The Office of Management and Budget directs federal agencies to maintain an IT systems inventory, including information on costs, functionally or purpose, and status. The “FDA does not have such a comprehensive list of its systems”, the GAO report found.
The GAO was particularly critical of the FDA’s Mission Accomplishments and Regulatory Compliance Services program, which is estimated to cost $280 million. This program is intended to develop new IT systems that provide information on inspections, compliance activities, and laboratory operation. “However, much of the planned functionality has not been delivered and its completion is uncertain”, the GAO said.
The GAO said that the FDA has also not completed its enterprise architecture plan, particularly the security environment for its “as-is” IT architecture.
“FDA’s architecture products do not describe enterprise-level as-is performance issues and security concerns. These descriptions are important since they provide a basis for making decisions on enterprise investments and developing an enterprise transition roadmap”, the report said.
The GAO recommended that the FDA develop a comprehensive inventory of its IT systems, develop an integrated master schedule for a major modernization effort, and assess information needs to identify opportunities for greater information sharing.
The Department of Health and Human Services, which oversees the FDA, said that the agency has taken actions to address many of the issues identified in the GAO report.