The Federal Emergency Management Agency has not fully implemented steps to modernize its grants management operations, according to a Government Accountability Office report released Tuesday.
While FEMA made steps to assess business and performance goals, track the delivery of information technology requirements and incorporate stakeholder input, the agency is still facing challenges on implementing leading business practices and tracing requirements under the Grants Management Modernization program, according to the report.
FEMA has not improved its security controls assessment procedures or established corrective action plans for medium and low-risk system vulnerabilities. The grant program schedule was “inconsistent with leading practices,” and its final delivery date of September 2020 was not based on a realistic assessment of activities under the program.
“Developing sound cost and schedule estimates is necessary to ensure that FEMA has a clear understanding of program risks,” the report stated.
GAO recommends FEMA to take action based on leading practices involving requirements management, reengineering procedures, scheduling and cybersecurity implementation.