HUD over the past couple months. One, we have implemented and updated performance measurement process and, like Ms. Parkes, we are reviewing all of our projects on a monthly basis with an internal executive review board chaired by our deputy secretary so we can identify any projects that are heading toward a variance in cost and schedule. Second, we have completed enterprise architecture to make sure that all of our investments meet our primary business objectives. Third, and perhaps most importantly, we have accelerated a process using best practice methodologies to complete security certification and accreditation of our systems. We feel that by adopting and implementing these best practices we are positioned to really improve our IT management and controls internally, and, in fact, have already done so. Thank you, sir. Mr. Marchant. Thank you. Mr. Matthews, is the Federal CIO Council offering any advice to agencies on how to get projects removed from the watch list? Mr. Matthews. This year, sir, the CIO Council stood up a best practices form into which the participating agencies can put their best practices. That is being made available to the agencies online as well as contact information, so one agency can call another. I do believe that we can capture more best practices by identifying those agencies that are consistently green in one of those criteria areas, post them to the Web site, and then work with the agencies to help them install those best practices. So the facility is there and we look forward to working with the agencies to raise all boats with that single tide. Mr. Marchant. Do you find that agencies that begin to have problems go through a period of not wanting those problems to exactly be known by other agencies at the very beginning, and they might try to solve their own problems for a while before they finally admit we have a problem here, we need help? Mr. Matthews. Yes, sir, I believe human nature drives us to try and solve our own problems. But certainly by publishing best practices, part of that I would envision CIOs just reaching out to that data base to see what is there and then calling a fellow CIO and saying, hey, how did you go about doing this? I think we are trying to facilitate that so people can reach out and get expert opinions and advice without the need to feel unwanted pressure or recriminations for trying to solve problems. Mr. Marchant. Mr. McFarland, are there unique challenges at the VA that other agencies do not face that you feel like you are having to face? Mr. McFarland. Well, after 14 months, sir, I would say yes. First off, I think it is fair to say we are a work in progress. We are the second largest agency in Government, about 230,000 employees, another 200,000 contractors. So scale is a huge problem for us. And as we have run into problems, the scale of those problems is quite a management challenge. We also suffer from lack of centralized management, which we are investigating a change on. But we are basically a large decentralized organization with funding directly to those organizations. We suffer from what I would call large legacy IT programs that truly need to be taken out of the stovepipe manner and put into some degree of enterprise architecture, which we have not done a good job of developing over the last few years. We have also suffered from what I would call lack of program management. We are in the process of establishing an enterprise project management office very similar to what DOD uses to manage large, complex projects. Because many of our projects are $100 million projects, not $10 million projects, the risk that we run by not managing them properly is a huge financial risk. But I believe that with the current management team in place, and the benefit of having I would consider the Government's best mission, which is to take care of our veterans, I think we have a lot of incentive to change the way we have managed the agency in the past from an IT perspective and move forward with some change. Mr. Marchant. I think I will just ask one more followup question before we conclude. You heard the earlier discussion between OMB and GAO. Do you have feelings about whether there ought to be a published list, or do you feel like the way it is being handled now is preferable to the agencies? Mr. Matthews. I believe sharing the information so that we can garner the best practices is in the interest of the Federal Government. The use of the term ``publish'' remains to be seen how far we publish it. Do we list, for instance, if security is a measure, do we actually want to publicly list these major programs and whether they have ``security problems'' or not. Probably that is not in our best interest. But taking the information and stacking it together so we can find those areas that have routinely performed well and capitalize on them I believe is something that we should do. Mr. Marchant. I would like to thank both panels for appearing today. The chairman has asked me to thank you for being here. We look forward to having you appear before the committee again. The committee now stands adjourned. [Whereupon, at 11:17 a.m., the committee was adjourned.] [The prepared statement of Hon. Elijah E. Cummings follows:] [GRAPHIC] [TIFF OMITTED] T0953.040 [GRAPHIC] [TIFF OMITTED] T0953.041 [GRAPHIC] [TIFF OMITTED] T0953.042 [GRAPHIC] [TIFF OMITTED] T0953.043 <all>