Risk Assessment of the Millennium Challenge Corporation’s Information Technology Governance Over Its Information Technology Investments

Recommendations

Recommendation 1

IT Governance Recommendation: We recommend that the Millennium Challenge Corporation Chief Information Officer update the information technology strategic plan to reflect current enterprise strategic goals.

Questioned Cost:
$0
Close Date:
Recommendation 2

We recommend that the Millennium Challenge Corporation Chief Information Officer develop and implement a formal process for managing risk and updating the information technology strategic plan accordingly. Risk management must drive enterprise architecture decisions, providing secure information system environments for critical applications. The plan should be reviewed at a minimum annually and when major events occur that have an impact on strategic goals. When updating the information technology strategic plan the Chief Information Officer should verify compliance with the Office of Management and Budget Circular No. A-130, Management of Federal Information Systems, with regard to the capital planning and investment control process which includes the information resource management strategic plan and the information technology capital plan which is required to be updated twice yearly.

Questioned Cost:
$0
Close Date:
Recommendation 3

We recommend that the Millennium Challenge Corporation Chief Information Officer complete the enterprise information architecture planning and implementation project as discussed in the Executive Level Notional OCIO 2 Year Portfolio in order to maintain an information architecture that reflects the business requirements.

Questioned Cost:
$0
Close Date:
Recommendation 4

We recommend that the Millennium Challenge Corporation Chief Information Officer develop and implement a project plan for leveraging data as indicated in the authoritative data source process and methodology in order to provide business users access to detailed information to aid in analysis and decision making by June 30th, 2012.

Questioned Cost:
$0
Close Date:
Recommendation 5

We recommend that the Millennium Challenge Corporation Chief of Staff develop and implement a formal process that must be consistently applied for the Enterprise Architecture Steering Committee to prioritize information technology enabled-investment programs.

Questioned Cost:
$0
Close Date:
Recommendation 6

We recommend that the Millennium Challenge Corporation Chief of Staff formally document and implement a process requiring the Enterprise Architecture Steering Committee to consider risk management when discussing strategic direction and approval of information technology investments.

Questioned Cost:
$0
Close Date:
Recommendation 7

We recommend that Millennium Challenge Corporation Chief Information Officer (1) conduct an analysis to determine whether the information technology function has sufficient resources to adequately support the business goals and objectives of the organization and (2) through the organization's budgeting process, submit a written request for additional resources to address any shortfalls identified in the analysis.

Questioned Cost:
$0
Close Date:
Recommendation 8

We recommend that the Millennium Challenge Corporation Deputy Chief Financial Officer revise the budget policy and procedures to account for the change from line item budgeting to project budgeting.

Questioned Cost:
$0
Close Date:
Recommendation 9

We recommend that the Millennium Challenge Corporation Chief Information Officer develop a process and implement a tool for monitoring project plans and work completed to determine earned value, providing an early warning of performance issues impacting project budgets.

Questioned Cost:
$0
Close Date:
Recommendation 10

We recommend that the Millennium Challenge Corporation Chief Information Officer define quality requirements, criteria, and key performance indicators for evaluation of quality management for key IT processes.

Questioned Cost:
$0
Close Date:
Recommendation 11

We recommend that the Millennium Challenge Corporation Chief Information Officer identify and document standards, procedures, and practices for key IT processes to guide the Agency in defining and evaluating criteria for quality management.

Questioned Cost:
$0
Close Date:
Recommendation 12

We recommend that the Millennium Challenge Corporation Chief Information Officer implement a process to incorporate the following components into its projects:
A project governance structure that includes the roles, responsibilities, and accountabilities of various key players in project management.
Project sponsors assigned for the execution of each project.
Project office and project manager.
Elements such as approving the initiation of phases, communicating to all stakeholders the status of projects, establishing an integrated project plan, project quality plan, and defining the responsibilities of project team members.
Project risk management through the process of planning, identifying, analyzing, responding to, monitoring and controlling risk.
Project change control.
Lessons learned.

Questioned Cost:
$0
Close Date:
Recommendation 13

We recommend that the Millennium Challenge Corporation Chief Information Officer implement a process to verify that risk management plans and Exhibit 300 business cases are consistently used, monitored and updated annually for an IT projects as required.

Questioned Cost:
$0
Close Date:
Recommendation 14

We recommend that the Millennium Challenge Corporation Chief Information Officer finalize and implement the system development life cycle.

Questioned Cost:
$0
Close Date:
Recommendation 15

We recommend that the Millennium Challenge Corporation Chief Information Officer develop and implement a policy to fully address the maintenance of software applications.

Questioned Cost:
$0
Close Date:
Recommendation 16

We recommend that the Millennium Challenge Corporation Chief Information Officer develop and implement a process for ensuring the integration of software into the current infrastructure is properly planned and executed.

Questioned Cost:
$0
Close Date:
Recommendation 17

We recommend that the Millennium Challenge Corporation Director of Contracting develop and implement information technology acquisition instructions that provide a methodology to evaluate the components of information technology acquisition contracts.

Questioned Cost:
$0
Close Date:
Recommendation 18

We recommend that the Millennium Challenge Corporation Chief Information Officer develop and implement a process to ensure end user testing and evaluation of developed applications.

Questioned Cost:
$0
Close Date:
Recommendation 19

We recommend that the Millennium Challenge Corporation Chief Information Officer develop and implement a process to ensure personnel are trained in the use of developed applications.

Questioned Cost:
$0
Close Date:
Recommendation 20

We recommend that the Millennium Challenge Corporation Chief Information Officer document and implement policies and procedures for data conversion, testing of applications and infrastructure migration.

Questioned Cost:
$0
Close Date: