In planning and performing our audit, we considered management controls for the purpose of determining the Department’s oversight role over IT studies, plans, and evaluations. This evaluation was not made for the purpose of providing assurance on the Department’s internal controls for IT as a whole.

As described in the Findings and Recommendations section of this report, we identified weaknesses in the Department’s oversight of IT studies, plans, and evaluations. We did not identify any additional weaknesses.

Because we are not expressing an opinion of the Department’s internal controls over IT as a whole, this statement is intended solely for the information and use of the Department in managing its IT oversight role. This restriction is not intended to limit the distribution of this report, which is a matter of public record.