DHS has defined a vision for its new IT governance process, which includes a tiered oversight structure that defines distinct roles and responsibilities throughout the department.
The new governance framework and the associated policies and procedures are generally consistent with recent Office of Management and Budget guidance and with best practices for managing projects and portfolios identified in GAO’s IT Investment Management framework.
However, DHS policies and procedures have not yet been finalized, because the focus has been on piloting the new governance process.
DHS has begun to implement aspects of its new governance process, however, the department has not fully followed other practices, including developing a mechanism to capture lessons learned.
To implement an effective IT governance process, GAO recommends that DHS finalize associated policies and procedures, and fully follow best practices for implementing the process. In comments on a draft of this report, DHS concurred with GAO’s recommendations and estimated it would address them by September 2013.