OPM is “at risk with respect to managing and preserving electronic records” an IG audit has found, in part because it went two years without a permanent records officer in its CIO’s office and those who filled that role on an acting basis did it “mostly as a collateral duty.”
“As a result, of inadequate oversight, OPM program offices may be unaware of the records management requirements to maintain, destroy or archive their records. Since OPM uses a decentralized filing system for its internal administrative records, having a permanent records officer to coordinator the agency’s records management program is imperative to the program’s success and compliance with federal regulations,” a report said.
The IG conducted its study at the request of the Senate Homeland Security and Governmental Affairs Committee, which asked for an assessment of OPM’s compliance with laws and administrative policies relating to the preservation of electronic records.
Among the changes in law were 2014 requirements to manage records created or received in non-official and personal electronic messaging accounts. But the IG said that OPM “has not issued any specific guidance on the use of government-issued smartphones, to include, restrictions on installing certain applications or procedures on the preservation of smartphone-generated records related to government business.”
Auditors said that in a field sample, they identified seven OPM executives who had conducted agency business on their personal smartphones, three of whom had an application on the phone “known for its encrypting and deleting capabilities,” creating a risk that official records are not being kept as required.