The More OMB Knows, The Worse It Gets
By Allan Holmes | Tuesday, October 23, 2007 | 03:50 PM
By Allan Holmes | Tuesday, October 23, 2007 | 03:50 PM
In an item posted today in his blog, “The Risk Factor,” risk management expert Bob Charette calls into question OMB's announcement yesterday that the number of IT projects on its Management Watch List had dropped 61 percent – in seven months. “This is truly amazing,” Charette writes. “Sixty-one percent of government IT projects on the OMB watch list, which indicates whether they are well-positioned to execute, all got better at the same time. One can only conclude that the government has found a new, secret way to manage IT project risk.”
The skepticism doesn’t stop there. In an article posted today on Government Executive’s Web site, government project management expert J. Donaldson Frame says, “When I see miracle improvements occur very quickly, I wonder whether the improvements are genuine or reflect statistical artifacts."
And Ray Bjorkland, chief knowledge officer at federal marketing research firm FedSources, wonders how IT projects get on (and presumably then come off) the Management and High Risk lists in the first place.
For the 212 IT projects that came off the Management Watch List, OMB officials said those “agencies were able to adequately address deficiencies and weaknesses identified in these 212 investments by mitigating planning deficiencies, or in some cases, providing and completing additional documentation supporting their management activities.” No word on how well the projects are meeting budget, deadlines or performance measures, which Bjorkland says are the best indications of success in oversight of technology investments.
And the reason given for more IT programs going on the High Risk List? Again, better reporting from agencies, OMB said.
Interesting, better reporting was the reason OMB gave yesterday for the doubling of the number of reported security breaches exposing personally identifiable information. “An increase in reporting isn't necessarily a bad thing,” said Karen Evans, who holds the Bush administration’s top IT executive position at OMB.
This reason given when on the same day, Microsoft reports that phishing scams had increased more than 150 percent in the first six months of 2007 and the number of malware incidents increased 500 percent. Not to mention the 90 percent increase (over nine months) in the number of cyberattacks directed at electric utilities.
It still hurts my head to try to follow this logic. The message seems to be: It's good to know how bad things are. That could be helpful, if you then used that information to develop a plan to fix the bad things. No word on that, yet.
Comments
Admittedly, it may be confusing, but Mr. Holmes is comparing apples to oranges. First, there is a distinction between IT Investments and IT projects. The OMB Management Watch List (MWL) pertains to IT Investments and consists of the agencies’ business case justifications. These business cases are planning documents. A business case does not necessarily equate to one IT project or one IT program. The IT community uses these terms interchangeably as done in this entry – we do not. This may be the source of the confusion.
Business cases are completed by the agencies two years in advance of actual execution. OMB identifies weaknesses generally in 10 areas and over the course of the following year works with agencies to address the weaknesses through better planning and/or providing additional documentation to support their business case prior to execution. We also use additional reports, from annual FISMA, GAO to IG reports, to inform this process.
Second, when did transparency become a bad thing? Reporting and public release of this information encourages agencies to proactively address challenges and problems on the front-end, before they become too costly. We reduce the risk of our services by taking steps to reduce the risk and manage incidents when they occur. In addition, by having more visibility through various reporting mechanisms, agencies can share and learn from each other in order to improve their services.
The policies for better reporting and increased transparency – no question – are helping agencies improve and get better results.
My opinion as a project manager is that with all the new imposed reporting requirements and ways of doing business the project managers are just reacting to "red" scores to get off the "watch lists" but are not given adequate time to truly address real issues and change their way of managing projects. Instead they spend their time trying to get rid of the "red" and not focusing on the real mission of the program/project.
This type of reporting and paperwork excerse lends itself to false negagives and distorts the overall picture of agency IT managment.
OMB should impose some of its own requirements on itself. If they actually wanted to change the way government does business it would start by providing constructive feedback, set reasonable, meaninful,obtainable goals for agencies and have agencies report on those goals as a measure of success.
One fact that OMB fails to mention in its criticism of agency IT management is the lack of resources to manage these projects. With all the Government downsizing Government employees having to do the work of three people and carry the weight of 3 jobs; project managers do have the luxury of sitting around writing reports and producing meaningless documents just to get to green. As mentioned in the article, there is no correlation between the amount of required "reporting" and project improvement.
KT | Thursday, October 25, 2007 | 07:56 AMABOUT THIS BLOG
Allan Holmes on what's happening and what's being discussed in the world of federal information technology.
feed