The Department of Homeland Security Office of Inspector General plans to open a full investigation into the Federal Emergency Management Agency’s IT problems and policies after a February 2018 verification review found that the agency misled auditors about its compliance with previous IG recommendations.
According to a Feb. 26, 2018, memo issued by DHS acting Inspector General John V. Kelly, FEMA had previously provided six compliance updates on recommendations made in a November 2015 report, including updates that caused the IG to close its third recommendation that FEMA finalize an IT governance board charter.
The IG’s formal verification, however, discovered that those updates had misled inspectors as to the scope of IT improvement.
“Many of the issues we reported based on our prior audits in 2005, 2011 and 2015 remain unchanged, with adverse impact on day-to-day operations and mission readiness. Especially disconcerting, our recent work revealed that the justification that FEMA provided to support our closing recommendation three was misleading, as governance board procedures had not truly met the intent of the recommendation,” wrote Kelly.
The November 2015 report included five recommendations:
- Finalize necessary IT planning documents that reflect the current IT strategy of the organization and IT modernization initiatives;
- Execute the planning documents, using the milestones and metrics included in them to evaluate FEMA’s long-term progress in improving its IT management and operations;
- Finalize the IT Governance Board charter and expand the capacity of the board to make the board the IT decision-making authority for the agency;
- Implement a plan of action and milestones to address the integration and reporting limitations of existing systems; and
- Implement and enforce a standardized, agencywide process that sufficiently defines and prioritizes the acquisition, development, operation and maintenance requirements for all systems.
The verification found that, while FEMA CIO Adrian Gardner had assured the IG that the fiscal 2018 performance plan included corrective actions to address these recommendations, CIO office officials said that the Gardner had removed funding and resources needed to effectively address those recommendations.
“Given these deficiencies, we are suspending our verification review and will initiate a more comprehensive audit of FEMA’s IT management approach. We expect that this new audit will assist FEMA in resolving its longstanding IT issues, which can hamper disaster response efforts,” Kelly wrote.