Risk management (1 - 10 of 47 items)
Information Technology: Improved Implementation of Reform Law Is Critical to Better Manage Acquisitions and Operations
GAO-17-263T: Published: Dec 6, 2016. Publicly Released: Dec 6, 2016.
The Office of Management and Budget (OMB) and federal agencies have taken steps to improve federal information technology (IT) through a series of initiatives and, as of October 2016, had fully implemented about 46 percent of the approximately 800 related recommendations made by GAO (a 23 percent increase compared to the percentage reported in 2015). However, additional actions are needed.Consolid...
Information Technology: Better Management of Interdependencies between Programs Supporting 2020 Census Is Needed
GAO-16-623: Published: Aug 9, 2016. Publicly Released: Sep 8, 2016.
The three selected Census Enterprise Data Collection and Processing (CEDCAP) projects (of 12 total) in GAO's review partially met best practices for monitoring and controlling. For example, the projects fully met the best practice of establishing a process for taking corrective actions if issues are identified, but they did not fully meet the practice of identifying significant performance deviati...
Information Technology: Management of Interdependencies between Programs Supporting 2020 Census
GAO-16-723T: Published: Jun 9, 2016. Publicly Released: Jun 9, 2016.
The 2020 Census program is heavily dependent upon the Census Enterprise Data Collection and Processing (CEDCAP) program to deliver the key systems needed to support the 2020 Census redesign. However, GAO's preliminary findings showed that while the two programs have taken steps to coordinate their schedules, risks, and requirements, they lacked effective processes for managing their interdependenc...
Information Technology: FEMA Needs to Address Management Weaknesses to Improve Its Systems
GAO-16-306: Published: Apr 5, 2016. Publicly Released: May 5, 2016.
The Federal Emergency Management Agency (FEMA) faces the following challenges in ensuring that its information technology (IT) programs adequately support the agency's ability to respond to major disasters:Governance and oversight: FEMA established an investment review board to select and oversee IT investments, as called for by leading practices. But the board has not fully defined roles and resp...
DOD Major Automated Information Systems: Improvements Can Be Made in Reporting Critical Changes and Clarifying Leadership Responsibility
GAO-16-336: Published: Mar 30, 2016. Publicly Released: Mar 30, 2016.
All 18 major automated information system (MAIS) programs that experienced a critical change to program cost, schedule, or system performance targets submitted complete reports to Congress that contained all four statutory elements, but 16 programs did not meet the requirement to report to Congress within 60 days of the program manager's submission to the senior Department of Defense (DOD) officia...
Critical Infrastructure Protection: Sector-Specific Agencies Need to Better Measure Cybersecurity Progress
GAO-16-79: Published: Nov 19, 2015. Publicly Released: Nov 19, 2015.
Sector-specific agencies (SSA) determined the significance of cyber risk to networks and industrial control systems for all 15 of the sectors in the scope of GAO's review. Specifically, they determined that cyber risk was significant for 11 of 15 sectors. Although the SSAs for the remaining four sectors had not determined cyber risks to be significant during their 2010 sector-specific planning pro...
Border Security: DHS Needs to Strengthen Its Efforts to Modernize Key Enforcement Systems
GAO-14-342T: Published: Feb 6, 2014. Publicly Released: Feb 6, 2014.
The schedule and cost for the Department of Homeland Security's (DHS) border enforcement system modernization program known as TECS Mod that is managed by Customs and Border Protection's (CBP) continue to change; while the part managed in parallel by Immigration and Customs Enforcement (ICE) is undergoing major revisions to its scope, schedule, and cost after discovering that its initial solution...
IT Dashboard: Agencies Are Managing Investment Risk, but Related Ratings Need to Be More Accurate and Available
GAO-14-64: Published: Dec 12, 2013. Publicly Released: Jan 13, 2014.
As of August 2013, the Chief Information Officers (CIO) at the eight selected agencies rated 198 of their 244 major information technology (IT) investments listed on the Federal IT Dashboard (Dashboard) as low risk or moderately low risk, 41 as medium risk, and 5 as high risk or moderately high risk. However, the total number of investments reported by these agencies has varied over time, which im...
Federal Bureau of Investigation: Actions Taken to Address Most Procurement Recommendations
GAO-11-794: Published: Sep 6, 2011. Publicly Released: Oct 6, 2011.
The FBI has spent over $900 million on the Trilogy and Sentinel information technology (IT) projects intended to provide FBI with an upgraded IT infrastructure and an automated case management system to support FBI agents and analysts. In February 2006 and July 2008, GAO reported on significant internal control weaknesses related to FBI's contract administration, processing of contractor invoices,...
Information Security: State Has Taken Steps to Implement a Continuous Monitoring Application, but Key Challenges Remain
GAO-11-149: Published: Jul 8, 2011. Publicly Released: Aug 8, 2011.
The Department of State (State) has implemented a custom application called iPost and a risk scoring program that is intended to provide continuous monitoring capabilities of information security risk to elements of its information technology (IT) infrastructure. Continuous monitoring can facilitate nearer real-time risk management and represents a significant change in the way information securit...