Identification and Review of the Departmentís Major Information Technology Systems Inventory

Audit Report 07-37
June 2007
Office of the Inspector General

Appendix IX
Office of the Inspector General Analysis and
Summary of Actions Necessary to Close Report

The OIG provided a draft of this audit report to the Department on April 24, 2007, for review and comment. The Department’s June 4, 2007, response is included as Appendix VIII of this final report. The Department concurred with the three recommendations in the audit report and also provided comments regarding several general issues covered in the report. In response, we made changes to the report where appropriate. Our analysis of the Department’s response follows.

General Comments

In its response, the Department expressed concern over a statement in the executive summary of the report that described “the absence of control procedures” related to the CPIC cost reporting function. To clarify our intent, we have revised the sentence to read as follows: “ We concluded that component CIOs lack the control procedures necessary to ensure accuracy and completeness in the CPIC cost reporting function and this likely contributed to incomplete costs reported for the DOJ IT systems we tested.”

The Department’s response stated that we did not discuss in our report the difference between funding that is authorized, obligated, and expended. The Department concluded that responses to our survey instrument from the different IT system project managers would likely show great discrepancies when compared to one another, yet each could be accurate. We considered that costs may be reported in various stages in the budget cycle during our fieldwork and do not believe this had any significant impact on our conclusions. Although we did not highlight in a separate section of this report how costs may be reported at different stages in the budget cycle, we described how some JCON system costs were incorrectly reported in the OMB Exhibit 300 because the program office reported appropriated amounts rather than outlays. Although the appropriated amount was accurate, the cost reporting was not correct because the cost basis requested was outlays.

The Department’s response also included a statement that its lack of a full cost accounting system to identify the costs of IT systems does not necessarily mean that it did not have reasonable cost data over the decision-making life of the project, nor does it mean decisions were made on materially flawed cost information. The objective of our work was not to determine whether the Department relied on faulty cost information to make decisions regarding IT systems, and we therefore did not make any assertions to that effect. However, from our work we concluded that cost information on Department IT systems contained in important documents provided to the Department’s oversight entities was not always complete and that the Department lacks all of the necessary controls that would ensure completeness of cost reporting.

The Department’s response also discussed our decision to include JCON system costs prior to FY 2002. The Department’s position is that each JCON deployment constituted a separate reporting entity and that its explanation for the difference in the costs reported should be recognized in the report. Our report disclosed that the JCON PMO only provided us with cost information related to the current standard architecture, or JCON IIA. However, as stated in the report, in our view the true cost of the JCON system should include all costs incurred since JCON’s inception in 1996 — which the Department did not provide — and not just the cost of the current version of the system. Therefore, we believe that our description of the costs related to JCON is accurate.

The Department’s response also requested that we clarify a statement made in the conclusion section of the report concerning the lack of verifiable cost data, and we have done so. Taken out of context without the preceding sentence, we agree it may have been possible for one to conclude that no cost data was verifiable. This was not the case since much of the report details how we were able to verify some costs of the three systems we tested.

The Department concluded its response by saying that it is committed to reliable and effective IT project management. It commented that a significant portion of our report focuses on cost reporting, but cost is only one aspect of an array of project management activities performed by the CIO. We agree that the CIO engages in a wide variety of project management activities.

Status of Recommendations

  1. Resolved. This recommendation is resolved based on the Department’s reporting that it will work with OCIO staff to look at cost accounting policies and procedures that could be improved to ensure project teams at the component level report costs more accurately. The Department also said that its Finance Staff and the OCIO will look at ways to clarify project start and end dates, timing issues, and ensure that reporting terms are clearly defined and consistent across reports and components. The recommendation can be closed when we receive documentation outlining the policies and procedures used to improve cost reporting for IT systems.

  2. Resolved. This recommendation is resolved based on the Department’s response, which states that the Exhibit 53 and budget submission were integrated for the FY 2008 budget formulation cycle. This recommendation can be closed when we review documentation that demonstrates amounts reported in the FY 2008 Exhibit 53 can be traced to the components’ overall budgets and financial systems.

  3. Resolved. This recommendation is resolved based on the Department’s agreement to assess the feasibility of using the Unified Financial Management System for capital planning and investment cost reporting. This recommendation can be closed when we receive documentation of the assessment.

« Previous Table of Contents Next »