FEMA's operating systems don't communicate effectively, despite major IT investments

The Federal Emergency Management Agency still doesn't have the information technology capacity to deal with a major disaster response six years after Hurricane Katrina exposed weaknesses in the system, according to an audit released on Tuesday.

FEMA began a major push in 2007 to integrate all of its disparate IT systems and to bring them in line with Homeland Security Department standards. In 2008, FEMA issued a $1 billion contract to integrate the agency's computer systems. FEMA's chief information officer manages about 800 employees and contractors with an annual budget of more than $100 million.

Despite that investment, the agency's different operating systems still aren't effectively talking with each other and the agency has yet to develop a comprehensive IT strategic plan that meets department guidelines and provides proper guidance to lower-level IT officers, according to the report from the Homeland Security Department's inspector general.

The agency also has failed to document all of its IT architecture, so technology workers can evaluate what needs to be improved, the audit said.

As a result, the report said, there's no way of ensuring that a number of modernization programs FEMA has invested in will actually improve operations and communication or of knowing whether the new programs work at cross-purposes or prove less effective than hoped.

Those modernization programs include a massive transfer of FEMA's information systems to just two data storage centers and a plan to equip FEMA staff with notebook computers, encrypted flash drives and smartphones.

"[FEMA] systems are not integrated, do not meet user requirements, and do not provide the information technology capabilities agency personnel and its external partners need to carry out disaster response and recovery operations in a timely or effective manner," auditors said.

The inspector general's report faulted FEMA Chief Information Officer Jeanne Etzel's office for pushing ahead with IT improvement projects without a solid, DHS-certified IT plan in place.

"Although FEMA's IT strategic plan [developed in 2009] contains a high-level summary of the IT efforts planned, it does not provide the detailed guidance necessary for FEMA's IT program activities," the report said. "Specifically, it does not include IT strategic goals or objectives to identify how IT will be used to support agencywide programs."

Rep. Bennie Thompson, the ranking Democrat on the House Homeland Security Committee, called the report "troubling" in a statement and said it might be time for the agency to re-examine the role and responsibilities of its CIO.

"Since 2003, FEMA has had several CIOs," Thompson said. "These serious and repeated problems indicate that the function, responsibility and authority of the position of CIO at FEMA must be closely examined."

The CIO's office is located inside FEMA's mission support division, four rungs down from the agency's director.