Energy touts IT progress, while IG focuses on flaws
- By Wilson P. Dizard III
- May 11, 2005
Rose Parks said DOE plans to improve its failing FISMA grade in the next fiscal year. 'We know where we were gigged [under FISMA] for 2004.'
The Energy Department's IT glass is half full or half empty, depending on who's talking.
DOE officials express confidence that the department is proceeding on a smooth path to improving its already impressive technology infrastructure.
But the department's inspector general charged in a recent report that DOE's enterprise architecture still isn't complete despite 10 years of work and the expenditure of $14 million, and that as a result the department has lost $155 million in potential savings.
The conflicting views reflect how complex IT projects can show success and failure at the same time.
Energy has a total 2005 IT budget of $2.6 billion, which includes spending on highly advanced supercomputing programs.
CIO Rose Parks said during a recent interview that 'right now, we have no major projects in remediation.'
She echoed testimony she gave last month before the House Government Reform Committee about the Office of Management and Budget's investment management watch list, when she said, 'I am proud to inform you that the Department of Energy no longer has any investments on the watch list.'
Parks said during the interview that investment projects are reviewed by both OMB and Energy's Capital Planning and Investment Control Process'a council formed of senior department executives, which meets quarterly. 'We are working with program offices through an existing enterprise architecture,' she said.
Parks pointed to DOE's success in creating a council of the department's cybersecurity chiefs that includes about 50 members and had its first meeting last month.
'Well over 90 percent of our systems are certified and accredited right now,' Parks said. 'We [will use] our validation and verification process to assure that these certifications and accreditations are robust. I think for the most part they are strong.'
Parks said DOE plans to improve its failing Federal Information Security Management Act grade next year. 'We know where we were gigged [criticized under FISMA] for 2004. We are going to concentrate on implementing minimum security configurations across the enterprise and completing a 100 percent inventory across the enterprise.'
Auditors from the IG's office, however, took a dim view of the department's progress toward creating a complete enterprise architecture in an April report titled Development and Implementation of the Department's Enterprise Architecture.
The auditors said that when they conducted their review, 'the department had not completely defined its current or future requirements, such as desired systems, supporting applications, and hardware and technology standards.'
The auditors wrote that Parks' office had issued architecture guidance that generally was not mandatory, did not include information about systems standardization and was not formally released.
'As a result, the programs are not required to follow the standards contained in the guidance when they develop their future technology requirements,' according to the report.
The report acknowledged that DOE has launched an Enterprise Architecture Repository that will include an inventory of existing systems and a description of future requirements. But auditors said the department had not fully populated the repository with that information.
The auditors tartly observed that 'as demonstrated by a series of reports issued since 1998, the lack of an architecture contributes to costly and potentially incompatible and non-integrated systems.'
Department officials bridled at the auditors' downbeat comments. For example, the report notes that 'the CIO stated that architecture standards are updated and published in each version of the enterprise architecture. Management also asserted that investments are reviewed annually for compliance with the enterprise architecture as part of the [CPIC] process.'
The auditors flatly rejected management claims that DOE has a complete and approved enterprise architecture. They cited OMB's decision to award DOE a score of 2.25 out of a possible 5.0 for its architecture work.
To read the IG's report on Energy's enterprise architecture, go to www.gcn.com
and enter 421 in the GCN.com/box. n