Information Technology: Better Management of Interdependencies between Programs Supporting 2020 Census Is Needed
Highlights
What GAO Found
The three selected Census Enterprise Data Collection and Processing (CEDCAP) projects (of 12 total) in GAO's review partially met best practices for monitoring and controlling. For example, the projects fully met the best practice of establishing a process for taking corrective actions if issues are identified, but they did not fully meet the practice of identifying significant performance deviations. Until project officials implement missing practices, they will be limited in their abilities to monitor and control costs, schedules, and performance.
The 2020 Census program is heavily dependent upon CEDCAP to deliver the key systems needed to support the 2020 Census redesign. However, while the two programs have taken steps to coordinate their schedules, risks, and requirements, they lacked effective processes for managing their interdependencies. Specifically:
- Among tens of thousands of schedule activities, the two programs are expected to manually identify activities that are dependent on each other, and rather than establishing one integrated dependency schedule, the programs maintain two separate dependency schedules. This has contributed to misalignment in milestones between the programs.
- The programs do not have an integrated list of interdependent program risks, and thus they do not always recognize the same risks that impact both programs.
- Among other things, key requirements have not been defined for validating responses from individuals who respond to the census using an address instead of a Bureau-assigned identification number, because of the Bureau's limited knowledge and experience in this area. The lack of knowledge and specific requirements related to this critical function is concerning, given that there is about a year remaining before the Census end-to-end test begins in August 2017 (which is intended to test all key systems and operations to ensure readiness for the 2020 Census).
Officials have acknowledged these weaknesses and reported that they are taking, or plan to take, steps to address the issues. However, until these interdependencies are managed more effectively, the Bureau will be limited in understanding the work needed by both programs to meet milestones, mitigate major risks, and ensure that requirements are appropriately identified.
While the large-scale technological changes for the 2020 Decennial Census introduce great potential for efficiency and effectiveness gains, they also introduce many information security challenges. For example, the introduction of an option for households to respond using the Internet puts respondents at greater risk for phishing attacks (requests for information from authentic-looking, but fake, e-mails and websites). In addition, because the Bureau plans to allow its enumerators to use mobile devices to collect information from households that did not self-respond to the survey, it is important that the Bureau ensures that these devices are adequately protected. The Bureau has begun efforts to address many of these challenges; as it begins implementing the 2020 Census design, continued focus on these considerable security challenges will be critical.
Why GAO Did This Study
The Department of Commerce's U.S. Census Bureau plans to significantly change the methods and technology it uses to count the population with the 2020 Decennial Census. The Bureau's redesign of the census relies on the acquisition and development of many new and modified systems. Several of the key systems are to be provided by an enterprise-wide initiative called CEDCAP, which is a large and complex modernization program intended to deliver a system-of-systems for all survey data collection and processing functions.
GAO's objectives for this review included (1) evaluating the extent to which the Bureau is implementing best practices in monitoring and controlling three selected CEDCAP projects, (2) determining the extent to which the Bureau is adequately managing the interdependencies between the CEDCAP and 2020 Census programs, and (3) describing key information security challenges the Bureau faces in implementing the 2020 Census design. GAO selected the three high-priority projects planned for the 2020 design; reviewed Bureau documentation such as project plans and schedules and compared them against relevant guidance; and analyzed information security reports and documents.
Recommendations
GAO is making eight recommendations to the Department of Commerce in the areas of project monitoring and control and in managing interdependencies related to schedule, risk, and requirements. The department agreed with all eight recommendations and indicated that it will be taking actions to address them.
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Department of Commerce | To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to update the CEDCAP program office cost estimate to reflect the current status of the program as soon as appropriate information becomes available. |
The Department of Commerce agreed with our recommendation and has taken steps to implement it. Specifically, in May 2017, the Census Bureau completed an update of the CEDCAP program office cost estimate. The updated cost estimate was based on a CEDCAP cost analysis requirements description, which explained the current technical and programmatic features of the program and the basis for the updated program office estimate. As a result, the Bureau is better positioned to deliver the CEDCAP program.
|
Department of Commerce | To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to ensure that updates to the status of risks are consistently documented for CEDCAP's Internet and Mobile Data Collection and Survey (and Listing) Interview Operational Control projects. |
The Department of Commerce agreed with our recommendation and has taken steps to implement it. From September 2017 to January 2018, the Census Bureau provided risk registers on a monthly basis that consistently documented updates to the status of risks for the Census Enterprise Data Collection and Processing (CEDCAP) projects related to Internet self-response and operational control. As a result, the Bureau is more likely to have comprehensive information on how risks are being managed and better positioned to deliver the CEDCAP program.
|
Department of Commerce | TTo ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to ensure that CEDCAP's Internet and Mobile Data Collection, Survey (and Listing) Interview Operational Control, and Centralized Operational Analysis and Control projects establish detailed risk mitigation plans on a consistent basis and that the Internet and Mobile Data Collection and Centralized Operational Analysis and Control projects establish trigger events for all relevant risks. |
The Department of Commerce agreed with our recommendation and has taken steps to implement it. From September 2017 to January 2018, the Census Bureau provided updated risk registers on a monthly basis that consistently documented detailed risk mitigation plans for the Census Enterprise Data Collection and Processing (CEDCAP) projects related to Internet self-response and operational control. The risk registers also documented trigger events for all relevant risks for these projects. As a result, the Bureau is better able to identify potential problems before they occur, mitigate adverse impacts to project objectives, and deliver the CEDCAP program.
|
Department of Commerce | To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to define, document, and implement a repeatable process to establish complete alignment between CEDCAP and 2020 Census programs by, for example, maintaining a single dependency schedule. |
The Department of Commerce agreed with our recommendation and has taken steps to implement it. In April 2018, the Census Bureau provided an updated version of the 2020 Census Integrated Master Schedule that included key dates for each of the 10 Census Enterprise Data Collection and Processing (CEDCAP) projects. This documentation demonstrated that the Bureau was planning and measuring CEDCAP and 2020 Census Program operations according to the same agreed upon timeframes. As a result, the Bureau is better positioned to deliver the CEDCAP program in support of the planning and execution needs of the 2020 Census program.
|
Department of Commerce | To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to establish a comprehensive and integrated list of all interdependent risks facing the CEDCAP and 2020 Census programs, and clearly identify roles and responsibilities for managing this list. |
The Department of Commerce agreed with our recommendation and has taken steps to implement it. In May 2018, the Census Bureau updated its 2020 Risk and Issue Management Plan, which documented the process for including the Census Enterprise Data Collection and Processing (CEDCAP) program risks and issues in the 2020 Census program risk and issue registers. The plan also includes clearly identified roles and responsibilities for managing the 2020 Census program risk and issue registers. In March and April 2018, the Bureau provided us with 2020 Census program risk registers that included CEDCAP risks. As a result, the Bureau is better positioned to ensure that CEDCAP program risks and issues are managed to support the planning and execution needs of the 2020 Census program.
|
Department of Commerce | To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to finalize documentation of processes for managing requirements for CEDCAP. |
The Department of Commerce agreed with our recommendation and has taken steps to implement it. In November 2016, the Census Bureau finalized its Enterprise Requirements Management Plan, which documented the process for managing the requirements for its Census Enterprise Data Collection and Processing (CEDCAP) program. As a result, the Bureau is better positioned to ensure that CEDCAP program requirements are managed to support the planning and execution needs of the program.
|
Department of Commerce | To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to identify when the 74 requirements related to redistricting data program and data products and dissemination will be tested. |
The Department of Commerce agreed with our recommendation and has taken steps to implement it. Specifically, in February 2018, the Census Bureau documented plans to include program-level integration testing of the 74 requirements related to the redistricting program and data products as part of the 2018 End-to-End Census Test and complete the testing by April 2019. As a result, the Bureau is better positioned to deliver CEDCAP as it relates to the redistricting data program and data products and dissemination.
|
Department of Commerce | To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to make developing a better understanding of and identifying requirements related to non-ID response validation a high and immediate priority, or consider alternatives to avoid late definition of such requirements. |
The Department of Commerce agreed with our recommendation and has taken steps to implement it. In March 2020, the Census Bureau deployed its Self-Response Quality Assurance System that included functionality for, among other things, validating responses that were submitted by respondents without a unique Census ID number (known as non-ID response validation). As a result, the Bureau is better positioned to identify whether fraudulent 2020 Census responses have been submitted or whether further investigation will be needed.
|