Information Technology

DHS Needs to Fully Define and Implement Policies and Procedures for Effectively Managing Investments Gao ID: GAO-07-424 April 27, 2007

The Department of Homeland Security (DHS) relies extensively on information technology (IT) to carry out its mission. For fiscal year 2008, DHS requested about $4 billion--the third largest planned IT expenditure among federal departments. Given the size and significance of DHS's IT investments, GAO's objectives were to determine whether DHS (1) has established the management structure and associated policies and procedures needed to effectively manage these investments and (2) is implementing key practices needed to effectively control them. GAO used its IT Investment Management (ITIM) framework and associated methodology to address these objectives, focusing on the framework's stages related to the investment management provisions of the Clinger-Cohen Act.

DHS has established the management structure to effectively manage its investments. However, the department has yet to fully define 8 of the 11 related policies and procedures that GAO's ITIM framework defines. Specifically, while DHS has documented the policies and related procedures for project-level management, some of these procedures do not include key elements. For example, procedures for selecting investments do not cite either the specific criteria or steps for prioritizing and selecting new IT proposals. In addition, the department has yet to define most of the policies associated with managing its IT projects as investment portfolios. Officials attributed the absence of policies and procedures at the portfolio level to other investment management priorities. Until DHS fully defines and documents policies and procedures for investment management, it risks selecting investments that will not meet mission needs in the most cost-effective manner. DHS has also not fully implemented the key practices needed to actually control investments--either at the project level or at the portfolio level. For example, according to DHS officials and the department's control review schedule, DHS investment boards have not conducted regular investment reviews. Further, while GAO found that control activities are sometimes performed, they are not performed consistently across projects. In addition, because the policies and procedures for portfolio management have yet to be defined, control of the department's investment portfolios is ad hoc, according to DHS officials. Officials told GAO that they have recently hired a portfolio manager and are recruiting another one to strengthen IT investment management. Until DHS fully implements processes to control its investments, both at the project and portfolio levels, it increases the risk of not meeting cost, schedule, benefit, and risk expectations.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.