|
| |
U. S. Department of Justice
Drug Enforcement Administration
Washington, D.C. 20537
September 21, 2004
|
| MEMORANDUM FOR THE OFFICE OF THE INSPECTOR GENERAL |
| |
| TO: |
Guy K. Zimmerman
Assistant Inspector General for Audit |
|
| |
| FROM: |
Michele M. Leonhart
Deputy Administrator |
|
| |
| SUBJECT: |
Draft Audit Report: The Drug Enforcement Administration's Management of Enterprise Architecture and Information Technology Investments |
The Drug Enforcement Administration (DEA) has reviewed the Department of Justice,
Office of the Inspector General's (OIG) draft audit report entitled The Drug Enforcement
Administration's Management of Enterprise Architecture and Information Technology Investments. DEA provides the following comments as requested in your memorandum dated August 31, 2004.
DEA concurs with the recommendations resulting from this audit and will take steps to implement the recommendations. DEA is pleased the report recognizes that the agency has instituted and utilizes several processes to govern its information technology investments and portfolio management. DEA believes the report accurately reflects the progress the agency has made in both enterprise architecture and information technology investment management areas. Advancement in these areas is attributed to a cooperative effort with the Department of Justice and other agencies. Implementation of the report's recommendations will ensure progress in the areas of enterprise architecture and information technology investment management will continue at the DEA.
DEA has completed a sensitivity review of the draft audit report. This information will be provided under separate cover.
Documentation detailing DEA's efforts to implement the attached action plan will be
provided to OIG until all corrective actions are employed. If you have any questions regarding this information, please contact Audit Liaison Sheldon Shoemaker at (202) 307-4205.
Attachment
ACTION PLAN
The Drug Enforcement Administration's Management of Enterprise Architecture and Information Technology Investments
| Recommendations |
Action Planned |
Projected Completed Date |
| 1. Apply metrics to measure EA progress, quality, compliance, and return on investment. |
The Drug Enforcement Administration (DEA) has initiated a task that will begin September 21, 2004, to update DEA's Information Technology (IT) Strategic Plan, analyze the current "As Is" Enterprise Architecture (EA) and develop a Target EA. As part of this effort, DEA will determine its current maturity level and establish an EA Review Board that will apply the Government Accountability Office's (GAO) Maturity Model criteria and the metrics within it. DEA will also conduct formal training to educate participants on the GAO guidance, IT Investment Management (ITIM), and EA. |
May 2005 |
| 2. Establish an organization policy for EA development and maintenance that meets the requirements of the EA Management Framework. |
The Chief Information Officer of DEA has approved the development of an EA program, to include a Target EA. As a result of this approval, a charter, policy, plan, and maintenance process will be developed to keep DEA's EA aligned with the Federal and Department of Justice EA framework and guidance. |
November 2004 |
| 3. Ensure that the completed EA undergoes configuration management. |
As part of the task that will begin September 21, DEA will develop a maintenance process that will keep the "As Is" EA, the Target EA, the Transition Plan, and documentation current. Also, the EA program and EA Review Board will actively ensure configuration controls are provided arid obeyed. |
May 2005 |
| 4. Ensure that the target architecture addresses security as outlined in the EA Program Plan. |
As part of the task that will begin September 21, DEA will integrate security with EA to ensure a structured and comprehensive process for evaluating the impact and consequences of changes in the functional and technical environment. As a result, all of the artifacts in the EA will be aligned with security attributes and comply with the Federal Information Security Management Act. |
May 2005 |
| 5. Complete and implement the remaining EA stages to ensure that IT investments are not duplicative, are well integrated, are cost effective, and support the DEA's mission. |
As part of the task that will begin September 21, DEA will integrate the Target EA with the DEA ITIM process, allowing DEA to ensure that IT investments are not duplicative, are well integrated, are cost effective, and support the DEA mission. To ensure the leveraging of IT investments to the fullest extent, the DEA will create and document review criteria for each phase of the ITIM process (Select, Control, Evaluate). |
May 2005 |
| 6. Train members of the investment boards on the criteria for evaluating IT investments. |
Members of the ITIM investment boards are provided specific training before each meeting. However, a board session will be scheduled to focus only on investment management training, to include process, evaluating, scoring, and EA. |
December 2004 |
| 7. Establish a schedule for completing Stages 3 through 5 of the ITIM process to control and evaluate the DEA's IT investments. |
The Office of Information Systems Strategic Business ITIM staff will review the current ITIM Transition Plan and update the same based on current activities, strategies, and plans. |
May 2005 |
|