Auditors critical of DHS’s initial IT strategy

The Homeland Security Department's draft plan for upgrading and merging computer systems from the 22 agencies forming the department isn't well thought out, government auditors cautioned in a new report.

A preliminary version of the department's strategy for integrating technology, called the "enterprise architecture," is missing "key elements," the Government Accountability Office stated in the report (GAO-04-777). For example, the plan fails to rank the relative importance of the department's various computer systems, and lacks comprehensive procedures for securing information during transfers.

The draft technology strategy, published last September, also draws heavily from "existing architectures of several of the department's predecessor agencies, along with their respective portfolios of system investment projects," according to the report. In part because Homeland Security officials conceived the IT plan about five months before the department published a broad overall business plan, the technology strategy looks like the "sum of component agencies' business strategy parts," GAO found.

The department's "enterprise architecture" should instead be crafted with Homeland Security's broader mission of thwarting terrorist attacks in mind, GAO said. Technology officials would also benefit from reviewing "best practices" for integrating systems, the auditors said.

Homeland Security officials responded to the report by emphasizing that the strategy critiqued by GAO is simply a draft written under time constraints. The department had only four months to submit the plan to the Office of Management and Budget in time to meet a deadline for requesting fiscal 2004 IT funds. An updated version of the plan is due next month and will be more detailed, department officials told GAO.

Meanwhile, DHS is suffering from lack of a plan, GAO commented in the report. A strong enterprise architecture is necessary before Homeland Security can establish a technology system that allows agencies within the department to share the information necessary to prevent future terrorist attacks, the auditors said.

"DHS does not yet have the necessary architectural blueprint to effectively guide and constrain its ongoing business transformation efforts and the hundreds of millions of dollars that it is investing in supporting information technology assets," the report stated. "Without this, DHS runs the risk that its efforts and investments will not be well integrated, will be duplicative, will be unnecessarily costly to maintain and interface, and will not optimize overall mission performance."