All of this sounds terribly familiar.
One of the more entertaining and telling segments on cable news is the end-of-week Countdown feature on MSNBC, "What have we learned?" -- during which sardonic anchor Keith Olberman is quizzed about stories he covered during the previous week.
Each right answer saves him embarrassment. For every wrong answer, he makes a donation to charity.
The charities are having a pretty good year.
As telling, if much less entertaining, is the story that emerges from a review of IT-related reports from the Government Accountability Office, the audit, evaluation and investigative arm of Congress. The GAO's mandate extends only to federal agencies, although the shortcomings it identifies are common in state and local government.
Consider six themes that emerge from GAO reports issued in the last six months:
Follow Through -- In December 2004, the GAO assessed progress in implementing the E-Government Act of 2002. Tepid praise that "federal agencies have made progress" was tempered by the observation that, "in several cases, actions taken do not satisfy the requirements of the act or no significant action has been taken" -- even where the act only required a study.
Performance and Oversight -- In calling for improvements to oversight of the FCC's E-Rate program, which has subsidized network connectivity to the tune of $13 billion since 1998, the GAO lamented, "There was no way to tell whether the program has resulted in the cost-effective deployment and use of advanced telecommunications services for schools and libraries."
Project Management -- Concerned that a $300 million retirement system modernization would fall short of promised capabilities, the GAO warned that the sponsoring agency "lacks needed processes for developing and managing requirements, planning and managing project activities, managing risks, and providing sound information to investment decision-makers." In a separate report on a multiyear, multibillion-dollar system for the customs service, the GAO cautioned that delays in managing dependencies between it and related systems would "increase the chances that later system rework will be needed to allow the programs to interoperate."
Information Security -- The GAO's review of the Federal Information Security Management Act's implementation of 2002 returned to a theme it first identified in 1997 with a warning that "poor information security is a widespread problem that has potentially devastating consequences." In a separate report on weak controls at the Securities and Exchange Commission, the GAO points to results of not having a comprehensive security program, "Sensitive data -- including payroll and financial transactions, personnel data, regulatory, and other mission-critical information -- were at increased risk of unauthorized disclosure, modification, or loss, possibly without detection."
Information Accuracy and Integrity -- The GAO found that the U.S. Department of Agriculture's recent $10.3 million investment in improvements to a housing eligibility system has done nothing to improve the accuracy of the underlying data. "Unless steps are taken to ensure that the data entered into the systems are accurate, simply upgrading the systems will not result in correct benefits."
Savings Estimates are Big, Round ... and Probably Wrong -- Estimates from the Department of Health and Human Services that IT could help mine $30 billion a year out of the bloated $1.7 trillion U.S. health-care delivery system were withdrawn after both the math and the underlying assumptions broke down -- the GAO and HHS took a second look and were unable to reliably quantify savings.
In six short months, the GAO revisited the key characteristics of comprehensive IT governance and vividly illustrated why they are important. Most of them are classic IT disciplines that have come to suffer from benign neglect or the corrupting influence of political compromise. Perhaps the weakest among them is the tendency among technology leaders to defer to others on financial considerations, which is the surest way to lose control of the project and expectations around it.
The public-sector IT community is fond of the term "lessons learned," but given that such problems continue to plague government decades after most of its critical processes were first automated, we may not have earned the right to use it.