I
a
U.S. Environmental Protection Agency
Office of Inspector General
At a Glance
08-P-0271
September 22, 2008
Why We Did This Review
We evaluated the cost
justifications for major
Information Technology (IT)
investments in the U.S.
Environmental Protection
Agency (EPA) IT investment
portfolio. We also evaluated
contracted work for IT
investments to determine
whether the work met EPA's
(1) time and budget estimates,
and (2) intended needs.
Background
EPA received $346 million in
system development and/or
maintenance funding for
Fiscal Year 2007. This
funding includes IT
acquisition costs for contract
services to develop and/or
maintain IT systems.
For further information,
contact our Office of
Congressional and Public
Liaison at (202) 566-2391.
To view the full report,
click on the following link:
www.epa.qov/oiq/reports/2008/
20080922-08-P-0271 .pdf
Catalyst for Improving the Environment
EPA Personnel Access and Security System
Would Benefit from Improved Project Management
to Control Costs and the Timeliness of Deliverables
What We Found
EPA has put into place processes to adequately justify costs of projects identified
in its IT investments portfolio. However, the lack of key project management
practices prevents it from achieving many of the projected milestone and budget
estimates. In particular, EPA did not require the EPA Personnel Access and
Security System (EPASS) contractor to follow Agency procedures for system
development. EPASS did not have a Project Manager authorized to oversee the
contractor's work. EPA also paid for invoices that contained contractor labor
overcharges. These system development procedures are designed to help
management better predict and control project costs. Had EPA implemented
processes to mitigate many of the identified system development weaknesses, it
would have been better able to anticipate and possibly avoid most of the additional
$983,216 in costs for EPASS. Further, had EPA implemented formal review
procedures for contractor invoices, it would have prevented paying an estimated
$75,276 in over-billed contractor labor charges. We were unable to determine
whether the EPASS work would meet EPA's intended needs because the project is
under further development.
What We Recommend
Our recommendations to the Director, Security Management Division, Office of
Administration, Office of Administration and Resources Management, are to:
• Develop and maintain an EPASS System Management Plan that includes
the required Change Management and information security documents.
• Appoint a certified EPASS Project Manager with authority to oversee
contractor work and ensure compliance with EPA's System Life Cycle
Management guidance.
• Issue a memorandum to all EPASS Task Order Project Officers that
outlines and reinforces expectations for complying with EPA invoice
reviewing guidance.
• Follow up with the Contracting Officer to ensure EPA collects from the
contractor the amount EPA overpaid for billing rate errors in the
contractor's invoices.
The Agency indicated that it has taken actions to address many of our concerns.
However, we believe the actions taken do not adequately address our
recommendations. The Agency needs to take steps to put into place a structure to
ensure that the EPASS project progresses through the System Development Life
Cycle process as required by EPA guidance.
-------� |