IT GRC Forum

FacebookJoin our Linkedin Group!Follow us on Twitter!Subscribe to our Feeds!
E-mail

GAO: More Work Remains for HUD to Implement Necessary IT Management Controls

March 29, 2012 - The GAO found taht HUD has made progress in implementing prior GAO recommendations on modernizing its IT environment; however more actions are needed. In 2009, GAO reported that HUD lacked key IT management controls; which are essential to achieving successful outcomes.

Specifically,

  • Although the department had established an IT strategic plan that outlined goals and performance measures, it had not assessed its performance against established goals. As a result, HUD did not know how well it was achieving its goals and where it needed to improve.
  • While the department had established policies and procedures for developing a complete portfolio of its investments, it had not established policies and procedures for evaluating that portfolio. This meant that it was limited in its ability to control risks and achieve benefits associated with the mix of legacy systems and modernization investments it selected.
  • HUD's Office of the Chief Information Officer had not adequately assessed its IT workforce needs, inventoried existing staff knowledge and skills, and identified gaps between needs and existing capabilities. As a result, the department was not well positioned to acquire the skill sets it needed.
  • The department had not fully developed its enterprise architecture (EA)—which provides a blueprint for investing that connects strategic plans with individual programs and system solutions. This meant that HUD lacked a sufficient basis for guiding and directing its modernization projects.

GAO made a number of recommendations to HUD aimed at strengthening its management capabilities, and while progress has been made in addressing them, work remains. For example, HUD issued a department-wide strategic plan with associated goals that aligned with new IT strategic goals. However, the department had not developed criteria for assessing the performance of its portfolios, finalized its plan to address its IT workforce needs, or established an approved policy for its enterprise architecture.

HUD's modernization expenditure plans, which are to describe how the agency plans to spend IT modernization funding, have improved in response to GAO's recommendations. These plans are to meet statutory conditions that include identifying, for each modernization project, capabilities to be delivered, expected benefits, estimated costs, and key milestones; and showing that each project is supported by adequate staff, conforms to capital planning and investment control requirements, complies with the department's EA, and is being managed in accordance with department lifecycle management policies. GAO found that HUD's 2010 expenditure plan contained weaknesses and thus was limited as a congressional oversight and decision-making mechanism. Accordingly, GAO recommended, among other things, that the department ensure future plans satisfied each element of the statutory conditions. In response, subsequent expenditure plans submitted in 2011 and 2012 satisfied the conditions. As a result, these more recent plans have provided key information needed for continued oversight of the modernization projects.

View the full report.

Trackback(0)
Comments (0)add comment

Write comment

busy
 

Subscribe via Email

 Your Email: