FEMA's Longstanding IT Deficiencies Hindered 2017 Response and Recovery Operations

FEMA has not implemented federally mandated IT management practices essential for effective oversight of its IT environment. Specifically, FEMA has not established an IT strategic plan, architecture, or governance framework to facilitate day-to-day management of its aging IT systems and equipment. We attribute these deficiencies to the FEMA Chief Information Officer’s limited authority to manage IT agency-wide, as well as to a decentralized resource allocation approach that hinders funding for the centralized IT environment. These deficiencies are not new, and were reported in prior Office of Inspector General audits throughout the last 13 years. Continuation of this approach impedes budgeting for long-term IT enhancements, leads to overspending, and causes unnecessary IT support efforts.