We contracted with the independent certified public accounting firm Brown & Company CPAs and Management Consultants PLLC to conduct an audit of MCC’s implementation of the Federal Information Technology Acquisition Reform Act (FITARA). Although MCC was not required to implement FITARA, we initiated this audit to assess whether MCC could improve its information technology governance processes. Accordingly, the objective of this performance audit was to determine whether MCC established a framework for the management and oversight of its information technology, as prescribed in OMB memorandum M-15-14, “Management and Oversight of Federal Information Technology.” The audit firm concluded that MCC conformed to 6 of the 19 applicable common baseline requirements outlined in the memo. However, the audit firm determined that MCC did not conform in several areas. For example, the chief information officer (CIO) did not report directly to MCC’s Chief Executive Officer or Deputy Chief Executive Officer, nor did MCC have a corporate-wide glossary of FITARA terms and requirements, as required by the Clinger-Cohen Act. Further, MCC had not updated its Budget Formulation Policy and Procedure Manual to make its CIO responsible and accountable for the life-cycle management of all IT assets, nor did the CIO consistently review and approve IT acquisition strategies and plans that originated outside the Office of CIO.
To address the weaknesses identified in the report, the audit firm made and OIG agreed with seven recommendations to MCC’s management.