The objective of our audit was to assess the Department’s compliance with Federal Information Technology Acquisition Reform Act (FITARA) Chief Information Officer (CIO) authority enhancements and other selected requirements.
The Department needed to improve its policy and implementation of all required CIO authority enhancements, its process for ensuring transparency and risk management of its information technology resources, and its compliance with FITARA PortfolioStat requirements. As a result, the Department is hindering its ability to achieve FITARA’s goals of better managing and securing information technology systems and acquisitions and to ensure that staff are aware of their roles and responsibilities within the process and that requirements are being appropriately implemented.
We made 12 recommendations, including that the Department fully implement and document the CIO authority enhancements as defined in the FITARA Common Baseline and ensure appropriate oversight of implementation, and that the CIO update, finalize, and implement policy on classifying major information technology investments to ensure that investments that are exempted from policy are clearly documented and the treatment of full-time equivalent costs is consistently applied.
See other OIG reports on FITARA.