July 1, 2022

News

News Network

Information Technology: Agencies Need to Develop and Implement Modernization Plans for Critical Legacy Systems

3 min read
<div>What GAO Found In June 2019, GAO identified 10 critical federal information technology (IT) legacy systems that were most in need of modernization. These legacy systems provided vital support to agencies' missions. According to the agencies, these legacy systems ranged from about 8 to 51 years old and, collectively, cost about $337 million annually to operate and maintain. Several of the systems used older languages, such as Common Business Oriented Language (COBOL). GAO has previously reported that reliance on such languages has risks, such as a rise in procurement and operating costs, and a decrease in the availability of individuals with the proper skill sets. Further, several of the legacy systems were operating with known security vulnerabilities and unsupported hardware and software. Of the 10 agencies responsible for these legacy systems, GAO reported in June 2019 that seven agencies (the Departments of Defense, Homeland Security, the Interior, the Treasury; as well as the Office of Personnel Management; Small Business Administration; and Social Security Administration) had documented plans for modernizing the systems (see table). Of the seven agencies with plans, only the Departments of the Interior's and Defense's modernization plans included all of the key elements identified in best practices (milestones, a description of the work necessary to complete the modernization, and a plan for the disposition of the legacy system). The other five agencies lacked complete modernization plans. The Departments of Education, Health and Human Services, and Transportation did not have documented modernization plans. Table: Extent to Which Agencies' Had Documented Modernization Plans for Legacy Systems That Included Key Elements, as of June 2019 Agency Included milestones to complete the modernization Described work necessary to modernize system Summarized planned disposition of legacy system Department of Defense Yes Yes Yes Department of Education n/a – did not have a documented modernization plan Department of Health and Human Services n/a – did not have a documented modernization plan Department of Homeland Security No Yes No Department of the Interior Yes Yes Yes Department of the Treasury Partial Yes No Department of Transportation n/a – did not have a documented modernization plan Office of Personnel Management Partial Partial No Small Business Administration Yes No Yes Social Security Administration Partial Partial No Source: GAO analysis of agency modernization plans. | GAO-21-524T Agencies received a “partial” if the element was completed for a portion of the modernization. GAO stressed that, until the eight agencies established complete plans, their modernizations would face an increased risk of cost overruns, schedule delays, and project failure. Accordingly, GAO recommended that each of the eight develop such plans. However, to date, seven of the agencies had not done so. It is essential that agencies implement GAO's recommendations and these plans in order to meet mission needs, address security risks, and reduce operating costs. Why GAO Did This Study Each year, the federal government spends more than $100 billion on IT and cyber-related investments. Of this amount, agencies have typically spent about 80 percent on the operations and maintenance of existing IT investments, including legacy systems. However, federal legacy systems are becoming increasingly obsolete. In May 2016, GAO reported instances where agencies were using systems that had components that were at least 50 years old or the vendors were no longer providing support for hardware or software. Similarly, in June 2019 GAO reported that several of the federal government's most critical legacy systems used outdated languages, had unsupported hardware and software, and were operating with known security vulnerabilities. GAO was asked to testify on its June 2019 report on federal agencies' legacy systems. Specifically, GAO summarized (1) the critical federal legacy systems that we identified as most in need of modernization and (2) its evaluation of agencies' plans for modernizing them. GAO also provided updated information regarding agencies' implementation of its related recommendations.</div>

What GAO Found

In June 2019, GAO identified 10 critical federal information technology (IT) legacy systems that were most in need of modernization. These legacy systems provided vital support to agencies’ missions. According to the agencies, these legacy systems ranged from about 8 to 51 years old and, collectively, cost about $337 million annually to operate and maintain. Several of the systems used older languages, such as Common Business Oriented Language (COBOL). GAO has previously reported that reliance on such languages has risks, such as a rise in procurement and operating costs, and a decrease in the availability of individuals with the proper skill sets. Further, several of the legacy systems were operating with known security vulnerabilities and unsupported hardware and software.

Of the 10 agencies responsible for these legacy systems, GAO reported in June 2019 that seven agencies (the Departments of Defense, Homeland Security, the Interior, the Treasury; as well as the Office of Personnel Management; Small Business Administration; and Social Security Administration) had documented plans for modernizing the systems (see table). Of the seven agencies with plans, only the Departments of the Interior’s and Defense’s modernization plans included all of the key elements identified in best practices (milestones, a description of the work necessary to complete the modernization, and a plan for the disposition of the legacy system). The other five agencies lacked complete modernization plans. The Departments of Education, Health and Human Services, and Transportation did not have documented modernization plans.

Table: Extent to Which Agencies’ Had Documented Modernization Plans for Legacy Systems That Included Key Elements, as of June 2019

Agency

Included milestones to complete the modernization

Described work necessary to modernize system

Summarized planned disposition of legacy system

Department of Defense

Yes

Yes

Yes

Department of Education

n/a – did not have a documented modernization plan

Department of Health and Human Services

n/a – did not have a documented modernization plan

Department of Homeland Security

No

Yes

No

Department of the Interior

Yes

Yes

Yes

Department of the Treasury

Partial

Yes

No

Department of Transportation

n/a – did not have a documented modernization plan

Office of Personnel Management

Partial

Partial

No

Small Business Administration

Yes

No

Yes

Social Security Administration

Partial

Partial

No

Source: GAO analysis of agency modernization plans. | GAO-21-524T

Agencies received a “partial” if the element was completed for a portion of the modernization.

GAO stressed that, until the eight agencies established complete plans, their modernizations would face an increased risk of cost overruns, schedule delays, and project failure. Accordingly, GAO recommended that each of the eight develop such plans. However, to date, seven of the agencies had not done so. It is essential that agencies implement GAO’s recommendations and these plans in order to meet mission needs, address security risks, and reduce operating costs.

Why GAO Did This Study

Each year, the federal government spends more than $100 billion on IT and cyber-related investments. Of this amount, agencies have typically spent about 80 percent on the operations and maintenance of existing IT investments, including legacy systems. However, federal legacy systems are becoming increasingly obsolete. In May 2016, GAO reported instances where agencies were using systems that had components that were at least 50 years old or the vendors were no longer providing support for hardware or software. Similarly, in June 2019 GAO reported that several of the federal government’s most critical legacy systems used outdated languages, had unsupported hardware and software, and were operating with known security vulnerabilities.

GAO was asked to testify on its June 2019 report on federal agencies’ legacy systems. Specifically, GAO summarized (1) the critical federal legacy systems that we identified as most in need of modernization and (2) its evaluation of agencies’ plans for modernizing them. GAO also provided updated information regarding agencies’ implementation of its related recommendations.

More from:

Crime ACN News Network

Network News © 2005 Area.Control.Network™ All rights reserved.
All Rights Reserved © ACN 2020

ACN Privacy Policies
ACN TOS
Area Control Network (ACN)
Area Control Network
Area Control Network Center