OIG Audit Report 06-02

The Status of Enterprise Architecture and Information Technology
Investment Management in the Department of Justice

Audit Report 06-02
November 2005
Office of the Inspector General

Appendix 1

Objective, Scope, and Methodology

Objective
The objective of the audit was to determine whether the Department is effectively managing its Enterprise Architecture and IT investments.
Scope and Methodology
The audit was performed in accordance with Government Auditing Standards, and included tests and procedures necessary to accomplish the audit objectives. We conducted work at the Department and its Justice Management Division in Washington, D.C.
To perform our audit, we interviewed Department and GAO officials, and reviewed documents related to Enterprise Architecture and IT management policies and procedures, project management guidance, strategic plans, IT project proposals, budget documentation, organizational structures, and prior GAO and OIG reports.
To determine the Department's progress in developing an Enterprise Architecture, we used the GAO's Enterprise Architecture Management framework as criteria. As part of our assessment of the Department's Enterprise Architecture, the Department completed a survey developed by the GAO to identify which of the core elements in the GAO's Enterprise Architecture Management framework were implemented. We reviewed the survey and obtained supporting documentation for the core elements that the Department said were implemented. We did not test or review documentation for the core elements that the Department considered not implemented or partially implemented.
To determine whether the Department is effectively managing its IT investments, we reviewed the GAO's ITIM framework in relation to the Department's ITSM and also the Department's regulations, IT polices and procedures, program managers' presentations, meeting minutes, training agenda, and other information. Based on interviews and our review of documentation provided by Department officials, we determined the status of their efforts to develop ITIM processes.
To determine whether the Department was providing effective oversight to its components' Enterprise Architecture and ITIM efforts, we reviewed DOJ Order 2880.1A and determined through interviews and documentation the extent to which those efforts were formally guided and monitored.