The Department of Homeland Security is making solid progress on implementing the IT acquisition law known as FITARA, but the department’s chief information officer must intensify oversight of deals, the Governmental Accountability Office recommends in a new report.
After looking at a sampling of DHS’s action plans under the Federal Information Technology Acquisition Reform Act, the GAO determined that “until the Office of the CIO determines how to increase its review of contracts and agreements, the CIO will continue to have limited visibility into planned IT expenditures.”
The GAO said it found that the CIO’s office has stepped back from overseeing some of DHS’s major IT investments.
“DHS’s Office of the CIO was conducting risk evaluations of major IT investments and updating the ratings on the Office of Management and Budget’s (OMB) public website known as the IT Dashboard, as required by FITARA,” the GAO reported. “However, in October 2016, DHS changed its process for evaluating 30 of DHS’s 93 major IT investments and, as a result, the CIO is no longer primarily responsible for the evaluations or associated risk ratings that are publicly reported for these investments.”
In late April, a DHS official wrote to the GAO to say that the department concurs with the report’s recommendations.
“Until DHS addresses these challenges, the goal of FITARA to elevate the role of the department CIO in acquisition management will not be fully realized,” the GAO said.
The GAO sampled 31 action plans out of the 109 that DHS had reported as complete. Of the plans that GAO examined, 28 were complete.
Based on its findings, the GAO said the department should:
- Finalize its TechStat policy for reviewing IT investments.
- Update its IT Acquisition Review governance process to increase the number of contracts and agreements reviewed at the CIO level.
- Implement a plan for identifying all employees in the “IT acquisition cadre” and assess whether they have the “specialized skills and knowledge needed” under procurement rules.
- Identify “future IT skillset needs as a result of DHS’s new delivery model,” conduct an analysis of any skills gap and resolve it.
- Update its acquisition policies and guidance “to be consistent in identifying that the DHS CIO is to certify investments’ incremental development activities.”
- Update “DHS headquarters’, Customs and Border Protection’s, and U.S. Coast Guard’s processes to track, for all contracts and agreements, the IT investment with which each is associated.”
- Update how the office of the CIO reports ratings of major IT investments to the OMB Dashboard.