Audit Reports

-A A +A
skip-to-content

Quality Control Review for DOT’s Implementation of Enterprise Architecture

Self-Initiated
Project ID: 
QC2018013
What We Looked At
This report summarizes the results of an audit of DOT’s implementation of enterprise architecture (EA) practices. DOT relies on over 450 information technology systems to conduct business and meet its mission. In 2012, OIG conducted an enterprise architecture-related audit. The Clinger-Cohen Act of 1996 requires each Federal department to develop and maintain an EA to integrate, plan changes, and avoid duplication of information systems. An effective EA can improve information security practices and help optimize the use of limited information technology resources.
 
We contracted with KPMG LLP, an independent public accounting firm, to conduct this audit subject to our oversight. The audit objectives were to (1) determine whether DOT has an effective enterprise architecture program and (2) to assess its progress in developing its department-wide EA and an EA performance measurement system. KPMG found that DOT’s EA program is not fully matured, integrated, and consistently implemented across the Department’s Operating Administrations.
 
What We Found
We performed a QCR of KPMG’s report and related documentation. Our QCR disclosed no instances in which KPMG did not comply, in all material respects, with generally accepted Government auditing standards.
 
Recommendations
DOT concurs with KPMG’s 11 recommendations.

Recommendations

Open

Closed

No. 1 to OST

KPMG recommends OST direct the OCIO to work with OAs' CIOs to conduct the required annual assessment of the DOT's and OA's EA programs against the GAO's EA Management Maturity Model.

No. 2 to OST

KPMG recommends OST supplement the existing DOT EA Policy with operational guidance to clarify EA artifacts required by the DOT EA policy.

Closed on 06.07.2018
No. 3 to NHTSA

KPMG recommends NHTSA formally approve and distribute their OA level EA policy, otherwise the OA will rely on the DOT EA policy.

No. 4 to FHWA

KPMG recommends FHWA formally approve and distribute their OA level EA policy, otherwise the OA will rely on the DOT EA policy.

Closed on 08.21.2018
No. 5 to FRA

KPMG recommends FRA retain evidence of the training provided to individuals with EA IT responsibility.

Closed on 12.17.2018
No. 6 to FTA

KPMG recommends FTA retain evidence of the training provided to individuals with EA IT responsibility.

Closed on 08.21.2018
No. 7 to NHTSA

KPMG recommends NHTSA retain evidence of the training provided to individuals with EA IT responsibility.

Closed on 08.21.2018
No. 8 to PHMSA

KPMG recommends PHMSA retain evidence of the training provided to individuals with EA IT responsibility.

Closed on 06.07.2018
No. 9 to PHMSA

KPMG recommends PHMSA produce and maintain evidence of EA reviews of IT investment risks that demonstrate alignment with appropriate DOT EA segments and DOT and OA EA standards.

No. 10 to OST

KPMG recommends OST require that the EA artifacts illustrating implementation and execution of EA are in accordance with DOT EA policy.

Closed on 07.26.2018
No. 11 to OST

KPMG recommends OST retain evidence of the required EA artifacts.