Organizations spend significant resources developing, acquiring, and maintaining applications that manage critical information. To ensure proper governance over software development, the U.S. Postal Service uses development processes to ensure proper design, development, and testing of each new or modified application. The Postal Service has one of the country’s largest retail networks and has developed over 2,200 software applications to manage its business activities.
The Postal Service uses various processes to ensure each new or modified application is properly designed, developed, and tested. To remain competitive, it must use technology that continues to meet customer needs and achieve business goals. Currently, there are about 100 applications under development to optimize the value of the postal infrastructure and leverage technology to drive business value.
Our objective was to determine whether the Postal Service’s software development processes are adequate to manage development risk and reflect best practices.
What The OIG Found
The Postal Service does not consistently manage software development risk or properly develop and maintain documentation for applications in accordance with current Postal Service policies. We found that project teams are not always executing the required phases of the development process. Also, non-national (field) applications do not always adhere to the approved development processes and are not included in the governance and compliance process.
Further, we found the current governance and compliance review process does not ensure all software development complies with Postal Service policies. Finally, management is not consistently maintaining application status and proper documentation in the required repositories. We determined that management did not maintain 1,100 of the 3,451 required documents for the 71 applications we sampled.
These issues exist because current policy does not clearly define roles and responsibilities for documenting system requirements and testing system functionality. In addition, software development processes do not address non-national application development. Finally, management does not conduct quality reviews or follow-up to ensure all phases of the process are complete.
Without an adequate software development process, the Postal Service risks developing applications that do not meet customer needs or achieve business goals. In addition, there is a higher risk of cost overruns and project delays, which limit the organization’s ability to optimize infrastructure and leverage technology to drive business value. We identified potential schedule delays and cost overruns of about $4.5 million.
What The OIG Recommended
We recommended management define specific roles and responsibilities for the requirements and testing phases and ensure that all system requirements are documented and tested prior to migration to production. We also recommended management train personnel to test correctly. Finally, we recommended management revise policies to require quality reviews, update application status, and upload documentation at the completion of each development phase. Because of the 2014 cyber intrusion, management disallowed non-national application development; therefore, we are not recommending further action on this issue.