GAO Follows Up on Unfulfilled Recommendations

GAO government accountability office

In written testimony to the House Oversight and Government Reform Committee before the Federal Information Technology Acquisition Reform Act (FITARA) Scorecard hearing on Wednesday, the Government Accountability Office (GAO) highlighted areas where Federal agencies had not implemented recommendations from previous GAO reports.

“As of November 2018, agencies had fully implemented about 59 percent of the 1,242 IT management-related recommendations that GAO has made since fiscal year 2010. Likewise, agencies had implemented about 73 percent of the approximately 3,000 security-related recommendations that GAO has made since 2010,” the testimony from Carol Harris, director of IT Acquisition Management Issues at GAO stated. “Even with this progress, significant actions remain to be completed” to reach GAO’s goal of 80 percent implemented.

The report, an update on a similar report from May, the report highlights unfulfilled recommendations in five main areas:

  • CIO Responsibilities
  • IT Contract Approval
  • Consolidating Data Centers
  • Managing Software Licenses
  • Improving the Security of Federal IT Systems

On CIO responsibilities, GAO pointed to an August report that found none of the 24 CFO Act agencies had fully addressed the assigned responsibilities of FITARA and its guidance, especially in the areas of investment management and strategic planning. GAO issued 27 recommendations, one to each agency and three to OMB, none of which have been implemented yet.

CIO involvement in reviewing IT acquisitions is also lacking, as GAO noted in a January report. Most agencies were not adequately involved in reviewing IT acquisitions, leading GAO to make 39 recommendations for the 22 agencies under the microscope and OMB. As of November, 27 of those remain unfulfilled.

Citing a series of reports from July 2011 to May 2018, GAO called on agencies, mostly OMB to address weaknesses in data center optimization. “In these reports, we made a total of 160 recommendations to OMB and 24 agencies to improve the execution and oversight of the initiative. Most agencies and OMB agreed with our recommendations or had no comments. As of November 2018, 47 of these 160 recommendations remained unimplemented,” the report stated.

Additionally, the report includes a preview of an upcoming report on data center optimization, finding mixed results. While agencies closed a total of 6,250 data centers by August and found 2.36 billion in cost savings, the cost savings still fall roughly 380 million short of the goal set by the Office of Management and Budget. The report also found 6 agencies not reaching their tiered data center goals for FY18, and 9 agencies not meeting their non-tiered data center goals.

On the issue of software licenses, GAO cited reports from 2014 and 2015, pointing to 135 recommendations from those reports. Software licenses show the most progress out of the five main topics, implementing 80 percent of recommendations and leaving only 27 unimplemented.

Finally, the report highlights problems on information security, a common topic for GAO.

“Many agencies continue to be challenged in safeguarding their information systems and information, in part, because many of these recommendations have not been implemented. Of the roughly 3,000 recommendations made since 2010, 73 percent had been implemented as of November 2018; leaving 688 recommendations unimplemented,” the report noted.

Recent