According to a recently published report from the U.S. Government Accountability Office (GAO), the Transportation Security Administration (TSA) should use sound program management and oversight practices in its technology infrastructure modernization (TIM) plan to avoid repeating past mistakes.
Initiated in 2008, TSA’s TIM program sought to enhance the sophistication of its security threat assessments and to improve the capacity of its supporting systems. However, significant cost and schedule overruns, as well as performance issues, led to the program being suspended in January 2015 as the agency developed a new implementation strategy.
The program was rebaselined in September 2016 and was estimated to cost approximately $1.27 billion and be fully operational by 2021 — $639 million more and six years later than originally planned.
GAO was tasked by Congress to review TIM’s new implementation strategy, including what key practices were selected for transitioning to Agile software development and if TSA and the U.S. Department of Homeland Security (DHS) were effectively overseeing TIM’s cost, schedule, and performance.
While TSA’s new TIM strategy includes the use of Agile software development, the report said the program only fully implemented two of six leading practices necessary to ensure successful Agile adoption.
Specifically, both TSA and DHS leadership fully committed to adopt Agile and provide training. Yet, the program did not define key roles and responsibilities nor did it implement prioritized system requirements or implement automated capabilities essential to successful Agile adoption.
Though TSA and DHS documented policies and procedures over governance of TIM implementation, GAO said the two agencies did not finalize other key oversight documents, including a risk management plan for Agile.
Further, TSA did not establish thresholds or targets for oversight bodies to ensure that the program was meeting acceptable levels of performance. GAO also noted that TIM’s reported performance data were, at times, not complete or accurate.
The office attributed gaps in oversight and governance to a number of issues including TSA officials not updating key program management documentation and DHS leadership not obtaining consensus on needed oversight and governance changes related to Agile programs.
To address issues found in its report, GAO recommended a total of 14 changes to TSA and DHS oversight policies, including that the TSA Administrator ensure that TIM management offices implement specific time frames for determining implementation details, a schedule for planned completion dates, and for implementing actions identified in the organization change management strategy.
DHS agreed with all 14 GAO recommendations.