DOT Does Not Have An Effective Enterprise Architecture Program For Management Of Information Technology Changes
On April 17, 2012, we issued a report on the results of our audit of DOT’s enterprise architecture (EA) program. An enterprise architecture is a framework for information technology (IT) management and improvement that describes a Federal department’s current state of IT operations (the baseline architecture) as well as the future state of these operations after the implementation of improvements (the target architecture). This framework also includes a transition plan to move from the baseline to the target architecture. Our audit objectives were to determine whether DOT has (1) an effective program for the development and oversight of a Departmentwide EA, and (2) established procedures for the assessment of EA activities.
We found that DOT does not have a Departmentwide EA program, and instead, has assigned authority for EA development to its components. The Department, however, has no plan to integrate the individual components’ EA programs into a Departmentwide program. The components’ EA programs are incomplete, and policies and procedures are incomplete and outdated at both the Department and component levels. Neither the Department nor the components sufficiently address IT security in their IT investment planning and management. Furthermore, DOT does not have procedures for EA assessment, and consequently, cannot measure the status and progress of its components’ EAs. We made eight recommendations to the Department for EA improvements. DOT concurred with or met the intent our recommendations.