Quality Control Review of the Department's Implementation of Earned Value management and Security Cost Reporting
On April 24, 2009, we issued our report on the audit of the Department of Transportation’s implementation of earned value management (EVM), and the supportability of estimated security costs for major information technology (IT) investments. An independent firm–KPMG, LLP, of Washington, D.C.– under contract to the Office of Inspector General (OIG) assessed the effectiveness of DOT’s program and practices in these areas, specifically to determine if (1) the earned value management measures included in OMB Exhibit 300 submissions properly reflected project performance, and (2) security costs included in the submissions were supported. KPMG concluded that the Department applied EVM controls inconsistently throughout the Operating Administrations. The Department lacked a standard EVM approach for implementation and was not consistent with requirements specified by OMB; consequently, the EVMS–related processes used to collect and report the EVM measures included in Exhibit 300 submissions could not be relied upon to properly reflect project performance. Additionally, KPMG found the Department has not established a standard method to accurately and consistently estimate the costs of implementing IT security. As a result, the security cost estimates for Exhibit 300 submissions cannot be fully supported. We made specific recommendations to address these weaknesses. The DOT Chief Information Officer concurred with our findings and recommendations, and has provided plans to take specific actions to implement them.