FEMA still lags on IT coordination, watchdog says


The Federal Emergency Management Agency has improved IT planning but has not been able to institute proposed governance changes, according to a new report.

The Department of Homeland Security's Office of Inspector General said FEMA has struggled to act on a proposed new IT management policy created in the wake of a critical 2011 report.

The OIG said part of the problem in implementing agencywide IT governance is the fact that the CIO does not have sufficient control or budget authority to lead in an increasingly decentralized IT environment.

FEMA, which spent $450 million on IT in fiscal 2014, has a CIO continuity issue that aggravates the governance problem, according to the OIG. In the past 10 years, the agency has had six CIOs who were appointed or served in an acting capacity, with an average tenure of 15 months. In the past three years, FEMA has had four CIOs.

FEMA's CIO is only directly responsible for $170 million, or about 38 percent, of the agency's overall IT spending.

The OIG recommended that FEMA finalize its plans for an IT governance board endowed with decision-making authority for the entire agency, rather than keeping that authority spread among nearly a dozen entities.

The report also recommends that FEMA implement and enforce an agencywide process to define and prioritize requirements for acquisition, development, and operations and maintenance of its IT systems.

"As a result of system limitations, end users engage in inefficient, time-consuming business practices that can increase the risk that disaster assistance and grants could be delayed and duplication of benefits can occur," the report states.

Additionally, the OIG said the current CIO was diverted from implementing reforms because of the demands of a critical CyberStat review by the Office of Management and Budget, the National Security Council and DHS that found "significant deficiencies" in FEMA's security posture. Fixing security problems while creating a larger IT modernization plan at the request of FEMA's deputy administrator took attention away from the governance issues cited in the OIG's report.

FEMA officials said they will finish strategic and organizational planning by the end of this year and expect to begin moving on key modernization projects -- including switching to cloud-based email, closing gaps in cybersecurity, and modernizing and integrating key business systems -- by the end of March 2016.

By July 2016, they plan to have agencywide IT acquisition standards in place that centralize budgeting and investment and put IT projects on an incremental development basis.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Comment
    customer experience (garagestock/Shutterstock.com)

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected