The Government Accountability Office has called on the Department of Homeland Security to fully implement action plans under the Federal Information Technology Acquisition Reform Act and to increase the agency chief information officer’s involvement in IT contracts.
DHS has fully accomplished 28 of 31 FITARA action plans that GAO evaluated but the department has yet to implement all aspects of three action plans as of December 2016, GAO said Thursday.
Auditors also assessed 48 DHS contracts associated with major IT investments and found that the DHS CIO did not participate in the approval process of any of the contracts.
FITARA directs agency CIOs to review and approve IT contracts and agreements associated with major programs prior to award.
The legislation also requires CIOs to perform risk evaluations of major IT investments and update risk ratings on the Office of Management and Budget‘s public website dubbed IT Dashboard.
DHS changed its evaluation process for 30 of 93 major IT investments in October 2016, removing the CIO’s responsibility to evaluate or provide risk ratings for the investments, GAO reported.
Under the new process, multiple DHS organizations and officials evaluate the investments and the CIO’s assessment accounts for approximately 18 percent of the total score.
GAO said the process change poses challenges to the DHS CIO’s capacity to publicly report risk ratings.