Legacy IT systems and limited authority for the agency’s CIO slowed the Federal Emergency Management Agency’s (FEMA) emergency response activities in 2017, according to an audit by the Department of Homeland Security’s (DHS’) Office of the Inspector General (OIG) released August 27.
The audit focused on 2017 – a year with multiple disasters requiring FEMA’s response, and one that stretched the agency’s IT capabilities. With a decentralized structure within the agency, the CIO’s office managed the agency’s IT infrastructure and maintained enterprise services, but ran into challenges in implementing IT management practices.
FEMA said it is working on a variety of modernization fixes to the IT problems, and hopes to complete that work next year.
“FEMA has not fulfilled statutory requirements to develop an IT strategic plan and an enterprise architecture as a foundation for enterprise-wide IT guidance and standards … We attribute these deficiencies to the FEMA CIO’s limited oversight authority and FEMA’s decentralized allocation of IT funding directly to program offices,” the audit states.
OIG castigated the agency for not providing the CIO enough authority to plan for the IT environment, and for a decentralized funding structure that only gives the CIO control of 40 percent of IT dollars. The OIG in multiple reports has criticized that funding structure.
With a weak management structure in place, FEMA ran into cost issues and delays for the workforce trying to respond to emergencies. IT spending in fiscal year 2018 exceeded budget by $56 million, with the agency relying on “impromptu shifting of funds” between components, OIG said. Workforce readiness also suffered, delaying the onboarding of the disaster surge workforce, inadequate IT infrastructure at field offices responding to incidents, and misconfigured mobile devices.
These challenges affected the agency’s mission – responding to emergencies, OIG said.
Many of FEMA’s emergency management systems were not linked, pushing staff to use multiple systems, and leading to confusion. Systems also failed to handle the number of users accessing the data warehouse, which caused delays, impaired the sharing of new data, and limited access to real-time information. Driven by confusion and frustration, users moved to circumvent FEMA’s systems, and placed data at risk as a result. Users had to canvass at off-peak hours to avoid overloading systems, use temporary databases due to bandwidth issues, and even bring personal equipment to work to avoid the outdated and slow computers at work, OIG said.
“During our fieldwork, we met with 285 staff members from FEMA field locations, nearly all of whom said they were stymied by IT-related challenges while performing disaster response and recovery work,” OIG stated.
The audit recommends that FEMA provide the CIO with the necessary authority and resources to fulfill mandates, promote IT management as an agency-wide activity, start a strategic planning effort to better direct resources, and develop a modernization approach.
FEMA concurred, saying it expects its efforts on these recommendations to be completed in the spring and early summer of 2020.