The OIG said in a report published Thursday that the decentralized and autonomous nature of operations across NASA mission directorates and centers restrict the OCIO’s oversight of nearly $1.4 billion in annual agency IT budget.
NASA’s mission directorates controlled 53 percent or $739 million of the agency’s IT funding in fiscal year 2017, while centers oversaw 22 percent or $311 million, the report revealed.
The OCIO’s inadequate insight and authority over the IT budget hampers NASA’s efforts to consolidate IT spending, achieve cost savings and optimize IT services delivery, the OIG noted.
Auditors also found that NASA’s enterprise architecture remains “immature” and that IT managers do not fully understand the roles of three top-level IT governance boards in the agency.
The OCIO has yet to finalize the roles and responsibilities of positions within NASA’s IT governance structure, which is a critical component of the agency’s Business Services Assessment Implementation Plan, the report said.
The OIG added that NASA’s IT security posture is negatively affected by uncertainty about security roles across the agency; substandard IT inventory practices; and high turnover of senior IT managers.
The report recommended NASA to give the OCIO sufficient visibility and authority over IT assets through a reassessment and modification of the Annual Capital Investment Review, which the agency established in 2016 to boost the CIO’s approval authority over IT acquisitions.
NASA’s CIO should also finalize charters for IT governance boards and educate employees on board functions; execute the BSA Implementation Plan steps related to IT roles and responsibilities; and address dispersed security responsibilities and long-standing security vulnerabilities facing the agency, the OIG said.