Information Technology Management:

Coast Guard Practices Can Be Improved

GAO-01-190: Published: Dec 12, 2000. Publicly Released: Dec 12, 2000.

Additional Materials:

Contact:

David A. Powner
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Coast Guard is now striving to realize its information technology (IT) management vision of being able to "deliver the right information to the right people at the right time" in order to support its various missions. GAO reviewed the Coast Guard's policies and procedures in the areas of investment management, architecture, software acquisition and development, information security, and human capital. GAO found that although the Coast Guard had many important IT management policies in place, it did not always implement them consistently. In addition, there were weaknesses in each of the key IT management areas.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: USCG has developed a Capital Planning and Investment Control Manual that establishes key oversight processes, including processes for comparing actual cost and schedule data to estimates.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials establish an IT oversight process that compares actual cost and schedule data with original estimates for all projects to determine whether investments are proceeding as expected and to take corrective actions as appropriate.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  2. Status: Closed - Implemented

    Comments: USCG established a comprehensive inventory for tracking its IT assets, called the Investment Management System. This system includes cost and schedule information for the IT assets, and project officials regularly update this information.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials establish a comprehensive inventory of IT assets that includes up-to-date cost and schedule information.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  3. Status: Closed - Implemented

    Comments: USCG has developed a Capital Planning and Investment Control (CPIC) Manual that establishes key processes for analyzing, validating, and prioritizing IT investments.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials establish a process for analyzing, validating, and prioritizing the costs, benefits, schedules, and risks associated with all IT investments.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  4. Status: Closed - Implemented

    Comments: Program managers enter project data into the Investment Management System, a comprehensive portfolio of IT assets. DHS and Coast Guard officials use this system as a primary tool for overseeing IT investments and developing reports for management and OMB oversight.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials develop and oversee a comprehensive IT investment portfolio.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  5. Status: Closed - Implemented

    Comments: USCG established an Office of Information Technology Architecture, within its CIO Office, which has responsibility for assessing system investments to ensure compliance with the IT architecture.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials ensure that all systems investments are compliant with the IT architecture.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  6. Status: Closed - Implemented

    Comments: USCG assigned two organizations within the CIO office responsibility for overseeing legacy systems integration as part of its investment management process.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials ensure that legacy systems integration processes are effectively implemented across the agency.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  7. Status: Closed - Implemented

    Comments: Since the formation of the Department of Homeland Security and the Coast Guard's transfer into the department, USCG has adopted DHS Management Directive 1400, which defines the structure, processes, and accountability for DHS investments--including guidance for acquisitions.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials initiate software acquisition process improvement efforts to address weaknesses in requirements development and management, and acquisition risk management.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  8. Status: Closed - Implemented

    Comments: USCG's Operations Systems Center has established standard processes for each of the areas GAO noted. Furthermore, Coast Guard representatives regularly review these processes for comprehensiveness and effectiveness, conduct audits and reviews to ensure compliance with the processes, and report the aggregated results of the audits and reviews to Coast Guard managers.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials initiate software development process improvement efforts to address weaknesses in project planning, project tracking and oversight, quality assurance, and configuration management.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  9. Status: Closed - Implemented

    Comments: USCG published a new information assurance manual to provide security awareness training, and disseminated it throughout the agency.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials implement a complete, effective security awareness program.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  10. Status: Closed - Implemented

    Comments: USCG has established an organization to address FISMA security requirements, including the requirement to certify and accredit systems. The agency has made progress in performing risk assessment, certification, and accreditation of its high priority systems.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials ensure that systems' risk assessments and accreditations are completed.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  11. Status: Closed - Implemented

    Comments: Coast Guard officials reported that they conduct both formal and informal vulnerability assessments of facilities and address identified vulnerabilities. The agency has made access control improvements at key locations.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials implement appropriate corrective actions on vulnerabilities identified during facilities' physical security evaluations.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  12. Status: Closed - Implemented

    Comments: USCG officials have implemented corrective actions on key network security weaknesses GAO identified.

    Recommendation: In order to improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials implement appropriate corrective actions on the network security weaknesses that GAO identified.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  13. Status: Closed - Implemented

    Comments: USCG has established a database to monitor and enforce compliance with information systems security and physical security policies.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials develop and implement a centralized mechanism to monitor and enforce compliance with physical security and information systems security policies.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  14. Status: Closed - Not Implemented

    Comments: USCG has no plans to track the knowledge and skill requirements of its civilian workforce.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials assess the IT civilian workforce to identify knowledge and skill requirements and any gaps.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  15. Status: Closed - Implemented

    Comments: Coast Guard officials developed a comprehensive inventory of IT competencies for its active military staff.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials maintain a complete inventory that includes specific IT knowledge and skills.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  16. Status: Closed - Implemented

    Comments: USCG has developed written procedures to guide IT investment board operations.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials develop written procedures to guide IT Investment Board operations.

    Agency Affected: Department of Homeland Security: United States Coast Guard

  17. Status: Closed - Implemented

    Comments: In recent years, USCG initiated a program called Future Force 21, to refine its workforce structure, career entry and progression, and workforce management. In July 2003, a program review office assessed the effectiveness of its workforce initiatives and this information was used to refine workforce strategies.

    Recommendation: To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials analyze and document the effectiveness of strategies for recruiting, training, and developing IT personnel, and use the results to continually improve human capital strategies.

    Agency Affected: Department of Homeland Security: United States Coast Guard

 

Explore the full database of GAO's Open Recommendations »

Dec 10, 2014

Sep 25, 2014

Sep 23, 2014

Jun 10, 2014

May 22, 2014

May 12, 2014

May 8, 2014

Looking for more? Browse all our products here