Oversight agencies squabble over list of high-risk IT projects

The Office of Management and Budget and the Government Accountability Office disagree over how OMB's list of high-risk information technology projects is managed.

The list, consisting of 226 IT projects totaling about $6.4 billion, or 10 percent of the government's proposed $64 billion IT budget for fiscal 2007, spans 24 agencies and tracks the management and performance of the initiatives. In a new report (GAO-06-647), GAO said the criteria for placing projects on the list are not applied consistently.

David Powner, GAO's director of information technology management issues, recommended in a letter to House Government Reform Committee Chairman Tom Davis, R-Va., that OMB issue directions to agency chief information officers to ensure consistency.

A more structured process for adding and removing projects also is called for, Powner said. In addition, a single aggregated list of high-risk projects is needed to keep Congress up-to-date on progress, Powner wrote.

But Karen Evans, OMB's administrator of e-government and technology, said an aggregate list is not necessary because the list's intent is for agencies to focus on the execution and performance of the projects. Evans said she is concerned that GAO is confusing the goals of the OMB list with those of GAO's own list of high-risk management areas.

Evans also disagreed with the need to adopt a consistent process for updating the list, arguing agencies need a certain amount of flexibility.

"We believe that flexibility in the application of the criteria is essential," Evans said. "The report incorrectly implies that agencies will not be able to oversee their own projects without additional guidance."

Davis said he hoped "OMB can get on the same page with GAO" regarding the list because "given the mission and the money at stake, it's important to get the big picture regarding the risks and weaknesses that exist in IT governmentwide."

Projects are added to the list when an agency fails to consistently demonstrate the ability to manage them, they have an "exceptionally high" cost, they address an agency's ability to perform critical business functions, or when a delay would affect essential agency functions.

The Veterans Affairs Department had the most projects on the high-risk list, with 33 worth $871.7 million included as of March 2006. All but four of the VA projects are on the list because their delay could harm the agency's mission.

The Transportation Department, with 13 projects, led the list in terms of the dollar value of those projects, coming in at $1.38 billion.

Approximately 35 percent of the projects had at least one performance shortfall, which means they did not meet at least one of four criteria: establish clear baselines; maintain cost and schedule variances within 10 percent; include a qualified project manager; and avoid duplicating other IT investments.

The report compared the percentage of IT projects on the risk list with a second OMB accounting of projects, known as the Management Watch List, which tracks the planning of IT projects, and found the percentage of projects on both lists steadily declined since agencies submitted fiscal 2004 budget requests. For fiscal 2007, 15 percent of the projects were on both lists.