Homeland Security told to improve IT strategy

The Homeland Security Department should limit its investment in information technology systems until it better organizes its management framework, according to a new General Accounting Office report.

Every successful systems integration project has a clearly delineated plan of action, GAO said in the report (GAO-04-509). While the department is finalizing its draft IT strategic plan, it does not have a definite systems-integration plan, the report said.

The Homeland Security draft plan said the department has eight main priorities for 2004: information sharing; mission rationalization; portfolio management; security; single infrastructure; enterprise architecture; governance; and human capital.

Homeland Security Chief Information Officer Steve Cooper told GAO that the department recently selected a business sponsor and a member of Cooper's office to develop detailed plans for each priority, and he expects to have them completed by mid-2004.

The department issued a May 2003 directive to review all of its investments, but by February 2004, GAO found that Homeland Security's review board had reviewed only nine of 100 possible investments. GAO therefore recommended that the department develop a review schedule, and Cooper reported that the department had refined its process.

Homeland Security currently is relying on its evolving investment management structures and processes, GAO said. However, its efforts to prevent duplicative IT investments among agencies are not sufficient. GAO pointed to three programs that are using pre-department strategic plans and communicating only informally with department-level officials: a grant management system from the Federal Emergency Management Agency; a passenger and cargo integration system from the Transportation Security Agency; and an aviation logistics system from the Coast Guard.

While these programs might be successful on their own, it does not bode well for future integration. "Using informal communication relies too heavily on oral discussions of complex strategic [notions] that are still being explicitly defined, thus increasing the chance of both misunderstanding and misinformed decisions," GAO said.

Homeland Security said it took this approach so it could pursue individual projects while the department development an IT management framework. Nevertheless, GAO criticized the department for continuing to spend money on component IT management organizations and investments when it does not have an IT framework. "It is important that [the department] strike the proper balance" between the two, GAO suggested.

For Homeland Security, that balance includes limiting its purchases to those that are: congressionally mandated; near-term and low-risk; supporting operations and maintenance of existing critical systems; involving already developed systems; and supporting the establishment of an IT framework.