Homeland Security

GAO: DHS coming up short on FITARA implementation

Shutterstock image: charting data. 

The Department of Homeland Security needs stronger IT contract evaluation and approval by its CIO in order to fully comply with the Federal IT Acquisition Reform Act, according to a new Government Accountability Office report.

Under FITARA, agency CIOs must review and approve IT contracts associated with major investments, but according to the report, the DHS CIO "did not participate in the approval of any of the 48 contracts in GAO's sample associated with major investments." DHS's CIO is now Richard Staropoli, but he was appointed by President Donald Trump only in late April. Luke McCormack was Staropoli's predecessor as DHS CIO.

GAO reviewed 131 action plans developed by DHS to implement FITARA as well as DHS's IT acquisition human capital, data consolidation and IT program risk assessment plans. GAO then conducted a deeper review of 31 of the 109 action plans DHS said it had completed.

The report found that DHS has not successfully implemented three of the reviewed action plans, including using the updated TechStat process to support troubled IT programs.

Further, GAO said the DHS CIO is no longer conducting risk evaluations of 30 IT investments and updating the ratings on the Office of Management and Budget's IT Dashboard in accordance with FITARA.

"Instead, multiple DHS organizations and officials are to evaluate these investments and the CIO's assessment only accounts for about 18 percent of the total score," states the GAO study.

The report also states that the CIO did not prioritize reviews of major IT contracts with known performance problems, and "there were many contracts and interagency agreements in our sample for which DHS officials were unable to map to a major or non-major IT investment; as such, they could not ensure that these contracts and agreements were reviewed by the appropriate officials."

In addition, GAO found that DHS is not meeting the human capital requirements of FITARA, stating: "the department faces challenges in strengthening its IT acquisition cadre because it has not yet identified the specific positions or personnel that are to be included in the cadre."

GAO did note that DHS has taken steps towards bringing CIO acquisition approval in line with FITARA, but that more action is necessary.

The report makes seven recommendations, including updating DHS's IT acquisition review governance process, updating IT risk assessment procedures to ensure the CIO is reporting assessments to the OMB Dashboard and implementing a plan to identify future IT skillset needs and resolving any gaps identified.

DHS concurred with all seven recommendations, and noted in a letter included in the report that "as of April 2017, the Department has completed approximately 95 percent of FITARA action items."

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.