U.S. Department of Justice

June 4, 2007

MEMORANDUM FOR	GLENN A. FINE INSPECTOR GENERAL
FROM:	Lee J. Lofthus Assistant Attorney General    for Administration
SUBJECT:	Response to Draft Audit Report for Identification and Review of the Department's Major Information Technology Systems Inventory

We received your recent memorandum and have reviewed the draft audit report prepared by the Office of the Inspector General (OIG) audit staff. We appreciate the opportunity to review the draft report and provide additional insight into both the findings and recommendations.

The basis for the audit report was a congressional directive to provide an inventory of major Department of Justice (DOJ) information technology (IT) systems. The OIG provides information on DOJ's IT inventory and cost data for each of the Department's major systems, including selected cost information on three IT systems from the components responsible for the majority of DOJ's IT spending: the Federal Bureau of Investigation (FBI); the Drug Enforcement Administration (DEA); and the Justice Management Division (JMD).

We believe that the draft report's characterization that there is an "absence" of controls over IT cost reporting overstates the report's findings. We do, however, acknowledge that controls over reporting IT project costs can be improved and strengthened. While the Department does not use full cost accounting or activity based costing, the Office of the Chief Information Officer (OClO) provides sound project management oversight on the myriad activities associated with the major technology systems inventory. Short of full cost accounting on every project, we concur that additional clarification and standardization of Department cost reporting practices would strengthen reporting reliability.

One factor that may affect the reporting of cost data but was not discussed in the OIG report is the difference between funding that is authorized, obligated, and expended. "Cost" reports or survey responses based on these different categories would likely show great discrepancies when compared to one another; however, each could be accurate.

The draft report explains the OIG surveyed components to obtain a current snapshot of project cost data as the Department does not have full cost accounting systems. We note that a survey-based cost recap performed 10 years into a project, as was the case with the FBI Law Enforcement Online (LEO) effort, does not necessarily mean that CIO or FBI did not have reasonable cost data over the decision making life of the project, nor does it mean decisions were made on materially flawed cost information. We have a similar observation about the report's findings on the DEA Concorde project. (We also note that DEA advises the draft report may contain a misunderstanding regarding its internal-use software accounting process. Another factor that could have caused some of the variance cited in the draft report.)

We also want to provide additional clarifying information regarding the findings associated with the JCON project. The auditors included costs from 2000 and 2001, while the JCON project management office (PMO) did not include costs from those years in its estimate. This fundamental difference in project scope accounts for the single largest variance cited in the draft report. We believe this significantly skews the findings in the report. The JCON PMO accounts for each JCON deployment separately and as such, severs the costs as one upgrade is completed and another begins. Thus the overall costs were different because of a difference in definition, not a flaw in JCON cost reporting. We believe that this is a valid explanation for the $53M reported difference that should be recognized in the report.

Finally, the report concludes, "In our opinion, the lack of verifiable cost data for DOJ's IT system compromises the effectiveness of DOJ's IT oversight entities..." From this statement, one could conclude that no verifiable cost data exist, a finding we do not believe is supported. A more accurate statement might be that the lack of ready available "complete" cost data, e.g. direct and indirect cost data, may hamper the effectiveness of DOJ's IT oversight of some systems.

The Department is committed to reliable and effective IT project management. While a substantial portion of the draft report focuses on cost reporting, cost is only one aspect of an array of project management, life cycle reporting, earned value, and inventory management responsibilities performed by the CIO. All these activities support the management of the overall DOJ IT portfolio.

As for the recommendations in the report, we agree with the need to strengthen certain areas relating to financial reporting at the project level, and we will be studying the issue and implementing measures to bring consistency to the cost reporting.

Recommendation 1 - Ensure that component ClOs develop and implement cost effective means to report accurate, complete, and verifiable costs for individual IT systems.
Concur. The JMD Finance Staff will work with OCIO staff to look at cost accounting policies and procedures that could be improved to ensure project teams at the component level report on-going costs more accurately. CIO and Finance will also look at ways to clarify the start and end dates of projects, as timing issues may have led to the confusion on the JCON costs, and also ensure that reporting terms are clearly defined and consistent across reports and across components.

Recommendation 2 - Ensure that DOJ's CIO improves the integration of the Exhibit 53 and budget submissions in accordance with OMB Circular A-11 so that Exhibit 53 amounts can be traced to the components' overall budgets and financial systems.
Concur. We believe the Department is already compliant with the current OMB Circular A-11 requiring traceability to overall budgets. During the FY 2008 budget formulation cycle, the OCIO worked jointly with the Budget Staff to develop and implement a budget process that links the IT investment requests to the budget decision units. This data is reviewed by the Policy and Planning Staff for OCIO as well as the Budget Staff to ensure that there is consistency between the budget submission and the Exhibit 53 submission to OMB. We will verify the process during the FY 2009 budget cycle.

Recommendation 3 - Assess the feasibility of using the DOJ's planned Unified Financial Management System (UFMS) for Capital Planning and Investment Control cost reporting.
Concur. The Department will assess the feasibility of using UFMS for such reporting. However, in general, core financial systems typically track direct project costs, not indirect costs such as salaries, shared space, and other overhead costs that require sophisticated cost allocation methodologies. DOJ's UFMS is not attempting, in its initial iteration, to fulfill the function of a full cost accounting system. However, we do intend to use UFMS to track discreet project costs to the extent practicable. In addition, we agree to consider the option of a more robust project tracking capability as a future enhancement to UFMS, using the change control process which evaluates the costs, benefits and risks.

If you have any questions or concerns, please contact me on (202) 514-3101.