White House, Congressional Auditors At Odds Over Identifying IT Problems

Congressional auditors and the White House are at loggerheads on how the executive branch goes about assuring that identified IT-management problems are fixed.

The Office of Management and Budget has developed a management watch list of mission-critical IT projects that have failed to meet performance expectations. OMB placed about half of the nearly 1,200 major IT projects in the administration's budget on the list.

In creating the watch list, OMB identified opportunities to strengthen investments and promote improvements in IT management, said David Powner, director of IT management issues at the Government Accountability Office, in prepared testimony before the House Government Report Committee Thursday. But, he said, the list didn't provide enough details to manage the identified troubled projects.

Powner intimated that knowledge could be found in the minds of individual OMB analysts. "Decisions on monitoring of progress were typically made by the [OMB] staff with responsibility for reviewing individual agency budget submissions, depending on the staff's insights into agency operations and objectives," Powner said. "Because it didn't consistently require or monitor agency follow-up activities, OMB didn't know whether the project risks that it identified through its management watch list were being managed effectively, potentially leaving resources at risk of being committed to poorly planned and managed projects."

Responding, White House top IT executive Karen Evans said she didn't think such a follow-up list was necessary.

By not keeping such a list, Powner said, OBM hasn't fully exploited the chance to use the list as a tool to analyze IT investments throughout government. "Because it didn't consistently require or monitor follow-up activities, OMB didn't know whether the project risks that it identified through its management watch list were being managed effectively, potentially leaving resources at risk of being committed to poorly planned and managed projects," Powner said.

Because OMB didn't consistently monitor the follow-up performed on projects on the watch list, he said, it couldn't easily tell GAO which of the 621 projects received follow-up attention. "OMB wasn't using its management watch list as a tool in setting priorities for improving IT investments on a governmentwide basis and focusing attention where it was most needed," Powner said.

Evans said GAO examination of how OMB employs the watch list was too narrowly focused. The watch list and accompanying documentation, known as Exhibit 300, are primarily used by agencies to manage their own IT portfolios. "OMB isn't the sole or even primary audience of an Exhibit 300 justification," Evans said. "Agency officials and [the] investment review board must use them to effectively manage their own IT portfolios and submit to OMB only those investment requests meeting criteria specified in OMB policies. Responsibility for ensuring corrective actions for the management watch-list investment rests with each individual agency."

Still, Powner said, GAO believes that an aggregated list would contribute to OMB's ability to better analyze government IT investments and track progress in tackling deficiencies.