Library of Congress:

Strong Leadership Needed to Address Serious Information Technology Management Weaknesses

GAO-15-315: Published: Mar 31, 2015. Publicly Released: Mar 31, 2015.

Additional Materials:

Contact:

Joel C. Willemssen
(202) 512-6253
willemssenj@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Library of Congress has established policies and procedures for managing its information technology (IT) resources, but significant weaknesses across several areas have hindered their effectiveness:

Strategic planning: The Library does not have an IT strategic plan that is aligned with the overall agency strategic plan and establishes goals, measures, and strategies. This leaves the Library without a clear direction for its use of IT.

Investment management: Although the Library obligated at least $119 million on IT for fiscal year 2014, it is not effectively managing its investments. To its credit, the Library has established structures for managing IT investments—including a review board and a process for selecting investments. However, the board does not review all key investments, and its roles and responsibilities are not always clearly defined. Additionally, the Library does not have a complete process for tracking its IT spending or an accurate inventory of its assets. For example, while the inventory identifies over 18,000 computers currently in use, officials stated that the Library has fewer than 6,500. Until the Library addresses these weaknesses, its ability to make informed decisions will be impaired.

Information security and privacy: The Library assigned roles and responsibilities and developed policies and procedures for securing its information and systems. However, its implementation of key security and privacy management controls was uneven. For example, the Library's system inventory did not include all key systems. Additionally, the Library did not always fully define and test security controls for its systems, remediate weaknesses in a timely manner, and assess the risks to the privacy of personal information in its systems. Such deficiencies also contributed to weaknesses in technical security controls, putting the Library's systems and information at risk of compromise.

Service management: The Library's Information Technology Services (ITS) division is primarily responsible for providing IT services to the agency's operating units. While ITS has catalogued these services, it has not fully developed agreements with the other units specifying expected levels of performance. Further, the other units were often not satisfied with these services, which has contributed to them independently pursuing their own IT activities. This in turn has resulted in units purchasing unnecessary hardware and software, maintaining separate e-mail environments, and managing overlapping or duplicative IT activities.

Leadership: The Library does not have the leadership needed to address these IT management weaknesses. For example, the agency's chief information officer (CIO) position does not have adequate authority over or oversight of the Library's IT. Additionally, the Library has not had a permanent CIO since 2012 and has had five temporary CIOs in the interim.

In January 2015, at the conclusion of GAO's review, officials stated that that the Library plans to draft an IT strategic plan within 90 days and hire a permanent CIO. If it follows through on these plans, the Library will be in a stronger position to address its IT management weaknesses and more effectively support its mission.

Why GAO Did This Study

The Library of Congress is the world's largest library, whose mission is to make its resources available and useful to Congress and the American public. In carrying out its mission, the Library increasingly relies on IT systems, particularly in light of the ways that digital technology has changed the way information is created, shared, and preserved.

The House Appropriations Committee report accompanying the 2015 legislative branch appropriations bill required GAO to conduct a review of IT management at the Library. GAO's objectives focused on the extent to which the Library has established and implemented key IT practices and requirements in, among other areas: (1) strategic planning, (2) governance and investment management, (3) information security and privacy, (4) service management, and (5) leadership. To carry out its work, GAO reviewed Library regulations, policies, procedures, plans, and other relevant documentation for each area and interviewed key Library officials.

What GAO Recommends

GAO is recommending that the Library expeditiously hire a permanent CIO. GAO is also making 30 other recommendations to the Library aimed at establishing and implementing key IT management practices. The Library generally agreed with GAO's recommendations and described planned and ongoing actions to address them.

For more information, contact Joel C. Willemssen at (202) 512-6253 or willemssenj@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: The Library of Congress generally agreed with, and has taken steps to implement, this recommendation. Specifically, in September 2015 the Library hired a permanent chief information officer (CIO). Additionally, the Library is drafting policies aimed at providing the CIO with appropriate responsibilities and authorities. The Library plans to complete the steps necessary to implement this recommendation by March 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide stable, consistent, and effective leadership for addressing the weaknesses identified in this report, as well as for improving the organization's management of IT, the Librarian should expeditiously hire a permanent chief information officer responsible for managing the Library's IT and ensure that this official has clearly defined responsibilities and adequate authority, consistent with the role of a chief information officer as defined by best practices. This should include, among other things, (1) responsibility for commodity IT; (2) oversight of mission-specific systems, through the ITSC or another oversight mechanism; and (3) clarification of responsibilities and authorities between the Library CIO and service unit IT leadership.

    Agency Affected: Library of Congress

  2. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to address, this recommendation. Specifically, in March 2016, the Library finalized its information technology (IT) strategic plan. The plan includes four goals and describes how each goal aligns with the agency's overall strategic plan. However, although the plan identifies four goals, they are not results-oriented and the plan does not include performance measures. Additionally, while the plan identifies strategies for achieving each of the goals, without results-oriented goals it is unclear whether implementing the strategies will lead the Library towards its desired results. Further, the plan does not describe interdependencies between projects. The Library plans to complete the steps necessary to implement this recommendation by December 2016. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide strategic direction for the Library's use of its IT resources, the Librarian of Congress should complete an IT strategic plan within the time frame the Library has established for doing so. The plan, at a minimum, should (1) align with the agency's overall strategic plan, (2) provide results-oriented goals and performance measures, (3) identify the strategies for achieving the desired results, and (4) describe interdependencies among projects.

    Agency Affected: Library of Congress

  3. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to address, this recommendation. Specifically, according to Library officials, they have developed a schedule and processes for developing an architecture that describes the current IT environment, target environment. The Library plans to complete the steps necessary to implement this recommendation by September 2018. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide strategic direction for the Library's use of its IT resources, the Librarian of Congress should establish a time frame for developing a complete and reliable enterprise architecture that accurately captures the Library's current IT environment, describes its target environment, and outlines a strategy for transitioning from one to the other, and develop the architecture within the established time frame.

    Agency Affected: Library of Congress

  4. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, in July 2016 it engaged the Office of Personnel Management (OPM) to develop and conduct a skills assessment of the Library's IT workforce. Upon completion of the assessment, the Library plans to develop a strategy for closing any identified gaps. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide strategic direction for the Library's use of its IT resources, the Librarian of Congress should establish a time frame for implementing a Library-wide assessment of IT human capital needs and complete the assessment within the established time frame. This assessment should, at a minimum, analyze any gaps between current skills and future needs, and include a strategy for closing any identified gaps.

    Agency Affected: Library of Congress

  5. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is drafting several policies and directives to better address the responsibilities of the Library's IT investment governance bodies. The Library plans to complete the steps necessary to implement this recommendation by March 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should clarify investment management policy to identify which governance bodies are responsible for making investment decisions, and under what conditions.

    Agency Affected: Library of Congress

  6. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is drafting several policies and directives to establish a process for linking IT strategic planning, enterprise architecture, and investment management. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should establish and implement a process for linking IT strategic planning, enterprise architecture, and IT investment management.

    Agency Affected: Library of Congress

  7. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is drafting several policies and directives to relating to IT investment management, to include reselecting investments that are already operational. The Library plans to complete the steps necessary to implement this recommendation by September 2018. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should establish and implement policies and procedures for reselecting investments that are already operational.

    Agency Affected: Library of Congress

  8. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is drafting several policies and directives to relating to IT investment management, to include ensuring that investment selection decisions have an impact on decisions to fund investments. The Library plans to complete the steps necessary to implement this recommendation by September 2018. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should establish and implement policies and procedures for ensuring that investment selection decisions have an impact on decisions to fund investments.

    Agency Affected: Library of Congress

  9. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is drafting several policies and directives to relating to IT investment management, to include ensuring that appropriate governance bodies review all investments that meet defined criteria. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should ensure that appropriate governance bodies review all investments that meet defined criteria.

    Agency Affected: Library of Congress

  10. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is drafting several policies and directives to relating to IT investment management, to include requiring investments in development to submit complete investment data in quarterly reports submitted to the Information Technology Steering Committee. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should require investments in development to submit complete investment data (i.e., cost and schedule variances and risk management data) in quarterly reports submitted to the ITSC.

    Agency Affected: Library of Congress

  11. Status: Open

    Comments: The Library of Congress generally agreed with, and has taken steps to implement, this recommendation. Specifically, in September 2015 the Library's Chief Information Officer and Chief Financial Officer issued a memorandum requiring service units to track information technology (IT) spending, and providing guidance on how this is to be done. The Library has begun to track fiscal year 2016 IT spending, but has encountered challenges in ensuring that the spending is reliable. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should fully establish and implement policies, to include guidance for service units on classifying expenditures as IT, for maintaining a full accounting of the Library's IT-related expenditures.

    Agency Affected: Library of Congress

  12. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, the Library is revising its asset management policy to improve its process for developing and maintaining its inventory of IT assets. According to the Library, it expects the policy to be finalized by December 2015. Additionally, in fiscal year 2015 the Library completed its inventory of desktop computers and associated equipment. The Library plans to complete the steps necessary to implement this recommendation by March 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should fully establish and implement policies for developing a comprehensive inventory of IT assets.

    Agency Affected: Library of Congress

  13. Status: Closed - Implemented

    Comments: The Library of Congress generally agreed with, and has taken steps to implement, this recommendation. Between October 2015 and June 2016, the Library has conducted post-implementation reviews for three investments. For each review the Library compared expectations for cost, schedule, performance, and mission improvement outcomes, consistent with established policies and procedures. As a result, the Library is better positioned to learn from all past investments and evaluate the effectiveness of its investment management process.

    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should implement policies and procedures for conducting post-implementation reviews of investments.

    Agency Affected: Library of Congress

  14. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is drafting several policies and directives to relating to IT investment management, to include key practices on portfolio management. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To provide a framework for effective IT investment management and ensure that the Library has accurate information to support its decisions, the Librarian should fully establish and implement policies and procedures consistent with the key practices on portfolio management, including (1) defining the portfolio criteria, (2) creating the portfolio, and (3) evaluating the portfolio.

    Agency Affected: Library of Congress

  15. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, the Office of the Chief Information Officer (OCIO) is developing an information technology (IT) risk framework for its office that can also be tailored to fit the needs of the other Library units. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To effectively plan and manage its acquisitions of IT systems and increase the likelihood of delivering promised system capabilities on time and within budget, the Librarian should complete and implement an organization-wide policy for risk management that includes key practices as discussed in this report, and within the time frame the Library established for doing so.

    Agency Affected: Library of Congress

  16. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is working to give the Office of the Chief Information Officer's Project Management Office the authority to establish organization-wide policy for requirements development. Additionally, the Project Management Office is drafting detailed guidance on for the Library on requirements development. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To effectively plan and manage its acquisitions of IT systems and increase the likelihood of delivering promised system capabilities on time and within budget, the Librarian should establish and implement an organization-wide policy for requirements development that includes key practices as discussed in this report.

    Agency Affected: Library of Congress

  17. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is working to give the Office of the Chief Information Officer's Project Management Office the authority to establish organization-wide policy for cost estimating. Additionally, the Project Management Office is drafting detailed guidance on for the Library on cost estimating. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To effectively plan and manage its acquisitions of IT systems and increase the likelihood of delivering promised system capabilities on time and within budget, the Librarian should establish and implement an organization-wide policy for developing cost estimates that includes key practices as discussed in this report.

    Agency Affected: Library of Congress

  18. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is working to give the Office of the Chief Information Officer's Project Management Office the authority to establish organization-wide policy for developing and maintaining project schedules. Additionally, the Project Management Office is drafting detailed guidance on for the Library on developing and maintaining project schedules. The Library plans to complete the steps necessary to implement this recommendation by December 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To effectively plan and manage its acquisitions of IT systems and increase the likelihood of delivering promised system capabilities on time and within budget, the Librarian should establish a time frame for finalizing and implementing an organization-wide policy for developing and maintaining project schedules that includes key practices as discussed in this report, and finalize and implement the policy within the established time frame.

    Agency Affected: Library of Congress

  19. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, the Library has initiated an effort to consolidate its system inventories across its service units and estimates completing and validating a complete inventory. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should develop a complete and accurate inventory of the agency's information systems.

    Agency Affected: Library of Congress

  20. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, the Information Technology Security Group is reviewing all system security plans to ensure that they are complete. The Library plans to complete the steps necessary to implement this recommendation by December 2016. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should revise information security policy to require system security plans to describe common controls, and implement the policy.

    Agency Affected: Library of Congress

  21. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, the Information Technology Security Group is reviewing all system security plans to ensure that they are complete. The Library plans to complete the steps necessary to implement this recommendation by December 2016. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should ensure that all system security plans are complete, including descriptions of how security controls are implemented and justifications for why controls are not applied.

    Agency Affected: Library of Congress

  22. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. For example, in August 2015 the Library began monthly security testing and vulnerability scans for servers, networks, and workstations. Additionally, the Library has finalized guidance for its continuous monitoring program, which includes the establishment of ongoing security controls assessments for each system. The Library began to implement this guidance in fiscal year 2016 and expects to complete the steps necessary to implement this recommendation by September 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should conduct comprehensive and effective security testing for all systems within the time frames called for by Library policy, to include assessing security controls that are inherited from the Library's information security program.

    Agency Affected: Library of Congress

  23. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library the information technology (IT) security group prepares monthly reports for the heads of each service unit on the status of the remedial action plans for their respective systems. Additionally, the group has held meetings with the heads of the service units to review and discuss these reports. The Library plans to complete the steps necessary to implement this recommendation by December 2016. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should ensure that remedial action plans for identified security weaknesses are consistently documented, tracked, and completed in a timely manner.

    Agency Affected: Library of Congress

  24. Status: Open

    Comments: The Library of Congress generally agreed with, and has taken steps to implement, this recommendation. Specifically, in November 2015 the Library finalized its guidance on continuous monitoring. The Library began to implement this guidance in fiscal year 2016 and expects to continue working towards full implementation in fiscal year 2017, to include ensuring officials are informed when making authorization decisions about information security risks. The Library plans to complete the steps necessary to implement this recommendation by June 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should finalize and implement guidance on continuous monitoring to ensure that officials are informed when making authorization decisions about the risks associated with the operations of the Library's systems.

    Agency Affected: Library of Congress

  25. Status: Open

    Comments: The Library of Congress generally agreed with, and has taken steps to implement, this recommendation. Specifically, in February 2016 the Library's Deputy Chief Information Officer told us that the Library is reviewing its contingency planning efforts, starting with its most critical systems. She stated that the Library is aiming to establish contingency plans for its most critical systems by December 2016 and for its remaining systems no later than September 2018. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should develop contingency plans for all systems that address key elements.

    Agency Affected: Library of Congress

  26. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, the Office of the Chief Information Officer is developing a process to track user accounts, including contractors and volunteers, on Library systems to ensure completion of required annual IT Security Training. The Library plans to complete the steps necessary to implement this recommendation by December 2016. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should establish and implement a process for comprehensively identifying and tracking whether all personnel with access to Library systems have taken required security and privacy training.

    Agency Affected: Library of Congress

  27. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, the Library finalized its standard contract sections for information security and privacy requirements. Additionally, the Library has begun to incorporate these standard sections into information technology contracts. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should establish a time frame for finalizing and implementing the Library's standard contract sections for information security and privacy requirements, and finalize and implement the requirements within that time frame.

    Agency Affected: Library of Congress

  28. Status: Open

    Comments: The Library of Congress generally agreed with, and has taken steps to implement, this recommendation. Specifically, the Chief Privacy Officer communicated to system owners their responsibility to create Privacy Threshold Analyses and Privacy Impact Assessments. According to the Library, as of June 2016, 80 percent of systems had completed and approved Privacy Threshold Analyses. The Library plans to complete the steps necessary to implement this recommendation by December 2016. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To better protect IT systems and reduce the risk that the information they contain will be compromised, the Librarian should require the chief privacy officer to establish and implement a process for reviewing the Library's privacy program, to include ensuring that privacy impact assessments are conducted for all information systems.

    Agency Affected: Library of Congress

  29. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, the Office of the Chief Information Officer (OCIO) has drafted a directive for developing service-level agreements and memorandums of understanding between OCIO and the service units. Additionally, in September 2015, the OCIO established service-level agreements with five of the six Library units. Each agreement established baseline support levels for commodity IT services that are provided by OCIO to those units. Additionally, in May and June 2016, the OCIO executed memorandums of understanding with five of the six Library units. Each memorandum established roles and responsibilities for specialized application and services that OCIO provides to those units. However, the OCIO and the Copyright Office have yet to establish a service-level agreement or memorandum of understanding. The Library plans to complete the steps necessary to implement this recommendation by September 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To help ensure that services provided by ITS meet the needs of the Library's service units, the Librarian should finalize and implement a Library-wide policy for developing service-level agreements that (1) includes service-level targets for agreements with individual service units and (2) covers services in a way that best meets the need of both ITS and its customers, including individual service units.

    Agency Affected: Library of Congress

  30. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, the Office of the Chief Information Officer (OCIO) has begun drafting a customer satisfaction improvement plan. The Library expects this plan will be finalized by December 2017. The Library plans to complete the steps necessary to implement this recommendation by September 2018. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: To help ensure that services provided by ITS meet the needs of the Library's service units, the Librarian should document and execute a plan for improving customer satisfaction with ITS services that includes prioritized improvement projects and associated resource requirements, schedules, and measurable goals and outcomes.

    Agency Affected: Library of Congress

  31. Status: Open

    Comments: The Library of Congress generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, according to the Library, it is drafting several policies and directives to relating to IT investment management, to include reviewing the Library's IT portfolio to identify duplicative or overlapping activities and investments. The Library plans to complete the steps necessary to implement this recommendation by June 2017. We will continue to evaluate the Library's progress in implementing this recommendation.

    Recommendation: In addition, to help ensure an efficient and effective allocation of the agency's IT resources, the Librarian should conduct a review of the Library's IT portfolio to identify duplicative or overlapping activities and investments, including those identified in our report, and assess the costs and benefits of consolidating identified IT activities and investments.

    Agency Affected: Library of Congress

 

Explore the full database of GAO's Open Recommendations »

Sep 26, 2016

Sep 15, 2016

Sep 14, 2016

Sep 8, 2016

Jun 29, 2016

Jun 22, 2016

Jun 10, 2016

Jun 9, 2016

Jun 2, 2016

May 25, 2016

Looking for more? Browse all our products here