Department of Labor: Further Management Improvements Needed to Address Information Technology and Financial Controls
Highlights
The Department of Labor (Labor) plays a vital role in promoting the welfare of American workers through administering and enforcing more than 180 federal laws that cover some 10 million employers and 125 million workers. Since the recent economic downturn, Labor's role has become even more critical as its programs provide additional employment and training supports. As such, GAO was asked to determine how well Labor is currently adhering to best management practices departmentwide to ensure that its programs are operating effectively. Specifically, this report assesses Labor's (1) strategic workforce management, (2) management controls to manage and modernize its information technology, and (3) accountability over its discretionary grants. To do this, GAO collected and reviewed Labor documents related to workforce and information technology planning, as well as grants management information, and conducted interviews with Labor's national and regional staff.
Recommendations
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Department of Labor | To further strengthen Labor's IT planning and oversight process and financial management, the Secretary of Labor should direct the Chief Information Officer to ensure that the department-level investment review boards and governance structure incorporate business unit (i.e., mission) representation to effectively define business system requirements. |
The Department of Labor recently established the Enterprise Implementation Committee to assure that IT modernization initiatives are implemented to address agency impacts and support business mission and operations. In December 2013 the Department provided the charter for the Enterprise Implementation Committee, which states that the committee is to be composed of senior-level business executives from the Department's agencies and offices. This Committee is to "ensure that all initiatives affecting information technology infrastructure, common services and customer service programs that have cross-agency impacts are implemented to provide effective support for the Department's business mission and operations." The Department provided minutes from several meetings of the Committee that indicate the Committee is including business representation and input.
|
Department of Labor | To further strengthen Labor's IT planning and oversight process and financial management, the Secretary of Labor should direct the Chief Information Officer to ensure that program agencies implement Labor's guidance to develop comprehensive performance measures for their respective systems in order to provide reasonable assurance that new systems will provide expected functionality and benefits. |
While the Department of Labor's Office of the Chief Information Officer provided performance measures in 2013 broadly related to its IT investments, the measures continue to be related to program performance and are not focused specifically on performance of information technology systems.
|
Department of Labor | To further strengthen Labor's IT planning and oversight process and financial management, the Secretary of Labor should direct the Chief Information Officer to further refine Labor's IT investment management oversight process in the select and control phases to apply lessons learned from its implementation of the New Core Financial Management System (NCFMS) to ensure adequate stakeholder involvement and comprehensive testing is performed throughout the systems development process. |
In November 2013, the Department of Labor's (DOL) Office of the Chief Information Officer (OCIO) completed a post implementation review of the New Core Financial Management System. Labor continues to update its IT Capital Planning and Investment Control Guide with updated requirements and guidance applicable to all of Labor's IT investments based on lessons learned from the NCFMS and other post implementation reviews. In addition, in July 2014, OCIO published a new IT investment management guidance document, the DOL IT Investment Management Life Cycle Guide, which represents another example of how the OCIO is supporting integrated project teams and enhancing the IT investment management process at DOL.
|
Department of Labor | To further strengthen Labor's IT planning and oversight process and financial management, the Secretary of Labor should direct the Chief Information Officer to conduct post-implementation reviews, where appropriate, to determine if the investments are meeting stakeholder needs and realizing expected benefits. |
In September 2014, the Department of Labor's (DOL) Office of the Chief Information Officer revised its DOL IT Capital Planning and Investment Control Guide which outlines the requirements to conduct post implementation reviews one year after investment implementations are completed. The purpose of these reviews is to determine if the IT investment met stakeholder needs and achieved its intended purpose and mission. The post implementation review process also analyzes the IT investment's planning, design, development, testing, and implementation activities to identify lessons learned and any necessary follow-up activities.
|
Department of Labor | To further strengthen Labor's IT planning and oversight process and financial management, the Secretary of Labor should direct the Chief Information Officer to ensure systems fully comply with NIST 800-53 revision 3 guidance and, if not, take appropriate steps to meet these requirements. |
The Department of Labor (DOL) developed a plan of action to ensure its component agencies' full compliance with the guidance, and revised its Computer Security Handbook with implementation policy and procedures, which it distributed to the agencies in May 2011. DOL expected to complete security controls testing by the third quarter of FY12. In the 2012 Federal Information Security Management Act report, DOL's Office of Inspector General (OIG) stated that two of six systems it tested were not compliant with NIST 800-53 rev. 3. In November 2013, OIG reported that, for the first time in six years, there were no agencywide issues with systems security, including using NIST 800-53 rev. 3.
|
Department of Labor | The Secretary of Labor should direct the Assistant Secretary of the Employment and Training Administration to establish procedures for retaining grant award-related documentation, including location and retention period. |
In August 2015, the Department of Labor revised its Standard Operating Procedures (SOP) on documentation of grants to include information on documentation to be filed with grants, storage, retention period, and oversight responsibilities. These revised policies and procedures should help the agency effectively and efficiently monitor its grants.
|
Department of Labor | The Secretary of Labor should direct the Assistant Secretary of the Employment and Training Administration to establish quality assurance procedures, such as supervisory reviews, to ensure that grant monitoring activities are performed and documented in GEMS. Procedures should identify how the review is to be conducted, the regional-level official responsible for reviewing grant documentation in GEMS, and the frequency of the reviews. |
The Department of Labor updated its administrative guidance to its Federal Project Offers (FPOs) in the national and Regional Offices regarding grant management responsibilities and requirements related to Grants Electronic Management System (GEMS). The memo sets forth guidance addressing the issues discussed above, which included initial and annual risk assessments, quarterly desk reviews, monitoring and required entries into GEMS.
|
Department of Labor | The Secretary of Labor should direct the Assistant Secretary of the Employment and Training Administration to establish procedures addressing the communication and incorporation of Single Audit findings and related corrective actions as part of the ETA's grantee's monitoring activities to be documented in GEMS. |
The Department of Labor's Employment and Training Administration (ETA) took steps to incorporate Single Audit findings and related corrective actions as part of its grantee's monitoring activities, including plans to update the Core Monitoring Guide as well as its financial supplement to reflect these steps. However, all plans to update the Guide have been put on hold due to the enactment of the Workforce Innovation and Opportunity Act (WIOA) in July 2014 and subsequent development of WIOA regulations.
|