Report: FEMA IT systems not effective for disaster response
IG: Improvements under way but won't succeed without enterprise architecture, strategy
The Federal Emergency Management Agency’s legacy information systems are not fully capable of handling FEMA's mission requirements in a timely and effective manner, according to a new report from the agency's Office of the Inspector General.
FEMA will continue to struggle with gaps in its disaster response IT systems unless it develops a comprehensive strategic plan, IT inventory and enterprise architecture, Frank Deffer, assistant IG for IT audits, wrote in the report released April 19.
“FEMA has a number of IT infrastructure modernization initiatives under way,” Deffer wrote. “However, FEMA does not have a clear end-state vision for modernization of its IT infrastructure and mission-critical systems.”
FEMA mismanaged $40M IT system
FEMA needs better IT systems to cut the risk of double-dipping
Specifically, FEMA lacks a strategic plan and has not documented all business functions, information resources and IT systems needed for a baseline architecture, he wrote.
“Without these elements in place, FEMA is challenged to establish an effective approach to modernize its IT infrastructure and systems,” Deffer concluded.
Without modernization, FEMA’s existing systems will continue to struggle during crisis periods, the report added.
“FEMA’s legacy systems are not able to effectively support disaster response functions in a timely and effective manner,” Deffer wrote.
FEMA spent $391 million on IT systems in fiscal 2010, including $113 million for the Office of the CIO. Ten IT improvement programs are under way, including mobile access provision, data center consolidation and network consolidation.
Historically, FEMA’s program offices and field offices have developed IT projects independently of the CIO’s office. That has led to many IT programs lacking the ability to integrate with others in the department, the report states.
For example, FEMA’s ability to track and manage disaster-related funds is limited because its Integrated Financial Management Information System is not integrated with its ProTrac acquisitions IT system, the report states.
In addition, some FEMA systems, such as the National Emergency Management Information System, are not fully automated and require paperwork to complete, resulting in inefficiencies, especially during crisis response periods.
Since 2008, FEMA has completed several IT infrastructure upgrades, including improvements for security, desktop standards and network bandwidth. However, additional efforts are on hold until Homeland Security Department headquarters plans are further developed.
The report makes six recommendations for improvement: developing a comprehensive IT strategic plan, enterprise architecture, inventory, budget process, investment review authority and consolidated modernization approach.
In a response included in an appendix, FEMA CIO Jean Etzel generally agreed with the six recommendations but suggested that the report does not give FEMA enough credit for IT programs that have been carried out successfully.
The Office of the CIO “disagrees with the manner in which the narrative characterizes the present state of affairs at FEMA, primarily because it downplays or ignores the substantive and quantifiable progress that the organization has made since the IG’s last visit in 2008,” Etzel wrote.
At the same time, Etzel recognized shortcomings in the current approach.
“The FEMA CIO recognizes that the aforementioned conditions do not of themselves create an ideal IT modernization environment and that challenges remain,” Etzel added.
Deffer said he incorporated additional information about IT improvements, based on Etzel’s comments, into the final report.