When hundreds of people must evacuate their homes as floodwaters rise, or a community needs a cleanup after a tornado, it’s important that federal assistance is adequate and arrives quickly.
But that can’t be done without the right IT framework to send and store information, and that is a concern for the Federal Emergency Management Agency’s Office of Inspector General.
In a recent report from FEMA’s IG, auditors are urging the agency to clean up its IT framework by establishing a centralized plan and sticking to it.
“Without effective agency-wide IT governance, FEMA’s IT environment has evolved over time to become overly complex, difficult to secure, and costly to maintain,” auditors said. “Further in this complex, decentralized IT environment, FEMA’s IT systems are not sufficiently integrated and do not provide personnel with the data search and reporting tools they need. As a result of system limitations, end users engage in inefficient, time-consuming business practices that can increase the risk that disaster assistance and grants could be delayed and duplication of benefits could occur.”
The OIG made five recommendations for FEMA and requested a closeout letter from the agency by the end of December.
A spokeswoman for FEMA said the agency would not have a response to a request for a copy of the letter until after the new year. The agency concurred with all five recommendations, which are:
Finalize necessary IT planning documents that reflect the current IT strategy of the organization and IT modernization initiatives.
Execute the planning documents, using the milestones and metrics included in them to evaluate FEMA’s long-term progress in improving its IT management and operations.
Finalize the IT Governance Board (ITGB) charter and expand the capacity of the board to make the board the IT decision-making authority for the agency.
Implement a plan of action and milestones to address the integration and reporting limitations of existing systems.
Implement and enforce a standardized, agency-wide process that sufficiently defines and prioritizes the acquisition, development, operations and maintenance requirements for all systems.
According to information provided in the document, FEMA has a workforce of about 18,450 federal employees and contractors throughout its headquarters in Washington, along with 10 regional offices, three area offices and a series of temporary disaster-relief sites. An additional 7,000 employees are on standby for disaster deployment.
The office of the CIO has more than 1,000 staff members. The agency spent about $450 million in fiscal 2014 on IT.
The mission of FEMA’s Office of the Chief Information Officer is to develop and maintain the agency’s IT infrastructure, support the agency’s operations programs and increase “efficencies and cooperation across FEMA.”
The Office of the CIO is one area the IG’s office pointed to as a reason for the agency’s IT troubles. According to the report, in the past decade FEMA has gone through six CIOs, with each staying an average of 15 months.
“In the last three years alone, FEMA has four different individuals in the CIO position,” auditors said.
FEMA has not been able to follow through on its IT plans in part because of the frequent turnover in the OCIO, the report said.
“Without effective IT planning, FEMA risks making limited progress improving IT needed to support the agency’s mission,” the report said. “Although FEMA has improved its IT governance through establishing an IT Governance Board, these efforts have not yet been fully effective.”
In fiscal 2012, FEMA established an IT governance board, but it stopped holding meetings in September 2014. A new ITGB has been set up, though auditors said by the time their fieldwork was done in March, the board’s charter was still in draft form.
Another concern included in the report is that the IT systems aren’t fully integrated and require employees to manually enter information.
One example auditors referenced concerned an exercise in which FEMA staff had to manually transfer 18 state requests from the state system before the agency could process those requests. This caused a delay from between two and six hours, auditors said, which “can be critical in emergency management and response, which involves saving lives and preventing property damage.”