The Federal Emergency Management Agency (FEMA) has taken steps to improve its IT management since our 2011 audit, but more remains to be done. Specifically, FEMA has developed numerous IT planning documents but has not effectively coordinated, executed, or followed through on these plans. Without effective IT planning, FEMA risks making limited progress improving IT needed to support the agency’s mission. Although FEMA has improved its IT governance through establishing an IT Governance Board, these efforts have not yet been fully effective. FEMA has struggled to implement effective agency-wide IT governance, in part because the Chief Information Officer has not had sufficient control and budget authority to effectively lead the agency’s decentralized IT environment. Without effective agency-wide IT governance, FEMA’s IT environment has evolved over time to become overly complex, difficult to secure, and costly to maintain.
FEMA Faces Challenges in Managing Information Technology