For our final report on our audit of the U.S. Department of Commerce’s (the Department’s) Business Applications Solution program (the Program), our objective was to assess the Department’s management and implementation of the Program. To meet our objective, we determined the extent to which the Program implemented four selected best practice areas—business process reengineering, requirements management, program monitoring, and risk management—and identified opportunities for improvement. We found the following: I. the Program continues to lack a sound business process reengineering plan; II. the Program should address weaknesses in its requirements management plans and processes; and III. the Program should enhance its risk management practices.
Open Recommendations
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 1 | Yes | $0 | $0 | ||
| We recommend that the Department's Chief Financial Officer ensure that the Program revises its business process reengineering plan to be more consistent with best practices by including assumptions, skills, and needed resources; documents existing financial management processes; and identifies performance improvement goals. | |||||
| 2 | Yes | $0 | $0 | ||
| We recommend that the Department's Chief Financial Officer ensure that the Program sufficiently defines target processes to include details of information flows, interconnections, and potential problem areas and assesses expected performance. | |||||
| 5 | Yes | $0 | $0 | ||
| We recommend that the Department's Chief Financial Officer update the Program's risk management plan to ensure that it documents, on an ongoing basis, all information and details necessary to manage its risks, including risk trigger dates, risk mitigation plans, and risk descriptions. | |||||
| 6 | Yes | $0 | $0 | ||
| We recommend that the Department's Chief Financial Officer ensure that the Program updates its risk register with all information and details necessary to manage its risks, consistent with the updated risk management plan. | |||||
