NASA OIG Final Report: NASA’s Information Technology Governance

NASA Inspector General Paul K. Martin today released a report recommending a series of significant changes to improve NASA’s information technology (IT) governance and how it plans, purchases, deploys, and secures its IT resources across the Agency.

NASA spends more than $1.5 billion annually on a portfolio of IT assets that includes approximately 550 information systems used to control spacecraft, collect and process scientific data, provide security for its IT infrastructure, and enable NASA personnel to collaborate with colleagues around the world. Accordingly, IT is intrinsic to the Agency’s ability to accomplish its mission. However, for over two decades NASA has struggled to implement an effective IT governance approach that appropriately aligns authority and responsibility between Headquarters management and the Agency’s Centers and Mission Directorates.

In the review released today, the Office of Inspector General (OIG) found that the decentralized nature of NASA’s operations and its longstanding culture of autonomy hinder the Agency’s ability to implement effective IT governance. Specifically, the Agency’s Chief Information Officer (CIO) has limited visibility and control over a majority of the Agency’s IT investments, operates in an organizational structure that marginalizes the authority of the position, and cannot enforce security measures across NASA’s computer networks. Moreover, the current IT governance structure is overly complex and does not function effectively. As a result, Agency managers tend to rely on informal relationships rather than formalized business processes when making IT-related decisions.

While other Federal agencies are moving toward a centralized IT structure under which a senior manager has ultimate decision authority over IT budgets and resources, NASA continues to operate under a decentralized model that relegates decision making about critical IT issues to numerous individuals across the Agency, leaving such decisions outside the purview of the NASA CIO. As a result, NASA’s current IT governance model weakens accountability and does not ensure that IT assets across the Agency are cost effective and secure.

For example, of the $1.46 billion allocated for IT in fiscal year (FY) 2012, the Agency CIO had direct control of $159 million or only 11 percent, the Centers had direct control of $393 million or 27 percent, and the Mission Directorates controlled the remaining $912 million or 62 percent. An anecdote recounted to us during our review illustrates the CIO’s limited visibility and control of NASA’s overall IT spending. According to the Agency CIO, although planned IT expenditures for FY 2010 were $1.6 billion, the Agency actually spent $2 billion. However, the CIO was unaware of the $400 million in additional spending until the Mission Directorates reported actual expenditures to her office in response to a data call. This lack of visibility over IT purchasing limits the ability of the Agency CIO to consolidate IT expenditures to realize cost savings and drive improvements in the delivery of IT services.

To overcome the barriers that have resulted in the inefficient and ineffective management of NASA’s IT assets and operations, the OIG recommended that NASA overhaul its IT governance structure to centralize IT functions and establish the Agency CIO as the top management official responsible for NASA’s entire IT portfolio. Among our recommendations were that the Administrator realign and consolidate all IT governance activities and reporting within CIO’s office; ensure the CIO has adequate visibility into mission related IT assets and activities; establish a monetary threshold that captures the majority of IT expenditures and require the CIO to approve expenditures above that threshold; and reevaluate the resources of the CIO’s office to ensure it has the appropriate number and types of personnel.

NASA concurred or partially concurred with our recommendations and proposed a series of corrective actions to improve IT governance at the Agency.

The full report can be found on the OIG’s website at http://oig.nasa.gov/ under “Reading Room” or at the following link: http://oig.nasa.gov/audits/reports/FY13/IG-13-015.pdf

Please contact Renee Juhans at (202) 358-1220 if you have questions.

Renee N. Juhans
Executive Officer
NASA Office of Inspector General
(202) 358-1220