OIG Audit Report 07-37

Identification and Review of the Department’s Major Information Technology Systems Inventory

The conference report for the fiscal year (FY) 2006 Science, State, Justice, Commerce, and Related Agencies Appropriations Act (P.L. 109-108) directs the Office of the Inspector General (OIG) to: (1) produce an inventory of the Department of Justice’s (DOJ) major information technology (IT) systems and planned initiatives, and (2) report on the effectiveness of DOJ’s IT planning efforts. This audit report responds to the congressional request to compile an inventory of DOJ’s major IT systems.

In this report, we provide the following information for each major system:

system name
system description
DOJ component owner
cost
implementation status

Audit Methodology

The OIG developed a three-phase approach to respond to the congressional request. In the first phase of this effort, we used DOJ’s IT Investment Portfolio – known as the Office of Management and Budget (OMB) Exhibit 53 – to preliminarily identify the universe of major IT and other investments.⁷ In March 2006, we issued the Phase I report that listed unaudited information on 46 IT investments listed in the OMB Exhibit 53.⁸

In Phase II, we attempted to verify the DOJ’s IT system inventory and the information requested in the conference report. This report provides the results of that review.

In Phase III, the OIG will provide a separate report detailing all research, plans, and studies and evaluations the Department has produced concerning IT systems, needs, plans, and initiatives. The OIG’s Phase III report also will identify the depth and scope of any problems DOJ has experienced in the formulation of its IT plans.

Identifying the Inventory of Major IT Systems and Projects

Our Phase I report identified 46 major DOJ investments with appropriations of $15 million and higher between FYs 2005 and 2007.⁹

In this report, we refined this universe of investments by applying criteria for defining major IT systems. By reviewing those entities with oversight of DOJ IT spending and the projects or systems they currently are monitoring or have an interest in, we identified the inventory of 38 major IT systems and projects.

The following table lists the entities with oversight responsibilities for DOJ’s IT spending and actions that indicated to us a particular IT system or project is major.

DOJ IT Spending Oversight Entities and Functions

IT Spending Oversight Entity	Actions Indicating an IT System or Project is Major
Congressional Appropriations Committees	IT system is mentioned in the Conference Report to the Appropriations Bill.
Office of Management and Budget	OMB requests a business case (Exhibit 300) for an IT system or project, or selected for compliance with Earned Value Management requirements.^a
Department Investment Review Board (DIRB)	An IT system or project that is monitored by the DIRB.
Office of the Chief Information Officer (OCIO)	A system or project is monitored in the OCIO's Dashboard.^b

Source: OIG

^a Earned Value Management is a tool that measures the performance of a project by comparing the variance between established cost, schedule, and performance baselines and what is actually taking place.

^b The Dashboard IT project monitoring tool is described in the Findings section of this report.

The roles of these oversight entities and the methods they employ to monitor major IT systems or projects follow.

DOJ’s IT Spending Oversight Structure

DOJ’s IT oversight structure is based primarily on provisions contained in the Clinger-Cohen Act, 40 U.S.C. § 11312 (1996). At the time the Clinger-Cohen Act was passed, Congress recognized that the federal government had failed to modernize its information technology systems, resulting in billions of wasted taxpayer dollars.

The major provisions of the Clinger-Cohen Act increased the authority and responsibility of officials at OMB and other Executive Branch agencies, including DOJ, in the following ways:

The OMB Director is required to promote and improve the acquisition, use, and disposal of IT by the federal government to improve the productivity, efficiency, and effectiveness of federal programs.

The Attorney General is required to design and implement a process for maximizing the value, and assessing and managing the risks, of IT acquisitions.¹⁰

The DOJ Chief Information Officer (CIO) is required to provide advice and other assistance to senior management to ensure IT is acquired and managed in a way that promotes the effective and efficient design and operation of all major information resources.¹¹

In addition to the structure established by the Clinger-Cohen Act, Congress directed the DOJ to establish the DIRB, led by the Deputy Attorney General, which we describe below.

Another feature of the IT spending oversight structure at the DOJ is the restriction on reprogramming or making use of funding for purposes beyond those established in the annual appropriation process. As with other types of spending, DOJ is required to notify the Appropriations Committees in both the Senate and House 15 days in advance of any reprogramming that exceeds the limitations established in the law.

DOJ IT Spending Oversight Entities

Four primary entities oversee DOJ’s IT spending: (1) the congressional appropriations committees, (2) OMB, (3) the DIRB, and (4) DOJ’s OCIO. By identifying the IT systems these four oversight entities are currently monitoring, we refined our universe of major IT systems. In the remainder of this report, we provide cost and other information related to 38 major IT systems.

Congressional Appropriations Committees. The Appropriations Committees and Subcommittees of the Senate and House of Representatives are responsible for reviewing the President's Budget, receiving testimony from government officials, and appropriating funds for the federal government. In recent years, these committees have expressed concern over DOJ’s high-profile IT system failures, such as the Federal Bureau of Investigation’s (FBI) Virtual Case File case management system, as well as the large amount of resources devoted to IT. Consequently, 13 IT systems cited in the Conference Report to the FY 2006 Science, State, Justice, Commerce, and Related Agencies Appropriations Act are included in our revised inventory of major IT systems.¹²

Office of Management and Budget. OMB is responsible for assisting the President in overseeing the preparation of the federal budget and supervising its administration. With regard to IT spending at Executive Branch agencies, each fiscal year OMB reviews the business cases, presented on OMB Exhibits 300, for a number of IT systems and projects. The Exhibit 300 includes information on individual IT system program and procurement planning, risk mitigation and management planning, realistic cost and schedule goals, and measurable performance benefits. The Exhibit 300 also includes a summary of prior years’ spending.

Our list of major IT systems includes 18 of 19 IT systems and projects for which OMB requested DOJ to submit Exhibits 300 in the FY 2006 budget cycle.¹³

Related to OMB’s evaluation of agency Exhibits 300 is OMB’s Management Watchlist. OMB maintains this list to identify those projects needing improvement in performance measures, Earned Value Management, or system security. At the time we finalized this report in March 2007, there were no DOJ IT systems on the OMB Management Watchlist.

In addition to monitoring IT capital plans using the Exhibits 300, OMB has established requirements for the use of Earned Value Management tools for certain DOJ IT systems and projects. These requirements are designed to improve execution and performance of all new major IT projects, ongoing major developmental projects, and high-risk projects. DOJ’s OCIO staff provided us with a list of the 16 IT systems and projects with Earned Value Management tools that have already been validated or are to be validated.¹⁴ All of these IT systems and projects are included in our inventory of major DOJ IT systems.

OMB also maintains a list of high-risk IT systems that require additional monitoring. This list is developed with the participation of the agencies according to criteria that OMB established in an August 2005 memorandum. This memorandum required agencies to identify IT systems as high risk if the system meets one or more of the following criteria:

The agency has not consistently demonstrated the ability to manage complex projects.

There are exceptionally high development, operating, or maintenance costs, either in absolute terms or as a percentage of the agency’s total IT portfolio.

The project is being undertaken to correct recognized deficiencies in the adequate performance of and essential mission program or function of the agency, a component of the agency, or another organization.

Delay or failure would introduce for the first time unacceptable or inadequate performance or failure of an essential mission function of the agency, a component of the agency, or another organization.

Eight of the nine DOJ IT projects on the OMB high-risk list are included on our inventory of major DOJ IT systems.¹⁵ We excluded one project – grants.gov because of its relatively small dollar amount.¹⁶

Department Investment Review Board (DIRB). The DIRB is a group chaired by the Deputy Attorney General and vice-chaired by the DOJ CIO. The DIRB also includes senior DOJ officials with IT and financial management expertise. The stated purpose of the DIRB is to provide DOJ-level oversight of major IT investments and ensure component investments are aligned with DOJ’s IT strategy. One of the DIRB’s main functions is to hold the IT managers accountable for their projects and ensure “return on investment” considerations are paramount in governance decision-making.¹⁷ According to its charter, the DIRB selects for oversight between 5 and 12 investments for review in any year, and this oversight may continue for the life of the project at the discretion of the Board Chair and Vice Chair. We met with the DOJ Chief Systems’ Architect who is a member of the DIRB, and obtained a list of 11 systems and projects the DIRB is monitoring. All 11 of these systems and projects are included in our inventory of major DOJ IT systems.¹⁸ However, the DIRB does not evaluate or approve the methods used to determine, or test the validity of, the cost data reported to it by the IT system managers.

Office of the Chief Information Officer (OCIO). The OCIO is required to develop and maintain DOJ’s IT strategy and establish an IT architecture. The OCIO also is responsible for ensuring that the activities of the components comply with DOJ’s strategy and architecture. One of the management tools the OCIO uses to monitor IT systems and projects is the OCIO Dashboard. The Dashboard provides – on a monthly basis – the DOJ CIO, component CIOs, and project managers with current status information on major and other highly visible IT systems in DOJ’s IT Investment Portfolio. The Dashboard attempts to track cost, schedule, performance, risk, and other major issues for IT systems. Currently the OCIO is tracking 33 IT systems and projects with the Dashboard. Twenty-two of these 33 Dashboard projects and systems are included in our inventory of major DOJ IT systems.¹⁹

Footnotes

The OMB Exhibit 53 IT investments report include systems, projects, offices, salaries, and other IT related costs.
Department of Justice, Office of Inspector General. Inventory Of Major Department Of Justice Information System Investments as of Fiscal Year 2006, Audit Report Number 06-25, March 2006.
The Exhibit 53 that DOJ provides to OMB combines all its systems related to office automation and infrastructure and reports them in a single entry called Consolidated Enterprise Infrastructure. Although our Phase I report did not cite the individual IT systems that comprise the Consolidated Enterprise Infrastructure, we have done so in this report.
The Clinger-Cohen Act defines this process as an agency’s Capital Planning and Investment Control process.
In addition to a CIO for DOJ, the Clinger-Cohen Act anticipated that a CIO would be established as needed at DOJ components.
For this list of IT systems and projects, see Appendix II, Table A.
The OIG did not include the Exhibit 300 for the FBI’s Special Technologies and Applications Section (STAS) because it is an FBI subdivision that included numerous IT projects and systems. For this list of IT systems and projects, see Appendix II, Table B.
For this list of IT systems and projects, see Appendix II, Table C.
For this list of IT systems and projects, see Appendix II, Table D.
Grants.gov is an interagency system managed by the Department of Health and Human Services for on-line grant applications and grant fund management through a common website.
“Return on investment” in this context means the quantitative benefits that will be achieved through an investment in the IT system. Examples of these benefits are systems’ savings, cost avoidance, and stakeholder benefits.
For this list of IT systems and projects, see Appendix II, Table E.
In order to focus our review on the largest systems, we included those systems with a cumulative cost of $15 million and higher for FYs 2005 through 2007. We also included four IT systems monitored by the OCIO Dashboard that do not have 3-year costs exceeding $15 million because they met additional criteria. For this list of IT projects and systems, see Appendix II, Table F.