What GAO Found

The federal government spent about 75 percent of the total amount budgeted for information technology (IT) for fiscal year 2015 on operations and maintenance (O&M) investments. Such spending has increased over the past 7 fiscal years, which has resulted in a $7.3 billion decline from fiscal years 2010 to 2017 in development, modernization, and enhancement activities.

Total Federal IT Spending by Type (in billions)

Specifically, 5,233 of the government's approximately 7,000 IT investments are spending all of their funds on O&M activities. Moreover, the Office of Management and Budget (OMB) has directed agencies to identify IT O&M expenditures known as non-provisioned services that do not use solutions often viewed as more efficient, such as cloud computing and shared services. Agencies reported planned spending of nearly $55 billion on such non-provisioned IT in fiscal year 2015. OMB has developed a metric for agencies to measure their spending on services such as cloud computing and shared services, but has not identified an associated goal. Thus, agencies may be limited in their ability to evaluate progress.

Many O&M investments in GAO's review were identified as moderate to high risk by agency CIOs, and agencies did not consistently perform required analysis of these at-risk investments. Further, several of the at-risk investments did not have plans to be retired or modernized. Until agencies fully review their at-risk investments, the government's oversight of such investments will be limited and its spending could be wasteful.

Federal legacy IT investments are becoming increasingly obsolete: many use outdated software languages and hardware parts that are unsupported. Agencies reported using several systems that have components that are, in some cases, at least 50 years old. For example, Department of Defense uses 8-inch floppy disks in a legacy system that coordinates the operational functions of the nation's nuclear forces. In addition, Department of the Treasury uses assembly language code—a computer language initially used in the 1950s and typically tied to the hardware for which it was developed. OMB recently began an initiative to modernize, retire, and replace the federal government's legacy IT systems. As part of this, OMB drafted guidance requiring agencies to identify, prioritize, and plan to modernize legacy systems. However, until this policy is finalized and fully executed, the government runs the risk of maintaining systems that have outlived their effectiveness. The following table provides examples of legacy systems across the federal government that agencies report are 30 years or older and use obsolete software or hardware, and identifies those that do not have specific plans with time frames to modernize or replace these investments.

Examples of Legacy Investments and Systems

Agency Investment or system Description Agency-reported age Specific, defined plans for modernization or replacement Department of the Treasury Individual Master File The authoritative data source for individual taxpayers where accounts are updated, taxes are assessed, and refunds are generated. This investment is written in assembly language code—a low-level computer code that is difficult to write and maintain—and operates on an IBM mainframe. ~56 No - The agency has general plans to replace this investment, but there is no firm date associated with the transition. Department of the Treasury Business Master File Retains all tax data pertaining to individual business income taxpayers and reflects a continuously updated and current record of each taxpayer's account. This investment is also written in assembly language code and operates on an IBM mainframe. ~56 No - The agency has general plans to update this system, but there is no time frame established for this transition. Department of Defense Strategic Automated Command and Control System Coordinates the operational functions of the United States' nuclear forces, such as intercontinental ballistic missiles, nuclear bombers, and tanker support aircrafts. This system runs on an IBM Series/1 Computer—a 1970s computing system—and uses 8-inch floppy disks. 53 Yes - The agency plans to update its data storage solutions, port expansion processors, portable terminals, and desktop terminals by the end of fiscal year 2017. Department of Veterans Affairs Personnel and Accounting Integrated Data Automates time and attendance for employees, timekeepers, payroll, and supervisors. It is written in Common Business Oriented Language (COBOL)—a programming language developed in the 1950s and 1960s—and runs on IBM mainframes. 53 Yes - The agency plans to replace it with a project called Human Resources Information System Shared Service Center in 2017. Department of Veterans Affairs Benefits Delivery Network Tracks claims filed by veterans for benefits, eligibility, and dates of death. This system is a suite of COBOL mainframe applications. 51 No - The agency has general plans to roll capabilities into another system, but there is no firm time frame associated with this transition. Department of Justice Sentry Provides information regarding security and custody levels, inmate program and work assignments, and other pertinent information about the inmate population. The system uses COBOL and Java programming languages. 35 Yes - The agency plans to update the system through September 2016. Social Security Administration Title II Systems Determines retirement benefits eligibility and amounts. The investment is comprised of 162 subsystems written in COBOL. 31 Yes - The agency has ongoing modernization efforts, including one that is experiencing cost and schedule challenges due to the complexities of the legacy software.

Source: GAO analysis of IT Dashboard data, agency documentation, and interviews. | GAO-16-468

Note: Age was reported by agencies. Systems and investments may have individual components newer than the reported age.

Why GAO Did This Study

The federal government invests more than $80 billion on IT annually, with much of this amount reportedly spent on operating and maintaining existing (legacy) IT systems. Given the magnitude of these investments, it is important that agencies effectively manage their O&M.

GAO's objectives were to (1) assess federal agencies' IT O&M spending, (2) evaluate the oversight of at-risk legacy investments, and (3) assess the age and obsolescence of federal IT.

To do so, GAO reviewed OMB and 26 agencies' IT O&M spending for fiscal years 2010 through 2017. GAO further reviewed the 12 agencies that reported the highest planned IT spending for fiscal year 2015 to provide specifics on agency spending and individual investments.

What GAO Recommends

GAO is making 16 recommendations, one of which is for OMB to develop a goal for its spending measure and finalize draft guidance to identify and prioritize legacy IT needing to be modernized or replaced. GAO is also recommending that selected agencies address at-risk and obsolete legacy O&M investments. Nine agencies agreed with GAO's recommendations, two agencies partially agreed, and two agencies stated they had no comment. The two agencies that partially agreed, Defense and Energy, outlined plans that were consistent with the intent of our recommendations.

For more information, contact David A. Powner at (202) 512-9286 or pownerd@gao.gov.