Homeland Security

GAO: DHS coming up short on FITARA implementation

Shutterstock image: charting data. 

The Department of Homeland Security needs stronger IT contract evaluation and approval by its CIO in order to fully comply with the Federal IT Acquisition Reform Act, according to a new Government Accountability Office report.

Under FITARA, agency CIOs must review and approve IT contracts associated with major investments, but according to the report, the DHS CIO "did not participate in the approval of any of the 48 contracts in GAO's sample associated with major investments." DHS's CIO is now Richard Staropoli, but he was appointed by President Donald Trump only in late April. Luke McCormack was Staropoli's predecessor as DHS CIO.

GAO reviewed 131 action plans developed by DHS to implement FITARA as well as DHS's IT acquisition human capital, data consolidation and IT program risk assessment plans. GAO then conducted a deeper review of 31 of the 109 action plans DHS said it had completed.

The report found that DHS has not successfully implemented three of the reviewed action plans, including using the updated TechStat process to support troubled IT programs.

Further, GAO said the DHS CIO is no longer conducting risk evaluations of 30 IT investments and updating the ratings on the Office of Management and Budget's IT Dashboard in accordance with FITARA.

"Instead, multiple DHS organizations and officials are to evaluate these investments and the CIO's assessment only accounts for about 18 percent of the total score," states the GAO study.

The report also states that the CIO did not prioritize reviews of major IT contracts with known performance problems, and "there were many contracts and interagency agreements in our sample for which DHS officials were unable to map to a major or non-major IT investment; as such, they could not ensure that these contracts and agreements were reviewed by the appropriate officials."

In addition, GAO found that DHS is not meeting the human capital requirements of FITARA, stating: "the department faces challenges in strengthening its IT acquisition cadre because it has not yet identified the specific positions or personnel that are to be included in the cadre."

GAO did note that DHS has taken steps towards bringing CIO acquisition approval in line with FITARA, but that more action is necessary.

The report makes seven recommendations, including updating DHS's IT acquisition review governance process, updating IT risk assessment procedures to ensure the CIO is reporting assessments to the OMB Dashboard and implementing a plan to identify future IT skillset needs and resolving any gaps identified.

DHS concurred with all seven recommendations, and noted in a letter included in the report that "as of April 2017, the Department has completed approximately 95 percent of FITARA action items."

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.