DOT watchdog finds flaws in IT working capital spend

An oversight report criticizes the Transportation Department's administration of an IT working capital fund.

Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.
 

An audit by the Department of Transportation's inspector general found errors in record keeping and inadequate technical planning related to a one-time $30 million cybersecurity working capital fund at the agency.

The department's Office of the CIO asked for a $30 million appropriation in 2011 to close the agency's most serious cybersecurity gaps. It was appropriated $29 million between fiscal 2012 and 2015 for that project, and the money was distributed through a working capital fund.

An audit released on Aug. 7 by the agency's IG, however, found that although the agency applied the funds strictly to the problem it set out to solve, it didn't spend all the money effectively. It also found the agency didn't plan adequately for its cybersecurity funding needs.

The IG said that $285,352 of $3.73 million in cybersecurity funds expended through the fund paid for services outside of the period of performance and scope of work outlined in OCIO's cybersecurity intra-agency agreements. That kind of error, it said, makes it difficult for the OCIO to ensure accuracy in customer agreements.

The Transportation Department took issue with one of the IG's findings that the cybersecurity appropriation didn’t meet reporting thresholds as a major stand-alone IT investment under Office of Management and Budget standards.

The IG disagreed with that assessment, saying that cybersecurity assets are a critical part of the agency’s capabilities that require more effective planning and management controls.

Under the Modernizing Government Technology bill making its way through congress, 24 agencies could get multiyear revolving funds like the one-time fund probed by the Transportation IG.

While the bill doesn't contain specific mentions of audits, it does have requirements for managers at agencies it covers to report twice a year on IT inventory and submit a summary of expenditures, said Mike Hettinger, former senior House aide who lobbies on behalf of IT vendors. Those reports would give agency IGs and the Government Accountability Office additional sources of data to draw on in their auditing capacity.