A recent Government Accountability Office report has found that within 22 federal agencies reviewed, 31,493 IT contracts accounting for $4.5 billion went unidentified by those agencies in 2016.
The Federal Information Technology Acquisition Reform Act, or FITARA, enacted in 2014, requires covered agencies’ chief acquisition officers to identify IT contracts for the chief information officers to review and approve. However, GAO found that nearly 30 percent of those contracts were not identified appropriately in 2016.
“The percentage of additional IT contract obligations GAO identified varied among the selected agencies. For example, the Department of State did not identify 1 percent of its IT contract obligations. Conversely, 8 agencies did not identify over 40 percent of their IT-related contract obligations,” the report said.
According to the report, many of the agencies that did not identify their IT acquisitions also did not follow Office of Management and Budget-issued guidance, such as involving the acquisition office in the identification process or establishing guidance to aid officials in recognizing IT.
“Until agencies involve the acquisitions office in their IT identification processes and establish supporting guidance, they cannot ensure that they will identify all IT acquisitions. Without proper identification of IT acquisitions, agencies and CIOs cannot effectively provide oversight of these acquisitions,” the report said.
In addition, just more than 11 percent of randomly selected contracts at 10 agencies reviewed by GAO were CIO-approved, as mandated in FITARA.
“The 85 IT contracts not reviewed had a total possible value of approximately $23.8 billion. Until agencies ensure that CIOs review and approve IT acquisitions, CIOs will continue to have limited visibility and input into their agencies’ planned IT expenditures and will not be able to use the increased authority that FITARA’s contract approval provision is intended to provide. Further, agencies will likely miss an opportunity to strengthen CIOs’ authority and the oversight of IT acquisitions. As a result, agencies may award IT contracts that are duplicative, wasteful, or poorly conceived,” the report said.
GAO made a total of 39 recommendations to different agencies. Though most either agreed with or did not respond to the recommendations, the Environmental Protection Agency and OMB neither agreed nor disagreed.
The Department of Education only partially agreed with its recommendations, claiming that existing departmental directives and statements of work adequately account for the need for CIO approval on IT investments. GAO updated its guidance to reflect this.
The Nuclear Regulatory Commission disagreed with GAO’s recommendations, claiming that the report “did not adequately reflect the agency’s process for reviewing and approving IT acquisitions.” However, GAO said the commission did not provide documentary evidence to support that assertion.