While a solution appears to be in play for the agency's budget shortfall, deficiencies in the tech workforce remain a cause for concern.
The Office of Personnel Management continues to face problems with its information technology posture – a crisis with roots in the devastating 2015 hack of the agency's employee database.
In the wake of the hack, OPM's background check function was transferred to the Department of Defense, setting up a funding imbalance that hasn't been completely resolved. Additionally, the hack focused increased attention on OPM's portfolio of legacy systems that required modernization.
"While OPM has made significant progress toward improving and modernizing its technology environment, many challenges remain including obsolete mission-critical applications, outdated infrastructure and processes, and an ineffective technology business model," auditors wrote in the annual management challenges report covering fiscal year 2023.
The report credits current CIO Guy Cavallo with getting a senior leadership team in place and with taking steps to knock out lingering audit recommendations from past OIG reports. OPM's information technology posture remains a significant management challenge in part because of concerns about vacancies resulting from IT professionals departing the agency during the failed effort under the Trump administration to merge OPM into the General Services Administration, the report states.
The background investigation work, which OPM conducted on behalf of other federal agencies on a fee-for-service basis, was one of the agency's key sources of revenue. The loss of that funding led to multimillion dollar agency shortfalls which took a toll on tech operations.
The OIG has removed the shortfall from the list of management challenges, "because the current agency leadership is preparing and submitting budget requests based on its analysis of OPM’s future needs and priorities and working toward implementing that vision."
While the financial shortfall may no longer be a burning issue, OPM's role in the transition of the legacy background investigation system to an agency inside DOD "will continue to distract OPM from its own goals until at least the end of calendar year 2024," the report states
The watchdog also notes that the agency has been using nontraditional funding techniques and cost-cutting to supplement traditional appropriations.
Last year, the agency got a $9.9 million award from the Technology Modernization Fund for a zero trust networking project. OPM also uses an IT working capital fund and is using the conversion of siloed to enterprise contracts and moving to the cloud to cut costs, according to the report.