Audit of the Department of Justice Information Technology Studies, Plans, and Evaluations

Audit Report 07-39
August 2007
Office of the Inspector General


Appendix VIII
Departmentís Response to the Draft Report

JUL 24 2007


MEMORANDUM FOR FERRIS B. POLK
REGIONAL AUDIT MANAGER
ATLANTA REGIONAL AUDIT OFFICE

FROM: Vance E. Hitch
Chief Information Officer

SUBJECT: Response to Draft Audit Report of the Department of Justice Information Technology Studies, Plans and Evaluations

We have received and reviewed your Draft Audit Report - Department of Justice Information Technology (IT) Studies, Plans and Evaluations, dated July 3, 2007.

Each of the report’s recommendations is addressed below:

Recommendation 1 - Evaluate why project teams do not prepare certain plans and evaluations, reassess the utility of those documents, and consider revising the standards for producing IT studies, plans, and evaluations for individual IT projects.

OCIO Response - We concur. The Department of Justice (DOJ) Office of the Chief Information Officer (OCIO) will review selected projects in Appendix VI, System Summaries, in the subject audit report. The purpose of this review will be to ascertain the rationales used by the DOJ component IT project managers for preparing certain studies, plans, and evaluations. Based on this review, the Department will consider revising the current guidelines for preparing studies, plans, and evaluations.

Recommendation 2 - Consider revising the guidelines for tailoring the work pattern for specific types of projects.

OCIO Response - We concur. The DOJ OCIO will conduct an evaluation of the various IT project types that currently exist at the Department using a variety of criteria as input to the evaluation (e.g., cost, risk etc.) and will develop standard work patterns and deviations/waivers for each project type.

Recommendation 3 - Ensure that post-implementation and post-termination evaluations are conducted that focus on lessons learned for project planning and management.

OCIO Response - We concur. As part of the Evaluate Phase in the Capital Planning and Investment Control (CPIC) process, the Department plans to implement a Post Implementation Review (PIR) process. The PIR process will follow guidance provided by OMB in the Capital Programming Guide. The PIR will most likely occur six months after a system has been in operation or immediately following system termination. The review will provide a baseline as to whether to continue the system without adjustment; to modify the system to improve performance; or if necessary, to consider alternatives to the implemented system. Some common elements that will be reviewed during the PIR include:

  1. Mission alignment
  2. IT architecture including security and internal controls
  3. Performance measures
  4. Project management
  5. Customer acceptance
  6. Business process support
  7. Financial performance
  8. Return on investment
  9. Risk management
  10. Select and control phase performance ensuring initiative success
  11. Gaps or deficiencies in the process used to develop and implement the initiative
  12. Best practices that can be applied to other IT initiatives or the CPIC process

The Department Investment Review Board (DIRB) will select the IT projects that will require a PIR review.

Recommendation 4 - Ensure that staff receive training to obtain skills needed to adequately direct and oversee contractor efforts.

OCIO Response - We concur. In Fiscal Year 2004, the Department and its components validated the qualifications of the IT project managers for the major DOJ IT projects using the OMB Federal IT Project Manager Guidance matrix. The matrix was used to determine whether each project manager for a major IT project possessed the necessary competencies and suggested work experience to manage the major IT project assigned to them. The Department reviews the qualifications of the IT project managers for the major DOJ IT projects during the Exhibit 300 review process each year. In addition, all IT project managers are required to be certified as Contracting Officers’ Technical Representatives (COTRs). IT project managers are required to be re-certified as COTRs every five years.

Recommendation 5 - Implement targeted reviews to improve the use of business process re-engineering and requirements analysis early in concept development.

OCIO Response - We concur. The Department will implement review criteria to ensure that business process re-engineering and requirements analysis are effectively incorporated early into the concept development phase of project planning. Targeted reviews will be conducted at the discretion of the DIRB.

If you have any questions, please contact John Murray on (202) 305-9635.



« Previous Table of Contents Next »