Library of Congress: Strong Leadership Needed to Address Serious Information Technology Management Weaknesses Page: 2
The following text was automatically extracted from the image on this page using optical character recognition software:
Highlights of GAO-15-315, a report to
Why GAO Did This Study
The Library of Congress is the world's
largest library, whose mission is to
make its resources available and
useful to Congress and the American
public. In carrying out its mission, the
Library increasingly relies on IT
systems, particularly in light of the
ways that digital technology has
changed the way information is
created, shared, and preserved.
The House Appropriations Committee
report accompanying the 2015
legislative branch appropriations bill
required GAO to conduct a review of IT
management at the Library. GAO's
objectives focused on the extent to
which the Library has established and
implemented key IT practices and
requirements in, among other areas:
(1) strategic planning, (2) governance
and investment management, (3)
information security and privacy, (4)
service management, and (5)
leadership. To carry out its work, GAO
reviewed Library regulations, policies,
procedures, plans, and other relevant
documentation for each area and
interviewed key Library officials.
What GAO Recommends
GAO is recommending that the Library
expeditiously hire a permanent CIO.
GAO is also making 30 other
recommendations to the Library aimed
at establishing and implementing key
IT management practices. The Library
generally agreed with GAO's
recommendations and described
planned and ongoing actions to
View GAO-15-315. For more information,
contact Joel C. Willemssen at (202) 512-6253
LIBRARY OF CONGRESS
Strong Leadership Needed to Address Serious
Information Technology Management Weaknesses
What GAO Found
The Library of Congress has established policies and procedures for managing
its information technology (IT) resources, but significant weaknesses across
several areas have hindered their effectiveness:
Strategic planning: The Library does not have an IT strategic plan that is
aligned with the overall agency strategic plan and establishes goals, measures,
and strategies. This leaves the Library without a clear direction for its use of IT.
Investment management: Although the Library obligated at least $119 million
on IT for fiscal year 2014, it is not effectively managing its investments. To its
credit, the Library has established structures for managing IT investments-
including a review board and a process for selecting investments. However, the
board does not review all key investments, and its roles and responsibilities are
not always clearly defined. Additionally, the Library does not have a complete
process for tracking its IT spending or an accurate inventory of its assets. For
example, while the inventory identifies over 18,000 computers currently in use,
officials stated that the Library has fewer than 6,500. Until the Library addresses
these weaknesses, its ability to make informed decisions will be impaired.
Information security and privacy: The Library assigned roles and
responsibilities and developed policies and procedures for securing its
information and systems. However, its implementation of key security and
privacy management controls was uneven. For example, the Library's system
inventory did not include all key systems. Additionally, the Library did not always
fully define and test security controls for its systems, remediate weaknesses in a
timely manner, and assess the risks to the privacy of personal information in its
systems. Such deficiencies also contributed to weaknesses in technical security
controls, putting the Library's systems and information at risk of compromise.
Service management: The Library's Information Technology Services (ITS)
division is primarily responsible for providing IT services to the agency's
operating units. While ITS has catalogued these services, it has not fully
developed agreements with the other units specifying expected levels of
performance. Further, the other units were often not satisfied with these services,
which has contributed to them independently pursuing their own IT activities. This
in turn has resulted in units purchasing unnecessary hardware and software,
maintaining separate e-mail environments, and managing overlapping or
duplicative IT activities.
Leadership: The Library does not have the leadership needed to address these
IT management weaknesses. For example, the agency's chief information officer
(CIO) position does not have adequate authority over or oversight of the Library's
IT. Additionally, the Library has not had a permanent CIO since 2012 and has
had five temporary CIOs in the interim.
In January 2015, at the conclusion of GAO's review, officials stated that that the
Library plans to draft an IT strategic plan within 90 days and hire a permanent
CIO. If it follows through on these plans, the Library will be in a stronger position
to address its IT management weaknesses and more effectively support its
United States Government Accountability Office
Here’s what’s next.
This book can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Book.
United States. Government Accountability Office. Library of Congress: Strong Leadership Needed to Address Serious Information Technology Management Weaknesses, book, March 2015; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc701344/m1/2/: accessed April 19, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; .