GAO to FEMA: Clean up your act on IT management

The disaster relief agency agreed with federal auditors' recommendations, including that it finalize its IT modernization plans.
FEMA specialists respond to a severe storm and tornado that struck Lafayette, Tennessee, in 2008. (George Armstrong/FEMA)

The agency that leads the federal response to natural disasters needs to clean up its act on IT, according to the Government Accountability Office.

Federal auditors in a report released Thursday found the Federal Emergency Management Agency hasn’t created a framework to effectively oversee its IT investments, established comprehensive IT modernization plans and filled longstanding IT workforce gaps.

“Until it adequately addresses these challenges, FEMA will be hindered in ensuring that its IT systems provide the needed support for its disaster response mission,” auditors wrote.

In the report, GAO said the agency had established an investment review board, but its key members did not have fully defined responsibilities, nor did it have clear procedures for overseeing investments. At the same time, the government watchdog noted that FEMA’s IT strategic plan hasn’t been updated since 2013, and it hadn’t yet finalized its IT modernization plan.


Investigators also said none of the three key FEMA IT programs they evaluated — the Disaster Assistance Improvement Program, the Emergency Management Mission Integrated Environment, and the Integrated Public Alert and Warning System — has fully implemented key IT management controls in areas like risk management.

“These weaknesses were due, in part, to a lack of FEMA policies to guide programs in implementing these key IT management controls,” investigators said.

The Post-Katrina Emergency Management Reform Act of 2006 requires the agency address the shortcomings of its response to the devastating hurricane that ripped through the Gulf Coast in 2005 and killed 1,200 people. The act directs the agency to improve its IT programs critical for responding to natural disasters and other emergencies. GAO said it was asked to review FEMA’s IT in light of the act’s requirements.

Auditors issued eight recommendations, including that the agency define its IT investment board’s roles and responsibilities, update its strategic plan and finish its IT modernization plans, and implement a risk management process of the three IT programs they evaluated.

The Department of Homeland Security, FEMA’s parent agency, concurred with GAO’s recommendations and outlined plans to address them by the end of 2016.


“FEMA is committed to ensure that its IT programs adequately support the ability to respond to major disasters,” wrote Jim Crumpacker, director of DHS’ GAO-OIG Liaison Office.

Contact the reporter on this story via email, or follow her on Twitter @whitneywyckoff. Sign up for all the federal IT news you need in your inbox every morning at 6:00 here:

Latest Podcasts