Report Contents
What OIG Inspected
OIG reviewed the information system processes of the Office of Technology Services, which is housed under the Bureau of Global Talent Management’s Office of the Executive Director.
What OIG Recommends
OIG made 10 recommendations to the Bureau of Global Talent Management.
In its comments on the draft report, the Bureau of Global Talent Management concurred with all 10 recommendations. OIG considers all 10 recommendations resolved. The Bureau of Global Talent Management’s response to each recommendation, and OIG’s reply, can be found in the Recommendations section of this report. The bureau’s formal written response is reprinted in its entirety in Appendix B.
What OIG Found
- The Office of Technology Services’ information system processes were compliant with many Department of State and Federal standards. However, there were some significant areas that required management attention.
- Four of the Office of Technology Services’ six information systems had expired authorizations to operate.
- Staff made changes to one of the office’s information systems without the required notification to the Bureau of Information Resource Management.
- The Office of Technology Services’ systems development lifecycle process lacked documented management approvals and a central location for project documentation storage.
- The office did not perform ongoing security controls assessments, contrary to Department standards, and had designated third-party contractors to key positions, risking inherently governmental functions being performed by contractors.
- The Office of Technology Services’ contracts lacked designated contracting officer’s representatives.
Report Terms
Report Recommendations
The Bureau of Global Talent Management, in coordination with the Bureau of Information Resource Management, should complete the assessment and authorization process for the Office of Technology Services’ information systems with expired authorizations to operate.
The Bureau of Global Talent Management should implement a process to conduct system authorizations for the Office of Technology Services’ information systems prior to the expiration of the systems’ authorizations to operate.
The Bureau of Global Talent Management should implement a process to submit notifications of change for the Integrated Personnel Management System subsystems not included in the current authorization to operate, in accordance with Department standards.
The Bureau of Global Talent Management should regularly review and update iMatrix to accurately reflect the status of Office of Technology Services’ information systems.
The Bureau of Global Talent Management should perform annual security controls assessments for Office of Technology Services’ information systems.
The Bureau of Global Talent Management should document management approvals for all Office of Technology Services’ information systems throughout the systems development lifecycle process in accordance with Department standards.
The Bureau of Global Talent Management should define the central location to maintain project documentation for the Office of Technology Services’ systems development lifecycle projects.
The Bureau of Global Talent Management, in coordination with the Bureau of Administration, should update the Office of Technology Services’ contract management files to include contracting officer’s representative designation letters in accordance with Department standards.
The Bureau of Global Talent Management, in coordination with the Bureau of Information Resource Management, should formally designate a direct-hire employee as the information systems security officer in accordance with Department standards.
The Bureau of Global Talent Management should assign direct-hire employees to positions with inherently governmental functions for the Office of Technology Services, in accordance with Federal Acquisition Regulation standards.