Recommendation: To strengthen Justice's oversight of its component agency IT investments, the Attorney General should direct the Justice Chief Information Officer (CIO) to ensure that oversight of IT investments is treated as a departmental priority, that initiatives intended to introduce missing oversight controls and capabilities are expeditiously planned and implemented, and that significant deviations from these oversight improvement initiative plans be reported to the Attorney General.

Agency Affected: Department of Justice

Status: Implemented

Comments: The Justice Chief Information Officer (CIO) identified information technology (IT) investment and program management as a major objective within the department's IT Strategic Plan. In fiscal year 2005, Justice implemented an IT oversight process, which includes the review and approval of IT investment concept papers, Exhibit 300s, and component portfolios. Justice also implemented a three-tiered review process to ensure that proper controls are in place to successfully complete IT projects and to coordinate the implementation of corrective actions when issues are identified. The first tier review is the Dashboard review, which provides the CIO with information (e.g., cost, schedule performance, risks) to assess the status of major IT projects. The second tier review is the Project Oversight Process, which includes periodic reviews of IT investments to ensure that projects are proceeding according to the Justice IT investment plan. The third tier review is the Department Executive Review Board, which ensures that component investments are aligned with Justice's IT strategy and that return-on-investment is considered in IT investment decision-making. In addition, Justice implemented strategic initiatives to help oversee and improve its IT investment management. For example, Justice developed an IT Investment Planning Guide, which outlines IT oversight controls and capabilities such as an investment evaluation phase, investment planning schedule, data collection products, and selection criteria involved in developing an IT investment plan.

---

Recommendation: The Attorney General should direct the CIO to ensure the oversight improvement initiatives provide for addressing the missing controls and capabilities discussed in this report, including devoting adequate resources (e.g., skills, training, funding, and tools) for implementing the process.

Agency Affected: Department of Justice

Status: Implemented

Comments: In fiscal year 2005, Justice reported that it redirected resources to support a higher level of oversight within its Office of the Chief Information Officer (CIO), which is responsible for overseeing the department's IT investments. For example, the Deputy CIO for Enterprise Solutions Staff now serves as the chairperson for Justice's Earned Value Management (EVM) systems working committee. Justice established the Earned Value Management (EVM) Working Committee to, among other things, help implement the EVM system across the department. The EVM system is expected to aid Justice in ensuring that its major IT investments are within 10% of their cost and schedule goals. In addition, Justice developed a database, known as Dashboard, that provides the CIO, component CIOs, and project managers with current status information including cost, schedule, and risk information on major and other highly-visible IT systems. Justice also established a Department Executive Review Board, which is chaired by the Justice CIO, to provide department-level oversight of major IT investments and to ensure component investments are aligned with the Department's IT strategy. Further, Justice established an IT management strategic goal that calls for conducting skills assessments, succession planning, recruiting and training to help develop a high-performing IT workforce.

---

Recommendation: The Attorney General should direct the CIO to ensure the oversight improvement initiatives provide for addressing the missing controls and capabilities discussed in this report, including measuring process implementation and performance and identifying and implementing potential improvements.

Agency Affected: Department of Justice

Status: Implemented

Comments: Justice developed an IT Strategic Management (ITSM) Framework, which, among other things, incorporates a performance measurement process to enable the Office of the Chief Information Officer (CIO) to measure performance of its oversight process at the strategic and investment level. Justice reported that its performance measurement process is based on OMB's Performance Reference Model (PRM), which requires that each performance goal include a corresponding metric. In addition, Justice developed an Operational Analysis Framework, which provides standard reporting of operational analysis results for major IT investments and captures specific indicators of performance based on the OMB and Justice approved Performance Reference Model. This framework helps Justice assess how well a program is performing its mission objectives. Further, the Strategic Management and Operational Analysis frameworks outline Justice's evaluation process including the evaluation of IT project's impact on mission performance and the identification and implementation of lessons learned into the investment process.

---

Recommendation: The Attorney General should direct the CIO to ensure that the oversight improvement initiatives provide for addressing the missing controls and capabilities discussed in this report, including having steps and procedures for implementing the policy.

Agency Affected: Department of Justice

Status: Implemented

Comments: Justice outlined steps and procedures for implementing its oversight policy in several documents including its IT Strategic Management Framework and Project Oversight Concept of Operations documents. For example, the Concept of Operations includes procedures for Justice's three tiers of IT oversight reviews including its (1) Dashboard review that provides information on cost, schedule, performance, and risk for all major and highly-visible IT projects, (2) Project Oversight Process, which includes periodic reviews of IT investments to ensure compliance with Justice's IT investment plan, and (3) Department Executive Review Board, which ensures that IT investments are aligned with Justice's IT strategy. Specific procedures for the Department Executive Review Board outlined in the Concept of Operations include (1) providing the Board with information on the project's return on investment; (2) schedule, cost, funding, and key events since the previous Board review; (3) details on major developments and risks that impact project scope, cost, schedule, or return on investment; and (4) major issues that need to be addressed.

---

Recommendation: In order to ensure that INS develops and collects the requisite data needed to measure IT project progress and performance and to perform departmental oversight, the Attorney General should direct the Commissioner of INS to ensure that INS adheres to existing agency system life cycle and investment requirements governing management of system cost, schedule, capability, and benefit parameters and expectations.

Agency Affected: Department of Homeland Security: Directorate of Management

Status: Implemented

Comments: The Immigration and Naturalization Service is no longer a component of Justice. However, in fiscal year 2005, Justice developed an IT oversight process that requires its components to provide cost, schedule, performance, and risk information, thus allowing it to assess the component's IT project's status. In addition, Justice has implemented an earned value management system across the department to manage its IT projects' cost and schedule. In taking this step for all departmental components, Justice has satisfied the intent of the recommendation.

---