If you require the entire printed version of the audit report, contact the Office of Inspector General, Federal Election Commission, 999 E Street, NW, Washington, DC 20463 or call Dorothy Maddox-Holland, Special Assistant, phone: (202) 694-1015, fax: (202) 501-8134, or e-mail: [email protected]
The Office of Inspector General initiated and completed a limited-scope audit of the Year 2000 (Y2K) renovation project at the Federal Election Commission (FEC). We conducted our audit to assess the reported progress of the FEC to convert and implement Y2K repairs on its computer systems. Throughout our audit, we regularly updated the Y2K team on project risk that we had identified during our audit fieldwork, and provided specific recommendations to reduce the exposure to the FEC from those risks.
Milestone dates published by the U.S. Office of Management and Budget (OMB) establish progress goals for all Federal agencies. The General Accounting Office (GAO) developed guidelines for use by Federal agencies as a framework for achieving the OMB progress goal of becoming Y2K compliant. We evaluated agency progress using OMBs milestone dates and GAOs methodology. Based on our audit work, we conclude that the Y2K project status as reported by the FEC is consistent with the actual progress achieved. As explained within our audit report, for its internally developed software the FEC has funded for independent verification of Y2K renovations through an outside vendor. We did not validate those renovations. However, our audit does show that there are still major issues to be resolved to fully prepare computer operations at the FEC for the new millennium. Those issues are addressed in the Audit Results section of this report.
The FEC Shows Progress
The FEC has been required by OMB to report twice thus far on the progress of its Y2K renovation project. From information contained in the first FEC Y2K report issued in April 1998, OMB assessed the FECs Y2K project this way: "Progress behind schedule. No contingency plan; no IV&V." By February 1999, the FEC was reporting 100 percent of its mission critical software renovated and tested. However, in its 8th Quarterly Report released in March 1999, OMB expressed concerns similar to those it had earlier:
"Making progress on IT systems. The agency is 100% complete in its mission critical software conversion. Anticipated compliance in October. FEC needs a business continuity and contingency plan. The verification and validation plan is weak. FECs payroll and personnel systems will be converted to National Finance Center in October 1999."
Unresolved Y2K Issues
The Y2K project team has reported repairing over 3,000 software programs consisting of over one million lines of programming code, bringing internally developed computer programs into alignment with government-wide milestone dates. Although the FEC is making progress, the agencys February 1999 Y2K report to OMB indicates that neither contingency planning or independent verification and validation (IV&V) has yet begun. The report goes on to state that the agencys computer hardware, 3rd party software, and supporting communications network are not yet Y2K compliant. In addition, while system renovation work and program testing has been completed on the agencys most important computer system, other testing has yet to be conducted.
Also, our audit work shows that the FEC has not fully achieved progress required from published OMB directives. For example, a documented inventory of data exchanges with outside parties had not been completed and communications have not been established with each data exchange partner on how to fix the Y2K problem. In addition, the FEC needs to develop a listing of all computer services contracts with outside vendors, and determine whether those contracts comply with Federal regulations requiring Y2K provisions. Furthermore, our audit results show the need for an agency-wide team effort to ensure that the FEC will be able to achieve total Y2K compliance in a timely manner.
Our audit recommendations addressing the issues discussed above are listed individually beginning on the first page of the Audit Results section in this report. They are also contained within the body of the audit report after the detailed discussion of each corresponding issue. Following our audit recommendations, we have incorporated pertinent written comments provided by agency management. Managements response to the draft audit report is included in its entirety as Appendix B. Our subsequent response to managements comments is provided in Appendix C. Finally, our suggestions for improvement to management controls for project planning and reporting metrics has been forwarded to the appropriate agency officials, and included as Appendix D of this report.