The State Department’s Office of Inspector General (OIG) has found in a follow-up audit that the agency’s Bureau of Information Resource Management (IRM) has taken corrective action on one of several recommendations the OIG made in 2016 to improve IT management practices, but said the bureau still has work to do on another four recommendations.
In March 2016, the OIG reported that the State Department failed to follow the defined process of selecting IT investments set by the Office of Management and Budget (OMB). According to the 2016 report, the bureau IRM did not have sufficient centralized oversight, did not have controls to avoid duplicative IT investments, and did not fully use the IT portfolio management system.
As a result, the OIG presented a list of corrective recommendations to the bureau to improve its IT investment selection and approval processes.
The new follow-up audit found that the IRM bureau had taken corrective measures to comply with one of the recommendations from the 2016 report – IRM adopted relevant OMB guidance and updated internal policies and procedures, as needed, to reflect the OMB guidance for IT investment tracking.
However, the OIG said the IRM bureau still has more to do to address four of the 2016 recommendations. According to the report, until further action is taken to address these issues, “IRM will not be able to fully identify duplicative systems and related cost-saving opportunities, optimize its IT investments, or promote shared services.”
The OIG offered four new recommendations to fully address those previous four recommendations:
- IRM must develop and implement policies and procedures to review IT investment reorganizations by all bureaus and offices to ensure investments comply with OMB guidance.
- IRM must conduct an in-depth review of the entire agency’s IT portfolio to identify potential duplicates.
- IRM must develop and implement a strategy to combine, eliminate, or replace the redundant systems identified during its review of the entire agency.
- The Bureau of Administration must develop and implement a methodology for identifying some requests not correctly identified as IT-related acquisitions.
Additionally, OIG determined the IRM bureau didn’t take sufficient action to develop and implement a process to identify and review bureau-specific IT investment methodologies, as well as develop and implement policies and procedures to oversee and enforce requirements for bureaus and offices to avoid duplicative IT investments.
The Bureau of Administration concurred with OIG’s findings and recommendations and agreed to work collaboratively with the IRM bureau to resolve the outstanding issues and comply with the OIG’s guidance.