The report also cited inadequate definition of requirements,
and testing prior to deployment, as well as a lack of
alternatives analysis, all of which are characteristics of a
“reactive IT management approach.”
It said EP-and-R’s enterprise architecture has not been
updated to where it can govern the IT environment, resulting
in the inability to take on major increases in workload.
The IT systems “are not adaptable to change, and lack needed
real-time reporting capabilities,” due to “FEMA’s focus on
short-term IT fixes rather than long-term solutions,” the
report said.
However, it also said EP-and-R CIO staff and the national
help desk “provided significant service during the 2004
hurricanes,” something Barry C. West, the CIO Director for
IT Services pointed out in an August 3 memo to acting IG
Richard Skinner in response to the report, arguing that
solid IT management made that possible.
Also signed by former Under Secretary for EP-and-R and
head of FEMA, Michael D. Brown, the memo complained of the
general “negative” tone of the “unacceptable” report,
saying it “incorrectly characterizes our strategic planning
and IT activities.”
However, while the report lauded “FEMA’s disaster response
culture,” which it said, “has supported the agency through
many crisis situations, such as the 2004 hurricanes,” it
also said “FEMA’s accomplishments were not necessarily
because of its IT systems, but often in spite of them.”
In the same section on management practices that have
contributed to systems operations problems, the audit
criticized FEMA’s “short-term fixes” for not leaving enough
time to test systems well enough.
“Without taking the time to fully define and document
systems requirements, it is difficult for FEMA to evaluate
effectively viable alternatives to its custom designed
systems,” the audit said.