Many agencies are falling short of meeting requirements under the Federal Information Technology Acquisition Reform Act that they present IT contracts to the agency CIO office to review and approve, GAO has said.

GAO sampled 22 agencies, finding that they had identified more than 78,000 IT-related contracts to which they obligated $14.7 billion in fiscal 2016. However, the GAO’s own work identified above 31,000 more worth another $4.5 billion.

Compliance varied greatly: the State Department identified nearly all of its contracts for FITARA purposes, all but 1 percent, while eight agencies did not identify over 40 percent of theirs.

Further, 14 agencies did not involve the acquisition office in their process to identify contracts for CIO review as required by OMB guidance, and seven did not issue their own guidance to aid in recognizing IT contracts. “Until agencies involve the acquisitions office in their IT identification processes and establish supporting guidance, they cannot ensure that they will identify all IT acquisitions. Without proper identification of IT acquisitions, agencies and CIOs cannot effectively provide oversight of these acquisitions,” GAO said.

Similarly, 14 of the agencies did not fully satisfy OMB’s requirement that the CIO review and approve IT acquisition plans or strategies. Only 11 of 96 randomly selected contracts at 10 agencies that GAO evaluated were CIO-reviewed and approved as required by OMB’s guidance.

“Until agencies ensure that CIOs review and approve IT acquisitions, CIOs will continue to have limited visibility and input into their agencies’ planned IT expenditures and will not be able to use the increased authority that FITARA’s contract approval provision is intended to provide. Further, agencies will likely miss an opportunity to strengthen CIOs’ authority and the oversight of IT acquisitions. As a result, agencies may award IT contracts that are duplicative, wasteful, or poorly conceived,” the report said.