The Status of Enterprise Architecture and Information Technology
Investment Management in the Department of Justice

Audit Report 06-02
November 2005
Office of the Inspector General

Statement on Compliance with Laws and Regulations

We have audited the Department's management of Enterprise Architecture and IT investments. The audit was conducted in accordance with Government Auditing Standards. As required by the standards, we reviewed management processes and records to obtain reasonable assurance about the Department's compliance with laws and regulations that, if not complied with, in our judgment could have a material effect on Department operations. Compliance with laws and regulations applicable to the Department's handling of Enterprise Architecture and IT investments is the responsibility of the Department's management.

Our audit included examining, on a test basis, evidence about laws and regulations. The specific laws and regulations against which we conducted our tests are contained in the relevant portions of the Clinger-Cohen Act of 1996, OMB Circular A-11 300, and OMB Circular A-130.

The Clinger-Cohen Act of 1996:

  • as applied to Enterprise Architecture, requires the CIOs for major departments and agencies to develop, maintain, and facilitate the implementation of architectures as a means of integrating business processes and agency goals with IT; and
  • as applied to ITIM, defines requirements for capital planning and control of IT investments and mandates a select/control/evaluate approach that federal agencies must follow.

OMB Circular A-11, 300:

  • as applied to ITIM, establishes the criteria for completing Exhibits 300, which is the format used to represent the purpose for the proposed investment to agency management and the OMB.

OMB Circular A-130:

  • as applied to Enterprise Architecture, requires agencies to create an Enterprise Architecture Framework; once a framework is established, an agency must create and maintain an Enterprise Architecture; and
  • as applied to ITIM, defines requirements for capital planning and control of IT investments using a select/control/evaluate approach.

As noted in the Finding and Recommendations section of our report, the Department has not yet established an Enterprise Architecture or ITIM processes and therefore is not in compliance with the Clinger-Cohen Act, OMB guidance, and Department regulations. However, the Department is actively developing and implementing new frameworks aimed at establishing an Enterprise Architecture and ITIM processes in the future. Also, some Department components, such as the FBI and the DEA, have made progress in developing component-level Enterprise Architectures and ITIM processes.

Previous Page Back to Table of Contents Next Page