requirements, DHS' strategic plan constitutes a single framework for
consolidating the missions, goals, and objectives of its 22 agencies in a joint
strategy for securing the homeland. As one of the legacy agencies, FEMA's
strategic plan necessarily should link to the overarching DHS plan. We have
revised our report to clarify these requirements.
Conflicting Guidance and Direction: We agree with the EP&R CIO regarding
the potential for misconstruing our statement that a planning official's use of
both DHS' and FEMA's strategic plans results in conflicting guidance and
direction. We have revised this language to show that the potential for
conflicting guidance and direction is our conclusion, and not attributable to
the planning official. We also have revised the wording in the relevant section
of the report to ensure consistency with our executive summary.
IT Strategic Plan Alignment with the DHS Plan: Contrary to the EP&R CIO's
assertion, our report neither contests nor discusses alignment of FEMA's IT
strategic plan with DHS CIO Council priorities. While we commend FEMA's
cooperation with the CIO Council, we did not include this issue in our audit.
The strategic planning portion of our report is merely intended to emphasize
that, despite federal guidelines, FEMA has not aligned its strategic and IT
plans with the overarching DHS strategic plan.
Handling Workloads during the 2004 Hurricane Season: We disagree with
the EP&R CIO's assertion that FEMA would not have been able to
successfully handle the increased workload during the 2004 hurricane season
if the agency were experiencing the various IT problems that we outlined. As
previously indicated, we believe that the EP&R CIO incorrectly equates the
agency's ability to meet the disaster management challenges to date with
effective and efficient IT management. While we state in our report that
EP&R was able to get through the 2004 hurricanes, we also recognize that
FEMA's accomplishments were not necessarily because of its IT systems, but
often in spite of them. Users across EP&R consistently told us that they did
not use the headquarters supplied systems, but instead relied upon alternative
methods, such as creating ad hoc spreadsheets and databases or resorting to
manual methods, to perform their jobs. Where IT systems were used, they
often did not operate effectively.
Enterprise Architecture: We disagree with the EP&R CIO's assertion that we
incorrectly reported on EP&R efforts to update its enterprise architecture to
govern the IT environment. The following is our evaluation of the EP&R
CIO's various comments in this regard.
Emergency Preparedness and Response Could Better Integrate Information Technology
with Incident Response and Recovery