The Department of Homeland Security continues to work
to institutionalize IT management controls and
capabilities across the department but it has a long
road ahead, the Government Accountability Office has said.
According to GAO-06-598T, the department has and uses
an enterprise architecture to guide and constrain IT
investment; defines and follows a corporate process for
informed decision making by senior leadership about
completing IT investment options; applies system and
software development acquisition discipline; has established
a comprehensive information security program to protect
its information and systems; has sufficient people with
the right knowledge, skills, and abilities to execute each
of these areas now and in the future; and has centralized
leadership for extending these disciplines throughout the
organization with an empowered CIO.
However, much work remains before these and other
disciplines are fully matured and institutionalized, GAO said.
It said that although the department recently completed
a comprehensive inventory of its major information systems
it has yet to fully implement a comprehensive information
security program — and other institutional IT
disciplines are still evolving.
While DHS has implemented a system to identify and screen
visitors entering the country, a related exit capability
and a government-run system to prescreen domestic airline
passengers have not been put in place, the report said.
It said that the department has more to do before the IT
disciplines discussed above are consistently employed
across its key non-financial systems.
These programs have not consistently employed reliable,
cost eliminating practices, effective requirements
development and test management, meaningful performance
measurement, strategic workforce management, and proactive
risk management, among other program management
best practices, GAO said.