Skip to main content
U.S. flag

An official website of the United States government

Audit Reports

Date

Quality Control Review for DOT’s Implementation of Enterprise Architecture

Requested By
Self-Initiated
Project ID
QC2018013
File Attachment
What We Looked At
This report summarizes the results of an audit of DOT’s implementation of enterprise architecture (EA) practices. DOT relies on over 450 information technology systems to conduct business and meet its mission. In 2012, OIG conducted an enterprise architecture-related audit. The Clinger-Cohen Act of 1996 requires each Federal department to develop and maintain an EA to integrate, plan changes, and avoid duplication of information systems. An effective EA can improve information security practices and help optimize the use of limited information technology resources.
 
We contracted with KPMG LLP, an independent public accounting firm, to conduct this audit subject to our oversight. The audit objectives were to (1) determine whether DOT has an effective enterprise architecture program and (2) to assess its progress in developing its department-wide EA and an EA performance measurement system. KPMG found that DOT’s EA program is not fully matured, integrated, and consistently implemented across the Department’s Operating Administrations.
 
What We Found
We performed a QCR of KPMG’s report and related documentation. Our QCR disclosed no instances in which KPMG did not comply, in all material respects, with generally accepted Government auditing standards.
 
Recommendations
DOT concurs with KPMG’s 11 recommendations.

Recommendations

Closed on
No. 1 to OST
KPMG recommends OST direct the OCIO to work with OAs' CIOs to conduct the required annual assessment of the DOT's and OA's EA programs against the GAO's EA Management Maturity Model. 
Closed on
No. 2 to OST
KPMG recommends OST supplement the existing DOT EA Policy with operational guidance to clarify EA artifacts required by the DOT EA policy.
Closed on
No. 3 to NHTSA
KPMG recommends NHTSA formally approve and distribute their OA level EA policy, otherwise the OA will rely on the DOT EA policy.
Closed on
No. 4 to FHWA
KPMG recommends FHWA formally approve and distribute their OA level EA policy, otherwise the OA will rely on the DOT EA policy.
Closed on
No. 5 to FRA
KPMG recommends FRA retain evidence of the training provided to individuals with EA IT responsibility.
Closed on
No. 6 to FTA
KPMG recommends FTA retain evidence of the training provided to individuals with EA IT responsibility.
Closed on
No. 7 to NHTSA
KPMG recommends NHTSA retain evidence of the training provided to individuals with EA IT responsibility.
Closed on
No. 8 to PHMSA
KPMG recommends PHMSA retain evidence of the training provided to individuals with EA IT responsibility.
Closed on
No. 9 to PHMSA
KPMG recommends PHMSA produce and maintain evidence of EA reviews of IT investment risks that demonstrate alignment with appropriate DOT EA segments and DOT and OA EA standards.
Closed on
No. 10 to OST
KPMG recommends OST require that the EA artifacts illustrating implementation and execution of EA are in accordance with DOT EA policy.
Closed on
No. 11 to OST
KPMG recommends OST retain evidence of the required EA artifacts.