Agencies determined investments’ Chief Information Officer (CIO) ratings using a variety of processes, which included the Office of Management and Budget’s (OMB) six suggested factors (including risk management, requirements management, and historical performance). Specifically, all 17 selected agencies incorporated at least two of OMB’s factors into their risk rating processes and 9 used all of the factors. However, agencies’ interpretations of these factors varied. For example, most agencies considered active risks, such as funding cuts or staffing changes, when rating investments, but others only evaluated compliance with the agency’s risk management processes. Further, 13 agencies required monthly updates to CIO ratings as does OMB (as of June 2015), 1 agency scheduled its reviews based on risk, and 3 agencies required updates less often than on a monthly basis.
Source: U.S. GAO – IT Dashboard: Agencies Need to Fully Consider Risks When Rating Their Major Investments
GAO Bid Protest Annual Report to Congress for Fiscal Year 2015 | GAO
This letter responds to the requirements of the Competition in Contracting Act of 1984, 31 U.S.C.
