IT Modernization: Three Takeaways from the GAO 2019 Study
Federal Agencies Need to Develop Modernization Plans for Critical Legacy Systems
This blog post provides a summary of the GAO 2019 study conducted to identify the state of the state of IT modernization across U.S. federal agencies.
In June 2019, the GAO published this report detailing the agencies that most need to develop IT modernizations plans. To identify the most critical legacy systems in need of modernization, GAO contacted the 24 federal agencies that are covered by the Chief Financial Officers Act of 1990. All 24 agencies provided a list of their systems most in need of IT modernization. This resulted in a list of 65 systems.
For the report, GAO analyzed these 65 legacy systems to:
- Identify the most critical legacy systems in need of modernization
- Evaluate their plans for IT modernization
- Identify examples of mainframe modernization initiatives that agencies considered successful.
Most Critical Legacy Systems in Need of Modernization
Of these 65 systems, the GAO identified the top 10 most in need of modernization based on attributes such as age, criticality, and risk. The GAO then analyzed agencies’ modernization plans for the 10 selected legacy systems against key IT modernization best practices. Table 1 summarizes what the study found.
The top 10 systems in need of modernization range from eight to 50 years old. Several of these systems:
- Use older languages such as COBOL and assembly language code, introducing risk since COBOL developers are in short supply as Baby Boomers retire
- Have known security vulnerabilities such as DH’s Federal Emergency Management Agency’s 249 reported vulnerabilities, of which 168 were considered high or critical risk to the network
- Use unsupported hardware and software, again making these systems vulnerable to security issues and performance problems
Plans for IT Modernization
Of these 10 agencies with critical systems most in need of modernization, three agencies – Education, Health and Human Services (HHS), and Transportation - do not have documented modernization plans for their critical legacy systems.
The remaining seven agencies have documented modernizations plans but only DOD and Interior have plans that address three key elements while the remaining five agencies have modernizations plans that do not address one or more of the three key elements (see Table 2).
In this report, the GAO makes eight recommendations to each of the eight agencies to ensure that they document modernization plans for the selected legacy systems. All eight agencies agreed with the GAO’s findings and recommendations, and seven of the agencies described plans to address the recommendations.
Example IT Modernization Successes
The 24 Chief Financial Officers Act agencies identified a total of 94 examples of successful modernizations of legacy systems undertaken in the last 5 years. Of these examples, the GAO identified five agency successes.
Table 3 lists the five examples of successful IT modernization initiatives, as reported by their respective agencies, as well as the reported benefits related to those initiatives.
Department of Defense (DOD)
Standard Base Supply Systems and Enterprise Solution-Supply
- Avoided spending $11 million on costs associated with hosting the system due to decommissioning the legacy system earlier than anticipated
- Avoided spending $25 million annually on hosting costs
- Minimized the use of legacy code, which can be costly and difficult to maintain
Department of Education
Direct Loan Consolidation System
- Improved customer experience through website consolidation
- Consolidated customer call centers
- Reduced applicant data entry errors by prepopulating data from another system
- Reduced the amount of oversight required by lowering the number of contractors and systems
- Closed multiple critical security vulnerabilities
- Improved customer service
Department of Homeland Security (DHS)
Employing Shared Services/Cloud
- Realized cumulative $1.6 billion in cost savings
- Streamlined the supply chain for IT services
- Reduced the amount of labor needed to maintain legacy systems and software
- Enhanced security
Department of Treasury
Treasury Offset Program
- Enhanced revenue by $759 million by collecting delinquent debts
- Increased system efficiency
- Reduced time spent on manual interventions to keep the system from failing
- Automated testing and deployment pipeline, reducing risk and cost
Social Security Administration (SSA)
Representative Payee System
- Improved users’ ability to find data related to criminal history and fraud
- Increased security by becoming compliant with current agency standards and federal guidelines
- Improved business processes, such as search capability
- Improved ability to identify criminal and fraudulent data
- Improved system performance and incorporated user requested features
In 2019, the federal government plans to spend over $90 billion on IT with 80 percent of this budget allocated to operate and maintain existing IT investments, including aging legacy systems. Worst yet, these legacy systems will cost more money and introduce even more security risks and performance problems as they continue to age.
Most of the agencies studied in this report do not have complete plans to modernize their legacy systems and in the absence of these plans, “the agencies increase the likelihood of cost overruns, schedule delays, and overall project failure.”
But IT modernization is possible as demonstrated by the five agencies who have successfully modernized. In particular, the DOD, which is the first success story cited in this report, is an Astadia customer. Successes such as this clearly demonstrate the bottom line: IT modernization delivers substantial savings and exceptional security and performance benefits.
How Astadia Can Help?
Astadia worked with the DOD to modernize its aircraft maintenance system, reducing IT costs by 90 percent. For more information on this IT modernization success story, read the case study.