GAO, headed by the Comptroller General of the United States, is an independent, nonpartisan agency that works for Congress. As part of their mission to investigate how the Federal Government spends taxpayer dollars, they conduct evaluations of agencies’ information security policies and practices. (Government Accountability Office (GAO). About GAO - Overview.) The House Committee on Oversight and Reform working with GAO releases a scorecard every six months evaluating federal agencies’ implementation of FITARA. (House Committee on Oversight and Reform. FITARA 9.0. 12/11/2019.)
In 2004, GAO recommended to Congress in GAO-04-823 a restructuring of the IT management and reporting responsibilities for the CIO. The GAO identified the full scope of the CIO role and any needed revisions to the Clinger-Cohen Act to increase the efficiency and strength of this title in GAO-11-634. A 2017 GAO forum identified key tasks and actions to strengthen FITARA and enhance the CIO role. In 2018, GAO published a report GAO-18-93 with proposals to OMB and 24 federal agencies to increase CIO efficiency in fulfilling their responsibilities in each of six IT management areas. OMB released FITARA guidance requiring CAOs to accurately inform CIOs of IT contracts for revision and approval. GAO explored in GAO 18-42 the role of CIOs in reviewing and approving IT acquisitions. In the findings, GAO strongly advised federal agencies to “involve the acquisition office in their process to identify IT acquisitions for CIO review, as required by OMB.” (GAO-18-42. Agencies Need to Involve Chief Information Officers in Reviewing Billions of Dollars in Acquisitions. January 2018.)
GAO Auditing
GAO is an independent, nonpartisan agency that is headed by the Comptroller General and works for Congress and is tasked with examining how taxpayer dollars are spent and providing Congress and federal agencies with objective and reliable information to help the government save money and work more efficiently. (Government Accountability Office (GAO). About GAO - Overview.) One of the GAO’s functions is auditing government entities in order to provide essential accountability and transparency over government programs, as well as providing best practices. GAO works with the House Committee on Oversight and Reform to release a scorecard every six months grading federal agencies on their implementation of FITARA. The FITARA scorecard reflects agency performance in eight FITARA-related categories: incremental development, risk reporting, portfolio management, data-center consolidation, software licensing, modernizing government technology, information security management, and CIO reporting structure. (House Committee on Oversight and Reform. FITARA 9.0. 12/11/2019.) GAO’s auditing standards can be found in the Yellow Book and GAO provides additional standard-setting guides such as the Financial Audit Manual, Federal Information Systems Controls Audit Manual, and the Standards for Internal Control in the Federal Government, also known as the Green Book. (GAO. About GAO - Role as an Audit Institution.) GAO’s reports are submitted to Congress and in the reports, GAO will often make recommendations to OMB and agencies. One recent and relevant GAO report is GAO-18-93, [Federal Chief Information Officers: Critical Actions Needed to Address Shortcomings and Challenges in Implementing Responsibilities] which identified problems, made recommendations, and helped lead to EO 1388, [Enhancing the Effectiveness of Agency Chief Information Officers]. (GAO-18-93. Critical Actions Needed to Address Shortcomings and Challenges in Implementing Responsibilities. August 2018.)