At a Glance: EPA Should Improve Oversight of Mobile Phones


^tDsrx
* Q \
\X!
U.S. Environmental Protection Agency
Office of Inspector General
At a Glance
20-P-0068
January 10, 2020
Why We Did This Project
We conducted this audit to
determine whether the
U.S. Environmental Protection
Agency (EPA) effectively
manages its mobile phones.
Per EPA Chief Information
Officer (CIO) Classification
No. 2150.4, Mobile Computing
Policy, the agency must
effectively manage mobile
resources to promote the
efficient spending of funds
allocated for information
technology needs. This policy
also requires that mobile
resources be monitored for
authorized and unauthorized
use, as well as be assessed to
establish controls.
The EPA's Office of Information
Technology Operations (OITO),
within the Office of Mission
Support, is responsible for
overseeing and implementing
CIO-2150.4 and the associated
Mobile Computing
Management Procedures
(CIO-2150.4-P-01.1).
This report addresses the
following:
• Operating efficiently and
effectively.
Address inquiries to our public
affairs office at (202) 566-2391 or
OIG WEBCOMMENTS@epa.gov.
List of OIG reports.
EPA Should Improve Oversight of Mobile Phones
What We Found
The EPA's OITO needs to improve its oversight of
mobile phones at the program office and regional
levels. Specifically, the OITO did not:
•	Require justifications for mobile phone use.
•	Determine whether the program and regional
offices had standard operating procedures in
place for the management of mobile phones.
•	Confirm that the required acknowledgment forms were signed and completed
before processing mobile phone orders.
•	Inform all agency mobile phone users about what types of calls do not count
toward the agency's monthly ceiling of mobile voice and data limits.
According to the OITO, the management of mobile phones is the responsibility of
each program office and region. However, CIO-2150.4 assigns oversight
responsibility to the OITO. While the OITO does email quarterly mobile phone
utilization reports to the program and regional offices, it does not verify whether
these offices monitor mobile phone use. As a result, the OITO is not
implementing or enforcing effective management over the agency's mobile
phones.
Recommendations and Planned Agency Corrective Actions
We recommend that the Assistant Administrator for Mission Support:
1. Establish internal controls that implement the oversight responsibilities
outlined in CIO-2150.4-P-01.1.
The EPA was billed at
least $12,000 over 2 years
for unused mobile phone
services due to needed
improvements in mobile
phone oversight. These
funds could have been
put to better use.
2.	Update the agency's mobile device intranet site to include information on the
types of calls that do not count against the EPA's monthly mobile voice and
data limits.
3.	Update the utilization reports to track calls that do not count against the
EPA's monthly mobile voice and data limits to establish baseline information
and make subsequent improvements.
The EPA agreed with all recommendations and completed the corrective actions
for Recommendations 2 and 3. The EPA provided an acceptable planned
corrective action and estimated completion date for Recommendation 1, which is
resolved with corrective action pending.

-------