In planning and performing our audit of the DEA's management of its EA and IT investments, we considered the DEA's management controls for the purpose of determining our audit procedures. This evaluation was not made for the purpose of providing assurance on the management control structure as a whole; however, we noted certain matters that we consider to be reportable conditions under Government Auditing Standards.

Reportable conditions involve matters coming to our attention relating to significant deficiencies in the design or operation of the management control structure that, in our judgment, could adversely affect the DEA's ability to manage its EA and IT investments. During our audit, we identified the following management control concerns.

• The DEA has not yet completed an EA to drive its IT investments.

• The DEA has not yet implemented the control and evaluate processes necessary to complete its IT investment capability.

Because we are not expressing an opinion on the DEA's management control structure as a whole, this statement is intended solely for the information and use of the DEA in managing its EA and IT investments. This restriction is not intended to limit the distribution of this report, which is a matter of public record.