Topics:

Naval Reactors Program needed to consider more options for business system

Tools

The Naval Reactors Program failed to report spending of more than $10 million or adequately consider commercial off-the-shelf solutions when it improved its Enterprise Business System, says the Energy Department's office of inspector general.

In a report (.pdf) dated Dec. 21, OIG says that the project team did not provide any formal analysis or justification for developing its own in-house EBS and that the project had not been reported to Energy or the Office of Management and Budget as a major information technology investment despite its large budget.

The report says that if officials had submitted the required budgetary information to either Energy or OMB, either agency could have used the information for performance monitoring.

When OIG did its review, Naval Reactors had completed eight of 10 EBS modules but "had not met milestones related to programming, testing and user acceptance for the final modules," says the report.

Not adhering to federal and Naval Reactors policies and procedures was the main reason cited for issues found, including a gap in coordination between team members and project leaders, writes OIG.

One such break from protocol was deciding to go with an in-house system "based solely on a decision of a senior official even though no alternative analysis was documented," says the report.

Unless changes are made to adhere to established system development requirements, future EBS development risks similar project management delays and cost overruns, warns the report.

Auditors suggest establishing a protocol to follow management regulations for IT development, adhere to required Energy and OMB asset plan submissions, and conduct a series of internal assessments.

The report says that program management agreed with the suggestions but also asserts that the off-the-shelf product comparisons done by its contractors should satisfy any department or agency requirements.

For more:
- download the report, DOE/IG-0879 (.pdf)

Related Articles:
IG: DOE lacks integrated enterprisewide cybersecurity strategy
Cybersecurity weaknesses persist in Energy unclassified systems
DOE offers guidance for cybersecurity maturity, risk assessment