General Accountability Office GAO

Federal Agencies Need to Address Aging Legacy Systems Read full text in English

2016 report GAO-16-468
1 Many use outdated software languages and hardware

Federal legacy IT investments are becoming increasingly obsolete: many use outdated software languages and hardware parts that are unsupported. Agencies reported using several systems that have components that are, in some cases, at least 50 years old. For example, Department of Defense uses 8-inch floppy disks in a legacy system that coordinates the operational functions of the nation’s nuclear forces. In addition, Department of the Treasury uses assembly language code — a computer language initially used in the 1950 s and typically tied to the hardware for which it was developed. OMB recently began an initiative to modernize, retire, and replace the federal government’s legacy IT systems. As part of this, OMB drafted guidance requiring agencies to identify, prioritize, and plan to modernize legacy systems. However, until this policy is finalized and fully executed, the government runs the risk of maintaining systems that have outlived their effectiveness. The following table provides examples of legacy systems across the federal government that agencies report are 30 years or older and use obsolete software or hardware, and identifies those that do not have specific plans with time frames to modernize or replace these investments.

2 Lack of consistent risk analysis
Risk: limited oversight and wasteful spending

Many O&M i [operations and maintenance] nvestments in GAO’s review were identified as moderate to high risk by agency CIOs, and agencies did not consistently perform required analysis of these at-risk investments. Further, several of the at-risk investments did not have plans to be retired or modernized. Until agencies fully review their at-risk investments, the government’s oversight of such investments will be limited and its spending could be wasteful.

3 One of goals not identified
Lack of measure to evaluate the success

Additionally, OMB has not identified an associated goal with its non-provisioned IT measure that is part of PortfolioStat process. An OMB official within the Office of E-Government and Information Technology stated that the aim is for the amount of spending on DME and provisioned IT services to rise, thus reducing the percent of spending on non-provisioned IT. This official also stated that OMB has not identified a specific goal for the measure because it would be ever changing. While goals for performance measures may change over time, it is still important for OMB to set a target by which agencies can measure their progress in meeting this measure.

In particular, leading practices stress that organizations should measure performance in order to evaluate the success or failure of their activities and programs.

Background

Over the last three decades, Congress has enacted several laws to assist agencies and the federal government in managing IT investments. For example, to assist agencies in managing their investments, Congress enacted the Clinger-Cohen Act of 1996.

This act requires OMB to establish processes to analyze, track, and evaluate the risks and results of major capital investments in information systems made by federal agencies and report to Congress on the net program performance benefits achieved as a result of these investments. Most recently, in December 2014, Congress enacted IT acquisition reform legislation (commonly referred to as the Federal Information Technology Acquisition Reform Act or FITARA) that, among other things, requires OMB to develop standardized performance metrics, including cost savings, and to submit quarterly reports to Congress on cost savings.

Additionally, OMB has not identified an associated goal with its non-provisioned IT measure that is part of PortfolioStat process. An OMB official within the Office of E-Government and Information Technology stated that the aim is for the amount of spending on DME and provisioned IT services to rise, thus reducing the percent of spending on non-provisioned IT. This official also stated that OMB has not identified a specific goal for the measure because it would be ever changing. While goals for performance measures may change over time, it is still

important for OMB to set a target by which agencies can measure their progress in meeting this measure.

In particular, leading practices stress that organizations should measure performance in order to evaluate the success or failure of their activities and programs.

Objectives

Our objectives were to (1) assess the extent to which federal agencies have invested in operating and maintaining existing information technology (IT), (2) evaluate the oversight of at-risk legacy investments, and (3) assess the age and obsolescence of federal IT.

Additionally, OMB has not identified an associated goal with its non-provisioned IT measure that is part of PortfolioStat process. An OMB official within the Office of E-Government and Information Technology stated that the aim is for the amount of spending on DME and provisioned IT services to rise, thus reducing the percent of spending on non-provisioned IT. This official also stated that OMB has not identified a specific goal for the measure because it would be ever changing. While goals for performance measures may change over time, it is still

important for OMB to set a target by which agencies can measure their progress in meeting this measure.

In particular, leading practices stress that organizations should measure performance in order to evaluate the success or failure of their activities and programs.

The items above were selected and named by the e-Government Subgroup of the EUROSAI IT Working Group on the basis of publicly available report of the author Supreme Audit Institutions (SAI). In the same way, the Subgroup prepared the analytical assumptions and headings. All readers are encouraged to consult the original texts by the author SAIs (linked).