IG Begins Full Audit After FEMA CIO Allegedly Misleads Investigators

The Federal Emergency Management Agency is suffering from several outstanding IT management issues and its CIO leadership is providing misleading information, according to a management alert from the agency’s inspector general.

The agency has created an IT governance board, per the recommendation of the inspector general in 2015. Unfortunately, that’s the only recommendation that has been resolved. The management alert calls the agency’s efforts to remediate these issues into question, as well as the grounds for resolving the one issue the agency seemed to have settled.

“We subsequently found during our January and February 2018 fieldwork that FEMA has made limited progress in improving its IT management,” John Kelly, acting inspector general, said in a Feb. 26 management alert. “Many of the issues we reported based on our prior audits in 2005, 2011 and 2015 remain unchanged, with adverse impact on day-to-day operations and mission readiness.”

The 2015 report found that FEMA’s “IT management approach did not adequately address technology planning, governance and system support challenges.” At that time, the IG issued five recommendations to the CIO:

• Finalize key planning documents related to IT modernization.
• Execute against those planning documents.
• Fully implement an IT governance board.
• Improve integration and functionality of existing systems.
• Implement agencywide acquisition, development and operations and maintenance standards.

Only the third recommendation had been closed since the report was issued.

The IG’s investigation into FEMA’s efforts to resolve the other four issues began in December with a formal review with the CIO, Adrian Gardner. At that time, Gardner told OIG representatives that resolution of the four outstanding issues was part of the deputy CIO’s 2018 performance plan. But that wasn’t entirely accurate, according to the IG report.

“CIO Office officials we subsequently interviewed said that, given competing priorities, the CIO had removed the funding and staff resources they needed to effectively address the report recommendations,” Kelly said in the management alert.

Further, investigators discovered the information used to close the third recommendation was misleading and did not meet “the intent of the recommendation.”

“Given these deficiencies, we are suspending our verification review and will initiate a more comprehensive audit of FEMA’s IT management approach,” Kelly wrote.

"FEMA takes the contents of the OIG’s management alert seriously and are taking steps to address the OIG’s concerns, and we are committed to an improved Information Technology Governance Board," a FEMA spokesperson told Nextgov.

Editor's Note: This story has been updated to include a statement from FEMA.