Cybersecurity Planning Weaknesses May Hinder the Efficient Use of Future Resources [open pdf - 226KB]
"We did not find any instances where OCIO [Department's Office of the Chief Information Officer] expended the $29 million in appropriated funds received between 2012 and 2015 on non-cybersecurity initiatives. At the time of our review, OCIO had approximately $23.4 million in expenditures out of the $29 million. We sampled 61 of 181 transactions with an expenditure amount of $18.26 million or 78.2 percent of the $23.4 million. All sampled transactions were in support of cybersecurity initiatives. However, OCIO did not consistently apply billing procedures when expending funds through the Working Capital Fund (WCF). We found that $285,352 (7.65 percent) of the $3.73 million in cybersecurity funds advanced to and expended via the WCF was used to pay for services outside of the period of performance and scope of work outlined in OCIO cybersecurity funded intra-agency agreements. Such errors make it difficult for OCIO to ensure that WCF customers are accurately and consistently charged for services as described in customer agreements. OCIO did not adequately document or plan for its cybersecurity funding needs. OCIO did not maintain adequate support documentation to justify its costs estimates for the amount of cybersecurity funds requested in budget years 2014, and 2015. Additionally, OCIO did not always follow OMB or its own acquisition planning guidance for three information technology (IT) projects that accounted for about $20 million (68 percent) of the $29 million appropriated. For example, OCIO did not provide evidence that it developed and documented alternative analyses for two of the three IT projects, or established realistic initial costs and schedule estimates."
Report Number: FI2017066
Department of Transportation. Office of Inspector General: https://www.oig.dot.gov/