IG: DHS falls short on IT recommendations
Originally posted at 5:27PM June 16, this story was updated at 10:45AM June 20
UPDATED: This story has been updated to include information on the total number of inspector general recommendations that the Homeland Security Department has successfully closed.
- By Alice Lipowicz
- Jun 16, 2008
The Homeland Security Department still has 1,070 recommendations from its inspector general that have not been implemented, according to a new IG report
The recommendations cover information technology, financial records, contracts, grants and other matters.
The report criticizes DHS for only putting into effect 27 of the 1,070 recommendations issued in more than 200 reports.
However, in its one-page reponse at the end of the report, DHS says the open recommendations represent less than a quarter of 4,500 recommendations that the IG has issued.
Among the 1,070 open recommendations, about half apply to the Federal Emergency Management Agency.
In the 321-page status report, the IG provided details on recommendations that have not been implemented.
For example, in September 2005, the IG faulted FEMA for gaps in security related data contained in the National Emergency Management Information System. As of December 2007, the four recommendations were not in effect, though an action plan had been submitted and the improvements were pending.
In December 2006, the IG criticized FEMA for failing to do long-range planning for its IT assets. A year later, the five recommendations were not implemented, though an action plan had been submitted and work was pending, the report said.
In addition, there are six recommendations still open pertaining to the U.S. Citizenship and Immigration Services' progress in modernizing its IT, the report said.
Although USCIS has accomplished the first phase of the work, remaining phases are on hold until organizational improvements are made that affect daily IT operations, the report said.
With regard to Customs and Border Protection's laptop PC security, the report said CBP still has not established standard security configurations that meet minimum requirements, has not set up effective procedures for patching and does not have an adequate inventory.
As of Dec. 31, 2007, four of the seven recommendations were open. The component has sent a corrective action plan, and implementation is pending.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.