MCC Could Improve Its Information Technology Governance To Conform to FITARA

Audit Report
Report Number
A-MCC-18-004-C

We contracted with the independent certified public accounting firm Brown & Company CPAs and Management Consultants PLLC to conduct an audit of MCC’s implementation of the Federal Information Technology Acquisition Reform Act (FITARA). Although MCC was not required to implement FITARA, we initiated this audit to assess whether MCC could improve its information technology governance processes. Accordingly, the objective of this performance audit was to determine whether MCC established a framework for the management and oversight of its information technology, as prescribed in OMB memorandum M-15-14, “Management and Oversight of Federal Information Technology.” The audit firm concluded that MCC conformed to 6 of the 19 applicable common baseline requirements outlined in the memo. However, the audit firm determined that MCC did not conform in several areas. For example, the chief information officer (CIO) did not report directly to MCC’s Chief Executive Officer or Deputy Chief Executive Officer, nor did MCC have a corporate-wide glossary of FITARA terms and requirements, as required by the Clinger-Cohen Act. Further, MCC had not updated its Budget Formulation Policy and Procedure Manual to make its CIO responsible and accountable for the life-cycle management of all IT assets, nor did the CIO consistently review and approve IT acquisition strategies and plans that originated outside the Office of CIO.

To address the weaknesses identified in the report, the audit firm made and OIG agreed with seven recommendations to MCC’s management.

Recommendations

Recommendation 1

MCC restructure the corporation's organizational structure for the chief information officer to report directly to the corporation's Chief Executive Officer or the Deputy Chief Executive Officer, as required by the Clinger-Cohen Act.

Questioned Cost:
$0
Recommendation 2

MCC Create a corporation-wide glossary of key terms and definitions, which incorporates the Clinger-Cohen Act's definitions of "information technology resources" and "information technology."

Questioned Cost:
$0
Recommendation 3

MCC perform a corporation-wide self-assessment using the Federal Information Technology Acquisition Reform Act implementation guidelines in Office of Management and Budget M-15-14.

Questioned Cost:
$0
Recommendation 4

MCC prepare a plan to implement the Federal Information Technology Acquisition Reform Act as prescribed by Office of Management and Budget M-15-14.

Questioned Cost:
$0
Recommendation 5

MCC update the corporation's budget formulation and planning policies and procedures to include the chief information officer's roles, responsibilities, and requirements found in Office of Management and Budget M-15-14.

Questioned Cost:
$0
Recommendation 6

MCC update the corporation's information technology acquisition strategy procedures to include a requirement for the chief information officer to review and approve all information technology cost estimates and information technology acquisition strategies and plans.

Questioned Cost:
$0
Recommendation 7

MCC implement policies and procedures requiring the chief information officer to review and approve all agreements for the acquisition of information technology goods and services before they are awarded.

Questioned Cost:
$0