The Science and Technology Directorate (S&T) can improve management of its research, development, testing, and evaluation (R&D) activities related to critical infrastructure security and resilience. Although S&T is actively making efforts to improve processes, it:• does not use a risk-based, holistic approach to prioritize critical infrastructure R&D programs and projects department-wide;• does not follow established project management principles and its own project management policies and procedures; and• relies on inaccurate and incomplete information to manage its critical infrastructure R&D projects.These problems occurred because S&T relies on component-based R&D prioritization processes instead of establishing and updating department-wide strategic priorities. Additionally, S&T does not ensure adherence to project management best practices, such as integrating program and project plans, using standard terminology and abbreviations, and tailoring its processes to fit the project needs. Finally, S&T has no formal data validation process to ensure the quality of R&D project management data
Open Recommendations
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 1 | No | $0 | $0 | ||
| We recommend the Under Secretary for S&T clearly identify the appropriate entity with the authority and responsibility for updating critical infrastructure research and development strategic plans and annual homeland threat assessments and ensure that entity publishes each document in accordance with each of the prescribed timeframes. | |||||
| 3 | No | $0 | $0 | ||
| We recommend the Under Secretary for S&T develop and implement improved controls to ensure all S&T offices adhere to program and project management principles per the Operating Model Blueprint, including, but not limited to, policies, procedures, and training. These controls should ensure that tailored project approaches are documented and approved, standardized project management language is used, project and program plans are appropriately integrated, and roles and responsibilities are clearly defined. | |||||
| 4 | No | $0 | $0 | ||
| We recommend the Under Secretary for S&T develop and implement data validation controls to ensure accurate and consistent financial and project information in S&T’s centralized project tracking system, including, but not limited to, implementation policies, procedures, and training. | |||||
