The City of Chicago Office of Inspector General (OIG) has completed a follow-up to its December 2019 Audit of the Department of Innovation and Technology’s (DoIT) Management of Information Technology Investments. Based on its responses, OIG concludes that DoIT—which has since been incorporated into the Department of Assets, Information and Services (AIS) as the Bureau of Information Technology— has fully implemented five out of eleven audit recommendations, substantially implemented four, and partially implemented two.
The purpose of the December 2019 audit was to determine whether DoIT managed information technology (IT) investments in accordance with the U.S. Government Accountability Office’s Information Technology Investment Management framework. Our audit found that DoIT did not consistently adhere to best practices for project selection, thereby increasing the risks of projects delivering fewer benefits, costing more, and/or taking longer than expected to complete. In addition, DoIT’s data collection practices hampered effective monitoring and evaluation of project and portfolio performance, consequently limiting the Department’s ability to identify opportunities for improvement.
Based on the results of the audit, OIG recommended that DoIT follow internal policies and industry best practices with respect to project selection, monitoring, and evaluation. These recommendations included completing internal documents to guide these activities, requiring all project managers to follow these policies consistently, and empowering governing committees to meet mandates for project oversight. In its response to the audit, DoIT described corrective actions it would take.
In August 2020, OIG inquired about the status of corrective actions taken by AIS. Based on the Department’s follow-up response, OIG concludes that AIS has substantially implemented corrective actions. Specifically, AIS has,
- updated its Project Management Office (PMO) Handbook in key areas and required its project managers to follow it;
- developed procedures for collecting more robust data for project selection;
- implemented new project management tools;
- implemented monthly Information Technology Governance Board (ITGB) meetings;
- ensured that project managers and the PMO Director provide the data needed for ITGB to execute its oversight role; and
- endeavored to fully staff its Information Security Office.
To fully satisfy the audit’s recommendations, AIS should add full project life cycle costs (such as maintenance and ongoing support) to its project cost estimates, and work with the Office of Budget and Management and the Mayor’s Office to ensure that all City departments submit their IT project requests to ITGB for review and approval. Once fully implemented, OIG believes the corrective actions reported by AIS may reasonably be expected to resolve the core findings noted in the audit (i.e., ensure IT projects deliver expected benefits on time and within budget).