GovWin
B2G is moving!
Blogs posted after May 22, 2015 will be located on Deltek's central blog page at www.deltek.com/blog.
Just select the "B2G Essentials" blog to continue to receive this valuable content.
CIOs Claim IT Reporting to OMB is Not Useful for Their Own IT Management

In a recent GAO study, CIOs claimed that required IT reporting to OMB was not useful to their own IT management.  OMB uses the information reported by CIOs with the goal of improving the management, oversight, and transparency of the federal government’s IT as a whole. But according to CIOs, reporting efforts on their part are burdensome and not helpful in improving IT management.  

OMB requires agencies to routinely report on IT management in five areas:  

  • IT strategic planning  
  • Capital planning and investment management 
  • IT security 
  • Systems acquisitions, development, and integration  
  • E-government initiatives

OMB directs agency CIOs to respond to 36 IT management reporting requirements within the five IT management areas.  Reporting frequency varies from monthly, quarterly, annually and “as needed” depending on the requirement, with most requiring quarterly or annual reporting.  

Agencies report and transmit the information regarding their IT initiatives via the following methods/systems:  

  • CyberScope – for 5 requirements  
  • Integrated Data Collection – for 7 requirements  
  • MAX Portal – for 3 requirements  
  • Federal IT Dashboard  - for 6 requirements  
  • Agency Websites – for 9 requirements  
  • Data Point – for 1 requirement  
  • DHS Continuous Monitoring Dashboard – for 1 requirement   
  • Federal Data Center Consolidation Initiative Program Management Portal – for 1 requirement       
  • Meetings with OMB Officials – for 2 requirements  
  • E-mail to OMB – for additional requirements as needed

CIOs reported that addressing the reporting requirements did not always clearly support departmental priorities and took a significant level of effort to implement.  Agencies reported spending approximately $150M to $308M annually to report to OMB, in part due to the frequency, formatting, duplicative elements and differing data collection systems in use. 

CIOs identified the following reporting as most useful in managing IT:  

  • Information Resources Management strategic plan  
  • Enterprise roadmap  
  • Exhibit 53  
  • IT investment performance updates

Although OMB has taken steps to streamline some IT reporting requirements, the efforts do not address additional challenges, such as the use of multiple online tools to report information. If OMB addressed the IT reporting issues identified by CIOs they could make the reporting effort and information gained a more useful tool for IT management at the agency level.  GAO recommends that OMB collaborate with CIOs to address proposed reporting improvements and challenges and ensure a common understanding of priority IT reforms.  

 

Federal Improper Payment Rate Rises for First Time in Five Years

The federal improper payment rate rose from 3.5% of program outlays in FY 2013 to 4.5% in FY 2014, amounting to $124.7 billion up nearly $19 billion from FY 2013.

The federal government hasn’t seen a rise in the improper payment rate since FY 2009 when improper payments rose 5.4% over the FY 2008 rate.  According to paymentaccuracy.gov, the improper payment goal for FY 2014 was 3.19% of total program outlays. 

According to a recent GAO report on fragmentation, overlap, duplication, and improper payments, the rate increase was primarily due to estimates for Medicare, Medicaid, and the Earned Income Tax Credit, which account for over 76% of the government-wide estimate.  The improper payment totals span 124 federal programs across 22 agencies. 

Comptroller General Gene Dodaro told the Senate Budget Committee last week that the government has made progress in addressing program duplication and fragmentation.  “For the first time in recent years, the government-wide improper payment estimate significantly increased.”

GAO has made numerous recommendations it asserts could improve program management and help reduce improper payments such as improving the use of prepayment edits in Medicare and requiring states to audit Medicaid payments to and by managed care organizations.

Attention has been focused on improper payments for a number of years resulting in the enactment of the 2002, 2010 and 2012 improper payments acts.  Until this past fiscal year, agencies have made headway in rooting out waste, fraud and abuse leading to a decline in improper payments and improper payment rates.  However, agencies continue to face challenges, such as statutory limitations and compliance issues, in reducing improper payments.

OMB is in the process of updating some of its guidance to help agencies more easily identify improper payments.  OMB is updating Circular A-123 to include GAO standards for internal management control assessments to limit fraud.  The new Appendix C of A-123 will do the following:  

  • Reconcile most recent improper payment act requirements (IPERIA)  
  • Consolidate and streamline reporting requirements  
  • Provide more detailed categorization of improper payments and establish a taxonomy  
  • Add on an internal control framework for addressing improper payments

 

In an interview with Federal News Radio, OMB Controller David Mader stated, "OMB will be working closely with several of the departments over the course of 2015 to see if we can better understand what is driving the improper payment rate, and then stepping back and saying to ourselves, 'can we mitigate that risk, because it is a risk, by changing business processes, introducing technology, bringing in new data to look at and/or do we need some legislative fixes?'"

 

Agencies Most Adept at Implementing GAO Recommendations for IT

In the wake of GAO’s new high risk report which added IT acquisition to its ranks, Deloitte’s Advanced Analytics and Modeling (AAM) practice released a study of the effectiveness of GAO’s recommendations over time which showed that agencies are most adept at implementing GAO recommendations for information technology and IT security.

The report, entitled “Accountability Quantified:  What 26 years of GAO reports can teach us about government management,” set out to determine if GAO recommendations were an effective way to drive targeted change within agencies.  Additionally, Deloitte wanted to “use GAO as an example of how agencies can better structure their internal oversight activities to quantify accountability and drive results.”  For the report, Deloitte analyzed 1.3 million pages of GAO reports using text analytics and analyzed the 40,000-plus recom­mendations made by GAO from 1983 through 2014.

Summaries of their findings for seven key questions are listed below:

The study found that agencies show the highest rate of success at implementing GAO recommendations in the areas of information security, information technology, education, and equal opportunity.  Information security logged a 94% completion rate and information technology an 87% completion rate.  These results may seem counter intuitive due to the bad press and scrutiny that federal IT programs have received in recent months.  However, GAO’s recommendations are often tactical and not large-scale enterprise solutions or system changes, making it easier for agencies to comply.

Unfortunately, repeated recommendations to an agency in the same area do not improve an agency’s success rate.  The study found, “There is no meaningful relationship between how many recommendations an agency receives in a specific area and how often they succeed in that area.”  

Additionally, it’s worth noting that adoption of recommendations was studied over nearly a 30 year period.  So, although agencies showed that they had implemented a high number of IT recommendations, this took place over an extended period of time and repeated prodding by GAO did little to hasten fixes. 

Deloitte offers that because of GAO’s high success rate in the information technology space, it may have room to increase the number and strength of the specific recommenda­tions it gives around IT security issues.  On a broader scale, Deloitte recommends that GAO and agencies apply more standardization to their oversight data in order to analyze and interpret it more easily.  Specifically Deloitte recommends the following next steps:    

  • Keep score by tracking where their recommendations are succeeding or failing.  
  • Convert reports to a text analytics-friendly electronic format.  
  • Establish a coding structure for reports.  
  • Uncover hidden trends. Develop a standard taxonomy for over­sight reporting terms.  
  • Develop real-time accountability score­cards—and make them public.