USAID Has Gaps in Conforming With the Federal Information Technology Acquisition Reform Act

Audit Report
Report Number
A-000-19-004-C
The 2014 Federal Information Technology Acquisition Reform Act (FITARA) holds Federal agencies’ chief information officers accountable for mitigating risk in, economizing on, and better managing IT investments. OIG contracted with an independent certified public accounting firm to perform an audit of USAID’s implementation of FITARA. The firm concluded USAID had met only 7 of 23 baseline requirements and had not established a comprehensive framework to implement the act. The Agency did not indicate in its implementation plan what it would do to address the main areas of weakness: the CIO did not have the required reporting arrangement or authority; the Agency did not adopt the all-encompassing FITARA definitions for IT and IT resources, which would allow such assets to be considered in key decisions; and it lacked controls to enforce competency requirements for IT staff. To address these weaknesses and improve USAID’s conformance with FITARA, OIG made nine recommendations.

Recommendations

Recommendation 1

USAID develop and implement a governance structure so that the chief information officer position reports directly to the Administrator as required by the Federal Information Technology Acquisition Reform Act and the Clinger-Cohen Act.

Questioned Cost:
$0
Recommendation 2

USAID revise Automated Directives System 101 to give the chief information officer the roles, responsibilities, and authorities to oversee all annual and multiyear planning, programming, and budget execution decisions, and reports related to information technology resources, as required by the Federal Information Technology Acquisition Reform Act.

Questioned Cost:
$0
Close Date:
Recommendation 3

USAID develop and implement policies that give the chief information officer authority for formulating and executing the information technology budget and overseeing information technology resources, as required by the Federal Information Technology Acquisition Reform Act.

Questioned Cost:
$0
Recommendation 4

USAID revise Agency policies and procedures to provide the chief information officer with information needed for overseeing all information technology investments and acquisitions to prevent, detect, and correct shadow and hidden information technology.

Questioned Cost:
$0
Recommendation 5

USAID issue a written decision on whether to authorize DTRAMS, and take appropriate actions to comply with security assessment and authorization controls in National Institute of Standards and Technology Special Publication 800-53 Revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations."

Questioned Cost:
$0
Recommendation 6

USAID document and implement an inventory validation process to accurately and completely document information technology investments, the information technology systems inventory, and the Federal Information Security Modernization Act reportable systems inventory.

Questioned Cost:
$0
Recommendation 7

USAID document and implement processes for maintaining accurate records for, and managing the consolidation and streamlining of, its information technology resources, systems, data centers, and other shared information technology services in compliance with Office of Management and Budget Memorandum M-15-14.

Questioned Cost:
$0
Close Date:
Recommendation 8

USAID revise Agency policies, procedures, and directives to adopt the definitions of terms and requirements presented in Office of Management and Budget Memorandum M-15-14, including (1) information technology budgetary resources, personnel, and facilities and (2) acquisitions and interagency agreements that include information technology and the services or equipment provided by such acquisitions or interagency agreements.

Questioned Cost:
$0
Close Date:
Recommendation 9

USAID document and implement a process to enforce the competency requirements for information technology staff, including those in information technology leadership positions, and complete the assessment of competency requirements for information technology staff.

Questioned Cost:
$0