Audit Report on "The Office of Science's Management of Information Technology Resources"

PDF Version Also Available for Download.

Description

The Department of Energy's Office of Science (Science) and its facility contractors are aggressive users of information technology (IT) to support fundamental research in areas such as energy, environmental remediation and computational sciences. Of its $4 billion Fiscal Year 2008 budget, Science spent about $287 million to manage its IT program. This included cyber security activities, acquisition of hardware and software, and support service costs used to maintain the operating environments necessary to support the missions of the program. Prior Office of Inspector General reports have identified various issues with Science's management of its IT programs and resources. For instance, ... continued below

Creation Information

None November 1, 2009.

Context

This report is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided by UNT Libraries Government Documents Department to Digital Library, a digital repository hosted by the UNT Libraries. More information about this report can be viewed below.

Who

People and organizations associated with either the creation of this report or its content.

Provided By

UNT Libraries Government Documents Department

Serving as both a federal and a state depository library, the UNT Libraries Government Documents Department maintains millions of items in a variety of formats. The department is a member of the FDLP Content Partnerships Program and an Affiliated Archive of the National Archives.

Contact Us

What

Descriptive information to help identify this report. Follow the links below to find similar items on the Digital Library.

Description

The Department of Energy's Office of Science (Science) and its facility contractors are aggressive users of information technology (IT) to support fundamental research in areas such as energy, environmental remediation and computational sciences. Of its $4 billion Fiscal Year 2008 budget, Science spent about $287 million to manage its IT program. This included cyber security activities, acquisition of hardware and software, and support service costs used to maintain the operating environments necessary to support the missions of the program. Prior Office of Inspector General reports have identified various issues with Science's management of its IT programs and resources. For instance, our report on Facility Contractor Acquisition and Management of Information Technology Hardware (DOE/IG-0768, June 2007) noted that the Science sites reviewed spent more than necessary when acquiring IT hardware. In another example, our review of The Department's Efforts to Implement Common Information Technology Services at Headquarters (DOE/IG-0763, March 2007) disclosed that Science's reluctance to adopt the Department of Energy Common Operating Environment (DOE-COE) at Headquarters contributed to the Department's inability to fully realize potential cost savings through consolidation and economies of scale. In light of the magnitude of the Office of Science IT program and previously identified program weaknesses, we initiated this audit to determine whether Science adequately managed its IT resources. Science had taken a number of actions to improve its cyber security posture and align its program to Federal requirements. Yet, our review disclosed that it had not taken some basic steps to enhance security and reduce costs. In particular, we found that: (1) For their non-scientific computing environments, all seven of the field sites reviewed (two Federal, five contractor) had implemented security configurations that were less stringent than those included in the Federal Desktop Core Configuration. This configuration was designed by the National Institute of Standards and Technology and its use was mandated by the Office of Management and Budget; (2) Although we previously highlighted weaknesses and recommended corrective actions, Science still had not fully established or enforced IT hardware standards for acquiring hardware such as desktop and laptop computers or related peripherals, contributing to significant unnecessary expenditures; and (3) While we have noted in a series of past reports that significant savings could be realized from aggregating demand for IT services and products across the enterprise, Science had not implemented a common infrastructure for users at its Federal sites and continued to maintain an IT environment independent of the Department's Common IT Operating Environment. The weaknesses identified were attributable, at least in part, to a lack of adequate policies and procedures for ensuring effective cyber security and hardware acquisition practices. In addition, Science had not effectively monitored the performance of its field sites to ensure that previously reported internal control weaknesses were addressed and had not implemented an appropriate mechanism to track its IT-related costs. Without improvements, Science may be unable to realize the benefits of improved security over its information systems, reduce costs associated with hardware acquisition, and lower IT support costs through consolidation of services. In particular, we determined that Science could potentially realize savings of more than $3.3 million over the next three years by better controlling hardware costs and implementing standards for certain equipment. Furthermore, Science could continue to pay for duplicative IT support services and fail to take advantage of opportunities to lower costs and apply potential savings to mission-related work. During the course of our audit work, we learned from Science officials that they had initiated the process of revising the Program Cyber Security Plan to better clarify its policy for implementing Federal cyber security requirements. In addition, we noted that the Oak Ridge National Laboratory had taken action to establish and enforce hardware standards on both its administrative and scientific workforce. Although these actions are positive steps, additional action is needed to strengthen Science's IT program. To that end, our report contains several recommendations that, if fully implemented, should help Science improve the management of its IT resources.

Language

Item Type

Identifier

Unique identifying numbers for this report in the Digital Library or other systems.

  • Report No.: DOE/IG-0831
  • Grant Number: None
  • DOI: 10.2172/969797 | External Link
  • Office of Scientific & Technical Information Report Number: 969797
  • Archival Resource Key: ark:/67531/metadc934785

Collections

This report is part of the following collection of related materials.

Office of Scientific & Technical Information Technical Reports

Reports, articles and other documents harvested from the Office of Scientific and Technical Information.

Office of Scientific and Technical Information (OSTI) is the Department of Energy (DOE) office that collects, preserves, and disseminates DOE-sponsored research and development (R&D) results that are the outcomes of R&D projects or other funded activities at DOE labs and facilities nationwide and grantees at universities and other institutions.

What responsibilities do I have when using this report?

When

Dates and time periods associated with this report.

Creation Date

  • November 1, 2009

Added to The UNT Digital Library

  • Nov. 13, 2016, 7:26 p.m.

Description Last Updated

  • Dec. 6, 2016, 7:09 p.m.

Usage Statistics

When was this report last used?

Congratulations! It looks like you are the first person to view this item online.

Interact With This Report

Here are some suggestions for what to do next.

Start Reading

PDF Version Also Available for Download.

Citations, Rights, Re-Use

None. Audit Report on "The Office of Science's Management of Information Technology Resources", report, November 1, 2009; United States. (digital.library.unt.edu/ark:/67531/metadc934785/: accessed October 16, 2017), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT Libraries Government Documents Department.